PDA

View Full Version : Browser Hijack - Virtumonde and Smitfraud-C


Dennie
2009-01-02, 01:00
Current Issues …
McAfee can’t be reinstalled. Browser is hijacked and can’t display the download webpage.

Windows Update doesn’t work, sometimes jumps to www.msn.com, last time went to http://windowsupdate.microsoft.com/, but couldn’t display web page.

Explorer.exe never shuts down correctly, must click “end”.

Ads pop up and browser sometimes jumps to unexpected locations.

Ad-Aware can’t get updates.
Spybot has detected 2 viruses: Virtumonde and Smitfraud-C. Both can’t be permanently removed.

I had already started trying to clean the PC when I found this forum.
I was booting in safe mode and playing with MSconfig to try to isolate issues.
msconfig currently has Load Start-up Items disabled
CWShredder occasionally detects and deletes CWS.msconfig

I had already stopped tinyproxy.exe by disabling several services in MSconfig, but they are now re-enabled and back.

I have already “fixed” many items with Hijackthis trying to find the source.
The following can’t be removed with Hijackthis, they always return:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =


Below is the current hijackthis log file:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:50:19 PM, on 1/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\tintinyproxyy\tinyproxy.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Apple Mobile Device (Apple Mobile Device) - Unknown owner - C:\Program Files\tintinyproxyy\tinyproxy.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Ati HotKey Poller (Ati HotKey Poller) - Unknown owner - C:\Program Files\tintinyproxyy\tinyproxy.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\Program Files\tintinyproxyy\tinyproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logical Disk Manager (dmserver) - Unknown owner - C:\Program Files\tintinyproxyy\tinyproxy.exe
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\Program Files\tintinyproxyy\tinyproxy.exe
O23 - Service: Retrospect Express HD Restore Helper (RetroExp Helper) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 4057 bytes

I don't know how to copy the list of items I already "Fixed" and are in backup with Hijackthis.

Below is the list of virus that Spybot recent found (and had previously been deleted)

--- Report generated: 2009-01-01 15:07 ---

Hint of the Day: Click the bar at the right of this to see more information! ()


Smitfraud-C.: [SBI $99619F8C] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1004336348-1580436667-725345543-1003\Software\Microsoft\instkey

Virtumonde: [SBI $779C9C0D] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP

Virtumonde: [SBI $FD08B4B7] Configuration file (File, nothing done)
C:\WINDOWS\system32\nTBIRXbc.ini2

Virtumonde: [SBI $2A2DCEAC] Configuration file (File, nothing done)
C:\WINDOWS\system32\nTBIRXbc.ini


--- Spybot - Search & Destroy version: 1.6.0 (build: 20080707) ---
katana
2009-01-06, 19:14
Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
Please Read All Instructions Carefully
If you don't understand something, stop and ask! Don't keep going on.
Please do not run any other tools or scans whilst I am helping you
Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)


If you can do those few things, everything should go smoothly http://www.countingcows.de/laechel.gif

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe

----------------------------------------------------------------------------------------

I apologize for the delay in responding, but as you can probably see the forums are quite busy.
Unfortunately there are far more people needing help than there are helpers.

If you still require help please do the following


Download and Run RSIT

Please download Random's System Information Tool by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open:

log.txt will be opened maximized.
info.txt will be opened minimized.

Please post the contents of both log.txt and info.txt.
Dennie
2009-01-07, 07:06
Hello Katana ,
Here are the log files you requested. Thanks for your help!

Logfile of random's system information tool 1.05 (written by random/random)
Run by Mom and Dad at 2009-01-06 21:58:42
Microsoft Windows XP Professional Service Pack 3
System drive C: has 219 GB (72%) free of 305 GB
Total RAM: 1022 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:58:51 PM, on 1/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Dantz\Retrospect Express HD\retrorun.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\tintinyproxyy\tinyproxy.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscript.exe
C:\Documents and Settings\Mom and Dad\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Mom and Dad.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Microsoft Shadow Winter Deffender - {20D94F0E-9BDF-4C0E-8737-5E829D96A73C} - C:\WINDOWS\system32\LinkSave.dll (disabled by BHODemon)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll (disabled by BHODemon)
O2 - BHO: {991a458e-010b-3d5b-6514-f80db39a2217} - {7122a93b-d08f-4156-b5d3-b010e854a199} - C:\WINDOWS\system32\hpknfc.dll (disabled by BHODemon)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {AFAF8314-45C9-4EC5-9317-A9C24E01D0AC} - C:\WINDOWS\system32\wvUnNFVo.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (disabled by BHODemon)
O2 - BHO: (no name) - {FE2E134E-D147-481C-9929-C7001A67ADA4} - C:\WINDOWS\system32\cbXRIBTn.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [38779ea5] rundll32.exe "C:\WINDOWS\system32\rwpumrmp.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O20 - Winlogon Notify: wvUnNFVo - C:\WINDOWS\SYSTEM32\wvUnNFVo.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Media Center Receiver Service (ehRecvr) - Unknown owner - C:\Program Files\tintinyproxyy\tinyproxy.exe
O23 - Service: Retrospect Express HD Restore Helper (RetroExp Helper) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect Express HD\retrorun.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 5190 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\B30620B29115D1C6.job
C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
C:\WINDOWS\tasks\emumiifq.job
C:\WINDOWS\tasks\fpeidftb.job
C:\WINDOWS\tasks\jhvcoxaa.job
C:\WINDOWS\tasks\tsrvnyzg.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{20D94F0E-9BDF-4C0E-8737-5E829D96A73C}]
Microsoft Shadow Winter Deffender - C:\WINDOWS\system32\LinkSave.dll [2008-12-10 45056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7}]
ALOT Toolbar - C:\Program Files\alot\bin\alot.dll__BHODemonDisabled []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7122a93b-d08f-4156-b5d3-b010e854a199}]
C:\WINDOWS\system32\hpknfc.dll [2008-12-29 103936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AFAF8314-45C9-4EC5-9317-A9C24E01D0AC}]
C:\WINDOWS\system32\wvUnNFVo.dll [2008-11-24 37888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE2E134E-D147-481C-9929-C7001A67ADA4}]
C:\WINDOWS\system32\cbXRIBTn.dll [2008-11-24 246272]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2008-04-13 169984]
"dellsupportcenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]
"38779ea5"=C:\WINDOWS\system32\rwpumrmp.dll [2009-01-06 68608]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\38779ea5]
C:\WINDOWS\system32\tfasjjmp.dll [2008-12-30 68096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-11-07 111936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2006-02-09 344064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bxetafidequbefo]
C:\WINDOWS\Amukuqoq.dll [2008-12-21 39424]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]
C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-11-15 16384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe [2004-08-10 59392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MATH DOES FIRST MODE]
C:\Documents and Settings\All Users\Application Data\live 64 math does\MULTI MAGS.exe [2008-12-30 24865280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxtorOneTouch]
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe [2004-12-22 823296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MBkLogOnHook]
C:\Program Files\McAfee\MBK\LogOnHook.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfee Backup]
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mrovo]
C:\WINDOWS\amilasej.dll [2008-12-21 132608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MXOBG]
C:\Documents and Settings\Jennifer\Local Settings\Temp\{231F68F4-70E4-41A6-BEDA-7E7934169B54}\MXOALDR.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RetroExpress]
C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe [2004-07-30 6946816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
C:\WINDOWS\stsystra.exe [2005-03-22 339968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2004-01-07 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Services]
C:\WINDOWS\service.exe [2008-11-23 76850]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WiniGuard]
C:\Program Files\WiniGuard Software\WiniGuard\WiniGuard.exe -min []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"McAfee SystemGuards (McSysmon) "=2
"Logical Disk Manager (dmserver) "=2
"HTTP SSL (HTTPFilter) "=2
"Ati HotKey Poller (Ati HotKey Poller) "=2
"Apple Mobile Device (Apple Mobile Device) "=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wvUnNFVo]
C:\WINDOWS\system32\wvUnNFVo.dll [2008-11-24 37888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AFAF8314-45C9-4EC5-9317-A9C24E01D0AC}"=C:\WINDOWS\system32\wvUnNFVo.dll [2008-11-24 37888]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\cbXRIBTn

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Documents and Settings\Ryan\My Documents\Ryan\age3.exe"="C:\Documents and Settings\Ryan\My Documents\Ryan\age3.exe:*:Enabled:Age of Empires III"
"C:\Documents and Settings\Ryan\My Documents\Ryan\age3x.exe"="C:\Documents and Settings\Ryan\My Documents\Ryan\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs"
"C:\Documents and Settings\Ryan\My Documents\Ryan\age3y.exe"="C:\Documents and Settings\Ryan\My Documents\Ryan\age3y.exe:*:Enabled:Age of Empires III - The Asian Dynasties"
"C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe"="C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe:*:Enabled:Zoo Tycoon 2 Executable"
"C:\Documents and Settings\Ryan\My Documents\Ryan\Age of Empires 3- The Asain Dynasties.exe"="C:\Documents and Settings\Ryan\My Documents\Ryan\Age of Empires 3- The Asain Dynasties.exe:*:Enabled:Age of Empires 3"
"C:\Program Files\Common Files\PocketSoft\RTPatch\AutoRTP\artpschd.exe"="C:\Program Files\Common Files\PocketSoft\RTPatch\AutoRTP\artpschd.exe:*:Enabled:artpschd"
"C:\Program Files\LittleFighter2\LF2_v1.9c\lf2.exe"="C:\Program Files\LittleFighter2\LF2_v1.9c\lf2.exe:*:Enabled:lf2"
"C:\Program Files\LucasArts\Star Wars Republic Commando\GameData\System\SWRepublicCommando.exe"="C:\Program Files\LucasArts\Star Wars Republic Commando\GameData\System\SWRepublicCommando.exe:*:Enabled:Star Wars(TM): Republic Commando(TM)"
"C:\Program Files\Little Fighter 2.5 - v2.0\lf2.5\lf2.5.exe"="C:\Program Files\Little Fighter 2.5 - v2.0\lf2.5\lf2.5.exe:*:Enabled:lf2.5.exe"
"C:\Program Files\Little Fighters 2.5\lf2.5.exe"="C:\Program Files\Little Fighters 2.5\lf2.5.exe:*:Enabled:lf2.5"
"C:\Program Files\BitDownload\BitDownload.exe"="C:\Program Files\BitDownload\BitDownload.exe:*:Enabled:Warez3"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Documents and Settings\Scott\Local Settings\Temp\Rar$EX01.125\LieroX v0.56 Pack 1.9\LieroX.exe"="C:\Documents and Settings\Scott\Local Settings\Temp\Rar$EX01.125\LieroX v0.56 Pack 1.9\LieroX.exe:*:Disabled:LieroX"
"C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD"="C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD:*:Enabled:Age of Empires II"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\Program Files\Atari\Civilization III\Civ3PTW\Civilization3X.exe"="C:\Program Files\Atari\Civilization III\Civ3PTW\Civilization3X.exe:*:Enabled:Civilization3X"
"C:\Program Files\LucasArts\Star Wars Empire at War Forces of Corruption\swfoc.exe"="C:\Program Files\LucasArts\Star Wars Empire at War Forces of Corruption\swfoc.exe:*:Enabled:Star Wars(TM): Empire at War(TM): Forces of Corruption(TM)"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Sierra\Empire Earth Demo\Empire Earth.exe"="C:\Sierra\Empire Earth Demo\Empire Earth.exe:*:Enabled:Empire Earth"
"C:\Documents and Settings\Scott\Local Settings\Temp\Rar$EX00.125\Empire Earth\Empire Earth.exe"="C:\Documents and Settings\Scott\Local Settings\Temp\Rar$EX00.125\Empire Earth\Empire Earth.exe:*:Enabled:Empire Earth"
"C:\Documents and Settings\Scott\Local Settings\Temp\Rar$EX01.719\Empire Earth\Empire Earth.exe"="C:\Documents and Settings\Scott\Local Settings\Temp\Rar$EX01.719\Empire Earth\Empire Earth.exe:*:Enabled:Empire Earth"
"C:\Documents and Settings\Scott\Local Settings\Temp\Rar$EX00.390\Empire Earth\Empire Earth.exe"="C:\Documents and Settings\Scott\Local Settings\Temp\Rar$EX00.390\Empire Earth\Empire Earth.exe:*:Enabled:Empire Earth"
"C:\Documents and Settings\Scott\Local Settings\Temp\Rar$EX00.656\Empire Earth\Empire Earth.exe"="C:\Documents and Settings\Scott\Local Settings\Temp\Rar$EX00.656\Empire Earth\Empire Earth.exe:*:Enabled:Empire Earth"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe:*:Enabled:McAfee Data Backup"
"C:\Program Files\tintinyproxyy\tinyproxy.exe"="C:\Program Files\tintinyproxyy\tinyproxy.exe:*:Enabled:tinyproxy"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com e:
shell\Open\command - E:\resycled\boot.com e:


======List of files/folders created in the last 1 months======

2009-01-06 21:58:42 ----D---- C:\rsit
2009-01-06 17:10:33 ----SH---- C:\WINDOWS\system32\pmrmupwr.ini
2009-01-06 17:10:32 ----A---- C:\WINDOWS\system32\rwpumrmp.dll
2009-01-06 17:04:33 ----A---- C:\WINDOWS\system32\lyasgw.dll
2009-01-06 17:04:32 ----A---- C:\WINDOWS\system32\pnkkfpho.dll
2009-01-05 17:09:21 ----SH---- C:\WINDOWS\system32\kbgplaoj.ini
2009-01-05 17:09:19 ----N---- C:\WINDOWS\system32\joalpgbk.dll
2009-01-05 17:09:02 ----SH---- C:\WINDOWS\system32\lahwrcbt.ini
2009-01-05 17:09:02 ----A---- C:\WINDOWS\system32\tbcrwhal.dll
2009-01-04 09:58:35 ----A---- C:\WINDOWS\system32\izjyit.dll
2009-01-04 09:58:34 ----A---- C:\WINDOWS\system32\ogsyhmuu.dll
2009-01-03 09:22:35 ----A---- C:\WINDOWS\system32\zfkrqv.dll
2009-01-03 09:22:35 ----A---- C:\WINDOWS\system32\uwescjsi.dll
2009-01-01 16:25:31 ----A---- C:\WINDOWS\system32\bswdfn.dll
2009-01-01 16:25:30 ----A---- C:\WINDOWS\system32\jleutfef.dll
2009-01-01 16:22:34 ----SH---- C:\WINDOWS\system32\mlgfwhep.ini
2009-01-01 11:57:19 ----ASH---- C:\WINDOWS\system32\nTBIRXbc.ini2
2008-12-31 00:29:20 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-31 00:29:20 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-31 00:17:16 ----D---- C:\Program Files\Trend Micro
2008-12-30 22:59:09 ----D---- C:\Documents and Settings\Mom and Dad\Application Data\Uniblue
2008-12-30 21:57:55 ----A---- C:\WINDOWS\system32\mcrh.tmp
2008-12-30 20:10:58 ----SH---- C:\WINDOWS\system32\pmjjsaft.ini
2008-12-30 20:10:55 ----A---- C:\WINDOWS\system32\tfasjjmp.dll
2008-12-30 18:55:59 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-30 18:48:47 ----SHD---- C:\WINDOWS\CSC
2008-12-30 17:33:59 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-29 12:21:57 ----A---- C:\WINDOWS\system32\hpknfc.dll
2008-12-29 12:21:55 ----A---- C:\WINDOWS\system32\kojrqqlc.dll
2008-12-27 16:14:31 ----A---- C:\WINDOWS\system32\rlfjyj.dll
2008-12-27 16:14:30 ----A---- C:\WINDOWS\system32\exteuaqk.dll
2008-12-27 16:08:30 ----A---- C:\WINDOWS\system32\xymvyuwp.dll
2008-12-27 12:49:06 ----SH---- C:\WINDOWS\system32\aharbrli.ini
2008-12-27 12:49:03 ----A---- C:\WINDOWS\system32\ilrbraha.dll
2008-12-27 12:46:04 ----A---- C:\WINDOWS\system32\mtwctw.dll
2008-12-27 12:46:03 ----A---- C:\WINDOWS\system32\ouwpogux.dll
2008-12-26 23:32:01 ----D---- C:\Program Files\tintinyproxyy
2008-12-26 23:16:24 ----A---- C:\WINDOWS\system32\stu2.exe
2008-12-26 16:05:15 ----ASH---- C:\WINDOWS\system32\klSYaccf.ini
2008-12-26 16:04:46 ----A---- C:\WINDOWS\system32\fccaYSlk.dll
2008-12-24 12:52:04 ----A---- C:\WINDOWS\system32\qhqgup.dll
2008-12-24 12:52:03 ----A---- C:\WINDOWS\system32\apttpubl.dll
2008-12-23 17:18:57 ----D---- C:\Program Files\LEGO Media
2008-12-22 12:46:26 ----ASH---- C:\WINDOWS\system32\AJkUwGgh.ini
2008-12-22 12:46:21 ----A---- C:\WINDOWS\system32\hgGwUkJA.dll
2008-12-21 21:29:30 ----A---- C:\WINDOWS\amilasej.dll
2008-12-21 21:17:14 ----A---- C:\WINDOWS\Amukuqoq.dll
2008-12-21 11:44:22 ----ASH---- C:\WINDOWS\system32\vDNWaccf.ini
2008-12-19 17:25:15 ----D---- C:\Program Files\EA SPORTS
2008-12-18 20:09:20 ----ASH---- C:\WINDOWS\system32\fgiiRXyb.ini
2008-12-18 20:09:17 ----A---- C:\WINDOWS\system32\byXRiigf.dll
2008-12-17 21:38:45 ----A---- C:\WINDOWS\system32\ximebj.dll
2008-12-17 21:38:45 ----A---- C:\WINDOWS\system32\sphhgqgh.dll
2008-12-17 19:35:47 ----A---- C:\WINDOWS\system32\zrsrli.dll
2008-12-17 19:35:46 ----A---- C:\WINDOWS\system32\fhnlknhd.dll
2008-12-13 16:08:16 ----A---- C:\WINDOWS\system32\kggdohbl.dll
2008-12-13 16:02:14 ----ASH---- C:\WINDOWS\system32\ttCedcdd.ini
2008-12-13 16:02:09 ----A---- C:\WINDOWS\system32\ddcdeCtt.dll
2008-12-13 15:01:40 ----A---- C:\WINDOWS\system32\pkghjacw.dll
2008-12-13 15:00:58 ----ASH---- C:\WINDOWS\system32\cccfLRqr.ini
2008-12-13 15:00:55 ----A---- C:\WINDOWS\system32\rqRLfccc.dll
2008-12-12 19:29:55 ----A---- C:\WINDOWS\system32\lkwjkoer.dll
2008-12-11 17:10:07 ----ASH---- C:\WINDOWS\system32\onWyJkkj.ini
2008-12-11 17:10:01 ----A---- C:\WINDOWS\system32\jkkJyWno.dll
2008-12-10 15:41:00 ----A---- C:\WINDOWS\system32\LinkSave.dll
2008-12-10 15:40:57 ----A---- C:\WINDOWS\system32\rasha.exe
2008-12-10 15:40:48 ----A---- C:\WINDOWS\system32\LinkSave.Droper.exe
2008-12-10 15:40:43 ----A---- C:\WINDOWS\system32\cfrog.exe
2008-12-10 15:40:35 ----A---- C:\WINDOWS\system32\baloon.exe
2008-12-10 12:28:26 ----A---- C:\WINDOWS\system32\fhkmgo.dll
2008-12-10 12:28:25 ----A---- C:\WINDOWS\system32\xclcnhot.dll
2008-12-10 12:26:28 ----A---- C:\WINDOWS\system32\kiwzok.dll
2008-12-10 12:26:27 ----A---- C:\WINDOWS\system32\ttdwvaap.dll
2008-12-10 12:22:38 ----A---- C:\WINDOWS\system32\xoautyff.dll
2008-12-09 12:25:25 ----A---- C:\WINDOWS\system32\kdvuuqsd.dll
2008-12-09 12:23:27 ----A---- C:\WINDOWS\system32\shqqkufb.dll
2008-12-08 16:51:09 ----A---- C:\WINDOWS\system32\atmsqlfg.dll
2008-12-08 12:22:25 ----A---- C:\WINDOWS\system32\kfsjodbb.dll
2008-12-07 12:22:26 ----A---- C:\WINDOWS\system32\jkueafcd.dll
2008-12-07 12:22:26 ----A---- C:\WINDOWS\system32\cyroxk.dll

======List of files/folders modified in the last 1 months======

2009-01-06 21:58:44 ----ASH---- C:\WINDOWS\system32\nTBIRXbc.ini
2009-01-06 21:56:57 ----D---- C:\Program Files\LimeWire
2009-01-06 21:54:34 ----D---- C:\WINDOWS\Temp
2009-01-06 21:53:21 ----D---- C:\Program Files\Mozilla Firefox
2009-01-06 21:49:28 ----D---- C:\Documents and Settings\All Users\Application Data\RetroExp
2009-01-06 17:10:37 ----D---- C:\WINDOWS\system32
2009-01-06 17:10:34 ----D---- C:\WINDOWS\Prefetch
2009-01-06 17:02:17 ----A---- C:\WINDOWS\system32\33545adb-.txt
2009-01-06 07:54:57 ----D---- C:\WINDOWS
2009-01-06 06:21:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-05 21:21:26 ----A---- C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt
2009-01-05 20:17:16 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-05 20:15:20 ----D---- C:\WINDOWS\Registration
2009-01-05 16:05:39 ----RD---- C:\Program Files
2009-01-05 16:05:39 ----HD---- C:\Program Files\InstallShield Installation Information
2009-01-05 16:05:36 ----SHD---- C:\WINDOWS\Installer
2009-01-05 16:05:36 ----D---- C:\Config.Msi
2009-01-05 16:00:32 ----SH---- C:\boot.ini
2009-01-05 16:00:32 ----A---- C:\WINDOWS\win.ini
2009-01-05 16:00:32 ----A---- C:\WINDOWS\system.ini
2009-01-05 15:58:44 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-01-02 16:07:49 ----D---- C:\Program Files\DNA
2008-12-31 02:48:22 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2008-12-31 01:46:52 ----A---- C:\WINDOWS\wininit.ini
2008-12-31 00:21:07 ----D---- C:\Program Files\Windows Live Toolbar
2008-12-30 23:54:53 ----SHD---- C:\System Volume Information
2008-12-30 23:54:53 ----D---- C:\WINDOWS\system32\Restore
2008-12-30 23:12:47 ----D---- C:\Program Files\GemMaster
2008-12-30 21:29:57 ----D---- C:\Program Files\Common Files
2008-12-30 21:26:47 ----D---- C:\WINDOWS\system32\drivers
2008-12-30 21:23:55 ----SD---- C:\WINDOWS\Tasks
2008-12-30 20:24:19 ----D---- C:\Program Files\Lavasoft
2008-12-26 23:16:07 ----A---- C:\WINDOWS\system32\userinit.exe
2008-12-17 19:30:43 ----D---- C:\WINDOWS\pss
2008-12-13 16:28:05 ----D---- C:\Program Files\Microsoft Games
2008-12-13 16:04:41 ----D---- C:\WINDOWS\network diagnostic
2008-12-07 12:47:13 ----A---- C:\WINDOWS\system32CmdLineExt.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-08-30 278984]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2007-12-29 25416]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 X4HSX32Ex;X4HSX32Ex; \??\C:\Program Files\Free Ride Games\X4HSX32Ex.Sys []
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-02-09 1502208]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2007-03-14 165760]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-10 12160]
R3 MXOFX;USB Storage Adapter FX (MXO); C:\WINDOWS\system32\DRIVERS\MXOFX.SYS [2003-10-10 32640]
R3 MXOPSWD;Maxtor OneTouch Security Driver; C:\WINDOWS\system32\DRIVERS\mxopswd.sys [2004-10-07 15360]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2005-11-16 1047816]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S3 bvrp_pci;bvrp_pci; \??\C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 Ndisprot;ArcNet NDIS Protocol Driver; \??\C:\WINDOWS\system32\drivers\Ndisprot.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-02-09 405504]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2004-08-10 194560]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2004-08-10 102912]
R2 Media Center Receiver Service (ehRecvr) ;Media Center Receiver Service (ehRecvr) ; C:\Program Files\tintinyproxyy\tinyproxy.exe [2009-01-05 8960]
R2 RetroExpLauncher;Retrospect Express HD Launcher; C:\Program Files\Dantz\Retrospect Express HD\retrorun.exe [2004-07-30 69632]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-13 201968]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S2 RetroExp Helper;Retrospect Express HD Restore Helper; C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe [2004-07-30 110592]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 Creative Labs Licensing Service;Creative Labs Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe [2008-04-06 69632]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-10 38912]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 Apple Mobile Device (Apple Mobile Device) ;Apple Mobile Device (Apple Mobile Device) ; C:\Program Files\tintinyproxyy\tinyproxy.exe [2009-01-05 8960]
S4 Ati HotKey Poller (Ati HotKey Poller) ;Ati HotKey Poller (Ati HotKey Poller) ; C:\Program Files\tintinyproxyy\tinyproxy.exe [2009-01-05 8960]
S4 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-02-09 520192]
S4 HTTP SSL (HTTPFilter) ;HTTP SSL (HTTPFilter) ; C:\Program Files\tintinyproxyy\tinyproxy.exe [2009-01-05 8960]
S4 Logical Disk Manager (dmserver) ;Logical Disk Manager (dmserver) ; C:\Program Files\tintinyproxyy\tinyproxy.exe [2009-01-05 8960]
S4 McAfee SystemGuards (McSysmon) ;McAfee SystemGuards (McSysmon) ; C:\Program Files\tintinyproxyy\tinyproxy.exe [2009-01-05 8960]

-----------------EOF-----------------




info.txt logfile of random's system information tool 1.05 2009-01-06 21:58:53

======Uninstall list======

-->"C:\Program Files\WildGames\Tornado Jockey\Uninstall.exe"
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56EC9D19-61CD-4982-8634-F5CBF3ED5550}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acoustica Effects Pack-->C:\PROGRA~1\ACOUST~2\UNWISE.EXE C:\PROGRA~1\ACOUST~2\INSTALL.LOG
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Age of Empires III - The Asian Dynasties-->C:\Program Files\InstallShield Installation Information\{C43C1415-3DFC-4089-9A32-0BECF28A6046}\setup.exe -runfromtemp -l0x0409
Age of Empires III - The WarChiefs-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{1C08A24C-B168-407E-A826-68FAF5F20710}
Age of Empires III-->C:\Program Files\InstallShield Installation Information\{70F8B183-99EB-4304-BA35-080E2DFFD2A3}\setup.exe -runfromtemp -l0x0409
AIM 6-->C:\Program Files\AIM6\uninst.exe
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Canon i950-->C:\WINDOWS\system32\CNMCP4d.exe "-PRINTERNAMECanon i950" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon i950 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon i950 Installer\Inst2\cnmi0409.dll"
Civilization III - Gold Edition-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57257606-31DA-46A5-BD2F-5235955A7D41}\setup.exe"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant D850 56K V.9x DFVc Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Dassault Systemes Software Prerequisites x86-->MsiExec.exe /I{42C4AFF5-EFAA-433B-9DED-076FF8B0B833}
Dell Support Center (Support Software)-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
Empire Earth Demo-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2447500B-22D7-47BD-9B13-1A927F43A267}\Setup.exe"
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
GSA ImageAnalyser v3.0.8-->"C:\Program Files\GSA ImageAnalyser\unins000.exe"
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
Highlight Viewer (Windows Live Toolbar)-->MsiExec.exe /X{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP PrecisionScan LTX-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan LTX\Uninst.isu" -c"C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan LTX\HPUninstallIs.dll"
HP Scan-to-Web Wizard-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan LTX\Scan-To-Web.isu"
igLoader-->C:\Program Files\igLoader\uninstall.exe
Intel(R) PRO Network Connections 12.3.31.0-->MsiExec.exe /i{DDD0A758-F44C-47D3-8E88-692FFF775127} ARPREMOVE=1
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Map Button (Windows Live Toolbar)-->MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
Maxtor OneTouch-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{231F68F4-70E4-41A6-BEDA-7E7934169B54} /l1033
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Basic Edition 2003-->MsiExec.exe /I{91130409-6000-11D3-8CFE-0150048383C9}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
MobileMe Control Panel-->MsiExec.exe /I{924EB80F-C2BB-4B9F-8412-88BBA937393F}
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\Setup.exe" -l0x9 ControlPanel
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
NBA Live 2003-->C:\Program Files\EA SPORTS\NBA Live 2003\EAUninstall.exe
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
RealArcade-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\RealArcade.rguninst" "AddRemove"
Retrospect Express HD 1.0-->MsiExec.exe /I{1E88F516-C8AA-4D17-9A54-8AB0768F34C1}
RollerCoaster Tycoon 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\Setup.exe" -l0x9
Safari-->MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Smart Menus (Windows Live Toolbar)-->MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
Soccer Mania-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{AF833FA4-6845-4668-B5EE-AF4FBDAB119D}
Sonic Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Sound Blaster Audigy ADVANCED MB Demo-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56EC9D19-61CD-4982-8634-F5CBF3ED5550}\setup.exe" -l0x9 /remove
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Star Wars Empire at War Forces of Corruption-->C:\Program Files\InstallShield Installation Information\{6592FDEC-2C1A-413A-9985-25FEC2F0848D}\Setup.exe -runfromtemp -l0x0009 -removeonly
Star Wars Empire at War-->C:\Program Files\InstallShield Installation Information\{99AE7207-8612-4DBA-A8F8-BAE5C633390D}\Setup.exe -runfromtemp -l0x0009 -removeonly
Star Wars Republic Commando-->C:\Program Files\InstallShield Installation Information\{DFAE9340-E8BB-4433-9A08-C8334DAFE1B9}\Setup.exe -runfromtemp -l0x0009 -removeonly
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
TBS WMP Plug-in-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{13515135-48BB-4184-8C1F-2FAE0138E200}
TCTSIMPack-->MsiExec.exe /I{21969E23-7C92-4372-9BD1-12CE67C595BE}
THE SETTLERS - Rise of an Empire-->"C:\Program Files\InstallShield Installation Information\{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}\setup.exe" -runfromtemp -l0x0009 -removeonly
The Sims 2 Pets-->C:\Program Files\EA GAMES\The Sims 2 Pets\EAUninstall.exe
The Sims 2-->C:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe
The Sims™ 2 Seasons-->C:\Program Files\EA GAMES\The Sims 2 Seasons\EAUninstall.exe
The Weather Channel Desktop 6-->C:\Program Files\The Weather Channel FW\Desktop\TheWeatherChannelCustomUninstall.exe
Uniblue RegistryBooster 2-->"C:\Program Files\Uniblue\RegistryBooster 2\unins000.exe"
Unity Web Player-->C:\Program Files\Unity\WebPlayer\Uninstall.exe
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
USB Storage Adapter FX (MXO)-->MXOun.exe MXOFX
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Virtual Farm-->C:\Program Files\Alawar\VirtualFarm\Uninstall.exe
WildGames-->"C:\Program Files\WildGames\Uninstall.exe"
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail-->MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Toolbar Extension (Windows Live Toolbar)-->MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar-->MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Writer-->MsiExec.exe /X{9176251A-4CC1-4DDB-B343-B487195EB397}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Zeus & Poseidon-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8043219B-D2C0-4561-90AB-3F1113ED5A87}\Setup.exe"
Zoo Tycoon 2 - Marine Mania-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{B406605B-45FE-4D8F-8250-1E77479583AE}

=====HijackThis Backups=====

O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\Program Files\tintinyproxyy\tinyproxy.exe
O23 - Service: Logical Disk Manager (dmserver) - Unknown owner - C:\Program Files\tintinyproxyy\tinyproxy.exe
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\Program Files\tintinyproxyy\tinyproxy.exe
O23 - Service: Ati HotKey Poller (Ati HotKey Poller) - Unknown owner - C:\Program Files\tintinyproxyy\tinyproxy.exe
O23 - Service: Apple Mobile Device (Apple Mobile Device) - Unknown owner - C:\Program Files\tintinyproxyy\tinyproxy.exe
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9090
O20 - AppInit_DLLs: hpknfc.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://r.office.microsoft.com/r/rlidOfficeUpdate?clid=1033
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1195882268668
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

System event log

Computer Name: KIDS
Event Code: 7035
Message: The Retrospect Express HD Launcher service was successfully sent a start control.

Record Number: 17617
Source Name: Service Control Manager
Time Written: 20081129171807.000000-480
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: KIDS
Event Code: 7036
Message: The Retrospect Express HD Launcher service entered the stopped state.

Record Number: 17616
Source Name: Service Control Manager
Time Written: 20081129171804.000000-480
Event Type: information
User:

Computer Name: KIDS
Event Code: 7035
Message: The Retrospect Express HD Launcher service was successfully sent a stop control.

Record Number: 17615
Source Name: Service Control Manager
Time Written: 20081129171804.000000-480
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: KIDS
Event Code: 7036
Message: The IMAPI CD-Burning COM Service service entered the stopped state.

Record Number: 17614
Source Name: Service Control Manager
Time Written: 20081129171747.000000-480
Event Type: information
User:

Computer Name: KIDS
Event Code: 7036
Message: The Application Layer Gateway Service service entered the running state.

Record Number: 17613
Source Name: Service Control Manager
Time Written: 20081129171746.000000-480
Event Type: information
User:

Application event log

Computer Name: KIDS
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


Record Number: 9094
Source Name: crypt32
Time Written: 20081222205335.000000-480
Event Type: error
User:

Computer Name: KIDS
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


Record Number: 9093
Source Name: crypt32
Time Written: 20081222205335.000000-480
Event Type: error
User:

Computer Name: KIDS
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


Record Number: 9092
Source Name: crypt32
Time Written: 20081222205335.000000-480
Event Type: error
User:

Computer Name: KIDS
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


Record Number: 9091
Source Name: crypt32
Time Written: 20081222205334.000000-480
Event Type: error
User:

Computer Name: KIDS
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


Record Number: 9090
Source Name: crypt32
Time Written: 20081222205334.000000-480
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Intel\DMIX;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 3, GenuineIntel
"PROCESSOR_REVISION"=0403
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip

-----------------EOF-----------------
Dennie
2009-01-07, 07:30
New log files...

I noticed that BitTorrent was installed so I removed it and links to LImewire and reran RSIT. Here are the logs...


Logfile of random's system information tool 1.05 (written by random/random)
Run by Mom and Dad at 2009-01-06 22:25:47
Microsoft Windows XP Professional Service Pack 3
System drive C: has 219 GB (72%) free of 305 GB
Total RAM: 1022 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:25:54 PM, on 1/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Dantz\Retrospect Express HD\retrorun.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\tintinyproxyy\tinyproxy.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Mom and Dad\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Mom and Dad.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Microsoft Shadow Winter Deffender - {20D94F0E-9BDF-4C0E-8737-5E829D96A73C} - C:\WINDOWS\system32\LinkSave.dll (disabled by BHODemon)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll (disabled by BHODemon)
O2 - BHO: {991a458e-010b-3d5b-6514-f80db39a2217} - {7122a93b-d08f-4156-b5d3-b010e854a199} - C:\WINDOWS\system32\hpknfc.dll (disabled by BHODemon)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {AFAF8314-45C9-4EC5-9317-A9C24E01D0AC} - C:\WINDOWS\system32\wvUnNFVo.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (disabled by BHODemon)
O2 - BHO: (no name) - {FE2E134E-D147-481C-9929-C7001A67ADA4} - C:\WINDOWS\system32\cbXRIBTn.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [38779ea5] rundll32.exe "C:\WINDOWS\system32\rwpumrmp.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O20 - Winlogon Notify: wvUnNFVo - C:\WINDOWS\SYSTEM32\wvUnNFVo.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Media Center Receiver Service (ehRecvr) - Unknown owner - C:\Program Files\tintinyproxyy\tinyproxy.exe
O23 - Service: Retrospect Express HD Restore Helper (RetroExp Helper) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect Express HD\retrorun.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 5158 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\B30620B29115D1C6.job
C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
C:\WINDOWS\tasks\emumiifq.job
C:\WINDOWS\tasks\fpeidftb.job
C:\WINDOWS\tasks\jhvcoxaa.job
C:\WINDOWS\tasks\tsrvnyzg.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{20D94F0E-9BDF-4C0E-8737-5E829D96A73C}]
Microsoft Shadow Winter Deffender - C:\WINDOWS\system32\LinkSave.dll [2008-12-10 45056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7}]
ALOT Toolbar - C:\Program Files\alot\bin\alot.dll__BHODemonDisabled []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7122a93b-d08f-4156-b5d3-b010e854a199}]
C:\WINDOWS\system32\hpknfc.dll [2008-12-29 103936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AFAF8314-45C9-4EC5-9317-A9C24E01D0AC}]
C:\WINDOWS\system32\wvUnNFVo.dll [2008-11-24 37888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE2E134E-D147-481C-9929-C7001A67ADA4}]
C:\WINDOWS\system32\cbXRIBTn.dll [2008-11-24 246272]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2008-04-13 169984]
"dellsupportcenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]
"38779ea5"=C:\WINDOWS\system32\rwpumrmp.dll [2009-01-06 68608]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\38779ea5]
C:\WINDOWS\system32\tfasjjmp.dll [2008-12-30 68096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-11-07 111936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2006-02-09 344064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bxetafidequbefo]
C:\WINDOWS\Amukuqoq.dll [2008-12-21 39424]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]
C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-11-15 16384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe [2004-08-10 59392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MATH DOES FIRST MODE]
C:\Documents and Settings\All Users\Application Data\live 64 math does\MULTI MAGS.exe [2008-12-30 24865280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxtorOneTouch]
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe [2004-12-22 823296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MBkLogOnHook]
C:\Program Files\McAfee\MBK\LogOnHook.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfee Backup]
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mrovo]
C:\WINDOWS\amilasej.dll [2008-12-21 132608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MXOBG]
C:\Documents and Settings\Jennifer\Local Settings\Temp\{231F68F4-70E4-41A6-BEDA-7E7934169B54}\MXOALDR.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RetroExpress]
C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe [2004-07-30 6946816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
C:\WINDOWS\stsystra.exe [2005-03-22 339968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2004-01-07 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Services]
C:\WINDOWS\service.exe [2008-11-23 76850]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WiniGuard]
C:\Program Files\WiniGuard Software\WiniGuard\WiniGuard.exe -min []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"McAfee SystemGuards (McSysmon) "=2
"Logical Disk Manager (dmserver) "=2
"HTTP SSL (HTTPFilter) "=2
"Ati HotKey Poller (Ati HotKey Poller) "=2
"Apple Mobile Device (Apple Mobile Device) "=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wvUnNFVo]
C:\WINDOWS\system32\wvUnNFVo.dll [2008-11-24 37888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AFAF8314-45C9-4EC5-9317-A9C24E01D0AC}"=C:\WINDOWS\system32\wvUnNFVo.dll [2008-11-24 37888]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\cbXRIBTn

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Documents and Settings\Ryan\My Documents\Ryan\age3.exe"="C:\Documents and Settings\Ryan\My Documents\Ryan\age3.exe:*:Enabled:Age of Empires III"
"C:\Documents and Settings\Ryan\My Documents\Ryan\age3x.exe"="C:\Documents and Settings\Ryan\My Documents\Ryan\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs"
"C:\Documents and Settings\Ryan\My Documents\Ryan\age3y.exe"="C:\Documents and Settings\Ryan\My Documents\Ryan\age3y.exe:*:Enabled:Age of Empires III - The Asian Dynasties"
"C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe"="C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe:*:Enabled:Zoo Tycoon 2 Executable"
"C:\Documents and Settings\Ryan\My Documents\Ryan\Age of Empires 3- The Asain Dynasties.exe"="C:\Documents and Settings\Ryan\My Documents\Ryan\Age of Empires 3- The Asain Dynasties.exe:*:Enabled:Age of Empires 3"
"C:\Program Files\Common Files\PocketSoft\RTPatch\AutoRTP\artpschd.exe"="C:\Program Files\Common Files\PocketSoft\RTPatch\AutoRTP\artpschd.exe:*:Enabled:artpschd"
"C:\Program Files\LittleFighter2\LF2_v1.9c\lf2.exe"="C:\Program Files\LittleFighter2\LF2_v1.9c\lf2.exe:*:Enabled:lf2"
"C:\Program Files\LucasArts\Star Wars Republic Commando\GameData\System\SWRepublicCommando.exe"="C:\Program Files\LucasArts\Star Wars Republic Commando\GameData\System\SWRepublicCommando.exe:*:Enabled:Star Wars(TM): Republic Commando(TM)"
"C:\Program Files\Little Fighter 2.5 - v2.0\lf2.5\lf2.5.exe"="C:\Program Files\Little Fighter 2.5 - v2.0\lf2.5\lf2.5.exe:*:Enabled:lf2.5.exe"
"C:\Program Files\Little Fighters 2.5\lf2.5.exe"="C:\Program Files\Little Fighters 2.5\lf2.5.exe:*:Enabled:lf2.5"
"C:\Program Files\BitDownload\BitDownload.exe"="C:\Program Files\BitDownload\BitDownload.exe:*:Enabled:Warez3"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Documents and Settings\Scott\Local Settings\Temp\Rar$EX01.125\LieroX v0.56 Pack 1.9\LieroX.exe"="C:\Documents and Settings\Scott\Local Settings\Temp\Rar$EX01.125\LieroX v0.56 Pack 1.9\LieroX.exe:*:Disabled:LieroX"
"C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD"="C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD:*:Enabled:Age of Empires II"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\Program Files\Atari\Civilization III\Civ3PTW\Civilization3X.exe"="C:\Program Files\Atari\Civilization III\Civ3PTW\Civilization3X.exe:*:Enabled:Civilization3X"
"C:\Program Files\LucasArts\Star Wars Empire at War Forces of Corruption\swfoc.exe"="C:\Program Files\LucasArts\Star Wars Empire at War Forces of Corruption\swfoc.exe:*:Enabled:Star Wars(TM): Empire at War(TM): Forces of Corruption(TM)"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Sierra\Empire Earth Demo\Empire Earth.exe"="C:\Sierra\Empire Earth Demo\Empire Earth.exe:*:Enabled:Empire Earth"
"C:\Documents and Settings\Scott\Local Settings\Temp\Rar$EX00.125\Empire Earth\Empire Earth.exe"="C:\Documents and Settings\Scott\Local Settings\Temp\Rar$EX00.125\Empire Earth\Empire Earth.exe:*:Enabled:Empire Earth"
"C:\Documents and Settings\Scott\Local Settings\Temp\Rar$EX01.719\Empire Earth\Empire Earth.exe"="C:\Documents and Settings\Scott\Local Settings\Temp\Rar$EX01.719\Empire Earth\Empire Earth.exe:*:Enabled:Empire Earth"
"C:\Documents and Settings\Scott\Local Settings\Temp\Rar$EX00.390\Empire Earth\Empire Earth.exe"="C:\Documents and Settings\Scott\Local Settings\Temp\Rar$EX00.390\Empire Earth\Empire Earth.exe:*:Enabled:Empire Earth"
"C:\Documents and Settings\Scott\Local Settings\Temp\Rar$EX00.656\Empire Earth\Empire Earth.exe"="C:\Documents and Settings\Scott\Local Settings\Temp\Rar$EX00.656\Empire Earth\Empire Earth.exe:*:Enabled:Empire Earth"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe:*:Enabled:McAfee Data Backup"
"C:\Program Files\tintinyproxyy\tinyproxy.exe"="C:\Program Files\tintinyproxyy\tinyproxy.exe:*:Enabled:tinyproxy"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com e:
shell\Open\command - E:\resycled\boot.com e:


======List of files/folders created in the last 1 months======

2009-01-06 21:58:42 ----D---- C:\rsit
2009-01-06 17:10:33 ----SH---- C:\WINDOWS\system32\pmrmupwr.ini
2009-01-06 17:10:32 ----A---- C:\WINDOWS\system32\rwpumrmp.dll
2009-01-06 17:04:33 ----A---- C:\WINDOWS\system32\lyasgw.dll
2009-01-06 17:04:32 ----A---- C:\WINDOWS\system32\pnkkfpho.dll
2009-01-05 17:09:21 ----SH---- C:\WINDOWS\system32\kbgplaoj.ini
2009-01-05 17:09:19 ----N---- C:\WINDOWS\system32\joalpgbk.dll
2009-01-05 17:09:02 ----SH---- C:\WINDOWS\system32\lahwrcbt.ini
2009-01-05 17:09:02 ----A---- C:\WINDOWS\system32\tbcrwhal.dll
2009-01-04 09:58:35 ----A---- C:\WINDOWS\system32\izjyit.dll
2009-01-04 09:58:34 ----A---- C:\WINDOWS\system32\ogsyhmuu.dll
2009-01-03 09:22:35 ----A---- C:\WINDOWS\system32\zfkrqv.dll
2009-01-03 09:22:35 ----A---- C:\WINDOWS\system32\uwescjsi.dll
2009-01-01 16:25:31 ----A---- C:\WINDOWS\system32\bswdfn.dll
2009-01-01 16:25:30 ----A---- C:\WINDOWS\system32\jleutfef.dll
2009-01-01 16:22:34 ----SH---- C:\WINDOWS\system32\mlgfwhep.ini
2009-01-01 11:57:19 ----ASH---- C:\WINDOWS\system32\nTBIRXbc.ini2
2008-12-31 00:29:20 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-31 00:29:20 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-31 00:17:16 ----D---- C:\Program Files\Trend Micro
2008-12-30 22:59:09 ----D---- C:\Documents and Settings\Mom and Dad\Application Data\Uniblue
2008-12-30 21:57:55 ----A---- C:\WINDOWS\system32\mcrh.tmp
2008-12-30 20:10:58 ----SH---- C:\WINDOWS\system32\pmjjsaft.ini
2008-12-30 20:10:55 ----A---- C:\WINDOWS\system32\tfasjjmp.dll
2008-12-30 18:55:59 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-30 18:48:47 ----SHD---- C:\WINDOWS\CSC
2008-12-30 17:33:59 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-29 12:21:57 ----A---- C:\WINDOWS\system32\hpknfc.dll
2008-12-29 12:21:55 ----A---- C:\WINDOWS\system32\kojrqqlc.dll
2008-12-27 16:14:31 ----A---- C:\WINDOWS\system32\rlfjyj.dll
2008-12-27 16:14:30 ----A---- C:\WINDOWS\system32\exteuaqk.dll
2008-12-27 16:08:30 ----A---- C:\WINDOWS\system32\xymvyuwp.dll
2008-12-27 12:49:06 ----SH---- C:\WINDOWS\system32\aharbrli.ini
2008-12-27 12:49:03 ----A---- C:\WINDOWS\system32\ilrbraha.dll
2008-12-27 12:46:04 ----A---- C:\WINDOWS\system32\mtwctw.dll
2008-12-27 12:46:03 ----A---- C:\WINDOWS\system32\ouwpogux.dll
2008-12-26 23:32:01 ----D---- C:\Program Files\tintinyproxyy
2008-12-26 23:16:24 ----A---- C:\WINDOWS\system32\stu2.exe
2008-12-26 16:05:15 ----ASH---- C:\WINDOWS\system32\klSYaccf.ini
2008-12-26 16:04:46 ----A---- C:\WINDOWS\system32\fccaYSlk.dll
2008-12-24 12:52:04 ----A---- C:\WINDOWS\system32\qhqgup.dll
2008-12-24 12:52:03 ----A---- C:\WINDOWS\system32\apttpubl.dll
2008-12-23 17:18:57 ----D---- C:\Program Files\LEGO Media
2008-12-22 12:46:26 ----ASH---- C:\WINDOWS\system32\AJkUwGgh.ini
2008-12-22 12:46:21 ----A---- C:\WINDOWS\system32\hgGwUkJA.dll
2008-12-21 21:29:30 ----A---- C:\WINDOWS\amilasej.dll
2008-12-21 21:17:14 ----A---- C:\WINDOWS\Amukuqoq.dll
2008-12-21 11:44:22 ----ASH---- C:\WINDOWS\system32\vDNWaccf.ini
2008-12-19 17:25:15 ----D---- C:\Program Files\EA SPORTS
2008-12-18 20:09:20 ----ASH---- C:\WINDOWS\system32\fgiiRXyb.ini
2008-12-18 20:09:17 ----A---- C:\WINDOWS\system32\byXRiigf.dll
2008-12-17 21:38:45 ----A---- C:\WINDOWS\system32\ximebj.dll
2008-12-17 21:38:45 ----A---- C:\WINDOWS\system32\sphhgqgh.dll
2008-12-17 19:35:47 ----A---- C:\WINDOWS\system32\zrsrli.dll
2008-12-17 19:35:46 ----A---- C:\WINDOWS\system32\fhnlknhd.dll
2008-12-13 16:08:16 ----A---- C:\WINDOWS\system32\kggdohbl.dll
2008-12-13 16:02:14 ----ASH---- C:\WINDOWS\system32\ttCedcdd.ini
2008-12-13 16:02:09 ----A---- C:\WINDOWS\system32\ddcdeCtt.dll
2008-12-13 15:01:40 ----A---- C:\WINDOWS\system32\pkghjacw.dll
2008-12-13 15:00:58 ----ASH---- C:\WINDOWS\system32\cccfLRqr.ini
2008-12-13 15:00:55 ----A---- C:\WINDOWS\system32\rqRLfccc.dll
2008-12-12 19:29:55 ----A---- C:\WINDOWS\system32\lkwjkoer.dll
2008-12-11 17:10:07 ----ASH---- C:\WINDOWS\system32\onWyJkkj.ini
2008-12-11 17:10:01 ----A---- C:\WINDOWS\system32\jkkJyWno.dll
2008-12-10 15:41:00 ----A---- C:\WINDOWS\system32\LinkSave.dll
2008-12-10 15:40:57 ----A---- C:\WINDOWS\system32\rasha.exe
2008-12-10 15:40:48 ----A---- C:\WINDOWS\system32\LinkSave.Droper.exe
2008-12-10 15:40:43 ----A---- C:\WINDOWS\system32\cfrog.exe
2008-12-10 15:40:35 ----A---- C:\WINDOWS\system32\baloon.exe
2008-12-10 12:28:26 ----A---- C:\WINDOWS\system32\fhkmgo.dll
2008-12-10 12:28:25 ----A---- C:\WINDOWS\system32\xclcnhot.dll
2008-12-10 12:26:28 ----A---- C:\WINDOWS\system32\kiwzok.dll
2008-12-10 12:26:27 ----A---- C:\WINDOWS\system32\ttdwvaap.dll
2008-12-10 12:22:38 ----A---- C:\WINDOWS\system32\xoautyff.dll
2008-12-09 12:25:25 ----A---- C:\WINDOWS\system32\kdvuuqsd.dll
2008-12-09 12:23:27 ----A---- C:\WINDOWS\system32\shqqkufb.dll
2008-12-08 16:51:09 ----A---- C:\WINDOWS\system32\atmsqlfg.dll
2008-12-08 12:22:25 ----A---- C:\WINDOWS\system32\kfsjodbb.dll
2008-12-07 12:22:26 ----A---- C:\WINDOWS\system32\jkueafcd.dll
2008-12-07 12:22:26 ----A---- C:\WINDOWS\system32\cyroxk.dll

======List of files/folders modified in the last 1 months======

2009-01-06 22:25:55 ----ASH---- C:\WINDOWS\system32\nTBIRXbc.ini
2009-01-06 22:21:39 ----RD---- C:\Program Files
2009-01-06 22:03:21 ----D---- C:\Program Files\Mozilla Firefox
2009-01-06 21:56:57 ----D---- C:\Program Files\LimeWire
2009-01-06 21:56:15 ----D---- C:\WINDOWS\Temp
2009-01-06 21:49:28 ----D---- C:\Documents and Settings\All Users\Application Data\RetroExp
2009-01-06 17:10:37 ----D---- C:\WINDOWS\system32
2009-01-06 17:10:34 ----D---- C:\WINDOWS\Prefetch
2009-01-06 17:02:17 ----A---- C:\WINDOWS\system32\33545adb-.txt
2009-01-06 07:54:57 ----D---- C:\WINDOWS
2009-01-06 06:21:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-05 21:21:26 ----A---- C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt
2009-01-05 20:17:16 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-05 20:15:20 ----D---- C:\WINDOWS\Registration
2009-01-05 16:05:39 ----HD---- C:\Program Files\InstallShield Installation Information
2009-01-05 16:05:36 ----SHD---- C:\WINDOWS\Installer
2009-01-05 16:05:36 ----D---- C:\Config.Msi
2009-01-05 16:00:32 ----SH---- C:\boot.ini
2009-01-05 16:00:32 ----A---- C:\WINDOWS\win.ini
2009-01-05 16:00:32 ----A---- C:\WINDOWS\system.ini
2009-01-05 15:58:44 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-01-02 16:07:49 ----D---- C:\Program Files\DNA
2008-12-31 02:48:22 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2008-12-31 01:46:52 ----A---- C:\WINDOWS\wininit.ini
2008-12-31 00:21:07 ----D---- C:\Program Files\Windows Live Toolbar
2008-12-30 23:54:53 ----SHD---- C:\System Volume Information
2008-12-30 23:54:53 ----D---- C:\WINDOWS\system32\Restore
2008-12-30 23:12:47 ----D---- C:\Program Files\GemMaster
2008-12-30 21:29:57 ----D---- C:\Program Files\Common Files
2008-12-30 21:26:47 ----D---- C:\WINDOWS\system32\drivers
2008-12-30 21:23:55 ----SD---- C:\WINDOWS\Tasks
2008-12-30 21:23:27 ----D---- C:\Documents and Settings\Mom and Dad\Application Data\McAfee
2008-12-30 20:24:19 ----D---- C:\Program Files\Lavasoft
2008-12-26 23:16:07 ----A---- C:\WINDOWS\system32\userinit.exe
2008-12-17 19:30:43 ----D---- C:\WINDOWS\pss
2008-12-13 16:28:05 ----D---- C:\Program Files\Microsoft Games
2008-12-13 16:04:41 ----D---- C:\WINDOWS\network diagnostic
2008-12-07 12:47:13 ----A---- C:\WINDOWS\system32CmdLineExt.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-08-30 278984]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2007-12-29 25416]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 X4HSX32Ex;X4HSX32Ex; \??\C:\Program Files\Free Ride Games\X4HSX32Ex.Sys []
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-02-09 1502208]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2007-03-14 165760]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-10 12160]
R3 MXOFX;USB Storage Adapter FX (MXO); C:\WINDOWS\system32\DRIVERS\MXOFX.SYS [2003-10-10 32640]
R3 MXOPSWD;Maxtor OneTouch Security Driver; C:\WINDOWS\system32\DRIVERS\mxopswd.sys [2004-10-07 15360]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2005-11-16 1047816]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S3 bvrp_pci;bvrp_pci; \??\C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 Ndisprot;ArcNet NDIS Protocol Driver; \??\C:\WINDOWS\system32\drivers\Ndisprot.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-02-09 405504]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2004-08-10 194560]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2004-08-10 102912]
R2 Media Center Receiver Service (ehRecvr) ;Media Center Receiver Service (ehRecvr) ; C:\Program Files\tintinyproxyy\tinyproxy.exe [2009-01-05 8960]
R2 RetroExpLauncher;Retrospect Express HD Launcher; C:\Program Files\Dantz\Retrospect Express HD\retrorun.exe [2004-07-30 69632]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-13 201968]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S2 RetroExp Helper;Retrospect Express HD Restore Helper; C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe [2004-07-30 110592]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 Creative Labs Licensing Service;Creative Labs Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe [2008-04-06 69632]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-10 38912]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 Apple Mobile Device (Apple Mobile Device) ;Apple Mobile Device (Apple Mobile Device) ; C:\Program Files\tintinyproxyy\tinyproxy.exe [2009-01-05 8960]
S4 Ati HotKey Poller (Ati HotKey Poller) ;Ati HotKey Poller (Ati HotKey Poller) ; C:\Program Files\tintinyproxyy\tinyproxy.exe [2009-01-05 8960]
S4 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-02-09 520192]
S4 HTTP SSL (HTTPFilter) ;HTTP SSL (HTTPFilter) ; C:\Program Files\tintinyproxyy\tinyproxy.exe [2009-01-05 8960]
S4 Logical Disk Manager (dmserver) ;Logical Disk Manager (dmserver) ; C:\Program Files\tintinyproxyy\tinyproxy.exe [2009-01-05 8960]
S4 McAfee SystemGuards (McSysmon) ;McAfee SystemGuards (McSysmon) ; C:\Program Files\tintinyproxyy\tinyproxy.exe [2009-01-05 8960]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.05 2009-01-06 22:25:56

======Uninstall list======

-->"C:\Program Files\WildGames\Tornado Jockey\Uninstall.exe"
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56EC9D19-61CD-4982-8634-F5CBF3ED5550}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acoustica Effects Pack-->C:\PROGRA~1\ACOUST~2\UNWISE.EXE C:\PROGRA~1\ACOUST~2\INSTALL.LOG
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Age of Empires III - The Asian Dynasties-->C:\Program Files\InstallShield Installation Information\{C43C1415-3DFC-4089-9A32-0BECF28A6046}\setup.exe -runfromtemp -l0x0409
Age of Empires III - The WarChiefs-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{1C08A24C-B168-407E-A826-68FAF5F20710}
Age of Empires III-->C:\Program Files\InstallShield Installation Information\{70F8B183-99EB-4304-BA35-080E2DFFD2A3}\setup.exe -runfromtemp -l0x0409
AIM 6-->C:\Program Files\AIM6\uninst.exe
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Canon i950-->C:\WINDOWS\system32\CNMCP4d.exe "-PRINTERNAMECanon i950" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon i950 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon i950 Installer\Inst2\cnmi0409.dll"
Civilization III - Gold Edition-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57257606-31DA-46A5-BD2F-5235955A7D41}\setup.exe"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant D850 56K V.9x DFVc Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Dassault Systemes Software Prerequisites x86-->MsiExec.exe /I{42C4AFF5-EFAA-433B-9DED-076FF8B0B833}
Dell Support Center (Support Software)-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
Empire Earth Demo-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2447500B-22D7-47BD-9B13-1A927F43A267}\Setup.exe"
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
GSA ImageAnalyser v3.0.8-->"C:\Program Files\GSA ImageAnalyser\unins000.exe"
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
Highlight Viewer (Windows Live Toolbar)-->MsiExec.exe /X{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP PrecisionScan LTX-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan LTX\Uninst.isu" -c"C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan LTX\HPUninstallIs.dll"
HP Scan-to-Web Wizard-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan LTX\Scan-To-Web.isu"
igLoader-->C:\Program Files\igLoader\uninstall.exe
Intel(R) PRO Network Connections 12.3.31.0-->MsiExec.exe /i{DDD0A758-F44C-47D3-8E88-692FFF775127} ARPREMOVE=1
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Map Button (Windows Live Toolbar)-->MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
Maxtor OneTouch-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{231F68F4-70E4-41A6-BEDA-7E7934169B54} /l1033
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Basic Edition 2003-->MsiExec.exe /I{91130409-6000-11D3-8CFE-0150048383C9}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
MobileMe Control Panel-->MsiExec.exe /I{924EB80F-C2BB-4B9F-8412-88BBA937393F}
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\Setup.exe" -l0x9 ControlPanel
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
NBA Live 2003-->C:\Program Files\EA SPORTS\NBA Live 2003\EAUninstall.exe
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
RealArcade-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\RealArcade.rguninst" "AddRemove"
Retrospect Express HD 1.0-->MsiExec.exe /I{1E88F516-C8AA-4D17-9A54-8AB0768F34C1}
RollerCoaster Tycoon 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\Setup.exe" -l0x9
Safari-->MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Smart Menus (Windows Live Toolbar)-->MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
Soccer Mania-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{AF833FA4-6845-4668-B5EE-AF4FBDAB119D}
Sonic Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Sound Blaster Audigy ADVANCED MB Demo-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56EC9D19-61CD-4982-8634-F5CBF3ED5550}\setup.exe" -l0x9 /remove
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Star Wars Empire at War Forces of Corruption-->C:\Program Files\InstallShield Installation Information\{6592FDEC-2C1A-413A-9985-25FEC2F0848D}\Setup.exe -runfromtemp -l0x0009 -removeonly
Star Wars Empire at War-->C:\Program Files\InstallShield Installation Information\{99AE7207-8612-4DBA-A8F8-BAE5C633390D}\Setup.exe -runfromtemp -l0x0009 -removeonly
Star Wars Republic Commando-->C:\Program Files\InstallShield Installation Information\{DFAE9340-E8BB-4433-9A08-C8334DAFE1B9}\Setup.exe -runfromtemp -l0x0009 -removeonly
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
TBS WMP Plug-in-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{13515135-48BB-4184-8C1F-2FAE0138E200}
TCTSIMPack-->MsiExec.exe /I{21969E23-7C92-4372-9BD1-12CE67C595BE}
THE SETTLERS - Rise of an Empire-->"C:\Program Files\InstallShield Installation Information\{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}\setup.exe" -runfromtemp -l0x0009 -removeonly
The Sims 2 Pets-->C:\Program Files\EA GAMES\The Sims 2 Pets\EAUninstall.exe
The Sims 2-->C:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe
The Sims™ 2 Seasons-->C:\Program Files\EA GAMES\The Sims 2 Seasons\EAUninstall.exe
The Weather Channel Desktop 6-->C:\Program Files\The Weather Channel FW\Desktop\TheWeatherChannelCustomUninstall.exe
Uniblue RegistryBooster 2-->"C:\Program Files\Uniblue\RegistryBooster 2\unins000.exe"
Unity Web Player-->C:\Program Files\Unity\WebPlayer\Uninstall.exe
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
USB Storage Adapter FX (MXO)-->MXOun.exe MXOFX
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Virtual Farm-->C:\Program Files\Alawar\VirtualFarm\Uninstall.exe
WildGames-->"C:\Program Files\WildGames\Uninstall.exe"
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail-->MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Toolbar Extension (Windows Live Toolbar)-->MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar-->MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Writer-->MsiExec.exe /X{9176251A-4CC1-4DDB-B343-B487195EB397}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Zeus & Poseidon-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8043219B-D2C0-4561-90AB-3F1113ED5A87}\Setup.exe"
Zoo Tycoon 2 - Marine Mania-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{B406605B-45FE-4D8F-8250-1E77479583AE}

=====HijackThis Backups=====

O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\Program Files\tintinyproxyy\tinyproxy.exe
O23 - Service: Logical Disk Manager (dmserver) - Unknown owner - C:\Program Files\tintinyproxyy\tinyproxy.exe
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\Program Files\tintinyproxyy\tinyproxy.exe
O23 - Service: Ati HotKey Poller (Ati HotKey Poller) - Unknown owner - C:\Program Files\tintinyproxyy\tinyproxy.exe
O23 - Service: Apple Mobile Device (Apple Mobile Device) - Unknown owner - C:\Program Files\tintinyproxyy\tinyproxy.exe
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9090
O20 - AppInit_DLLs: hpknfc.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://r.office.microsoft.com/r/rlidOfficeUpdate?clid=1033
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1195882268668
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

System event log

Computer Name: KIDS
Event Code: 7036
Message: The Retrospect Express HD Launcher service entered the running state.

Record Number: 17618
Source Name: Service Control Manager
Time Written: 20081129171807.000000-480
Event Type: information
User:

Computer Name: KIDS
Event Code: 7035
Message: The Retrospect Express HD Launcher service was successfully sent a start control.

Record Number: 17617
Source Name: Service Control Manager
Time Written: 20081129171807.000000-480
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: KIDS
Event Code: 7036
Message: The Retrospect Express HD Launcher service entered the stopped state.

Record Number: 17616
Source Name: Service Control Manager
Time Written: 20081129171804.000000-480
Event Type: information
User:

Computer Name: KIDS
Event Code: 7035
Message: The Retrospect Express HD Launcher service was successfully sent a stop control.

Record Number: 17615
Source Name: Service Control Manager
Time Written: 20081129171804.000000-480
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: KIDS
Event Code: 7036
Message: The IMAPI CD-Burning COM Service service entered the stopped state.

Record Number: 17614
Source Name: Service Control Manager
Time Written: 20081129171747.000000-480
Event Type: information
User:

Application event log

Computer Name: KIDS
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


Record Number: 9094
Source Name: crypt32
Time Written: 20081222205335.000000-480
Event Type: error
User:

Computer Name: KIDS
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


Record Number: 9093
Source Name: crypt32
Time Written: 20081222205335.000000-480
Event Type: error
User:

Computer Name: KIDS
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


Record Number: 9092
Source Name: crypt32
Time Written: 20081222205335.000000-480
Event Type: error
User:

Computer Name: KIDS
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


Record Number: 9091
Source Name: crypt32
Time Written: 20081222205334.000000-480
Event Type: error
User:

Computer Name: KIDS
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


Record Number: 9090
Source Name: crypt32
Time Written: 20081222205334.000000-480
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Intel\DMIX;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 3, GenuineIntel
"PROCESSOR_REVISION"=0403
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip

-----------------EOF-----------------
katana
2009-01-17, 12:52
Sorry for the delay, I wasn't notified of your reply.


Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware (http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button) to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
Update Malwarebytes' Anti-Malware
and Launch Malwarebytes' Anti-Malware
then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply
If requested, please reboot
If you accidently close it, the log file is saved here and will be named like this:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt






Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:

Bleeping Computer ComboFix Tutorial (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)

You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log to post in your next reply
Re-enable all the programs that were disabled during the running of ComboFix..


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
Dennie
2009-01-18, 18:45
Here is the log file for MalwareBytes.

Malwarebytes' Anti-Malware 1.33
Database version: 1662
Windows 5.1.2600 Service Pack 3

1/18/2009 9:11:41 AM
mbam-log-2009-01-18 (09-11-41).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|)
Objects scanned: 1143509
Time elapsed: 19 hour(s), 24 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 29
Registry Values Infected: 4
Registry Data Items Infected: 10
Folders Infected: 5
Files Infected: 185

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\cbXRIBTn.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\wvUnNFVo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Program Files\Mozilla Firefox\components\iamfamous.dll (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6edc3297-eb97-4efc-98f9-74afff939459} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{6edc3297-eb97-4efc-98f9-74afff939459} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{afaf8314-45c9-4ec5-9317-a9c24e01d0ac} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wvunnfvo (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{afaf8314-45c9-4ec5-9317-a9c24e01d0ac} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{afaf8314-45c9-4ec5-9317-a9c24e01d0ac} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6edc3297-eb97-4efc-98f9-74afff939459} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{90b5a95a-afd5-4d11-b9bd-a69d53d22226} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0ac49246-419b-4ee0-8917-8818daad6a4e} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{99410cde-6f16-42ce-9d49-3807f78f0287} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videosoft (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\totalvid (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\BitDownload (Trojan.Lop) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Logical Disk Manager (dmserver) (Trojan.Proxy) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\MSFox (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\OneStepSearch (Adware.OneStepSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500bca15-57a7-4eaf-8143-8c619470b13d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Adware.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\38779ea5 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{afaf8314-45c9-4ec5-9317-a9c24e01d0ac} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSFox (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Cognac (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\cbxribtn -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\cbxribtn -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.115,85.255.112.152 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{e0419cfb-6e8f-4665-9fb8-7a6a96011576}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.115,85.255.112.152 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.115,85.255.112.152 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{e0419cfb-6e8f-4665-9fb8-7a6a96011576}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.115,85.255.112.152 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.115,85.255.112.152 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{e0419cfb-6e8f-4665-9fb8-7a6a96011576}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.115,85.255.112.152 -> Quarantined and deleted successfully.

Folders Infected:
C:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Program Files\OneStepSearch (Adware.OneStepSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\live 64 math does (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jennifer\Application Data\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jennifer\Application Data\ShoppingReport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\cbXRIBTn.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\nTBIRXbc.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nTBIRXbc.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wvUnNFVo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\byXRiigf.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fgiiRXyb.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ddcdeCtt.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ttCedcdd.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dmlsaurw.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wruaslmd.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\efcCrRJB.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\BJRrCcfe.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\BJRrCcfe.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fccaYSlk.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\klSYaccf.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hgGwUkJA.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\AJkUwGgh.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iiffEwXo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oXwEffii.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ilrbraha.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\aharbrli.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jkkJyWno.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\onWyJkkj.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nnnnkKeE.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\EeKknnnn.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opnommli.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ilmmonpo.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pmnnNhif.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fihNnnmp.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rqRLfccc.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cccfLRqr.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tbcrwhal.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lahwrcbt.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tfasjjmp.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pmjjsaft.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yayvUKaA.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\AaKUvyay.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yayyXRIA.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\AIRXyyay.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jennifer\Local Settings\Temporary Internet Files\Content.IE5\EBRENY88\index[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jennifer\Local Settings\Temporary Internet Files\Content.IE5\GR4WO886\6000[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jennifer\Local Settings\Temporary Internet Files\Content.IE5\GR4WO886\upd[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jennifer\Local Settings\Temporary Internet Files\Content.IE5\GR4WO886\upd[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jennifer\Local Settings\Temporary Internet Files\Content.IE5\N9SPSYPH\upd105320[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jennifer\Local Settings\Temporary Internet Files\Content.IE5\QKPK7LZ6\apstpldr.dll[1].htm (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jennifer\Local Settings\Temporary Internet Files\Content.IE5\WAA42263\kb600179[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mom and Dad\Local Settings\Temp\ieB.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mom and Dad\Local Settings\Temp\tmp10.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mom and Dad\Local Settings\Temporary Internet Files\Content.IE5\0MLRL8XL\FlashPlayer.v3.294[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mom and Dad\Local Settings\Temporary Internet Files\Content.IE5\0MLRL8XL\index[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mom and Dad\Local Settings\Temporary Internet Files\Content.IE5\0MLRL8XL\upd105320[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\ie34.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\ie4F5.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\ie53B.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\ie543.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\ie59B.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\ie5CF.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\tmp38.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temporary Internet Files\Content.IE5\7RZQ5ADW\FlashPlayer.v3.294[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temporary Internet Files\Content.IE5\7RZQ5ADW\divx[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temporary Internet Files\Content.IE5\D23A5X0Q\index[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temporary Internet Files\Content.IE5\H4IXCUX2\6000[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temporary Internet Files\Content.IE5\H4IXCUX2\FlashPlayer.v3.294[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temporary Internet Files\Content.IE5\H4IXCUX2\FlashPlayer.v3.294[2].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temporary Internet Files\Content.IE5\H4IXCUX2\upd105320[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temporary Internet Files\Content.IE5\L3M3G2TJ\FlashPlayer.v3.294[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Scott\Local Settings\Temp\tmp1C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Scott\Local Settings\Temp\ie18.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\1Q0K5GOL\upd[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\39F8OM2M\mslog[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\39F8OM2M\mslog[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\39F8OM2M\FlashPlayer.v3.294[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\39F8OM2M\kb600179[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\39F8OM2M\index[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\39F8OM2M\index[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\39F8OM2M\divx[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\3FUG1T01\divx[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\CFX7KWEF\index[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\CFX7KWEF\kb435[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\CFX7KWEF\kb600179[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iodzpk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ipmlki.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uwescjsi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\anyqhdhg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\apttpubl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ewggux.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\excjdflm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\exteuaqk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\frnzon.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fugvybql.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\futiwp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nizgtw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jleutfef.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jlpopk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msqpdxrkvufhdr.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\ofteefel.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ogsyhmuu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pnkkfpho.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pnrtby.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pqcixxwj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wrkiilrt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hpknfc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bswdfn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\devwxdty.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dxdlrexm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ehrvhdmg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lyasgw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rzzoon.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\shqqkufb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ttdwvaap.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\twpkqeoc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ucuiwfkl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awcjahyw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bcyrbvww.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gqktgnru.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cjxivrby.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kdkiap.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kdvuuqsd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ajbwaw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\svadrfba.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ouwpogux.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sdaajwwf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vjtvao.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vkezxe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vpbhgixr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vskaqj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vvacgd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vvgkgqtn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xclcnhot.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ximebj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xoautyff.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\atmsqlfg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xymvyuwp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zfkrqv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zrsrli.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qhqgup.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mtwctw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mwyxvpks.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fhkmgo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fhnlknhd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kojrqqlc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kuwxjkpg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tpqbstwh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rlfjyj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ddcDwxwv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sphhgqgh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\abcnxqtq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kfsjodbb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kihywrfo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kioetz.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kiwzok.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pimypsql.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\izjyit.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jcmpctwg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\autorun.inf (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\resycled\boot.com (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\resycled\ntldr.com (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\live 64 math does\Creative Bias.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\live 64 math does\Less Deaf.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\live 64 math does\MULTI MAGS.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\gaopdxserv.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iKf1F3b8.exe.a_a (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\msqpdxhlugsioe.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\msqpdxptnkltwq.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\msqpdxqdlqpxnq.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\msqpdxxtcefygy.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\components\iamfamous.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\service.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msxml71.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\system32\baloon.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cfrog.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mom and Dad\Local Settings\Temp\a.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Documents and Settings\Mom and Dad\Local Settings\Temp\~tmpa.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\RECYCLER\ADAPT_Installer.exe (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tempo-551.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tempo-7E1.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tempo-A55.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tempo-C87.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mom and Dad\Local Settings\Temp\~tmpb.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mom and Dad\Local Settings\Temp\~tmpc.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mom and Dad\Local Settings\Temp\~tmpd.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Documents and Settings\Mom and Dad\Local Settings\Temp\~tmpe.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\System\smss.exe.assembly (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\System\smss.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.


Here is the log file for ComboFix


ComboFix 09-01-17.04 - Mom and Dad 2009-01-18 9:27:13.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.701 [GMT -8:00]
Running from: c:\documents and settings\Mom and Dad\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\program files\tintinyproxyy\tinyproxy.exe
c:\windows\system32\kbgplaoj.ini
c:\windows\system32\kggdohbl.dll
c:\windows\system32\mlgfwhep.ini
c:\windows\system32\pmrmupwr.ini
c:\windows\system32\vDNWaccf.ini
c:\windows\Tasks\emumiifq.job
c:\windows\Tasks\fpeidftb.job
c:\windows\Tasks\jhvcoxaa.job
c:\windows\Tasks\tsrvnyzg.job
E:\Autorun.inf
E:\resycled
e:\resycled\boot.com
e:\resycled\ntldr.com
F:\Autorun.inf
F:\resycled
f:\resycled\boot.com
f:\resycled\ntldr.com

----- BITS: Possible infected sites -----

hxxp://b9n.org
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\userinit.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_APPLE_MOBILE_DEVICE_(APPLE_MOBILE_DEVICE)_
-------\Legacy_ATI_HOTKEY_POLLER_(ATI_HOTKEY_POLLER)_
-------\Legacy_HTTP_SSL_(HTTPFILTER)_
-------\Legacy_LOGICAL_DISK_MANAGER_(DMSERVER)_
-------\Legacy_MCAFEE_SYSTEMGUARDS_(MCSYSMON)_
-------\Legacy_MEDIA_CENTER_RECEIVER_SERVICE_(EHRECVR)_
-------\Service_Apple Mobile Device (Apple Mobile Device)
-------\Service_Ati HotKey Poller (Ati HotKey Poller)
-------\Service_HTTP SSL (HTTPFilter)
-------\Service_Logical Disk Manager (dmserver)
-------\Service_McAfee SystemGuards (McSysmon)
-------\Service_Media Center Receiver Service (ehRecvr)


((((((((((((((((((((((((( Files Created from 2008-12-18 to 2009-01-18 )))))))))))))))))))))))))))))))
.

2009-01-17 18:17 . 2009-01-17 18:17 69,632 --a------ c:\windows\system32\iKf1F3b8.exe_
2009-01-17 18:17 . 2009-01-17 18:33 69,632 --a------ c:\windows\system32\iKf1F3b8.exe
2009-01-17 09:49 . 2009-01-17 09:49 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-17 09:49 . 2009-01-17 09:49 <DIR> d-------- c:\documents and settings\Mom and Dad\Application Data\Malwarebytes
2009-01-17 09:49 . 2009-01-17 09:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-17 09:49 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-17 09:49 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-12 20:19 . 2009-01-12 20:19 <DIR> d-------- c:\program files\smss
2009-01-12 20:19 . 2009-01-12 20:19 29,184 -r-hs---- c:\windows\system32\anfapi.dll
2009-01-12 20:19 . 2009-01-12 20:19 8,448 -r-hs---- c:\windows\system32\anftdird.sys
2009-01-06 21:58 . 2009-01-06 22:49 <DIR> d-------- C:\rsit
2008-12-31 00:29 . 2008-12-31 01:49 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-31 00:29 . 2008-12-31 02:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-31 00:17 . 2008-12-31 00:17 <DIR> d-------- c:\program files\Trend Micro
2008-12-30 22:59 . 2008-12-30 22:59 <DIR> d-------- c:\documents and settings\Mom and Dad\Application Data\Uniblue
2008-12-30 18:55 . 2008-12-30 18:55 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-26 23:32 . 2009-01-18 09:28 <DIR> d-------- c:\program files\tintinyproxyy
2008-12-26 23:16 . 2008-04-13 16:12 26,112 --a------ c:\windows\system32\stu2.exe
2008-12-23 17:18 . 2008-12-23 17:18 <DIR> d-------- c:\program files\LEGO Media
2008-12-21 21:29 . 2008-12-21 21:29 132,608 --a------ c:\windows\amilasej.dll
2008-12-21 21:17 . 2008-12-21 21:17 39,424 --a------ c:\windows\Amukuqoq.dll
2008-12-19 17:25 . 2008-12-19 17:25 <DIR> d-------- c:\program files\EA SPORTS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-17 00:01 --------- d-----w c:\program files\DNA
2009-01-13 07:10 --------- d-----w c:\documents and settings\All Users\Application Data\RetroExp
2009-01-07 05:56 --------- d-----w c:\program files\LimeWire
2009-01-06 00:05 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-31 10:48 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2008-12-31 08:21 --------- d-----w c:\program files\Windows Live Toolbar
2008-12-31 07:12 --------- d-----w c:\program files\GemMaster
2008-12-31 05:23 --------- d-----w c:\documents and settings\Mom and Dad\Application Data\McAfee
2008-12-31 04:24 --------- d-----w c:\program files\Lavasoft
2008-12-14 00:28 --------- d-----w c:\program files\Microsoft Games
2008-12-07 20:47 98,304 ----a-w c:\windows\system32CmdLineExt.dll
2008-12-04 00:01 --------- d-----w c:\windows\system32\config\systemprofile\Application Data\alot
2008-12-02 05:17 --------- d-----w c:\program files\iTunes
2008-12-02 05:17 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-02 05:16 --------- d-----w c:\program files\iPod
2008-12-02 05:16 --------- d-----w c:\program files\Common Files\Apple
2008-12-02 05:13 --------- d-----w c:\program files\QuickTime
2008-12-01 23:56 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2008-11-30 21:21 --------- d-----w c:\documents and settings\Jennifer\Application Data\alot
2008-11-26 06:02 --------- d-----w c:\documents and settings\Mom and Dad\Application Data\acccore
2008-11-26 04:23 --------- d-----w c:\documents and settings\Mom and Dad\Application Data\alot
2008-11-24 19:16 --------- d-----w c:\program files\Incomplete
2008-11-24 19:16 --------- d-----w c:\documents and settings\Jennifer\Application Data\LimeWire
2008-11-24 16:34 27,904 ----a-w c:\windows\system32\drivers\ndisprot.sys
2008-11-24 03:45 34,866 ----a-w c:\windows\zlclien.exe
2008-11-24 00:34 24,576 ----a-w c:\windows\zonealarm.exe
2008-11-23 18:49 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-20 03:21 --------- d-----w c:\documents and settings\Mom and Dad\Application Data\Apple Computer
2008-04-05 15:29 0 ----a-w c:\program files\temp01
2007-12-11 03:54 32 ----a-r c:\documents and settings\All Users\hash.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\program files\WinDefender 2008
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\windows\system32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 21:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-11-07 14:16 111936 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2006-02-09 21:05 344064 c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bxetafidequbefo]
--a------ 2008-12-21 21:17 39424 c:\windows\Amukuqoq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 16:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]
--a------ 2008-08-13 17:32 206064 c:\program files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
--a------ 2007-11-15 09:24 16384 c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2004-08-10 04:04 59392 c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxtorOneTouch]
--a------ 2004-12-22 08:21 823296 c:\program files\Maxtor\OneTouch\Utils\OneTouch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mrovo]
--a------ 2008-12-21 21:29 132608 c:\windows\amilasej.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RetroExpress]
--a------ 2004-07-30 15:47 6946816 c:\progra~1\Dantz\RETROS~1\RetroExpress.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-09-16 12:16 1833296 c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 c:\program files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a------ 2004-01-07 01:01 110592 c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a------ 2005-03-22 17:20 339968 c:\windows\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"McAfee SystemGuards (McSysmon) "=2 (0x2)
"Logical Disk Manager (dmserver) "=2 (0x2)
"HTTP SSL (HTTPFilter) "=2 (0x2)
"Ati HotKey Poller (Ati HotKey Poller) "=2 (0x2)
"Apple Mobile Device (Apple Mobile Device) "=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"c:\\Program Files\\Common Files\\PocketSoft\\RTPatch\\AutoRTP\\artpschd.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Republic Commando\\GameData\\System\\SWRepublicCommando.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Atari\\Civilization III\\Civ3PTW\\Civilization3X.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Empire at War Forces of Corruption\\swfoc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Sierra\\Empire Earth Demo\\Empire Earth.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\smss\\smss.exe"=

R4 anftdird;anftdird;c:\windows\system32\anftdird.sys [2009-01-12 8448]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-05-06 24652]
R4 X4HSX32Ex;X4HSX32Ex;c:\program files\Free Ride Games\X4HSX32Ex.sys [2008-03-01 29856]
S3 Ndisprot;ArcNet NDIS Protocol Driver;c:\windows\system32\drivers\ndisprot.sys [2008-11-24 27904]
S4 DHCP Client (Dhcp);DHCP Client (Dhcp);c:\program files\Common Files\\System\\smss.exe --> c:\program files\Common Files\\System\\smss.exe [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com e:
\Shell\Open\command - e:\resycled\boot.com e:

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08A23CDC-F7BC-663C-0404-040004010101}]
c:\windows\system32\sysdebugl.exe
.
Contents of the 'Scheduled Tasks' folder

2009-01-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-01-18 c:\windows\Tasks\At1.job
- c:\windows\system32\iKf1F3b8.exe [2009-01-17 18:33]

2009-01-18 c:\windows\Tasks\At10.job
- c:\windows\system32\iKf1F3b8.exe [2009-01-17 18:33]

2009-01-18 c:\windows\Tasks\At11.job
- c:\windows\system32\iKf1F3b8.exe [2009-01-17 18:33]

2009-01-18 c:\windows\Tasks\At12.job
- c:\windows\system32\iKf1F3b8.exe [2009-01-17 18:33]

2009-01-18 c:\windows\Tasks\At13.job
- c:\windows\system32\iKf1F3b8.exe [2009-01-17 18:33]

2009-01-18 c:\windows\Tasks\At14.job
- c:\windows\system32\iKf1F3b8.exe [2009-01-17 18:33]

2009-01-18 c:\windows\Tasks\At15.job
- c:\windows\system32\iKf1F3b8.exe [2009-01-17 18:33]

2009-01-18 c:\windows\Tasks\At16.job
- c:\windows\system32\iKf1F3b8.exe [2009-01-17 18:33]

2009-01-18 c:\windows\Tasks\At17.job
- c:\windows\system32\iKf1F3b8.exe [2009-01-17 18:33]

2009-01-18 c:\windows\Tasks\At18.job
- c:\windows\system32\iKf1F3b8.exe [2009-01-17 18:33]

2009-01-18 c:\windows\Tasks\At19.job
- c:\windows\system32\iKf1F3b8.exe [2009-01-17 18:33]

2009-01-18 c:\windows\Tasks\At2.job
- c:\windows\system32\iKf1F3b8.exe [2009-01-17 18:33]

2009-01-18 c:\windows\Tasks\At20.job
- c:\windows\system32\iKf1F3b8.exe [2009-01-17 18:33]

2009-01-18 c:\windows\Tasks\At21.job
- c:\windows\system32\iKf1F3b8.exe [2009-01-17 18:33]

2009-01-18 c:\windows\Tasks\At22.job
- c:\windows\system32\iKf1F3b8.exe [2009-01-17 18:33]

2009-01-18 c:\windows\Tasks\At23.job
- c:\windows\system32\iKf1F3b8.exe [2009-01-17 18:33]

2009-01-18 c:\windows\Tasks\At24.job
- c:\windows\system32\iKf1F3b8.exe [2009-01-17 18:33]

2009-01-18 c:\windows\Tasks\At25.job
- c:\windows\system32\iKf1F3b8.exe [2009-01-17 18:33]

2009-01-18 c:\windows\Tasks\At26.job
- c:\windows\system32\iKf1F3b8.exe [2009-01-17 18:33]

2009-01-18 c:\windows\Tasks\At27.job
- c:\windows\system32\iKf1F3b8.exe [2009-01-17 18:33]

2009-01-18 c:\windows\Tasks\At28.job
- c:\windows\system32\iKf1F3b8.exe [2009-01-17 18:33]

2009-01-18 c:\windows\Tasks\At29.job
- c:\windows\system32\iKf1F3b8.exe [2009-01-17 18:33]

2009-01-18 c:\windows\Tasks\At3.job
- c:\windows\system32\iKf1F3b8.exe [2009-01-17 18:33]

2009-01-18 c:\windows\Tasks\At30.job
- c:\windows\system32\iKf1F3b8.exe [2009-01-17 18:33]

2009-01-18 c:\windows\Tasks\At31.job
- c:\windows\system32\iKf1F3b8.exe [2009-01-17 18:33]

2009-01-18 c:\windows\Tasks\At32.job
- c:\windows\system32\iKf1F3b8.exe [2009-01-17 18:33]

2009-01-18 c:\windows\Tasks\At33.job
- c:\windows\system32\iKf1F3b8.exe [2009-01-17 18:33]

2009-01-18 c:\windows\Tasks\At34.job
- c:\windows\system32\iKf1F3b8.exe [2009-01-17 18:33]

2009-01-18 c:\windows\Tasks\At35.job
- c:\windows\system32\iKf1F3b8.exe [2009-01-17 18:33]

2009-01-18 c:\windows\Tasks\At36.job
- c:\windows\system32\iKf1F3b8.exe [2009-01-17 18:33]

2009-01-18 c:\windows\Tasks\At37.job
- c:\windows\system32\iKf1F3b8.exe [2009-01-17 18:33]

2009-01-18 c:\windows\Tasks\At38.job
- c:\windows\system32\iKf1F3b8.exe [2009-01-17 18:33]

2009-01-18 c:\windows\Tasks\At39.job
- c:\windows\system32\iKf1F3b8.exe [2009-01-17 18:33]

2009-01-18 c:\windows\Tasks\At4.job
- c:\windows\system32\iKf1F3b8.exe [2009-01-17 18:33]

2009-01-18 c:\windows\Tasks\At40.job
- c:\windows\system32\iKf1F3b8.exe [2009-01-17 18:33]

2009-01-18 c:\windows\Tasks\At41.job
- c:\windows\system32\iKf1F3b8.exe [2009-01-17 18:33]

2009-01-18 c:\windows\Tasks\At42.job
- c:\windows\system32\iKf1F3b8.exe [2009-01-17 18:33]

2009-01-18 c:\windows\Tasks\At43.job
- c:\windows\system32\iKf1F3b8.exe [2009-01-17 18:33]

2009-01-18 c:\windows\Tasks\At44.job
- c:\windows\system32\iKf1F3b8.exe [2009-01-17 18:33]

2009-01-18 c:\windows\Tasks\At45.job
- c:\windows\system32\iKf1F3b8.exe [2009-01-17 18:33]

2009-01-18 c:\windows\Tasks\At46.job
- c:\windows\system32\iKf1F3b8.exe [2009-01-17 18:33]

2009-01-18 c:\windows\Tasks\At47.job
- c:\windows\system32\iKf1F3b8.exe [2009-01-17 18:33]

2009-01-18 c:\windows\Tasks\At48.job
- c:\windows\system32\iKf1F3b8.exe [2009-01-17 18:33]

2009-01-18 c:\windows\Tasks\At5.job
- c:\windows\system32\iKf1F3b8.exe [2009-01-17 18:33]

2009-01-18 c:\windows\Tasks\At6.job
- c:\windows\system32\iKf1F3b8.exe [2009-01-17 18:33]

2009-01-18 c:\windows\Tasks\At7.job
- c:\windows\system32\iKf1F3b8.exe [2009-01-17 18:33]

2009-01-18 c:\windows\Tasks\At8.job
- c:\windows\system32\iKf1F3b8.exe [2009-01-17 18:33]

2009-01-18 c:\windows\Tasks\At9.job
- c:\windows\system32\iKf1F3b8.exe [2009-01-17 18:33]

2009-01-18 c:\windows\Tasks\B30620B29115D1C6.job
- c:\docume~1\scott\applic~1\sixthu~1\Thunk iso acid.exe []

2009-01-18 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
- - - - ORPHANS REMOVED - - - -

BHO-{20D94F0E-9BDF-4C0E-8737-5E829D96A73C} - c:\windows\system32\LinkSave.dll__BHODemonDisabled
BHO-{7122a93b-d08f-4156-b5d3-b010e854a199} - c:\windows\system32\hpknfc.dll__BHODemonDisabled
MSConfigStartUp-38779ea5 - c:\windows\system32\tfasjjmp.dll
MSConfigStartUp-Uninstall - c:\program files\WinDefender 2008\Uninstall.exe
MSConfigStartUp-baloon - c:\windows\system32\baloon.exe
MSConfigStartUp-cfrog - c:\windows\system32\cfrog.exe
MSConfigStartUp-kdubl - c:\windows\system32\kdubl.exe
MSConfigStartUp-MATH DOES FIRST MODE - c:\documents and settings\All Users\Application Data\live 64 math does\MULTI MAGS.exe
MSConfigStartUp-MBkLogOnHook - c:\program files\McAfee\MBK\LogOnHook.exe
MSConfigStartUp-McAfee Backup - c:\program files\McAfee\MBK\McAfeeDataBackup.exe
MSConfigStartUp-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe
MSConfigStartUp-MXOBG - c:\documents and settings\Jennifer\Local Settings\Temp\{231F68F4-70E4-41A6-BEDA-7E7934169B54}\MXOALDR.EXE
MSConfigStartUp-WiniGuard - c:\program files\WiniGuard Software\WiniGuard\WiniGuard.exe
MSConfigStartUp-Windows Services - service.exe


.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local;<local>
FF - ProfilePath - c:\documents and settings\Mom and Dad\Application Data\Mozilla\Firefox\Profiles\zz1guznb.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 7070
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: e:\itunes\Plugins\npqtplugin.dll
FF - plugin: e:\itunes\Plugins\npqtplugin2.dll
FF - plugin: e:\itunes\Plugins\npqtplugin3.dll
FF - plugin: e:\itunes\Plugins\npqtplugin4.dll
FF - plugin: e:\itunes\Plugins\npqtplugin5.dll
FF - plugin: e:\itunes\Plugins\npqtplugin6.dll
FF - plugin: e:\itunes\Plugins\npqtplugin7.dll

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-18 09:30:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehRecvr.exe
c:\windows\ehome\ehSched.exe
c:\progra~1\Dantz\RETROS~1\retrorun.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-01-18 9:34:24 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-18 17:34:21

Pre-Run: 229,119,991,808 bytes free
Post-Run: 229,179,678,720 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

371 --- E O F --- 2008-11-19 05:23:30


Thanks for your help!
- Dennie
katana
2009-01-18, 21:11
Step 1


Submit a File For Analysis
We need to have the files below Scanned by Uploading them/it to Virus Total

Please visit Virustotal (http://www.virustotal.com/en/indexf.html)
Copy/paste the the following file path into the window
c:\windows\system32\sysdebugl.exe
Click Submit/Send File
Please post back, to let me know the results.

Please do the same for the following file
c:\windows\system32\iKf1F3b8.exe

If Virustotal is too busy please try Jotti (http://virusscan.jotti.org/)

----------------------------------------------------------- -----------------------------------------------------------
Step 2



OTMoveIt
Please download OTMoveIt3 by OldTimer (http://oldtimer.geekstogo.com/OTMoveIt3.exe) and save it to your desktop

Double-click OTMoveIt3.exe to run it.
Copy the lines in the codebox below. ( Make sure you include :Processes )



:Processes
explorer.exe
:Services
anftdird
DHCP Client (Dhcp)
:Reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bxetafidequbefo]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mrovo]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\DNA\\btdna.exe"=-
"c:\\Program Files\\smss\\smss.exe"=-

:Files
c:\windows\system32\iKf1F3b8.exe_
c:\windows\system32\iKf1F3b8.exe
c:\Program Files\smss
c:\windows\system32\anfapi.dll
c:\windows\system32\anftdird.sys
c:\Program Files\tintinyproxyy
c:\windows\system32\stu2.exe
c:\windows\amilasej.dll
c:\windows\Amukuqoq.dll
c:\Program Files\LimeWire
c:\windows\system32\config\systemprofile\Application Data\alot
c:\documents and settings\Jennifer\Application Data\alot
c:\documents and settings\Mom and Dad\Application Data\alot
c:\documents and settings\Jennifer\Application Data\LimeWire
c:\windows\Tasks\At*.job
:Commands
[Purity]
[EmptyTemp]
[Start Explorer]
[Reboot]



Return to OTMoveIt3, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.


- Close ALL open windows (especially Internet Explorer!)-
Click the red Moveit! button.
Copy everything in the Results window (under the green bar), and paste it in your next reply.
Close OTMoveIt3


If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


----------------------------------------------------------- -----------------------------------------------------------
Step 3


Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html

Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.


**Note**

To optimize scanning time and produce a more sensible report for review: Close any open programs.
Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

----------------------------------------------------------- -----------------------------------------------------------
Step 4

Logs/Information to Post in Reply
Please post the following logs/Information in your reply

Virus Total Report
OTMI Log
Kaspersky Log
How are things running now ?
Dennie
2009-01-20, 09:33
VirusTotal files…

File sysdebugl.exe received on 01.20.2009 06:33:08 (CET)
Antivirus Version Last Update Result
a-squared 4.0.0.73 2009.01.20 Riskware.Win32.CeeInject!IK
AhnLab-V3 2009.1.20.1 2009.01.20 -
AntiVir 7.9.0.57 2009.01.19 TR/Dropper.Gen
Authentium 5.1.0.4 2009.01.19 -
Avast 4.8.1281.0 2009.01.19 -
AVG 8.0.0.229 2009.01.20 Crypt.AUS
BitDefender 7.2 2009.01.20 Trojan.AvKiller.CQ
CAT-QuickHeal 10.00 2009.01.20 -
ClamAV 0.94.1 2009.01.19 -
Comodo 937 2009.01.19 -
DrWeb 4.44.0.09170 2009.01.20 Win32.HLLW.MyBot
eSafe 7.0.17.0 2009.01.19 -
eTrust-Vet 31.6.6315 2009.01.19 Win32/CInject!generic
F-Prot 4.4.4.56 2009.01.19 -
F-Secure 8.0.14470.0 2009.01.20 Trojan.Win32.AntiAV.tz
Fortinet 3.117.0.0 2009.01.15 -
GData 19 2009.01.20 Trojan.AvKiller.CQ
Ikarus T3.1.1.45.0 2009.01.20 VirTool.Win32.CeeInject
K7AntiVirus 7.10.595 2009.01.19 -
Kaspersky 7.0.0.125 2009.01.20 Trojan.Win32.AntiAV.tz
McAfee 5500 2009.01.19 -
McAfee+Artemis 5500 2009.01.19 -
Microsoft 1.4205 2009.01.20 VirTool:Win32/CeeInject.gen!J
NOD32 3779 2009.01.19 a variant of Win32/Injector.FB
Norman 5.93.01 2009.01.19 -
nProtect 2009.1.8.0 2009.01.20 Trojan.AvKiller.CQ
Panda 9.5.1.2 2009.01.19 -
PCTools 4.4.2.0 2009.01.19 -
Prevx1 V2 2009.01.20 -
Rising 21.13.10.00 2009.01.20 -
SecureWeb-Gateway 6.7.6 2009.01.19 Trojan.Dropper.Gen
Sophos 4.37.0 2009.01.20 Troj/CeeInj-Fam
Sunbelt 3.2.1835.2 2009.01.16 -
Symantec 10 2009.01.20 -
TheHacker 6.3.1.5.224 2009.01.20 -
TrendMicro 8.700.0.1004 2009.01.20 -
VBA32 3.12.8.10 2009.01.19 Trojan.Win32.AntiAV.tz
ViRobot 2009.1.20.1567 2009.01.20 Trojan.Win32.AntiAV.42546
VirusBuster 4.5.11.0 2009.01.19 -

Additional information
File size: 34866 bytes
MD5...: 8da5fbbda59e67926111752ac577a234
SHA1..: 356d4c179d95fc91f7172a63fc50c9c6cad6a818
SHA256: 770195fdf636b51587994be6969aecb356d2e6627c95eec1376a8f9fb8b2223e
SHA512: 25f5bb74bb139917ead9ac8171a8530f74c290c383e6e26ebc0d2d82a68b366a<BR>67547961a208aa92e43f38258116e8d9918c64750f72653e6fa51d8acd5a1c4c<BR>
ssdeep: 384:Gdv0/0rhI2qW13guzazqw6SJbnxzAYrbiRaqb/85E3:D/4MA3fL7SdxvbiRr<BR>P3<BR>
PEiD..: Armadillo v1.71
TrID..: File type identification<BR>Win32 Executable Generic (42.3%)<BR>Win32 Dynamic Link Library (generic) (37.6%)<BR>Generic Win/DOS Executable (9.9%)<BR>DOS Executable Generic (9.9%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x40203c<BR>timedatestamp.....: 0x49274a18 (Fri Nov 21 23:54:00 2008)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x11c2 0x2000 3.92 e5fc83e08deaf2c044528fe111cb00f7<BR>.rdata 0x3000 0x41c 0x1000 1.66 7a2ffcdbee30a853a34c2b69ec38194a<BR>.data 0x4000 0x444 0x1000 1.97 c9f4d259d5bd9a5ec1c1071ba3dccb5a<BR>.rsrc 0x5000 0x504 0x1000 3.86 f9f7f807f6579a84f60eb1114f61ee9f<BR><BR>( 4 imports ) <BR>&gt; KERNEL32.dll: FreeLibrary, LoadLibraryA, Sleep, ExitProcess, CloseHandle, GlobalFree, GetFileSize, CreateFileA, GetModuleFileNameA, CreateThread, GetStartupInfoA, GlobalAlloc, GetModuleHandleA, ReadFile, GetProcAddress<BR>&gt; USER32.dll: FindWindowA<BR>&gt; ADVAPI32.dll: RegOpenKeyA, RegCloseKey, RegQueryValueExA<BR>&gt; MSVCRT.dll: __getmainargs, strcpy, strlen, memset, strcmp, _except_handler3, realloc, _exit, _XcptFilter, exit, _acmdln, malloc, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _controlfp<BR><BR>( 0 exports ) <BR>



File KC3wtr06.exe received on 01.20.2009 01:26:49 (CET)
Antivirus Version Last Update Result
a-squared 4.0.0.73 2009.01.19 Trojan-Downloader.Win32.Obvod!IK
AhnLab-V3 2009.1.20.1 2009.01.19 -
AntiVir 7.9.0.57 2009.01.19 -
Authentium 5.1.0.4 2009.01.19 -
Avast 4.8.1281.0 2009.01.19 Win32:Ups
AVG 8.0.0.229 2009.01.20 -
BitDefender 7.2 2009.01.20 Trojan.FakeAntivirus.Gen
CAT-QuickHeal 10.00 2009.01.19 -
ClamAV 0.94.1 2009.01.19 -
Comodo 937 2009.01.19 TrojWare.Win32.Trojan.Agent.~
DrWeb 4.44.0.09170 2009.01.20 -
eSafe 7.0.17.0 2009.01.19 -
eTrust-Vet 31.6.6315 2009.01.19 -
F-Prot 4.4.4.56 2009.01.19 -
F-Secure 8.0.14470.0 2009.01.19 -
Fortinet 3.117.0.0 2009.01.15 -
GData 19 2009.01.20 Trojan.FakeAntivirus.Gen
Ikarus T3.1.1.45.0 2009.01.19 Trojan-Downloader.Win32.Obvod
K7AntiVirus 7.10.595 2009.01.19 Trojan.Win32.Malware.1
Kaspersky 7.0.0.125 2009.01.20 -
McAfee 5500 2009.01.19 -
McAfee+Artemis 5500 2009.01.19 -
Microsoft 1.4205 2009.01.20 TrojanDownloader:Win32/Obvod.C
NOD32 3779 2009.01.19 -
Norman 5.93.01 2009.01.19 W32/Antivirus2008.BVI
nProtect 2009.1.8.0 2009.01.19 -
Panda 9.5.1.2 2009.01.19 Trj/Zlob.KS
PCTools 4.4.2.0 2009.01.19 -
Prevx1 V2 2009.01.20 Malicious Software
Rising 21.13.02.00 2009.01.19 Trojan.Win32.Nodef.aei
SecureWeb-Gateway 6.7.6 2009.01.19 -
Sophos 4.37.0 2009.01.20 Mal/EncPk-CZ
Sunbelt 3.2.1835.2 2009.01.16 VIPRE.Suspicious
Symantec 10 2009.01.20 -
TheHacker 6.3.1.5.224 2009.01.20 -
TrendMicro 8.700.0.1004 2009.01.19 TROJ_DLOADR.RA
VBA32 3.12.8.10 2009.01.19 -
ViRobot 2009.1.19.1565 2009.01.19 -
VirusBuster 4.5.11.0 2009.01.19 -

Additional information
File size: 69632 bytes
MD5...: b45325d3bc6ea191bbb1de76fea9306d
SHA1..: 06f719127752c9790c5b3e214d462d528c8f5bb4
SHA256: 3301170838e51681c01007f9e5e68a664f871173ff6a3bae7f39bea6c11a5a29
SHA512: 87108b4b8f2e85119e622140a44b26f85106ad106027952c66ffc2932a46dc92<BR>27a1982c759da632e83d92d2f790f5419e80e4741c3962789aee0271136213a4<BR>
ssdeep: 1536:lGagTa4aGfnYrd5pYggdHkZ7OOG1fYeE:lGa2a4xfWHepkZswv<BR>
PEiD..: -
TrID..: File type identification<BR>Win32 Dynamic Link Library (generic) (55.7%)<BR>Clipper DOS Executable (14.8%)<BR>Generic Win/DOS Executable (14.7%)<BR>DOS Executable Generic (14.6%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x4011ec<BR>timedatestamp.....: 0x479c79c0 (Sun Jan 27 12:32:00 2008)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0xc76 0x1000 3.32 5b869208056da8e89c29e67c7149c514<BR>.data 0x2000 0xcd1f 0xd000 7.18 ded73ef871bcf8614756ff392516e6f4<BR>.rdata 0xf000 0xbdd3 0x1000 0.00 620f0b67a91f7f74151bc5be745b7110<BR>.rsr 0x1b000 0x757 0x1000 0.00 620f0b67a91f7f74151bc5be745b7110<BR><BR>( 4 imports ) <BR>&gt; advapi32.dll: RegOpenKeyW, RegCreateKeyExW, RegReplaceKeyW, RegDeleteKeyW, RegQueryValueExW, RegQueryInfoKeyA, RegQueryValueExA, RegFlushKey, RegEnumKeyExW, RegLoadKeyA, RegEnumKeyA, RegOpenKeyExA, RegReplaceKeyA, RegOpenKeyA, RegOpenKeyExW, RegLoadKeyW, RegDeleteValueA, RegDeleteKeyA, RegGetKeySecurity, RegDeleteValueW<BR>&gt; comctl32.dll: ImageList_GetImageRect, ImageList_LoadImageA, ImageList_DragLeave, ImageList_LoadImage, ImageList_DrawEx, ImageList_Read, ImageList_GetImageInfo, ImageList_Draw, ImageList_Remove, ImageList_DragEnter, ImageList_ReplaceIcon, ImageList_Create, ImageList_GetIcon, ImageList_DragMove, ImageList_Copy, ImageList_GetDragImage, ImageList_LoadImageW, ImageList_EndDrag, ImageList_DragShowNolock<BR>&gt; kernel32.dll: GetModuleHandleA, GetCPInfo, GlobalAlloc, WideCharToMultiByte, DeleteFileA, Sleep, lstrcmpA, GlobalFree, HeapFree, GetCommandLineA, GetStdHandle, GetStringTypeW, FreeLibrary, SetLastError, CloseHandle, GetModuleFileNameA, GetLocalTime, GetLastError, GetDateFormatA<BR>&gt; user32.dll: CreateIcon, DrawIconEx, LoadCursorA, GetFocus, EndDialog, DrawIcon, CopyImage, DialogBoxParamW, CopyIcon, GetCursor, AppendMenuW, InsertMenuA, CopyRect, BlockInput, AlignRects, GetMenu<BR><BR>( 0 exports ) <BR>
ThreatExpert info: <A href="http://www.threatexpert.com/report.aspx?md5=b45325d3bc6ea191bbb1de76fea9306d" target=_blank>http://www.threatexpert.com/report.aspx?md5=b45325d3bc6ea191bbb1de76fea9306d</A>
Prevx info: <A href="http://info.prevx.com/aboutprogramtext.asp?PX5=E45CBC2000CE3B741093012DDDE82A001DCCDFC9" target=_blank>http://info.prevx.com/aboutprogramtext.asp?PX5=E45CBC2000CE3B741093012DDDE82A001DCCDFC9</A>


OTMoveIT results…

When I ran OTMoveIt it froze on the first Service “anftdird”.
I rebooted and tried several times… same thing.
I tried running LavaSoft Ad-Adware and had it delete 2 trojans, but that didn’t help.

I swapped the order of Services “DHCP Client (Dhcp)” and “anftdird” and it removed “DHCP Client (Dhcp), but still froze on “anftdird”.

I had to reboot and start my PC in SAFE Mode to get OTMoveIt to get passed “anftdird”.

Following is the log from running OTMoveIT in Safe Mode:

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Service anftdird stopped successfully.
Service anftdird deleted successfully.
Service DHCP Client (Dhcp) stopped successfully.
Service DHCP Client (Dhcp) deleted successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bxetafidequbefo\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mrovo\\ deleted successfully.
Registry key HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List not found.
Registry key HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List not found.
========== FILES ==========
File/Folder c:\windows\system32\iKf1F3b8.exe_ not found.
c:\windows\system32\iKf1F3b8.exe moved successfully.
c:\Program Files\smss moved successfully.
LoadLibrary failed for c:\windows\system32\anfapi.dll
c:\windows\system32\anfapi.dll NOT unregistered.
c:\windows\system32\anfapi.dll moved successfully.
c:\windows\system32\anftdird.sys moved successfully.
c:\Program Files\tintinyproxyy moved successfully.
c:\windows\system32\stu2.exe moved successfully.
c:\windows\amilasej.dll NOT unregistered.
c:\windows\amilasej.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\Amukuqoq.dll
c:\windows\Amukuqoq.dll NOT unregistered.
c:\windows\Amukuqoq.dll moved successfully.
c:\Program Files\LimeWire\lib moved successfully.
c:\Program Files\LimeWire moved successfully.
c:\windows\system32\config\systemprofile\Application Data\alot moved successfully.
c:\documents and settings\Jennifer\Application Data\alot moved successfully.
c:\documents and settings\Mom and Dad\Application Data\alot moved successfully.
c:\documents and settings\Jennifer\Application Data\LimeWire\xml\schemas moved successfully.
c:\documents and settings\Jennifer\Application Data\LimeWire\xml\misc moved successfully.
c:\documents and settings\Jennifer\Application Data\LimeWire\xml\data moved successfully.
c:\documents and settings\Jennifer\Application Data\LimeWire\xml moved successfully.
c:\documents and settings\Jennifer\Application Data\LimeWire\themes\windows_theme moved successfully.
c:\documents and settings\Jennifer\Application Data\LimeWire\themes moved successfully.
c:\documents and settings\Jennifer\Application Data\LimeWire\promotion moved successfully.
c:\documents and settings\Jennifer\Application Data\LimeWire\.NetworkShare moved successfully.
c:\documents and settings\Jennifer\Application Data\LimeWire\.AppSpecialShare moved successfully.
c:\documents and settings\Jennifer\Application Data\LimeWire moved successfully.
c:\windows\Tasks\At1.job moved successfully.
c:\windows\Tasks\At10.job moved successfully.
c:\windows\Tasks\At11.job moved successfully.
c:\windows\Tasks\At12.job moved successfully.
c:\windows\Tasks\At13.job moved successfully.
c:\windows\Tasks\At14.job moved successfully.
c:\windows\Tasks\At15.job moved successfully.
c:\windows\Tasks\At16.job moved successfully.
c:\windows\Tasks\At17.job moved successfully.
c:\windows\Tasks\At18.job moved successfully.
c:\windows\Tasks\At19.job moved successfully.
c:\windows\Tasks\At2.job moved successfully.
c:\windows\Tasks\At20.job moved successfully.
c:\windows\Tasks\At21.job moved successfully.
c:\windows\Tasks\At22.job moved successfully.
c:\windows\Tasks\At23.job moved successfully.
c:\windows\Tasks\At24.job moved successfully.
c:\windows\Tasks\At25.job moved successfully.
c:\windows\Tasks\At26.job moved successfully.
c:\windows\Tasks\At27.job moved successfully.
c:\windows\Tasks\At28.job moved successfully.
c:\windows\Tasks\At29.job moved successfully.
c:\windows\Tasks\At3.job moved successfully.
c:\windows\Tasks\At30.job moved successfully.
c:\windows\Tasks\At31.job moved successfully.
c:\windows\Tasks\At32.job moved successfully.
c:\windows\Tasks\At33.job moved successfully.
c:\windows\Tasks\At34.job moved successfully.
c:\windows\Tasks\At35.job moved successfully.
c:\windows\Tasks\At36.job moved successfully.
c:\windows\Tasks\At37.job moved successfully.
c:\windows\Tasks\At38.job moved successfully.
c:\windows\Tasks\At39.job moved successfully.
c:\windows\Tasks\At4.job moved successfully.
c:\windows\Tasks\At40.job moved successfully.
c:\windows\Tasks\At41.job moved successfully.
c:\windows\Tasks\At42.job moved successfully.
c:\windows\Tasks\At43.job moved successfully.
c:\windows\Tasks\At44.job moved successfully.
c:\windows\Tasks\At45.job moved successfully.
c:\windows\Tasks\At46.job moved successfully.
c:\windows\Tasks\At47.job moved successfully.
c:\windows\Tasks\At48.job moved successfully.
c:\windows\Tasks\At5.job moved successfully.
c:\windows\Tasks\At6.job moved successfully.
c:\windows\Tasks\At7.job moved successfully.
c:\windows\Tasks\At8.job moved successfully.
c:\windows\Tasks\At9.job moved successfully.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\mcmsc_NRxQVA2zDcc6g5E scheduled to be deleted on reboot.
Windows Temp folder emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01192009_231307

Files moved on Reboot...
File C:\WINDOWS\temp\mcmsc_NRxQVA2zDcc6g5E not found!



I can not run Kaspersky

It complains that I need to install Java 1.5 or later.

I installed the latest Java 1.6, refreshed Internet Explorer, closed and restarted IE, and rebooted my PC, but Kaspersky still complains. Java site reports “You have the recommended Java installed (Version 6 Update 11)”.


I re-ran OTMOveIt just to see if it would help...
This time I ran it after a normal boot, not Safe Boot.

Below is the 2nd report...

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Unable to stop service anftdird .
Unable to stop service DHCP Client (Dhcp) .
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bxetafidequbefo\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mrovo\\ not found.
Registry key HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List not found.
Registry key HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List not found.
========== FILES ==========
File/Folder c:\windows\system32\iKf1F3b8.exe_ not found.
File/Folder c:\windows\system32\iKf1F3b8.exe not found.
File/Folder c:\Program Files\smss not found.
File/Folder c:\windows\system32\anfapi.dll not found.
File/Folder c:\windows\system32\anftdird.sys not found.
File/Folder c:\Program Files\tintinyproxyy not found.
File/Folder c:\windows\system32\stu2.exe not found.
File/Folder c:\windows\amilasej.dll not found.
File/Folder c:\windows\Amukuqoq.dll not found.
File/Folder c:\Program Files\LimeWire not found.
File/Folder c:\windows\system32\config\systemprofile\Application Data\alot not found.
File/Folder c:\documents and settings\Jennifer\Application Data\alot not found.
File/Folder c:\documents and settings\Mom and Dad\Application Data\alot not found.
File/Folder c:\documents and settings\Jennifer\Application Data\LimeWire not found.
File/Folder c:\windows\Tasks\At*.job not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\MOMAND~1\LOCALS~1\Temp\hsperfdata_Mom and Dad\172 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MOMAND~1\LOCALS~1\Temp\~DF115D.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MOMAND~1\LOCALS~1\Temp\~DF117F.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\mcmsc_1wo2y24Xqfz1fIt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_1e4.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\WFV1.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01192009_235609

Files moved on Reboot...
File C:\DOCUME~1\MOMAND~1\LOCALS~1\Temp\hsperfdata_Mom and Dad\172 not found!
File C:\DOCUME~1\MOMAND~1\LOCALS~1\Temp\~DF115D.tmp not found!
File C:\DOCUME~1\MOMAND~1\LOCALS~1\Temp\~DF117F.tmp not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\mcmsc_1wo2y24Xqfz1fIt not found!
File C:\WINDOWS\temp\Perflib_Perfdata_1e4.dat not found!
File C:\WINDOWS\temp\WFV1.tmp not found!


I still can't run Kaspersky. :sad:

Now what?

Thanks
- Dennie
katana
2009-01-20, 11:51
Let's try a different scan.


Custom CFScript

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:



File::
c:\windows\system32\iKf1F3b8.exe_
c:\windows\system32\iKf1F3b8.exe
c:\windows\system32\sysdebugl.exe
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08A23CDC-F7BC-663C-0404-040004010101}]
ADS::
Save this as CFScript.txt and place it on your desktop.


http://i51.photobucket.com/albums/f387/Katana_1970/CFScriptb.gif


Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.


CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper






Active Scan
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Please go to this site Link >> ActiveScan (http://www.pandasecurity.com/activescan/index/) << LINK

Click the Scan Now button
Follow the prompts to install the Active X if necessary
Go and make a cup of tea/coffee/beverage of your choice and watch some TV :)
When the scan is finished, a report will be generated
Next to Scan Details click the small export to notepad button and save the report to your desktop.
Please post the report in your reply.
Dennie
2009-01-24, 20:49
Katana,

I ran ComboFix with the text script. but had a hard time running Actice Scan
It ran for 24 hours and still wan't finished.
Also, my kids used the computer, installed a game, and surfed the internet.

I cleaned off and reformated an old drive on my comptuer (E) then I ran McAfee virus scan and cleaned off a few detected virus
Then re-ran both ComboFix and Active Scan.

2nd run of ComboFix below...


ComboFix 09-01-21.04 - Mom and Dad 2009-01-23 19:54:48.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.567 [GMT -8:00]
Running from: c:\documents and settings\Mom and Dad\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Mom and Dad\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*
* Created a new restore point

FILE ::
c:\windows\system32\iKf1F3b8.exe
c:\windows\system32\iKf1F3b8.exe_
c:\windows\system32\sysdebugl.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\sysdebugl.exe

.
((((((((((((((((((((((((( Files Created from 2008-12-24 to 2009-01-24 )))))))))))))))))))))))))))))))
.

2009-01-22 20:13 . 2009-01-22 20:13 <DIR> d-------- c:\documents and settings\Mom and Dad\Application Data\Sierra Entertainment
2009-01-22 20:12 . 2009-01-22 20:12 <DIR> dr-h----- c:\documents and settings\Mom and Dad\Application Data\SecuROM
2009-01-21 23:36 . 2009-01-21 23:36 <DIR> d-------- c:\windows\LastGood
2009-01-20 16:46 . 2009-01-20 16:46 <DIR> d-------- c:\program files\Panda Security
2009-01-20 16:46 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2009-01-19 23:33 . 2009-01-19 23:33 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-19 22:31 . 2009-01-19 22:31 <DIR> d-------- C:\_OTMoveIt
2009-01-19 17:59 . 2009-01-19 17:59 <DIR> d-------- c:\windows\system32\AGEIA
2009-01-19 17:59 . 2009-01-19 17:59 <DIR> d-------- c:\program files\AGEIA Technologies
2009-01-19 17:16 . 2009-01-19 17:16 <DIR> d-------- c:\program files\Sierra Entertainment
2009-01-18 17:25 . 2009-01-18 17:25 1,170,392 --a------ c:\windows\Mall Tycoon 2 Uninstaller.exe
2009-01-18 17:23 . 2009-01-18 17:23 <DIR> d-------- c:\program files\Global Star Software
2009-01-18 09:57 . 2006-03-03 08:07 143,360 --a------ c:\windows\system32\dunzip32.dll
2009-01-18 09:57 . 2009-01-23 19:52 8,207 --a------ c:\windows\system32\Config.MPF
2009-01-18 09:54 . 2007-11-22 06:44 201,320 --a------ c:\windows\system32\drivers\mfehidk.sys
2009-01-18 09:54 . 2007-07-13 06:20 113,952 --a------ c:\windows\system32\drivers\Mpfp.sys
2009-01-18 09:54 . 2007-11-22 06:44 79,304 --a------ c:\windows\system32\drivers\mfeavfk.sys
2009-01-18 09:54 . 2007-12-02 12:51 40,488 --a------ c:\windows\system32\drivers\mfesmfk.sys
2009-01-18 09:54 . 2007-11-22 06:44 35,240 --a------ c:\windows\system32\drivers\mfebopk.sys
2009-01-18 09:54 . 2007-11-22 06:44 33,832 --a------ c:\windows\system32\drivers\mferkdk.sys
2009-01-18 09:53 . 2009-01-18 09:54 <DIR> d-------- c:\program files\McAfee.com
2009-01-18 09:53 . 2009-01-18 16:53 <DIR> d-------- c:\program files\McAfee
2009-01-18 09:53 . 2009-01-18 09:54 <DIR> d-------- c:\program files\Common Files\McAfee
2009-01-18 09:33 . 2008-10-16 14:13 202,776 --a------ c:\windows\system32\wuweb.dll
2009-01-18 09:33 . 2008-10-16 14:13 202,776 --a--c--- c:\windows\system32\dllcache\wuweb.dll
2009-01-17 09:49 . 2009-01-17 09:49 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-17 09:49 . 2009-01-17 09:49 <DIR> d-------- c:\documents and settings\Mom and Dad\Application Data\Malwarebytes
2009-01-17 09:49 . 2009-01-17 09:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-17 09:49 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-17 09:49 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-06 21:58 . 2009-01-20 00:47 <DIR> d-------- C:\rsit
2008-12-31 00:29 . 2008-12-31 01:49 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-31 00:29 . 2008-12-31 02:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-31 00:17 . 2008-12-31 00:17 <DIR> d-------- c:\program files\Trend Micro
2008-12-30 22:59 . 2008-12-30 22:59 <DIR> d-------- c:\documents and settings\Mom and Dad\Application Data\Uniblue
2008-12-30 18:55 . 2009-01-19 17:59 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-23 23:56 --------- d-----w c:\program files\DNA
2009-01-20 07:33 --------- d-----w c:\program files\Java
2009-01-20 07:00 --------- d-----w c:\documents and settings\All Users\Application Data\RetroExp
2009-01-20 01:17 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-18 17:56 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2008-12-31 08:21 --------- d-----w c:\program files\Windows Live Toolbar
2008-12-31 07:12 --------- d-----w c:\program files\GemMaster
2008-12-31 05:23 --------- d-----w c:\documents and settings\Mom and Dad\Application Data\McAfee
2008-12-31 04:24 --------- d-----w c:\program files\Lavasoft
2008-12-24 01:18 --------- d-----w c:\program files\LEGO Media
2008-12-20 01:25 --------- d-----w c:\program files\EA SPORTS
2008-12-14 00:28 --------- d-----w c:\program files\Microsoft Games
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-07 20:47 98,304 ----a-w c:\windows\system32CmdLineExt.dll
2008-12-02 05:17 --------- d-----w c:\program files\iTunes
2008-12-02 05:17 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-02 05:16 --------- d-----w c:\program files\iPod
2008-12-02 05:16 --------- d-----w c:\program files\Common Files\Apple
2008-12-02 05:13 --------- d-----w c:\program files\QuickTime
2008-12-01 23:56 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2008-11-26 06:02 --------- d-----w c:\documents and settings\Mom and Dad\Application Data\acccore
2008-11-24 19:16 --------- d-----w c:\program files\Incomplete
2008-11-24 16:34 27,904 ----a-w c:\windows\system32\drivers\ndisprot.sys
2008-11-24 16:01 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-11-24 03:45 34,866 ----a-w c:\windows\zlclien.exe
2008-11-24 00:34 24,576 ----a-w c:\windows\zonealarm.exe
2008-04-05 15:29 0 ----a-w c:\program files\temp01
2007-12-11 03:54 32 ----a-r c:\documents and settings\All Users\hash.dat
.

((((((((((((((((((((((((((((( snapshot@2009-01-18_ 9.33.33.92 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-15 03:27:42 53,248 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2009-01-20 02:01:25 53,248 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2008-03-15 03:27:42 12,800 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2009-01-20 02:01:25 12,800 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2008-03-15 03:27:43 473,600 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2009-01-20 02:01:26 473,600 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2008-03-15 03:27:37 2,676,224 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-01-20 02:01:07 2,676,224 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-03-15 03:27:37 2,846,720 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-01-20 02:01:13 2,846,720 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-03-15 03:27:38 563,712 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-01-20 02:01:16 563,712 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-03-15 03:27:38 567,296 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-01-20 02:01:17 567,296 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-03-15 03:27:39 576,000 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-01-20 02:01:17 576,000 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-03-15 03:27:39 577,024 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-01-20 02:01:18 577,024 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-03-15 03:27:40 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-01-20 02:01:19 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-03-15 03:27:40 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-01-20 02:01:20 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-03-15 03:27:40 578,560 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-01-20 02:01:21 578,560 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-03-15 03:27:43 578,560 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-01-20 02:01:26 578,560 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-03-15 03:27:43 145,920 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2009-01-20 02:01:27 145,920 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2008-03-15 03:27:44 159,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2009-01-20 02:01:28 159,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2008-03-15 03:27:44 364,544 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2009-01-20 02:01:28 364,544 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2008-03-15 03:27:45 178,176 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2009-01-20 02:01:29 178,176 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2008-03-15 03:27:41 223,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2009-01-20 02:01:24 223,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2008-06-30 18:39:58 128,256 ----a-w c:\windows\Downloaded Program Files\as2stubie.dll
+ 2008-06-30 18:39:58 128,256 ----a-w c:\windows\Downloaded Program Files\CONFLICT.1\as2stubie.dll
+ 2008-08-26 07:24:28 124,928 -c----w c:\windows\ie7updates\KB958215-IE7\advpack.dll
+ 2008-08-26 07:24:28 347,136 -c----w c:\windows\ie7updates\KB958215-IE7\dxtmsft.dll
+ 2008-08-26 07:24:28 214,528 -c----w c:\windows\ie7updates\KB958215-IE7\dxtrans.dll
+ 2008-08-26 07:24:28 133,120 -c----w c:\windows\ie7updates\KB958215-IE7\extmgr.dll
+ 2008-08-26 07:24:28 63,488 -c----w c:\windows\ie7updates\KB958215-IE7\icardie.dll
+ 2008-08-25 08:37:59 70,656 -c----w c:\windows\ie7updates\KB958215-IE7\ie4uinit.exe
+ 2008-08-26 07:24:28 153,088 -c----w c:\windows\ie7updates\KB958215-IE7\ieakeng.dll
+ 2008-08-26 07:24:28 230,400 -c----w c:\windows\ie7updates\KB958215-IE7\ieaksie.dll
+ 2008-08-23 05:54:51 161,792 -c----w c:\windows\ie7updates\KB958215-IE7\ieakui.dll
+ 2008-08-26 07:24:28 383,488 -c----w c:\windows\ie7updates\KB958215-IE7\ieapfltr.dll
+ 2008-08-26 07:24:29 384,512 -c----w c:\windows\ie7updates\KB958215-IE7\iedkcs32.dll
+ 2008-10-03 17:41:15 6,066,176 -c----w c:\windows\ie7updates\KB958215-IE7\ieframe.dll
+ 2008-08-26 07:24:29 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\iernonce.dll
+ 2008-08-26 07:24:29 267,776 -c----w c:\windows\ie7updates\KB958215-IE7\iertutil.dll
+ 2008-08-25 08:38:00 13,824 -c----w c:\windows\ie7updates\KB958215-IE7\ieudinit.exe
+ 2008-08-23 05:56:15 635,848 -c----w c:\windows\ie7updates\KB958215-IE7\iexplore.exe
+ 2008-08-26 07:24:30 27,648 -c----w c:\windows\ie7updates\KB958215-IE7\jsproxy.dll
+ 2008-08-26 07:24:30 459,264 -c----w c:\windows\ie7updates\KB958215-IE7\msfeeds.dll
+ 2008-08-26 07:24:30 52,224 -c----w c:\windows\ie7updates\KB958215-IE7\msfeedsbs.dll
+ 2008-08-26 07:24:30 477,696 -c----w c:\windows\ie7updates\KB958215-IE7\mshtmled.dll
+ 2008-08-26 07:24:30 193,024 -c----w c:\windows\ie7updates\KB958215-IE7\msrating.dll
+ 2008-08-26 07:24:30 671,232 -c----w c:\windows\ie7updates\KB958215-IE7\mstime.dll
+ 2008-08-26 07:24:30 102,912 -c----w c:\windows\ie7updates\KB958215-IE7\occache.dll
+ 2008-08-26 07:24:30 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\updspapi.dll
+ 2008-08-26 07:24:30 105,984 -c----w c:\windows\ie7updates\KB958215-IE7\url.dll
+ 2008-08-26 07:24:31 1,159,680 -c----w c:\windows\ie7updates\KB958215-IE7\urlmon.dll
+ 2008-08-26 07:24:31 233,472 -c----w c:\windows\ie7updates\KB958215-IE7\webcheck.dll
+ 2008-08-26 07:24:31 826,368 -c----w c:\windows\ie7updates\KB958215-IE7\wininet.dll
+ 2008-08-27 08:24:32 3,593,216 -c----w c:\windows\ie7updates\KB960714-IE7\mshtml.dll
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:47 371,424 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\updspapi.dll
- 2008-11-19 05:21:17 38,240 ----a-r c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2009-01-18 17:45:38 38,240 ----a-r c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2008-11-19 05:20:55 12,288 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-01-18 17:45:30 12,288 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-11-19 05:20:55 135,168 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2009-01-18 17:45:30 135,168 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-11-19 05:20:55 11,264 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-01-18 17:45:30 11,264 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-11-19 05:20:55 27,136 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2009-01-18 17:45:30 27,136 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-11-19 05:20:55 4,096 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-01-18 17:45:30 4,096 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-11-19 05:20:55 794,624 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2009-01-18 17:45:30 794,624 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-11-19 05:20:55 23,040 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2009-01-18 17:45:30 23,040 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-11-19 05:20:55 286,720 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-01-18 17:45:30 286,720 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-11-19 05:20:55 409,600 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2009-01-18 17:45:30 409,600 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2004-09-29 19:38:58 2,676,224 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3DX.dll
+ 2004-09-29 20:38:58 2,676,224 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3DX.dll
- 2004-12-01 22:53:06 2,846,720 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2903.0\Microsoft.DirectX.Direct3DX.dll
+ 2004-12-01 23:53:06 2,846,720 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2903.0\Microsoft.DirectX.Direct3DX.dll
- 2005-02-06 02:32:54 563,712 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2904.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-02-06 03:32:54 563,712 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2904.0\Microsoft.DirectX.Direct3DX.dll
- 2005-07-23 00:21:34 577,024 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2907.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-07-23 01:21:34 577,024 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2907.0\Microsoft.DirectX.Direct3DX.dll
- 2005-09-28 21:11:52 577,536 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2908.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-09-28 22:11:52 577,536 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2908.0\Microsoft.DirectX.Direct3DX.dll
- 2005-12-06 00:20:50 577,536 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2909.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-12-06 01:20:50 577,536 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2909.0\Microsoft.DirectX.Direct3DX.dll
- 2006-02-03 14:40:48 578,560 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2910.0\Microsoft.DirectX.Direct3DX.dll
+ 2006-02-03 15:40:48 578,560 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2910.0\Microsoft.DirectX.Direct3DX.dll
- 2006-03-31 18:27:50 578,560 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2911.0\Microsoft.DirectX.Direct3DX.dll
+ 2006-03-31 19:27:50 578,560 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2911.0\Microsoft.DirectX.Direct3DX.dll
- 2008-08-26 07:24:28 124,928 ----a-w c:\windows\system32\advpack.dll
+ 2008-10-16 20:38:34 124,928 ----a-w c:\windows\system32\advpack.dll
+ 2007-02-20 22:59:06 53,248 ----a-w c:\windows\system32\AgCPanelFrench.dll
+ 2007-02-20 22:59:06 53,248 ----a-w c:\windows\system32\AgCPanelGerman.dll
+ 2007-02-20 22:59:08 53,248 ----a-w c:\windows\system32\AgCPanelJapanese.dll
+ 2007-02-20 22:59:06 53,248 ----a-w c:\windows\system32\AgCPanelKorean.dll
+ 2007-02-20 22:59:06 53,248 ----a-w c:\windows\system32\AgCPanelPortugese.dll
+ 2007-02-20 22:59:06 53,248 ----a-w c:\windows\system32\AgCPanelSimplifiedChinese.dll
+ 2007-02-20 22:59:04 53,248 ----a-w c:\windows\system32\AgCPanelSpanish.dll
+ 2007-02-20 22:59:06 53,248 ----a-w c:\windows\system32\AgCPanelSwedish.dll
+ 2007-02-20 22:59:06 53,248 ----a-w c:\windows\system32\AgCPanelTraditionalChinese.dll
+ 2007-01-06 04:38:18 198,257 ----a-w c:\windows\system32\AGEIA\app.bin
+ 2007-01-06 04:38:18 122,249 ----a-w c:\windows\system32\AGEIA\diag.bin
- 2008-12-31 05:16:45 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-01-24 00:24:00 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-12-31 05:16:45 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-24 00:24:00 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-02-06 02:45:26 2,222,800 ----a-w c:\windows\system32\d3dx9_24.dll
+ 2005-02-06 03:45:26 2,222,800 ----a-w c:\windows\system32\d3dx9_24.dll
- 2005-07-23 02:59:04 2,319,568 ----a-w c:\windows\system32\d3dx9_27.dll
+ 2005-07-23 03:59:04 2,319,568 ----a-w c:\windows\system32\d3dx9_27.dll
- 2005-12-06 01:09:18 2,323,664 ----a-w c:\windows\system32\d3dx9_28.dll
+ 2005-12-06 02:09:18 2,323,664 ----a-w c:\windows\system32\d3dx9_28.dll
+ 2006-02-03 16:43:16 2,332,368 ----a-w c:\windows\system32\d3dx9_29.dll
- 2006-03-31 19:40:58 2,388,176 ----a-w c:\windows\system32\d3dx9_30.dll
+ 2006-03-31 20:40:58 2,388,176 ----a-w c:\windows\system32\d3dx9_30.dll
- 2008-08-26 07:24:28 124,928 -c----w c:\windows\system32\dllcache\advpack.dll
+ 2008-10-16 20:38:34 124,928 -c----w c:\windows\system32\dllcache\advpack.dll
- 2008-08-26 07:24:28 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-10-16 20:38:34 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll
- 2008-08-26 07:24:28 214,528 -c----w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-10-16 20:38:34 214,528 -c----w c:\windows\system32\dllcache\dxtrans.dll
- 2008-08-26 07:24:28 133,120 -c----w c:\windows\system32\dllcache\extmgr.dll
+ 2008-10-16 20:38:35 133,120 -c----w c:\windows\system32\dllcache\extmgr.dll
+ 2008-10-23 12:36:14 286,720 -c----w c:\windows\system32\dllcache\gdi32.dll
- 2008-08-26 07:24:28 63,488 -c----w c:\windows\system32\dllcache\icardie.dll
+ 2008-10-16 20:38:35 63,488 -c----w c:\windows\system32\dllcache\icardie.dll
- 2008-08-25 08:37:59 70,656 -c----w c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-10-16 13:11:09 70,656 -c----w c:\windows\system32\dllcache\ie4uinit.exe
- 2008-08-26 07:24:28 153,088 -c----w c:\windows\system32\dllcache\ieakeng.dll
+ 2008-10-16 20:38:35 153,088 -c----w c:\windows\system32\dllcache\ieakeng.dll
- 2008-08-26 07:24:28 230,400 -c----w c:\windows\system32\dllcache\ieaksie.dll
+ 2008-10-16 20:38:35 230,400 -c----w c:\windows\system32\dllcache\ieaksie.dll
- 2008-08-23 05:54:51 161,792 -c----w c:\windows\system32\dllcache\ieakui.dll
+ 2008-10-15 07:04:53 161,792 -c----w c:\windows\system32\dllcache\ieakui.dll
- 2008-08-26 07:24:28 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
+ 2008-10-16 20:38:35 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
- 2008-08-26 07:24:29 384,512 -c----w c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-10-16 20:38:35 384,512 -c----w c:\windows\system32\dllcache\iedkcs32.dll
- 2008-10-03 17:41:15 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll
+ 2008-10-16 20:38:37 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll
- 2008-08-26 07:24:29 44,544 -c----w c:\windows\system32\dllcache\iernonce.dll
+ 2008-10-16 20:38:37 44,544 -c----w c:\windows\system32\dllcache\iernonce.dll
- 2008-08-26 07:24:29 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll
+ 2008-10-16 20:38:37 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll
- 2008-08-25 08:38:00 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe
+ 2008-10-16 13:11:09 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe
- 2008-08-23 05:56:15 635,848 -c----w c:\windows\system32\dllcache\iexplore.exe
+ 2008-10-15 07:06:26 633,632 -c----w c:\windows\system32\dllcache\iexplore.exe
- 2008-08-26 07:24:30 27,648 -c----w c:\windows\system32\dllcache\jsproxy.dll
+ 2008-10-16 20:38:37 27,648 -c----w c:\windows\system32\dllcache\jsproxy.dll
- 2004-08-10 12:00:00 94,208 -c--a-w c:\windows\system32\dllcache\logagent.exe
+ 2008-06-10 17:17:42 96,768 -c--a-w c:\windows\system32\dllcache\logagent.exe
- 2008-08-26 07:24:30 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll
+ 2008-10-16 20:38:37 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll
- 2008-08-26 07:24:30 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-10-16 20:38:37 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-08-27 08:24:32 3,593,216 -c----w c:\windows\system32\dllcache\mshtml.dll
+ 2008-12-13 06:40:02 3,593,216 -c----w c:\windows\system32\dllcache\mshtml.dll
- 2008-08-26 07:24:30 477,696 -c----w c:\windows\system32\dllcache\mshtmled.dll
+ 2008-10-16 20:38:38 477,696 -c----w c:\windows\system32\dllcache\mshtmled.dll
- 2008-08-26 07:24:30 193,024 -c----w c:\windows\system32\dllcache\msrating.dll
+ 2008-10-16 20:38:38 193,024 -c----w c:\windows\system32\dllcache\msrating.dll
- 2008-08-26 07:24:30 671,232 -c----w c:\windows\system32\dllcache\mstime.dll
+ 2008-10-16 20:38:39 671,232 -c----w c:\windows\system32\dllcache\mstime.dll
- 2008-08-26 07:24:30 102,912 -c----w c:\windows\system32\dllcache\occache.dll
+ 2008-10-16 20:38:39 102,912 -c----w c:\windows\system32\dllcache\occache.dll
- 2008-08-26 07:24:30 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll
+ 2008-10-16 20:38:39 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll
- 2008-09-08 10:41:42 333,824 -c----w c:\windows\system32\dllcache\srv.sys
+ 2008-12-11 10:57:09 333,952 -c----w c:\windows\system32\dllcache\srv.sys
- 2008-04-14 00:12:07 246,814 -c--a-w c:\windows\system32\dllcache\strmdll.dll
+ 2008-10-03 10:02:42 247,326 -c--a-w c:\windows\system32\dllcache\strmdll.dll
- 2008-08-26 07:24:30 105,984 -c----w c:\windows\system32\dllcache\url.dll
+ 2008-10-16 20:38:39 105,984 -c----w c:\windows\system32\dllcache\url.dll
- 2008-08-26 07:24:31 1,159,680 -c----w c:\windows\system32\dllcache\urlmon.dll
+ 2008-10-16 20:38:39 1,160,192 -c----w c:\windows\system32\dllcache\urlmon.dll
- 2008-08-26 07:24:31 233,472 -c----w c:\windows\system32\dllcache\webcheck.dll
+ 2008-10-16 20:38:39 233,472 -c----w c:\windows\system32\dllcache\webcheck.dll
- 2008-08-26 07:24:31 826,368 -c----w c:\windows\system32\dllcache\wininet.dll
+ 2008-10-16 20:38:40 826,368 -c----w c:\windows\system32\dllcache\wininet.dll
- 2004-08-10 12:00:00 1,023,488 -c--a-w c:\windows\system32\dllcache\wmnetmgr.dll
+ 2008-06-10 19:37:02 1,026,048 -c--a-w c:\windows\system32\dllcache\WMNetmgr.dll
- 2006-12-07 06:40:49 2,362,184 -c--a-w c:\windows\system32\dllcache\wmvcore.dll
+ 2008-06-10 19:57:40 2,364,472 -c--a-w c:\windows\system32\dllcache\WMVCore.dll
+ 2006-11-09 19:29:12 110,336 -c--a-r c:\windows\system32\DRVSTORE\athena_6BDC51EC34901E554F7E8DCB20A16311375D6D33\athena.sys
- 2008-08-26 07:24:28 347,136 ----a-w c:\windows\system32\dxtmsft.dll
+ 2008-10-16 20:38:34 347,136 ----a-w c:\windows\system32\dxtmsft.dll
- 2008-08-26 07:24:28 214,528 ----a-w c:\windows\system32\dxtrans.dll
+ 2008-10-16 20:38:34 214,528 ----a-w c:\windows\system32\dxtrans.dll
- 2008-08-26 07:24:28 133,120 ------w c:\windows\system32\extmgr.dll
+ 2008-10-16 20:38:35 133,120 ------w c:\windows\system32\extmgr.dll
- 2008-10-19 21:47:40 139,648 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-01-20 08:12:41 139,648 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2008-04-14 00:11:54 285,184 ----a-w c:\windows\system32\gdi32.dll
+ 2008-10-23 12:36:14 286,720 ----a-w c:\windows\system32\gdi32.dll
- 2008-08-26 07:24:28 63,488 ----a-w c:\windows\system32\icardie.dll
+ 2008-10-16 20:38:35 63,488 ----a-w c:\windows\system32\icardie.dll
- 2008-08-25 08:37:59 70,656 ------w c:\windows\system32\ie4uinit.exe
+ 2008-10-16 13:11:09 70,656 ------w c:\windows\system32\ie4uinit.exe
- 2008-08-26 07:24:28 153,088 ------w c:\windows\system32\ieakeng.dll
+ 2008-10-16 20:38:35 153,088 ------w c:\windows\system32\ieakeng.dll
- 2008-08-26 07:24:28 230,400 ------w c:\windows\system32\ieaksie.dll
+ 2008-10-16 20:38:35 230,400 ------w c:\windows\system32\ieaksie.dll
- 2008-08-23 05:54:51 161,792 ------w c:\windows\system32\ieakui.dll
+ 2008-10-15 07:04:53 161,792 ------w c:\windows\system32\ieakui.dll
- 2008-08-26 07:24:28 383,488 ----a-w c:\windows\system32\ieapfltr.dll
+ 2008-10-16 20:38:35 383,488 ----a-w c:\windows\system32\ieapfltr.dll
- 2008-08-26 07:24:29 384,512 ------w c:\windows\system32\iedkcs32.dll
+ 2008-10-16 20:38:35 384,512 ------w c:\windows\system32\iedkcs32.dll
- 2008-10-03 17:41:15 6,066,176 ----a-w c:\windows\system32\ieframe.dll
+ 2008-10-16 20:38:37 6,066,176 ----a-w c:\windows\system32\ieframe.dll
- 2008-08-26 07:24:29 44,544 ------w c:\windows\system32\iernonce.dll
+ 2008-10-16 20:38:37 44,544 ------w c:\windows\system32\iernonce.dll
- 2008-08-26 07:24:29 267,776 ----a-w c:\windows\system32\iertutil.dll
+ 2008-10-16 20:38:37 267,776 ----a-w c:\windows\system32\iertutil.dll
- 2008-08-25 08:38:00 13,824 ----a-w c:\windows\system32\ieudinit.exe
+ 2008-10-16 13:11:09 13,824 ----a-w c:\windows\system32\ieudinit.exe
- 2007-09-25 06:30:28 135,168 ----a-w c:\windows\system32\java.exe
+ 2009-01-20 07:33:06 144,792 ----a-w c:\windows\system32\java.exe
- 2007-09-25 06:30:30 135,168 ----a-w c:\windows\system32\javaw.exe
+ 2009-01-20 07:33:06 144,792 ----a-w c:\windows\system32\javaw.exe
- 2007-09-25 07:31:42 139,264 ----a-w c:\windows\system32\javaws.exe
+ 2009-01-20 07:33:06 148,888 ----a-w c:\windows\system32\javaws.exe
- 2008-08-26 07:24:30 27,648 ------w c:\windows\system32\jsproxy.dll
+ 2008-10-16 20:38:37 27,648 ----a-w c:\windows\system32\jsproxy.dll
- 2004-08-10 12:00:00 94,208 ----a-w c:\windows\system32\logagent.exe
+ 2008-06-10 17:17:42 96,768 ----a-w c:\windows\system32\logagent.exe
- 2008-11-04 00:10:25 17,318,336 ----a-w c:\windows\system32\MRT.exe
+ 2009-01-10 01:35:30 20,853,704 ----a-w c:\windows\system32\MRT.exe
- 2008-08-26 07:24:30 459,264 ----a-w c:\windows\system32\msfeeds.dll
+ 2008-10-16 20:38:37 459,264 ----a-w c:\windows\system32\msfeeds.dll
- 2008-08-26 07:24:30 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
+ 2008-10-16 20:38:37 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
- 2008-08-27 08:24:32 3,593,216 ----a-w c:\windows\system32\mshtml.dll
+ 2008-12-13 06:40:02 3,593,216 ----a-w c:\windows\system32\mshtml.dll
- 2008-08-26 07:24:30 477,696 ----a-w c:\windows\system32\mshtmled.dll
+ 2008-10-16 20:38:38 477,696 ----a-w c:\windows\system32\mshtmled.dll
- 2008-08-26 07:24:30 193,024 ------w c:\windows\system32\msrating.dll
+ 2008-10-16 20:38:38 193,024 ------w c:\windows\system32\msrating.dll
- 2008-08-26 07:24:30 671,232 ------w c:\windows\system32\mstime.dll
+ 2008-10-16 20:38:39 671,232 ------w c:\windows\system32\mstime.dll
- 2008-08-26 07:24:30 102,912 ------w c:\windows\system32\occache.dll
+ 2008-10-16 20:38:39 102,912 ------w c:\windows\system32\occache.dll
+ 2007-03-26 18:45:18 71,208 ----a-w c:\windows\system32\PhysXLoader.dll
- 2008-08-26 07:24:30 44,544 ----a-w c:\windows\system32\pngfilt.dll
+ 2008-10-16 20:38:39 44,544 ----a-w c:\windows\system32\pngfilt.dll
- 2008-07-08 13:02:01 17,272 ------w c:\windows\system32\spmsg.dll
+ 2007-11-30 12:39:22 17,272 ------w c:\windows\system32\spmsg.dll
- 2008-04-14 00:12:07 246,814 ----a-w c:\windows\system32\strmdll.dll
+ 2008-10-03 10:02:42 247,326 ----a-w c:\windows\system32\strmdll.dll
- 2008-04-14 00:12:38 60,416 ------w c:\windows\system32\tzchange.exe
+ 2008-10-23 10:06:59 62,976 ------w c:\windows\system32\tzchange.exe
- 2008-08-26 07:24:30 105,984 ----a-w c:\windows\system32\url.dll
+ 2008-10-16 20:38:39 105,984 ----a-w c:\windows\system32\url.dll
- 2008-08-26 07:24:31 1,159,680 ----a-w c:\windows\system32\urlmon.dll
+ 2008-10-16 20:38:39 1,160,192 ----a-w c:\windows\system32\urlmon.dll
- 2008-08-26 07:24:31 233,472 ----a-w c:\windows\system32\webcheck.dll
+ 2008-10-16 20:38:39 233,472 ----a-w c:\windows\system32\webcheck.dll
- 2008-08-26 07:24:31 826,368 ----a-w c:\windows\system32\wininet.dll
+ 2008-10-16 20:38:40 826,368 ----a-w c:\windows\system32\wininet.dll
- 2004-08-10 12:00:00 1,023,488 ----a-w c:\windows\system32\wmnetmgr.dll
+ 2008-06-10 19:37:02 1,026,048 ----a-w c:\windows\system32\WMNetmgr.dll
- 2006-12-07 06:40:49 2,362,184 ----a-w c:\windows\system32\wmvcore.dll
+ 2008-06-10 19:57:40 2,364,472 ----a-w c:\windows\system32\WMVCore.dll
- 2006-02-03 15:41:26 14,032 ----a-w c:\windows\system32\x3daudio1_0.dll
+ 2006-02-03 16:41:26 14,032 ----a-w c:\windows\system32\x3daudio1_0.dll
- 2006-02-03 15:42:06 230,096 ----a-w c:\windows\system32\xactengine2_0.dll
+ 2006-02-03 16:42:06 230,096 ----a-w c:\windows\system32\xactengine2_0.dll
- 2006-03-31 19:39:48 229,584 ----a-w c:\windows\system32\xactengine2_1.dll
+ 2006-03-31 20:39:48 229,584 ----a-w c:\windows\system32\xactengine2_1.dll
- 2006-03-31 19:39:24 62,672 ----a-w c:\windows\system32\xinput1_1.dll
+ 2006-03-31 20:39:24 62,672 ----a-w c:\windows\system32\xinput1_1.dll
+ 2005-12-06 02:07:30 61,136 ----a-w c:\windows\system32\xinput9_1_0.dll
+ 2009-01-22 07:16:03 16,384 ----atw c:\windows\temp\Perflib_Perfdata_738.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-19 136600]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 21:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-11-07 14:16 111936 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2006-02-09 21:05 344064 c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 16:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]
--a------ 2008-08-13 17:32 206064 c:\program files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
--a------ 2007-11-15 09:24 16384 c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2004-08-10 04:04 59392 c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxtorOneTouch]
--a------ 2004-12-22 08:21 823296 c:\program files\Maxtor\OneTouch\Utils\OneTouch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RetroExpress]
--a------ 2004-07-30 15:47 6946816 c:\progra~1\Dantz\RETROS~1\RetroExpress.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-09-16 12:16 1833296 c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 c:\program files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a------ 2004-01-07 01:01 110592 c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a------ 2005-03-22 17:20 339968 c:\windows\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"McAfee SystemGuards (McSysmon) "=2 (0x2)
"Logical Disk Manager (dmserver) "=2 (0x2)
"HTTP SSL (HTTPFilter) "=2 (0x2)
"Ati HotKey Poller (Ati HotKey Poller) "=2 (0x2)
"Apple Mobile Device (Apple Mobile Device) "=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"c:\\Program Files\\Common Files\\PocketSoft\\RTPatch\\AutoRTP\\artpschd.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Republic Commando\\GameData\\System\\SWRepublicCommando.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Atari\\Civilization III\\Civ3PTW\\Civilization3X.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Empire at War Forces of Corruption\\swfoc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Sierra\\Empire Earth Demo\\Empire Earth.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Sierra Entertainment\\Empire Earth III\\EE3.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-01-20 28544]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-05-06 24652]
R4 X4HSX32Ex;X4HSX32Ex;c:\program files\Free Ride Games\X4HSX32Ex.sys [2008-03-01 29856]
S3 Ndisprot;ArcNet NDIS Protocol Driver;c:\windows\system32\drivers\ndisprot.sys [2008-11-24 27904]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MCODS
*NewlyCreated* - PAVBOOT
.
Contents of the 'Scheduled Tasks' folder

2009-01-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-01-24 c:\windows\Tasks\B30620B29115D1C6.job
- c:\docume~1\scott\applic~1\sixthu~1\Thunk iso acid.exe []

2009-01-24 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

2009-01-18 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2009-01-18 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local;<local>
FF - ProfilePath - c:\documents and settings\Mom and Dad\Application Data\Mozilla\Firefox\Profiles\zz1guznb.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 7070
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-23 19:58:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1004336348-1580436667-725345543-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:67,c6,f1,07,40,ac,0d,5d,82,c1,48,3d,90,34,7d,6d,df,d3,62,8b,46,94,b8,
34,ff,e6,c6,66,67,5f,5a,72,d5,66,99,ab,46,e3,2d,e7,92,5d,b6,e7,a1,b5,78,e4,\
"??"=hex:11,0b,79,0e,e5,0a,4f,59,de,d4,17,ce,55,2a,1d,da

[HKEY_USERS\S-1-5-21-1004336348-1580436667-725345543-1006\Software\SecuROM\License information*]
"datasecu"=hex:d5,e5,dc,a0,d7,f3,82,84,26,44,1f,b9,22,9c,48,63,8f,3b,f9,53,4f,
2d,6b,77,72,97,c0,1f,31,97,5d,ee,be,47,ec,31,02,80,c9,a5,b7,ff,ca,06,2d,fa,\
"rkeysecu"=hex:89,ac,04,a5,f4,e0,3d,b5,d5,50,fc,95,20,e8,03,4c
.
Completion time: 2009-01-23 20:01:29
ComboFix-quarantined-files.txt 2009-01-24 04:01:26
ComboFix2.txt 2009-01-21 00:42:18
ComboFix3.txt 2009-01-18 17:34:25

Pre-Run: 222,943,756,288 bytes free
Post-Run: 223,030,923,264 bytes free

521 --- E O F --- 2009-01-18 17:45:39


Post is too long so I will include the resuts of Active Scan in the next post.

- Dennie;
Dennie
2009-01-24, 20:51
Results of Active Scan...

;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-01-24 01:04:35
PROTECTIONS: 2
MALWARE: 64
SUSPECTS: 3
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
McAfee Internet Security Suite 2007 8.1 No Yes
McAfee VirusScan Plus 12.1 No No
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Ryan\Cookies\ryan@trafficmp[1].txt
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Scott\Cookies\scott@trafficmp[1].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Scott\Cookies\scott@casalemedia[4].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Ryan\Cookies\ryan@casalemedia[3].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Scott\Cookies\scott@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Scott\Cookies\scott@doubleclick[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Jennifer\Cookies\jennifer@doubleclick[3].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Ryan\Cookies\ryan@doubleclick[6].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Ryan\Cookies\ryan@doubleclick[4].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Ryan\Cookies\ryan@doubleclick[3].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Jennifer\Cookies\jennifer@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Scott\Cookies\scott@doubleclick[3].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Scott\Cookies\scott@atdmt[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Scott\Cookies\scott@atdmt[3].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Scott\Cookies\scott@atdmt[7].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Scott\Cookies\scott@atdmt[6].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Ryan\Cookies\ryan@atdmt[3].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Ryan\Cookies\ryan@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Scott\Cookies\scott@atdmt[4].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Scott\Cookies\scott@tradedoubler[2].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Scott\Cookies\scott@247realmedia[2].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Ryan\Cookies\ryan@fastclick[2].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Jennifer\Cookies\jennifer@fastclick[2].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Jennifer\Cookies\jennifer@fastclick[3].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Jennifer\Cookies\jennifer@fastclick[4].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Ryan\Cookies\ryan@fastclick[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Scott\Cookies\scott@fastclick[2].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Scott\Cookies\scott@fastclick[3].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Scott\Cookies\scott@fastclick[4].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Scott\Cookies\scott@tribalfusion[6].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Ryan\Cookies\ryan@tribalfusion[4].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Scott\Cookies\scott@tribalfusion[4].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Scott\Cookies\scott@tribalfusion[5].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Scott\Cookies\scott@mediaplex[1].txt
00147424 Cookie/Luckynugget TrackingCookie No 0 Yes No C:\Documents and Settings\Scott\Cookies\scott@www.luckynugget[2].txt
00147424 Cookie/Luckynugget TrackingCookie No 0 Yes No C:\Documents and Settings\Ryan\Cookies\ryan@www.luckynugget[2].txt
00147796 Cookie/Entrepreneur TrackingCookie No 0 Yes No F:\C_drive stuff\Documents and Settings\Ryan\Cookies\ryan@entrepreneur[1].txt
00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\Documents and Settings\Scott\Cookies\scott@clickbank[3].txt
00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\Documents and Settings\Scott\Cookies\scott@clickbank[1].txt
00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\Documents and Settings\Ryan\Cookies\ryan@clickbank[1].txt
00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\Documents and Settings\Jennifer\Cookies\jennifer@clickbank[1].txt
00149116 Cookie/Ccbill TrackingCookie No 0 Yes No F:\C_drive stuff\Documents and Settings\Ryan\Cookies\ryan@ccbill[1].txt
00160284 Cookie/Findwhat TrackingCookie No 0 Yes No C:\Documents and Settings\Scott\Cookies\scott@findwhat[3].txt
00160284 Cookie/Findwhat TrackingCookie No 0 Yes No C:\Documents and Settings\Ryan\Cookies\ryan@findwhat[1].txt
00160284 Cookie/Findwhat TrackingCookie No 0 Yes No C:\Documents and Settings\Scott\Cookies\scott@findwhat[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Scott\Cookies\scott@com[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No F:\C_drive stuff\Documents and Settings\Ryan\Cookies\ryan@xiti[1].txt
00167744 Cookie/GoStats TrackingCookie No 0 Yes No C:\Documents and Settings\Scott\Cookies\scott@gostats[2].txt
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\Ryan\Cookies\ryan@azjmp[3].txt
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\Scott\Cookies\scott@azjmp[4].txt
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\Scott\Cookies\scott@azjmp[2].txt
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\Scott\Cookies\scott@azjmp[1].txt
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\Jennifer\Cookies\jennifer@azjmp[2].txt
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\Jennifer\Cookies\jennifer@azjmp[1].txt
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No F:\C_drive stuff\Documents and Settings\Ryan\Cookies\ryan@azjmp[2].txt
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\Ryan\Cookies\ryan@azjmp[2].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No F:\C_drive stuff\Documents and Settings\Ryan\Cookies\ryan@toplist[1].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\Scott\Cookies\scott@toplist[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Scott\Cookies\scott@ad.yieldmanager[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Ryan\Cookies\ryan@ad.yieldmanager[3].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Jennifer\Cookies\jennifer@ad.yieldmanager[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Scott\Cookies\scott@ad.yieldmanager[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Scott\Cookies\scott@ad.yieldmanager[3].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Scott\Cookies\scott@ad.yieldmanager[5].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@ad.yieldmanager[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Jennifer\Cookies\jennifer@ad.yieldmanager[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@ad.yieldmanager[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Scott\Cookies\scott@apmebf[4].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Scott\Cookies\scott@apmebf[3].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Ryan\Cookies\ryan@apmebf[5].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Scott\Cookies\scott@apmebf[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Scott\Cookies\scott@apmebf[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Ryan\Cookies\ryan@apmebf[4].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Ryan\Cookies\ryan@apmebf[3].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Ryan\Cookies\ryan@apmebf[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Jennifer\Cookies\jennifer@apmebf[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Ryan\Cookies\ryan@apmebf[6].txt
00168068 Cookie/Lop TrackingCookie No 0 Yes No C:\Documents and Settings\Jennifer\Cookies\jennifer@www.lop[2].txt
00168068 Cookie/Lop TrackingCookie No 0 Yes No C:\Documents and Settings\Ryan\Cookies\ryan@www.lop[2].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Ryan\Cookies\ryan@burstnet[3].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Scott\Cookies\scott@burstnet[1].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Ryan\Cookies\ryan@burstnet[5].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Jennifer\Cookies\jennifer@burstnet[3].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Ryan\Cookies\ryan@burstnet[1].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Scott\Cookies\scott@burstnet[3].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@serving-sys[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Scott\Cookies\scott@serving-sys[3].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Scott\Cookies\scott@serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Scott\Cookies\scott@bs.serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Scott\Cookies\scott@bs.serving-sys[3].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@bs.serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Ryan\Cookies\ryan@bs.serving-sys[1].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Scott\Cookies\scott@www.burstbeacon[2].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Jennifer\Cookies\jennifer@www.burstbeacon[1].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No F:\C_drive stuff\Documents and Settings\Ryan\Cookies\ryan@www.burstbeacon[2].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Ryan\Cookies\ryan@www.burstbeacon[1].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Scott\Cookies\scott@www.burstbeacon[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Scott\Cookies\scott@advertising[4].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Scott\Cookies\scott@advertising[5].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Scott\Cookies\scott@advertising[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Ryan\Cookies\ryan@advertising[3].txt
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Scott\Cookies\scott@media.adrevolver[4].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Ryan\Cookies\ryan@statse.webtrendslive[2].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Scott\Cookies\scott@statse.webtrendslive[2].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Scott\Cookies\scott@ads.pointroll[2].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Ryan\Cookies\ryan@ads.pointroll[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Scott\Cookies\scott@ads.pointroll[3].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Scott\Cookies\scott@overture[5].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Scott\Cookies\scott@overture[4].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Ryan\Cookies\ryan@overture[4].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Scott\Cookies\scott@realmedia[2].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Scott\Cookies\scott@realmedia[1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Ryan\Cookies\ryan@realmedia[2].txt
00171633 Cookie/Cgi-bin TrackingCookie No 0 Yes No F:\C_drive stuff\Documents and Settings\Ryan\Cookies\ryan@cgi-bin[1].txt
00171633 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Scott\Cookies\scott@www5.addfreestats[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Scott\Cookies\scott@questionmarket[3].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Ryan\Cookies\ryan@questionmarket[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Scott\Cookies\scott@questionmarket[5].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Ryan\Cookies\ryan@questionmarket[2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Scott\Cookies\scott@questionmarket[4].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Scott\Cookies\scott@questionmarket[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Ryan\Cookies\ryan@zedo[3].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Ryan\Cookies\ryan@zedo[1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Scott\Cookies\scott@zedo[3].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Scott\Cookies\scott@zedo[1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Jennifer\Cookies\jennifer@zedo[2].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Jennifer\Cookies\jennifer@adrevolver[2].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Scott\Cookies\scott@adrevolver[3].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Scott\Cookies\scott@adultfriendfinder[1].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Ryan\Cookies\ryan@adultfriendfinder[2].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Ryan\Cookies\ryan@adultfriendfinder[3].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Scott\Cookies\scott@adultfriendfinder[2].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Jennifer\Cookies\jennifer@adultfriendfinder[1].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Ryan\Cookies\ryan@adultfriendfinder[1].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Ryan\Cookies\ryan@go[2].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Scott\Cookies\scott@go[1].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No F:\C_drive stuff\Documents and Settings\Ryan\Cookies\ryan@go[2].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Ryan\Cookies\ryan@go[1].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No F:\C_drive stuff\Documents and Settings\Ryan\Cookies\ryan@target[2].txt
00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\Jennifer\Cookies\jennifer@did-it[1].txt
00207862 Cookie/did-it TrackingCookie No 0 Yes No F:\C_drive stuff\Documents and Settings\Ryan\Cookies\ryan@did-it[1].txt
00216065 Cookie/Screensavers TrackingCookie No 0 Yes No F:\C_drive stuff\Documents and Settings\Ryan\Cookies\ryan@i.screensavers[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Jennifer\Cookies\jennifer@atwola[5].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Jennifer\Cookies\jennifer@atwola[3].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Ryan\Cookies\ryan@atwola[2].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Ryan\Cookies\ryan@atwola[3].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Ryan\Cookies\ryan@atwola[4].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Jennifer\Cookies\jennifer@atwola[4].txt
00262024 Cookie/ErrorSafe TrackingCookie No 0 Yes No F:\C_drive stuff\Documents and Settings\Ryan\Cookies\ryan@www.errorsafe[2].txt
00262025 Cookie/ErrorSafe TrackingCookie No 0 Yes No F:\C_drive stuff\Documents and Settings\Ryan\Cookies\ryan@errorsafe[2].txt
00286738 Cookie/Cgi-bin TrackingCookie No 0 Yes No F:\C_drive stuff\Documents and Settings\Ryan\Cookies\ryan@cgi-bin[3].txt
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\Ryan\Cookies\ryan@ads.addynamix[3].txt
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\Ryan\Cookies\ryan@ads.addynamix[2].txt
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\Scott\Cookies\scott@ads.addynamix[1].txt
00296582 Cookie/DriveCleaner TrackingCookie No 0 Yes No F:\C_drive stuff\Documents and Settings\Ryan\Cookies\ryan@www.drivecleaner[2].txt
00296583 Cookie/DriveCleaner TrackingCookie No 0 Yes No F:\C_drive stuff\Documents and Settings\Ryan\Cookies\ryan@stats.drivecleaner[2].txt
00296584 Cookie/DriveCleaner TrackingCookie No 0 Yes No F:\C_drive stuff\Documents and Settings\Ryan\Cookies\ryan@drivecleaner[2].txt
00456116 Adware/Antivirus2009 Adware No 0 Yes No C:\Documents and Settings\Ryan\Local Settings\Temporary Internet Files\Content.IE5\H4IXCUX2\freescan[1].htm
00456116 Adware/Antivirus2009 Adware No 0 Yes No C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\3FUG1T01\freescan[1].htm
00456116 Adware/Antivirus2009 Adware No 0 Yes No C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\39F8OM2M\freescan[1].htm
00456116 Adware/Antivirus2009 Adware No 0 Yes No C:\Documents and Settings\Ryan\Local Settings\Temporary Internet Files\Content.IE5\H4IXCUX2\freescan[3].htm
00456116 Adware/Antivirus2009 Adware No 0 Yes No C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\CFX7KWEF\freescan[1].htm
00456116 Adware/Antivirus2009 Adware No 0 Yes No C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\3FUG1T01\freescan[2].htm
00463279 Trj/Zlob.gen Virus/Trojan No 0 Yes No C:\Documents and Settings\Scott\Local Settings\Temp\DivX.Build.1531.0.exe
00472597 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{3566279F-29CF-4BA0-AC10-D1F373F27D83}\RP8\A0010489.dll
00497191 Rootkit/Autorun.AQG HackTools No 1 Yes No C:\Documents and Settings\Ryan\Local Settings\Temp\tmp37.tmp
00497191 Rootkit/Autorun.AQG HackTools No 1 Yes No C:\Documents and Settings\Ryan\Local Settings\Temp\tmp53F.tmp
00527204 Application/PRScheduler HackTools No 0 Yes No C:\Documents and Settings\Ryan\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
00537146 Trj/Zlob.KS Virus/Trojan No 1 Yes No C:\_OTMoveIt\MovedFiles\01192009_231307\windows\system32\iKf1F3b8.exe
01196325 Cookie/Enhance TrackingCookie No 0 Yes No C:\Documents and Settings\Scott\Cookies\scott@enhance[2].txt
01196326 Cookie/GoClick TrackingCookie No 0 Yes No F:\C_drive stuff\Documents and Settings\Ryan\Cookies\ryan@goclick[2].txt
01516044 Generic Malware Virus/Trojan No 0 Yes No C:\Documents and Settings\Ryan\Local Settings\Temp\comver.dll
01606636 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\Scott\Cookies\scott@adserver.easyad[1].txt
02164907 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP69\A0074494.exe
02164907 Generic Malware Virus/Trojan No 0 Yes No F:\C_drive stuff\Program Files\DIGStream\digstream.exe
02900692 Application/Playmp3z HackTools No 0 Yes No F:\_Limewire_Music\max found mission impossible.mp3[Setup.exe]
03074964 Trj/CI.A Virus/Trojan No 0 No No C:\Documents and Settings\Scott\Local Settings\Temp\DivX.Build.1531.0.exe[jah30873.exe]
03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\_OTMoveIt\MovedFiles\01192009_231307\Program Files\smss\smss.exe
04733147 Trj/Redbind.C Virus/Trojan No 1 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\sysdebugl.exe.vir
04733147 Trj/Redbind.C Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{3566279F-29CF-4BA0-AC10-D1F373F27D83}\RP7\A0008404.exe
04733147 Trj/Redbind.C Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{3566279F-29CF-4BA0-AC10-D1F373F27D83}\RP9\A0010551.exe
04733147 Trj/Redbind.C Virus/Trojan No 1 Yes No C:\WINDOWS\zlclien.exe
04733147 Trj/Redbind.C Virus/Trojan No 1 Yes No C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\11WF9X68\Client[1].exe
04761320 Generic Trojan Virus/Trojan No 0 Yes No C:\Documents and Settings\Mom and Dad\Desktop\ComboFix.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
No C:\Documents and Settings\Mom and Dad\Desktop\OTMoveIt3.exe
No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP69\A0073211.exe
No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP69\A0073226.exe
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================


Thanks, Dennie
katana
2009-01-25, 12:20
How are things running now, any problems still ?

OTMoveIt


Double-click OTMoveIt3.exe to run it.
Copy the lines in the codebox below. ( Make sure you include :Processes )



:Processes
:Files
c:\windows\Tasks\B30620B29115D1C6.job
C:\Documents and Settings\Ryan\Local Settings\Temp\comver.dll
C:\Documents and Settings\Ryan\Local Settings\Temp\tmp37.tmp
C:\Documents and Settings\Ryan\Local Settings\Temp\tmp53F.tmp
C:\Documents and Settings\Ryan\Local Settings\Temporary Internet Files\Content.IE5\H4IXCUX2
C:\Documents and Settings\Ryan\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
C:\Documents and Settings\Scott\Local Settings\Temp\DivX.Build.1531.0.exe
C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\11WF9X68
C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\39F8OM2M
C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\3FUG1T01
C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\CFX7KWEF
C:\WINDOWS\zlclien.exe
F:\_Limewire_Music\max found mission impossible.mp3
F:\C_drive stuff\Program Files\DIGStream\digstream.exe




Return to OTMoveIt3, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.


- Close ALL open windows (especially Internet Explorer!)-
Click the red Moveit! button.
Copy everything in the Results window (under the green bar), and paste it in your next reply.
Close OTMoveIt3


If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
tashi
2009-02-02, 23:47
Thank you Katana.