View Full Version : Vitumonde Infection
Hi, I was recently infected with the Virtumonde Trojan, and not understanding virus in general, attempted to remove it myself using Malwarebytes' Anti-Malware and Spybot - Search&Destroy. However, the problem persisted and so I was directed to this site by the Spybot Program. I have read the sticky before posting and assumed I have followed the directions (Backed up registry with ERUNT, and created+posted the most recent HJT Log). Help removing this trojan would be greatly appreciated, thank you very much for your time.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:45:47 PM, on 07/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\SYSTEM32\HAL.DLL\System32\smss.exe
C:\SYSTEM32\HAL.DLL\system32\winlogon.exe
C:\SYSTEM32\HAL.DLL\system32\services.exe
C:\SYSTEM32\HAL.DLL\system32\lsass.exe
C:\SYSTEM32\HAL.DLL\system32\Ati2evxx.exe
C:\SYSTEM32\HAL.DLL\system32\svchost.exe
C:\SYSTEM32\HAL.DLL\System32\svchost.exe
C:\SYSTEM32\HAL.DLL\system32\Ati2evxx.exe
C:\SYSTEM32\HAL.DLL\system32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\SYSTEM32\HAL.DLL\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\SYSTEM32\HAL.DLL\system32\CTsvcCDA.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\SYSTEM32\HAL.DLL\System32\svchost.exe
C:\SYSTEM32\HAL.DLL\system32\MsPMSPSv.exe
C:\SYSTEM32\HAL.DLL\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Messenger\msmsgs.exe
C:\SYSTEM32\HAL.DLL\system32\ctfmon.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\SYSTEM32\HAL.DLL\system32\taskmgr.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\SpywareBlaster\spywareblaster.exe
C:\Program Files\SpywareBlaster\spywareblaster.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Damien\Desktop\HiJackThis.exe
F3 - REG:win.ini: load=""
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {5dab81a3-915e-46b1-9adb-dce1b14680ed} - C:\SYSTEM32\HAL.DLL\system32\jipafofa.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: {e12dfb35-2c33-04b8-6ea4-3199952767fa} - {af767259-9913-4ae6-8b40-33c253bfd21e} - C:\SYSTEM32\HAL.DLL\system32\bbzohc.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\SYSTEM32\HAL.DLL\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [WinampAgent] c:\progra~1\winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [mabozejeki] Rundll32.exe "C:\SYSTEM32\HAL.DLL\system32\modigege.dll",s
O4 - HKCU\..\Run: [Gadwin PrintScreen 2.6] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\dlm.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\SYSTEM32\HAL.DLL\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [Generic Host Process] C:\SYSTEM32\HAL.DLL\system32\scvhost.exe
O4 - HKUS\S-1-5-19\..\Run: [mabozejeki] Rundll32.exe "C:\SYSTEM32\HAL.DLL\system32\modigege.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [mabozejeki] Rundll32.exe "C:\SYSTEM32\HAL.DLL\system32\modigege.dll",s (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\SYSTEM32\HAL.DLL\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\SYSTEM32\HAL.DLL\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://www.gamescampus.com/xiah/luncher/GamesCampus.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://www.epost.ca/printing/smsx.cab
O16 - DPF: {377FF862-62E0-4F33-B6E5-F58E0BC0F209} (NlsComm Component Class) - http://login.hanbiton.com/cab/NLSnSSO.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by118fd.bay118.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} (NMJTransX Control) - http://www.netmarble.jp/_common/cab/NMJTransX.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.cdnetworks.co.jp/cdndist/neffy/NeffyLauncher_v1013.cab
O16 - DPF: {B01AAFA1-2478-44A3-8894-BE4D4C23C271} (HLauncher Control) - http://ge.clubhanbit.jp/launcher/GELauncher.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab
O16 - DPF: {F58E877C-4F14-4805-B2D2-EB48927C7580} (NeffyManSpLauncherCtl Class) - http://dist.cdnetworks.co.kr/cdndist/streamport/SPort.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.2.1.cab
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O18 - Protocol: intu-tw2005 - {409C9F3B-A432-4259-8526-F8F02EB9A652} - C:\Program Files\TAXWIZ 2005\TW2005\ic2005pp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\SYSTEM32\HAL.DLL\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\SYSTEM32\HAL.DLL\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\SYSTEM32\HAL.DLL\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\SYSTEM32\HAL.DLL\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\SYSTEM32\HAL.DLL\system32\Pen_Tablet.exe
--
End of file - 12309 bytes
Hello and welcome to Safer Networking.
My name is peku006 and I will be helping you to remove any infection(s) that you may have.
I will be giving you a series of instructions that need to be followed in the order in which I give them to you.
Please observe these rules while we work:
If you don't know, stop and ask! Don't keep going on.
Please reply to this thread. Do not start a new topic.
Please continue to respond until I give you the "All Clear"
If you follow these instructions, everything should go smoothly.
1 - Scan With ComboFix
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
How to Temporarily Disable Anti-virus (http://www.bleepingcomputer.com/forums/topic114351.html)
Please include the C:\ComboFix.txt in your next reply for further review.
2 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad
3 - Status Check
Please reply with
1. the ComboFix log(C:\ComboFix.txt)
2. a fresh HijackThis log
Thanks peku006
Hello, I tried to follow the steps for running ComboFix.exe and disabled my anti-spyware. However, when I attempted to disable Spybot TeaTimer, it was already disabled in the Resident section and there was no "Teatimer" box in the System Startup list. Also, when I ran ComboFix.exe from the desktop, it appears to run smoothly and then seems to hang after my desktop vanishes. Approximately how long does this step take, I have already let it run for 5 hours and there was no change. Thanks.
Hi 4daVii
five hours is too long :sad:......we can use other tools
1 - Download and Run Malwarebytes' Anti-Malware
Please download Malwarebytes Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) and save it to your desktop.
alternate download link 1 (http://malwarebytes.gt500.org/mbam-setup.exe)
alternate download link 2 (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Double-click on Download_mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
If an update is found, the program will automatically update itself.
Press the OK button to close that box and continue.
If you encounter any problems while downloading the updates, manually download them from here (http://www.malwarebytes.org/mbam/database/mbam-rules.exe) and just double-click on mbam-rules.exe to install.
On the Scanner tab:
Make sure the "Perform full scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
Click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
2 - download and run RSIT
Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt<- (will be maximized) and info.txt<- (will be minimized)
3 - Status Check
Please reply with
1.the logs from RSIT (log.txt ,info.txt)
2. the Malwarebytes' Anti-Malware Log
Thanks peku006
Hi, all three files were too large for one post.
Logfile of random's system information tool 1.05 (written by random/random)
Run by Damien at 2009-03-09 22:22:14
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 32 GB (42%) free of 76 GB
Total RAM: 2303 MB (68% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:22, on 2009-03-09
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\SYSTEM32\HAL.DLL\System32\smss.exe
C:\SYSTEM32\HAL.DLL\system32\winlogon.exe
C:\SYSTEM32\HAL.DLL\system32\services.exe
C:\SYSTEM32\HAL.DLL\system32\lsass.exe
C:\SYSTEM32\HAL.DLL\system32\Ati2evxx.exe
C:\SYSTEM32\HAL.DLL\system32\svchost.exe
C:\SYSTEM32\HAL.DLL\System32\svchost.exe
C:\SYSTEM32\HAL.DLL\system32\Ati2evxx.exe
C:\SYSTEM32\HAL.DLL\system32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\SYSTEM32\HAL.DLL\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\SYSTEM32\HAL.DLL\system32\CTsvcCDA.exe
C:\SYSTEM32\HAL.DLL\system32\PnkBstrA.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\SYSTEM32\HAL.DLL\System32\svchost.exe
C:\SYSTEM32\HAL.DLL\system32\Pen_Tablet.exe
C:\SYSTEM32\HAL.DLL\system32\MsPMSPSv.exe
C:\SYSTEM32\HAL.DLL\Explorer.EXE
C:\SYSTEM32\HAL.DLL\system32\WTablet\Pen_TabletUser.exe
C:\SYSTEM32\HAL.DLL\system32\Pen_Tablet.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\progra~1\winamp\winampa.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Messenger\msmsgs.exe
C:\SYSTEM32\HAL.DLL\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Damien\Desktop\RSIT.exe
C:\Documents and Settings\Damien\Desktop\Damien.exe
F3 - REG:win.ini: load=""
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {f11e4ae0-fa5c-4387-8e12-f2a5ea40af58} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\SYSTEM32\HAL.DLL\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [WinampAgent] c:\progra~1\winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Gadwin PrintScreen 2.6] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\dlm.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\SYSTEM32\HAL.DLL\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [Generic Host Process] C:\SYSTEM32\HAL.DLL\system32\scvhost.exe
O4 - HKUS\S-1-5-19\..\Run: [mabozejeki] Rundll32.exe "C:\SYSTEM32\HAL.DLL\system32\modigege.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [mabozejeki] Rundll32.exe "C:\SYSTEM32\HAL.DLL\system32\modigege.dll",s (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\SYSTEM32\HAL.DLL\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\SYSTEM32\HAL.DLL\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://www.gamescampus.com/xiah/luncher/GamesCampus.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://www.epost.ca/printing/smsx.cab
O16 - DPF: {377FF862-62E0-4F33-B6E5-F58E0BC0F209} (NlsComm Component Class) - http://login.hanbiton.com/cab/NLSnSSO.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by118fd.bay118.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1236619636953
O16 - DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} (NMJTransX Control) - http://www.netmarble.jp/_common/cab/NMJTransX.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.cdnetworks.co.jp/cdndist/neffy/NeffyLauncher_v1013.cab
O16 - DPF: {B01AAFA1-2478-44A3-8894-BE4D4C23C271} (HLauncher Control) - http://ge.clubhanbit.jp/launcher/GELauncher.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab
O16 - DPF: {F58E877C-4F14-4805-B2D2-EB48927C7580} (NeffyManSpLauncherCtl Class) - http://dist.cdnetworks.co.kr/cdndist/streamport/SPort.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.2.1.cab
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O18 - Protocol: intu-tw2005 - {409C9F3B-A432-4259-8526-F8F02EB9A652} - C:\Program Files\TAXWIZ 2005\TW2005\ic2005pp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\SYSTEM32\HAL.DLL\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\SYSTEM32\HAL.DLL\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\SYSTEM32\HAL.DLL\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\SYSTEM32\HAL.DLL\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\SYSTEM32\HAL.DLL\system32\Pen_Tablet.exe
--
End of file - 12947 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f11e4ae0-fa5c-4387-8e12-f2a5ea40af58}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"diagent"=C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe [2002-04-03 135264]
"UpdReg"=C:\SYSTEM32\HAL.DLL\UpdReg.EXE [2000-05-11 90112]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496]
"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2006-09-14 157592]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-10-14 155648]
"PaperPort PTD"=C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2005-03-17 57393]
"IndexSearch"=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2005-03-17 40960]
"BrMfcWnd"=C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2006-03-28 622592]
"SetDefPrt"=C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe [2005-01-26 49152]
"ControlCenter3"=C:\Program Files\Brother\ControlCenter3\brctrcen.exe [2006-04-10 61440]
"SmcService"=C:\PROGRA~1\Sygate\SPF\smc.exe [2004-10-15 2577632]
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2008-01-11 623992]
""= []
"WinampAgent"=c:\progra~1\winamp\winampa.exe [2008-01-15 37376]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"KernelFaultCheck"=C:\SYSTEM32\HAL.DLL\system32\dumprep 0 -k []
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-29 61440]
"SPAMfighter Agent"=C:\Program Files\SPAMfighter\SFAgent.exe [2009-01-28 325768]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-02-11 399504]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Generic Host Process"=C:\SYSTEM32\HAL.DLL\system32\scvhost.exe []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Gadwin PrintScreen 2.6"=C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe [2003-07-16 913408]
"igndlm.exe"=C:\Program Files\IGN\Download Manager\dlm.exe [2008-08-01 1103216]
"Creative Detector"=C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe [2004-12-02 102400]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"ctfmon.exe"=C:\SYSTEM32\HAL.DLL\system32\ctfmon.exe [2008-04-13 15360]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-02-06 3885408]
C:\Documents and Settings\All Users.HAL.DLL\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
Monitor.lnk - C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
NkvMon.exe.lnk - C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Documents and Settings\Damien\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\SYSTEM32\HAL.DLL\system32\Ati2evxx.dll [2008-12-01 143360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\SYSTEM32\HAL.DLL\system32\WgaLogon.dll [2007-02-15 236928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\SYSTEM32\HAL.DLL\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoFolderOptions"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
""=
"NoDriveTypeAutoRun"=
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Documents and Settings\Damien\My Documents\HydraIRC\HydraIRC.exe"="C:\Documents and Settings\Damien\My Documents\HydraIRC\HydraIRC.exe:*:Enabled:HydraIRC"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\BitTorrent\btdownloadgui.exe"="C:\Program Files\BitTorrent\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\Program Files\Wizet\MapleStory\Patcher.exe"="C:\Program Files\Wizet\MapleStory\Patcher.exe:*:Enabled:Patcher MFC ?? ????"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:μTorrent"
"C:\Documents and Settings\Damien\My Documents\Warcraft III\Warcraft III.exe"="C:\Documents and Settings\Damien\My Documents\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Documents and Settings\Damien\Desktop\UT\System\UT2004.exe"="C:\Documents and Settings\Damien\Desktop\UT\System\UT2004.exe:*:Enabled:UT2004"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire"
"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Disabled:LimeWire swarmed installer"
"H:\Steam\SteamApps\4davii\counter-strike source\hl2.exe"="H:\Steam\SteamApps\4davii\counter-strike source\hl2.exe:*:Enabled:hl2"
"H:\Steam\SteamApps\4davii\day of defeat source\hl2.exe"="H:\Steam\SteamApps\4davii\day of defeat source\hl2.exe:*:Enabled:hl2"
"H:\Games\Steam\SteamApps\4davii\counter-strike source\hl2.exe"="H:\Games\Steam\SteamApps\4davii\counter-strike source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Documents and Settings\Damien\My Documents\Starcraft\StarCraft.exe"="C:\Documents and Settings\Damien\My Documents\Starcraft\StarCraft.exe:*:Enabled:Starcraft"
"C:\Documents and Settings\Damien\My Documents\StarCraft2CinematicTrailer_EnglishUS-avi-downloader.exe"="C:\Documents and Settings\Damien\My Documents\StarCraft2CinematicTrailer_EnglishUS-avi-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client"
"C:\Documents and Settings\Damien\My Documents\FreeStyle Street BBall\FreeStyle.exe"="C:\Documents and Settings\Damien\My Documents\FreeStyle Street BBall\FreeStyle.exe:*:Disabled:FreeStyle"
"C:\SYSTEM32\HAL.DLL\system32\PnkBstrA.exe"="C:\SYSTEM32\HAL.DLL\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\SYSTEM32\HAL.DLL\system32\PnkBstrB.exe"="C:\SYSTEM32\HAL.DLL\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"I:\Games\Fear\FEARMP.exe"="I:\Games\Fear\FEARMP.exe:*:Enabled:FEAR Combat"
"I:\Games\FearX\FEARXP2.exe"="I:\Games\FearX\FEARXP2.exe:*:Enabled:FEARXP2"
"I:\NOMADAPP\Portable Programs\W32\Skype\Phone\skype.exe"="I:\NOMADAPP\Portable Programs\W32\Skype\Phone\skype.exe:*:Enabled:Skype"
"C:\Program Files\DAUM\PotPlayer\daumvsvr.exe"="C:\Program Files\DAUM\PotPlayer\daumvsvr.exe:*:Enabled:VideoPot"
"C:\Program Files\DAUM\PotPlayer\PotPlayer.exe"="C:\Program Files\DAUM\PotPlayer\PotPlayer.exe:*:Enabled:Daum ?????"
"H:\NOMADAPP\Portable Programs\W32\Skype\Phone\Skype.exe"="H:\NOMADAPP\Portable Programs\W32\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Ventrilo\Ventrilo.exe"="C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\SYSTEM32\HAL.DLL\system32\logonui.exe"="C:\SYSTEM32\HAL.DLL\system32\logonui.exe:*:Enabled:logonui"
"C:\SYSTEM32\HAL.DLL\system32\winlogon.exe"="C:\SYSTEM32\HAL.DLL\system32\winlogon.exe:*:Enabled:winlogon"
"C:\SYSTEM32\HAL.DLL\system32\spoolsv.exe"="C:\SYSTEM32\HAL.DLL\system32\spoolsv.exe:*:Enabled:spoolsv"
"C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe"="C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe:*:Enabled:ALUSchedulerSvc"
"C:\SYSTEM32\HAL.DLL\explorer.exe"="C:\SYSTEM32\HAL.DLL\explorer.exe:*:Enabled:Explorer"
"C:\SYSTEM32\HAL.DLL\system32\lsass.exe"="C:\SYSTEM32\HAL.DLL\system32\lsass.exe:*:Enabled:lsass"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
shell\AutoRun\command - E:\ONSPCLCK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - F:\ONSPCLCK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e8acf68-fd02-11dc-835a-001225f5bd63}]
shell\AutoRun\command - F:\ONSPCLCK.exe
======List of files/folders created in the last 1 months======
65535-65535-31889 379:31889:443 ----ASH---- C:\SYSTEM32\HAL.DLL\system32\simonuha.dll
2009-03-09 22:22:14 ----D---- C:\rsit
2009-03-09 14:00:29 ----HDC---- C:\SYSTEM32\HAL.DLL\$NtUninstallKB967715$
2009-03-09 13:57:39 ----A---- C:\SYSTEM32\HAL.DLL\system32\MRT.exe
2009-03-09 13:56:52 ----HDC---- C:\SYSTEM32\HAL.DLL\$NtUninstallKB960715$
2009-03-09 13:44:56 ----HDC---- C:\SYSTEM32\HAL.DLL\$NtUninstallKB958687$
2009-03-09 13:44:49 ----HDC---- C:\SYSTEM32\HAL.DLL\$NtUninstallKB956803$
2009-03-09 13:44:41 ----HDC---- C:\SYSTEM32\HAL.DLL\$NtUninstallKB952069_WM9$
2009-03-09 13:44:37 ----HDC---- C:\SYSTEM32\HAL.DLL\$NtUninstallKB955839$
2009-03-09 13:44:29 ----HDC---- C:\SYSTEM32\HAL.DLL\$NtUninstallKB956802$
2009-03-09 13:44:22 ----HDC---- C:\SYSTEM32\HAL.DLL\$NtUninstallKB954600$
2009-03-09 13:44:16 ----HDC---- C:\SYSTEM32\HAL.DLL\$NtUninstallKB957097$
2009-03-09 13:44:09 ----HDC---- C:\SYSTEM32\HAL.DLL\$NtUninstallKB954459$
2009-03-09 13:43:55 ----HDC---- C:\SYSTEM32\HAL.DLL\$NtUninstallKB955069$
2009-03-09 13:43:49 ----HDC---- C:\SYSTEM32\HAL.DLL\$NtUninstallKB958644$
2009-03-09 13:43:39 ----HDC---- C:\SYSTEM32\HAL.DLL\$NtUninstallKB956841$
2009-03-09 13:43:32 ----HDC---- C:\SYSTEM32\HAL.DLL\$NtUninstallKB954211$
2009-03-09 13:43:26 ----HDC---- C:\SYSTEM32\HAL.DLL\$NtUninstallKB954154_WM11$
2009-03-09 13:43:23 ----HDC---- C:\SYSTEM32\HAL.DLL\$NtUninstallKB938464$
2009-03-09 13:43:15 ----HDC---- C:\SYSTEM32\HAL.DLL\$NtUninstallKB952287$
2009-03-09 13:43:08 ----HDC---- C:\SYSTEM32\HAL.DLL\$NtUninstallKB950974$
2009-03-09 13:43:01 ----HDC---- C:\SYSTEM32\HAL.DLL\$NtUninstallKB952954$
2009-03-09 13:42:55 ----HDC---- C:\SYSTEM32\HAL.DLL\$NtUninstallKB946648$
2009-03-09 13:42:48 ----HDC---- C:\SYSTEM32\HAL.DLL\$NtUninstallKB951066$
2009-03-09 13:42:40 ----HDC---- C:\SYSTEM32\HAL.DLL\$NtUninstallKB951748$
2009-03-09 13:42:32 ----HDC---- C:\SYSTEM32\HAL.DLL\$NtUninstallKB951978$
2009-03-09 13:42:25 ----HDC---- C:\SYSTEM32\HAL.DLL\$NtUninstallKB951698$
2009-03-09 13:42:19 ----HDC---- C:\SYSTEM32\HAL.DLL\$NtUninstallKB951376-v2$
2009-03-09 13:42:13 ----HDC---- C:\SYSTEM32\HAL.DLL\$NtUninstallKB950762$
2009-03-09 13:42:07 ----HDC---- C:\SYSTEM32\HAL.DLL\$NtUninstallKB950760$
2009-03-09 13:41:42 ----A---- C:\SYSTEM32\HAL.DLL\imsins.BAK
2009-03-09 13:41:37 ----HDC---- C:\SYSTEM32\HAL.DLL\$NtUninstallKB941569$
2009-03-09 13:27:47 ----A---- C:\SYSTEM32\HAL.DLL\system32\wuapi.dll.mui
2009-03-09 11:34:16 ----D---- C:\SYSTEM32\HAL.DLL\temp
2009-03-09 11:28:35 ----D---- C:\ComboFix
2009-03-09 11:28:35 ----A---- C:\SYSTEM32\HAL.DLL\system32\CF26139.exe
2009-03-09 03:41:35 ----A---- C:\SYSTEM32\HAL.DLL\zip.exe
2009-03-09 03:41:35 ----A---- C:\SYSTEM32\HAL.DLL\VFIND.exe
2009-03-09 03:41:35 ----A---- C:\SYSTEM32\HAL.DLL\SWXCACLS.exe
2009-03-09 03:41:35 ----A---- C:\SYSTEM32\HAL.DLL\SWSC.exe
2009-03-09 03:41:35 ----A---- C:\SYSTEM32\HAL.DLL\SWREG.exe
2009-03-09 03:41:35 ----A---- C:\SYSTEM32\HAL.DLL\sed.exe
2009-03-09 03:41:35 ----A---- C:\SYSTEM32\HAL.DLL\NIRCMD.exe
2009-03-09 03:41:35 ----A---- C:\SYSTEM32\HAL.DLL\grep.exe
2009-03-09 03:41:35 ----A---- C:\SYSTEM32\HAL.DLL\fdsv.exe
2009-03-09 03:41:24 ----A---- C:\SYSTEM32\HAL.DLL\system32\CF118.exe
2009-03-09 01:59:15 ----SH---- C:\SYSTEM32\HAL.DLL\system32\abuzamut.ini
2009-03-08 16:09:44 ----D---- C:\VundoFix Backups
2009-03-08 16:09:44 ----A---- C:\VundoFix.txt
2009-03-08 14:00:47 ----A---- C:\mfvse.exe
2009-03-08 14:00:26 ----A---- C:\ootpnl.exe
2009-03-08 01:59:01 ----SH---- C:\SYSTEM32\HAL.DLL\system32\ayufusel.ini
2009-03-07 18:42:31 ----D---- C:\Program Files\ERUNT
2009-03-07 18:16:31 ----D---- C:\Program Files\SpywareBlaster
2009-03-07 03:12:32 ----D---- C:\SYSTEM32\HAL.DLL\ERDNT
2009-03-07 03:12:30 ----A---- C:\SYSTEM32\HAL.DLL\system32\CF19981.exe
2009-03-07 03:12:20 ----D---- C:\Qoobox
2009-03-06 13:57:49 ----SH---- C:\SYSTEM32\HAL.DLL\system32\felazako.exe
2009-03-05 13:53:53 ----D---- C:\Documents and Settings\Damien\Application Data\Malwarebytes
2009-03-05 13:53:45 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-03-05 13:53:45 ----D---- C:\Documents and Settings\All Users.HAL.DLL\Application Data\Malwarebytes
2009-03-05 00:18:23 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-03-05 00:18:23 ----D---- C:\Documents and Settings\All Users.HAL.DLL\Application Data\Spybot - Search & Destroy
======List of files/folders modified in the last 1 months======
2009-03-09 22:21:50 ----D---- C:\SYSTEM32\HAL.DLL\Prefetch
2009-03-09 19:58:07 ----D---- C:\Program Files\Mozilla Firefox
2009-03-09 19:40:36 ----D---- C:\SYSTEM32\HAL.DLL\system32\drivers
2009-03-09 19:34:45 ----D---- C:\Program Files\SPAMfighter
2009-03-09 19:34:09 ----D---- C:\SYSTEM32\HAL.DLL\system32
2009-03-09 19:33:29 ----D---- C:\Documents and Settings\Damien\Application Data\WTablet
2009-03-09 19:33:23 ----RSHDC---- C:\SYSTEM32\HAL.DLL\system32\dllcache
2009-03-09 19:32:37 ----D---- C:\SYSTEM32\HAL.DLL\system32\CatRoot2
2009-03-09 19:30:46 ----A---- C:\SYSTEM32\HAL.DLL\SchedLgU.Txt
2009-03-09 14:07:53 ----D---- C:\SYSTEM32\HAL.DLL\Microsoft.NET
2009-03-09 14:07:51 ----RSD---- C:\SYSTEM32\HAL.DLL\assembly
2009-03-09 14:00:35 ----HD---- C:\SYSTEM32\HAL.DLL\inf
2009-03-09 13:57:22 ----D---- C:\Program Files\Internet Explorer
2009-03-09 13:57:00 ----HD---- C:\SYSTEM32\HAL.DLL\$hf_mig$
2009-03-09 13:56:49 ----SHD---- C:\SYSTEM32\HAL.DLL\Installer
2009-03-09 13:56:48 ----D---- C:\Config.Msi
2009-03-09 13:55:39 ----AC---- C:\SYSTEM32\HAL.DLL\system32\PerfStringBackup.INI
2009-03-09 13:55:17 ----D---- C:\SYSTEM32\HAL.DLL\WinSxS
2009-03-09 13:51:15 ----D---- C:\SYSTEM32\HAL.DLL\system32\XPSViewer
2009-03-09 13:51:10 ----D---- C:\SYSTEM32\HAL.DLL\system32\en-US
2009-03-09 13:51:02 ----RSD---- C:\SYSTEM32\HAL.DLL\Fonts
2009-03-09 13:42:57 ----D---- C:\Program Files\Messenger
2009-03-09 13:30:34 ----D---- C:\SYSTEM32\HAL.DLL\system32\CatRoot
2009-03-09 13:27:54 ----D---- C:\SYSTEM32\HAL.DLL\SoftwareDistribution
2009-03-09 13:27:51 ----D---- C:\SYSTEM32\HAL.DLL\Help
2009-03-09 13:27:23 ----SD---- C:\SYSTEM32\HAL.DLL\Downloaded Program Files
2009-03-09 11:33:25 ----D---- C:\SYSTEM32\HAL.DLL\AppPatch
2009-03-09 11:33:15 ----AD---- C:\Program Files\Common Files
2009-03-09 03:23:07 ----AD---- C:\Documents and Settings\All Users.HAL.DLL\Application Data\TEMP
2009-03-08 13:58:55 ----A---- C:\SYSTEM32\HAL.DLL\system32\svchost.exe
2009-03-07 22:13:14 ----D---- C:\Documents and Settings\Damien\Application Data\dvdcss
2009-03-07 21:05:46 ----AC---- C:\SYSTEM32\HAL.DLL\NeroDigital.ini
2009-03-07 18:42:31 ----AD---- C:\Program Files
2009-03-06 20:29:22 ----D---- C:\Documents and Settings\Damien\Application Data\uTorrent
2009-03-06 07:51:45 ----D---- C:\SYSTEM32\HAL.DLL\Minidump
2009-03-06 07:51:45 ----D---- C:\SYSTEM32\HAL.DLL\Debug
2009-03-05 14:30:37 ----AC---- C:\SYSTEM32\HAL.DLL\REDEMUNINS.INI
2009-03-05 12:35:26 ----AC---- C:\SYSTEM32\HAL.DLL\WININIT.INI
2009-03-05 07:33:05 ----D---- C:\SYSTEM32\HAL.DLL\system32\config
2009-03-03 21:43:16 ----D---- C:\Documents and Settings
2009-02-28 17:38:15 ----D---- C:\SYSTEM32\HAL.DLL\system32\Adobe
2009-02-21 02:12:33 ----D---- C:\Program Files\Bonjour
2009-02-17 14:57:45 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-02-10 22:43:06 ----AC---- C:\SYSTEM32\HAL.DLL\system32\CmdLineExt.dll
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 FsVga;FsVga; C:\SYSTEM32\HAL.DLL\system32\DRIVERS\fsvga.sys [2002-09-03 12160]
R1 intelppm;Intel Processor Driver; C:\SYSTEM32\HAL.DLL\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\SYSTEM32\HAL.DLL\System32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 wpsdrvnt;wpsdrvnt; \??\C:\SYSTEM32\HAL.DLL\system32\drivers\wpsdrvnt.sys []
R2 PfModNT;PfModNT; \??\C:\SYSTEM32\HAL.DLL\system32\PfModNT.sys []
R2 wg3n;SyGate for NT, wg3n; C:\SYSTEM32\HAL.DLL\SYSTEM32\Drivers\wg3n.sys [2004-10-15 14568]
R2 wg4n;SyGate for NT, wg4n; C:\SYSTEM32\HAL.DLL\SYSTEM32\Drivers\wg4n.sys [2004-10-15 14568]
R2 wg5n;SyGate for NT, wg5n; C:\SYSTEM32\HAL.DLL\SYSTEM32\Drivers\wg5n.sys [2004-10-15 14568]
R2 wg6n;SyGate for NT, wg6n; C:\SYSTEM32\HAL.DLL\SYSTEM32\Drivers\wg6n.sys [2004-10-15 14568]
R3 ati2mtag;ati2mtag; C:\SYSTEM32\HAL.DLL\system32\DRIVERS\ati2mtag.sys [2008-12-01 3452928]
R3 BrScnUsb;Brother USB Still Image driver; C:\SYSTEM32\HAL.DLL\system32\DRIVERS\BrScnUsb.sys [2004-10-15 15295]
R3 mouhid;Mouse HID Driver; C:\SYSTEM32\HAL.DLL\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 P16X;Creative SB Live! Series (WDM); C:\SYSTEM32\HAL.DLL\system32\drivers\P16X.sys [2002-08-30 1293440]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\SYSTEM32\HAL.DLL\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 USBCM;Scientific-Atlanta USB Cable Modem Driver; C:\SYSTEM32\HAL.DLL\system32\DRIVERS\Sacm2A.sys [2004-06-09 15429]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\SYSTEM32\HAL.DLL\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\SYSTEM32\HAL.DLL\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\SYSTEM32\HAL.DLL\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 USBSTOR;USB Mass Storage Driver; C:\SYSTEM32\HAL.DLL\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\SYSTEM32\HAL.DLL\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 wacommousefilter;Wacom Mouse Filter Driver; C:\SYSTEM32\HAL.DLL\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11312]
R3 wacomvhid;Wacom Virtual Hid Driver; C:\SYSTEM32\HAL.DLL\system32\DRIVERS\wacomvhid.sys [2007-02-16 12848]
R3 WacomVKHid;Virtual Keyboard Driver; C:\SYSTEM32\HAL.DLL\system32\DRIVERS\WacomVKHid.sys [2007-02-15 11440]
S1 ATITool;ATITool Overclocking Utility; C:\SYSTEM32\HAL.DLL\system32\DRIVERS\ATITool.sys [2006-11-10 24064]
S3 a9nw6obu;a9nw6obu; C:\SYSTEM32\HAL.DLL\system32\drivers\a9nw6obu.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 EagleNT;EagleNT; \??\C:\SYSTEM32\HAL.DLL\system32\drivers\EagleNT.sys []
S3 hidusb;Microsoft HID Class Driver; C:\SYSTEM32\HAL.DLL\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 ndiscm;Motorola SURFboard USB Cable Modem Windows Driver; C:\SYSTEM32\HAL.DLL\System32\DRIVERS\NetMotCM.sys [2004-02-09 15360]
S3 nm;Network Monitor Driver; C:\SYSTEM32\HAL.DLL\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 NPF;NetGroup Packet Filter Driver; C:\SYSTEM32\HAL.DLL\system32\drivers\npf.sys [2007-11-06 34064]
S3 npkcrypt;npkcrypt; \??\I:\Games\RO\npkcrypt.sys []
S3 npkycryp;npkycryp; \??\I:\Games\RO\npkycryp.sys []
S3 serb1;serb1; \??\C:\Documents and Settings\Damien\Desktop\MS\SerbioEngine\serbio.sys []
S3 usbbus;LGE Mobile Composite USB Device; C:\SYSTEM32\HAL.DLL\system32\DRIVERS\lgusbbus.sys [2005-05-26 21344]
S3 USBModem;LGE Mobile USB Modem; C:\SYSTEM32\HAL.DLL\system32\DRIVERS\lgusbmodem.sys [2005-06-24 39036]
S3 WpdUsb;WpdUsb; C:\SYSTEM32\HAL.DLL\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\SYSTEM32\HAL.DLL\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 XDva020;XDva020; \??\C:\SYSTEM32\HAL.DLL\system32\XDva020.sys []
S3 XDva090;XDva090; \??\C:\SYSTEM32\HAL.DLL\system32\XDva090.sys []
S3 XDva190;XDva190; \??\C:\SYSTEM32\HAL.DLL\system32\XDva190.sys []
S3 zenos1;zenos1; \??\C:\Documents and Settings\Damien\Desktop\MS\Zenos\zenos.sys []
S4 IntelIde;IntelIde; C:\SYSTEM32\HAL.DLL\system32\drivers\IntelIde.sys []
S4 vsdatant;vsdatant; C:\SYSTEM32\HAL.DLL\system32\drivers\vsdatant.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\SYSTEM32\HAL.DLL\system32\Ati2evxx.exe [2008-12-01 598016]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-02-23 100032]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\SYSTEM32\HAL.DLL\system32\CTsvcCDA.exe [1999-12-13 44032]
R2 PnkBstrA;PnkBstrA; C:\SYSTEM32\HAL.DLL\system32\PnkBstrA.exe [2007-12-18 66872]
R2 SmcService;Sygate Personal Firewall; C:\Program Files\Sygate\SPF\smc.exe [2004-10-15 2577632]
R2 SPAMfighter Update Service;SPAMfighter Update Service; C:\Program Files\SPAMfighter\sfus.exe [2009-01-28 184968]
R2 TabletServicePen;TabletServicePen; C:\SYSTEM32\HAL.DLL\system32\Pen_Tablet.exe [2007-09-07 1373480]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\SYSTEM32\HAL.DLL\system32\MsPMSPSv.exe [2000-06-26 53520]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\SYSTEM32\HAL.DLL\system32\svchost.exe [2009-03-08 14336]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-10-28 654848]
S2 ATI Smart;ATI Smart; C:\SYSTEM32\HAL.DLL\system32\ati2sgag.exe [2008-12-01 593920]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-11-17 72704]
S3 aspnet_state;ASP.NET State Service; C:\SYSTEM32\HAL.DLL\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\SYSTEM32\HAL.DLL\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\SYSTEM32\HAL.DLL\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\SYSTEM32\HAL.DLL\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-02-23 2045632]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-11-06 92792]
S3 usprserv;User Privilege Service; C:\SYSTEM32\HAL.DLL\System32\svchost.exe [2009-03-08 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\SYSTEM32\HAL.DLL\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
info.txt logfile of random's system information tool 1.05 2009-03-09 22:22:38
======Uninstall list======
-->"C:\Program Files\Creative\SBLive\Program\Ctzapxx.EXE" /X /U /S /R
-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
-->C:\Program Files\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\SYSTEM32\HAL.DLL\UNNeroShowTime.exe /UNINSTALL
-->C:\SYSTEM32\HAL.DLL\UNNeroVision.exe /UNINSTALL
-->MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}
-->MsiExec.exe /I{A2529672-574A-4A99-86A5-C1770A0E31FE}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{51F5239C-197B-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{51F5239C-197B-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7337A45-3FE5-4392-ABBB-26B794D060C9}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7337A45-3FE5-4392-ABBB-26B794D060C9}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4F2F3E0C-2025-4F5E-9583-AB8CD5AA88A6}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4F2F3E0C-2025-4F5E-9583-AB8CD5AA88A6}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5B095CD4-555F-4F70-9B90-B1DB84D810ED}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5B095CD4-555F-4F70-9B90-B1DB84D810ED}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66BCC50C-22D9-4927-9251-27FA88A32214}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66BCC50C-22D9-4927-9251-27FA88A32214}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7550D6AA-CCF3-4FDA-87D6-C2C1B2E5358D}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7550D6AA-CCF3-4FDA-87D6-C2C1B2E5358D}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AB14DF5-3B04-4E3B-9969-695DBA7F2008}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AB14DF5-3B04-4E3B-9969-695DBA7F2008}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA32BDBB-A91E-47AB-97F1-4C7007F4953C}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA32BDBB-A91E-47AB-97F1-4C7007F4953C}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D42EFA6C-0553-45F7-AD03-6D36207CA6D4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D42EFA6C-0553-45F7-AD03-6D36207CA6D4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAAC5938-8026-4D0C-A476-D1954917B7F5}\SETUP.EXE" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAAC5938-8026-4D0C-A476-D1954917B7F5}\SETUP.EXE" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -l0x9 /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\SYSTEM32\HAL.DLL\INF\PCHealth.inf
μTorrent-->"C:\Program Files\uTorrent\uninstall.exe"
Adobe Acrobat 8.1.2 Professional-->msiexec /I {AC76BA86-1033-F400-7760-000000000003}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Creative Suite 3 Design Premium-->C:\Program Files\Common Files\Adobe\Installers\dd78348730168e091cb096fe182e420\Setup.exe
Adobe Flash Player 10 Plugin-->C:\SYSTEM32\HAL.DLL\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->C:\SYSTEM32\HAL.DLL\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX-->C:\SYSTEM32\HAL.DLL\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Illustrator CS2 Tryout-->msiexec /I {AD05F1FF-F284-402D-952A-ABCA6A6063FB}
Adobe InDesign CS2-->msiexec /I{7F4C8163-F259-49A0-A018-2857A90578BC}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Setup-->MsiExec.exe /I{A2FF776F-2160-4FFA-AC53-818FBEDC12B3}
Adobe Shockwave Player-->C:\SYSTEM32\HAL.DLL\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\SYSTEM32\HAL.DLL\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Adobe Stock Photos 1.0-->MsiExec.exe /I{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}
Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Amorous Professor Cherry v1.0-->"H:\Games\Amorous Professor Cherry\unins000.exe"
ANA B787 スクリーンセーバー-->C:\SYSTEM32\HAL.DLL\system32\ANA B787.scr /u
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft Panorama Maker 3.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1CABB679-3958-44AA-BFFF-4E68A2684255}\Setup.exe" -l0x9 -uninst
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver-->rundll32 C:\SYSTEM32\HAL.DLL\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
Bazooka Cafe-->C:\SYSTEM32\HAL.DLL\unvise32.exe i:\games\bazooka\uninstal.log
Best's Pocket Key Rating Guide - P/C & L/H, Canada, Version 2007-->C:\Program Files\InstallShield Installation Information\{3452ED7C-5BFF-4127-A28F-E70E80139EDC}\setup.exe -runfromtemp -l0x0009 -uninst -removeonly
Blaze of DestinyⅢ-->MsiExec.exe /I{A1F2A6A6-B98D-4CEE-8A9A-1EE0DC66172B}
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Brother MFL-Pro Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A912C12-A7DA-44D7-BD57-5CA85E2F33E1}\Setup.exe" -l0x9 Brunin03.dll -removeonly
Catalyst Control Center - Branding-->MsiExec.exe /I{D3B1C799-CB73-42DE-BA0F-2344793A095C}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CDex extraction audio-->"C:\Program Files\CDex_170b2\uninstall.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Citrix Web Client-->C:\SYSTEM32\HAL.DLL\system32\ctxsetup.exe /uninst C:\PROGRA~1\Citrix\icaweb32\uninst.inf
Combined Community Codec Pack 2007-07-22-->"C:\Program Files\Combined Community Codec Pack\unins000.exe"
Counter-Strike: Source-->MsiExec.exe /I{9580813D-94B1-4C28-9426-A441E2BB29A5}
Creative MediaSource-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}\SETUP.EXE" -l0x9 /remove
Creative Removable Disk Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9 /remove
Creative System Information-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Creative Zen MicroPhoto-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1AEC8F41-4701-415D-9782-F69CFB535463}\SETUP.EXE" -l0x9 /remove
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
Fable - The Lost Chapters-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}
Fate/stay night English v3.2-->H:\Games\FateStayNight\uninstall.exe
Fate/stay night-->H:\Fate\unins000.exe
FEAR Perseus Mandate-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8D0BB1D1-E9FB-49E9-A9C1-09C00F38DA0C}\setup.exe" -l0x9 -removeonly
FEARCombat-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{75E607CF-7BAE-4B88-84B3-97F3DF44BA28}\setup.exe" -l0x9 /zU -removeonly
Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
Free Download Manager 2.5-->"C:\Program Files\Free Download Manager\unins000.exe"
GameSpy Arcade-->I:\GAMES\GAMESP~1\UNWISE.EXE I:\GAMES\GAMESP~1\INSTALL.LOG
GOM Player-->"C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
Google Earth-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Video Player-->"C:\Program Files\Google\Google Video Player\Uninstall.exe"
Granado Espada-->"H:\Games\Granado Espada\unins000.exe"
GTK+ 2.8.18-1 runtime environment-->"C:\Program Files\Common Files\GTK\2.0\unins000.exe"
Guitar Pro 5.2-->"C:\Program Files\Guitar Pro 5\unins000.exe"
HijackThis 2.0.2-->"C:\Documents and Settings\Damien\Desktop\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\SYSTEM32\HAL.DLL\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\SYSTEM32\HAL.DLL\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\SYSTEM32\HAL.DLL\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\SYSTEM32\HAL.DLL\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\SYSTEM32\HAL.DLL\$NtUninstallKB952287$\spuninst\spuninst.exe"
ICCup Launcher-->"C:\Documents and Settings\Damien\My Documents\Starcraft\Launcher\unins000.exe"
IGN Download Manager 2.3.3-->C:\Program Files\IGN\Download Manager\uninst.exe
ijji - Gunz-->H:\Games\Gunz\Uninstall.exe
ILLUSION BattleRaper2-->MsiExec.exe /I{32470264-B8B8-408E-A404-73A9DF16B8FE}
ILLUSION RapeLay-->MsiExec.exe /X{D1E1F028-1953-43A3-BFD8-D2A00EC06E36}
Indeoョ Software-->C:\SYSTEM32\HAL.DLL\IsUninst.exe -f"C:\Program Files\Ligos\Indeo\Uninst.isu"
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
LG GSM PC Components-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB8251EE-C86B-410D-83B2-1E28E9DE2C2B}\setup.exe" -l0x9
LG USB Modem Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\setup.exe" -l0x9 -removeonly
Lightning Warrior Raidy-->C:\SYSTEM32\HAL.DLL\unvise32.exe h:\games\Lightning Warrior\uninstal.log
Magic ISO Maker v5.4 (build 0251)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Marc Ecko's Getting Up - Contents Under Pressure-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B8F941EA-FC3E-4915-B5EB-E91A47BF3394}\SETUP.EXE" -l0x9 -removeonly
MELTY BLOOD Act Cadenza Ver.B Windows版-->H:\Games\MBACWIN\data\uninst.exe -f"H:\Games\MBACWIN\data\uninst.dat"
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\SYSTEM32\HAL.DLL\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft AppLocale-->MsiExec.exe /I{394BE3D9-7F57-4638-A8D1-1D88671913B7}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\SYSTEM32\HAL.DLL\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\SYSTEM32\HAL.DLL\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\SYSTEM32\HAL.DLL\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 Premium-->MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\SYSTEM32\HAL.DLL\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Windows Application Compatibility Database-->C:\SYSTEM32\HAL.DLL\system32\sdbinst.exe -u "C:\SYSTEM32\HAL.DLL\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb"
Mozilla Firefox (2.0.0.20)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
MultiRes (remove only)-->C:\Program Files\MultiRes\uninstal.exe
Neffy 1,2,1,11-->C:\Program Files\Neffy\uninst.exe
Nero 7 Ultra Edition-->MsiExec.exe /I{235BBFC6-D863-4066-A01A-3BD504C31033}
Nikon View 6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AAB84E83-C8DF-4752-9DFC-2E2A48EE5E9F}\setup.exe" UNINSTALL
ObjectDock Plus-->C:\PROGRA~1\Stardock\OBJECT~1\objectdock.exe /uninstall
PANDA-glGo-->"C:\Go\glGo\uninstall.exe"
PaperPort-->MsiExec.exe /I{71C97545-E547-4A8B-B0C8-61FF853270AC}
Pen Tablet-->C:\Program Files\Tablet\Pen\Remove.exe /u
Pretty Soldier Wars A.D. 2048-->C:\SYSTEM32\HAL.DLL\unvise32.exe i:\games\soldier wars\uninstal.log
PSP ISO Compressor-->MsiExec.exe /X{D47087E7-AA15-4D1D-8C0A-60F7E446D597}
PSP Video Express(remove only)-->"C:\Program Files\PQDVD\PSPVideoExpress\bt-uninst.exe"
PunkBuster Services-->C:\SYSTEM32\HAL.DLL\system32\pbsvc.exe -u
QuickTax 2007-->MsiExec.exe /X{22EC35BD-F8F2-45EB-8DCB-1C7FB65D0A71}
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Rainlendar2 (remove only)-->"C:\Program Files\Rainlendar2\uninst.exe"
Rainmeter (remove only)-->"C:\Program Files\Rainmeter\uninst.exe"
Really?Really!-->MsiExec.exe /X{205EBE68-438A-4BA6-A7D7-ACA5299C4575}
Reversible-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{857262E5-DF65-415A-BF5F-E86410E8605E}
SanDisk TransferMate-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{601C6E14-DF1E-4113-A8C8-F9DB90CB0D88}\Setup.exe" -l0x9
Scientific-Atlanta WebSTAR 2000 series Cable Modem-->UNDPX2A.EXE
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\SYSTEM32\HAL.DLL\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\SYSTEM32\HAL.DLL\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\SYSTEM32\HAL.DLL\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\SYSTEM32\HAL.DLL\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\SYSTEM32\HAL.DLL\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\SYSTEM32\HAL.DLL\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\SYSTEM32\HAL.DLL\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\SYSTEM32\HAL.DLL\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\SYSTEM32\HAL.DLL\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\SYSTEM32\HAL.DLL\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\SYSTEM32\HAL.DLL\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\SYSTEM32\HAL.DLL\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 8 (KB917734)-->"C:\SYSTEM32\HAL.DLL\$NtUninstallKB917734_WMP8$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\SYSTEM32\HAL.DLL\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913433)-->C:\SYSTEM32\HAL.DLL\System32\MacroMed\Flash\genuinst.exe C:\SYSTEM32\HAL.DLL\System32\MacroMed\Flash\KB913433.inf
Security Update for Windows XP (KB938464)-->"C:\SYSTEM32\HAL.DLL\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\SYSTEM32\HAL.DLL\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\SYSTEM32\HAL.DLL\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\SYSTEM32\HAL.DLL\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\SYSTEM32\HAL.DLL\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\SYSTEM32\HAL.DLL\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\SYSTEM32\HAL.DLL\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\SYSTEM32\HAL.DLL\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\SYSTEM32\HAL.DLL\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\SYSTEM32\HAL.DLL\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\SYSTEM32\HAL.DLL\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\SYSTEM32\HAL.DLL\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\SYSTEM32\HAL.DLL\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\SYSTEM32\HAL.DLL\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\SYSTEM32\HAL.DLL\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\SYSTEM32\HAL.DLL\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\SYSTEM32\HAL.DLL\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\SYSTEM32\HAL.DLL\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\SYSTEM32\HAL.DLL\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\SYSTEM32\HAL.DLL\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\SYSTEM32\HAL.DLL\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\SYSTEM32\HAL.DLL\$NtUninstallKB960715$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Skype? 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Snow Sakura-->C:\SYSTEM32\HAL.DLL\unvise32.exe i:\games\Snow Sakura\uninstal.log
SoldnerXPatch101-->"C:\Program Files\SoldnerX_Patch_101\uninstall.exe"
Sound Blaster Live!-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{96E16100-A77F-4B31-B9AD-FFBA040EE1BD}\SETUP.EXE" -l0x9
SPAMfighter-->"C:\Program Files\SPAMfighter\uninstall.exe" Remove
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.1-->"C:\Program Files\SpywareBlaster\unins000.exe"
Starcraft-->C:\SYSTEM32\HAL.DLL\SCunin.exe C:\SYSTEM32\HAL.DLL\SCunin.dat
Steam(TM)-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Sword of The New World-->"H:\Games\Sword2\unins000.exe"
Sygate Personal Firewall-->MsiExec.exe /I{F34D9A5F-484A-4E31-A9D3-908CB265B289}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
TAXWIZ 2005-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CCD53CA6-996D-4742-A2C4-3D13FFE8E726}\isetup.ex_" -l0x9 -uninst
TAXWIZ 2006-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1063EB55-E42D-4755-9F83-BF20389E5524}\isetup.ex_" -l0x9 -uninst
TBS WMP Plug-in-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{DB5F474C-B584-417F-810B-DEBBC1893C2A}
Thief - Deadly Shadows-->I:\Games\Thief - Deadly Shadows\Uninst.exe /pid:{B5E0195A-A38A-46B2-A770-9F2362834E2B} /asd
Tick! Tack!-->MsiExec.exe /X{EEF5533D-C298-4107-A44D-67278204C3EB}
Update for Windows XP (KB951978)-->"C:\SYSTEM32\HAL.DLL\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\SYSTEM32\HAL.DLL\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\SYSTEM32\HAL.DLL\$NtUninstallKB967715$\spuninst\spuninst.exe"
Uplink-->C:\SYSTEM32\HAL.DLL\IsUninst.exe -fh:\games\Uplink\Uninst.isu
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VideoLAN VLC media player 0.8.6a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
VTFEdit 1.2.3-->"C:\Program Files\VTFEdit\unins000.exe"
WC3Banlist-->"H:\Games\Warcraft III\WC3Banlist\unins000.exe"
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Imaging Component-->"C:\SYSTEM32\HAL.DLL\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\SYSTEM32\HAL.DLL\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\SYSTEM32\HAL.DLL\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3-->"C:\SYSTEM32\HAL.DLL\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinPcap 4.0.2-->C:\Program Files\WinPcap\uninstall.exe
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft (2)\Uninstall.exe
Xuse 永遠のアセリア(DVD版) (Remove Only)-->"H:\Games\永遠のアセリア(DVD版)\Xuse_Inst.exe" "H:\Games\永遠のアセリア(DVD版)\Xuse_Inst.exe" "/D"
Xuse 聖なるかな (Remove Only)-->"I:\Games\聖なるかな\Xuse_Inst.exe" "I:\Games\聖なるかな\Xuse_Inst.exe" "/D"
Yahoo! Install Manager-->C:\SYSTEM32\HAL.DLL\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Photos Easy Upload Tool 1v7-->C:\SYSTEM32\HAL.DLL\system32\regsvr32 /u /s "C:\SYSTEM32\HAL.DLL\cache\YDropperCA.dll"
YUME MIRU KUSURI-->C:\Program Files\InstallShield Installation Information\{03ABC33C-10B1-400E-B1FA-E817FE98D11C}\setup.exe -runfromtemp -l0x0009 -removeonly
Zune Desktop Theme-->MsiExec.exe /X{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}
おっぱいの王者48 何も考えず 目の前のおっぱい全部 しゃぶれ!-->H:\Games\OLE\MILK48\Uninstall.exe
キャッスルファンタジア聖魔大戦-->C:\SYSTEM32\HAL.DLL\IsUn0411.exe -fi:\games\Castle\Uninst.isu
すばらしきこのせかい スクリーンセーバー-->C:\SYSTEM32\HAL.DLL\system32\すばらしきこのせかい.scr /u
すばらしきこのせかい2 スクリーンセーバー-->C:\SYSTEM32\HAL.DLL\system32\すばらしきこのせかい2.scr /u
ドラクリウス-->H:\Games\Dora\めろめろキュ~ト\ドラクリウス\UNINST.EXE
ヤミノカナタ-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{DFF6CA80-2D76-480C-8645-EBFB1380083A}
七人のオンラインゲーマーズ~オフライン~-->H:\Games\G.J?\7ONLINE\Uninstall.exe
凌姫Ⅱ-->MsiExec.exe /I{DC6BC46D-41A1-422E-BDBD-58E50EE0BC53}
姉とボイン-->C:\SYSTEM32\HAL.DLL\aneUninst.exe
戦女神ZERO-->C:\Program Files\InstallShield Installation Information\{455EE66A-17E3-4E66-9D3C-D630723C3B00}\SETUP.EXE -runfromtemp -l0x0411
======Hosts File======
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
======Security center information======
FW: Sygate Personal Firewall
System event log
Computer Name: GARY-II7YMDQWTP
Event Code: 7036
Message: The Ati HotKey Poller service entered the stopped state.
Record Number: 55573
Source Name: Service Control Manager
Time Written: 20090306194423.000000-300
Event Type: information
User:
Computer Name: GARY-II7YMDQWTP
Event Code: 14000
Message: MTP WPD Driver has started successfully.
Record Number: 55572
Source Name: WPDMTPDriver
Time Written: 20090306194043.000000-300
Event Type: information
User:
Computer Name: GARY-II7YMDQWTP
Event Code: 15208
Message: MTP Protocol Driver has detected that the device 'Creative Technology Ltd, Creative Zen MicroPhoto, 1.20.01_0.00.65' cannot accept read-only properties when creating new objects ((15)).
Record Number: 55571
Source Name: WPDMTPDriver
Time Written: 20090306194043.000000-300
Event Type: warning
User:
Computer Name: GARY-II7YMDQWTP
Event Code: 14000
Message: MTP WPD Driver has started successfully.
Record Number: 55570
Source Name: WPDMTPDriver
Time Written: 20090306190114.000000-300
Event Type: information
User:
Computer Name: GARY-II7YMDQWTP
Event Code: 15208
Message: MTP Protocol Driver has detected that the device 'Creative Technology Ltd, Creative Zen MicroPhoto, 1.20.01_0.00.65' cannot accept read-only properties when creating new objects ((15)).
Record Number: 55569
Source Name: WPDMTPDriver
Time Written: 20090306190114.000000-300
Event Type: warning
User:
Application event log
Computer Name: GARY-II7YMDQWTP
Event Code: 1904
Message:
Record Number: 5649
Source Name: HHCTRL
Time Written: 20080423090210.000000-240
Event Type: information
User:
Computer Name: GARY-II7YMDQWTP
Event Code: 1904
Message:
Record Number: 5648
Source Name: HHCTRL
Time Written: 20080423090210.000000-240
Event Type: information
User:
Computer Name: GARY-II7YMDQWTP
Event Code: 1904
Message:
Record Number: 5647
Source Name: HHCTRL
Time Written: 20080423090210.000000-240
Event Type: information
User:
Computer Name: GARY-II7YMDQWTP
Event Code: 1904
Message:
Record Number: 5646
Source Name: HHCTRL
Time Written: 20080423090210.000000-240
Event Type: information
User:
Computer Name: GARY-II7YMDQWTP
Event Code: 1904
Message:
Record Number: 5645
Source Name: HHCTRL
Time Written: 20080423090210.000000-240
Event Type: information
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Common Files\GTK\2.0\bin;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"LANG"=C
"sourcesdk"=h:\games\steam\steamapps\4davii\sourcesdk
"VProject"=h:\games\steam\steamapps\4davii\counter-strike source\cstrike
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
-----------------EOF-----------------
Malwarebytes' Anti-Malware 1.34
Database version: 1829
Windows 5.1.2600 Service Pack 3
2009-03-09 22:20:39
mbam-log-2009-03-09 (22-20-39).txt
Scan type: Full Scan (A:\|C:\|D:\|E:\|G:\|H:\|X:\|Y:\|Z:\|)
Objects scanned: 333334
Time elapsed: 2 hour(s), 34 minute(s), 40 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 5
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{de3372d8-633f-42c6-93e0-08fd7822ebad} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{de3372d8-633f-42c6-93e0-08fd7822ebad} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5dab81a3-915e-46b1-9adb-dce1b14680ed} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5dab81a3-915e-46b1-9adb-dce1b14680ed} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mabozejeki (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpmeb24dc1f (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\e817ef83 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\SYSTEM32\HAL.DLL\system32\hszvum.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
Hi 4daVii
Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible.
Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.
1 - SDFix
Download SDFix (http://downloads.andymanchesta.com/RemovalTools/SDFix.exe) and save it to your Desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
2 - Boot into Safe Mode
Reboot your computer in Safe Mode.
If the computer is running, shut down Windows, and then turn off the power.
Wait 30 seconds, and then turn the computer on.
Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
Ensure that the Safe Mode option is selected.
Press Enter. The computer then begins to start in Safe mode.
Login on your usual account.
3 - Run SDFix
Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
4 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad
5 - Status Check
Please reply with
1. the SDFix.Report.txt (C:\SDFix\report.txt)
2. a fresh HijackThis log
Thanks peku006
SDFix: Version 1.240
Run by Damien on 2009-03-10 at 07:40
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:05, on 2009-03-10
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\SYSTEM32\HAL.DLL\System32\smss.exe
C:\SYSTEM32\HAL.DLL\system32\winlogon.exe
C:\SYSTEM32\HAL.DLL\system32\services.exe
C:\SYSTEM32\HAL.DLL\system32\lsass.exe
C:\SYSTEM32\HAL.DLL\system32\Ati2evxx.exe
C:\SYSTEM32\HAL.DLL\system32\svchost.exe
C:\SYSTEM32\HAL.DLL\System32\svchost.exe
C:\SYSTEM32\HAL.DLL\system32\Ati2evxx.exe
C:\SYSTEM32\HAL.DLL\system32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\SYSTEM32\HAL.DLL\system32\spoolsv.exe
C:\SYSTEM32\HAL.DLL\Explorer.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\progra~1\winamp\winampa.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Messenger\msmsgs.exe
C:\SYSTEM32\HAL.DLL\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\SYSTEM32\HAL.DLL\system32\conime.exe
C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\SYSTEM32\HAL.DLL\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\SYSTEM32\HAL.DLL\system32\PnkBstrA.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\SYSTEM32\HAL.DLL\System32\svchost.exe
C:\SYSTEM32\HAL.DLL\system32\Pen_Tablet.exe
C:\SYSTEM32\HAL.DLL\system32\MsPMSPSv.exe
C:\SYSTEM32\HAL.DLL\system32\WTablet\Pen_TabletUser.exe
C:\SYSTEM32\HAL.DLL\system32\Pen_Tablet.exe
C:\SYSTEM32\HAL.DLL\system32\wscntfy.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\SYSTEM32\HAL.DLL\system32\taskmgr.exe
C:\SYSTEM32\HAL.DLL\system32\NOTEPAD.EXE
C:\Documents and Settings\Damien\Desktop\Damien.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {f11e4ae0-fa5c-4387-8e12-f2a5ea40af58} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\SYSTEM32\HAL.DLL\UpdReg.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [WinampAgent] c:\progra~1\winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SDFix] C:\SDFix\RunThis.bat /second
O4 - HKCU\..\Run: [Gadwin PrintScreen 2.6] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\dlm.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\SYSTEM32\HAL.DLL\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [mabozejeki] Rundll32.exe "C:\SYSTEM32\HAL.DLL\system32\modigege.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [mabozejeki] Rundll32.exe "C:\SYSTEM32\HAL.DLL\system32\modigege.dll",s (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\SYSTEM32\HAL.DLL\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\SYSTEM32\HAL.DLL\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://www.gamescampus.com/xiah/luncher/GamesCampus.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://www.epost.ca/printing/smsx.cab
O16 - DPF: {377FF862-62E0-4F33-B6E5-F58E0BC0F209} (NlsComm Component Class) - http://login.hanbiton.com/cab/NLSnSSO.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by118fd.bay118.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1236619636953
O16 - DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} (NMJTransX Control) - http://www.netmarble.jp/_common/cab/NMJTransX.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.cdnetworks.co.jp/cdndist/neffy/NeffyLauncher_v1013.cab
O16 - DPF: {B01AAFA1-2478-44A3-8894-BE4D4C23C271} (HLauncher Control) - http://ge.clubhanbit.jp/launcher/GELauncher.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab
O16 - DPF: {F58E877C-4F14-4805-B2D2-EB48927C7580} (NeffyManSpLauncherCtl Class) - http://dist.cdnetworks.co.kr/cdndist/streamport/SPort.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.2.1.cab
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O18 - Protocol: intu-tw2005 - {409C9F3B-A432-4259-8526-F8F02EB9A652} - C:\Program Files\TAXWIZ 2005\TW2005\ic2005pp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\SYSTEM32\HAL.DLL\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\SYSTEM32\HAL.DLL\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\SYSTEM32\HAL.DLL\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\SYSTEM32\HAL.DLL\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\SYSTEM32\HAL.DLL\system32\Pen_Tablet.exe
--
End of file - 12911 bytes
Hi 4daVii
Please download OTListIt2 by OldTimer from Geeks to Go (http://oldtimer.geekstogo.com/OTListIt2.exe). Save it your desktop.
Double click on OTListIt2.exe to run it.
Under Output, ensure that Minimal Output is selected.
Under Extra Registry section, select Use SafeList.
Click on Run Scan at the top left hand corner.
When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply. One log per reply please.
Thanks peku006
Hi, I ran OTListIt2 as instructed but received an error message. "'1/1/1900 12' is not a valid date and time."
Hi 4daVii
Download OTScanIt2 by Oldtimer (http://oldtimer.geekstogo.com/OTScanIt2.exe) to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt2 on your desktop.
NOTE: You must be logged on to the system with an account that has Administrator privileges to run this program.
Close ALL OTHER PROGRAMS.
Open the OTScanIt2 folder and double-click on OTScanIt2.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
Click the Scan All Users checkbox on the toolbar.
Do not change any other settings.
Now click the Run Scan button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Close Notepad (saving the change if necessry).
NOTE:Use the Add Reply button and Attach the scan back here (do not copy/paste it as it will be too big to fit into the post). It will be located in the OTScanIt2 folder and named OTScanIt.txt.
Thanks peku006
Hi peku006
My posting rules, as listed in the bottom left are:
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts
Is there any other way to attach the OTScanIt.Txt file?
Hi 4daVii
Copy and paste the contents of that file, to a reply here. ..(may need to split it over two or more posts depending on how large it is. ...)
[code]
OTScanIt2 logfile created on: 03/11/09 2:23:35 PM - Run 1
OTScanIt2 by OldTimer - Version 1.0.8.0 Folder = C:\Documents and Settings\Damien\Desktop\OTScanIt2
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: MM/dd/yy
2.00 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 89.99% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0;
%SystemDrive% = C: | %SystemRoot% = C:\SYSTEM32\HAL.DLL | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 33.31 Gb Free Space | 44.73% Space Free | Partition Type: NTFS
Drive D: | 480.69 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 124.44 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 297.96 Gb Total Space | 90.47 Gb Free Space | 30.36% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Drive X: | 2.75 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: GARY-II7YMDQWTP
Current User Name: Damien
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days
[Processes - Safe List]
aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> [2006/02/23 11:41:02 | 00,100,032 | ---- | M] (Symantec Corporation)
brccmctl.exe -> %ProgramFiles%\Brother\ControlCenter3\brccMCtl.exe -> [2006/04/06 21:11:02 | 00,339,968 | ---- | M] (Brother Industries, Ltd.)
brmfcmon.exe -> %ProgramFiles%\Brother\Brmfcmon\BrMfcmon.exe -> [2006/03/01 16:06:22 | 00,069,632 | ---- | M] (Brother Industries, Ltd.)
brmfcwnd.exe -> %ProgramFiles%\Brother\Brmfcmon\BrMfcWnd.exe -> [2006/03/28 15:48:54 | 00,622,592 | R--- | M] ()
ccc.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\Core-Static\ccc.exe -> [2008/09/02 12:40:46 | 00,049,152 | ---- | M] (ATI Technologies Inc.)
ctdetect.exe -> %ProgramFiles%\Creative\MediaSource\Detector\CTDetect.exe -> [2004/12/02 19:23:34 | 00,102,400 | ---- | M] (Creative Technology Ltd)
ctsvccda.exe -> %SystemRoot%\system32\CTsvcCDA.exe -> [1999/12/13 02:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd)
daemon.exe -> %ProgramFiles%\DAEMON Tools\daemon.exe -> [2006/09/14 16:09:07 | 00,157,592 | ---- | M] (DT Soft Ltd.)
diagent.exe -> %ProgramFiles%\Creative\SBLive\Diagnostics\diagent.exe -> [2002/04/03 02:01:00 | 00,135,264 | ---- | M] (Creative Technology Ltd)
explorer.exe -> %SystemRoot%\Explorer.EXE -> [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
jusched.exe -> %ProgramFiles%\Java\jre6\bin\jusched.exe -> [2009/03/10 02:11:13 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.)
mom.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\Core-Static\MOM.exe -> [2008/09/02 12:48:12 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.)
msmsgs.exe -> %ProgramFiles%\Messenger\msmsgs.exe -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
mspmspsv.exe -> %SystemRoot%\system32\MsPMSPSv.exe -> [2000/06/26 08:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation)
otscanit2.exe -> %UserProfile%\Desktop\OTScanIt2\OTScanIt2.exe -> [2009/02/19 11:15:40 | 00,489,984 | ---- | M] (OldTimer Tools)
pptd40nt.exe -> %ProgramFiles%\ScanSoft\PaperPort\pptd40nt.exe -> [2005/03/17 14:25:54 | 00,057,393 | ---- | M] (ScanSoft, Inc.)
sfus.exe -> %ProgramFiles%\SPAMfighter\sfus.exe -> [2009/01/28 13:08:22 | 00,184,968 | ---- | M] (SPAMfighter ApS)
smc.exe -> %ProgramFiles%\Sygate\SPF\smc.exe -> [2004/10/15 19:40:56 | 02,577,632 | ---- | M] (Sygate Technologies, Inc.)
taskmgr.exe -> %SystemRoot%\system32\taskmgr.exe -> [2008/04/13 20:12:37 | 00,135,680 | ---- | M] (Microsoft Corporation)
wmiprvse.exe -> %SystemRoot%\System32\wbem\wmiprvse.exe -> [2008/04/13 20:12:40 | 00,218,112 | ---- | M] (Microsoft Corporation)
wscntfy.exe -> %SystemRoot%\system32\wscntfy.exe -> [2008/04/13 20:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation)
wudfhost.exe -> %SystemRoot%\System32\wudfhost.exe -> [2006/09/28 19:56:38 | 00,146,432 | ---- | M] (Microsoft Corporation)
[Win32 Services - Safe List]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> [2006/11/17 22:28:09 | 00,072,704 | ---- | M] (Adobe Systems)
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation)
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\Ati2evxx.exe -> [2008/12/01 16:38:42 | 00,598,016 | ---- | M] (ATI Technologies Inc.)
(ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\ati2sgag.exe -> [2008/12/01 15:35:00 | 00,593,920 | ---- | M] ()
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> [2006/02/23 11:41:02 | 00,100,032 | ---- | M] (Symantec Corporation)
(Bonjour Service) Bonjour Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.)
(clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation)
(Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> %SystemRoot%\system32\CTsvcCDA.exe -> [1999/12/13 02:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd)
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> [2007/10/28 13:53:06 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.)
(FontCache3.0.0.0) Windows Presentation Foundation Font Cache 3.0.0.0 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -> [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation)
(helpsvc) Help and Support [Win32_Shared | Auto | Running] -> %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dll -> [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation)
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation)
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -> [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation)
(JavaQuickStarterService) Java Quick Starter [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2009/03/10 02:11:13 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
(LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_0.EXE -> [2006/02/23 11:41:02 | 02,045,632 | ---- | M] (Symantec Corporation)
(NetTcpPortSharing) Net.Tcp Port Sharing Service [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -> [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation)
(PnkBstrA) PnkBstrA [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\PnkBstrA.exe -> [2007/12/18 16:32:30 | 00,066,872 | ---- | M] ()
(rpcapd) Remote Packet Capture Protocol v.0 (experimental) [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\WinPcap\rpcapd.exe -> [2007/11/06 16:22:26 | 00,092,792 | ---- | M] (CACE Technologies)
(SmcService) Sygate Personal Firewall [Win32_Own | Auto | Running] -> %ProgramFiles%\Sygate\SPF\smc.exe -> [2004/10/15 19:40:56 | 02,577,632 | ---- | M] (Sygate Technologies, Inc.)
(SPAMfighter Update Service) SPAMfighter Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\SPAMfighter\sfus.exe -> [2009/01/28 13:08:22 | 00,184,968 | ---- | M] (SPAMfighter ApS)
(TabletServicePen) TabletServicePen [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\Pen_Tablet.exe -> [2007/09/07 12:16:18 | 01,373,480 | ---- | M] (Wacom Technology, Corp.)
(WMDM PMSP Service) WMDM PMSP Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\MsPMSPSv.exe -> [2000/06/26 08:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation)
(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Windows Media Player\WMPNetwk.exe -> [2006/10/18 22:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation)
[Driver Services - Safe List]
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\ati2mtag.sys -> [2008/12/01 18:13:40 | 03,452,928 | ---- | M] (ATI Technologies Inc.)
(ATITool) ATITool Overclocking Utility [Kernel | System | Stopped] -> %SystemRoot%\system32\DRIVERS\ATITool.sys -> [2006/11/10 09:08:50 | 00,024,064 | ---- | M] ()
(BrScnUsb) Brother USB Still Image driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\BrScnUsb.sys -> [2004/10/15 12:50:20 | 00,015,295 | ---- | M] (Brother Industries Ltd.)
(eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\eeCtrl.sys -> [2007/04/04 04:00:00 | 00,389,432 | ---- | M] (Symantec Corporation)
(FsVga) FsVga [Kernel | System | Running] -> %SystemRoot%\system32\DRIVERS\fsvga.sys -> [2002/09/03 12:31:57 | 00,012,160 | ---- | M] (Microsoft Corporation)
(gameenum) Game Port Enumerator [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\gameenum.sys -> [2008/04/13 14:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation)
(ndiscm) Motorola SURFboard USB Cable Modem Windows Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\NetMotCM.sys -> [2004/02/09 16:06:22 | 00,015,360 | ---- | M] (Motorola Inc.)
(nm) Network Monitor Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\NMnt.sys -> [2008/04/13 14:53:09 | 00,040,320 | ---- | M] (Microsoft Corporation)
(NPF) NetGroup Packet Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\npf.sys -> [2007/11/06 16:22:06 | 00,034,064 | ---- | M] (CACE Technologies)
(P16X) Creative SB Live! Series (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\P16X.sys -> [2002/08/30 12:29:02 | 01,293,440 | ---- | M] (Creative Technology Ltd.)
(PfModNT) PfModNT [Kernel | Auto | Running] -> %SystemRoot%\system32\PfModNT.sys -> [1999/12/17 02:00:00 | 00,006,752 | ---- | M] (Creative Technology Ltd.)
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\ptilink.sys -> [2002/09/03 12:53:10 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(Secdrv) Secdrv [Kernel | Auto | Running] -> %SystemRoot%\System32\DRIVERS\secdrv.sys -> [2008/04/13 12:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(sptd) sptd [Kernel | Boot | Running] -> %SystemRoot%\System32\Drivers\sptd.sys -> [2007/12/20 16:11:57 | 00,685,816 | ---- | M] ()
(Teefer) Teefer for NT [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\Drivers\Teefer.sys -> [2004/10/15 18:17:02 | 00,060,496 | ---- | M] (Sygate Technologies, Inc.)
(usbbus) LGE Mobile Composite USB Device [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\lgusbbus.sys -> [2005/05/26 11:01:18 | 00,021,344 | ---- | M] (LG Electronics Inc.)
(USBCM) Scientific-Atlanta USB Cable Modem Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\Sacm2A.sys -> [2004/06/09 19:42:38 | 00,015,429 | R--- | M] ( )
(USBModem) LGE Mobile USB Modem [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\lgusbmodem.sys -> [2005/06/24 18:36:16 | 00,039,036 | ---- | M] (LG Electronics Inc.)
(wacommousefilter) Wacom Mouse Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\wacommousefilter.sys -> [2007/02/16 12:12:36 | 00,011,312 | ---- | M] (Wacom Technology)
(wacomvhid) Wacom Virtual Hid Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\wacomvhid.sys -> [2007/02/16 11:30:12 | 00,012,848 | ---- | M] (Wacom Technology)
(WacomVKHid) Virtual Keyboard Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\WacomVKHid.sys -> [2007/02/15 17:11:28 | 00,011,440 | ---- | M] (Wacom Technology)
(wg3n) SyGate for NT, wg3n [Kernel | Auto | Running] -> %SystemRoot%\SYSTEM32\Drivers\wg3n.sys -> [2004/10/15 18:32:38 | 00,014,568 | ---- | M] (Sygate Technologies, Inc.)
(wg4n) SyGate for NT, wg4n [Kernel | Auto | Running] -> %SystemRoot%\SYSTEM32\Drivers\wg4n.sys -> [2004/10/15 18:32:40 | 00,014,568 | ---- | M] (Sygate Technologies, Inc.)
(wg5n) SyGate for NT, wg5n [Kernel | Auto | Running] -> %SystemRoot%\SYSTEM32\Drivers\wg5n.sys -> [2004/10/15 18:32:42 | 00,014,568 | ---- | M] (Sygate Technologies, Inc.)
(wg6n) SyGate for NT, wg6n [Kernel | Auto | Running] -> %SystemRoot%\SYSTEM32\Drivers\wg6n.sys -> [2004/10/15 18:32:44 | 00,014,568 | ---- | M] (Sygate Technologies, Inc.)
(wpsdrvnt) wpsdrvnt [Kernel | System | Running] -> %SystemRoot%\system32\drivers\wpsdrvnt.sys -> [2004/10/15 18:18:46 | 00,021,075 | ---- | M] (Sygate Technologies, Inc.)
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> Reg Error: Invalid data type. ->
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://www.google.com/ie ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\SYSTEM32\HAL.DLL\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.google.com ->
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.microsoft.com/ ->
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 ->
HKEY_CURRENT_USER\: "ProxyOverride" -> *.local ->
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
HKEY_USERS\S-1-5-19\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
HKEY_USERS\S-1-5-20\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-823518204-507921405-725345543-1006\] > -> ->
HKEY_USERS\S-1-5-21-823518204-507921405-725345543-1006\: Main\\"Local Page" -> C:\SYSTEM32\HAL.DLL\system32\blank.htm ->
HKEY_USERS\S-1-5-21-823518204-507921405-725345543-1006\: Main\\"Search Page" -> http://www.google.com ->
HKEY_USERS\S-1-5-21-823518204-507921405-725345543-1006\: Main\\"Start Page" -> http://www.microsoft.com/ ->
HKEY_USERS\S-1-5-21-823518204-507921405-725345543-1006\: "ProxyEnable" -> 0 ->
HKEY_USERS\S-1-5-21-823518204-507921405-725345543-1006\: "ProxyOverride" -> *.local ->
< FireFox Settings [Default Profile] > -> C:\Documents and Settings\Damien\Application Data\Mozilla\FireFox\Profiles\tfover0z.default\prefs.js ->
browser.startup.homepage -> "http://www.ocad.ca/home.htm" ->
browser.startup.homepage_override.mstone -> "rv:1.8.1.20" ->
< HOSTS File > (686 bytes and 19 lines) -> C:\SYSTEM32\HAL.DLL\System32\drivers\etc\Hosts ->
127.0.0.1 localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/10/22 23:08:42 | 00,062,080 | ---- | M] (Adobe Systems Incorporated)
{5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> %CommonProgramFiles%\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Windows Live Sign-in Helper] -> [2009/01/22 16:41:30 | 00,408,448 | ---- | M] (Microsoft Corporation)
{AE7CD045-E861-484f-8273-0445EE161910} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF Conversion Toolbar Helper] -> [2007/05/10 23:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> %ProgramFiles%\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2009/03/10 02:11:13 | 00,035,840 | ---- | M] (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> %ProgramFiles%\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2009/03/10 02:11:14 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.)
{f11e4ae0-fa5c-4387-8e12-f2a5ea40af58} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> [2007/05/10 23:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> [2007/05/10 23:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key error. [&Yahoo! Toolbar] -> File not found
< Internet Explorer ToolBars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> [2007/05/10 23:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> [2007/05/10 23:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-823518204-507921405-725345543-1006\] > -> HKEY_USERS\S-1-5-21-823518204-507921405-725345543-1006\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> [2007/05/10 23:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key error. [&Yahoo! Toolbar] -> File not found
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Acrobat Assistant 8.0" -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe ["C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"] -> [2008/01/11 19:54:31 | 00,623,992 | ---- | M] (Adobe Systems Inc.)
"BrMfcWnd" -> %ProgramFiles%\Brother\Brmfcmon\BrMfcWnd.exe [C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN] -> [2006/03/28 15:48:54 | 00,622,592 | R--- | M] ()
"ControlCenter3" -> %ProgramFiles%\Brother\ControlCenter3\brctrcen.exe [C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun] -> [2006/04/10 14:58:06 | 00,061,440 | ---- | M] (Brother Industries, Ltd.)
"DAEMON Tools" -> %ProgramFiles%\DAEMON Tools\daemon.exe ["C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033] -> [2006/09/14 16:09:07 | 00,157,592 | ---- | M] (DT Soft Ltd.)
"diagent" -> %ProgramFiles%\Creative\SBLive\Diagnostics\diagent.exe ["C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup] -> [2002/04/03 02:01:00 | 00,135,264 | ---- | M] (Creative Technology Ltd)
"IndexSearch" -> %ProgramFiles%\ScanSoft\PaperPort\IndexSearch.exe [C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe] -> [2005/03/17 14:45:52 | 00,040,960 | ---- | M] (ScanSoft, Inc.)
"NeroFilterCheck" -> %CommonProgramFiles%\Ahead\Lib\NeroCheck.exe [C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe] -> [2006/01/12 15:40:44 | 00,155,648 | ---- | M] (Nero AG)
"PaperPort PTD" -> %ProgramFiles%\ScanSoft\PaperPort\pptd40nt.exe [C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe] -> [2005/03/17 14:25:54 | 00,057,393 | ---- | M] (ScanSoft, Inc.)
"QuickTime Task" -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> [2008/09/06 15:09:14 | 00,413,696 | ---- | M] (Apple Inc.)
"SDFix" -> [C:\SDFix\RunThis.bat /second] -> File not found
"SetDefPrt" -> %ProgramFiles%\Brother\Brmfl06a\BrStDvPt.exe [C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe] -> [2005/01/26 18:02:22 | 00,049,152 | ---- | M] (Brother Industories, Ltd.)
"SmcService" -> %ProgramFiles%\Sygate\SPF\Smc.exe [C:\PROGRA~1\Sygate\SPF\smc.exe -startgui] -> [2004/10/15 19:40:56 | 02,577,632 | ---- | M] (Sygate Technologies, Inc.)
"SPAMfighter Agent" -> %ProgramFiles%\SPAMfighter\SFAgent.exe ["C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60] -> [2009/01/28 13:07:02 | 00,325,768 | ---- | M] (SPAMfighter ApS)
"SSBkgdUpdate" -> %CommonProgramFiles%\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe ["C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot] -> [2003/10/14 10:22:30 | 00,155,648 | R--- | M] (Scansoft, Inc.)
"StartCCC" -> %ProgramFiles%\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ["C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun] -> [2008/08/29 18:11:14 | 00,061,440 | ---- | M] (Advanced Micro Devices, Inc.)
"SunJavaUpdateSched" -> %ProgramFiles%\Java\jre6\bin\jusched.exe ["C:\Program Files\Java\jre6\bin\jusched.exe"] -> [2009/03/10 02:11:13 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.)
"UpdReg" -> %SystemRoot%\UpdReg.EXE [C:\SYSTEM32\HAL.DLL\UpdReg.EXE] -> [2000/05/11 02:00:00 | 00,090,112 | ---- | M] (Creative Technology Ltd.)
"WinampAgent" -> %ProgramFiles%\Winamp\winampa.exe [c:\progra~1\winamp\winampa.exe] -> [2008/01/15 18:54:54 | 00,037,376 | ---- | M] ()
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Creative Detector" -> %ProgramFiles%\Creative\MediaSource\Detector\CTDetect.exe ["C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R] -> [2004/12/02 19:23:34 | 00,102,400 | ---- | M] (Creative Technology Ltd)
"Gadwin PrintScreen 2.6" -> %ProgramFiles%\Gadwin Systems\PrintScreen\PrintScreen.exe [C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash] -> [2003/07/16 05:29:24 | 00,913,408 | ---- | M] (Gadwin Systems, Inc.)
"igndlm.exe" -> [C:\Program Files\IGN\Download Manager\dlm.exe /windowsstart /startifwork] -> File not found
"MSMSGS" -> %ProgramFiles%\Messenger\msmsgs.exe ["C:\Program Files\Messenger\msmsgs.exe" /background] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
"MsnMsgr" -> %ProgramFiles%\Windows Live\Messenger\MsnMsgr.Exe ["C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background] -> [2009/02/06 19:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation)
< Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"mabozejeki" -> %SystemRoot% [Rundll32.exe "C:\SYSTEM32\HAL.DLL\system32\modigege.dll",s] -> [2009/03/11 14:17:07 | 00,000,000 | ---D | M]
< Run [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"mabozejeki" -> %SystemRoot% [Rundll32.exe "C:\SYSTEM32\HAL.DLL\system32\modigege.dll",s] -> [2009/03/11 14:17:07 | 00,000,000 | ---D | M]
< Run [HKEY_USERS\S-1-5-21-823518204-507921405-725345543-1006\] > -> HKEY_USERS\S-1-5-21-823518204-507921405-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Creative Detector" -> %ProgramFiles%\Creative\MediaSource\Detector\CTDetect.exe ["C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R] -> [2004/12/02 19:23:34 | 00,102,400 | ---- | M] (Creative Technology Ltd)
"Gadwin PrintScreen 2.6" -> %ProgramFiles%\Gadwin Systems\PrintScreen\PrintScreen.exe [C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash] -> [2003/07/16 05:29:24 | 00,913,408 | ---- | M] (Gadwin Systems, Inc.)
"igndlm.exe" -> [C:\Program Files\IGN\Download Manager\dlm.exe /windowsstart /startifwork] -> File not found
"MSMSGS" -> %ProgramFiles%\Messenger\msmsgs.exe ["C:\Program Files\Messenger\msmsgs.exe" /background] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
"MsnMsgr" -> %ProgramFiles%\Windows Live\Messenger\MsnMsgr.Exe ["C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background] -> [2009/02/06 19:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%SystemDrive%\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> [2005/09/23 22:05:26 | 00,029,696 | ---- | M] (Adobe Systems Incorporated)
%SystemDrive%\Documents and Settings\All Users\Start Menu\Programs\Startup\NkvMon.exe.lnk -> %ProgramFiles%\Nikon\NkView6\NkvMon.exe -> [2002/12/04 11:52:48 | 00,237,568 | ---- | M] (Nikon Corporation)
< All Users.HAL.DLL Startup Folder > -> C:\Documents and Settings\All Users.HAL.DLL\Start Menu\Programs\Startup ->
%AllUsersProfile%\Start Menu\Programs\Startup\Microsoft Office.lnk -> %ProgramFiles%\Microsoft Office\Office\OSA9.EXE -> [1999/02/17 16:05:56 | 00,065,588 | ---- | M] (Microsoft Corporation)
%AllUsersProfile%\Start Menu\Programs\Startup\Monitor.lnk -> %ProgramFiles%\SanDisk\SanDisk TransferMate\SD Monitor.exe -> [2006/01/05 10:57:00 | 00,114,688 | ---- | M] (SanDisk)
%AllUsersProfile%\Start Menu\Programs\Startup\NkvMon.exe.lnk -> %ProgramFiles%\Nikon\NkView6\NkvMon.exe -> [2002/12/04 11:52:48 | 00,237,568 | ---- | M] (Nikon Corporation)
< Damien Startup Folder > -> C:\Documents and Settings\Damien\Start Menu\Programs\Startup ->
%UserProfile%\Start Menu\Programs\Startup\Adobe Gamma.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> [2005/03/16 20:16:50 | 00,113,664 | ---- | M] (Adobe Systems, Inc.)
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup ->
< Default User.HAL.DLL Startup Folder > -> C:\Documents and Settings\Default User.HAL.DLL\Start Menu\Programs\Startup ->
< Gary Startup Folder > -> C:\Documents and Settings\Gary\Start Menu\Programs\Startup ->
< Grace Startup Folder > -> C:\Documents and Settings\Grace\Start Menu\Programs\Startup ->
< Grace.GARY-II7YMDQWTP Startup Folder > -> C:\Documents and Settings\Grace.GARY-II7YMDQWTP\Start Menu\Programs\Startup ->
< Little Bear Startup Folder > -> C:\Documents and Settings\Little Bear\Start Menu\Programs\Startup ->
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer ->
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer ->
< Software Policy Settings [HKEY_USERS\S-1-5-21-823518204-507921405-725345543-1006] > -> HKEY_USERS\S-1-5-21-823518204-507921405-725345543-1006\SOFTWARE\Policies\Microsoft\Internet Explorer ->
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"" -> [] -> File not found
\\"NoDriveTypeAutoRun" -> [_ [binary data]] -> File not found
\\"HonorAutoRunSetting" -> [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" -> [0] -> File not found
\\"legalnoticecaption" -> [] -> File not found
\\"legalnoticetext" -> [] -> File not found
\\"shutdownwithoutlogon" -> [1] -> File not found
\\"undockwithoutlogon" -> [1] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-823518204-507921405-725345543-1006] > -> HKEY_USERS\S-1-5-21-823518204-507921405-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-21-823518204-507921405-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-823518204-507921405-725345543-1006] > -> HKEY_USERS\S-1-5-21-823518204-507921405-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
Append to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html] -> [2007/05/10 23:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html] -> [2007/05/10 23:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html] -> [2007/05/10 23:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html] -> [2007/05/10 23:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html] -> [2007/05/10 23:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html] -> [2007/05/10 23:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html] -> [2007/05/10 23:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html] -> [2007/05/10 23:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Download all with Free Download Manager -> %ProgramFiles%\Free Download Manager\dlall.htm [file://C:\Program Files\Free Download Manager\dlall.htm] -> [2007/06/02 13:25:02 | 00,000,893 | ---- | M] ()
Download selected with Free Download Manager -> %ProgramFiles%\Free Download Manager\dlselected.htm [file://C:\Program Files\Free Download Manager\dlselected.htm] -> [2007/06/02 13:25:02 | 00,000,463 | ---- | M] ()
Download video with Free Download Manager -> %ProgramFiles%\Free Download Manager\dlfvideo.htm [file://C:\Program Files\Free Download Manager\dlfvideo.htm] -> [2007/07/27 01:34:42 | 00,001,706 | ---- | M] ()
Download with Free Download Manager -> %ProgramFiles%\Free Download Manager\dllink.htm [file://C:\Program Files\Free Download Manager\dllink.htm] -> [2007/06/02 13:25:02 | 00,002,140 | ---- | M] ()
< Internet Explorer Menu Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\ ->
Append to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html] -> [2007/05/10 23:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html] -> [2007/05/10 23:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html] -> [2007/05/10 23:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html] -> [2007/05/10 23:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html] -> [2007/05/10 23:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html] -> [2007/05/10 23:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html] -> [2007/05/10 23:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html] -> [2007/05/10 23:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\ ->
Append to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html] -> [2007/05/10 23:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html] -> [2007/05/10 23:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html] -> [2007/05/10 23:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html] -> [2007/05/10 23:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html] -> [2007/05/10 23:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html] -> [2007/05/10 23:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html] -> [2007/05/10 23:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html] -> [2007/05/10 23:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-823518204-507921405-725345543-1006\] > -> HKEY_USERS\S-1-5-21-823518204-507921405-725345543-1006\Software\Microsoft\Internet Explorer\MenuExt\ ->
Append to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html] -> [2007/05/10 23:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html] -> [2007/05/10 23:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html] -> [2007/05/10 23:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html] -> [2007/05/10 23:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html] -> [2007/05/10 23:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html] -> [2007/05/10 23:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html] -> [2007/05/10 23:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html] -> [2007/05/10 23:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Download all with Free Download Manager -> %ProgramFiles%\Free Download Manager\dlall.htm [file://C:\Program Files\Free Download Manager\dlall.htm] -> [2007/06/02 13:25:02 | 00,000,893 | ---- | M] ()
Download selected with Free Download Manager -> %ProgramFiles%\Free Download Manager\dlselected.htm [file://C:\Program Files\Free Download Manager\dlselected.htm] -> [2007/06/02 13:25:02 | 00,000,463 | ---- | M] ()
Download video with Free Download Manager -> %ProgramFiles%\Free Download Manager\dlfvideo.htm [file://C:\Program Files\Free Download Manager\dlfvideo.htm] -> [2007/07/27 01:34:42 | 00,001,706 | ---- | M] ()
Download with Free Download Manager -> %ProgramFiles%\Free Download Manager\dllink.htm [file://C:\Program Files\Free Download Manager\dllink.htm] -> [2007/06/02 13:25:02 | 00,002,140 | ---- | M] ()
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Button: Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> %SystemRoot%\System32\msjava.dll [Web Browser Applet Control] -> [2007/02/20 06:43:02 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{e2e2dd38-d088-4134-82b7-f2ba38496583}" [HKLM] -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-823518204-507921405-725345543-1006\] > -> HKEY_USERS\S-1-5-21-823518204-507921405-725345543-1006\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> %SystemRoot%\System32\msjava.dll [Web Browser Applet Control] -> [2007/02/20 06:43:02 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{e2e2dd38-d088-4134-82b7-f2ba38496583}" [HKLM] -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5442 domain(s) found. ->
49 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 8823 domain(s) found. ->
55 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5441 domain(s) found. ->
48 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5441 domain(s) found. ->
48 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-823518204-507921405-725345543-1006\] > -> HKEY_USERS\S-1-5-21-823518204-507921405-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-21-823518204-507921405-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 8823 domain(s) found. ->
55 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-823518204-507921405-725345543-1006\] > -> HKEY_USERS\S-1-5-21-823518204-507921405-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-21-823518204-507921405-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} [HKLM] -> http://www.gamescampus.com/xiah/luncher/GamesCampus.cab [GamesCampus Control] ->
{1239CC52-59EF-4DFA-8C61-90FFA846DF7E} [HKLM] -> http://www.musicnotes.com/download/mnviewer.cab [Musicnotes Viewer] ->
{1663ed61-23eb-11d2-b92f-008048fdd814} [HKLM] -> https://www.epost.ca/printing/smsx.cab [MeadCo ScriptX] ->
{166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab [Shockwave ActiveX Control] ->
{377FF862-62E0-4F33-B6E5-F58E0BC0F209} [HKLM] -> http://login.hanbiton.com/cab/NLSnSSO.cab [NlsComm Component Class] ->
{48884C41-EFAC-433D-958A-9FADAC41408E} [HKLM] -> https://www.e-games.com.my/com/EGamesPlugin.cab [EGamesPlugin Class] ->
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} [HKLM] -> http://by118fd.bay118.hotmail.msn.com/resources/MsnPUpld.cab [MSN Photo Upload Tool] ->
{6414512B-B978-451D-A0D8-FCFDF33E833C} [HKLM] -> http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1236619636953 [WUWebControl Class] ->
{6FC19219-C47E-4880-9A79-D218A1C374F9} [HKLM] -> http://www.netmarble.jp/_common/cab/NMJTransX.cab [NMJTransX Control] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab [Java Plug-in 1.6.0_12] ->
{AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} [HKLM] -> http://dist.cdnetworks.co.jp/cdndist/neffy/NeffyLauncher_v1013.cab [NeffyLauncherCtl Class] ->
{B01AAFA1-2478-44A3-8894-BE4D4C23C271} [HKLM] -> http://ge.clubhanbit.jp/launcher/GELauncher.cab [HLauncher Control] ->
{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab [Java Plug-in 1.6.0_12] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab [Java Plug-in 1.6.0_12] ->
{CD995117-98E5-4169-9920-6C12D4C0B548} [HKLM] -> http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab [HGPlugin9USA Class] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] ->
{DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} [HKLM] -> http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab [HGPlugin10USA Class] ->
{F58E877C-4F14-4805-B2D2-EB48927C7580} [HKLM] -> http://dist.cdnetworks.co.kr/cdndist/streamport/SPort.cab [NeffyManSpLauncherCtl Class] ->
{FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} [HKLM] -> http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.2.1.cab [DownloadManager Control] ->
DirectAnimation Java Classes [HKLM] -> file://C:\SYSTEM32\HAL.DLL\Java\classes\dajava.cab [Reg Error: Key error.] ->
Microsoft XML Parser for Java [HKLM] -> file://C:\SYSTEM32\HAL.DLL\Java\classes\xmldso.cab [Reg Error: Key error.] ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{D5802F75-3089-4EDE-8606-759C05778DD6} -> (Motorola SURFboard SB5100 USB Cable Modem) ->
{EB0ADA16-7F04-42D9-8B66-89BD64C6AA0A} -> (Scientific-Atlanta WebSTAR 2000 series Cable Modem) ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> %SystemRoot%\Explorer.exe -> [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
AtiExtEvent -> %SystemRoot%\system32\Ati2evxx.dll -> [2008/12/01 16:40:14 | 00,143,360 | ---- | M] (ATI Technologies Inc.)
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad ->
"{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}" [HKLM] -> Reg Error: Key error. [0aMCPClient] -> File not found
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\SYSTEM32\HAL.DLL\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\SYSTEM32\HAL.DLL\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 20:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> [2009/02/06 19:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\SYSTEM32\HAL.DLL\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\SYSTEM32\HAL.DLL\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 20:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Documents and Settings\Damien\Desktop\UT\System\UT2004.exe" -> C:\Documents and Settings\Damien\Desktop\UT\System\UT2004.exe [C:\Documents and Settings\Damien\Desktop\UT\System\UT2004.exe:*:Enabled:UT2004] -> File not found
"C:\Documents and Settings\Damien\My Documents\FreeStyle Street BBall\FreeStyle.exe" -> C:\Documents and Settings\Damien\My Documents\FreeStyle Street BBall\FreeStyle.exe [C:\Documents and Settings\Damien\My Documents\FreeStyle Street BBall\FreeStyle.exe:*:Disabled:FreeStyle] -> File not found
"C:\Documents and Settings\Damien\My Documents\HydraIRC\HydraIRC.exe" -> C:\Documents and Settings\Damien\My Documents\HydraIRC\HydraIRC.exe [C:\Documents and Settings\Damien\My Documents\HydraIRC\HydraIRC.exe:*:Enabled:HydraIRC] -> [2005/01/18 09:41:19 | 01,028,096 | ---- | M] (Hydra Productions)
"C:\Documents and Settings\Damien\My Documents\Starcraft\StarCraft.exe" -> C:\Documents and Settings\Damien\My Documents\Starcraft\StarCraft.exe [C:\Documents and Settings\Damien\My Documents\Starcraft\StarCraft.exe:*:Enabled:Starcraft] -> [2008/11/05 21:10:59 | 01,220,608 | ---- | M] (Blizzard Entertainment)
"C:\Documents and Settings\Damien\My Documents\StarCraft2CinematicTrailer_EnglishUS-avi-downloader.exe" -> C:\Documents and Settings\Damien\My Documents\StarCraft2CinematicTrailer_EnglishUS-avi-downloader.exe [C:\Documents and Settings\Damien\My Documents\StarCraft2CinematicTrailer_EnglishUS-avi-downloader.exe:*:Enabled:Blizzard Downloader] -> File not found
"C:\Documents and Settings\Damien\My Documents\Warcraft III\Warcraft III.exe" -> C:\Documents and Settings\Damien\My Documents\Warcraft III\Warcraft III.exe [C:\Documents and Settings\Damien\My Documents\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III] -> File not found
"C:\Program Files\BitTorrent\btdownloadgui.exe" -> C:\Program Files\BitTorrent\btdownloadgui.exe [C:\Program Files\BitTorrent\btdownloadgui.exe:*:Enabled:btdownloadgui] -> File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" -> C:\Program Files\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.)
"C:\Program Files\DAUM\PotPlayer\daumvsvr.exe" -> C:\Program Files\DAUM\PotPlayer\daumvsvr.exe [C:\Program Files\DAUM\PotPlayer\daumvsvr.exe:*:Enabled:VideoPot] -> File not found
"C:\Program Files\DAUM\PotPlayer\PotPlayer.exe" -> C:\Program Files\DAUM\PotPlayer\PotPlayer.exe [C:\Program Files\DAUM\PotPlayer\PotPlayer.exe:*:Enabled:Daum 팟플레이어] -> File not found
"C:\Program Files\eMule\emule.exe" -> C:\Program Files\eMule\emule.exe [C:\Program Files\eMule\emule.exe:*:Enabled:eMule] -> File not found
"C:\Program Files\Internet Explorer\iexplore.exe" -> C:\Program Files\Internet Explorer\iexplore.exe [C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer] -> [2008/12/19 01:25:25 | 00,634,024 | ---- | M] (Microsoft Corporation)
"C:\Program Files\LimeWire\LimeWire.exe" -> C:\Program Files\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire] -> File not found
"C:\Program Files\Skype\Phone\Skype.exe" -> C:\Program Files\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype] -> [2008/08/11 17:46:50 | 21,741,864 | R--- | M] (Skype Technologies S.A.)
"C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe" -> C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe:*:Enabled:ALUSchedulerSvc] -> [2006/02/23 11:41:02 | 00,100,032 | ---- | M] (Symantec Corporation)
"C:\Program Files\uTorrent\utorrent.exe" -> C:\Program Files\uTorrent\utorrent.exe [C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent] -> File not found
"C:\Program Files\Ventrilo\Ventrilo.exe" -> C:\Program Files\Ventrilo\Ventrilo.exe [C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe] -> [2008/11/10 11:23:50 | 01,539,072 | ---- | M] ()
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" -> C:\Program Files\Veoh Networks\Veoh\VeohClient.exe [C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client] -> File not found
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> [2009/02/06 19:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Wizet\MapleStory\Patcher.exe" -> C:\Program Files\Wizet\MapleStory\Patcher.exe [C:\Program Files\Wizet\MapleStory\Patcher.exe:*:Enabled:Patcher MFC 응용 프로그램] -> File not found
"C:\StubInstaller.exe" -> C:\StubInstaller.exe [C:\StubInstaller.exe:*:Disabled:LimeWire swarmed installer] -> File not found
"C:\SYSTEM32\HAL.DLL\explorer.exe" -> C:\SYSTEM32\HAL.DLL\explorer.exe [C:\SYSTEM32\HAL.DLL\explorer.exe:*:Enabled:Explorer] -> [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
"C:\SYSTEM32\HAL.DLL\system32\logonui.exe" -> C:\SYSTEM32\HAL.DLL\system32\logonui.exe [C:\SYSTEM32\HAL.DLL\system32\logonui.exe:*:Enabled:logonui] -> [2008/04/13 20:12:24 | 00,514,560 | ---- | M] (Microsoft Corporation)
"C:\SYSTEM32\HAL.DLL\system32\lsass.exe" -> C:\SYSTEM32\HAL.DLL\system32\lsass.exe [C:\SYSTEM32\HAL.DLL\system32\lsass.exe:*:Enabled:lsass] -> [2008/04/13 20:12:24 | 00,013,312 | ---- | M] (Microsoft Corporation)
"C:\SYSTEM32\HAL.DLL\system32\PnkBstrA.exe" -> C:\SYSTEM32\HAL.DLL\system32\PnkBstrA.exe [C:\SYSTEM32\HAL.DLL\system32\PnkBstrA.exe:*:Enabled:PnkBstrA] -> [2007/12/18 16:32:30 | 00,066,872 | ---- | M] ()
"C:\SYSTEM32\HAL.DLL\system32\PnkBstrB.exe" -> C:\SYSTEM32\HAL.DLL\system32\PnkBstrB.exe [C:\SYSTEM32\HAL.DLL\system32\PnkBstrB.exe:*:Enabled:PnkBstrB] -> [2007/12/30 23:05:59 | 00,103,736 | ---- | M] ()
"C:\SYSTEM32\HAL.DLL\system32\spoolsv.exe" -> C:\SYSTEM32\HAL.DLL\system32\spoolsv.exe [C:\SYSTEM32\HAL.DLL\system32\spoolsv.exe:*:Enabled:spoolsv] -> [2008/04/13 20:12:36 | 00,057,856 | ---- | M] (Microsoft Corporation)
"C:\SYSTEM32\HAL.DLL\system32\winlogon.exe" -> C:\SYSTEM32\HAL.DLL\system32\winlogon.exe [C:\SYSTEM32\HAL.DLL\system32\winlogon.exe:*:Enabled:winlogon] -> [2008/04/13 20:12:39 | 00,507,904 | ---- | M] (Microsoft Corporation)
"H:\Games\Steam\SteamApps\4davii\counter-strike source\hl2.exe" -> H:\Games\Steam\SteamApps\4davii\counter-strike source\hl2.exe [H:\Games\Steam\SteamApps\4davii\counter-strike source\hl2.exe:*:Enabled:hl2] -> [2009/02/19 11:14:41 | 00,106,496 | ---- | M] ()
"H:\NOMADAPP\Portable Programs\W32\Skype\Phone\Skype.exe" -> H:\NOMADAPP\Portable Programs\W32\Skype\Phone\Skype.exe [H:\NOMADAPP\Portable Programs\W32\Skype\Phone\Skype.exe:*:Enabled:Skype] -> [2006/01/03 13:13:20 | 19,495,464 | ---- | M] ()
"H:\Steam\SteamApps\4davii\counter-strike source\hl2.exe" -> H:\Steam\SteamApps\4davii\counter-strike source\hl2.exe [H:\Steam\SteamApps\4davii\counter-strike source\hl2.exe:*:Enabled:hl2] -> File not found
"H:\Steam\SteamApps\4davii\day of defeat source\hl2.exe" -> H:\Steam\SteamApps\4davii\day of defeat source\hl2.exe [H:\Steam\SteamApps\4davii\day of defeat source\hl2.exe:*:Enabled:hl2] -> File not found
"I:\Games\Fear\FEARMP.exe" -> I:\Games\Fear\FEARMP.exe [I:\Games\Fear\FEARMP.exe:*:Enabled:FEAR Combat] -> File not found
"I:\Games\FearX\FEARXP2.exe" -> I:\Games\FearX\FEARXP2.exe [I:\Games\FearX\FEARXP2.exe:*:Enabled:FEARXP2] -> File not found
"I:\NOMADAPP\Portable Programs\W32\Skype\Phone\skype.exe" -> I:\NOMADAPP\Portable Programs\W32\Skype\Phone\skype.exe [I:\NOMADAPP\Portable Programs\W32\Skype\Phone\skype.exe:*:Enabled:Skype] -> File not found
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
"AlternateShell" -> cmd.exe ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> %SystemRoot%\System32\DRIVERS\cdrom.sys [System32\DRIVERS\cdrom.sys] -> [2008/04/13 14:40:46 | 00,062,976 | ---- | M] (Microsoft Corporation)
< Drives with AutoRun files > -> ->
C:\AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [2006/10/31 01:18:25 | 00,000,000 | ---- | M] ()
D:\autoplay.exe [MZ | ] -> D:\autoplay.exe [ CDFS ] -> [2003/05/18 14:54:20 | 00,061,440 | R--- | M] ()
D:\autorun.inf [[autorun] | open=autoplay.exe | icon=appicon.ico | | ] -> D:\autorun.inf [ CDFS ] -> [2003/02/12 03:01:48 | 00,000,050 | R--- | M] ()
E:\AUTORUN.INF [[autorun] | open=ONSPCLCK.exe | Icon=CD.ICO | ] -> E:\AUTORUN.INF [ CDFS ] -> [2005/09/23 01:25:28 | 00,000,043 | R--- | M] ()
E:\Autopoll Application V1.04.exe [MZ | ] -> E:\Autopoll Application V1.04.exe [ CDFS ] -> [2006/11/02 15:00:34 | 00,909,530 | R--- | M] (InstallShield Software Corporation)
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
\D
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell
\D\Shell\\"" -> [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell\AutoRun
\D\Shell\AutoRun\\"" -> [Auto&Play] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell\AutoRun\command
\D\Shell\AutoRun\command\\"" -> D:\autoplay.exe [D:\autoplay.exe] -> [2003/05/18 14:54:20 | 00,061,440 | R--- | M] ()
\E
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\Shell
\E\Shell\\"" -> [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\Shell\AutoRun
\E\Shell\AutoRun\\"" -> [Auto&Play] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\Shell\AutoRun\command
\E\Shell\AutoRun\command\\"" -> E:\ONSPCLCK.exe [E:\ONSPCLCK.exe] -> [2006/11/02 16:55:10 | 02,519,040 | R--- | M] (OnSpec Electronic, Inc.)
\F
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell
\F\Shell\\"" -> [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell\AutoRun
\F\Shell\AutoRun\\"" -> [Auto&Play] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell\AutoRun\command
\F\Shell\AutoRun\command\\"" -> F:\ONSPCLCK.exe [F:\ONSPCLCK.exe] -> File not found
\{6e8acf68-fd02-11dc-835a-001225f5bd63}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e8acf68-fd02-11dc-835a-001225f5bd63}\Shell
\{6e8acf68-fd02-11dc-835a-001225f5bd63}\Shell\\"" -> [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e8acf68-fd02-11dc-835a-001225f5bd63}\Shell\AutoRun
\{6e8acf68-fd02-11dc-835a-001225f5bd63}\Shell\AutoRun\\"" -> [Auto&Play] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e8acf68-fd02-11dc-835a-001225f5bd63}\Shell\AutoRun\command
\{6e8acf68-fd02-11dc-835a-001225f5bd63}\Shell\AutoRun\command\\"" -> F:\ONSPCLCK.exe [F:\ONSPCLCK.exe] -> File not found
[Files/Folders - Created Within 30 Days]
5 C:\SYSTEM32\HAL.DLL\*.tmp files -> C:\SYSTEM32\HAL.DLL\*.tmp ->
simonuha.dll -> %SystemRoot%\System32\simonuha.dll -> [2099/01/01 12:00:00 | 00,102,400 | -HS- | C] ()
ziwepawo -> %SystemRoot%\System32\ziwepawo -> [2099/01/01 12:00:00 | 00,006,456 | -H-- | C] ()
OTScanIt2 -> %UserProfile%\Desktop\OTScanIt2 -> [2009/03/11 14:22:32 | 00,000,000 | ---D | C]
croc.psd -> %UserProfile%\Desktop\croc.psd -> [2009/03/11 14:12:37 | 92,720,216 | ---- | C] ()
Chrono_Trigger_USA_FIX_NDS-XPA -> %UserProfile%\My Documents\Chrono_Trigger_USA_FIX_NDS-XPA -> [2009/03/11 14:01:35 | 00,000,000 | ---D | C]
05crocattack2LL_468x346.jpg -> %UserProfile%\Desktop\05crocattack2LL_468x346.jpg -> [2009/03/11 13:57:26 | 00,049,670 | ---- | C] ()
OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2009/03/11 11:49:01 | 00,661,370 | ---- | C] ()
Grace1 a Managing Risk the MD Way2.ppt -> %UserProfile%\Desktop\Grace1 a Managing Risk the MD Way2.ppt -> [2009/03/10 21:57:58 | 04,679,680 | ---- | C] ()
Granado Espada.lnk -> %UserProfile%\Desktop\Granado Espada.lnk -> [2009/03/10 20:29:09 | 00,000,484 | ---- | C] ()
OTListIt2.exe -> %UserProfile%\Desktop\OTListIt2.exe -> [2009/03/10 09:49:23 | 00,497,664 | ---- | C] (OldTimer Tools)
user32.dll -> %SystemRoot%\System32\dllcache\user32.dll -> [2009/03/10 07:38:57 | 00,578,560 | ---- | C] (Microsoft Corporation)
ERUNT -> %SystemRoot%\ERUNT -> [2009/03/10 07:35:06 | 00,000,000 | ---D | C]
SDFix -> %SystemDrive%\SDFix -> [2009/03/10 07:29:21 | 00,000,000 | ---D | C]
test.doc -> %UserProfile%\My Documents\test.doc -> [2009/03/10 06:54:48 | 00,019,456 | ---- | C] ()
SDFix.exe -> %UserProfile%\Desktop\SDFix.exe -> [2009/03/10 05:02:45 | 01,529,241 | ---- | C] ()
Cloudy_chapter2__English_.rar -> %UserProfile%\My Documents\Cloudy_chapter2__English_.rar -> [2009/03/10 03:48:50 | 12,572,984 | ---- | C] ()
Little_Sisters_Wonderful_Surprise_Visit_-_English__7BDecensored_7D_hmr-3.rar -> %UserProfile%\My Documents\Little_Sisters_Wonderful_Surprise_Visit_-_English__7BDecensored_7D_hmr-3.rar -> [2009/03/10 03:48:36 | 08,579,331 | ---- | C] ()
Damien.exe -> %UserProfile%\Desktop\Damien.exe -> [2009/03/09 22:22:16 | 00,401,720 | ---- | C] (Trend Micro Inc.)
rsit -> %SystemDrive%\rsit -> [2009/03/09 22:22:14 | 00,000,000 | ---D | C]
RSIT.exe -> %UserProfile%\Desktop\RSIT.exe -> [2009/03/09 19:39:50 | 00,781,851 | ---- | C] ()
MRT.exe -> %SystemRoot%\System32\MRT.exe -> [2009/03/09 13:57:39 | 21,244,872 | ---- | C] (Microsoft Corporation)
imsins.BAK -> %SystemRoot%\imsins.BAK -> [2009/03/09 13:41:42 | 00,001,355 | ---- | C] ()
srv.sys -> %SystemRoot%\System32\dllcache\srv.sys -> [2009/03/09 13:33:47 | 00,333,952 | ---- | C] (Microsoft Corporation)
mrxsmb.sys -> %SystemRoot%\System32\dllcache\mrxsmb.sys -> [2009/03/09 13:32:51 | 00,455,296 | ---- | C] (Microsoft Corporation)
msxml3.dll -> %SystemRoot%\System32\dllcache\msxml3.dll -> [2009/03/09 13:32:24 | 01,106,944 | ---- | C] (Microsoft Corporation)
netapi32.dll -> %SystemRoot%\System32\dllcache\netapi32.dll -> [2009/03/09 13:32:19 | 00,337,408 | ---- | C] (Microsoft Corporation)
ntkrnlmp.exe -> %SystemRoot%\System32\dllcache\ntkrnlmp.exe -> [2009/03/09 13:32:14 | 02,145,280 | ---- | C] (Microsoft Corporation)
ntoskrnl.exe -> %SystemRoot%\System32\dllcache\ntoskrnl.exe -> [2009/03/09 13:32:13 | 02,189,184 | ---- | C] (Microsoft Corporation)
ntkrpamp.exe -> %SystemRoot%\System32\dllcache\ntkrpamp.exe -> [2009/03/09 13:32:13 | 02,023,936 | ---- | C] (Microsoft Corporation)
ntkrnlpa.exe -> %SystemRoot%\System32\dllcache\ntkrnlpa.exe -> [2009/03/09 13:32:12 | 02,066,048 | ---- | C] (Microsoft Corporation)
win32k.sys -> %SystemRoot%\System32\dllcache\win32k.sys -> [2009/03/09 13:32:04 | 01,846,400 | ---- | C] (Microsoft Corporation)
inetcomm.dll -> %SystemRoot%\System32\dllcache\inetcomm.dll -> [2009/03/09 13:31:16 | 00,691,712 | ---- | C] (Microsoft Corporation)
wuapi.dll.mui -> %SystemRoot%\System32\wuapi.dll.mui -> [2009/03/09 13:27:47 | 00,023,576 | ---- | C] (Microsoft Corporation)
temp -> %SystemRoot%\temp -> [2009/03/09 11:34:16 | 00,000,000 | ---D | C]
CF26139.exe -> %SystemRoot%\System32\CF26139.exe -> [2009/03/09 11:28:35 | 00,389,120 | ---- | C] (Microsoft Corporation)
ComboFix -> %SystemDrive%\ComboFix -> [2009/03/09 11:28:35 | 00,000,000 | ---D | C]
SWXCACLS.exe -> %SystemRoot%\SWXCACLS.exe -> [2009/03/09 03:41:35 | 00,212,480 | ---- | C] (SteelWerX)
SWREG.exe -> %SystemRoot%\SWREG.exe -> [2009/03/09 03:41:35 | 00,161,792 | ---- | C] (SteelWerX)
SWSC.exe -> %SystemRoot%\SWSC.exe -> [2009/03/09 03:41:35 | 00,136,704 | ---- | C] (SteelWerX)
sed.exe -> %SystemRoot%\sed.exe -> [2009/03/09 03:41:35 | 00,098,816 | ---- | C] ()
fdsv.exe -> %SystemRoot%\fdsv.exe -> [2009/03/09 03:41:35 | 00,089,504 | ---- | C] (Smallfrogs Studio)
grep.exe -> %SystemRoot%\grep.exe -> [2009/03/09 03:41:35 | 00,080,412 | ---- | C] ()
zip.exe -> %SystemRoot%\zip.exe -> [2009/03/09 03:41:35 | 00,068,096 | ---- | C] ()
VFIND.exe -> %SystemRoot%\VFIND.exe -> [2009/03/09 03:41:35 | 00,049,152 | ---- | C] ()
NIRCMD.exe -> %SystemRoot%\NIRCMD.exe -> [2009/03/09 03:41:35 | 00,029,696 | ---- | C] (NirSoft)
CF118.exe -> %SystemRoot%\System32\CF118.exe -> [2009/03/09 03:41:24 | 00,389,120 | ---- | C] (Microsoft Corporation)
ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe -> [2009/03/09 03:31:50 | 02,933,448 | R--- | C] ()
abuzamut.ini -> %SystemRoot%\System32\abuzamut.ini -> [2009/03/09 01:59:15 | 01,835,082 | -HS- | C] ()
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [2009/03/08 16:09:44 | 00,000,000 | ---D | C]
mfvse.exe -> %SystemDrive%\mfvse.exe -> [2009/03/08 14:00:47 | 00,000,000 | ---- | C] ()
ootpnl.exe -> %SystemDrive%\ootpnl.exe -> [2009/03/08 14:00:26 | 00,000,000 | ---- | C] ()
-401084628 -> %SystemDrive%\-401084628 -> [2009/03/08 13:58:59 | 00,000,000 | ---- | C] ()
ayufusel.ini -> %SystemRoot%\System32\ayufusel.ini -> [2009/03/08 01:59:01 | 01,835,082 | -HS- | C] ()
HiJackThis.exe -> %UserProfile%\Desktop\HiJackThis.exe -> [2009/03/07 18:44:08 | 00,401,720 | ---- | C] (Trend Micro Inc.)
ERUNT.lnk -> %UserProfile%\Desktop\ERUNT.lnk -> [2009/03/07 18:42:32 | 00,000,592 | ---- | C] ()
ERUNT -> %ProgramFiles%\ERUNT -> [2009/03/07 18:42:31 | 00,000,000 | ---D | C]
SpywareBlaster.lnk -> %UserProfile%\Desktop\SpywareBlaster.lnk -> [2009/03/07 18:16:32 | 00,000,690 | ---- | C] ()
SpywareBlaster -> %ProgramFiles%\SpywareBlaster -> [2009/03/07 18:16:31 | 00,000,000 | ---D | C]
ERDNT -> %SystemRoot%\ERDNT -> [2009/03/07 03:12:32 | 00,000,000 | ---D | C]
CF19981.exe -> %SystemRoot%\System32\CF19981.exe -> [2009/03/07 03:12:30 | 00,389,120 | ---- | C] (Microsoft Corporation)
Qoobox -> %SystemDrive%\Qoobox -> [2009/03/07 03:12:20 | 00,000,000 | ---D | C]
avg_free_stf_en_85_278a1439.exe -> %UserProfile%\Desktop\avg_free_stf_en_85_278a1439.exe -> [2009/03/07 03:09:07 | 62,270,256 | ---- | C] (AVG Technologies)
0307.reg -> %UserProfile%\My Documents\0307.reg -> [2009/03/07 02:55:18 | 14,224,1018 | ---- | C] ()
Phantasy Star Portable.iso -> %UserProfile%\Desktop\Phantasy Star Portable.iso -> [2009/03/06 20:30:46 | 10,993,97120 | ---- | C] ()
BrokenGlass2.jpg -> %UserProfile%\Desktop\BrokenGlass2.jpg -> [2009/03/06 17:23:39 | 00,030,613 | ---- | C] ()
felazako.exe -> %SystemRoot%\System32\felazako.exe -> [2009/03/06 13:57:49 | 00,002,713 | -HS- | C] ()
Recent -> %UserProfile%\Recent -> [2009/03/06 07:52:07 | 00,000,000 | RH-D | C]
Malwarebytes -> %AppData%\Malwarebytes -> [2009/03/05 13:53:53 | 00,000,000 | ---D | C]
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2009/03/05 13:53:49 | 00,015,504 | ---- | C] (Malwarebytes Corporation)
Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/03/05 13:53:49 | 00,000,696 | ---- | C] ()
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2009/03/05 13:53:46 | 00,038,496 | ---- | C] (Malwarebytes Corporation)
Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware -> [2009/03/05 13:53:45 | 00,000,000 | ---D | C]
Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [2009/03/05 13:53:45 | 00,000,000 | ---D | C]
3440_Legacy_of_Ys_Books_1_and_2_USA_NDS-XPA -> %UserProfile%\Desktop\3440_Legacy_of_Ys_Books_1_and_2_USA_NDS-XPA -> [2009/03/05 02:16:13 | 00,000,000 | ---D | C]
Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk -> [2009/03/05 00:18:30 | 00,000,933 | ---- | C] ()
Spybot - Search & Destroy -> %ProgramFiles%\Spybot - Search & Destroy -> [2009/03/05 00:18:23 | 00,000,000 | ---D | C]
Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy -> [2009/03/05 00:18:23 | 00,000,000 | ---D | C]
research.doc -> %UserProfile%\My Documents\research.doc -> [2009/03/04 13:52:24 | 00,038,912 | ---- | C] ()
Dragon Quest V The Hand of the Heavenly Bride.nds -> %UserProfile%\Desktop\Dragon Quest V The Hand of the Heavenly Bride.nds -> [2009/02/28 18:29:27 | 13,421,7728 | ---- | C] ()
Yggdra Union.ISO -> %UserProfile%\Desktop\Yggdra Union.ISO -> [2009/02/28 09:41:49 | 76,866,9696 | R--- | C] ()
Prinny.iso -> %UserProfile%\Desktop\Prinny.iso -> [2009/02/19 11:01:26 | 49,187,8400 | ---- | C] ()
Combined-Community-Codec-Pack-2008-09-21.exe -> %UserProfile%\My Documents\Combined-Community-Codec-Pack-2008-09-21.exe -> [2009/02/12 06:07:56 | 06,833,525 | ---- | C] (CCCP Project )
[Files/Folders - Modified Within 30 Days]
1 C:\SYSTEM32\HAL.DLL\System32\*.tmp files -> C:\SYSTEM32\HAL.DLL\System32\*.tmp ->
5 C:\SYSTEM32\HAL.DLL\*.tmp files -> C:\SYSTEM32\HAL.DLL\*.tmp ->
GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [2009/03/11 14:18:56 | 00,099,152 | ---- | M] ()
wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [2009/03/11 14:17:22 | 00,002,206 | ---- | M] ()
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [2009/03/11 14:17:14 | 01,641,096 | ---- | M] ()
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [2009/03/11 14:16:48 | 00,000,006 | -H-- | M] ()
bootstat.dat -> %SystemRoot%\bootstat.dat -> [2009/03/11 14:16:34 | 00,002,048 | --S- | M] ()
ntuser.dat -> %UserProfile%\ntuser.dat -> [2009/03/11 14:14:50 | 20,971,520 | ---- | M] ()
ntuser.ini -> %UserProfile%\ntuser.ini -> [2009/03/11 14:14:50 | 00,000,178 | -HS- | M] ()
IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [2009/03/11 14:14:39 | 01,657,498 | -H-- | M] ()
croc.psd -> %UserProfile%\Desktop\croc.psd -> [2009/03/11 14:12:45 | 92,720,216 | ---- | M] ()
05crocattack2LL_468x346.jpg -> %UserProfile%\Desktop\05crocattack2LL_468x346.jpg -> [2009/03/11 13:57:29 | 00,049,670 | ---- | M] ()
OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2009/03/11 11:48:42 | 00,661,370 | ---- | M] ()
qmgr0.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [2009/03/11 07:49:17 | 00,004,646 | ---- | M] ()
qmgr1.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [2009/03/11 07:49:17 | 00,004,232 | ---- | M] ()
Grace1 a Managing Risk the MD Way2.ppt -> %UserProfile%\Desktop\Grace1 a Managing Risk the MD Way2.ppt -> [2009/03/10 21:58:02 | 04,679,680 | ---- | M] ()
Granado Espada.lnk -> %UserProfile%\Desktop\Granado Espada.lnk -> [2009/03/10 20:29:09 | 00,000,484 | ---- | M] ()
OTListIt2.exe -> %UserProfile%\Desktop\OTListIt2.exe -> [2009/03/10 09:49:20 | 00,497,664 | ---- | M] (OldTimer Tools)
HOSTS -> %SystemRoot%\System32\drivers\etc\HOSTS -> [2009/03/10 07:41:08 | 00,000,686 | ---- | M] ()
user32.dll -> %SystemRoot%\System32\dllcache\user32.dll -> [2009/03/10 07:38:57 | 00,578,560 | ---- | M] (Microsoft Corporation)
test.doc -> %UserProfile%\My Documents\test.doc -> [2009/03/10 06:54:49 | 00,019,456 | ---- | M] ()
SDFix.exe -> %UserProfile%\Desktop\SDFix.exe -> [2009/03/10 05:02:46 | 01,529,241 | ---- | M] ()
Cloudy_chapter2__English_.rar -> %UserProfile%\My Documents\Cloudy_chapter2__English_.rar -> [2009/03/10 03:49:12 | 12,572,984 | ---- | M] ()
Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/03/09 19:40:36 | 00,000,696 | ---- | M] ()
RSIT.exe -> %UserProfile%\Desktop\RSIT.exe -> [2009/03/09 19:39:49 | 00,781,851 | ---- | M] ()
imsins.BAK -> %SystemRoot%\imsins.BAK -> [2009/03/09 13:57:37 | 00,001,355 | ---- | M] ()
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [2009/03/09 13:55:39 | 00,501,230 | ---- | M] ()
perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [2009/03/09 13:55:39 | 00,441,124 | ---- | M] ()
perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [2009/03/09 13:55:39 | 00,071,060 | ---- | M] ()
CF26139.exe -> %SystemRoot%\System32\CF26139.exe -> [2009/03/09 11:28:27 | 00,389,120 | ---- | M] (Microsoft Corporation)
ziwepawo -> %SystemRoot%\System32\ziwepawo -> [2009/03/09 11:15:09 | 00,006,456 | -H-- | M] ()
CF118.exe -> %SystemRoot%\System32\CF118.exe -> [2009/03/09 03:41:09 | 00,389,120 | ---- | M] (Microsoft Corporation)
ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe -> [2009/03/09 03:32:18 | 02,933,448 | R--- | M] ()
abuzamut.ini -> %SystemRoot%\System32\abuzamut.ini -> [2009/03/09 02:20:46 | 01,835,082 | -HS- | M] ()
mfvse.exe -> %SystemDrive%\mfvse.exe -> [2009/03/08 14:00:47 | 00,000,000 | ---- | M] ()
ootpnl.exe -> %SystemDrive%\ootpnl.exe -> [2009/03/08 14:00:26 | 00,000,000 | ---- | M] ()
-401084628 -> %SystemDrive%\-401084628 -> [2009/03/08 13:58:59 | 00,000,000 | ---- | M] ()
svchost.exe -> %SystemRoot%\System32\svchost.exe -> [2009/03/08 13:58:55 | 00,014,336 | ---- | M] (Microsoft Corporation)
svchost.exe -> %SystemRoot%\System32\dllcache\svchost.exe -> [2009/03/08 13:58:55 | 00,014,336 | ---- | M] (Microsoft Corporation)
simonuha.dll -> %SystemRoot%\System32\simonuha.dll -> [2009/03/08 13:58:40 | 00,102,400 | -HS- | M] ()
ayufusel.ini -> %SystemRoot%\System32\ayufusel.ini -> [2009/03/08 02:20:44 | 01,835,082 | -HS- | M] ()
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [2009/03/07 21:05:46 | 00,000,116 | ---- | M] ()
HiJackThis.exe -> %UserProfile%\Desktop\HiJackThis.exe -> [2009/03/07 18:44:07 | 00,401,720 | ---- | M] (Trend Micro Inc.)
Damien.exe -> %UserProfile%\Desktop\Damien.exe -> [2009/03/07 18:44:07 | 00,401,720 | ---- | M] (Trend Micro Inc.)
ERUNT.lnk -> %UserProfile%\Desktop\ERUNT.lnk -> [2009/03/07 18:42:32 | 00,000,592 | ---- | M] ()
SpywareBlaster.lnk -> %UserProfile%\Desktop\SpywareBlaster.lnk -> [2009/03/07 18:16:32 | 00,000,690 | ---- | M] ()
CF19981.exe -> %SystemRoot%\System32\CF19981.exe -> [2009/03/07 03:12:11 | 00,389,120 | ---- | M] (Microsoft Corporation)
avg_free_stf_en_85_278a1439.exe -> %UserProfile%\Desktop\avg_free_stf_en_85_278a1439.exe -> [2009/03/07 03:11:16 | 62,270,256 | ---- | M] (AVG Technologies)
0307.reg -> %UserProfile%\My Documents\0307.reg -> [2009/03/07 02:55:43 | 14,224,1018 | ---- | M] ()
Thumbs.db -> %UserProfile%\My Documents\Thumbs.db -> [2009/03/06 20:29:26 | 02,251,264 | -HS- | M] ()
BrokenGlass2.jpg -> %UserProfile%\Desktop\BrokenGlass2.jpg -> [2009/03/06 17:23:37 | 00,030,613 | ---- | M] ()
felazako.exe -> %SystemRoot%\System32\felazako.exe -> [2009/03/06 13:57:49 | 00,002,713 | -HS- | M] ()
REDEMUNINS.INI -> %SystemRoot%\REDEMUNINS.INI -> [2009/03/05 14:30:37 | 00,000,138 | ---- | M] ()
WININIT.INI -> %SystemRoot%\WININIT.INI -> [2009/03/05 12:35:26 | 00,000,370 | ---- | M] ()
hosts.20090306-161025.backup -> %SystemRoot%\System32\drivers\etc\hosts.20090306-161025.backup -> [2009/03/05 10:51:00 | 00,302,562 | R--- | M] ()
Phantasy Star Portable.iso -> %UserProfile%\Desktop\Phantasy Star Portable.iso -> [2009/03/05 08:54:38 | 10,993,97120 | ---- | M] ()
hosts.20090305-095100.backup -> %SystemRoot%\System32\drivers\etc\hosts.20090305-095100.backup -> [2009/03/05 00:23:56 | 00,302,562 | R--- | M] ()
Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk -> [2009/03/05 00:18:30 | 00,000,933 | ---- | M] ()
research.doc -> %UserProfile%\My Documents\research.doc -> [2009/03/04 14:13:54 | 00,038,912 | ---- | M] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/02/27 03:08:39 | 00,169,472 | ---- | M] ()
Dragon Quest V The Hand of the Heavenly Bride.nds -> %UserProfile%\Desktop\Dragon Quest V The Hand of the Heavenly Bride.nds -> [2009/02/17 13:35:44 | 13,421,7728 | ---- | M] ()
Prinny.iso -> %UserProfile%\Desktop\Prinny.iso -> [2009/02/17 02:35:00 | 49,187,8400 | ---- | M] ()
Combined-Community-Codec-Pack-2008-09-21.exe -> %UserProfile%\My Documents\Combined-Community-Codec-Pack-2008-09-21.exe -> [2009/02/12 06:08:12 | 06,833,525 | ---- | M] (CCCP Project )
MRT.exe -> %SystemRoot%\System32\MRT.exe -> [2009/02/11 20:56:18 | 21,244,872 | ---- | M] (Microsoft Corporation)
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2009/02/11 10:19:42 | 00,038,496 | ---- | M] (Malwarebytes Corporation)
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2009/02/11 10:19:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation)
CmdLineExt.dll -> %SystemRoot%\System32\CmdLineExt.dll -> [2009/02/10 22:43:06 | 00,098,304 | ---- | M] (Sony DADC Austria AG.)
opa11.dat -> %AllUsersProfile%\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [2007/02/06 19:54:48 | 00,008,206 | ---- | M] ()
[Alternate Data Streams]
@Alternate Data Stream - 0 bytes -> %UserProfile%\My Documents\Thumbs.db:encryptable
@Alternate Data Stream - 120 bytes -> %AllUsersProfile%\Application Data\TEMP:5C321E34
@Alternate Data Stream - 498 bytes -> %AllUsersProfile%\Application Data\TEMP:05EE1EEF
< End of report >
[/code]
Hi Jishi
Start OTScanIt2. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.
[Registry - Safe List]
< Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> "mabozejeki" -> %SystemRoot% [Rundll32.exe "C:\SYSTEM32\HAL.DLL\system32\modigege.dll",s]
< Run [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> "mabozejeki" -> %SystemRoot% [Rundll32.exe "C:\SYSTEM32\HAL.DLL\system32\modigege.dll",s]
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
YY -> \E\Shell\AutoRun\command\\"" -> E:\ONSPCLCK.exe [E:\ONSPCLCK.exe]
YN -> \F\Shell\AutoRun\command\\"" -> F:\ONSPCLCK.exe [F:\ONSPCLCK.exe]
YN -> \{6e8acf68-fd02-11dc-835a-001225f5bd63}\Shell\AutoRun\command\\"" -> F:\ONSPCLCK.exe [F:\ONSPCLCK.exe]
[Files/Folders - Created Within 30 Days]
NY -> simonuha.dll -> %SystemRoot%\System32\simonuha.dll
NY -> ziwepawo -> %SystemRoot%\System32\ziwepawo
NY -> abuzamut.ini -> %SystemRoot%\System32\abuzamut.ini
NY -> mfvse.exe -> %SystemDrive%\mfvse.exe
NY -> ootpnl.exe -> %SystemDrive%\ootpnl.exe
NY -> -401084628 -> %SystemDrive%\-401084628
NY -> ayufusel.ini -> %SystemRoot%\System32\ayufusel.ini
NY -> felazako.exe -> %SystemRoot%\System32\felazako.exe
[Files/Folders - Modified Within 30 Days]
NY -> GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
NY -> qmgr0.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr0.dat
NY -> qmgr1.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr1.dat
NY -> ziwepawo -> %SystemRoot%\System32\ziwepawo
NY -> abuzamut.ini -> %SystemRoot%\System32\abuzamut.ini
NY -> mfvse.exe -> %SystemDrive%\mfvse.exe
NY -> ootpnl.exe -> %SystemDrive%\ootpnl.exe
NY -> -401084628 -> %SystemDrive%\-401084628
NY -> simonuha.dll -> %SystemRoot%\System32\simonuha.dll
NY -> ayufusel.ini -> %SystemRoot%\System32\ayufusel.ini
NY -> felazako.exe -> %SystemRoot%\System32\felazako.exe
NY -> DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
The fix should only take a very short time. When the fix is completed a message box will popup either telling you that it is finished, or that a reboot is needed to complete the fix. If the fix is complete, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that log back here in your next reply.
If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTScanIt2 will finish moving any files that could not be moved during the fix and NotePad will open with the final results at that time. Post that log back here in your next reply.
Thanks peku006
Hi peku006,
Was wondering about your last reply, was that fix for me or for a different person (since the name says Jishi)? Thanks
Hi
it's yours...Jishi is only "typo" :oops:
Hi peku006,
I copied and pasted that text into O2ScanIt2 and it gave me a number of errors (I recall some of them being about Windows SP2). And when I restarted the computer, it seemed to have deleted the NET framework and made many applications unopenable and removed my connection to the Internet. I performed a system restore and all seems well at the moment.
Hi 4daVii
How's the computer running now? Any problems?
Thanks peku006
Hey peku006,
Everything is running as normal, do you think it might be gone?
Hey peku006
Everything seems normal, I longer receive pop ups at system restart regarding specific .dll files (probably vundo). Do you think Vundo has been wiped from my system?
Hi 4daVii
We will run one online scan to be sure that there is nothing left.
1 - Update Java
Please download JavaRa (http://prm753.bchea.org/click/click.php?id=9) and unzip it to your desktop.
Double-click on JavaRa.exe to start the program.
Click on Remove Older Versions to remove the older versions of Java installed on your computer.
Click Yes when prompted. When JavaRa is done, a notice will appear that a log file has been produced. Click OK.
A log file will pop up. Please save it to a convenient location.
Download the latest version of Java Runtime Environment (JRE) 6 Update 12 (http://java.sun.com/javase/downloads/index.jsp).
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
Click on Continue.
Click on the link to download Windows Offline Installation and save it to your desktop. Do NOT use the Sun Download Manager..
Close any programs you may have running - especially your web browser.
Then from your desktop double-click on the download to install the newest version.
2 - Clean temp files
Download and Run ATF Cleaner
Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.Double-click ATF Cleaner.exe to open it.
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
if you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
if you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program
3 - Kaspersky Online Scan
Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply.
4 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad
5 - Status Check
Please reply with
1. the Kaspersky online scanner report
2. a fresh HijackThis log
Thanks peku006
Hi peku006,
Sorry for the huge delay.
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, March 19, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, March 19, 2009 11:00:13
Records in database: 1933434
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
E:\
G:\
H:\
X:\
Y:\
Z:\
Scan statistics:
Files scanned: 189950
Threat name: 5
Infected objects: 8
Suspicious objects: 0
Duration of the scan: 05:29:02
File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\SYSTEM32\HAL.DLL\system32\vufosesa.dll.vir Infected: Trojan.Win32.Agent2.erm 1
C:\System Volume Information\_restore{29D73C11-7376-4AE9-8869-8F0C1BC075D9}\RP386\A0075405.dll Infected: Trojan.Win32.Agent2.erm 1
C:\System Volume Information\_restore{29D73C11-7376-4AE9-8869-8F0C1BC075D9}\RP386\A0075411.dll Infected: Trojan.Win32.Agent2.erm 1
C:\System Volume Information\_restore{29D73C11-7376-4AE9-8869-8F0C1BC075D9}\RP389\A0075577.exe Infected: Trojan.Win32.Inject.pum 1
C:\System Volume Information\_restore{29D73C11-7376-4AE9-8869-8F0C1BC075D9}\RP391\A0075704.dll Infected: Trojan.Win32.Agent2.erm 1
C:\WINDOWS\SYSTEM32\iocea.dll Infected: Trojan-Spy.Win32.Briss.s 1
C:\WINDOWS\SYSTEM32\touuuin.dll Infected: not-a-virus:AdWare.Win32.AdultIt.a 1
H:\MiSc\BSINSTALL.exe Infected: not-a-virus:WebToolbar.Win32.WhenU.a 1
The selected area was scanned.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:22 PM, on 03-19-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\SYSTEM32\HAL.DLL\System32\smss.exe
C:\SYSTEM32\HAL.DLL\system32\winlogon.exe
C:\SYSTEM32\HAL.DLL\system32\services.exe
C:\SYSTEM32\HAL.DLL\system32\lsass.exe
C:\SYSTEM32\HAL.DLL\system32\svchost.exe
C:\SYSTEM32\HAL.DLL\System32\svchost.exe
C:\SYSTEM32\HAL.DLL\system32\svchost.exe
C:\SYSTEM32\HAL.DLL\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\SYSTEM32\HAL.DLL\system32\CTsvcCDA.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\SYSTEM32\HAL.DLL\System32\svchost.exe
C:\SYSTEM32\HAL.DLL\system32\MsPMSPSv.exe
C:\SYSTEM32\HAL.DLL\Explorer.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\progra~1\winamp\winampa.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Messenger\msmsgs.exe
C:\SYSTEM32\HAL.DLL\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\SYSTEM32\HAL.DLL\system32\taskmgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
c:\progra~1\winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Damien\Local Settings\temp\jkos-Damien\binaries\ScanningProcess.exe
C:\Documents and Settings\Damien\Desktop\Damien.exe
F3 - REG:win.ini: load=""
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {f11e4ae0-fa5c-4387-8e12-f2a5ea40af58} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\SYSTEM32\HAL.DLL\UpdReg.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [WinampAgent] c:\progra~1\winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Gadwin PrintScreen 2.6] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\dlm.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\SYSTEM32\HAL.DLL\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [Generic Host Process] C:\SYSTEM32\HAL.DLL\system32\scvhost.exe
O4 - HKUS\S-1-5-19\..\Run: [mabozejeki] Rundll32.exe "C:\SYSTEM32\HAL.DLL\system32\modigege.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [mabozejeki] Rundll32.exe "C:\SYSTEM32\HAL.DLL\system32\modigege.dll",s (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\SYSTEM32\HAL.DLL\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\SYSTEM32\HAL.DLL\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://www.gamescampus.com/xiah/luncher/GamesCampus.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://www.epost.ca/printing/smsx.cab
O16 - DPF: {377FF862-62E0-4F33-B6E5-F58E0BC0F209} (NlsComm Component Class) - http://login.hanbiton.com/cab/NLSnSSO.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by118fd.bay118.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1236619636953
O16 - DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} (NMJTransX Control) - http://www.netmarble.jp/_common/cab/NMJTransX.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.cdnetworks.co.jp/cdndist/neffy/NeffyLauncher_v1013.cab
O16 - DPF: {B01AAFA1-2478-44A3-8894-BE4D4C23C271} (HLauncher Control) - http://ge.clubhanbit.jp/launcher/GELauncher.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab
O16 - DPF: {F58E877C-4F14-4805-B2D2-EB48927C7580} (NeffyManSpLauncherCtl Class) - http://dist.cdnetworks.co.kr/cdndist/streamport/SPort.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.2.1.cab
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O18 - Protocol: intu-tw2005 - {409C9F3B-A432-4259-8526-F8F02EB9A652} - C:\Program Files\TAXWIZ 2005\TW2005\ic2005pp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\SYSTEM32\HAL.DLL\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\SYSTEM32\HAL.DLL\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\SYSTEM32\HAL.DLL\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\SYSTEM32\HAL.DLL\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\SYSTEM32\HAL.DLL\system32\Pen_Tablet.exe
--
End of file - 12245 bytes
Hi 4daVii
Delete your version of SDFix and download a fresh copy........
Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible.
Some steps will require you to use Safe Mode and you will not have access to this page.
1 - Download and Install SDFix
Download SDFix (http://downloads.andymanchesta.com/RemovalTools/SDFix.exe) and save it to your Desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
2 - Boot into Safe Mode
Reboot your computer in Safe Mode.
If the computer is running, shut down Windows, and then turn off the power.
Wait 30 seconds, and then turn the computer on.
Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
Ensure that the Safe Mode option is selected.
Press Enter. The computer then begins to start in Safe mode.
Login on your usual account.
3- Run SDFix
Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
4 - Scan With ComboFix
Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
How to Temporarily Disable Anti-virus (http://www.bleepingcomputer.com/forums/topic114351.html)
Please include the C:\ComboFix.txt in your next reply for further review.
5 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad
6 - Status Check
Please reply with
1. the SDFix Report.txt(C:\SDFix\Report.txt)
2. the ComboFix log(C:\ComboFix.txt)
3. a fresh HijackThis log
Thanks peku006
SDFix Report too big for one post (72092 characters) and too large to attach (70.4 KB)
SDFix: Version 1.240
Run by Damien on 03-20-2009 at 08:21 PM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\MFVSE.EXE - Deleted
C:\OOTPNL.EXE - Deleted
C:\SYSTEM32\HAL.DLL\system32\ckl009.dat - Deleted
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-20 22:54:54
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:55ca492d
"s2"=dword:3e756b8f
"h0"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:01,fd,87,da,d4,58,76,48,f3,c0,09,02,d4,3f,1b,e9,71,d7,9c,e9,55,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:eb,4e,b3,8f,71,92,39,52,e1,55,0f,08,aa,17,05,34,9e,fa,66,1c,48,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,f2,e5,c3,ac,4b,97,28,e7,46,07,64,e1,f2,8b,f6,94,44,..
"khjeh"=hex:af,48,7d,16,80,38,a2,d5,f4,70,61,c2,3c,b1,73,6b,9f,b2,10,d6,92,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:5b,9b,5d,d8,b7,25,af,b8,ba,53,0b,af,11,a3,b0,78,a6,ed,c6,98,dc,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:17,a5,0e,2b,04,c2,ea,44,e8,b7,28,df,61,42,d5,64,fa,88,84,2d,05,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:b8,6b,27,20,74,d1,ee,d5,e5,d8,17,d5,61,64,6b,8f,d0,51,b4,56,74,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:01,fd,87,da,d4,58,76,48,f3,c0,09,02,d4,3f,1b,e9,71,d7,9c,e9,55,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:eb,4e,b3,8f,71,92,39,52,e1,55,0f,08,aa,17,05,34,9e,fa,66,1c,48,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,f2,e5,c3,ac,4b,97,28,e7,46,07,64,e1,f2,8b,f6,94,44,..
"khjeh"=hex:af,48,7d,16,80,38,a2,d5,f4,70,61,c2,3c,b1,73,6b,9f,b2,10,d6,92,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:5b,9b,5d,d8,b7,25,af,b8,ba,53,0b,af,11,a3,b0,78,a6,ed,c6,98,dc,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:17,a5,0e,2b,04,c2,ea,44,e8,b7,28,df,61,42,d5,64,fa,88,84,2d,05,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:b8,6b,27,20,74,d1,ee,d5,e5,d8,17,d5,61,64,6b,8f,d0,51,b4,56,74,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:01,fd,87,da,d4,58,76,48,f3,c0,09,02,d4,3f,1b,e9,71,d7,9c,e9,55,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:eb,4e,b3,8f,71,92,39,52,e1,55,0f,08,aa,17,05,34,9e,fa,66,1c,48,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,f2,e5,c3,ac,4b,97,28,e7,46,07,64,e1,f2,8b,f6,94,44,..
"khjeh"=hex:af,48,7d,16,80,38,a2,d5,f4,70,61,c2,3c,b1,73,6b,9f,b2,10,d6,92,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:ca,53,74,d8,18,06,a9,a7,8d,81,ba,43,71,78,05,d0,9f,c8,df,87,10,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:8f,c9,27,ac,3a,77,b1,48,d2,f6,bc,7e,ee,d4,7c,5e,72,4e,e4,a0,29,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:b8,6b,27,20,74,d1,ee,d5,e5,d8,17,d5,61,64,6b,8f,d0,51,b4,56,74,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
"OODEFRAG08.00.00.01WORKSTATION"="A6AD13F8A5DCC26F98683400B69FE63ED6F8405D8A1698CDBAB673F6A1A74C97AC61B4C19DF3310C856D8D60654BA1120735AB0FE807BF62D56E7E5FE2A2072310F1D645363105E4F2D3A1F3591D11E0064EAE8953B59D9164F7830DBE9217168CD0C5BA6B4651634211AF9B8757874F01DB16FB5498E560FDB3829D7A4631EFC041534B5DF36C26BCEE79B105531B3986CE388B9EBE91039BD480A3011ECE65AE5E57184C136FFD0C0CC6808FFD29AD8DE86BD285495BE8996207A36012AC5F3C1328B4228E3970C1D9E0C8865550EC6C408A5D836DC4AE3B39A11AC82CCC7A3421A62566656B37CE1D973FFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667C038D530D6EB3452C038D530D6EB3452A2D97226D213B5554F6EBEBADED40E0E6034C7CF6A55B3870D469CB474D1000C3561F023DE95E06724964286395FB42CA302C2B5ACBBBD4CAEC5DDF26932AA88245F44C22CB52B299844870FCCF1190FA9D3CC1DE4622A8E6F9807D17D3EBC99F1D94B44D9A9AABEB5782B263E462EF655209FF4DD855D3B2DCC13FD45562DFA1514E234621986512B4A07D612686F14ADF3BBE347374431E680C0D9B8B3F75725E02BD0A9FEEAF7C9E43F5DB43BDA905DEC6143B45F4DC4406914FCB5DF1B51DFAA870E732D8BC208853728F2F07105333F96201DB3E9BE814ED232F9BA9CFC27EE211469C49932FE7F975E7E15B702A2B1263D5C459059168D0AF6ABF483E27DBEE2BD1ABF50BD6D374F56EF81398943209D0FB2F3BC478E9586FDD218DA028CBFFC1A75E86B4EB4A80F9EC0E703134DF850404177ED2A1E6C5DAEDCFCB2C9A1A9656D525F2A42DAE2CAF64F4E260AA1BF542C12D7259B1D29E5A218D21E202F4BD2AF6819536B89843DD2DD8CB84D448C02668D736AA607F639A83B9CB55C4785418B565B2F900FC7E15B92CF532F590AF9B4067BC6CB7C98B7C35D31154DA44E71611DC389EADD757BED78981677AD771C0EAC77CAFEC1E0052A7ABADA33242EE7C3A241B3A88AEA0F1A7D3B216130A88FA29ABF88A8BC3908C5F3382C444541EB7A309781EC4F1B64A5F460199AF104BE52CA0295A3FB9CEA360EFCAE28AEBA0A01F15F4CCB8B0D09079307A9482C05D7341CC08CC1AC9B9E4DF03010FB285F12877A0370D040DA4F6CF4FC7F7FB83BCC90D1D10F4525D95591294BFDD11F8819F0BFC24F799132CB371868CBCB964A536593DE3B675C12853DA69E2EADA423F5D419334D384CD4D6785DC2442C686966636D64BBD3EC0E6ABF3ECAD688EC31C57FC6BB52F1DC1A8EFB8DD7A415F4624371CDB539AA19AE843BA848344FD046696FE697CA82D3EB543E51C8276BA795EC2888F7E1FE4369960781610664CD0D035802D62936E9C84CEC"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes]
"\31jィ\16f\35g?"="-3 ��"
"\31jィ\xff740\xff770\xff830\xff6f0?"="-3 \x30b4\x30b7\x30c3\x30af"
"\xff740\xff770\xff830\xff6f0"="-3 \x30b4\x30b7\x30c3\x30af"
"z\xf8f3\x30fb|\xf8f3o\xf8f3x\xf8f3?"="-3 \x30b4\x30b7\x30c3\x30af"
"x\xf8f3p\xf8f3\x30fbt\xf8f3?"="Courier"
"\x80\xf8f3r\xf8f3\x30fb}\xf8f3\x30fb\x30fb\x30fb\x30fb?????"="Times New Roman"
"\x30fb\x30fb\x30fb\x30fb\x30fbv\xf8f3?????"="Arial"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\SYSTEM32\HAL.DLL\system32\vufosesa.dll c:\system32\hal.dll\system32\neyiwafu.dll"
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710
"LoadAppInit_DLLs"=dword:00000001
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Damien\\My Documents\\HydraIRC\\HydraIRC.exe"="C:\\Documents and Settings\\Damien\\My Documents\\HydraIRC\\HydraIRC.exe:*:Enabled:HydraIRC"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Wizet\\MapleStory\\Patcher.exe"="C:\\Program Files\\Wizet\\MapleStory\\Patcher.exe:*:Enabled:Patcher MFC ?? ????"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Documents and Settings\\Damien\\My Documents\\Warcraft III\\Warcraft III.exe"="C:\\Documents and Settings\\Damien\\My Documents\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\Documents and Settings\\Damien\\Desktop\\UT\\System\\UT2004.exe"="C:\\Documents and Settings\\Damien\\Desktop\\UT\\System\\UT2004.exe:*:Enabled:UT2004"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Disabled:LimeWire"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Disabled:LimeWire swarmed installer"
"H:\\Steam\\SteamApps\\4davii\\counter-strike source\\hl2.exe"="H:\\Steam\\SteamApps\\4davii\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"H:\\Steam\\SteamApps\\4davii\\day of defeat source\\hl2.exe"="H:\\Steam\\SteamApps\\4davii\\day of defeat source\\hl2.exe:*:Enabled:hl2"
"H:\\Games\\Steam\\SteamApps\\4davii\\counter-strike source\\hl2.exe"="H:\\Games\\Steam\\SteamApps\\4davii\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Documents and Settings\\Damien\\My Documents\\Starcraft\\StarCraft.exe"="C:\\Documents and Settings\\Damien\\My Documents\\Starcraft\\StarCraft.exe:*:Enabled:Starcraft"
"C:\\Documents and Settings\\Damien\\My Documents\\StarCraft2CinematicTrailer_EnglishUS-avi-downloader.exe"="C:\\Documents and Settings\\Damien\\My Documents\\StarCraft2CinematicTrailer_EnglishUS-avi-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"
"C:\\Documents and Settings\\Damien\\My Documents\\FreeStyle Street BBall\\FreeStyle.exe"="C:\\Documents and Settings\\Damien\\My Documents\\FreeStyle Street BBall\\FreeStyle.exe:*:Disabled:FreeStyle"
"C:\\SYSTEM32\\HAL.DLL\\system32\\PnkBstrA.exe"="C:\\SYSTEM32\\HAL.DLL\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\SYSTEM32\\HAL.DLL\\system32\\PnkBstrB.exe"="C:\\SYSTEM32\\HAL.DLL\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"I:\\Games\\Fear\\FEARMP.exe"="I:\\Games\\Fear\\FEARMP.exe:*:Enabled:FEAR Combat"
"I:\\Games\\FearX\\FEARXP2.exe"="I:\\Games\\FearX\\FEARXP2.exe:*:Enabled:FEARXP2"
"I:\\NOMADAPP\\Portable Programs\\W32\\Skype\\Phone\\skype.exe"="I:\\NOMADAPP\\Portable Programs\\W32\\Skype\\Phone\\skype.exe:*:Enabled:Skype"
"C:\\Program Files\\DAUM\\PotPlayer\\daumvsvr.exe"="C:\\Program Files\\DAUM\\PotPlayer\\daumvsvr.exe:*:Enabled:VideoPot"
"C:\\Program Files\\DAUM\\PotPlayer\\PotPlayer.exe"="C:\\Program Files\\DAUM\\PotPlayer\\PotPlayer.exe:*:Enabled:Daum ?????"
"H:\\NOMADAPP\\Portable Programs\\W32\\Skype\\Phone\\Skype.exe"="H:\\NOMADAPP\\Portable Programs\\W32\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Ventrilo\\Ventrilo.exe"="C:\\Program Files\\Ventrilo\\Ventrilo.exe:*:Enabled:Ventrilo.exe"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\SYSTEM32\\HAL.DLL\\system32\\logonui.exe"="C:\\SYSTEM32\\HAL.DLL\\system32\\logonui.exe:*:Enabled:logonui"
"C:\\SYSTEM32\\HAL.DLL\\system32\\winlogon.exe"="C:\\SYSTEM32\\HAL.DLL\\system32\\winlogon.exe:*:Enabled:winlogon"
"C:\\SYSTEM32\\HAL.DLL\\system32\\spoolsv.exe"="C:\\SYSTEM32\\HAL.DLL\\system32\\spoolsv.exe:*:Enabled:spoolsv"
"C:\\Program Files\\Symantec\\LiveUpdate\\AluSchedulerSvc.exe"="C:\\Program Files\\Symantec\\LiveUpdate\\AluSchedulerSvc.exe:*:Enabled:ALUSchedulerSvc"
"C:\\SYSTEM32\\HAL.DLL\\explorer.exe"="C:\\SYSTEM32\\HAL.DLL\\explorer.exe:*:Enabled:Explorer"
"C:\\SYSTEM32\\HAL.DLL\\system32\\lsass.exe"="C:\\SYSTEM32\\HAL.DLL\\system32\\lsass.exe:*:Enabled:lsass"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Mon 26 Jan 2009 1,740,632 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 26 Jan 2009 5,365,592 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Thu 5 Mar 2009 2,260,480 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Tue 30 Dec 2003 0 A..H. --- "C:\WINDOWS\WINDOWS\PAKU.exe.tmp"
Fri 11 Jun 2004 0 A..H. --- "C:\WINDOWS\WINDOWS\szcdul.exe.tmp"
Sun 29 Aug 2004 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 4 Nov 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users.HAL.DLL\DRM\DRMv1.bak"
Fri 6 Mar 2009 2,713 ..SH. --- "C:\SYSTEM32\HAL.DLL\system32\felazako.exe"
Sun 8 Mar 2009 102,400 A.SH. --- "C:\SYSTEM32\HAL.DLL\system32\simonuha.dll"
Fri 11 Jan 2008 28,672 A..H. --- "C:\System Volume Information\_restore{29D73C11-7376-4AE9-8869-8F0C1BC075D9}\RP400\A0078140.dll"
Fri 11 Jan 2008 32,768 A..H. --- "C:\System Volume Information\_restore{29D73C11-7376-4AE9-8869-8F0C1BC075D9}\RP400\A0078143.dll"
Fri 16 Jan 2009 3,102,267 A..H. --- "C:\System Volume Information\_restore{29D73C11-7376-4AE9-8869-8F0C1BC075D9}\RP400\A0078145.exe"
Fri 11 Jan 2008 28,672 A..H. --- "C:\System Volume Information\_restore{29D73C11-7376-4AE9-8869-8F0C1BC075D9}\RP404\A0084482.dll"
Fri 11 Jan 2008 32,768 A..H. --- "C:\System Volume Information\_restore{29D73C11-7376-4AE9-8869-8F0C1BC075D9}\RP404\A0084485.dll"
Fri 16 Jan 2009 3,102,267 A..H. --- "C:\System Volume Information\_restore{29D73C11-7376-4AE9-8869-8F0C1BC075D9}\RP404\A0084487.exe"
Sat 23 Sep 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 1 Nov 2006 0 A.SH. --- "C:\Documents and Settings\All Users.HAL.DLL\DRM\Cache\Indiv01.tmp"
Fri 12 Nov 2004 37,376 A..H. --- "C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe"
Sat 12 Jan 2008 22,528 ...H. --- "C:\Documents and Settings\Damien\Application Data\Microsoft\Word\~WRL0357.tmp"
Sat 12 Jan 2008 22,016 ...H. --- "C:\Documents and Settings\Damien\Application Data\Microsoft\Word\~WRL0893.tmp"
Sat 12 Jan 2008 22,528 ...H. --- "C:\Documents and Settings\Damien\Application Data\Microsoft\Word\~WRL1444.tmp"
Sat 12 Jan 2008 22,528 ...H. --- "C:\Documents and Settings\Damien\Application Data\Microsoft\Word\~WRL2587.tmp"
Sat 12 Jan 2008 22,528 ...H. --- "C:\Documents and Settings\Damien\Application Data\Microsoft\Word\~WRL2953.tmp"
Sat 12 Jan 2008 22,528 ...H. --- "C:\Documents and Settings\Damien\Application Data\Microsoft\Word\~WRL3606.tmp"
Sat 12 Jan 2008 22,528 ...H. --- "C:\Documents and Settings\Damien\Application Data\Microsoft\Word\~WRL3950.tmp"
Thu 21 Apr 2005 19,968 ...H. --- "C:\Documents and Settings\Grace\Application Data\Microsoft\Word\~WRL0059.tmp"
Wed 29 Oct 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0003.tmp"
Wed 26 Nov 2008 19,456 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0005.tmp"
Wed 29 Oct 2008 24,064 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0008.tmp"
Wed 3 Dec 2008 28,160 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0014.tmp"
Wed 3 Dec 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0022.tmp"
Wed 3 Dec 2008 24,064 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0038.tmp"
Wed 3 Dec 2008 29,184 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0041.tmp"
Wed 29 Oct 2008 21,504 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0049.tmp"
Wed 29 Oct 2008 20,992 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0051.tmp"
Wed 29 Oct 2008 23,552 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0061.tmp"
Wed 29 Oct 2008 21,504 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0063.tmp"
Wed 29 Oct 2008 24,064 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0071.tmp"
Wed 29 Oct 2008 21,504 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0072.tmp"
Wed 29 Oct 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0085.tmp"
Wed 29 Oct 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0106.tmp"
Wed 3 Dec 2008 25,088 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0110.tmp"
Wed 3 Dec 2008 25,088 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0129.tmp"
Wed 29 Oct 2008 24,576 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0137.tmp"
Wed 3 Dec 2008 28,672 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0139.tmp"
Wed 29 Oct 2008 24,576 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0145.tmp"
Wed 3 Dec 2008 24,064 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0153.tmp"
Wed 3 Dec 2008 23,040 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0156.tmp"
Wed 3 Dec 2008 23,552 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0163.tmp"
Wed 29 Oct 2008 25,088 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0165.tmp"
Wed 29 Oct 2008 21,504 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0185.tmp"
Wed 29 Oct 2008 20,480 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0217.tmp"
Wed 29 Oct 2008 21,504 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0225.tmp"
Wed 3 Dec 2008 28,672 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0253.tmp"
Wed 29 Oct 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0258.tmp"
Wed 29 Oct 2008 24,064 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0263.tmp"
Wed 3 Dec 2008 22,016 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0295.tmp"
Wed 29 Oct 2008 22,528 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0299.tmp"
Wed 29 Oct 2008 20,992 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0305.tmp"
Wed 29 Oct 2008 20,480 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0306.tmp"
Wed 29 Oct 2008 23,552 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0313.tmp"
Wed 3 Dec 2008 29,184 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0320.tmp"
Wed 3 Dec 2008 27,136 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0328.tmp"
Wed 3 Dec 2008 25,600 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0329.tmp"
Wed 29 Oct 2008 20,480 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0332.tmp"
Wed 29 Oct 2008 23,552 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0347.tmp"
Wed 3 Dec 2008 26,112 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0372.tmp"
Wed 29 Oct 2008 24,064 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0382.tmp"
Wed 29 Oct 2008 22,016 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0389.tmp"
Wed 3 Dec 2008 27,136 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0390.tmp"
Wed 3 Dec 2008 25,088 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0413.tmp"
Wed 29 Oct 2008 25,088 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0417.tmp"
Wed 29 Oct 2008 20,992 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0428.tmp"
Wed 3 Dec 2008 26,624 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0432.tmp"
Wed 29 Oct 2008 21,504 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0434.tmp"
Wed 3 Dec 2008 24,576 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0440.tmp"
Wed 29 Oct 2008 20,992 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0444.tmp"
Wed 3 Dec 2008 25,600 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0455.tmp"
Wed 29 Oct 2008 24,064 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0462.tmp"
Wed 29 Oct 2008 21,504 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0464.tmp"
Wed 29 Oct 2008 22,528 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0480.tmp"
Wed 29 Oct 2008 24,576 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0487.tmp"
Wed 29 Oct 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0491.tmp"
Wed 3 Dec 2008 23,040 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0506.tmp"
Wed 29 Oct 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0524.tmp"
Wed 29 Oct 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0525.tmp"
Wed 29 Oct 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0556.tmp"
Wed 29 Oct 2008 20,992 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0582.tmp"
Wed 3 Dec 2008 25,088 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0585.tmp"
Wed 3 Dec 2008 20,992 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0587.tmp"
Wed 3 Dec 2008 23,040 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0593.tmp"
Wed 29 Oct 2008 20,480 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0635.tmp"
Wed 29 Oct 2008 24,576 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0653.tmp"
Wed 29 Oct 2008 20,480 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0656.tmp"
Wed 29 Oct 2008 23,040 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0658.tmp"
Wed 29 Oct 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0663.tmp"
Wed 3 Dec 2008 25,600 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0668.tmp"
Wed 3 Dec 2008 20,992 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0671.tmp"
Wed 3 Dec 2008 27,136 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0687.tmp"
Wed 3 Dec 2008 25,088 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0691.tmp"
Wed 3 Dec 2008 28,672 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0706.tmp"
Wed 3 Dec 2008 23,040 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0732.tmp"
Wed 29 Oct 2008 20,480 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0736.tmp"
Wed 29 Oct 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0747.tmp"
Wed 29 Oct 2008 21,504 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0750.tmp"
Wed 29 Oct 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0757.tmp"
Wed 29 Oct 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0768.tmp"
Wed 3 Dec 2008 28,672 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0783.tmp"
Wed 3 Dec 2008 24,064 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0795.tmp"
Wed 29 Oct 2008 21,504 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0800.tmp"
Wed 29 Oct 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0816.tmp"
Wed 3 Dec 2008 25,600 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0818.tmp"
Wed 29 Oct 2008 20,992 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0827.tmp"
Wed 29 Oct 2008 24,576 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0837.tmp"
Wed 3 Dec 2008 24,064 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0841.tmp"
Wed 3 Dec 2008 27,648 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0846.tmp"
Wed 29 Oct 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0854.tmp"
Wed 3 Dec 2008 23,040 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0855.tmp"
Wed 29 Oct 2008 21,504 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0858.tmp"
Wed 29 Oct 2008 20,480 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0859.tmp"
Wed 3 Dec 2008 19,456 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0862.tmp"
Wed 3 Dec 2008 28,160 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0863.tmp"
Wed 3 Dec 2008 28,672 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0864.tmp"
Wed 3 Dec 2008 29,184 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0865.tmp"
Wed 3 Dec 2008 25,600 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0873.tmp"
Wed 3 Dec 2008 23,552 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0876.tmp"
Wed 3 Dec 2008 27,136 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0887.tmp"
Wed 29 Oct 2008 21,504 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0896.tmp"
Wed 29 Oct 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0920.tmp"
Wed 29 Oct 2008 23,552 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0922.tmp"
Wed 29 Oct 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0930.tmp"
Wed 3 Dec 2008 23,552 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0940.tmp"
Wed 29 Oct 2008 22,528 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0943.tmp"
Wed 29 Oct 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0948.tmp"
Wed 3 Dec 2008 24,576 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0949.tmp"
Wed 29 Oct 2008 22,528 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0951.tmp"
Wed 3 Dec 2008 29,184 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL0961.tmp"
Wed 3 Dec 2008 28,160 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1001.tmp"
Wed 3 Dec 2008 28,672 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1012.tmp"
Wed 29 Oct 2008 24,576 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1014.tmp"
Wed 29 Oct 2008 20,992 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1015.tmp"
Wed 29 Oct 2008 21,504 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1018.tmp"
Wed 29 Oct 2008 20,480 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1025.tmp"
Wed 3 Dec 2008 28,672 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1033.tmp"
Wed 29 Oct 2008 20,480 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1037.tmp"
Wed 3 Dec 2008 21,504 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1046.tmp"
Wed 29 Oct 2008 20,992 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1048.tmp"
Wed 29 Oct 2008 23,040 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1064.tmp"
Wed 3 Dec 2008 20,480 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1078.tmp"
Wed 29 Oct 2008 25,088 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1093.tmp"
Wed 3 Dec 2008 25,088 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1094.tmp"
Wed 29 Oct 2008 20,480 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1102.tmp"
Wed 3 Dec 2008 20,992 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1103.tmp"
Wed 29 Oct 2008 24,064 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1120.tmp"
Wed 3 Dec 2008 24,064 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1130.tmp"
Wed 29 Oct 2008 20,480 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1132.tmp"
Wed 3 Dec 2008 22,528 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1149.tmp"
Wed 3 Dec 2008 25,088 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1189.tmp"
Wed 29 Oct 2008 24,576 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1223.tmp"
Wed 29 Oct 2008 23,552 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1246.tmp"
Wed 3 Dec 2008 29,184 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1255.tmp"
Wed 29 Oct 2008 24,064 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1258.tmp"
Wed 29 Oct 2008 21,504 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1265.tmp"
Wed 29 Oct 2008 22,528 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1268.tmp"
Wed 3 Dec 2008 24,576 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1288.tmp"
Wed 3 Dec 2008 27,648 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1298.tmp"
Wed 29 Oct 2008 20,480 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1308.tmp"
Wed 29 Oct 2008 20,992 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1309.tmp"
Wed 29 Oct 2008 22,016 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1317.tmp"
Wed 29 Oct 2008 25,088 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1318.tmp"
Wed 3 Dec 2008 23,040 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1365.tmp"
Wed 29 Oct 2008 24,576 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1367.tmp"
Wed 29 Oct 2008 23,552 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1377.tmp"
Wed 29 Oct 2008 20,992 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1383.tmp"
Wed 29 Oct 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1386.tmp"
Wed 3 Dec 2008 25,088 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1420.tmp"
Wed 29 Oct 2008 22,528 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1425.tmp"
Wed 29 Oct 2008 22,016 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1429.tmp"
Wed 29 Oct 2008 24,576 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1430.tmp"
Wed 29 Oct 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1445.tmp"
Wed 3 Dec 2008 28,160 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1448.tmp"
Wed 3 Dec 2008 27,136 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1462.tmp"
Wed 3 Dec 2008 27,648 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1464.tmp"
Wed 29 Oct 2008 24,064 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1466.tmp"
Wed 3 Dec 2008 19,456 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1469.tmp"
Wed 29 Oct 2008 20,992 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1479.tmp"
Wed 29 Oct 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1492.tmp"
Wed 29 Oct 2008 22,016 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1517.tmp"
Wed 3 Dec 2008 27,136 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1523.tmp"
Wed 29 Oct 2008 25,088 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1524.tmp"
Wed 3 Dec 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1530.tmp"
Wed 3 Dec 2008 23,040 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1534.tmp"
Wed 3 Dec 2008 19,456 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1550.tmp"
Wed 29 Oct 2008 20,992 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1575.tmp"
Wed 29 Oct 2008 23,552 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1590.tmp"
Wed 29 Oct 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1596.tmp"
Wed 29 Oct 2008 21,504 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1597.tmp"
Wed 29 Oct 2008 24,064 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1604.tmp"
Wed 3 Dec 2008 27,136 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1612.tmp"
Wed 3 Dec 2008 20,480 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1622.tmp"
Wed 3 Dec 2008 28,672 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1632.tmp"
Wed 3 Dec 2008 28,160 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1656.tmp"
Wed 29 Oct 2008 24,576 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1666.tmp"
Wed 3 Dec 2008 24,064 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1687.tmp"
Wed 3 Dec 2008 27,136 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1710.tmp"
Wed 3 Dec 2008 27,136 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1715.tmp"
Wed 3 Dec 2008 23,552 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1725.tmp"
Wed 29 Oct 2008 24,064 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1726.tmp"
Wed 3 Dec 2008 24,064 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1731.tmp"
Wed 3 Dec 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1738.tmp"
Wed 3 Dec 2008 27,136 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1743.tmp"
Wed 29 Oct 2008 21,504 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1751.tmp"
Wed 29 Oct 2008 24,576 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1759.tmp"
Wed 3 Dec 2008 24,064 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1760.tmp"
Wed 29 Oct 2008 23,552 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1761.tmp"
Wed 29 Oct 2008 23,040 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1767.tmp"
Wed 29 Oct 2008 25,088 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1780.tmp"
Wed 29 Oct 2008 25,088 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1785.tmp"
Wed 29 Oct 2008 24,064 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1790.tmp"
Wed 3 Dec 2008 20,480 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1792.tmp"
Wed 29 Oct 2008 24,576 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1801.tmp"
Wed 29 Oct 2008 22,528 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1808.tmp"
Wed 29 Oct 2008 20,480 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1836.tmp"
Wed 29 Oct 2008 21,504 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1842.tmp"
Wed 29 Oct 2008 20,480 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1844.tmp"
Wed 3 Dec 2008 24,576 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1858.tmp"
Wed 3 Dec 2008 24,576 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1865.tmp"
Wed 29 Oct 2008 20,480 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1866.tmp"
Wed 3 Dec 2008 27,136 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1908.tmp"
Wed 29 Oct 2008 22,528 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1916.tmp"
Wed 29 Oct 2008 20,480 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1923.tmp"
Wed 29 Oct 2008 20,480 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1926.tmp"
Wed 29 Oct 2008 24,576 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1937.tmp"
Wed 29 Oct 2008 21,504 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1945.tmp"
Wed 3 Dec 2008 25,600 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1948.tmp"
Wed 29 Oct 2008 23,040 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1950.tmp"
Wed 3 Dec 2008 24,064 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1951.tmp"
Wed 3 Dec 2008 26,112 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1953.tmp"
Wed 3 Dec 2008 20,992 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1954.tmp"
Wed 29 Oct 2008 23,040 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1994.tmp"
Wed 29 Oct 2008 20,992 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL1997.tmp"
Wed 29 Oct 2008 20,992 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2013.tmp"
Wed 3 Dec 2008 27,648 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2014.tmp"
Wed 29 Oct 2008 20,480 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2016.tmp"
Wed 29 Oct 2008 22,528 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2017.tmp"
Wed 3 Dec 2008 24,064 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2018.tmp"
Wed 29 Oct 2008 23,040 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2019.tmp"
Wed 3 Dec 2008 28,160 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2027.tmp"
Wed 29 Oct 2008 20,480 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2030.tmp"
Wed 29 Oct 2008 23,552 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2031.tmp"
Wed 3 Dec 2008 23,040 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2034.tmp"
Wed 29 Oct 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2047.tmp"
Wed 29 Oct 2008 24,576 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2048.tmp"
Wed 29 Oct 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2061.tmp"
Wed 3 Dec 2008 24,064 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2063.tmp"
Wed 29 Oct 2008 20,480 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2072.tmp"
Wed 3 Dec 2008 20,992 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2075.tmp"
Wed 29 Oct 2008 20,992 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2101.tmp"
Wed 29 Oct 2008 21,504 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2107.tmp"
Wed 29 Oct 2008 21,504 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2116.tmp"
Wed 3 Dec 2008 27,136 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2125.tmp"
Wed 3 Dec 2008 23,040 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2128.tmp"
Wed 29 Oct 2008 24,064 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2132.tmp"
Wed 3 Dec 2008 23,552 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2155.tmp"
Wed 29 Oct 2008 24,576 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2157.tmp"
Wed 3 Dec 2008 27,136 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2158.tmp"
Wed 29 Oct 2008 24,576 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2165.tmp"
Wed 29 Oct 2008 21,504 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2196.tmp"
Wed 3 Dec 2008 25,088 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2228.tmp"
Wed 29 Oct 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2236.tmp"
Wed 3 Dec 2008 28,160 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2240.tmp"
Wed 29 Oct 2008 24,064 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2243.tmp"
Wed 29 Oct 2008 20,992 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2257.tmp"
Wed 29 Oct 2008 24,064 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2273.tmp"
Wed 3 Dec 2008 25,088 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2279.tmp"
Wed 3 Dec 2008 27,648 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2291.tmp"
Wed 29 Oct 2008 22,016 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2299.tmp"
Wed 3 Dec 2008 27,136 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2313.tmp"
Wed 29 Oct 2008 20,992 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2318.tmp"
Wed 29 Oct 2008 22,016 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2323.tmp"
Wed 29 Oct 2008 21,504 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2327.tmp"
Wed 29 Oct 2008 20,480 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2340.tmp"
Wed 29 Oct 2008 21,504 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2341.tmp"
Wed 29 Oct 2008 20,992 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2345.tmp"
Wed 29 Oct 2008 21,504 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2356.tmp"
Wed 29 Oct 2008 23,552 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2375.tmp"
Wed 3 Dec 2008 20,992 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2381.tmp"
Wed 29 Oct 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2403.tmp"
Wed 29 Oct 2008 24,576 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2415.tmp"
Wed 29 Oct 2008 20,992 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2424.tmp"
Wed 3 Dec 2008 28,160 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2432.tmp"
Wed 3 Dec 2008 25,088 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2435.tmp"
Wed 3 Dec 2008 24,576 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2440.tmp"
Wed 29 Oct 2008 19,456 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2450.tmp"
Wed 29 Oct 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2454.tmp"
Wed 29 Oct 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2461.tmp"
Wed 3 Dec 2008 20,480 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2484.tmp"
Wed 29 Oct 2008 22,016 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2487.tmp"
Wed 3 Dec 2008 23,040 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2491.tmp"
Wed 3 Dec 2008 27,648 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2492.tmp"
Wed 3 Dec 2008 23,552 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2497.tmp"
Wed 3 Dec 2008 28,160 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2498.tmp"
Wed 29 Oct 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2512.tmp"
Wed 3 Dec 2008 20,480 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2513.tmp"
Wed 29 Oct 2008 23,040 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2529.tmp"
Wed 29 Oct 2008 25,088 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2554.tmp"
Wed 3 Dec 2008 24,576 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2558.tmp"
Wed 29 Oct 2008 24,064 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2565.tmp"
Wed 29 Oct 2008 20,480 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2580.tmp"
Wed 29 Oct 2008 22,016 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2599.tmp"
Wed 29 Oct 2008 21,504 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2601.tmp"
Wed 29 Oct 2008 22,016 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2608.tmp"
Wed 29 Oct 2008 20,992 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2618.tmp"
Wed 3 Dec 2008 28,672 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2619.tmp"
Wed 29 Oct 2008 20,480 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2620.tmp"
Wed 29 Oct 2008 21,504 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2630.tmp"
Wed 3 Dec 2008 24,064 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2644.tmp"
Wed 3 Dec 2008 29,696 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2662.tmp"
Wed 29 Oct 2008 22,016 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2671.tmp"
Wed 3 Dec 2008 25,088 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2683.tmp"
Wed 29 Oct 2008 20,480 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2688.tmp"
Wed 3 Dec 2008 23,040 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2704.tmp"
Wed 3 Dec 2008 25,600 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2711.tmp"
Wed 29 Oct 2008 20,992 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2719.tmp"
Wed 3 Dec 2008 27,136 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2727.tmp"
Wed 3 Dec 2008 23,040 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2729.tmp"
Wed 29 Oct 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2731.tmp"
Wed 29 Oct 2008 22,528 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2733.tmp"
Wed 3 Dec 2008 27,648 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2750.tmp"
Wed 3 Dec 2008 24,064 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2758.tmp"
Wed 3 Dec 2008 27,136 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2772.tmp"
Wed 3 Dec 2008 25,088 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2795.tmp"
Wed 29 Oct 2008 21,504 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2799.tmp"
Wed 29 Oct 2008 23,552 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2804.tmp"
Wed 3 Dec 2008 29,696 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2815.tmp"
Wed 3 Dec 2008 27,648 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2817.tmp"
Wed 29 Oct 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2818.tmp"
Wed 29 Oct 2008 20,992 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2849.tmp"
Wed 29 Oct 2008 20,480 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2871.tmp"
Wed 3 Dec 2008 24,576 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2883.tmp"
Wed 29 Oct 2008 24,064 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2886.tmp"
Wed 29 Oct 2008 20,480 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2889.tmp"
Wed 29 Oct 2008 25,088 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2930.tmp"
Wed 29 Oct 2008 20,480 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2949.tmp"
Wed 3 Dec 2008 27,648 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2950.tmp"
Wed 29 Oct 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2964.tmp"
Wed 3 Dec 2008 28,672 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2971.tmp"
Wed 29 Oct 2008 25,088 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2974.tmp"
Wed 29 Oct 2008 21,504 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2987.tmp"
Wed 3 Dec 2008 28,672 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2988.tmp"
Wed 29 Oct 2008 22,016 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2993.tmp"
Wed 29 Oct 2008 21,504 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL2998.tmp"
Wed 29 Oct 2008 24,576 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3005.tmp"
Wed 29 Oct 2008 20,992 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3017.tmp"
Wed 3 Dec 2008 25,088 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3020.tmp"
Wed 3 Dec 2008 26,624 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3036.tmp"
Wed 29 Oct 2008 20,992 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3056.tmp"
Wed 29 Oct 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3058.tmp"
Wed 3 Dec 2008 24,064 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3065.tmp"
Wed 29 Oct 2008 20,480 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3074.tmp"
Wed 29 Oct 2008 25,088 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3078.tmp"
Wed 3 Dec 2008 20,992 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3085.tmp"
Wed 3 Dec 2008 25,088 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3087.tmp"
Wed 3 Dec 2008 25,088 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3099.tmp"
Wed 29 Oct 2008 24,064 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3102.tmp"
Wed 29 Oct 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3104.tmp"
Wed 29 Oct 2008 20,992 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3107.tmp"
Wed 3 Dec 2008 25,088 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3108.tmp"
Wed 3 Dec 2008 28,672 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3111.tmp"
Wed 29 Oct 2008 21,504 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3117.tmp"
Wed 3 Dec 2008 29,184 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3118.tmp"
Wed 3 Dec 2008 28,160 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3128.tmp"
Wed 3 Dec 2008 27,648 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3155.tmp"
Wed 3 Dec 2008 23,040 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3156.tmp"
Wed 3 Dec 2008 25,600 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3168.tmp"
Wed 29 Oct 2008 21,504 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3176.tmp"
Wed 29 Oct 2008 25,088 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3179.tmp"
Wed 3 Dec 2008 24,064 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3185.tmp"
Wed 3 Dec 2008 20,480 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3209.tmp"
Wed 29 Oct 2008 20,480 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3211.tmp"
Wed 29 Oct 2008 20,480 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3212.tmp"
Wed 29 Oct 2008 22,016 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3221.tmp"
Wed 29 Oct 2008 21,504 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3236.tmp"
Wed 3 Dec 2008 27,136 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3238.tmp"
Wed 3 Dec 2008 22,016 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3244.tmp"
Wed 3 Dec 2008 23,040 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3254.tmp"
Wed 3 Dec 2008 28,160 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3255.tmp"
Wed 3 Dec 2008 22,016 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3269.tmp"
Wed 29 Oct 2008 20,480 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3280.tmp"
Wed 29 Oct 2008 21,504 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3287.tmp"
Wed 29 Oct 2008 22,016 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3294.tmp"
Wed 3 Dec 2008 27,136 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3297.tmp"
Wed 3 Dec 2008 25,088 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3304.tmp"
Wed 3 Dec 2008 28,672 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3308.tmp"
Wed 29 Oct 2008 20,480 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3315.tmp"
Wed 29 Oct 2008 22,016 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3325.tmp"
Wed 29 Oct 2008 24,576 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3326.tmp"
Wed 29 Oct 2008 23,040 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3335.tmp"
Wed 29 Oct 2008 21,504 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3342.tmp"
Wed 29 Oct 2008 21,504 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3343.tmp"
Wed 3 Dec 2008 27,136 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3348.tmp"
Wed 29 Oct 2008 24,576 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3351.tmp"
Wed 3 Dec 2008 26,624 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3356.tmp"
Wed 3 Dec 2008 24,064 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3391.tmp"
Wed 3 Dec 2008 29,184 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3399.tmp"
Wed 3 Dec 2008 24,064 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3402.tmp"
Wed 3 Dec 2008 25,088 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3413.tmp"
Wed 3 Dec 2008 23,040 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3430.tmp"
Wed 3 Dec 2008 27,648 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3454.tmp"
Wed 29 Oct 2008 24,064 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3458.tmp"
Wed 29 Oct 2008 20,992 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3482.tmp"
Wed 29 Oct 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3493.tmp"
Wed 3 Dec 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3494.tmp"
Wed 29 Oct 2008 23,040 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3496.tmp"
Wed 29 Oct 2008 22,016 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3517.tmp"
Wed 3 Dec 2008 27,136 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3518.tmp"
Wed 29 Oct 2008 20,992 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3519.tmp"
Wed 29 Oct 2008 20,480 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3521.tmp"
Wed 29 Oct 2008 20,480 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3540.tmp"
Wed 29 Oct 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3544.tmp"
Wed 29 Oct 2008 23,552 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3551.tmp"
Wed 29 Oct 2008 24,576 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3555.tmp"
Wed 29 Oct 2008 21,504 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3558.tmp"
Wed 3 Dec 2008 27,648 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3575.tmp"
Wed 3 Dec 2008 23,552 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3600.tmp"
Wed 29 Oct 2008 20,992 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3602.tmp"
Wed 3 Dec 2008 25,600 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3615.tmp"
Wed 29 Oct 2008 20,992 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3628.tmp"
Wed 29 Oct 2008 20,480 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3636.tmp"
Wed 29 Oct 2008 22,016 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3664.tmp"
Wed 29 Oct 2008 24,064 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3665.tmp"
Wed 29 Oct 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3675.tmp"
Wed 29 Oct 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3681.tmp"
Wed 29 Oct 2008 21,504 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3693.tmp"
Wed 3 Dec 2008 27,136 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3696.tmp"
Wed 3 Dec 2008 24,576 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3699.tmp"
Wed 3 Dec 2008 27,136 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3706.tmp"
Wed 3 Dec 2008 28,160 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3708.tmp"
Wed 29 Oct 2008 21,504 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3716.tmp"
Wed 3 Dec 2008 23,040 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3724.tmp"
Wed 29 Oct 2008 24,064 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3745.tmp"
Wed 3 Dec 2008 24,576 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3763.tmp"
Wed 3 Dec 2008 28,160 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3764.tmp"
Wed 3 Dec 2008 25,088 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3769.tmp"
Wed 29 Oct 2008 23,040 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3783.tmp"
Wed 29 Oct 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3791.tmp"
Wed 29 Oct 2008 24,576 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3792.tmp"
Wed 29 Oct 2008 23,552 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3795.tmp"
Wed 3 Dec 2008 24,576 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3796.tmp"
Wed 29 Oct 2008 22,016 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3799.tmp"
Wed 29 Oct 2008 24,576 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3800.tmp"
Wed 3 Dec 2008 24,064 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3804.tmp"
Wed 29 Oct 2008 24,064 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3810.tmp"
Wed 3 Dec 2008 27,136 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3826.tmp"
Wed 3 Dec 2008 24,064 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3828.tmp"
Wed 29 Oct 2008 20,992 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3830.tmp"
Wed 29 Oct 2008 24,064 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3831.tmp"
Wed 29 Oct 2008 21,504 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3842.tmp"
Wed 29 Oct 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3843.tmp"
Wed 29 Oct 2008 20,480 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3863.tmp"
Wed 29 Oct 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3866.tmp"
Wed 29 Oct 2008 24,576 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3879.tmp"
Wed 3 Dec 2008 29,184 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3889.tmp"
Wed 3 Dec 2008 27,648 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3901.tmp"
Wed 29 Oct 2008 20,992 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3911.tmp"
Wed 3 Dec 2008 28,672 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3915.tmp"
Wed 3 Dec 2008 26,624 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3924.tmp"
Wed 29 Oct 2008 24,576 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3926.tmp"
Wed 3 Dec 2008 19,968 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3950.tmp"
Wed 3 Dec 2008 27,136 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3962.tmp"
Wed 3 Dec 2008 29,184 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3965.tmp"
Wed 29 Oct 2008 20,992 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3988.tmp"
Wed 29 Oct 2008 22,016 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL3998.tmp"
Wed 3 Dec 2008 27,136 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL4006.tmp"
Wed 29 Oct 2008 20,992 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL4009.tmp"
Wed 3 Dec 2008 23,040 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL4017.tmp"
Wed 29 Oct 2008 20,992 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL4041.tmp"
Wed 29 Oct 2008 21,504 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL4044.tmp"
Wed 3 Dec 2008 25,088 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL4056.tmp"
Wed 29 Oct 2008 24,064 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL4061.tmp"
Wed 3 Dec 2008 28,160 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL4066.tmp"
Wed 3 Dec 2008 20,480 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL4084.tmp"
Wed 3 Dec 2008 27,136 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL4085.tmp"
Wed 29 Oct 2008 25,088 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL4097.tmp"
Wed 29 Oct 2008 22,528 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL4098.tmp"
Wed 29 Oct 2008 23,552 A..H. --- "C:\Documents and Settings\Damien\Desktop\DK Files\uni\Term1\3Wed\~WRL4099.tmp"
Tue 2 Sep 2003 0 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp"
Finished!
ComboFix 09-03-19.02 - Damien 2009-03-21 1:48:40.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.932.81.1033.18.2303.1830 [GMT -4:00]
Running from: c:\documents and settings\Damien\Desktop\ComboFix.exe
FW: Sygate Personal Firewall *disabled*
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\Damien\Local Settings\Tempals_inst.exe
c:\documents and settings\Grace\Local Settings\Temporary Internet Files\Tvm.log
c:\system32\HAL.DLL\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\system32\HAL.DLL\IE4 Error Log.txt
c:\system32\HAL.DLL\system32\abbawh.dll
c:\system32\HAL.DLL\system32\bbzohc.dll
c:\system32\HAL.DLL\system32\dujosiye.dll
c:\system32\HAL.DLL\system32\fatuzabe.dll
c:\system32\HAL.DLL\system32\gosofuwu.dll
c:\system32\HAL.DLL\system32\hszvum.dll
c:\system32\HAL.DLL\system32\kfgbaw.dll
c:\system32\HAL.DLL\system32\kifabibu.dll
c:\system32\HAL.DLL\system32\mutelupo.dll
c:\system32\HAL.DLL\system32\nawowami.dll
c:\system32\HAL.DLL\system32\neyiwafu.dll
c:\system32\HAL.DLL\system32\nukivupu.dll
c:\system32\HAL.DLL\system32\pokihuyi.dll
c:\system32\HAL.DLL\system32\qfefyx.dll
c:\system32\HAL.DLL\system32\tumazuba.dll
c:\system32\HAL.DLL\system32\uuubop.dll
c:\system32\HAL.DLL\system32\vimunama.dll
c:\system32\HAL.DLL\system32\vufosesa.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ICF
((((((((((((((((((((((((( Files Created from 2009-02-21 to 2009-03-21 )))))))))))))))))))))))))))))))
.
2009-03-20 20:19 . 2009-03-20 20:19 578,560 --a--c--- c:\system32\HAL.DLL\system32\dllcache\user32.dll
2009-03-20 20:08 . 2009-03-20 23:01 <DIR> d-------- C:\SDFix
2009-03-14 18:36 . 2009-03-14 18:35 410,984 --a------ c:\system32\HAL.DLL\system32\deploytk.dll
2009-03-14 18:36 . 2009-03-14 18:35 73,728 --a------ c:\system32\HAL.DLL\system32\javacpl.cpl
2009-03-13 13:34 . 2009-03-13 13:34 <DIR> dr------- c:\system32\HAL.DLL\Web
2009-03-13 13:34 . 2009-03-13 13:34 <DIR> d-------- c:\system32\HAL.DLL\twain_32
2009-03-13 13:34 . 2009-03-13 13:34 <DIR> d-------- c:\system32\HAL.DLL\system32\XPSViewer
2009-03-13 13:34 . 2009-03-13 13:34 <DIR> d-------- c:\system32\HAL.DLL\system32\Resource
2009-03-13 13:34 . 2009-03-13 13:34 <DIR> d-------- c:\system32\HAL.DLL\system32\MsDtc
2009-03-13 13:34 . 2009-03-13 13:34 <DIR> d---s---- c:\system32\HAL.DLL\system32\Microsoft
2009-03-13 13:34 . 2009-03-13 13:34 <DIR> d-------- c:\system32\HAL.DLL\system32\DRVSTORE
2009-03-13 02:30 . 2009-03-13 02:30 <DIR> d-------- c:\system32\HAL.DLL\Tasks(2)
2009-03-13 02:29 . 2009-03-13 13:33 <DIR> d---s---- c:\system32\HAL.DLL\system32\Microsoft(2)
2009-03-13 02:25 . 2009-03-13 02:25 <DIR> d-------- C:\_OTScanIt
2009-03-10 07:35 . 2009-03-10 07:35 <DIR> d-------- c:\system32\HAL.DLL\ERUNT
2009-03-09 22:22 . 2009-03-09 22:22 <DIR> d-------- C:\rsit
2009-03-09 13:41 . 2009-03-12 03:21 1,374 --a------ c:\system32\HAL.DLL\imsins.BAK
2009-03-09 13:33 . 2008-12-11 06:57 333,952 -----c--- c:\system32\HAL.DLL\system32\dllcache\srv.sys
2009-03-09 13:32 . 2008-08-14 06:11 2,189,184 -----c--- c:\system32\HAL.DLL\system32\dllcache\ntoskrnl.exe
2009-03-09 13:32 . 2008-08-14 06:09 2,145,280 -----c--- c:\system32\HAL.DLL\system32\dllcache\ntkrnlmp.exe
2009-03-09 13:32 . 2008-08-14 05:33 2,066,048 -----c--- c:\system32\HAL.DLL\system32\dllcache\ntkrnlpa.exe
2009-03-09 13:32 . 2008-08-14 05:33 2,023,936 -----c--- c:\system32\HAL.DLL\system32\dllcache\ntkrpamp.exe
2009-03-09 13:32 . 2008-09-15 08:12 1,846,400 -----c--- c:\system32\HAL.DLL\system32\dllcache\win32k.sys
2009-03-09 13:32 . 2008-09-04 13:15 1,106,944 -----c--- c:\system32\HAL.DLL\system32\dllcache\msxml3.dll
2009-03-09 13:32 . 2008-10-24 07:21 455,296 -----c--- c:\system32\HAL.DLL\system32\dllcache\mrxsmb.sys
2009-03-09 13:32 . 2008-10-15 12:34 337,408 -----c--- c:\system32\HAL.DLL\system32\dllcache\netapi32.dll
2009-03-09 13:31 . 2008-04-11 15:04 691,712 --a--c--- c:\system32\HAL.DLL\system32\dllcache\inetcomm.dll
2009-03-09 13:27 . 2008-10-16 14:07 23,576 --a------ c:\system32\HAL.DLL\system32\wuapi.dll.mui
2009-03-09 01:59 . 2009-03-09 02:20 1,835,082 ---hs---- c:\system32\HAL.DLL\system32\abuzamut.ini
2009-03-08 16:09 . 2009-03-08 16:09 <DIR> d-------- C:\VundoFix Backups
2009-03-08 13:58 . 2009-03-08 13:58 0 --a------ C:\-401084628
2009-03-08 01:59 . 2009-03-08 02:20 1,835,082 ---hs---- c:\system32\HAL.DLL\system32\ayufusel.ini
2009-03-07 18:42 . 2009-03-07 18:42 <DIR> d-------- c:\program files\ERUNT
2009-03-07 18:16 . 2009-03-17 23:19 <DIR> d-------- c:\program files\SpywareBlaster
2009-03-06 13:57 . 2009-03-06 13:57 2,713 ---hs---- c:\system32\HAL.DLL\system32\felazako.exe
2009-03-05 13:53 . 2009-03-09 19:40 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-05 13:53 . 2009-03-05 13:53 <DIR> d-------- c:\documents and settings\Damien\Application Data\Malwarebytes
2009-03-05 13:53 . 2009-03-05 13:53 <DIR> d-------- c:\documents and settings\All Users.HAL.DLL\Application Data\Malwarebytes
2009-03-05 13:53 . 2009-02-11 10:19 38,496 --a------ c:\system32\HAL.DLL\system32\drivers\mbamswissarmy.sys
2009-03-05 13:53 . 2009-02-11 10:19 15,504 --a------ c:\system32\HAL.DLL\system32\drivers\mbam.sys
2009-03-05 00:18 . 2009-03-17 23:18 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-03-05 00:18 . 2009-03-07 03:18 <DIR> d-------- c:\documents and settings\All Users.HAL.DLL\Application Data\Spybot - Search & Destroy
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-21 05:52 --------- d-----w c:\program files\SPAMfighter
2009-03-21 05:52 --------- d-----w c:\documents and settings\LocalService.NT AUTHORITY\Application Data\WTablet
2009-03-21 05:52 --------- d-----w c:\documents and settings\Damien\Application Data\WTablet
2009-03-19 02:39 --------- d---a-w c:\documents and settings\All Users.HAL.DLL\Application Data\TEMP
2009-03-14 22:34 --------- d-----w c:\program files\Java
2009-03-08 02:13 --------- d-----w c:\documents and settings\Damien\Application Data\dvdcss
2009-02-21 06:12 --------- d-----w c:\program files\Bonjour
2009-02-01 10:02 --------- d-----w c:\program files\Windows Live SkyDrive
2009-02-01 10:02 --------- d-----w c:\program files\Windows Live
2009-02-01 10:02 --------- d-----w c:\program files\Microsoft
2009-02-01 09:59 --------- d-----w c:\program files\Common Files\Windows Live
2009-01-30 23:05 --------- d-----w c:\program files\MSECACHE
2009-01-30 22:50 --------- d-----w c:\program files\Common Files\Application
2007-12-31 03:06 22,328 -c--a-w c:\documents and settings\Damien\Application Data\PnkBstrK.sys
2007-08-24 04:45 9,228,440 -c--a-w c:\program files\sygate562808.exe
2005-04-07 19:54 85 -c--a-w c:\documents and settings\Damien\delsmltr.bat
2005-04-05 22:14 2,513,056 -c--a-w c:\program files\spywareblastersetup33.exe
2005-04-05 21:44 2,636,408 -c--a-w c:\program files\aawsepersonal.exe
2005-03-21 13:42 85 -c--a-w c:\documents and settings\Little Bear\delsmltr.bat
2008-12-19 01:15 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-19 01:15 54,368 -c--a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-19 01:15 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-19 01:15 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-19 01:15 172,136 -c--a-w c:\program files\mozilla firefox\components\xpinstal.dll
2008-08-21 20:28 32,768 -csha-w c:\system32\HAL.DLL\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082120080822\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadwin PrintScreen 2.6"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2003-07-16 913408]
"igndlm.exe"="c:\program files\IGN\Download Manager\dlm.exe" [2008-08-01 1103216]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"ctfmon.exe"="c:\system32\HAL.DLL\system32\ctfmon.exe" [2008-04-13 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264]
"UpdReg"="c:\system32\HAL.DLL\UpdReg.EXE" [2000-05-11 90112]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-09-14 157592]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-28 622592]
"SetDefPrt"="c:\program files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 49152]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-04-10 61440]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]
"WinampAgent"="c:\progra~1\winamp\winampa.exe" [2008-01-15 37376]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"SPAMfighter Agent"="c:\program files\SPAMfighter\SFAgent.exe" [2009-01-28 325768]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-14 148888]
c:\documents and settings\Damien\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
c:\documents and settings\All Users.HAL.DLL\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
Monitor.lnk - c:\program files\SanDisk\SanDisk TransferMate\SD Monitor.exe [2007-07-16 114688]
NkvMon.exe.lnk - c:\program files\Nikon\NkView6\NkvMon.exe [2006-07-15 237568]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3"= c:\system32\HAL.DLL\system32\ctmp3.acm
"msacm.divxa32"= msaud32_divx.acm
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Damien\\My Documents\\HydraIRC\\HydraIRC.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"h:\\Games\\Steam\\SteamApps\\4davii\\counter-strike source\\hl2.exe"=
"c:\\Documents and Settings\\Damien\\My Documents\\Starcraft\\StarCraft.exe"=
"c:\\SYSTEM32\\HAL.DLL\\system32\\PnkBstrA.exe"=
"c:\\SYSTEM32\\HAL.DLL\\system32\\PnkBstrB.exe"=
"h:\\NOMADAPP\\Portable Programs\\W32\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\SYSTEM32\\HAL.DLL\\system32\\spoolsv.exe"=
"c:\\Program Files\\Symantec\\LiveUpdate\\AluSchedulerSvc.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [2009-01-28 184968]
R2 TabletServicePen;TabletServicePen;c:\system32\HAL.DLL\system32\Pen_Tablet.exe [2007-12-19 1373480]
S3 NPF;NetGroup Packet Filter Driver;c:\system32\HAL.DLL\system32\drivers\npf.sys [2007-11-06 34064]
S3 npkycryp;npkycryp;\??\i:\games\RO\npkycryp.sys --> i:\games\RO\npkycryp.sys [?]
S3 serb1;serb1;\??\c:\documents and settings\Damien\Desktop\MS\SerbioEngine\serbio.sys --> c:\documents and settings\Damien\Desktop\MS\SerbioEngine\serbio.sys [?]
S3 XDva020;XDva020;\??\c:\system32\HAL.DLL\system32\XDva020.sys --> c:\system32\HAL.DLL\system32\XDva020.sys [?]
S3 XDva090;XDva090;\??\c:\system32\HAL.DLL\system32\XDva090.sys --> c:\system32\HAL.DLL\system32\XDva090.sys [?]
S3 XDva190;XDva190;\??\c:\system32\HAL.DLL\system32\XDva190.sys --> c:\system32\HAL.DLL\system32\XDva190.sys [?]
S3 XDva234;XDva234;\??\c:\system32\HAL.DLL\system32\XDva234.sys --> c:\system32\HAL.DLL\system32\XDva234.sys [?]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\autoplay.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\ONSPCLCK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\ONSPCLCK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e8acf68-fd02-11dc-835a-001225f5bd63}]
\Shell\AutoRun\command - I:\ONSPCLCK.exe
.
- - - - ORPHANS REMOVED - - - -
BHO-{f11e4ae0-fa5c-4387-8e12-f2a5ea40af58} - (no file)
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - c:\program files\QuickTax 2007\ic2007pp.dll
Handler: intu-tw2005 - {409C9F3B-A432-4259-8526-F8F02EB9A652} - c:\program files\TAXWIZ 2005\TW2005\ic2005pp.dll
DPF: DirectAnimation Java Classes - file://c:\system32\HAL.DLL\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\system32\HAL.DLL\Java\classes\xmldso.cab
DPF: {377FF862-62E0-4F33-B6E5-F58E0BC0F209} - hxxp://login.hanbiton.com/cab/NLSnSSO.cab
DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} - hxxp://www.netmarble.jp/_common/cab/NMJTransX.cab
DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://dist.cdnetworks.co.jp/cdndist/neffy/NeffyLauncher_v1013.cab
DPF: {B01AAFA1-2478-44A3-8894-BE4D4C23C271} - hxxp://ge.clubhanbit.jp/launcher/GELauncher.cab
DPF: {F58E877C-4F14-4805-B2D2-EB48927C7580} - hxxp://dist.cdnetworks.co.kr/cdndist/streamport/SPort.cab
FF - ProfilePath - c:\documents and settings\Damien\Application Data\Mozilla\Firefox\Profiles\tfover0z.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.ocad.ca/home.htm
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-21 01:53:11
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-823518204-507921405-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\OLE\J0c0q0D0n0虐�€4*8*]
"Order"=hex:08,00,00,00,02,00,00,00,96,01,00,00,01,00,00,00,03,00,00,00,74,00,
00,00,00,00,00,00,66,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,54,00,32,\
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="A6AD13F8A5DCC26F98683400B69FE63ED6F8405D8A1698CDBAB673F6A1A74C97AC61B4C19DF3310C856D8D60654BA1120735AB0FE807BF62D56E7E5FE2A2072310F1D645363105E4F2D3A1F3591D11E0064EAE8953B59D9164F7830DBE9217168CD0C5BA6B4651634211AF9B8757874F01DB16FB5498E560FDB3829D7A4631EFC041534B5DF36C26BCEE79B105531B3986CE388B9EBE91039BD480A3011ECE65AE5E57184C136FFD0C0CC6808FFD29AD8DE86BD285495BE8996207A36012AC5F3C1328B4228E3970C1D9E0C8865550EC6C408A5D836DC4AE3B39A11AC82CCC7A3421A62566656B37CE1D973FFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667C038D530D6EB3452C038D530D6EB3452A2D97226D213B5554F6EBEBADED40E0E6034C7CF6A55B3870D469CB474D1000C3561F023DE95E06724964286395FB42CA302C2B5ACBBBD4CAEC5DDF26932AA88245F44C22CB52B299844870FCCF1190FA9D3CC1DE4622A8E6F9807D17D3EBC99F1D94B44D9A9AABEB5782B263E462EF655209FF4DD855D3B2DCC13FD45562DFA1514E234621986512B4A07D612686F14ADF3BBE347374431E680C0D9B8B3F75725E02BD0A9FEEAF7C9E43F5DB43BDA905DEC6143B45F4DC4406914FCB5DF1B51DFAA870E732D8BC208853728F2F07105333F96201DB3E9BE814ED232F9BA9CFC27EE211469C49932FE7F975E7E15B702A2B1263D5C459059168D0AF6ABF483E27DBEE2BD1ABF50BD6D374F56EF81398943209D0FB2F3BC478E9586FDD218DA028CBFFC1A75E86B4EB4A80F9EC0E703134DF850404177ED2A1E6C5DAEDCFCB2C9A1A9656D525F2A42DAE2CAF64F4E260AA1BF542C12D7259B1D29E5A218D21E202F4BD2AF6819536B89843DD2DD8CB84D448C02668D736AA607F639A83B9CB55C4785418B565B2F900FC7E15B92CF532F590AF9B4067BC6CB7C98B7C35D31154DA44E71611DC389EADD757BED78981677AD771C0EAC77CAFEC1E0052A7ABADA33242EE7C3A241B3A88AEA0F1A7D3B216130A88FA29ABF88A8BC3908C5F3382C444541EB7A309781EC4F1B64A5F460199AF104BE52CA0295A3FB9CEA360EFCAE28AEBA0A01F15F4CCB8B0D09079307A9482C05D7341CC08CC1AC9B9E4DF03010FB285F12877A0370D040DA4F6CF4FC7F7FB83BCC90D1D10F4525D95591294BFDD11F8819F0BFC24F799132CB371868CBCB964A536593DE3B675C12853DA69E2EADA423F5D419334D384CD4D6785DC2442C686966636D64BBD3EC0E6ABF3ECAD688EC31C57FC6BB52F1DC1A8EFB8DD7A415F4624371CDB539AA19AE843BA848344FD046696FE697CA82D3EB543E51C8276BA795EC2888F7E1FE4369960781610664CD0D035802D62936E9C84CEC"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(748)
c:\system32\HAL.DLL\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\system32\HAL.DLL\system32\ati2evxx.exe
c:\system32\HAL.DLL\system32\ati2evxx.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\system32\HAL.DLL\system32\CTsvcCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\system32\HAL.DLL\system32\PnkBstrA.exe
c:\system32\HAL.DLL\system32\MsPMSPSv.exe
c:\system32\HAL.DLL\system32\WTablet\Pen_TabletUser.exe
c:\system32\HAL.DLL\system32\conime.exe
c:\system32\HAL.DLL\system32\wscntfy.exe
c:\program files\Brother\ControlCenter3\BrccMCtl.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\system32\HAL.DLL\system32\msiexec.exe
c:\program files\Brother\Brmfcmon\BrMfcMon.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Completion time: 2009-03-21 2:02:13 - machine was rebooted [Damien]
ComboFix-quarantined-files.txt 2009-03-21 06:02:10
Pre-Run: 38,001,938,432 bytes free
Post-Run: 38,004,625,408 bytes free
275 --- E O F --- 2007-11-30 04:41:51
~~~~~~~
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:03:34 AM, on 21/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\SYSTEM32\HAL.DLL\System32\smss.exe
C:\SYSTEM32\HAL.DLL\system32\winlogon.exe
C:\SYSTEM32\HAL.DLL\system32\services.exe
C:\SYSTEM32\HAL.DLL\system32\lsass.exe
C:\SYSTEM32\HAL.DLL\system32\Ati2evxx.exe
C:\SYSTEM32\HAL.DLL\system32\svchost.exe
C:\SYSTEM32\HAL.DLL\System32\svchost.exe
C:\SYSTEM32\HAL.DLL\system32\Ati2evxx.exe
C:\SYSTEM32\HAL.DLL\system32\svchost.exe
C:\SYSTEM32\HAL.DLL\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\SYSTEM32\HAL.DLL\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\SYSTEM32\HAL.DLL\system32\PnkBstrA.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\SYSTEM32\HAL.DLL\System32\svchost.exe
C:\SYSTEM32\HAL.DLL\system32\Pen_Tablet.exe
C:\SYSTEM32\HAL.DLL\system32\MsPMSPSv.exe
C:\SYSTEM32\HAL.DLL\system32\WTablet\Pen_TabletUser.exe
C:\SYSTEM32\HAL.DLL\system32\Pen_Tablet.exe
C:\SYSTEM32\HAL.DLL\system32\conime.exe
C:\SYSTEM32\HAL.DLL\system32\wscntfy.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\progra~1\winamp\winampa.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Messenger\msmsgs.exe
C:\SYSTEM32\HAL.DLL\system32\ctfmon.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\SYSTEM32\HAL.DLL\explorer.exe
C:\Documents and Settings\Damien\Desktop\Damien.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\SYSTEM32\HAL.DLL\UpdReg.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [WinampAgent] c:\progra~1\winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Gadwin PrintScreen 2.6] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\dlm.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\SYSTEM32\HAL.DLL\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\SYSTEM32\HAL.DLL\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\SYSTEM32\HAL.DLL\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://www.gamescampus.com/xiah/luncher/GamesCampus.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://www.epost.ca/printing/smsx.cab
O16 - DPF: {377FF862-62E0-4F33-B6E5-F58E0BC0F209} (NlsComm Component Class) - http://login.hanbiton.com/cab/NLSnSSO.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by118fd.bay118.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1236619636953
O16 - DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} (NMJTransX Control) - http://www.netmarble.jp/_common/cab/NMJTransX.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.cdnetworks.co.jp/cdndist/neffy/NeffyLauncher_v1013.cab
O16 - DPF: {B01AAFA1-2478-44A3-8894-BE4D4C23C271} (HLauncher Control) - http://ge.clubhanbit.jp/launcher/GELauncher.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab
O16 - DPF: {F58E877C-4F14-4805-B2D2-EB48927C7580} (NeffyManSpLauncherCtl Class) - http://dist.cdnetworks.co.kr/cdndist/streamport/SPort.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.2.1.cab
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O18 - Protocol: intu-tw2005 - {409C9F3B-A432-4259-8526-F8F02EB9A652} - C:\Program Files\TAXWIZ 2005\TW2005\ic2005pp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\SYSTEM32\HAL.DLL\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\SYSTEM32\HAL.DLL\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\SYSTEM32\HAL.DLL\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\SYSTEM32\HAL.DLL\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\SYSTEM32\HAL.DLL\system32\Pen_Tablet.exe
--
End of file - 12245 bytes
Hi 4daVii
1 - Run CFScript
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:
File::
c:\system32\HAL.DLL\system32\abuzamut.ini
C:\-401084628
c:\system32\HAL.DLL\system32\ayufusel.ini
c:\system32\HAL.DLL\system32\felazako.exe
C:\SYSTEM32\HAL.DLL\system32\simonuha.dll
Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
2 - Run Malwarebytes' Anti-Malware
Open Malwarebytes' Anti-Malware
Select the Update tab
Click Check for Updates
After the update have been completed, Select the Scanner tab.
Perform full scan, then click on Scan.
Leave the default options as it is and click on Start Scan.
When done, you will be prompted. Click OK, then click on Show Results.
Checked (ticked) all items except items in the System Volume Information folder and click on Remove Selected.
http://i35.photobucket.com/albums/d165/ndmmxiaomayi/mayi/mbam1.png
After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest.
3 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad
4 - Status Check
Please reply with
1. the ComboFix log(C:\ComboFix.txt)
2. the Malwarebytes' Anti-Malware Log
3. a fresh HijackThis log
Thanks peku006
Hi peku006
What is CFScript?
Hi 4daVii
What is CFScript?
we used "CFScript.txt" to remove files and folders...ect.. with Combofix
Do you have a problem with it ?
Thanks peku006
No problem, just wanted to know where to find it.
Sorry, about the confusion, I didn't read the entire step when you posted Run CFScript, I thought it was a program at first. :red:
ComboFix 09-03-22.01 - Damien 2009-03-23 12:06:14.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.932.81.1033.18.2303.1830 [GMT -4:00]
Running from: c:\documents and settings\Damien\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Damien\Desktop\CFScript.txt
FW: Sygate Personal Firewall *disabled*
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-02-23 to 2009-03-23 )))))))))))))))))))))))))))))))
.
2009-03-20 20:19 . 2009-03-20 20:19 578,560 --a--c--- c:\system32\HAL.DLL\system32\dllcache\user32.dll
2009-03-20 20:08 . 2009-03-20 23:01 <DIR> d-------- C:\SDFix
2009-03-14 18:36 . 2009-03-14 18:35 410,984 --a------ c:\system32\HAL.DLL\system32\deploytk.dll
2009-03-14 18:36 . 2009-03-14 18:35 73,728 --a------ c:\system32\HAL.DLL\system32\javacpl.cpl
2009-03-13 13:34 . 2009-03-13 13:34 <DIR> dr------- c:\system32\HAL.DLL\Web
2009-03-13 13:34 . 2009-03-13 13:34 <DIR> d-------- c:\system32\HAL.DLL\twain_32
2009-03-13 13:34 . 2009-03-13 13:34 <DIR> d-------- c:\system32\HAL.DLL\system32\XPSViewer
2009-03-13 13:34 . 2009-03-13 13:34 <DIR> d-------- c:\system32\HAL.DLL\system32\Resource
2009-03-13 13:34 . 2009-03-13 13:34 <DIR> d-------- c:\system32\HAL.DLL\system32\MsDtc
2009-03-13 13:34 . 2009-03-13 13:34 <DIR> d---s---- c:\system32\HAL.DLL\system32\Microsoft
2009-03-13 13:34 . 2009-03-13 13:34 <DIR> d-------- c:\system32\HAL.DLL\system32\DRVSTORE
2009-03-13 02:30 . 2009-03-13 02:30 <DIR> d-------- c:\system32\HAL.DLL\Tasks(2)
2009-03-13 02:29 . 2009-03-13 13:33 <DIR> d---s---- c:\system32\HAL.DLL\system32\Microsoft(2)
2009-03-13 02:25 . 2009-03-13 02:25 <DIR> d-------- C:\_OTScanIt
2009-03-11 07:49 . 2009-01-09 15:19 1,089,593 -----c--- c:\system32\HAL.DLL\system32\dllcache\ntprint.cat
2009-03-10 07:35 . 2009-03-10 07:35 <DIR> d-------- c:\system32\HAL.DLL\ERUNT
2009-03-09 22:22 . 2009-03-09 22:22 <DIR> d-------- C:\rsit
2009-03-09 13:41 . 2009-03-21 17:04 1,374 --a------ c:\system32\HAL.DLL\imsins.BAK
2009-03-09 13:33 . 2008-12-11 06:57 333,952 -----c--- c:\system32\HAL.DLL\system32\dllcache\srv.sys
2009-03-09 13:32 . 2008-08-14 06:11 2,189,184 -----c--- c:\system32\HAL.DLL\system32\dllcache\ntoskrnl.exe
2009-03-09 13:32 . 2008-08-14 06:09 2,145,280 -----c--- c:\system32\HAL.DLL\system32\dllcache\ntkrnlmp.exe
2009-03-09 13:32 . 2008-08-14 05:33 2,066,048 -----c--- c:\system32\HAL.DLL\system32\dllcache\ntkrnlpa.exe
2009-03-09 13:32 . 2008-08-14 05:33 2,023,936 -----c--- c:\system32\HAL.DLL\system32\dllcache\ntkrpamp.exe
2009-03-09 13:32 . 2009-02-09 07:13 1,846,784 -----c--- c:\system32\HAL.DLL\system32\dllcache\win32k.sys
2009-03-09 13:32 . 2008-09-04 13:15 1,106,944 -----c--- c:\system32\HAL.DLL\system32\dllcache\msxml3.dll
2009-03-09 13:32 . 2008-10-24 07:21 455,296 -----c--- c:\system32\HAL.DLL\system32\dllcache\mrxsmb.sys
2009-03-09 13:32 . 2008-10-15 12:34 337,408 -----c--- c:\system32\HAL.DLL\system32\dllcache\netapi32.dll
2009-03-09 13:31 . 2008-04-11 15:04 691,712 --a--c--- c:\system32\HAL.DLL\system32\dllcache\inetcomm.dll
2009-03-09 13:27 . 2008-10-16 14:07 23,576 --a------ c:\system32\HAL.DLL\system32\wuapi.dll.mui
2009-03-09 01:59 . 2009-03-09 02:20 1,835,082 ---hs---- c:\system32\HAL.DLL\system32\abuzamut.ini
2009-03-08 16:09 . 2009-03-08 16:09 <DIR> d-------- C:\VundoFix Backups
2009-03-08 13:58 . 2009-03-08 13:58 0 --a------ C:\-401084628
2009-03-08 01:59 . 2009-03-08 02:20 1,835,082 ---hs---- c:\system32\HAL.DLL\system32\ayufusel.ini
2009-03-07 18:42 . 2009-03-07 18:42 <DIR> d-------- c:\program files\ERUNT
2009-03-07 18:16 . 2009-03-17 23:19 <DIR> d-------- c:\program files\SpywareBlaster
2009-03-06 13:57 . 2009-03-06 13:57 2,713 ---hs---- c:\system32\HAL.DLL\system32\felazako.exe
2009-03-05 13:53 . 2009-03-09 19:40 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-05 13:53 . 2009-03-05 13:53 <DIR> d-------- c:\documents and settings\Damien\Application Data\Malwarebytes
2009-03-05 13:53 . 2009-03-05 13:53 <DIR> d-------- c:\documents and settings\All Users.HAL.DLL\Application Data\Malwarebytes
2009-03-05 13:53 . 2009-02-11 10:19 38,496 --a------ c:\system32\HAL.DLL\system32\drivers\mbamswissarmy.sys
2009-03-05 13:53 . 2009-02-11 10:19 15,504 --a------ c:\system32\HAL.DLL\system32\drivers\mbam.sys
2009-03-05 00:18 . 2009-03-17 23:18 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-03-05 00:18 . 2009-03-07 03:18 <DIR> d-------- c:\documents and settings\All Users.HAL.DLL\Application Data\Spybot - Search & Destroy
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-23 12:44 --------- d-----w c:\program files\SPAMfighter
2009-03-21 21:12 --------- d---a-w c:\documents and settings\All Users.HAL.DLL\Application Data\TEMP
2009-03-21 21:09 --------- d-----w c:\documents and settings\LocalService.NT AUTHORITY\Application Data\WTablet
2009-03-21 21:09 --------- d-----w c:\documents and settings\Damien\Application Data\WTablet
2009-03-21 07:30 --------- d-----w c:\documents and settings\Damien\Application Data\dvdcss
2009-03-21 06:14 --------- d-----w c:\program files\Winamp
2009-03-21 06:12 --------- d-----w c:\documents and settings\Damien\Application Data\Winamp
2009-03-14 22:34 --------- d-----w c:\program files\Java
2009-03-08 17:58 14,336 ----a-w c:\system32\HAL.DLL\system32\svchost.exe
2009-03-08 17:58 102,400 --sha-w c:\system32\HAL.DLL\system32\simonuha.dll
2009-02-21 06:12 --------- d-----w c:\program files\Bonjour
2009-02-11 02:43 98,304 -c--a-w c:\system32\HAL.DLL\system32\CmdLineExt.dll
2009-02-09 11:13 1,846,784 ----a-w c:\system32\HAL.DLL\system32\win32k.sys
2009-02-06 23:52 49,504 ----a-w c:\system32\HAL.DLL\system32\sirenacm.dll
2009-02-01 10:02 --------- d-----w c:\program files\Windows Live SkyDrive
2009-02-01 10:02 --------- d-----w c:\program files\Windows Live
2009-02-01 10:02 --------- d-----w c:\program files\Microsoft
2009-02-01 09:59 --------- d-----w c:\program files\Common Files\Windows Live
2009-01-30 23:05 --------- d-----w c:\program files\MSECACHE
2009-01-30 22:50 --------- d-----w c:\program files\Common Files\Application
2007-12-31 03:06 22,328 -c--a-w c:\documents and settings\Damien\Application Data\PnkBstrK.sys
2007-08-24 04:45 9,228,440 -c--a-w c:\program files\sygate562808.exe
2005-04-07 19:54 85 -c--a-w c:\documents and settings\Damien\delsmltr.bat
2005-04-05 22:14 2,513,056 -c--a-w c:\program files\spywareblastersetup33.exe
2005-04-05 21:44 2,636,408 -c--a-w c:\program files\aawsepersonal.exe
2005-03-21 13:42 85 -c--a-w c:\documents and settings\Little Bear\delsmltr.bat
2008-12-19 01:15 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-19 01:15 54,368 -c--a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-19 01:15 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-19 01:15 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-19 01:15 172,136 -c--a-w c:\program files\mozilla firefox\components\xpinstal.dll
2008-08-21 20:28 32,768 -csha-w c:\system32\HAL.DLL\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082120080822\index.dat
.
((((((((((((((((((((((((((((( SnapShot@2009-03-21_ 2.00.39.73 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-09 11:08:53 1,847,552 ----a-w c:\system32\HAL.DLL\$hf_mig$\KB958690\SP3QFE\win32k.sys
+ 2008-07-09 07:38:24 17,272 ----a-w c:\system32\HAL.DLL\$hf_mig$\KB958690\spmsg.dll
+ 2008-07-09 07:38:25 231,288 ----a-w c:\system32\HAL.DLL\$hf_mig$\KB958690\spuninst.exe
+ 2008-07-09 07:38:24 26,488 ----a-w c:\system32\HAL.DLL\$hf_mig$\KB958690\update\spcustom.dll
+ 2008-07-09 07:38:29 755,576 ----a-w c:\system32\HAL.DLL\$hf_mig$\KB958690\update\update.exe
+ 2008-07-09 07:38:37 382,840 ----a-w c:\system32\HAL.DLL\$hf_mig$\KB958690\update\updspapi.dll
+ 2008-12-05 06:58:08 144,896 ----a-w c:\system32\HAL.DLL\$hf_mig$\KB960225\SP3QFE\schannel.dll
+ 2007-11-30 11:18:51 17,272 ----a-w c:\system32\HAL.DLL\$hf_mig$\KB960225\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\system32\HAL.DLL\$hf_mig$\KB960225\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\system32\HAL.DLL\$hf_mig$\KB960225\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\system32\HAL.DLL\$hf_mig$\KB960225\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\system32\HAL.DLL\$hf_mig$\KB960225\update\updspapi.dll
+ 2008-07-09 07:38:25 231,288 -c----w c:\system32\HAL.DLL\$NtUninstallKB958690$\spuninst\spuninst.exe
+ 2008-07-09 07:38:37 382,840 -c----w c:\system32\HAL.DLL\$NtUninstallKB958690$\spuninst\updspapi.dll
+ 2008-09-15 12:12:56 1,846,400 -c----w c:\system32\HAL.DLL\$NtUninstallKB958690$\win32k.sys
+ 2007-07-27 13:41:48 231,288 -c----w c:\system32\HAL.DLL\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe
+ 2007-07-27 13:41:48 382,840 -c----w c:\system32\HAL.DLL\$NtUninstallKB959772_WM11$\spuninst\updspapi.dll
+ 2007-06-12 03:51:12 10,834,944 -c----w c:\system32\HAL.DLL\$NtUninstallKB959772_WM11$\wmp.dll
+ 2008-04-14 00:12:05 144,384 -c----w c:\system32\HAL.DLL\$NtUninstallKB960225$\schannel.dll
+ 2007-11-30 11:18:51 231,288 -c----w c:\system32\HAL.DLL\$NtUninstallKB960225$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w c:\system32\HAL.DLL\$NtUninstallKB960225$\spuninst\updspapi.dll
+ 2007-11-30 11:18:51 231,288 -c----w c:\system32\HAL.DLL\$NtUninstallKB961118$\spuninst\spuninst.exe
+ 2007-11-30 11:18:51 382,840 -c----w c:\system32\HAL.DLL\$NtUninstallKB961118$\spuninst\updspapi.dll
+ 2008-12-05 06:54:55 144,896 -c----w c:\system32\HAL.DLL\system32\dllcache\schannel.dll
- 2009-03-19 02:33:22 1,641,208 ----a-w c:\system32\HAL.DLL\system32\FNTCACHE.DAT
+ 2009-03-21 21:09:27 1,641,208 ----a-w c:\system32\HAL.DLL\system32\FNTCACHE.DAT
- 2009-02-12 00:56:18 21,244,872 ----a-w c:\system32\HAL.DLL\system32\MRT.exe
+ 2009-02-25 20:54:59 24,768,960 ----a-w c:\system32\HAL.DLL\system32\MRT.exe
- 2007-07-30 23:19:04 207,736 ----a-w c:\system32\HAL.DLL\system32\muweb.dll
+ 2008-10-16 18:07:48 208,744 ----a-w c:\system32\HAL.DLL\system32\muweb.dll
- 2008-04-14 00:12:05 144,384 ----a-w c:\system32\HAL.DLL\system32\schannel.dll
+ 2008-12-05 06:54:55 144,896 ----a-w c:\system32\HAL.DLL\system32\schannel.dll
- 2008-07-09 07:38:24 17,272 ----a-w c:\system32\HAL.DLL\system32\spmsg.dll
+ 2007-07-27 13:41:40 16,760 ------w c:\system32\HAL.DLL\system32\spmsg.dll
- 2007-11-30 11:18:51 26,488 ----a-w c:\system32\HAL.DLL\system32\spupdsvc.exe
+ 2007-07-27 13:41:38 26,488 ----a-w c:\system32\HAL.DLL\system32\spupdsvc.exe
- 2007-06-12 03:51:12 10,834,944 ------w c:\system32\HAL.DLL\system32\wmp.dll
+ 2008-11-11 22:34:42 10,838,016 ------w c:\system32\HAL.DLL\system32\wmp.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadwin PrintScreen 2.6"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2003-07-16 913408]
"igndlm.exe"="c:\program files\IGN\Download Manager\dlm.exe" [2008-08-01 1103216]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"ctfmon.exe"="c:\system32\HAL.DLL\system32\ctfmon.exe" [2008-04-13 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264]
"UpdReg"="c:\system32\HAL.DLL\UpdReg.EXE" [2000-05-11 90112]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-09-14 157592]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-28 622592]
"SetDefPrt"="c:\program files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 49152]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-04-10 61440]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"SPAMfighter Agent"="c:\program files\SPAMfighter\SFAgent.exe" [2009-01-28 325768]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-14 148888]
c:\documents and settings\Damien\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
c:\documents and settings\All Users.HAL.DLL\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
Monitor.lnk - c:\program files\SanDisk\SanDisk TransferMate\SD Monitor.exe [2007-07-16 114688]
NkvMon.exe.lnk - c:\program files\Nikon\NkView6\NkvMon.exe [2006-07-15 237568]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3"= c:\system32\HAL.DLL\system32\ctmp3.acm
"msacm.divxa32"= msaud32_divx.acm
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Damien\\My Documents\\HydraIRC\\HydraIRC.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"h:\\Games\\Steam\\SteamApps\\4davii\\counter-strike source\\hl2.exe"=
"c:\\Documents and Settings\\Damien\\My Documents\\Starcraft\\StarCraft.exe"=
"c:\\SYSTEM32\\HAL.DLL\\system32\\PnkBstrA.exe"=
"c:\\SYSTEM32\\HAL.DLL\\system32\\PnkBstrB.exe"=
"h:\\NOMADAPP\\Portable Programs\\W32\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\SYSTEM32\\HAL.DLL\\system32\\spoolsv.exe"=
"c:\\Program Files\\Symantec\\LiveUpdate\\AluSchedulerSvc.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [2009-01-28 184968]
R3 XDva190;XDva190;\??\c:\system32\HAL.DLL\system32\XDva190.sys --> c:\system32\HAL.DLL\system32\XDva190.sys [?]
S2 TabletServicePen;TabletServicePen;c:\system32\HAL.DLL\system32\Pen_Tablet.exe [2007-12-19 1373480]
S3 NPF;NetGroup Packet Filter Driver;c:\system32\HAL.DLL\system32\drivers\npf.sys [2007-11-06 34064]
S3 npkycryp;npkycryp;\??\i:\games\RO\npkycryp.sys --> i:\games\RO\npkycryp.sys [?]
S3 serb1;serb1;\??\c:\documents and settings\Damien\Desktop\MS\SerbioEngine\serbio.sys --> c:\documents and settings\Damien\Desktop\MS\SerbioEngine\serbio.sys [?]
S3 XDva020;XDva020;\??\c:\system32\HAL.DLL\system32\XDva020.sys --> c:\system32\HAL.DLL\system32\XDva020.sys [?]
S3 XDva090;XDva090;\??\c:\system32\HAL.DLL\system32\XDva090.sys --> c:\system32\HAL.DLL\system32\XDva090.sys [?]
S3 XDva234;XDva234;\??\c:\system32\HAL.DLL\system32\XDva234.sys --> c:\system32\HAL.DLL\system32\XDva234.sys [?]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\autoplay.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\ONSPCLCK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\ONSPCLCK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e8acf68-fd02-11dc-835a-001225f5bd63}]
\Shell\AutoRun\command - I:\ONSPCLCK.exe
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - c:\program files\QuickTax 2007\ic2007pp.dll
Handler: intu-tw2005 - {409C9F3B-A432-4259-8526-F8F02EB9A652} - c:\program files\TAXWIZ 2005\TW2005\ic2005pp.dll
DPF: DirectAnimation Java Classes - file://c:\system32\HAL.DLL\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\system32\HAL.DLL\Java\classes\xmldso.cab
DPF: {377FF862-62E0-4F33-B6E5-F58E0BC0F209} - hxxp://login.hanbiton.com/cab/NLSnSSO.cab
DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} - hxxp://www.netmarble.jp/_common/cab/NMJTransX.cab
DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://dist.cdnetworks.co.jp/cdndist/neffy/NeffyLauncher_v1013.cab
DPF: {B01AAFA1-2478-44A3-8894-BE4D4C23C271} - hxxp://ge.clubhanbit.jp/launcher/GELauncher.cab
DPF: {F58E877C-4F14-4805-B2D2-EB48927C7580} - hxxp://dist.cdnetworks.co.kr/cdndist/streamport/SPort.cab
FF - ProfilePath - c:\documents and settings\Damien\Application Data\Mozilla\Firefox\Profiles\tfover0z.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.ocad.ca/home.htm
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-23 12:13:16
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-823518204-507921405-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\OLE\J0c0q0D0n0虐�€4*8*]
"Order"=hex:08,00,00,00,02,00,00,00,96,01,00,00,01,00,00,00,03,00,00,00,74,00,
00,00,00,00,00,00,66,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,54,00,32,\
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="A6AD13F8A5DCC26F98683400B69FE63ED6F8405D8A1698CDBAB673F6A1A74C97AC61B4C19DF3310C856D8D60654BA1120735AB0FE807BF62D56E7E5FE2A2072310F1D645363105E4F2D3A1F3591D11E0064EAE8953B59D9164F7830DBE9217168CD0C5BA6B4651634211AF9B8757874F01DB16FB5498E560FDB3829D7A4631EFC041534B5DF36C26BCEE79B105531B3986CE388B9EBE91039BD480A3011ECE65AE5E57184C136FFD0C0CC6808FFD29AD8DE86BD285495BE8996207A36012AC5F3C1328B4228E3970C1D9E0C8865550EC6C408A5D836DC4AE3B39A11AC82CCC7A3421A62566656B37CE1D973FFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667C038D530D6EB3452C038D530D6EB3452A2D97226D213B5554F6EBEBADED40E0E6034C7CF6A55B3870D469CB474D1000C3561F023DE95E06724964286395FB42CA302C2B5ACBBBD4CAEC5DDF26932AA88245F44C22CB52B299844870FCCF1190FA9D3CC1DE4622A8E6F9807D17D3EBC99F1D94B44D9A9AABEB5782B263E462EF655209FF4DD855D3B2DCC13FD45562DFA1514E234621986512B4A07D612686F14ADF3BBE347374431E680C0D9B8B3F75725E02BD0A9FEEAF7C9E43F5DB43BDA905DEC6143B45F4DC4406914FCB5DF1B51DFAA870E732D8BC208853728F2F07105333F96201DB3E9BE814ED232F9BA9CFC27EE211469C49932FE7F975E7E15B702A2B1263D5C459059168D0AF6ABF483E27DBEE2BD1ABF50BD6D374F56EF81398943209D0FB2F3BC478E9586FDD218DA028CBFFC1A75E86B4EB4A80F9EC0E703134DF850404177ED2A1E6C5DAEDCFCB2C9A1A9656D525F2A42DAE2CAF64F4E260AA1BF542C12D7259B1D29E5A218D21E202F4BD2AF6819536B89843DD2DD8CB84D448C02668D736AA607F639A83B9CB55C4785418B565B2F900FC7E15B92CF532F590AF9B4067BC6CB7C98B7C35D31154DA44E71611DC389EADD757BED78981677AD771C0EAC77CAFEC1E0052A7ABADA33242EE7C3A241B3A88AEA0F1A7D3B216130A88FA29ABF88A8BC3908C5F3382C444541EB7A309781EC4F1B64A5F460199AF104BE52CA0295A3FB9CEA360EFCAE28AEBA0A01F15F4CCB8B0D09079307A9482C05D7341CC08CC1AC9B9E4DF03010FB285F12877A0370D040DA4F6CF4FC7F7FB83BCC90D1D10F4525D95591294BFDD11F8819F0BFC24F799132CB371868CBCB964A536593DE3B675C12853DA69E2EADA423F5D419334D384CD4D6785DC2442C686966636D64BBD3EC0E6ABF3ECAD688EC31C57FC6BB52F1DC1A8EFB8DD7A415F4624371CDB539AA19AE843BA848344FD046696FE697CA82D3EB543E51C8276BA795EC2888F7E1FE4369960781610664CD0D035802D62936E9C84CEC"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(740)
c:\system32\HAL.DLL\system32\Ati2evxx.dll
.
Completion time: 2009-03-23 12:17:41
ComboFix-quarantined-files.txt 2009-03-23 16:16:59
ComboFix2.txt 2009-03-21 06:02:16
Pre-Run: 44,157,259,776 bytes free
Post-Run: 44,153,257,984 bytes free
272 --- E O F --- 2007-11-30 04:41:51
-----------------------------------------------------
Malwarebytes' Anti-Malware 1.34
Database version: 1890
Windows 5.1.2600 Service Pack 3
23/03/2009 10:39:07 PM
mbam-log-2009-03-23 (22-39-07).txt
Scan type: Full Scan (A:\|C:\|D:\|E:\|G:\|H:\|X:\|Y:\|Z:\|)
Objects scanned: 298566
Time elapsed: 2 hour(s), 32 minute(s), 3 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
---------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:39:59 PM, on 23/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\SYSTEM32\HAL.DLL\System32\smss.exe
C:\SYSTEM32\HAL.DLL\system32\winlogon.exe
C:\SYSTEM32\HAL.DLL\system32\services.exe
C:\SYSTEM32\HAL.DLL\system32\lsass.exe
C:\SYSTEM32\HAL.DLL\system32\svchost.exe
C:\SYSTEM32\HAL.DLL\System32\svchost.exe
C:\SYSTEM32\HAL.DLL\system32\svchost.exe
C:\SYSTEM32\HAL.DLL\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\SYSTEM32\HAL.DLL\system32\CTsvcCDA.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\SYSTEM32\HAL.DLL\System32\svchost.exe
C:\SYSTEM32\HAL.DLL\system32\MsPMSPSv.exe
C:\SYSTEM32\HAL.DLL\system32\wscntfy.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\SYSTEM32\HAL.DLL\system32\ctfmon.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\SYSTEM32\HAL.DLL\system32\conime.exe
C:\SYSTEM32\HAL.DLL\explorer.exe
C:\SYSTEM32\HAL.DLL\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\SYSTEM32\HAL.DLL\system32\NOTEPAD.EXE
C:\Documents and Settings\Damien\Desktop\Damien.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\SYSTEM32\HAL.DLL\UpdReg.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Gadwin PrintScreen 2.6] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\dlm.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\SYSTEM32\HAL.DLL\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\SYSTEM32\HAL.DLL\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\SYSTEM32\HAL.DLL\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://www.gamescampus.com/xiah/luncher/GamesCampus.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://www.epost.ca/printing/smsx.cab
O16 - DPF: {377FF862-62E0-4F33-B6E5-F58E0BC0F209} (NlsComm Component Class) - http://login.hanbiton.com/cab/NLSnSSO.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by118fd.bay118.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1236619636953
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1237669362437
O16 - DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} (NMJTransX Control) - http://www.netmarble.jp/_common/cab/NMJTransX.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.cdnetworks.co.jp/cdndist/neffy/NeffyLauncher_v1013.cab
O16 - DPF: {B01AAFA1-2478-44A3-8894-BE4D4C23C271} (HLauncher Control) - http://ge.clubhanbit.jp/launcher/GELauncher.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab
O16 - DPF: {F58E877C-4F14-4805-B2D2-EB48927C7580} (NeffyManSpLauncherCtl Class) - http://dist.cdnetworks.co.kr/cdndist/streamport/SPort.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.2.1.cab
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O18 - Protocol: intu-tw2005 - {409C9F3B-A432-4259-8526-F8F02EB9A652} - C:\Program Files\TAXWIZ 2005\TW2005\ic2005pp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\SYSTEM32\HAL.DLL\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\SYSTEM32\HAL.DLL\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\SYSTEM32\HAL.DLL\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\SYSTEM32\HAL.DLL\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\SYSTEM32\HAL.DLL\system32\Pen_Tablet.exe
--
End of file - 11721 bytes
Hi
Sorry, about the confusion, I didn't read the entire step when you posted Run CFScript, I thought it was a program at first.
seems to be problems with the CFScript, we can use another tool
Download and Run OTMoveIt3
Download OTMoveIt3 (http://oldtimer.geekstogo.com/OTMoveIt3.exe) by Old Timer and save it to your Desktop.
Double-click OTMoveIt3.exe.
Copy the lines in the codebox below.
:files
c:\system32\HAL.DLL\system32\abuzamut.ini
C:\-401084628
c:\system32\HAL.DLL\system32\ayufusel.ini
c:\system32\HAL.DLL\system32\felazako.exe
C:\SYSTEM32\HAL.DLL\system32\simonuha.dll
Return to OTMoveIt3, right click in the Paste Instructions for Items to be Moved window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar), and paste it in your next reply.
Close OTMoveIt3
Please reply with
the OTMoveIt3 log
Thanks peku006
========== FILES ==========
c:\system32\HAL.DLL\system32\abuzamut.ini moved successfully.
C:\-401084628 moved successfully.
c:\system32\HAL.DLL\system32\ayufusel.ini moved successfully.
c:\system32\HAL.DLL\system32\felazako.exe moved successfully.
DllUnregisterServer procedure not found in C:\SYSTEM32\HAL.DLL\system32\simonuha.dll
C:\SYSTEM32\HAL.DLL\system32\simonuha.dll NOT unregistered.
C:\SYSTEM32\HAL.DLL\system32\simonuha.dll moved successfully.
OTMoveIt3 by OldTimer - Version 1.0.9.0 log created on 03242009_074038
Hi 4daVii
Looking good
We will run one online scan to be sure that there is nothing left.
1 - F-Secure Online Scan
Please go to F-Secure website (http://support.f-secure.com/ols3beta/start.html) to perform an online scan. Click on Start scanning at the bottom of the page.
You may be prompted to install an ActiveX before you are able to accept the License Agreement. If prompted, please install it. After installing, the Accept button will be available.
Click on Accept to accept the License Agreement.
Click on Custom Scan. Under Virus Scan Options, select the Scan whole system option.
Under Other Scan Options, select these options: Scan all files
Scan whole system for rootkits
Scan whole system for spyware
Scan inside archives
Use advanced heuristics Click Start.
It will start installing the scanner and virus definitions. Once the installation is done, it will start scanning automatically. This takes a while. Please be patient.
Click on I want decide item by item.
Under Actions, select None for all infections found.
Click Next.
Click on Show Report.
Please copy and paste this report in your next reply.
Click Finish.
2 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad
3 - Status Check
Please reply with
1. the F-Secure online scanner report
2. a fresh HijackThis log
How's the computer running now? Any problems?
Thanks peku006
Hi peku006,
I'm having trouble with the F-Secure Online Scanner, I followed the directions and let it run, however around 3-4 hours later, I receive the notice "An error has occured! Please close the scanner and your browser, then try again. (Id: 12)." I have tried twice already with the same error message appearing.
I'm pretty sure my computer has the requirements necessary to run this scan.
Using Pentium IV 2.40GHz, 2.25 GB of RAM, Windows XP Home Edition Version 2002 SP3, Internet Explorer 7.0.5730.11.
Any advice on how to successfully finish the scan?
Hi Spawn
Let`s run Kaspersky again........
1 - Kaspersky Online Scan
Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply.
2 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad
3 - Status Check
Please reply with
1. the Kaspersky online scanner report
2. a fresh HijackThis log
Thanks peku006
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, March 27, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, March 27, 2009 04:59:01
Records in database: 1975196
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
E:\
G:\
H:\
X:\
Y:\
Z:\
Scan statistics:
Files scanned: 190331
Threat name: 5
Infected objects: 8
Suspicious objects: 0
Duration of the scan: 16:47:13
File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\SYSTEM32\HAL.DLL\system32\vufosesa.dll.vir Infected: Trojan.Win32.Agent2.erm 1
C:\System Volume Information\_restore{29D73C11-7376-4AE9-8869-8F0C1BC075D9}\RP386\A0075405.dll Infected: Trojan.Win32.Agent2.erm 1
C:\System Volume Information\_restore{29D73C11-7376-4AE9-8869-8F0C1BC075D9}\RP386\A0075411.dll Infected: Trojan.Win32.Agent2.erm 1
C:\System Volume Information\_restore{29D73C11-7376-4AE9-8869-8F0C1BC075D9}\RP389\A0075577.exe Infected: Trojan.Win32.Inject.pum 1
C:\System Volume Information\_restore{29D73C11-7376-4AE9-8869-8F0C1BC075D9}\RP391\A0075704.dll Infected: Trojan.Win32.Agent2.erm 1
C:\WINDOWS\SYSTEM32\iocea.dll Infected: Trojan-Spy.Win32.Briss.s 1
C:\WINDOWS\SYSTEM32\touuuin.dll Infected: not-a-virus:AdWare.Win32.AdultIt.a 1
H:\MiSc\BSINSTALL.exe Infected: not-a-virus:WebToolbar.Win32.WhenU.a 1
The selected area was scanned.
~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:57:49 PM, on 27/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\SYSTEM32\HAL.DLL\System32\smss.exe
C:\SYSTEM32\HAL.DLL\system32\winlogon.exe
C:\SYSTEM32\HAL.DLL\system32\services.exe
C:\SYSTEM32\HAL.DLL\system32\lsass.exe
C:\SYSTEM32\HAL.DLL\system32\svchost.exe
C:\SYSTEM32\HAL.DLL\System32\svchost.exe
C:\SYSTEM32\HAL.DLL\system32\svchost.exe
C:\SYSTEM32\HAL.DLL\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\SYSTEM32\HAL.DLL\system32\CTsvcCDA.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\SYSTEM32\HAL.DLL\System32\svchost.exe
C:\SYSTEM32\HAL.DLL\system32\MsPMSPSv.exe
C:\SYSTEM32\HAL.DLL\system32\wscntfy.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\SYSTEM32\HAL.DLL\system32\ctfmon.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\SYSTEM32\HAL.DLL\system32\conime.exe
C:\SYSTEM32\HAL.DLL\explorer.exe
C:\SYSTEM32\HAL.DLL\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Damien\Local Settings\temp\jkos-Damien\binaries\ScanningProcess.exe
C:\Documents and Settings\Damien\Desktop\Damien.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\SYSTEM32\HAL.DLL\UpdReg.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Gadwin PrintScreen 2.6] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\dlm.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\SYSTEM32\HAL.DLL\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\SYSTEM32\HAL.DLL\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\SYSTEM32\HAL.DLL\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://www.gamescampus.com/xiah/luncher/GamesCampus.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://www.epost.ca/printing/smsx.cab
O16 - DPF: {377FF862-62E0-4F33-B6E5-F58E0BC0F209} (NlsComm Component Class) - http://login.hanbiton.com/cab/NLSnSSO.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by118fd.bay118.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1236619636953
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1237669362437
O16 - DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} (NMJTransX Control) - http://www.netmarble.jp/_common/cab/NMJTransX.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.cdnetworks.co.jp/cdndist/neffy/NeffyLauncher_v1013.cab
O16 - DPF: {B01AAFA1-2478-44A3-8894-BE4D4C23C271} (HLauncher Control) - http://ge.clubhanbit.jp/launcher/GELauncher.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab
O16 - DPF: {F58E877C-4F14-4805-B2D2-EB48927C7580} (NeffyManSpLauncherCtl Class) - http://dist.cdnetworks.co.kr/cdndist/streamport/SPort.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.2.1.cab
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O18 - Protocol: intu-tw2005 - {409C9F3B-A432-4259-8526-F8F02EB9A652} - C:\Program Files\TAXWIZ 2005\TW2005\ic2005pp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\SYSTEM32\HAL.DLL\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\SYSTEM32\HAL.DLL\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\SYSTEM32\HAL.DLL\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\SYSTEM32\HAL.DLL\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\SYSTEM32\HAL.DLL\system32\Pen_Tablet.exe
--
End of file - 11898 bytes
Hi 4daVii
1 - Remove bad HijackThis entries
Run HijackThis
Click on the Scan button
Put a check beside all of the items listed below (if present):
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
Close all open windows and browsers/email, etc...
Click on the "Fix Checked" button
When completed, close the application.
2 - Run OTMoveIt3
Download OTMoveIt3 (http://oldtimer.geekstogo.com/OTMoveIt3.exe) by Old Timer and save it to your Desktop.
Double-click OTMoveIt3.exe.
Copy the lines in the codebox below.
:files
C:\WINDOWS\SYSTEM32\iocea.dll
C:\WINDOWS\SYSTEM32\touuuin.dll
Return to OTMoveIt3, right click in the Paste Instructions for Items to be Moved window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar), and paste it in your next reply.
Close OTMoveIt3
3 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad
4 - Status Check
Please reply with
1. the OTMoveIt3 log
2. a fresh HijackThis log
How's the computer running now?
Thanks peku006
========== FILES ==========
C:\WINDOWS\SYSTEM32\iocea.dll unregistered successfully.
C:\WINDOWS\SYSTEM32\iocea.dll moved successfully.
C:\WINDOWS\SYSTEM32\touuuin.dll unregistered successfully.
C:\WINDOWS\SYSTEM32\touuuin.dll moved successfully.
OTMoveIt3 by OldTimer - Version 1.0.9.0 log created on 03282009_033820
~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:39:23 AM, on 28/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\SYSTEM32\HAL.DLL\System32\smss.exe
C:\SYSTEM32\HAL.DLL\system32\winlogon.exe
C:\SYSTEM32\HAL.DLL\system32\services.exe
C:\SYSTEM32\HAL.DLL\system32\lsass.exe
C:\SYSTEM32\HAL.DLL\system32\svchost.exe
C:\SYSTEM32\HAL.DLL\System32\svchost.exe
C:\SYSTEM32\HAL.DLL\system32\svchost.exe
C:\SYSTEM32\HAL.DLL\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\SYSTEM32\HAL.DLL\system32\CTsvcCDA.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\SYSTEM32\HAL.DLL\System32\svchost.exe
C:\SYSTEM32\HAL.DLL\system32\MsPMSPSv.exe
C:\SYSTEM32\HAL.DLL\system32\wscntfy.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\SYSTEM32\HAL.DLL\system32\ctfmon.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\SYSTEM32\HAL.DLL\system32\conime.exe
C:\SYSTEM32\HAL.DLL\explorer.exe
C:\SYSTEM32\HAL.DLL\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Damien\Desktop\Damien.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\SYSTEM32\HAL.DLL\UpdReg.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Gadwin PrintScreen 2.6] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\dlm.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\SYSTEM32\HAL.DLL\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\SYSTEM32\HAL.DLL\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\SYSTEM32\HAL.DLL\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://www.gamescampus.com/xiah/luncher/GamesCampus.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://www.epost.ca/printing/smsx.cab
O16 - DPF: {377FF862-62E0-4F33-B6E5-F58E0BC0F209} (NlsComm Component Class) - http://login.hanbiton.com/cab/NLSnSSO.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by118fd.bay118.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1236619636953
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1237669362437
O16 - DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} (NMJTransX Control) - http://www.netmarble.jp/_common/cab/NMJTransX.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.cdnetworks.co.jp/cdndist/neffy/NeffyLauncher_v1013.cab
O16 - DPF: {B01AAFA1-2478-44A3-8894-BE4D4C23C271} (HLauncher Control) - http://ge.clubhanbit.jp/launcher/GELauncher.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab
O16 - DPF: {F58E877C-4F14-4805-B2D2-EB48927C7580} (NeffyManSpLauncherCtl Class) - http://dist.cdnetworks.co.kr/cdndist/streamport/SPort.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.2.1.cab
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O18 - Protocol: intu-tw2005 - {409C9F3B-A432-4259-8526-F8F02EB9A652} - C:\Program Files\TAXWIZ 2005\TW2005\ic2005pp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\SYSTEM32\HAL.DLL\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\SYSTEM32\HAL.DLL\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\SYSTEM32\HAL.DLL\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\SYSTEM32\HAL.DLL\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\SYSTEM32\HAL.DLL\system32\Pen_Tablet.exe
--
End of file - 11729 bytes
Everything seems running normally, no random Internet Explorer pop ups telling me I have a virus on my computer appear anymore. Is it finally gone? If so, do you have any suggestions on a decent, free Anti-Virus Program?
Hi 4daVii
The scans are fine and it looks like your machine is clean....(finally) :yahoo:
free Anti-Virus programs......
1) Antivir PersonalEdition Classic (http://www.free-av.com/)- Free anti-virus software for Windows. Free support.
2) avast! 4 Home Edition (http://www.avast.com/eng/avast_4_home.html) - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
3) AVG Anti-Virus Free Edition (http://free.grisoft.com/ww.homepage) - Free edition of the AVG anti-virus program for Windows.
To remove all of the tools we used and the files and folders they created do the following:
Delete RSIT from your desktop, also delete this folder C:\rsit.
uninstall ComboFix:
Click START then RUN
Now type Combofix /u in the runbox and click OK
Start OTScanIt2
Click the CleanUp button
OTScanIt2 will delete any tools downloaded and files/folders created and then ask you to reboot so it can remove itself. Click Yes.
Double-click OTMoveIt3.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
Disable and Enable System Restore-WINDOWS XP
This is a good time to clear your existing system restore points and establish a new clean restore point:
Turn off System Restore
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Reboot.
Turn ON System Restore
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
This will remove all restore points except the new one you just created.
Here are some free programs I recommend that could help you improve your computer's security.
Spybot Search and Destroy 1.6
Download it from here (http://www.safer-networking.org/en/mirrors/index.html). Just choose a mirror and off you go.
Find here the tutorial on how to use Spybot properly here (http://www.bleepingcomputer.com/tutorials/tutorial43.html)
Install SpyWare Blaster 4.0
Download it from here (http://www.javacoolsoftware.com/spywareblaster.html)
Find here the tutorial on how to use Spyware Blaster here (http://www.bleepingcomputer.com/tutorials/tutorial49.html)
Install WinPatrol
Download it from here (http://www.winpatrol.com/download.html)
Here you can find information about how WinPatrol works here (http://www.winpatrol.com/features.html)
Install FireTrust SiteHound
You can find information and download it from here (http://www.firetrust.com/en/products/sitehound)
Install MVPS Hosts File from here (http://mvps.org/winhelp2002/hosts.htm)
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
Find Tutorial here : http://www.mvps.org/winhelp2002/hosts.htm
Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector (http://secunia.com/software_inspector/)
F-secure Health Check (http://www.f-secure.com/weblog/archives/00001356.html)
Visit Microsoft often to get the latest updates for your computer.
http://www.update.microsoft.com
Please check out Tony Klein's article "How did I get infected in the first place?" (http://forums.spybot.info/showthread.php?t=279)
Read some information here (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html) how to prevent Malware.
Happy safe surfing! :bigthumb:
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.
Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.