PDA

View Full Version : Need assistance - Disabled secturity programs & redirecting net searches (Resolved)



dukerus
2009-08-20, 11:18
My computer has been compromised and I am unable to figure out how to solve this problem. I have lost access to any previous system restore points, as well as the ability to install and run any new security scanners such as mbam, spybot, spywareblaster, etc.. I haven't even been able to install the newest version of HJT.. any help would be much appreciated. Thank you!


Logfile of HijackThis v1.99.1
Scan saved at 1:10:25 AM, on 20/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://xbox360.ign.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
O4 - HKLM\..\Run: [Nokia FastStart] "C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: intu-qt2008 - {05E53CE9-66C8-4A9E-A99F-FDB7A8E7B596} - C:\Program Files\QuickTax 2008\ic2008pp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\516\G2AWinLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: GoToAssist - Unknown owner - C:\Program Files\Citrix\GoToAssist\516\g2aservice.exe" Start=service (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe

katana
2009-08-23, 01:22
Please note that all instructions given are customised for this computer only,
the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
Please Read All Instructions Carefully
If you don't understand something, stop and ask! Don't keep going on.
Please do not run any other tools or scans whilst I am helping you
Failure to reply within 5 days will result in the topic being closed.
Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those few things, everything should go smoothly http://www.countingcows.de/laechel.gif

Some of the logs I request will be quite large, You may need to split them over a couple of replies.

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe
----------------------------------------------------------------------------------------



Download and Run RSIT

Please download Random's System Information Tool by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open:

log.txt will be opened maximized.
info.txt will be opened minimized.

Please post the contents of both log.txt and info.txt.
( They can also be found in the C:\RSIT folder )



Please Download GMER to your desktop

Download GMER (http://www.gmer.net/gmer.zip) and extract it to your desktop.

***Please close any open programs ***

Double-click gmer.exe. The program will begin to run.

Note:- If GMER doesn't run, please Reboot and then rename gmer.exe to Look.exe and try again

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst

If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click Yes.

Once the scan is complete, you may receive another notice about rootkit activity.
Click OK.

GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.
If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked. Click the Scan button and let the program do its work. GMER will produce a log.
Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.


DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

Please post the results from the GMER scan in your reply.

dukerus
2009-08-23, 11:32
Hello Katana, thank you so much for your help! =) Here are the logs as requested:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Dug Chan at 2009-08-23 01:27:56
Microsoft Windows XP Professional Service Pack 2
System drive C: has 75 GB (42%) free of 177 GB
Total RAM: 2046 MB (84% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:28:07 AM, on 23/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\program files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Dug Chan\Desktop\RSIT.exe
C:\Program Files\trend micro\Dug Chan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://xbox360.ign.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows

Live\WindowsLiveLogin.dll
O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
O4 - HKLM\..\Run: [Nokia FastStart] "C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search &

Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: intu-qt2008 - {05E53CE9-66C8-4A9E-A99F-FDB7A8E7B596} - C:\Program Files\QuickTax 2008\ic2008pp.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\516\G2AWinLogon.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\516\g2aservice.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32

\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 9565 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
C:\WINDOWS\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-10-21 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ADECBED6-0366-4377-A739-E69DFBA04663}]
Catcher Class - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll [2007-12-05 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-23 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-10-21 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-10-21 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-03 208952]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-03-20 16126464]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2006-11-23 56928]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2006-12-05 54832]
"LGODDFU"=C:\Program Files\lg_fwupdate\fwupdate.exe [2007-12-16 249856]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"SecurDisc"=C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe [2007-05-15 1628208]
"InCD"=C:\Program Files\Nero\Nero 7\InCD\InCD.exe [2007-05-15 1057328]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-10-21 136600]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]
"amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2007-07-23 77824]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-05-13 177472]
"NokiaMServer"=C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles []
"Nokia FastStart"=C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe [2008-06-29 2327776]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"Creative Detector"=C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe [2004-12-02 102400]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-08-08 490952]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Documents and Settings\Dug Chan\Start Menu\Programs\Startup
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-12-04 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\516\G2AWinLogon.dll [2008-07-03 10536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\GoToAssist]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rootrepeal.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\ABC\abc.exe"="C:\Program Files\ABC\abc.exe:*:Enabled:abc"
"C:\Program Files\BearShare\BearShare.exe"="C:\Program Files\BearShare\BearShare.exe:*:Enabled:BearShare"
"C:\Documents and Settings\Dug Chan\Local Settings\Temp\ElectronicArts_Patcher_000.exe"="C:\Documents and Settings\Dug Chan\Local

Settings\Temp\ElectronicArts_Patcher_000.exe:*:Enabled:ElectronicArts_Patcher_000"
"C:\Program Files\Steam\steamapps\dukerus\half-life 2 deathmatch\hl2.exe"="C:\Program Files\Steam\steamapps\dukerus\half-life 2

deathmatch\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Electronic Arts\Command & Conquer 3\RetailExe\1.9\cnc3game.dat"="C:\Program Files\Electronic Arts\Command & Conquer 3\RetailExe\1.9

\cnc3game.dat:*:Enabled:Command & Conquer 3 Tiberium Wars"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\Steam\steamapps\dukerus\team fortress 2\hl2.exe"="C:\Program Files\Steam\steamapps\dukerus\team fortress 2\hl2.exe:*:Enabled:hl2"
"D:\Games\Unreal Tournament 3\Binaries\UT3.exe"="D:\Games\Unreal Tournament 3\Binaries\UT3.exe:*:Enabled:Unreal Tournament 3"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"D:\Games\Battle for Middle Earth II\game.dat"="D:\Games\Battle for Middle Earth II\game.dat:*:Enabled:The Battle for Middle-earth(tm) II"
"D:\Games\Battle for Middle Earth II\EP1\game.dat"="D:\Games\Battle for Middle Earth II\EP1\game.dat:*:Enabled:The Lord of the Rings, The Rise of the Witch-

king"
"C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe"="C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32"
"C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe"="C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32

\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"C:\Program Files\Electronic Arts\Command & Conquer 3 Kane's Wrath\RetailExe\1.0\cnc3ep1.dat"="C:\Program Files\Electronic Arts\Command & Conquer 3 Kane's

Wrath\RetailExe\1.0\cnc3ep1.dat:*:Enabled:Command & Conquer(tm) 3: Kane's Wrath"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Steam\steamapps\dukerus\counter-strike\hl.exe"="C:\Program Files\Steam\steamapps\dukerus\counter-strike\hl.exe:*:Enabled:Half-Life

Launcher"
"C:\WINDOWS\system32\drivers\svchost.exe"="C:\WINDOWS\system32\drivers\svchost.exe:*:Disabled:svchost"
"D:\Games\LucasArts\Jedi Outcast\GameData\jk2mp.exe"="D:\Games\LucasArts\Jedi Outcast\GameData\jk2mp.exe:*:Enabled:jk2mp"
"D:\Games\LucasArts\Jedi Academy\GameData\jamp.exe"="D:\Games\LucasArts\Jedi Academy\GameData\jamp.exe:*:Enabled:Jedi Academy MultiPlayer"
"C:\Program Files\Orb Networks\Orb\bin\Orb.exe"="C:\Program Files\Orb Networks\Orb\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe"="C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe"="C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software

Updater"
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Program Files\Common Files\Nokia\Service

Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"D:\Games\Mirror's Edge\Binaries\MirrorsEdge.exe"="D:\Games\Mirror's Edge\Binaries\MirrorsEdge.exe:*:Enabled:Mirror's Edge™"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======File associations======

.js - edit -
.js - open -
.txt - open -

======List of files/folders created in the last 1 months======

2009-08-23 01:27:56 ----D---- C:\rsit
2009-08-23 01:27:56 ----D---- C:\Program Files\trend micro
2009-08-20 01:42:28 ----A---- C:\RootRepeal report 08-20-09 (01-42-28).txt
2009-08-18 16:34:26 ----D---- C:\H.osts
2009-08-18 16:26:12 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-08-18 16:26:12 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-17 18:58:51 ----A---- C:\WINDOWS\system32\xa.tmp

======List of files/folders modified in the last 1 months======

2009-08-23 01:27:56 ----RD---- C:\Program Files
2009-08-23 01:27:27 ----D---- C:\Program Files\Mozilla Firefox
2009-08-23 01:27:00 ----A---- C:\WINDOWS\ntbtlog.txt
2009-08-23 01:26:58 ----D---- C:\WINDOWS\Temp
2009-08-23 01:26:58 ----D---- C:\WINDOWS\system32
2009-08-23 01:25:20 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-20 01:42:26 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-20 01:10:18 ----D---- C:\Program Files\HijackThis
2009-08-18 15:21:20 ----SD---- C:\WINDOWS\Tasks
2009-08-18 15:21:11 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-08-18 10:13:05 ----A---- C:\WINDOWS\lgfwup.ini
2009-08-18 02:15:53 ----D---- C:\WINDOWS\Prefetch
2009-08-17 21:32:49 ----D---- C:\WINDOWS
2009-08-17 21:28:22 ----SHD---- C:\WINDOWS\Installer
2009-08-17 21:27:58 ----HD---- C:\Config.Msi
2009-08-17 21:27:09 ----D---- C:\Program Files\Common Files\Adobe
2009-08-17 21:27:09 ----D---- C:\Program Files\Common Files
2009-08-17 21:25:43 ----D---- C:\Program Files\Adobe
2009-08-17 21:24:56 ----D---- C:\Documents and Settings\Dug Chan\Application Data\Adobe
2009-08-17 21:24:56 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-08-17 20:24:05 ----SH---- C:\boot.ini
2009-08-17 20:24:05 ----A---- C:\WINDOWS\win.ini
2009-08-17 20:24:05 ----A---- C:\WINDOWS\system.ini
2009-08-17 20:22:53 ----SHD---- C:\RECYCLER
2009-08-17 20:09:14 ----D---- C:\Documents and Settings
2009-08-17 20:05:25 ----D---- C:\Program Files\lg_fwupdate
2009-08-17 19:16:45 ----D---- C:\WINDOWS\Minidump
2009-08-17 19:10:34 ----D---- C:\WINDOWS\system32\drivers
2009-08-17 15:57:10 ----D---- C:\Documents and Settings\Dug Chan\Application Data\vlc
2009-08-17 14:25:52 ----D---- C:\Documents and Settings\Dug Chan\Application Data\uTorrent
2009-08-17 03:42:13 ----D---- C:\Documents and Settings\Dug Chan\Application Data\Audacity
2009-08-16 16:59:07 ----SD---- C:\Documents and Settings\Dug Chan\Application Data\Microsoft
2009-08-04 15:27:26 ----A---- C:\WINDOWS\NeroDigital.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [2007-05-15 37040]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys [2007-05-15 38576]
R3 AmdLLD;AMD Low Level Device Driver; C:\WINDOWS\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304]
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2004-03-11 17024]
R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2003-03-28 3840]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2006-08-14 83200]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
S1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 36864]
S1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
S1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
S1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
S2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-08-05 55656]
S2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2003-11-28 9728]
S3 aqmh7iwp;aqmh7iwp; C:\WINDOWS\system32\drivers\aqmh7iwp.sys []
S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-12-04 2782208]
S3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2007-07-20 84992]
S3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-23 9600]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-01-31 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-01-31 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-01-31 21568]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-03-26 4395008]
S3 miniusb;FrameManager Display Adapter; C:\WINDOWS\system32\DRIVERS\sam_miniusb.sys []
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12160]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-09-15 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-09-15 22016]
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-02-14 47360]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM); C:\WINDOWS\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS); C:\WINDOWS\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM); C:\WINDOWS\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM); C:\WINDOWS\system32\DRIVERS\s1018bus.sys [2008-06-04 90408]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s1018mdfl.sys [2008-06-04 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s1018mdm.sys [2008-06-04 122024]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s1018mgmt.sys [2008-06-04 115368]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS); C:\WINDOWS\system32\DRIVERS\s1018nd5.sys [2008-06-04 25768]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s1018obex.sys [2008-06-04 111784]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM); C:\WINDOWS\system32\DRIVERS\s1018unic.sys [2008-06-04 117544]
S3 se59bus;Sony Ericsson Device 089 driver (WDM); C:\WINDOWS\system32\DRIVERS\se59bus.sys [2006-09-05 61536]
S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\se59mdfl.sys [2006-09-05 9360]
S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\se59mdm.sys [2006-09-05 97088]
S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\se59mgmt.sys [2006-09-05 88624]
S3 se59nd5;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS); C:\WINDOWS\system32\DRIVERS\se59nd5.sys [2006-09-05 18704]
S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\se59obex.sys [2006-09-05 86432]
S3 se59unic;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM); C:\WINDOWS\system32\DRIVERS\se59unic.sys [2006-09-05 90800]
S3 SODI;SODI; C:\WINDOWS\system32\DRIVERS\sam_miniport.sys []
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-09-15 8064]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-05-29 39424]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2004-08-04 25600]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-09-15 8064]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S3 xnacc;Microsoft Common Controller For Windows Driver Service; C:\WINDOWS\system32\DRIVERS\xnacc.sys [2006-06-01 509440]
S4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [2007-05-15 118576]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-05-29 144712]
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-12-04 495616]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2007-12-05 593920]
S2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
S2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2005-09-30 96341]
S2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-12 44032]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-23 183280]
S2 InCDsrv;InCD Helper; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [2007-05-15 1550896]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-10-21 152984]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
S2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-02-20 66872]
S2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2005-08-07 167936]
S2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336]
S3 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-08-05 185089]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24

70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09

36864]
S3 GoToAssist;GoToAssist; C:\Program Files\Citrix\GoToAssist\516\g2aservice.exe [2008-07-03 16680]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24

68464]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-05-08 271920]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe [2008-05-30 572416]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

dukerus
2009-08-23, 11:33
info.txt logfile of random's system information tool 1.06 2009-08-23 01:28:09

======Uninstall list======

-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\NuNInst.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {926CC8AE-8414-43DF-8EB4-CF26D9C3C663}
-->MsiExec /X{E4D15328-8C89-484B-B9AA-F5BE9EA6D01C}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4095E277-3005-42E9-8D84-DE6EB8704CEC}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4095E277-3005-42E9-8D84-DE6EB8704CEC}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4F2F3E0C-2025-4F5E-9583-AB8CD5AA88A6}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4F2F3E0C-2025-4F5E-9583-AB8CD5AA88A6}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66BCC50C-22D9-4927-9251-27FA88A32214}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66BCC50C-22D9-4927-9251-27FA88A32214}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7550D6AA-CCF3-4FDA-87D6-C2C1B2E5358D}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7550D6AA-CCF3-4FDA-87D6-C2C1B2E5358D}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AB14DF5-3B04-4E3B-9969-695DBA7F2008}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AB14DF5-3B04-4E3B-9969-695DBA7F2008}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D42EFA6C-0553-45F7-AD03-6D36207CA6D4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D42EFA6C-0553-45F7-AD03-6D36207CA6D4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAAC5938-8026-4D0C-A476-D1954917B7F5}\SETUP.EXE" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAAC5938-8026-4D0C-A476-D1954917B7F5}\SETUP.EXE" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -l0x9 /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
ABC (remove only)-->C:\Program Files\ABC\Uninstall.exe
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AnyDVD-->"C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
Apple Mobile Device Support-->MsiExec.exe /I{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ASUSUpdate-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\Setup.exe" -l0x9
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x9
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Audacity 1.3.7 (Unicode)-->"C:\Program Files\Audacity 1.3 Beta (Unicode)\unins000.exe"
Audiosurf-->"C:\Program Files\Steam\steam.exe" steam://uninstall/12900
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
BearShare-->C:\PROGRA~1\BEARSH~1\UNWISE.EXE C:\PROGRA~1\BEARSH~1\INSTALL.LOG
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Canon Camera Access Library-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon Camera Window DC_DV 5 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Camera Window DC_DV 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window MC 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
Canon G.726 WMP-Decoder-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon RAW Image Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities EOS Utility-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities PhotoStitch-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CloneDVD-->"C:\Program Files\CloneDVD\CloneDVD-uninst.exe" /D="C:\Program Files\CloneDVD"
Combined Community Codec Pack 2008-09-21 16:18-->"C:\Program Files\Combined Community Codec Pack\unins000.exe"
Command & Conquer 3-->MsiExec.exe /I{B0C30E93-D3D9-4F04-A2AC-54749B573275}
Command & Conquer™ 3: Kane's Wrath-->MsiExec.exe /I{CC2422C9-F7B5-4175-B295-5EC2283AA674}
Command & Conquer™ Red Alert™ 3-->MsiExec.exe /X{296D8550-CB06-48E4-9A8B-E5034FB64715}
ConvertXtoDVD 2.2.3.258h-->"C:\Program Files\VSO\ConvertXtoDVD\unins000.exe"
Counter-Strike-->"C:\Program Files\Steam\steam.exe" steam://uninstall/10
Crayon Physics Deluxe - release 51-->"D:\Games\Crayon Physics Deluxe\unins000.exe"
Creative MediaSource-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}\SETUP.EXE" -l0x9 /remove
Creative Removable Disk Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9 /remove
Creative System Information-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Creative Zen Vision M-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC3065BF-95B4-42C5-B47D-0B713CDA75D0}\SETUP.EXE" -l0x9 /remove
Crysis(R)-->MsiExec.exe /I{000E79B7-E725-4F01-870A-C12942B7F8E4}
Dual-Core Optimizer-->MsiExec.exe /X{FF3D660E-E5CC-47FD-8050-1B4DE3BA81A9}
DVD Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
FLV Player 2.0 (build 25)-->C:\Program Files\FLV Player\uninst.exe
Free Games Offer, Desktop Shortcut-->MsiExec.exe /X{31DABA20-10A1-4746-9D9F-57955B8DFF66}
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
GoToAssist 8.0.0.516-->C:\Program Files\Citrix\GoToAssist\516\G2AUninstaller.exe /uninstall
Half-Life 2: Episode Two-->"C:\Program Files\Steam\steam.exe" steam://uninstall/420
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB935448)-->"C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Imaging Device Functions 7.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart and Deskjet 7.0.A-->C:\Program Files\HP\Digital Imaging\{A9F5421F-DA70-4C77-BB97-8D77EC33ED5E}\setup\hpzscr01.exe -datfile hposcr09.dat
HP Photosmart Essential-->MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Software Update-->MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP Solution Center 7.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
iTunes-->MsiExec.exe /I{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}
Java(TM) 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
LAME v3.98.2 for Audacity-->"C:\Program Files\Lame for Audacity\unins000.exe"
LG ODD Auto Firmware Update-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6179550A-3E7C-499E-BCC9-9E8113E0A285}\setup.exe"
Magic ISO Maker v5.5 (build 0265)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Magic ISO Maker v5.5 (build 0276)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mirror's Edge™-->MsiExec.exe /X{AEDBD563-24BB-4EE3-8366-A654DAC2D988}
MobileMe Control Panel-->MsiExec.exe /I{DDBB28C8-B2AA-45A1-8DCE-059A798509FB}
Moyea FLV Downloader version 1.15.0.15-->"C:\Program Files\Moyea\FLV Downloader\unins000.exe"
Moyea FLV to Video Converter Pro 2 version: 2.0.2.0-->"C:\Program Files\Moyea\FLV to Video Converter Pro 2\unins000.exe"
Mozilla Firefox (3.0.13)-->C:\program files\Mozilla Firefox\uninstall\helper.exe
MP3 Player Recovery Tool-->"C:\Program Files\Creative\MP3 Player Recovery Tool\unins000.exe"
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
Need for Speed™ Carbon-->C:\Program Files\Electronic Arts\Need for Speed Carbon\EAUninstall.exe
Nero 7 Essentials-->MsiExec.exe /X{9B4E6CB9-E54D-47F7-A414-E2D5740E1033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nokia Connectivity Cable Driver-->MsiExec.exe /X{15AC0C5D-A6FB-4CE2-8CD0-28179EEB5625}
Nokia Download!-->MsiExec.exe /X{D353C323-5E95-4873-9825-9FEC1C8A3794}
Nokia Flashing Cable Driver-->MsiExec.exe /X{D99C322D-C21B-40C7-AE71-EE51AA096B6E}
Nokia Map Loader-->MsiExec.exe /I{03528A01-7E5E-4C5F-94DF-1D8012E969EF}
Nokia Music-->MsiExec.exe /I{b9ab898b-8a1d-46fe-bc15-4c5e80747c1e}
Nokia Ovi Application Installer 6.85.3008-->msiexec /qn /x {FC762E57-B09D-41AE-AA5F-3DAC3CBE453E}
Nokia Ovi Application Installer-->MsiExec.exe /I{FC762E57-B09D-41AE-AA5F-3DAC3CBE453E}
Nokia Ovi Content Copier 6.85.3008-->msiexec /qn /x {0CFF0BFE-B750-4ECA-882D-03B8C6A9F26A}
Nokia Ovi Content Copier-->MsiExec.exe /X{0CFF0BFE-B750-4ECA-882D-03B8C6A9F26A}
Nokia Ovi Suite-->MsiExec.exe /I{972CB598-C1E5-499A-A3BD-B941EA12EA0B}
Nokia Ovi System Utilities 6.85.3008-->msiexec /qn /x {1933FE45-AF8D-482D-9BC7-5F651BBF0A4F}
Nokia Ovi System Utilities-->MsiExec.exe /X{1933FE45-AF8D-482D-9BC7-5F651BBF0A4F}
Nokia Photos-->MsiExec.exe /I{0BA6B649-579C-4C8B-8B2D-9DD0A75E6E40}
Nokia Software Updater-->MsiExec.exe /X{59367F7E-D7C1-4629-8AEC-71AA24A68F31}
NoteBurner 2.11-->"C:\Program Files\NoteBurner\unins000.exe"
NVIDIA PhysX v8.10.17-->MsiExec.exe /X{E4D15328-8C89-484B-B9AA-F5BE9EA6D01C}
ObjectDock-->C:\PROGRA~1\Stardock\OBJECT~1\UNWISE.EXE C:\PROGRA~1\Stardock\OBJECT~1\INSTALL.LOG
OCR Software by I.R.I.S 7.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
PC Connectivity Solution-->MsiExec.exe /I{9C7C8898-DC29-4E8B-9E77-55A77C3250F6}
Portal-->"C:\Program Files\Steam\steam.exe" steam://uninstall/400
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerProducer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u
QuickTax 2008-->MsiExec.exe /X{AA0D2D5F-612B-45D3-8759-DA87206E5CC9}
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
REALTEK GbE & FE Ethernet PCI-E NIC Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\Setup.exe" -l0x9 -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x9 -removeonly
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Security Update for Visio 2007 (KB947590)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901190)-->"C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB942615)-->"C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Sexy Beach 3 - Complete English Edition (remove only)-->"C:\Program Files\SB3\uninstall.exe"
Sony Ericsson DRM Packager 1.35-->C:\Program Files\Sony Ericsson\DRM Packager\Uninstall.exe
Source SDK Base 2007-->"C:\Program Files\Steam\steam.exe" steam://uninstall/218
SPORE™-->"C:\Program Files\InstallShield Installation Information\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\SPORESetup.exe" -runfromtemp -l0x0009 -removeonly
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Star Wars JK II Jedi Outcast-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{576E71DA-3000-48F6-9B21-B9A70D47DFCF}\Setup.exe" -l0x9
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Team Fortress 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/440
The Battle for Middle-earth (tm) II-->D:\Games\Battle for Middle Earth II\EAUninstall.exe
The Lord of the Rings, The Rise of the Witch-king-->D:\Games\Battle for Middle Earth II\EP1\EAUninstall.exe
Unreal Tournament 3-->MsiExec.exe /X{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb959634)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {50C77E2F-5C1C-467D-9BC8-3CA07D28C9F2}
Update for Windows Internet Explorer 8 (KB971180)-->"C:\WINDOWS\ie8updates\KB971180-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
VLC media player 1.0.0-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_C074F64CC74B03BC354BB5DC973CCF768D5A7194\amdk8.inf
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Xbox 360 Controller for Windows-->"C:\WINDOWS\$NtUninstall_Xbox_360_CC_Driver$\spuninst\spuninst.exe"

======Hosts File======

127.0.0.1 localhost
127.0.0.1 fr.a2dfp.net
127.0.0.1 m.fr.a2dfp.net
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
127.0.0.1 phpadsnew.abac.com
127.0.0.1 a.abnad.net
127.0.0.1 b.abnad.net

======Security center information======

AV: AntiVir Desktop

======System event log======

Computer Name: DUG
Event Code: 10005
Message: DCOM got error "%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Record Number: 251375
Source Name: DCOM
Time Written: 20090818182816.000000-420
Event Type: error
User: DUG\Dug Chan

Computer Name: DUG
Event Code: 10005
Message: DCOM got error "%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Record Number: 251374
Source Name: DCOM
Time Written: 20090818182809.000000-420
Event Type: error
User: DUG\Dug Chan

Computer Name: DUG
Event Code: 10005
Message: DCOM got error "%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Record Number: 251356
Source Name: DCOM
Time Written: 20090817194001.000000-420
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: DUG
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 251294
Source Name: Tcpip
Time Written: 20090816012931.000000-420
Event Type: warning
User:

Computer Name: DUG
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 251275
Source Name: Tcpip
Time Written: 20090814203818.000000-420
Event Type: warning
User:

=====Application event log=====

Computer Name: DUG
Event Code: 4113
Message: AntiVir has detected 'TR/Agent.ZZZB'
in the file
C:\WINDOWS\system32\rn.tmp

Record Number: 19624
Source Name: Avira AntiVir
Time Written: 20090724224029.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: DUG
Event Code: 12001
Message: The Messenger Sharing USN Journal Reader service started successfully.

Record Number: 19614
Source Name: usnjsvc
Time Written: 20090724120537.000000-420
Event Type:
User:

Computer Name: DUG
Event Code: 1
Message: Nokia M Platform 2.1.138 (NLib 0.8.152)

Class not registered
errorcode: -2147221164
ClassID: dcd18746-4cff-42ba-a1b1-e4d9e633194c

Stack trace:
.\MTransferFactory.cpp(173) : CMTransferFactory::GetTransferEnumsFromRegistry
.\NCOMClassFactory.cpp(37) : CNCOMClassFactory::CreateObject
.\NCOMUtilities.cpp(49) : CNCOMUtils::CreateObject
.\NCOMUtilities.cpp(42) : CNCOMUtils::CreateObject
.\NCOMUtilities.cpp(40) : CNCOMUtils::CreateObject



Record Number: 19611
Source Name: Nokia M Platform
Time Written: 20090724120446.000000-420
Event Type: warning
User:

Computer Name: DUG
Event Code: 1517
Message: Windows saved user DUG\Dug Chan registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 19590
Source Name: Userenv
Time Written: 20090724030706.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: DUG
Event Code: 4113
Message: AntiVir has detected 'TR/Agent.ZZZB'
in the file
C:\WINDOWS\system32\rn.tmp

Record Number: 19578
Source Name: Avira AntiVir
Time Written: 20090723223310.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Program Files\Nokia\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 107 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=6b01
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"SAFEBOOT_OPTION"=NETWORK

-----------------EOF-----------------

dukerus
2009-08-23, 11:34
GMER 1.0.15.15077 [Look.exe] - http://www.gmer.net
Rootkit scan 2009-08-23 01:22:27
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

INT 0x62 ? 8A6CFBF8
INT 0x63 ? 8A554F00
INT 0x82 ? 8A6CFBF8
INT 0x83 ? 8A6CFBF8
INT 0xA4 ? 8A554F00
INT 0xB4 ? 8A554F00

Code 8A5DB160 ZwEnumerateKey
Code 8A558520 ZwFlushInstructionCache
Code 8A4931DE IofCallDriver
Code 8A47C1D6 IofCompleteRequest
Code 8A5F4E55 ZwSaveKey
Code 8A4FF3E5 ZwSaveKeyEx

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!IofCallDriver 804E13A7 5 Bytes JMP 8A4931E3
.text ntoskrnl.exe!IofCompleteRequest 804E17BD 5 Bytes JMP 8A47C1DB
.text ntoskrnl.exe!ZwSaveKey 804E42AE 5 Bytes JMP 8A5F4E5A
.text ntoskrnl.exe!ZwSaveKeyEx 804E42C2 5 Bytes JMP 8A4FF3EA
PAGE ntoskrnl.exe!ZwEnumerateKey 805783A4 5 Bytes JMP 8A5DB164
PAGE ntoskrnl.exe!ZwFlushInstructionCache 80585F1C 5 Bytes JMP 8A558524
? spob.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload BA6C262C 5 Bytes JMP 8A5544E0

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8A6622D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F7508C4C] spob.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7508CA0] spob.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74D8040] spob.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74D813C] spob.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74D80BE] spob.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74D87FC] spob.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74D86D2] spob.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8A5545E0
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F74E8048] spob.sys
---- Processes - GMER 1.0.15 ----

Library \\?\globalroot\systemroot\system32\UACgqfucbfalq.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [572] 0x10000000
Library \\?\globalroot\systemroot\system32\UACutimusipfy.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [572] 0x00850000
Library \\?\globalroot\systemroot\system32\UACgqfucbfalq.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [644] 0x10000000
Library \\?\globalroot\systemroot\system32\UACutimusipfy.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [644] 0x00850000
Library \\?\globalroot\systemroot\system32\UACutimusipfy.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [964] 0x10000000

---- Services - GMER 1.0.15 ----

Service system32\drivers\kungsfwmqrjoeu.sys (*** hidden *** ) [SYSTEM] kungsfimrybfpl <-- ROOTKIT !!!
Service C:\WINDOWS\system32\drivers\SKYNETmccxnose.sys (*** hidden *** ) [SYSTEM] SKYNETeorjqjoq <-- ROOTKIT !!!
Service C:\WINDOWS\system32\drivers\UACawesrlcwcg.sys (*** hidden *** ) [SYSTEM] UACd.sys <-- ROOTKIT !!!

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 01: copy of MBR
Disk \Device\Harddisk0\DR0 sector 02: copy of MBR
Disk \Device\Harddisk0\DR0 sector 03: copy of MBR
Disk \Device\Harddisk0\DR0 sector 04: copy of MBR
Disk \Device\Harddisk0\DR0 sector 05: copy of MBR
Disk \Device\Harddisk0\DR0 sector 06: copy of MBR
Disk \Device\Harddisk0\DR0 sector 07: copy of MBR
Disk \Device\Harddisk0\DR0 sector 08: copy of MBR
Disk \Device\Harddisk0\DR0 sector 09: copy of MBR
Disk \Device\Harddisk0\DR0 sector 10: copy of MBR
Disk \Device\Harddisk0\DR0 sector 11: copy of MBR
Disk \Device\Harddisk0\DR0 sector 12: copy of MBR
Disk \Device\Harddisk0\DR0 sector 13: copy of MBR
Disk \Device\Harddisk0\DR0 sector 14: copy of MBR
Disk \Device\Harddisk0\DR0 sector 15: copy of MBR
Disk \Device\Harddisk0\DR0 sector 16: copy of MBR
Disk \Device\Harddisk0\DR0 sector 17: copy of MBR
Disk \Device\Harddisk0\DR0 sector 18: copy of MBR
Disk \Device\Harddisk0\DR0 sector 19: copy of MBR
Disk \Device\Harddisk0\DR0 sector 20: copy of MBR
Disk \Device\Harddisk0\DR0 sector 21: copy of MBR
Disk \Device\Harddisk0\DR0 sector 22: copy of MBR
Disk \Device\Harddisk0\DR0 sector 23: copy of MBR
Disk \Device\Harddisk0\DR0 sector 24: copy of MBR
Disk \Device\Harddisk0\DR0 sector 25: copy of MBR
Disk \Device\Harddisk0\DR0 sector 26: copy of MBR
Disk \Device\Harddisk0\DR0 sector 27: copy of MBR
Disk \Device\Harddisk0\DR0 sector 28: copy of MBR
Disk \Device\Harddisk0\DR0 sector 29: copy of MBR
Disk \Device\Harddisk0\DR0 sector 30: copy of MBR
Disk \Device\Harddisk0\DR0 sector 31: copy of MBR
Disk \Device\Harddisk0\DR0 sector 32: copy of MBR
Disk \Device\Harddisk0\DR0 sector 33: copy of MBR
Disk \Device\Harddisk0\DR0 sector 34: copy of MBR
Disk \Device\Harddisk0\DR0 sector 35: copy of MBR
Disk \Device\Harddisk0\DR0 sector 36: copy of MBR
Disk \Device\Harddisk0\DR0 sector 37: copy of MBR
Disk \Device\Harddisk0\DR0 sector 38: copy of MBR
Disk \Device\Harddisk0\DR0 sector 39: copy of MBR
Disk \Device\Harddisk0\DR0 sector 40: copy of MBR
Disk \Device\Harddisk0\DR0 sector 41: copy of MBR
Disk \Device\Harddisk0\DR0 sector 42: copy of MBR
Disk \Device\Harddisk0\DR0 sector 43: copy of MBR
Disk \Device\Harddisk0\DR0 sector 44: copy of MBR
Disk \Device\Harddisk0\DR0 sector 45: copy of MBR
Disk \Device\Harddisk0\DR0 sector 46: copy of MBR
Disk \Device\Harddisk0\DR0 sector 47: copy of MBR
Disk \Device\Harddisk0\DR0 sector 48: copy of MBR
Disk \Device\Harddisk0\DR0 sector 49: copy of MBR
Disk \Device\Harddisk0\DR0 sector 50: copy of MBR
Disk \Device\Harddisk0\DR0 sector 51: copy of MBR
Disk \Device\Harddisk0\DR0 sector 52: copy of MBR
Disk \Device\Harddisk0\DR0 sector 53: copy of MBR
Disk \Device\Harddisk0\DR0 sector 54: copy of MBR
Disk \Device\Harddisk0\DR0 sector 55: copy of MBR
Disk \Device\Harddisk0\DR0 sector 56: copy of MBR
Disk \Device\Harddisk0\DR0 sector 57: copy of MBR
Disk \Device\Harddisk0\DR0 sector 58: copy of MBR
Disk \Device\Harddisk0\DR0 sector 59: copy of MBR
Disk \Device\Harddisk0\DR0 sector 60: copy of MBR
Disk \Device\Harddisk0\DR0 sector 61: copy of MBR
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior; copy of MBR

---- EOF - GMER 1.0.15 ----

katana
2009-08-23, 12:42
Information

REMOVE P2P PROGRAMS

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

BearShare

Please read the Guidelines for P2P Programs (http://forums.spybot.info/showpost.php?p=218503&postcount=4) where we explain why it's not a good idea to have them.

Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected.
The bad guys use P2P filesharing as a major conduit to spread their wares.

Go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red) NOW.


----------------------------------------------------------------------------------------
Step 1

Download GMER's MBR.exe (http://www2.gmer.net/mbr/mbr.exe) to your desktop.
Double click on the MBR.exe file to run it. A log will be produced, MBR.log.
Please open this log in Notepad and post its contents in your next reply.


----------------------------------------------------------------------------------------
Step 2


Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:

Bleeping Computer ComboFix Tutorial (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)

You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log to post in your next reply
Re-enable all the programs that were disabled during the running of ComboFix..


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

For instructions on how to disable your security programs, please see this topic
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs (http://www.bleepingcomputer.com/forums/topic114351.html)

----------------------------------------------------------------------------------------
Step 3

Malwarebytes' Anti-Malware
I notice that you have MBAM installed, please do the following

Start MalwareBytes AntiMalware

Update Malwarebytes' Anti-Malware
Select the Update tab
Click Update

When the update is complete, select the Scanner tab
Select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply
If you accidently close it, the log file is saved here and will be named like this:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt


----------------------------------------------------------------------------------------
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Some of the logs I request will be quite large, You may need to split them over a couple of replies.

MBR Log
Combofix Log
MalwareBytes Log
How are things running now ?

dukerus
2009-08-24, 10:25
Hi, I was unable to run ComboFix. It appears to be running under Processes in the task manager.. but other than that, nothing's happening. This happens when I try to run almost any executable file, including my antivirus and MBAM. (For this reason, I am unable to produce an MBAM log for you). Would rebooting and renaming ComboFix.exe resolve this issue?

In the meantime, here is the mbr.txt log as requested:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.6 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
BIOS signateure not found

dukerus
2009-08-24, 10:27
I also forgot to mention that I followed your instructions and deleted Bearshare. thx!

katana
2009-08-24, 11:46
Would rebooting and renaming ComboFix.exe resolve this issue?

More than likely :D:

Reboot and rename Combofix.exe to Svchost.exe

dukerus
2009-08-24, 23:54
Katana, I renamed Combofix.exe to Svchost.exe. This allowed me to start the program, but I was prompted to shutdown Avira Desktop (which was strange, because the program wasn't running)

I removed avira from the startup process and tried again, with the same result. So I removed the whole program and that I stopped receiving the prompt from Combofix. (I hope this is ok, seeing as the anti-virus isn't functioning anyway)

Combofix continued to the disclaimer screen, where I selected 'Yes' and the screen disappeared and nothing happened. I tried rebooting and restarting the program, but now the program stops/disappears after the blue startup window where it says "ComboFix is preparing to start."

I also noticed that Svchost.exe automatically renames itself back to ComboFix.exe once I start the program. Is this why the program doesn't make it to the next step?


In regard to MBAM, I installed the latest version using the file renaming trick. It looks like I am able to perform a full scan, but I'll wait for your advice on ComboFix. Hope to hear from you soon!

katana
2009-08-25, 00:09
Try a Quick scan with MBAM, see if that will run.
If it does, try Combofix again.

dukerus
2009-08-25, 01:09
I've run the Quick Scan, and it found 9 objects. Should I remove them and try running Combofix?

dukerus
2009-08-25, 01:11
Here's the quickscan log, just in case you'd like to see it:


Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 5.1.2600 Service Pack 2 (Safe Mode)

24/08/2009 3:10:31 PM
mbam-log-2009-08-24 (15-10-22).txt

Scan type: Quick Scan
Objects scanned: 102905
Time elapsed: 2 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Typelib\{e24211b3-a78a-c6a9-d317-70979ace5058} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Monopod (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job (Trojan.Downloader) -> No action taken.
C:\WINDOWS\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Dug Chan\Desktop\svchost.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.
C:\WINDOWS\system32\drivers\SKYNETmccxnose.sys (Trojan.Agent) -> No action taken.

dukerus
2009-08-25, 01:59
Tried running Combofix.. still not working

dukerus
2009-08-25, 02:38
Katana, just to be clear: I removed the threats found by the quick scan and rebooted. ComboFix still didn't run after the reboot. I wasn't sure if you meant to just run the quick scan and leave it, or to run the scan and remove the threats it found.

I decided to run a full scan on mbam, which produced 5 threats found... but I have not removed any threats. I'll refrain from running anything else and wait for your instructions.

Anyway, here's the log from the full scan:


Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 5.1.2600 Service Pack 2 (Safe Mode)

24/08/2009 4:28:55 PM
mbam-log-2009-08-24 (16-28-53).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 260096
Time elapsed: 28 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{B1DBF069-7B1F-4CDB-8F97-1DBD4DE4F53E}\RP583\A0071253.sys (Trojan.TDSS) -> No action taken.
C:\System Volume Information\_restore{B1DBF069-7B1F-4CDB-8F97-1DBD4DE4F53E}\RP585\A0071376.dll (Trojan.TDSS) -> No action taken.
C:\System Volume Information\_restore{B1DBF069-7B1F-4CDB-8F97-1DBD4DE4F53E}\RP585\A0071377.dll (Trojan.TDSS) -> No action taken.
C:\System Volume Information\_restore{B1DBF069-7B1F-4CDB-8F97-1DBD4DE4F53E}\RP609\A0074032.sys (Trojan.TDSS) -> No action taken.
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> No action taken.

katana
2009-08-25, 10:28
Allow MBAM to remove any items it finds.

Then try running Combofix with these instructions.

Click the Windows 'Start' button > Select 'Run' - then copy/paste the following bolded text into the run box & click OK.

"%userprofile%\desktop\combofix.exe" /killall

When finished, it shall produce a log for you. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.



If you still can't get Combofix running, please do the following.


SysProt Antirootkit

Download SysProt Antirootkit from the link below (you will find it at the bottom of the page under attachments, or you can get it from one of the mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.
Double click Sysprot.exe to start the program.
Click on the Log tab. In the Write to log box select the following items.
Process << Selected
Kernel Modules << Selected
SSDT << Selected
Kernel Hooks << Selected
IRP Hooks << NOT Selected
Ports << NOT Selected
Hidden Files << Selected

At the bottom of the page
Hidden Objects Only << Selected
Click on the Create Log button on the bottom right.
After a few seconds a new window should appear.
Select Scan Root Drive. Click on the Start button.
When it is complete a new window will appear to indicate that the scan is finished.
The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

dukerus
2009-08-25, 11:27
Ok, so I tried to run Combofix by copy and pasting the command line you provided. It ran until the point where it was attempting to create a System Restore point, and then the combofix window disappeared.

I am attempting to run SysProt now and after I click 'Create Log' it gives me the following prompt:

"Failed to start service. Sysprot AntiRootkit needs to be run with admin privileges."

I don't know if that matters, but I clicked Ok and did the Root drive scan. Here is the log:

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
No Hidden Kernel Modules found

******************************************************************************************
******************************************************************************************
No SSDT Hooks found

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No hidden files/folders found

katana
2009-08-25, 11:44
Very strange ???

Let's just have a couple of checks


----------------------------------------------------------------------------------------
Step 1

Create A Batch File
Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad.
Save it as "All Files" and name it look.bat Please save it on your desktop.



@Echo Off
if exist "%Temp%\Katlog.txt" del /q "%Temp%\Katlog.txt"
For /R "%AllUsersProfile%" %%G in (*) DO (
@Echo Searching .. %%~nG
Echo "%%~nG"|Findstr /R "[A-Za-z]" > nul || Echo "%%~nG"|Findstr /R "[0-9]">nul&& Echo "%%~pG"|findstr "%%~nG">nul&& if exist "%%~dpG\%%~nG.exe" echo "%%~dpG">> "%Temp%\Katlog.txt"
CLS
)
If exist "%Temp%\Katlog.txt" (@Echo Scan Finished) Else (@Echo No Folders Found >>"%Temp%\Katlog.txt")
Notepad "%Temp%\Katlog.txt"
del /q %0
Exit


Double click on look.bat
Please be patient, as this will search the entire disc

Notepad will open, please copy/paste the results here.


----------------------------------------------------------------------------------------
Step 2

Please download the Win32kDiag.exe tool from the following location and save it to your desktop:

http://download.bleepingcomputer.com/rootrepeal/Win32kDiag.exe

Once downloaded, double-click on the program and let it finish. When it states Finished! Press any key to exit..., you can press any key on your keyboard to close the program. On your desktop should now be a file called Win32kDiag.txt.

Double-click on this file and post the contents as a reply to this topic.

dukerus
2009-08-25, 12:04
This is the result for Step One (Katlog.txt):

No Folders Found

---

This is the result for Step Two (Win32kDiag):

Log file is located at: C:\Documents and Settings\Dug Chan\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...





Finished!

dukerus
2009-08-25, 12:08
I just noticed that there are two instances of "iexplore.exe" found under Processes in taskmanager.. although I am not running internet explorer... =\

katana
2009-08-25, 13:53
Download a fresh Copy of Combofix from one of the following links .. (delete any old ones)

ComboFix.exe (http://www.forospyware.com/sUBs/ComboFix.exe)
ComboFix.exe (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)


----------------------------------------------------------------------------------------
Avenger

Note to users reading this topic! This script was created specificly for the particular infection on this specific machine! If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Please download The Avenger2 by SwanDog46 (http://swandog46.geekstogo.com/avenger.zip).
Unzip avenger.exe to your desktop.
Copy the text in the following codebox by selecting all of it, and pressing (<Control> + C) or by right clicking and selecting "Copy"


Drivers to disable:
kungsfimrybfpl
SKYNETeorjqjoq
UACd.sys

Now start The Avenger2 by double clicking avenger.exe on your desktop.
Read the prompt that appears, and press OK.
Paste the script into the textbox that appears, using (<Control> + V) or by right clicking and choosing "Paste".
Press the "Execute" button.
You will be presented with 2 confirmation prompts. Select yes on each. Your system will reboot.
Note: It is possible that Avenger will reboot your system TWICE.
Upon reboot, a command prompt window will appear on your screen for a few seconds, and then Avenger's log will open. Please paste that log here in your next post.


----------------------------------------------------------------------------------------



When Avenger has rebooted the machine, disable all your security programs as before and double click the new Comofix.

dukerus
2009-08-25, 20:53
I copy and pasted the text you provided into avenger, pressed execute and my system rebooted. I returned to safe mode (with networking) and received no further prompts from avenger, and was unable to run Combofix.

When avenger reboots my system, should I allow it to boot to normal windows, or should I be returning to safe mode? I'm also still wary of those two instances of iexplore.exe running on their own...

dukerus
2009-08-25, 21:18
I restarted the system and allowed it to boot to normal windows, where Avenger was able to run and produce the log. Combofix still not working.


Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "a3pw8n89" found!
Could not open driver a3pw8n89 for rootkit scan. Error:c0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Rootkit scan completed.

Driver "kungsfimrybfpl" disabled successfully.
Driver "SKYNETeorjqjoq" disabled successfully.
Disablement of driver "UACd.sys" failed!
Status: 0xc0000001 (STATUS_UNSUCCESSFUL)


Completed script processing.

*******************

Finished! Terminate.

katana
2009-08-25, 22:27
Please run GMER again, and post the fresh log.
Let's see if avenger did any good.

dukerus
2009-08-26, 03:12
Ran gmer again, and it found a rootkit and asked if i want to do a full scan. I selected Yes, and the full scan ran but later encountered a serious error and shuts down. I did this twice and the same thing happened. I just ran it a third time and had success (i think). Here's the log:

GMER 1.0.15.15077 [Look.exe] - http://www.gmer.net
Rootkit scan 2009-08-25 17:09:46
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

INT 0x62 ? 8A6D0BF8
INT 0x63 ? 8A5DDBF8
INT 0x73 ? 8A5DDBF8
INT 0x82 ? 8A6D0BF8
INT 0x83 ? 8A6D0BF8
INT 0xA4 ? 8A5DDBF8
INT 0xB4 ? 8A5DDBF8

Code 8A51F5E8 ZwEnumerateKey
Code 8A512980 ZwFlushInstructionCache
Code 8A1944F6 IofCallDriver
Code 8A174366 IofCompleteRequest
Code 8A5DCE55 ZwSaveKey
Code 8A5A7E55 ZwSaveKeyEx

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!IofCallDriver 804E13A7 5 Bytes JMP 8A1944FB
.text ntoskrnl.exe!IofCompleteRequest 804E17BD 5 Bytes JMP 8A17436B
.text ntoskrnl.exe!ZwSaveKey 804E42AE 5 Bytes JMP 8A5DCE5A
.text ntoskrnl.exe!ZwSaveKeyEx 804E42C2 5 Bytes JMP 8A5A7E5A
PAGE ntoskrnl.exe!ZwEnumerateKey 805783A4 5 Bytes JMP 8A51F5EC
PAGE ntoskrnl.exe!ZwFlushInstructionCache 80585F1C 5 Bytes JMP 8A512984
? spzf.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload BA6AD62C 5 Bytes JMP 8A5DD1D8

---- User code sections - GMER 1.0.15 ----

.text C:\program files\Mozilla Firefox\firefox.exe[964] WS2_32.dll!connect 71AB406A 5 Bytes JMP 100127E0 \\?\globalroot\systemroot\system32\UACgqfucbfalq.dll
.text C:\program files\Mozilla Firefox\firefox.exe[964] WS2_32.dll!send 71AB428A 5 Bytes JMP 100127C0 \\?\globalroot\systemroot\system32\UACgqfucbfalq.dll
.text C:\program files\Mozilla Firefox\firefox.exe[964] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 100129A0 \\?\globalroot\systemroot\system32\UACgqfucbfalq.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[1296] USER32.dll!CreateWindowExW 7E41FC25 5 Bytes JMP 3E2ED2C4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1296] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 3E2151D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1296] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 3E40B6CB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1296] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 3E40B5FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1296] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 3E40B668 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1296] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 3E40B4CE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1296] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 3E40B530 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1296] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 3E40B72E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1296] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 3E40B592 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1296] WS2_32.dll!connect 71AB406A 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1296] WS2_32.dll!send 71AB428A 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1296] WS2_32.dll!recv 71AB615A 5 Bytes JMP 100127A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1296] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1296] WININET.dll!HttpAddRequestHeadersA 3D94D02E 5 Bytes JMP 010B000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[1296] WININET.dll!HttpAddRequestHeadersW 3D94FF29 5 Bytes JMP 011A000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[1432] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 3E254254 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1432] USER32.dll!CallNextHookEx 7E41F85B 5 Bytes JMP 3E2DC8A9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1432] USER32.dll!CreateWindowExW 7E41FC25 5 Bytes JMP 3E2ED2C4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1432] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 3E2151D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1432] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 3E2E9261 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1432] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 3E40B6CB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1432] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 3E40B5FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1432] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 3E40B668 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1432] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 3E40B4CE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1432] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 3E40B530 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1432] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 3E40B72E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1432] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 3E40B592 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1432] ole32.dll!CoCreateInstance 774FFAC3 5 Bytes JMP 3E2ED320 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1432] WS2_32.dll!connect 71AB406A 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1432] WS2_32.dll!send 71AB428A 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1432] WS2_32.dll!recv 71AB615A 5 Bytes JMP 100127A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1432] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1432] WININET.dll!HttpAddRequestHeadersA 3D94D02E 5 Bytes JMP 010B000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[1432] WININET.dll!HttpAddRequestHeadersW 3D94FF29 5 Bytes JMP 011A000A

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8A6622D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F7508C4C] spzf.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7508CA0] spzf.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74D8040] spzf.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74D813C] spzf.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74D80BE] spzf.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74D87FC] spzf.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74D86D2] spzf.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8A5DD2D8
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F74E8048] spzf.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\Iexplore.exe[1432] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1A7B] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A65E1F8
Device \FileSystem\Fastfat \FatCdrom 8A0C11F8
Device \Driver\usbohci \Device\USBPDO-0 8A5DC1F8
Device \Driver\usbohci \Device\USBPDO-1 8A5DC1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A6601F8
Device \Driver\dmio \Device\DmControl\DmConfig 8A6601F8
Device \Driver\dmio \Device\DmControl\DmPnP 8A6601F8
Device \Driver\dmio \Device\DmControl\DmInfo 8A6601F8
Device \Driver\usbohci \Device\USBPDO-2 8A5DC1F8
Device \Driver\usbohci \Device\USBPDO-3 8A5DC1F8
Device \Driver\usbohci \Device\USBPDO-4 8A5DC1F8
Device \Driver\usbehci \Device\USBPDO-5 8A52D1F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A6D11F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A6D11F8
Device \Driver\atapi \Device\Ide\IdePort0 8A6D01F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8A6D01F8
Device \Driver\atapi \Device\Ide\IdePort1 8A6D01F8
Device \Driver\atapi \Device\Ide\IdePort2 8A6D01F8
Device \Driver\atapi \Device\Ide\IdePort3 8A6D01F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-12 8A6D01F8
Device \Driver\sptd \Device\3092614628 spzf.sys
Device \Driver\PCI_PNP8378 \Device\0000004a spzf.sys
Device \Driver\PCI_PNP8378 \Device\0000004a spzf.sys
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A11E1F8
Device \Driver\NetBT \Device\NetbiosSmb 8A11E1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{0E0E37F0-3EF7-43E1-A8A5-B7F35B4A012C} 8A11E1F8
Device ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\usbohci \Device\USBFDO-0 8A5DC1F8
Device \Driver\usbohci \Device\USBFDO-1 8A5DC1F8
Device \Driver\usbohci \Device\USBFDO-2 8A5DC1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A1101F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A1101F8
Device \Driver\usbohci \Device\USBFDO-3 8A5DC1F8
Device \Driver\Ftdisk \Device\FtControl 8A6D11F8
Device \Driver\usbohci \Device\USBFDO-4 8A5DC1F8
Device \Driver\usbehci \Device\USBFDO-5 8A52D1F8
Device \Driver\ntcdrdrv \Device\Scsi\ntcdrdrv1 8A65F1F8
Device \Driver\a2pgr0zp \Device\Scsi\a2pgr0zp1Port5Path0Target0Lun0 8A5161F8
Device \Driver\a2pgr0zp \Device\Scsi\a2pgr0zp1 8A5161F8
Device \Driver\ntcdrdrv \Device\Scsi\ntcdrdrv1Port4Path0Target0Lun0 8A65F1F8
Device \FileSystem\Fastfat \Fat 8A0C11F8
Device \FileSystem\Cdfs \Cdfs 8A0F51F8
---- Processes - GMER 1.0.15 ----

Library \\?\globalroot\systemroot\system32\UACfuxthxjqcr.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [196] 0x00E40000
Library \\?\globalroot\systemroot\system32\UACgqfucbfalq.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [864] 0x01120000
Library \\?\globalroot\systemroot\system32\UACgqfucbfalq.dll (*** hidden *** ) @ C:\program files\Mozilla Firefox\firefox.exe [964] 0x10000000
Library \\?\globalroot\systemroot\system32\UACgqfucbfalq.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [972] 0x10000000
Library \\?\globalroot\systemroot\system32\UACutimusipfy.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [972] 0x00860000
Library \\?\globalroot\systemroot\system32\UACgqfucbfalq.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1140] 0x10000000
Library \\?\globalroot\systemroot\system32\UACutimusipfy.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1140] 0x00860000
Library \\?\globalroot\systemroot\system32\UACfuxthxjqcr.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [1296] 0x00C60000
Library \\?\globalroot\systemroot\system32\UACgqfucbfalq.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1300] 0x10000000
Library \\?\globalroot\systemroot\system32\UACutimusipfy.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1300] 0x00860000
Library \\?\globalroot\systemroot\system32\UACfuxthxjqcr.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [1432] 0x00C60000

---- Services - GMER 1.0.15 ----

Service system32\drivers\kungsfwmqrjoeu.sys (*** hidden *** ) [DISABLED] kungsfimrybfpl <-- ROOTKIT !!!
Service system32\drivers\SKYNETmccxnose.sys (*** hidden *** ) [DISABLED] SKYNETeorjqjoq <-- ROOTKIT !!!
Service C:\WINDOWS\system32\drivers\UACawesrlcwcg.sys (*** hidden *** ) [SYSTEM] UACd.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfimrybfpl@start 4
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfimrybfpl@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfimrybfpl@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfimrybfpl@imagepath \systemroot\system32\drivers\kungsfwmqrjoeu.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfimrybfpl\main
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfimrybfpl\main@aid 10002
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfimrybfpl\main@sid 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfimrybfpl\main@cmddelay 7200
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfimrybfpl\main\delete
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfimrybfpl\main\injector
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfimrybfpl\main\injector@* kungsfwsp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfimrybfpl\main\tasks
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfimrybfpl\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfimrybfpl\modules@kungsfrk.sys \systemroot\system32\drivers\kungsfwmqrjoeu.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfimrybfpl\modules@kungsfcmd.dll \systemroot\system32\kungsfxlfswtpm.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfimrybfpl\modules@kungsflog.dat \systemroot\system32\kungsfqwnwdxxx.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfimrybfpl\modules@kungsfwsp.dll \systemroot\system32\kungsfsmprshqu.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfimrybfpl\modules@kungsf.dat \systemroot\system32\kungsfgpnnqjrk.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETeorjqjoq@start 4
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETeorjqjoq@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETeorjqjoq@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETeorjqjoq@imagepath \systemroot\system32\drivers\SKYNETmccxnose.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETeorjqjoq\main
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETeorjqjoq\main\injector
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETeorjqjoq\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETeorjqjoq\modules@SKYNETrk.sys \systemroot\system32\drivers\SKYNETmccxnose.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETeorjqjoq\modules@SKYNETcmd.dll \systemroot\system32\SKYNETeqobdwpr.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x76 0x72 0xA1 0x55 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x12 0xA7 0x6F 0x0E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x4E 0xAD 0x38 0x77 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACawesrlcwcg.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACawesrlcwcg.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACemtvytpysy.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACsr \\?\globalroot\systemroot\system32\UACewiwuyusct.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACgqfucbfalq.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACegxwvvpwsa.db
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACutimusipfy.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACfuxthxjqcr.dll
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfimrybfpl@start 4
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfimrybfpl@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfimrybfpl@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfimrybfpl@imagepath \systemroot\system32\drivers\kungsfwmqrjoeu.sys
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfimrybfpl\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfimrybfpl\main@aid 10002
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfimrybfpl\main@sid 0
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfimrybfpl\main@cmddelay 7200
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfimrybfpl\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfimrybfpl\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfimrybfpl\main\injector@* kungsfwsp.dll
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfimrybfpl\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfimrybfpl\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfimrybfpl\modules@kungsfrk.sys \systemroot\system32\drivers\kungsfwmqrjoeu.sys
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfimrybfpl\modules@kungsfcmd.dll \systemroot\system32\kungsfxlfswtpm.dll
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfimrybfpl\modules@kungsflog.dat \systemroot\system32\kungsfqwnwdxxx.dat
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfimrybfpl\modules@kungsfwsp.dll \systemroot\system32\kungsfsmprshqu.dll
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfimrybfpl\modules@kungsf.dat \systemroot\system32\kungsfgpnnqjrk.dat
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETeorjqjoq@start 4
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETeorjqjoq@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETeorjqjoq@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETeorjqjoq@imagepath \systemroot\system32\drivers\SKYNETmccxnose.sys
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETeorjqjoq\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETeorjqjoq\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETeorjqjoq\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETeorjqjoq\modules@SKYNETrk.sys \systemroot\system32\drivers\SKYNETmccxnose.sys
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETeorjqjoq\modules@SKYNETcmd.dll \systemroot\system32\SKYNETeqobdwpr.dll
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x76 0x72 0xA1 0x55 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x12 0xA7 0x6F 0x0E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x4E 0xAD 0x38 0x77 ...
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACawesrlcwcg.sys
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACawesrlcwcg.sys
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACemtvytpysy.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACsr \\?\globalroot\systemroot\system32\UACewiwuyusct.dat
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACgqfucbfalq.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACegxwvvpwsa.db
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACutimusipfy.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACfuxthxjqcr.dll

---- Files - GMER 1.0.15 ----

File C:\Photoshop\Uninst.isu (size mismatch) 45056/808955 bytes executable

---- EOF - GMER 1.0.15 ----

katana
2009-08-26, 11:44
Boot to safe mode and try the following.

If the first instruction doesn't work, try the second

#1
Run ComboFix using these instructions:

Click the Windows 'Start' button > Select 'Run' - then copy/paste the following bolded text into the run box & click OK.

"%userprofile%\desktop\combofix.exe" /killall

When finished, it shall produce a log for you. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.




#2
Run ComboFix using these instructions:

Click the Windows 'Start' button > Select 'Run' - then copy/paste the following bolded text into the run box & click OK.

"%userprofile%\desktop\combofix.exe" /stepdel

When finished, it shall produce a log for you. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

dukerus
2009-08-26, 12:27
I was finally(!) able to run combofix using the 2nd method provided. I hope it will help us move forward in this....


ComboFix 09-08-25.04 - Dug Chan 26/08/2009 2:12.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.2.1033.18.2046.1664 [GMT -7:00]
Running from: c:\documents and settings\Dug Chan\Desktop\ComboFix.exe
Command switches used :: /stepdel
* Created a new restore point
.
PEV Error: CacheFolder

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\2da2ee1.msi
c:\windows\Installer\2e6db.msi
c:\documents and settings\Dug Chan\Application Data\inst.exe
c:\documents and settings\Dug Chan\My Documents\ZbThumbnail.info
c:\windows\run.log
c:\windows\system32\drivers\kungsfwmqrjoeu.sys
c:\windows\system32\drivers\SKYNETmccxnose.sys
c:\windows\system32\drivers\UACawesrlcwcg.sys
c:\windows\system32\kungsfgpnnqjrk.dat
c:\windows\system32\kungsfqwnwdxxx.dat
c:\windows\system32\kungsfsmprshqu.dll
c:\windows\system32\kungsfxlfswtpm.dll
c:\windows\system32\SKYNETeqobdwpr.dll
c:\windows\system32\UACegxwvvpwsa.db
c:\windows\system32\UACemtvytpysy.dll
c:\windows\system32\UACewiwuyusct.dat
c:\windows\system32\UACfuxthxjqcr.dll
c:\windows\system32\UACgqfucbfalq.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACutimusipfy.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_kungsfimrybfpl
-------\Legacy_kungsfimrybfpl
-------\Service_SKYNETeorjqjoq
-------\Legacy_SKYNETeorjqjoq
-------\Service_UACd.sys
-------\Legacy_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-07-26 to 2009-08-26 )))))))))))))))))))))))))))))))
.

2009-08-25 08:17 . 2009-08-25 08:17 -------- d-----w- c:\documents and settings\Administrator.DUG\Local Settings\Application Data\Mozilla
2009-08-25 08:16 . 2009-08-25 08:16 -------- d-sh--w- c:\documents and settings\Administrator.DUG\PrivacIE
2009-08-24 20:33 . 2009-08-03 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-24 20:33 . 2009-08-24 20:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-24 20:33 . 2009-08-03 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-23 08:27 . 2009-08-23 08:28 -------- d-----w- C:\rsit
2009-08-23 08:27 . 2009-08-23 08:28 -------- d-----w- c:\program files\trend micro
2009-08-23 08:25 . 2009-08-24 19:52 174 ----a-w- c:\windows\system32\uacsr.dat
2009-08-23 08:25 . 2009-08-23 08:25 174 ----a-w- c:\windows\system32\UACcbritfjolx.dat
2009-08-19 00:10 . 2009-08-19 00:10 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-08-18 23:34 . 2009-08-18 23:46 -------- d-----w- C:\H.osts
2009-08-18 23:26 . 2009-08-18 23:26 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-18 23:26 . 2009-08-18 23:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-18 03:09 . 2008-08-07 09:49 -------- d-----w- c:\documents and settings\Administrator.DUG\Local Settings\Application Data\Microsoft Help
2009-08-18 02:10 . 2009-08-18 02:10 71168 ----a-w- c:\windows\system32\drivers\mtvpwipyyqxnkibi.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-25 18:08 . 2008-07-22 20:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-08-23 22:30 . 2007-12-26 10:25 -------- d-----w- c:\program files\BearShare
2009-08-18 04:27 . 2008-01-16 09:52 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-18 03:05 . 2007-12-16 10:42 -------- d-----w- c:\program files\lg_fwupdate
2009-08-18 01:58 . 2009-08-18 01:58 784390 ----a-w- c:\windows\system32\xa.tmp
2009-08-17 22:57 . 2009-07-19 18:54 -------- d-----w- c:\documents and settings\Dug Chan\Application Data\vlc
2009-08-17 21:25 . 2008-04-21 03:50 -------- d-----w- c:\documents and settings\Dug Chan\Application Data\uTorrent
2009-08-17 10:42 . 2009-04-27 01:46 -------- d-----w- c:\documents and settings\Dug Chan\Application Data\Audacity
2009-08-05 22:20 . 2009-06-26 19:44 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-07-21 07:48 . 2009-07-21 07:47 -------- d-----w- c:\program files\iTunes
2009-07-21 07:47 . 2009-07-21 07:47 -------- d-----w- c:\program files\iPod
2009-07-21 07:47 . 2007-12-28 10:03 -------- d-----w- c:\program files\Common Files\Apple
2009-07-21 07:44 . 2009-07-21 07:44 75040 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-06-02 00:06 . 2009-06-02 00:06 34063 ----a-w- c:\documents and settings\Dug Chan\Application Data\Move Networks\ie_bin\Uninst.exe
2009-05-29 20:36 . 2009-03-20 21:14 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-05-29 20:36 . 2007-12-28 10:04 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-03 102400]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2007-12-16 249856]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 1057328]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-10-22 136600]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 77824]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"Nokia FastStart"="c:\program files\Nokia\Nokia Music\NokiaMusic.exe" [2008-06-30 2327776]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-03-21 16126464]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\Dug Chan\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2007-12-26 3450608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-07-03 20:43 10536 ----a-w- c:\program files\Citrix\GoToAssist\516\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AntiVirService"=3 (0x3)
"AntiVirSchedulerService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\ABC\\abc.exe"=
"c:\\Program Files\\Steam\\steamapps\\dukerus\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.9\\cnc3game.dat"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Steam\\steamapps\\dukerus\\team fortress 2\\hl2.exe"=
"d:\\Games\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Games\\Battle for Middle Earth II\\game.dat"=
"d:\\Games\\Battle for Middle Earth II\\EP1\\game.dat"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\Program Files\\Electronic Arts\\Command & Conquer 3 Kane's Wrath\\RetailExe\\1.0\\cnc3ep1.dat"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"d:\\Games\\LucasArts\\Jedi Outcast\\GameData\\jk2mp.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"d:\\Games\\Mirror's Edge\\Binaries\\MirrorsEdge.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 ntcdrdrv;ntcdrdrv;c:\windows\system32\drivers\ntcdrdrv.sys [17/04/2008 5:53 PM 13440]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [20/07/2007 7:40 PM 84992]
S3 miniusb;FrameManager Display Adapter;c:\windows\system32\DRIVERS\sam_miniusb.sys --> c:\windows\system32\DRIVERS\sam_miniusb.sys [?]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [21/10/2008 8:58 PM 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [21/10/2008 8:58 PM 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [21/10/2008 8:58 PM 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [21/10/2008 8:58 PM 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [21/10/2008 8:58 PM 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [21/10/2008 8:58 PM 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [21/10/2008 8:58 PM 115752]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [21/10/2008 8:58 PM 90408]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [21/10/2008 8:58 PM 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [21/10/2008 8:58 PM 122024]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [21/10/2008 8:58 PM 115368]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [21/10/2008 8:58 PM 25768]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [21/10/2008 8:58 PM 111784]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [21/10/2008 8:58 PM 117544]
S3 SODI;SODI;c:\windows\system32\DRIVERS\sam_miniport.sys --> c:\windows\system32\DRIVERS\sam_miniport.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://xbox360.ign.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Dug Chan\Application Data\Mozilla\Firefox\Profiles\4t6o41bt.default\
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-26 02:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2000478354-73586283-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:42,8c,28,b1,e7,15,de,32,4d,f9,6d,e6,3f,23,59,92,92,39,7e,16,48,
ee,70,6c,b7,d5,67,e4,12,c6,11,10,73,da,03,fd,5a,31,66,f4,ed,9f,94,e0,08,ea,\
"rkeysecu"=hex:b2,95,69,23,48,0e,8f,40,83,e4,b7,0a,9a,82,70,69
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(764)
c:\windows\system32\Ati2evxx.dll
c:\program files\Citrix\GoToAssist\516\G2AWinLogon.dll
.
Completion time: 2009-08-26 2:18
ComboFix-quarantined-files.txt 2009-08-26 09:18

Pre-Run: 78,777,982,976 bytes free
Post-Run: 78,772,711,424 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

229 --- E O F --- 2009-03-04 11:00

katana
2009-08-26, 13:09
Excellent

The rest should be plain sailing now :)

----------------------------------------------------------------------------------------
Step 1

Custom CFScript

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:


http://forums.spybot.info/showthread.php?p=331143#post331143
Collect::
c:\windows\system32\uacsr.dat
c:\windows\system32\UACcbritfjolx.dat
c:\windows\system32\drivers\mtvpwipyyqxnkibi.sys
c:\windows\system32\xa.tmp
DirLook::
C:\H.osts
Folder::
c:\Program Files\BearShare
c:\documents and settings\Dug Chan\Application Data\uTorrent
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=-

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\ABC\\abc.exe"=-
"c:\\Program Files\\uTorrent\\uTorrent.exe"=-
ADS::
Save this as CFScript.txt and place it on your desktop.


http://i51.photobucket.com/albums/f387/Katana_1970/CFScriptb.gif


Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
**Note**
When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis. Ensure you are connected to the internet and click OK on the message box.
Copy and paste the contents of the log in your next reply.


CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


----------------------------------------------------------------------------------------
Step 2

Malwarebytes' Anti-Malware

Start MalwareBytes AntiMalware

Update Malwarebytes' Anti-Malware
Select the Update tab
Click Update

When the update is complete, select the Scanner tab
Select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply
If you accidently close it, the log file is saved here and will be named like this:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt


----------------------------------------------------------------------------------------
Step 3

Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html

Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.


**Note**

To optimize scanning time and produce a more sensible report for review: Close any open programs.
Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

----------------------------------------------------------------------------------------
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Some of the logs I request will be quite large, You may need to split them over a couple of replies.

Combofix log
MalwareBytes log
Kaspersky log
How are things running now ?

dukerus
2009-08-27, 07:29
Looks like I'll have to split my Combofix log into two posts..

ComboFix 09-08-26.05 - Dug Chan 26/08/2009 12:19.2.2 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.2.1033.18.2046.1755 [GMT -7:00]
Running from: c:\documents and settings\Dug Chan\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Dug Chan\Desktop\CFScript.txt

file zipped: c:\windows\system32\drivers\mtvpwipyyqxnkibi.sys
file zipped: c:\windows\system32\UACcbritfjolx.dat
file zipped: c:\windows\system32\uacsr.dat
file zipped: c:\windows\system32\xa.tmp
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Dug Chan\Application Data\uTorrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\-The_roots_-_ 8_Albums_-.1.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\-The_roots_-_ 8_Albums_-.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\#gamemp3s Archive K-L.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\#gamemp3s Archive M.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\#gamemp3s Archive S part 2.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\[HentaiShare].Acrobat.1.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\[HentaiShare].Artificial.Girl.3.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\[HST] MonsterQuest - Giant Squid Found.1.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\[HST] MonsterQuest - Giant Squid Found.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\12.Rounds.READNFO.R5.LiNE.XviD-DEViSE.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\17 Again[2009]DvDrip[Eng]-FXG.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\2007.Dexter.Season02.Full.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\2008 - Human.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\30 Rock S03E03.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\30.Rock.S02E11.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\30.Rock.S02E12.HR.HDTV.AVC.AC3-TAM.mkv.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\30.Rock.S02E13.HDTV.XviD-XOR.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\30.Rock.S02E14.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\30.Rock.S02E15.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\30.Rock.S03E01.HDTV.XviD-LOL.avi.1.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\30.Rock.S03E01.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\30.Rock.S03E02.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\30.Rock.S03E04.HDTV.XviD.REPACK-LOL.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\30.Rock.S03E05.HDTV.XviD-LOL.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\30.Rock.S03E06.Christmas.Special.HDTV.XviD-FQM.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\30.Rock.S03E07.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\30.Rock.S03E08.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\30.Rock.S03E09.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\30.Rock.S03E10.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\30.Rock.S03E11.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\30.Rock.S03E12.HDTV.XviD-0TV.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\30.Rock.S03E13.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\30.Rock.S03E14.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\30.Rock.S03E15.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\30.Rock.S03E16.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\30.Rock.S03E17.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\30.Rock.S03E18.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\30.Rock.S03E19.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\30.Rock.S03E20.HDTV.XviD-LOL.avi.1.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\30.Rock.S03E20.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\30.Rock.S03E21.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\30.Rock.S03E22.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\300[2006]DvDrip[Eng]-aXXo.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\A Kid Named Cudi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Adobe.Dreamweaver.CS4-NoPE.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Adrift in Tokyo.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Adventureland.DVDSCR.XViD-CRUX.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Aesop Rock - 2007 - All Day Nike+ Original Run (Continuous Mix).torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Alien.Vs.Predator-Requiem[2007][Unrated.Edition]DvDrip[Eng]-aXXo.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Alphabeat - This Is Alphabeat [2008][CD+SkidVid_Xvid+Cov].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\America's Best Dance Crew S01E03 Xvid-CDPLAYABACKUP.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\America's Best Dance Crew S02E05.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\America's Best Dance Crew S03E02 Xvid-CDPLAYABACKUP.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\America's Best Dance Crew S03E03 Xvid-CDPLAYABACKUP.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\americas.best.dance.crew.s03e06.ws.dsr.xvid.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Anchorman[Unrated]DVDRip.Xvid.2004-tots.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Andy Richter Controls the Universe [Xvid TV rip].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Animal Collective.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Anna Ternheim - Halfway To Fivepoints (2008) - Folk [www.torrentazos.com].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Anna Ternheim - Shoreline.mpg.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Anna_Ternheim_-_Separation_road.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Ashanti - The Declaration [2008][CD+SkidVid_XviD+Cov].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\ASHER ROTH - The GreenHouse Effect Vol. 1.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Ashlee Simpson-BittersweetWrld[2008][CD+3 SkidVid_XviD+Cov].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Augustana-Cant_Love_Cant_Hurt-2008-FNT.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Avril Lavigne.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Bart.Got.A.Room.2009.DvDRip-FxM.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Bat For Lashes - Two Suns.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Be.Kind.Rewind[2008]DvDrip-aXXo.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Ben Folds - Discography.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Ben.X.2007.DVDRip.XviD.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Ben_Folds-Way_To_Normal-2008-BENFOLDS.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\benny benassi- who's your daddy uncensored.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Benny Benassi - Best Of Benny Benassi (2007).torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Benny_Benassi-The_Remix_Sessions-2009.[www.Mixermusic.net].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Best of Jenna Jameson[DVDrip][XXX][www.NEWPCT.com].avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Beyonce - If I Were A Boy_NEW 2008.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Beyonce - Single Ladies.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\blackwhiterun.mp3.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Bloc Party - Intimacy [2008].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Bolt.DVDSCR.XViD-mVs.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Bon Iver - For Emma, Forever Ago [2007].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Borat[2006]DvDrip.AC3[Eng]-aXXo.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Boston - Greatest Hits.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Bryan Adams.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Buraka Som Sistema_Black diamond.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Busta Rhymes - Back On My Shit (2009) - Hip Hop [www.torrentazos.com].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Busta Rhymes.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Calles Sin Nombre (2009) [ENG] [DVDRip] [XviD-MoH].avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\CB4.DVDRip.XviD-SUNOFWIZZ.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Chris Rock - Bigger & Blacker.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Chrisette_Michele-Epiphany-2009-wWw.FiveMP3.CoM.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Coldplay - Viva La Vida Or Death And All His Friends - (Kingdom-music by Bob White).torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Coldplay.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Command.And.Conquer.Red.Alert.3.Update.1.04.Cracked-BAT.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Constantines-Kensington_Heights-2008-RTB.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Crayon Physics Deluxe.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Crystal Castles.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Da Drought 3.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Daniel Merriweather - Love & War.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Daniel Merriweather - Love and War (2009) KompletlyWyred DHZ Inc Release.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\David Byrne & Brian Eno [2008] Everything That Happens Will Happen Today.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Death From Above 1979.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Death_Cab_For_Cutie-Narrow_Stairs-2008-DEATHCABFORCUTiE.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Debbie Does Dallas - The Next Generation 2000.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Debbie Does Dallas Again - 2007 (Evan Stone, Savanna Samson, Hillary Scott, Courtney Simpson, Penny Flame, Moniqu.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Demetri.Martin.Person.2007.DVDRip.XviD-VH-PROD.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Departures.2008.JAP.DVDRip.XviD-CiELO.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Dexter.S01.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Dexter.S03.COMPLETE.VOSTFR.HDTV.XviD-PM5.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Dexter.S03E01.DVDScr.XviD-NOTYOU.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Dexter.S03E02.HDTV.XviD-0TV.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Dexter.S03E03.HDTV.XviD-NoTV.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Dexter.S03E04.HDTV.XviD-0TV.[VTV].avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Dexter.S03E05.HDTV.XviD-0TV.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Dexter.S03E06.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Dexter.S03E07.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Dexter.S03E08.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Dexter.S03E09.HDTV.XviD-0TV.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Dexter.S03E10.HDTV.XviD-0TV.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Dexter.S03E11.HDTV.XviD-aAF.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Dexter.S03E12.HDTV.XviD-aAF.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\dht.dat
c:\documents and settings\Dug Chan\Application Data\uTorrent\dht.dat.old
c:\documents and settings\Dug Chan\Application Data\uTorrent\Digitalism - Idealism [2007].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Does It Offend You Yeah - You Have No Idea What You're Getting Yourself Into (2008).torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Does You Inspire You.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Dr. Dre - Chronic 2001.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Drake - So Far Gone[2009].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Duffy - Rockferry [2008][CD+2 SkidVid_XviD+Cov]192Kbps.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Eddie Murphy - Delirious [DivX].avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Eddie.Murphy.Raw.1987.PROPER.DVDRip.XviD-SChiZO.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\El Perro del Mar - From The Valley To The Stars [2008].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Elvis Costello & The Imposters - Momofuku (2008) - Rock.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Fantasies.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Fat_Girl (xvid110-sickboy88).torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Fearless.2006.DVDRip.XviD-BiEN.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Fine Young Cannibals 5 Album Discography.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Fink - Distance And Time (Advance 2007) - Indie [www.torrentazos.com].rar.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Firefox AK - Madame Madame (2006).torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Flash.Point[2007]DvDrip-aXXo.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Foo Fighters - 10 Albums [+Covers][+Vid][320kbps][DeadPoetRIP]@H33T.com.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Friendly_Fires-Friendly_Fires-(Advance)-2008-DV8.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\GBs0aSqE_Manny Pacquiao vs. Ricky Hatton [MNB].AVI.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Girl Talk - Feed The Animals (2008).torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Girl Talk - Night Ripper.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Girl Talk.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Girls and Boys.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Gnarls Barkley - The Odd Couple [2008][CD+SkidVid_XviD+Cov].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Gran.Torino.DVDSCR.xViD-xSCR.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Grand National - A Drink And A Quick Decision [2007] Bonus Track.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Greg the Bunny 2005.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Greg The Bunny.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Happy.Go.Lucky.[2008.Eng].DVDRip.DivX-LTT.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\HBO.Presents.Louis.CK.Shameless.HDTV.XviD-Kyr.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\He's Just Not That Into You[2009]DvDrip[Eng]-FXG.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\HIMYM - Season 1.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\HotRod.English.DVDRIP.DIVX.EvilSnowmen.2007.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\House.S04E10.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\House.S04E11.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\House.S04E12.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\House.S04E13.HDTV.XviD-XOR.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\House.S04E14.HDTV.XviD-NoTV.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\House.S04E15.HDTV.XviD-0TV.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\House.S04E16.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\House.S05E01.HDTV.XviD-NoTV.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\House.S05E02.HDTV.XviD-NoTV.avi.1.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\House.S05E02.HDTV.XviD-NoTV.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\House.S05E03.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\House.S05E04.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\House.S05E05.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\House.S05E06.Joy.HDTV.XviD-FQM.avi.1.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\House.S05E06.Joy.HDTV.XviD-FQM.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\House.S05E07.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\House.S05E08.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\House.S05E09.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\House.S05E10.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\House.S05E11.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\House.S05E12.Painless.HDTV.XviD-FQM.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\House.S05E13.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\House.S05E14.HDTV.XviD-2HD.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\House.S05E15.Unfaithful.HDTV.XviD-FQM.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\House.S05E16.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\House.S05E17.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\House.S05E18.HDTV.XviD-LOL.[VTV].avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\House.S05E19.HDTV.XviD-LOL.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\House.S05E20.Simple.Explanation.HDTV.XviD-FQM.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\House.S05E21.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\House.S05E22.HDTV.XviD-LOL.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\House.S05E23.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\House.S05E24.HDTV.XviD-LOL.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\howling bells-radio wars.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Howling Bells - Howling Bells [2006].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Human Giant Season 2.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\I.Love.You.Man.DVDRip.XviD-DASH.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Important.Things.with.Demetri.Martin.REPACK.S01E01.DSRip.XviD-aAF.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Ip Man[2008]DVDrip[Zho]+Eng softsub -alwaysontop.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Iron & Wine-The Shepherd's Dog.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Iron & Wine.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Jamie Foxx - Intuition.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Jamie_Lidell-Jim-2008-RTB.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Janelle Monae - Metropolis The Chase Suite (Special Edition 2008) - R&B.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Jason Mraz - We Sing, We Dance, We Steal Things [2008].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\JCVD[2008]DvDrip[Eng]-FXG.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Jenna Jameson Collection.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Jens Lekman - Night Falls Over Kortedala.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Jet Li - Once Upon A Time In China 2.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Jimi Hendrix - Experience Hendrix- The Best of.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\John Mayer All Albums by MusicmindedNL.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\John Mayer.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\John_Legend-Evolver deluxe edition 2008.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Jumper.2008.ENGLISH.TELESYNC.DivX-LTT.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Jurassic.Fight.Club.S01E01.Cannibal.Dinosaur.HDTV.XviD-FQM.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Jurassic.Fight.Club.S01E02.The.T-Rex.Hunter.HDTV.XviD-FQM.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Jurassic.Fight.Club.S01E03.Gang.Killers.HDTV.XviD-FQM.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Jurassic.Fight.Club.S01E04.Bloodiest.Battle.HDTV.XviD-FQM.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Justin Timberlake.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Karina - First Love (2008) - R&B [www.torrentazos.com].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Kaskade-Love_Mysterious-(Advance)-2006-RNS.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Kaskade - In The Moment [2004].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Kaskade - Strobelite Seduction 2008(By troncho)-www.tripilandia.es-.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Keane-Perfect_Symmetry-(Deluxe_Edition)-2CD-2008.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Keane - The Theft Of Octo.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Keri Hilson - In A Perfect World... (Explicit Retail).torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Keyshia Cole - A Different Me [Retail].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Kid Rock Collection.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Kidz_In_The_Hall-The_In_Crowd-2008-C4.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\KILL_ZONE.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Killing Floor + Free Multiplayer.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Kira Kener Filmography.1.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Kira Kener Filmography.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Kitchen.Confidential.(2005).Season.1.DVD-Rip [eFiCi].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Kleerup-Kleerup-(EMI)-2008-soup.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Ladytron-Velocifero (2008) [Mp3][www.zonatorrent.com].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Late Night Alumni - Empty Streets [Hed Kandi] (2005).torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Left4Dead (PC) (ENG)(NON-STEAM) (ALREADY CRACKED) (DIRECT PLAY) [blaze69].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Lela.Star.Loves.Cock[2009]DVDRip-Perlite.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Lenka-Lenka[2008][MP3@320kbps]-antecho.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Lenny Kravitz - Greatest Hits.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Lights - EP(2008).rar.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Lights.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Lil Wayne - Tha Carter II [2005].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Lil.Wayne-Tha.Carter.III.Retail-2008-[NoFS].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Lily Allen - It's Not Me It's You [mp3-320-2009].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Lindstrom-Where_you_go_I_go_too-(Feedelity)-2008-JUST.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Lisa Hannigan - Sea Sew (2008).torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\LMFAO - Party Rock-2009-CMS - Rock Music Album - rcrocks.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\LMFAO (24 songs - leaked and more) blissful0ne [Feb 2009].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Louis.CK-Chewed.Up(2008)DvdScr[MiNdSkiN]1337x.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Love.Stinks[1999][DvDrip][Eng]-Criptkprr.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Lykke_Li-Youth_Novel-2008-TRAMPOLiN.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Lynda.com - DreamweaverCS4 Essential Training.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\M83 - Dead Cities, Red Seas & Lost Ghosts.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\m83 - saturdays = youth (2008).torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\M83.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Magic ISO Maker 5.4 with serial.rar.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\MagicISO Maker v5.5 (Build 265) [BRAiGHTLiNG Crack][h33t][matt14].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Mariah Carey - Discography- The Pirate Bay-.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Marley & Me[2008]DvDrip[Eng]-FXG.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Matt Costa Discography.1.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Matt Costa Discography.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Maxwell - Discography.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\MGMT - Oracular Spectacular 320kbs.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Michael Jackson - Discography.2009.320.KBPS-KTY.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Michael Jackson.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Microcastle.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Microsoft Office Enterprise 2007 (VOXIGEN@mininova.org).torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Miike Snow.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Mirror's Edge.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Miss March 2009 UNRATED DVDRip XviD-AMIABLE.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Mommas.Man.2008.PROPER.DVDRip.XviD.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Monique Alexander & Sunny Lane - All Dressed Up.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Mos Def-The Ecstatic (2009) KompletlyWyred DHZ Inc Release.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\MOS Trance Nation.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\MOS_Clubbers_Guide_2009(split tracks).torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Moyea FLV To Video Converter Pro v1.29.2.11.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Mr Hudson & The Library - A Tale Of Two Cities.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\MS-Office.2003.SP3.updated.17.Feb.2009.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Muse - 5 albums.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Musiq Soulchild - Onmyradio [2008].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\My Plaything Jenna Jameson 2 - It's A Boy!.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\N-E-R-D.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\N.E.R.D-Seeing_Sounds-Retail-2008-HHKINGZ.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Nada Surf - Lucky [2008].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\National.Geographics.Fight.Science.DSR.XviD-KmF.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Neko Case - Middle Cyclone.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Never.Back.Down[2008]DvDrip-aXXo.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\New Kids On the Block - 1989 - Merry Merry Christmas.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\New Kids On the Block.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Nick.and.Norahs.Infinite.Playlist.REPACK.DVDRip.XviD.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\not Jet Li - Iron Monkey DvDrip(DivX) Eng - by Good Fight MaXXoM group - GFMMg.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Nothing.But.The.Truth.LiMiTED.DVDRip.XviD-ARiGOLD.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Notorious BIG.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Notorious[2009]DvDrip[Eng]-FXG.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Nouns.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Nurses xXx DVDRip.XviD.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Nurses.XXX.DVDRiP.XviD-VBT.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Of Montreal - Skeletal Lamping.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Office 2003 Professional with SP1,2,3 + Working Serial.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Office 2003.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Office 2007 Enterprise Blue Edition.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Office2003Lite-SFX.exe.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Ong-Bak.2.2008.READ.NFO.DVDRip.XviD-d0h.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Ong-Bak.2003.DVDRip.XviD-VALiOMEDiA.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Ong.Bak.2.2008.DVDRip.XviD-TDM.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\OST_Pulp.Fiction.Collector's.Edition.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Outkast Discography.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\P2.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Parks.and.Recreation.S01E01.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Parks.and.Recreation.S01E02.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Parks.and.Recreation.S01E03.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Parks.and.Recreation.S01E04.Boys.Club.HDTV.XviD-FQM.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Parks.and.Recreation.S01E05.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Parks.and.Recreation.S01E06.Rock.Show.HDTV.XviD-FQM.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Passion Pit.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Paul Blart Mall Cop[2009]DvDrip[Eng]-FXG.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Peaches - I Feel Cream [mp3-vbr-2009].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Pete Yorn - Musicforthemorningafter (2001).torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Peter Bjorn and John - Living Thing.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Peter Bjorn And John - Peter Bjorn And John.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Peter Bjorn And John - Writer's Block [2006].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Peter_Bjorn_And_John-Seaside_Rock-(Advance)-2008-PBJ.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Phoenix - Wolfgang Amadeus Phoenix [mp3-160-2009].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Pink - I'm Not Dead [2006][CD+Vid+Covers].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Postal Service, The.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Pretty.Woman.1CD.Soundtrack.[WmC-PL].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Pure.18.Vol.7.XviD-PORNOLATiON.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Q-Tip-Amplified-1999-iNT-OSM.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Q-Tip_-_The_Renaissance-2008-YSP[www.dutchdawn.com].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Röyksopp - The Understanding (2005).torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Rambo[2008]DvDrip[Eng]-FXG.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Ramsay's Kitchen Nightmares - UK.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Randy.Jackson.Presents.Americas.Best.Dance.Crew.S02E01.WS.DSR.XviD-SYS.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Randy.Jackson.Presents.Americas.Best.Dance.Crew.S02E02.WS.DSR.XviD-SYS.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Randy.Jackson.Presents.Americas.Best.Dance.Crew.S02E03.DSR.XviD-OMiCRON.1.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Randy.Jackson.Presents.Americas.Best.Dance.Crew.S02E03.DSR.XviD-OMiCRON.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Randy.Jackson.Presents.Americas.Best.Dance.Crew.S02E06.WS.DSR.XviD-SYS.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Randy.Jackson.Presents.Americas.Best.Dance.Crew.S02E07.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Randy.Jackson.Presents.Americas.Best.Dance.Crew.S02E08.WS.DSR.XviD.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\randy.jackson.presents.americas.best.dance.crew.s03e04.dsr.xvid-omicron.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Randy.Jackson.Presents.Americas.Best.Dance.Crew.S03E05.WS.DSR.XviD-SYS.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\randy.jackson.presents.americas.best.dance.crew.s03e07.dsr.xvid-omicron.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Raphael Saadiq.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Real Female Orgasms 9 XXX DVDRip Squirting www.sesionvip.com.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Real.Female.Orgasms.8.[www.kiborg.org]XXX.DVDRiP.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\resume.dat
c:\documents and settings\Dug Chan\Application Data\uTorrent\resume.dat.old
c:\documents and settings\Dug Chan\Application Data\uTorrent\Richard Hawley - Coles Corner (2005).torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Richard.Pryor.Live.In.Concert.1979.DVDRip.Xvid.iNT-420Ripz.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\RIP.A.Remix.Manifesto.Xvid.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Robert Greene, The 48 Laws of Power.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Role.Models[2008][Unrated.Edition]DvDrip-aXXo.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Royksopp-The_Girl_and_The_Robot-WEB-2009-QB.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Royksopp - Junior [mp3-192-2009].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Royksopp - Junior 2009.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Royksopp - Melody A-M.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\rss.dat
c:\documents and settings\Dug Chan\Application Data\uTorrent\rss.dat.old
c:\documents and settings\Dug Chan\Application Data\uTorrent\Ryan Leslie - Ryan Leslie [GeneGeter.com].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Saint Etienne - London Conversations (Advance) [2008] - Electronic [www.torrentazos.com].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\santogold[mp3-by-Oj].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Saturday.Night.Live.S34E21.Justin.Timberlake.HDTV.XviD-2HD.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Saturday.Night.Live.S34E22.Will.Ferrell.HDTV.XviD-iHT.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\SB3_CEE-EN.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Semi-Pro[2008]DvDrip AC3[Eng]-FXG.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\settings.dat
c:\documents and settings\Dug Chan\Application Data\uTorrent\settings.dat.old
c:\documents and settings\Dug Chan\Application Data\uTorrent\Seven.Pounds[2008]DvDrip-aXXo.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Sharkwater[2006]DvDrip[Eng]-NikonXP.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\SL-MA-SLM.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\SnowPatrol-AHundredMillionSuns[2008][CD+SkidVid_XviD+Cov].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\So.You.Think.You.Can.Dance.S05E01.WS.PDTV.XviD-2HD.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\So.You.Think.You.Can.Dance.S05E02.WS.PDTV.XviD-FQM.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\So.You.Think.You.Can.Dance.S05E03.WS.PDTV.XVID-BAJSKORV.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\So.You.Think.You.Can.Dance.S05E04.PROPER.WS.PDTV.XviD-FQM.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\So.You.Think.You.Can.Dance.S05E05.WS.PDTV.XviD-FQM.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\so.you.think.you.can.dance.s05e06.ws.pdtv.xvid-2hd.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\So.You.Think.You.Can.Dance.S05E07.WS.PDTV.XviD-2HD.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\So.You.Think.You.Can.Dance.S05E08.WS.PDTV.XviD-2HD.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\So.You.Think.You.Can.Dance.S05E09.WS.PDTV.XviD-FQM.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\So.You.Think.You.Can.Dance.S05E10.WS.PDTV.XviD-2HD.avi.1.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\So.You.Think.You.Can.Dance.S05E10.WS.PDTV.XviD-2HD.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\So.You.Think.You.Can.Dance.S05E11.WS.PDTV.XviD-2HD.avi.1.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\So.You.Think.You.Can.Dance.S05E11.WS.PDTV.XviD-2HD.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\So.You.Think.You.Can.Dance.S05E12.WS.PDTV.XviD-2HD.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\So.You.Think.You.Can.Dance.S05E13.WS.PDTV.XVID-BAJSKORV.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\So.You.Think.You.Can.Dance.S05E14.WS.PDTV.XviD-2HD.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\So.You.Think.You.Can.Dance.S05E15.WS.PDTV.XVID-BAJSKORV.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\So.You.Think.You.Can.Dance.S05E16.WS.PDTV.XviD-2HD.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\So.You.Think.You.Can.Dance.S05E17.WS.PDTV.XviD-2HD.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\So.You.Think.You.Can.Dance.S05E18.WS.PDTV.XviD-2HD.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\So.You.Think.You.Can.Dance.S05E19.WS.PDTV.XviD-FQM.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\So.You.Think.You.Can.Dance.S05E20.WS.PDTV.XviD-2HD.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\So.You.Think.You.Can.Dance.S05E21.WS.PDTV.XviD-2HD.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Sonya_Kitchell-This_Storm-(Advance)-2008-SONYAKiTCHELL.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Soulja Boy - Turn My Swag On.mp3.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Soulja_Boy-iSouljaBoyTellem-(RapGodFathers.com).torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Southland.S01E01.HDTV.XviD-NoTV.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Southland.S01E02.HDTV.XviD-2HD.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Southland.S01E03.HDTV.XviD-0TV.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Southland.S01E04.HDTV.XviD-DOT.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Southland.S01E05.Two.Gangs.HDTV.XviD-FQM.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Southland.S01E06.REPACK.HDTV.XviD-XII.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Southland.S01E07.HDTV.XviD-NoTV.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Space Boogie- Smoke Oddessey [UK].rar.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Spore-RELOADED.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Star Wars - Jedi Knight II - Jedi Outcast.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Star Wars Jedi Knight - Jedi Academy (2 Cds).1.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Star Wars Jedi Knight - Jedi Academy (2 Cds).torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Subtle-Exiting_Arm-CD-2008-BPM.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\T-Pain - Thr33 Ringz (Deluxe Edition).torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\T.I.-Paper.Trail.Retail-2008-[NoFS].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Tell.No.One.2006.DVDRip.XviD.AC3-DEViSE.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\tell.noone.xvid.dvdrip.eng.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Tennis.US.Open.2008.Mens.Final.Roger.Federer.Vs.Andy.Murray.WS.PDTV.XviD-NOsegmenT.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The Cool Kids - Bake Sale.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The Crystal Method - [2006] Drive- Nike + Original Run(Judah).torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The Dears - Missiles [mp3-vbr-2008].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The Do - A Mouthful (2008).torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The Frames [9 Albums] + The Swell Season + Once OST.1.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The Frames [9 Albums] + The Swell Season + Once OST.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The Hurricane (1999).torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The Kooks-Konk Special Limited Edition 2CD (with covers) a DHZ.Inc Release.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The Office S05E09 HDTV XviD LOL vXv.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The Script - The Script [2008][CD+SkidVid_XviD+Cov]320Kbps.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The Spirit[2008]DvDrip[Eng]-FXG.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The Wrestler (2008) DVDSCR Occor avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The Wrestler 2008 DVDScr H264 AAC-SecretMyth (Kingdom-Release).torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The.Bachelorette.S05E01.PDTV.XviD-2HD.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The.Bachelorette.S05E03.PDTV.XviD-2HD.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The.Bucket.List[2007]DvDrip-aXXo.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The.Dark.Knight[2008]DvDrip-aXXo.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The.Forbidden.Kingdom.CAM.XViD-CAMERA.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The.Girlfriend.Experience.2009.DVDRip.XviD-iAPULA.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The.Office.S04E12.HDTV.XviD-LOL.[VTV].avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The.Office.S04E14.HDTV.XviD-XOR.[VTV].avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The.Office.S05E01.HDTV.XviD-NoTV.1.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The.Office.S05E01.HDTV.XviD-NoTV.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The.Office.S05E02.HDTV.XviD-LOL.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The.Office.S05E03.HDTV.XviD-LOL.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The.Office.S05E04.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The.Office.S05E05.HDTV.XviD-XOR.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The.Office.S05E06.HDTV.XviD-LOL.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The.Office.S05E07.HDTV.XviD-LOL.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The.Office.S05E08.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The.Office.S05E10.HDTV.XviD-LOL.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The.Office.S05E11.HDTV.XviD-LOL.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The.Office.S05E12.HDTV.XviD-LOL.[VTV].avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The.Office.S05E13.PROPER.HDTV.XviD-2HD.[VTV].avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The.Office.S05E14.HDTV.XviD-2HD.[VTV].avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The.Office.S05E15.HDTV.XviD-LOL.[VTV].avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The.Office.S05E16.HDTV.XviD-LOL.[VTV].avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The.Office.S05E17.HDTV.XviD-LOL.[VTV].avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The.Office.S05E18.HDTV.XviD-LOL.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The.Office.S05E19.HDTV.XviD-LOL.[VTV].avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The.Office.S05E20.HDTV.XviD-LOL.[VTV].avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The.Office.S05E21.HDTV.XviD-LOL.[VTV].avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The.Office.S05E22.HDTV.XviD-LOL.[VTV].avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The.Office.S05E23.HDTV.XviD-LOL.[VTV].avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The.Office.S05E24.HDTV.XviD-LOL.[VTV].avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The.Office.S05E25.HDTV.XviD-LOL.[VTV].avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The.Office.S05E26.HDTV.XviD-LOL.[VTV].avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The.Office.US.S04E09.HDTV.XviD-LOL.[VTV].avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The.Office.US.S04E10.HDTV.XviD-LOL.[VTV].avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The.Office.US.S04E13.HDTV.XviD-LOL.[VTV].avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The_Dream-Love_Vs_Money-2009-C4.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The_Empire_And_Lil_Wayne-The_Drought_Is_Over_2_(The_Carter_3_Sessions)-(Bootleg)-2007.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The_Office.4x11.Night_Out.REPACK.HDTV_XviD-FoV.[VTV].avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\The_Ting_Tings-We_Started_Nothing-2008-RTB.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\top.chef.masters.107.hdtv.xvid-sys.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Top.Chef.Masters.S01E01.HDTV.XviD.[goat].avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Top.Chef.Masters.S01E02.The.Lost.Supper.DSR-XviD.pwe.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Top.Chef.Masters.S01E03.VeroVenlo.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Top.Chef.Masters.S01E04.HDTV.XviD-SYS.1.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Top.Chef.Masters.S01E04.HDTV.XviD-SYS.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Top.Chef.Masters.S01E05.VeroVenlo.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Top.Chef.Masters.S01E06.HDTV.XviD.[goat].avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Top.Chef.Masters.S01E08.HDTV.XviD.[goat].avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Top.Chef.S05E12.HDTV.XviD-SYS.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Top.Chef.S05E13.HDTV.XviD-SYS.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Top.Chef.S05E14.HDTV.XviD-GNARLY.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Travis-Ode_To_J_Smith-2008-404.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Trey_Songz-Trey_Day-2007-H3X.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\TV on the Radio - Dear Science, (2008).torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Twilight[2008]DvDrip-aXXo.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Two.Lovers.LIMITED.BDRip.XviD-NeDiVx.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Tyson.2009.DvdRip.Xvid.MegaGun.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\U2 - The Best And The B-Sides Of 1990-2000 - 2CD.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\U2 - The Joshua Tree [Deluxe Edition].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\UFC.83.Serra.vs.St.Pierre.2.PPV.HDTV.XviD-aAF.avi.1.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\UFC.83.Serra.vs.St.Pierre.2.PPV.HDTV.XviD-aAF.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\UFC.91.Couture.vs.Lesnar.PPV.HDTV.XviD-aAF.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\UFC.98.Evans.vs.Machida.PPV.HDTV.XviD-aAF.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\UFC.98.Rashad.Evans.Vs.Lyoto.Machida.XviD-XS.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Utada-This Is the One-2009.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\utorrent.lng
c:\documents and settings\Dug Chan\Application Data\uTorrent\VA-Ministry Of Sound Clubbers Guide Summer 09 2CD 2009 BSBT RG.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Vanessa Carlton - Be Not Nobody.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Vanessa Carlton - Harmonium [2004].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Vanessa Carlton -Heroes_Thieves[2007][CD+SkidVid_XviD+Cov].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Vantage.Point[2008]DvDrip.AC3-aXXo.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Various Artists - Indie Rock Playlist Best Of.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Various Artists - Teenage Mutant Ninja Turtles.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\VideoGet 3.0.2.43.1.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\VideoGet 3.0.2.43.2.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\VideoGet 3.0.2.43.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Virtual Sex With Jenna Jameson.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Virtual Sex With Monique Alexander.avi.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Vista_Recovery_Disc.iso.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Walk.Hard-The.Dewey.Cox.Story[2007]DvDrip-aXXo.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Walking on a Dream.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Waltz With Bashir.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Waltz.With.Bashir.LIMITED.DVDRip.XviD.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Wendy.And.Lucy.2008.LiMiTED.DVDSCR.XViD.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Why_ Discography.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Will I Am - Songs About Girls [2007][CD+SkidVid+Cov]192Kbps.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\World.of.Goo-SKIDROW.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Xbox_360_3_Red_Lights_Error_Repair_Guide.pdf.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Y.P.F.[Young.People.Fucking][2007]DvDrip.AC3-aXXo.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Yacht - See Mystery Lights (2009).torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Yael Naim.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Yes.Man.2008.DvDRip-FxM.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Young.Jeezy-The.Recession-Retail-2008-[NoFS].torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\zbxyzj101?Watching My Wife.torrent
c:\documents and settings\Dug Chan\Application Data\uTorrent\Zoolander KLAXXON.torrent
c:\program files\BearShare
c:\program files\BearShare\BearShare.dat
c:\program files\BearShare\BSidle.dll
c:\program files\BearShare\db\config.bin
c:\program files\BearShare\db\connect.txt
c:\program files\BearShare\db\gwebcache.dat
c:\program files\BearShare\db\Hostiles-Chat.txt
c:\program files\BearShare\db\Hostiles.txt
c:\program files\BearShare\db\library.2.db
c:\program files\BearShare\db\library.2.db.lastgoodload.bak
c:\program files\BearShare\db\library.db
c:\program files\BearShare\db\library.db.lastgoodload.bak
c:\program files\BearShare\db\searches.ini
c:\program files\BearShare\FreePeers.ini
c:\program files\BearShare\Installer\BSLITEINSTALL.exe
c:\program files\BearShare\Logs\hosts-state.txt
c:\program files\BearShare\Logs\memory.txt
c:\program files\BearShare\Logs\ordinal.txt
c:\program files\BearShare\Logs\streams.txt
c:\program files\BearShare\proinstall2.ini
c:\program files\BearShare\RunMSC.dll
c:\program files\BearShare\sounds\notify.wav
c:\program files\BearShare\Temp\0902FA.tmp
c:\program files\BearShare\Temp\0902FC.tmp
c:\program files\BearShare\Temp\0902FE.tmp
c:\program files\BearShare\Temp\0902FF.tmp
c:\program files\BearShare\Temp\090301.tmp
c:\program files\BearShare\Temp\42516A.tmp
c:\program files\BearShare\Temp\425178.tmp
c:\program files\BearShare\Temp\42517A.tmp
c:\program files\BearShare\Temp\42517C.tmp
c:\program files\BearShare\Temp\425181.tmp
c:\program files\BearShare\Temp\425184.tmp
c:\program files\BearShare\Temp\425186.tmp
c:\program files\BearShare\Temp\425188.tmp
c:\program files\BearShare\Temp\42518B.tmp
c:\program files\BearShare\Temp\42518C.tmp
c:\program files\BearShare\Temp\42518F.tmp
c:\program files\BearShare\Temp\425191.tmp
c:\program files\BearShare\Temp\425193.tmp
c:\program files\BearShare\Temp\425195.tmp
c:\program files\BearShare\Temp\425197.tmp
c:\program files\BearShare\Temp\42519A.tmp
c:\program files\BearShare\Temp\42519C.tmp
c:\program files\BearShare\Temp\42519E.tmp
c:\program files\BearShare\Temp\4251A4.tmp
c:\program files\BearShare\Temp\4251A5.tmp
c:\program files\BearShare\Temp\4251A7.tmp
c:\program files\BearShare\UNWISE.EXE
c:\program files\BearShare\Webstats.bat
c:\program files\BearShare\Webstats.exe
c:\windows\system32\drivers\mtvpwipyyqxnkibi.sys
c:\windows\system32\UACcbritfjolx.dat
c:\windows\system32\uacsr.dat
c:\windows\system32\xa.tmp

dukerus
2009-08-27, 07:30
.
((((((((((((((((((((((((( Files Created from 2009-07-26 to 2009-08-26 )))))))))))))))))))))))))))))))
.

2009-08-25 08:17 . 2009-08-25 08:17 -------- d-----w- c:\documents and settings\Administrator.DUG\Local Settings\Application Data\Mozilla
2009-08-25 08:16 . 2009-08-25 08:16 -------- d-sh--w- c:\documents and settings\Administrator.DUG\PrivacIE
2009-08-24 20:33 . 2009-08-03 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-24 20:33 . 2009-08-24 20:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-24 20:33 . 2009-08-03 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-23 08:27 . 2009-08-23 08:28 -------- d-----w- C:\rsit
2009-08-23 08:27 . 2009-08-23 08:28 -------- d-----w- c:\program files\trend micro
2009-08-19 00:10 . 2009-08-19 00:10 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-08-18 23:34 . 2009-08-18 23:46 -------- d-----w- C:\H.osts
2009-08-18 23:26 . 2009-08-18 23:26 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-18 23:26 . 2009-08-18 23:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-18 03:09 . 2008-08-07 09:49 -------- d-----w- c:\documents and settings\Administrator.DUG\Local Settings\Application Data\Microsoft Help

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-25 18:08 . 2008-07-22 20:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-08-18 04:27 . 2008-01-16 09:52 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-18 03:05 . 2007-12-16 10:42 -------- d-----w- c:\program files\lg_fwupdate
2009-08-17 22:57 . 2009-07-19 18:54 -------- d-----w- c:\documents and settings\Dug Chan\Application Data\vlc
2009-08-17 10:42 . 2009-04-27 01:46 -------- d-----w- c:\documents and settings\Dug Chan\Application Data\Audacity
2009-08-05 22:20 . 2009-06-26 19:44 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-07-21 07:48 . 2009-07-21 07:47 -------- d-----w- c:\program files\iTunes
2009-07-21 07:47 . 2009-07-21 07:47 -------- d-----w- c:\program files\iPod
2009-07-21 07:47 . 2007-12-28 10:03 -------- d-----w- c:\program files\Common Files\Apple
2009-07-21 07:44 . 2009-07-21 07:44 75040 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-06-02 00:06 . 2009-06-02 00:06 34063 ----a-w- c:\documents and settings\Dug Chan\Application Data\Move Networks\ie_bin\Uninst.exe
2009-05-29 20:36 . 2009-03-20 21:14 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-05-29 20:36 . 2007-12-28 10:04 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\H.osts ----

2009-08-18 23:34 . 2007-09-06 08:12 794 ----a-w- c:\h.osts\License.txt
2009-08-18 23:34 . 2008-12-24 12:07 1615 ----a-w- c:\h.osts\mvps.bat
2009-08-18 23:34 . 2009-07-19 06:58 1384 ----a-w- c:\h.osts\PrivacyPolicy.txt
2009-08-18 23:34 . 2009-07-19 06:56 6293 ----a-w- c:\h.osts\readme.txt
2009-08-18 23:34 . 2009-07-27 17:08 610636 ----a-w- c:\h.osts\HOSTS
2009-08-18 23:34 . 2009-08-18 23:34 148286 ----a-w- c:\h.osts\hosts.zip


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-03 102400]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2007-12-16 249856]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 1057328]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-10-22 136600]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 77824]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"Nokia FastStart"="c:\program files\Nokia\Nokia Music\NokiaMusic.exe" [2008-06-30 2327776]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-03-21 16126464]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\Dug Chan\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2007-12-26 3450608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-07-03 20:43 10536 ----a-w- c:\program files\Citrix\GoToAssist\516\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AntiVirService"=3 (0x3)
"AntiVirSchedulerService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Steam\\steamapps\\dukerus\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.9\\cnc3game.dat"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Steam\\steamapps\\dukerus\\team fortress 2\\hl2.exe"=
"d:\\Games\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Games\\Battle for Middle Earth II\\game.dat"=
"d:\\Games\\Battle for Middle Earth II\\EP1\\game.dat"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\Program Files\\Electronic Arts\\Command & Conquer 3 Kane's Wrath\\RetailExe\\1.0\\cnc3ep1.dat"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"d:\\Games\\LucasArts\\Jedi Outcast\\GameData\\jk2mp.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"d:\\Games\\Mirror's Edge\\Binaries\\MirrorsEdge.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 ntcdrdrv;ntcdrdrv;c:\windows\system32\drivers\ntcdrdrv.sys [17/04/2008 5:53 PM 13440]
S3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [20/07/2007 7:40 PM 84992]
S3 miniusb;FrameManager Display Adapter;c:\windows\system32\DRIVERS\sam_miniusb.sys --> c:\windows\system32\DRIVERS\sam_miniusb.sys [?]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [21/10/2008 8:58 PM 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [21/10/2008 8:58 PM 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [21/10/2008 8:58 PM 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [21/10/2008 8:58 PM 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [21/10/2008 8:58 PM 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [21/10/2008 8:58 PM 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [21/10/2008 8:58 PM 115752]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [21/10/2008 8:58 PM 90408]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [21/10/2008 8:58 PM 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [21/10/2008 8:58 PM 122024]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [21/10/2008 8:58 PM 115368]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [21/10/2008 8:58 PM 25768]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [21/10/2008 8:58 PM 111784]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [21/10/2008 8:58 PM 117544]
S3 SODI;SODI;c:\windows\system32\DRIVERS\sam_miniport.sys --> c:\windows\system32\DRIVERS\sam_miniport.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:34]

2009-08-26 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-22 23:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://xbox360.ign.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Dug Chan\Application Data\Mozilla\Firefox\Profiles\4t6o41bt.default\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-26 12:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2000478354-73586283-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:42,8c,28,b1,e7,15,de,32,4d,f9,6d,e6,3f,23,59,92,92,39,7e,16,48,
ee,70,6c,b7,d5,67,e4,12,c6,11,10,73,da,03,fd,5a,31,66,f4,ed,9f,94,e0,08,ea,\
"rkeysecu"=hex:b2,95,69,23,48,0e,8f,40,83,e4,b7,0a,9a,82,70,69
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(644)
c:\windows\system32\Ati2evxx.dll
c:\program files\Citrix\GoToAssist\516\G2AWinLogon.dll
.
Completion time: 2009-08-26 12:29
ComboFix-quarantined-files.txt 2009-08-26 19:29
ComboFix2.txt 2009-08-26 09:18

Pre-Run: 78,777,937,920 bytes free
Post-Run: 78,715,236,352 bytes free

783 --- E O F --- 2009-03-04 11:00
Upload was successful

dukerus
2009-08-27, 07:30
Malwarebytes' Anti-Malware 1.40
Database version: 2700
Windows 5.1.2600 Service Pack 2 (Safe Mode)

26/08/2009 1:13:21 PM
mbam-log-2009-08-26 (13-13-21).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 264281
Time elapsed: 30 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACemtvytpysy.dll.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACgqfucbfalq.dll.vir (Rogue.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B1DBF069-7B1F-4CDB-8F97-1DBD4DE4F53E}\RP638\A0078003.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B1DBF069-7B1F-4CDB-8F97-1DBD4DE4F53E}\RP638\A0078004.dll (Rogue.Agent) -> Quarantined and deleted successfully.

dukerus
2009-08-27, 07:31
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, August 26, 2009
Operating system: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, August 26, 2009 22:56:27
Records in database: 2690241
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan statistics:
Objects scanned: 153374
Threats found: 3
Infected objects found: 5
Suspicious objects found: 0
Scan duration: 02:38:41


File name / Threat / Threats count
C:\Photoshop\Useful Installers\extfix(.mess.be).zip Infected: not-a-virus:RiskTool.Win32.ExtUnlock.a 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\UACawesrlcwcg.sys.vir Infected: Rootkit.Win32.Agent.oxr 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACfuxthxjqcr.dll.vir Infected: Packed.Win32.TDSS.y 1
C:\System Volume Information\_restore{B1DBF069-7B1F-4CDB-8F97-1DBD4DE4F53E}\RP638\A0078002.sys Infected: Rootkit.Win32.Agent.oxr 1
C:\System Volume Information\_restore{B1DBF069-7B1F-4CDB-8F97-1DBD4DE4F53E}\RP638\A0078006.dll Infected: Packed.Win32.TDSS.y 1

Selected area has been scanned.

katana
2009-08-27, 13:02
How are things running now ?


Your Adobe Acrobat Reader is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Adobe Reader is a large program and uses unnecessary space.
If you prefer a smaller program you can get Foxit 3.0 from http://www.foxitsoftware.com/pdf/rd_intro.php << Recommended

There is a newer version of Adobe Acrobat Reader available.

Please go to this link Adobe Acrobat Reader Download Link (http://www.adobe.com/products/acrobat/readstep2.html)
Click Download
On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
Click the Continue button
Click Run, and click Run again
Next click the Install Now button and follow the on screen prompts



Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please download Java SE Runtime Environment (JRE) (http://java.sun.com/javase/downloads/index.jsp). ( don't install it yet )

Scroll down to where it says "Java SE Runtime Environment (JRE)".
Click the "Download" button to the right.
Platform = Windows Language = Multi Language
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.

Now download JavaRa (http://sourceforge.net/project/downloading.php?groupname=javara&filename=JavaRa.zip&use_mirror=osdn) and unzip it to your desktop.

***Please close any instances of Internet Explorer (or other web browser) before continuing!***

Double-click on JavaRa.exe to start the program.
From the drop-down menu, choose English and click on Select.
JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
A logfile will pop up. Please save it to a convenient location.

Now install the Java SE Runtime Environment (JRE) package you downloaded
(it comes with a toolbar pre-selected, so make sure you uncheck the box)

You can delete JavaRa (zip and exe)

dukerus
2009-08-27, 21:29
I updated Adobe Reader and Java as you've indicated above. It seems like things are back to normal.. I ran mbam once more and it removed two threats that were already in quarantine. I'll be sure to follow up again in the next day or two if I notice any odd behaviour.

If not, thank you so much for your help Katana. You've been incredible! =)

katana
2009-08-27, 21:40
Congratulations your logs look clean :)

Let's see if I can help you keep it that way

First lets tidy up



Uninstall Combofix
This will clear your System Volume Information restore points and remove all the infected files that were quarantined
Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
http://i189.photobucket.com/albums/z176/EPL47/CF_Cleanup.png




OTCleanup
Please download OTCleanup from HERE (http://oldtimer.geekstogo.com/OTC.exe)
Click the OTC.exe icon and then click the CleanUp button.
If you get any pop ups asking if it is OK let the program proceed. At the end the program will ask to let it reboot the computer. Let it do so.
Let me know if there were any problems with OT CleanIt




You can also delete any logs we have produced, and empty your Recycle bin.

----------------------------------------------------------- -----------------------------------------------------------

The following is some info to help you stay safe and clean.


You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.
( Vista users must ensure that any programs are Vista compatible BEFORE installing )

Online Scanners
I would recommend a scan at one or more of the following sites at least once a month.

http://www.pandasecurity.com/activescan
http://www.kaspersky.com/kos/eng/partner/71706/kavwebscan.html

!!! Make sure that all your programs are updated !!!
Secunia Software Inspector does all the work for you, .... see HERE (http://secunia.com/software_inspector/) for details

AntiSpyware
AntiSpyware is not the same thing as Antivirus.
Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
Most of the programs in this list have a free (for Home Users ) and paid versions,
it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
Spybot - Search & Destroy (http://www.safer-networking.org/) <<< A must have program It includes host protection and registry protection A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
MalwareBytes Anti-malware (http://www.malwarebytes.org/mbam.php) <<< A New and effective program
a-squared Free (http://www.emsisoft.com/en/software/free/) <<< A good "realtime" or "on demand" scanner
superantispyware (http://www.superantispyware.com/) <<< A good "realtime" or "on demand" scanner

Prevention
These programs don't detect malware, they help stop it getting on your machine in the first place.
Each does a different job, so you can have more than one
Winpatrol (http://www.winpatrol.com) An excellent startup manager and then some !! Notifies you if programs are added to startup Allows delayed startup A must have addition
SpywareBlaster 4.0 (http://www.javacoolsoftware.com/spywareblaster.html) SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
SpywareGuard 2.2 (http://www.javacoolsoftware.com/spywareguard.html) SpywareGuard provides real-time protection against spyware. Not required if you have other "realtime" antispyware or Winpatrol
ZonedOut (http://www.funkytoad.com/index.php?option=com_content&view=article&id=15&Itemid=33) Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
MVPS HOSTS (http://www.mvps.org/winhelp2002/hosts.zip) This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial (http://www.mvps.org/winhelp2002/hosts.htm) by WinHelp2002. Not required if you are using other host file protections

Internet Browsers
Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.
Using a different web browser can help stop malware getting on your machine.

Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.

Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialise and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.

Next press the Apply button and then the OK to exit the Internet Properties page.

If you are still using IE6 then either update, or get one of the following.
FireFox (http://www.mozilla.com/en-US/firefox/) With many addons available that make customization easy this is a very popular choice NoScript and AdBlockPlus addons are essential
Opera (http://www.opera.com/) Another popular alternative
Netscape (http://browser.netscape.com/addons) Another popular alternative Also has Addons available

Cleaning Temporary Internet Files and Tracking Cookies
Temporary Internet Files are mainly the files that are downloaded when you open a web page.
Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.
It is a good idea to empty the Temporary Internet Files folder on a regular basis.

Tracking Cookies are files that websites use to monitor which sites you visit and how often.
A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.
CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords

Both of these can be cleaned manually, but a quicker option is to use a program
ATF Cleaner (http://www.atribune.org/index.php?option=com_content&task=view&id=25&Itemid=25) Free and very simple to use
CCleaner (http://www.ccleaner.com/) Free and very flexible, you can chose which cookies to keep

Also PLEASE read this article.....So How Did I Get Infected In The First Place (http://forum.malwareremoval.com/viewtopic.php?t=4959)

The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.

If you follow this advice then (with a bit of luck) you will never have to hear from me again :D


If you could post back one more time to let me know everything is OK, then I can have this thread archived.

Happy surfing K'

dukerus
2009-08-28, 13:07
From what I can tell, my system is operating as it was before the infection. =)

I took your advice and beefed up my security. Hopefully that'll help me out in the future. Thanks Katana! You're awesome!