all security software neutralized... and more problems.

[adifrank]

Hi. Just about 2 hours ago I opened an .exe file on my computer. I scanned it with NOD32 prior to opening it. But it looks as though it had some kind of malicious files in it. about one minute after opening the .exe file, my computer restarted and hasn't been working normally since. There are many symptoms:
1. All my security software has been disabled: NOD32, Comodo firewall and Spybot S&D. They will not function.
2. It seems I can no longer logon as administrator.
3. I cannot startup in safe mode.
4. Computer is running very very very slow.
.... and all kinds of other strange behaviors.

After a few restarts, trying to figure it out, I suddenly got a blue Windows XP page and some kind of scheduled scan process started. In fact it's still scanning at this moment. I have no idea which application is performing this scan, but I noticed that the scan could not delete a particular file after several tries. the file name is: hldrrr.exe

I found a thread on this forum which describes problems very similar to what I am experiencing, but sadly, I couldn't really follow the jargon. The thread was just a bit over my level of understanding. The thread:

http://forums.spybot.info/showthread.php?t=22446

Please help me try to overcome this. Just let me know what information you need in order to try and solve the problem and I'll do my best to get it for you as quickly as possible.

Thanks.

some specs:
Windows xp
sp2
2.4 ghz
1gb ram

thanks again

 

[Rorschach112]

Hello

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

1. If you are using Firefox, make sure that your download settings are as follows:
   • Tools->Options->Main tab
   • Set to "Always ask me where to Save the files".
2. During the download, rename Combofix to Combo-Fix as follows:
   
   
   
   
   
   
   
   
   
   
3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
   -----------------------------------------------------------​
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
     
     -----------------------------------------------------------​
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
   -----------------------------------------------------------​
7. Double click on combo-Fix.exe & follow the prompts.
8. When finished, it will produce a report for you.
9. Please post the "C:\Combo-Fix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

 

[adifrank]

hi Rorschach.
thanks for responding. i followed all your directions: downloaded combofix, saved as combo-fix, disabled all antivirus, malware, ect. programs, closed browsers, disconnected from internet and then ran the application.

it guided me through a couple of standard questions, created a restore point and then began scanning - stage 1, stage 2.... and so on.

after around 5 minutes, my computer suddenly restarted. no indication, warning or standard shut down procedures. it just switched off and switched back on again.

while booting up a blue (light blue in the middle and dark blue at the top and bottom) screen appeared with the windows xp logo on the top-right hand corner. some text appeared. something about a boot-time spyware scan.

the boot-time spyware scan went on for quite a while. i googled "boot time spyware scan" on a different computer and from what i understand it has to do something with sunbelt software's counterspy. this reminded me that i once had a trial version of counter spy. i used it for a short while and then the trial period expired. after it had expired, it did not unintstall itself, it was still on my computer, so i tried to uninstall/remove the software manually. i recall this being a problem. i couldn't find any uninstall file and when opening the windows UNINSTALL SOFTWARE utility (and Revo Uninstaller), the program didn't show up in the list of programs that can be uninstalled. So i just left it alone.

The boot time spyware scan went on and on and looking at my clock i noticed it was already afer 2 am... so i went to sleep. in the morning when i woke, it completed scanning my computer and apparently windows started up normally except for two things. First, a blue window popped up with the words Find3m in the title bar. in the window it says "Preparing the log report. Do not run any programs until ComboFix has finished. I figured this to be normal after running ComboFix. But then, just a few seconds after the blue ComboFix window popped up, a 2nd thing that happened. For a short instant I saw another window pop up as well. I only had time to notice that the 2nd window had a black background rather than blue and I noticed the word "Sunbelt" within the text that was written there. It came up for about half a second and dissappeared.

So, the reason I'm writing all this is that I'm not sure if somehow Sunbelt CounterSpy could be running some kind of processes on my computer which might interfere with the ComboFix report.

So.... my questions are:

(1) should I just keep waiting until ComboFix completes creating its report and post it as it is?

(2) or should I first be sure that CounterSpy is completely disabled and not doing anything that could screw up the ComboFix report?

(3) and if the answer to (2) is YES. i'll need some help from someone with that. Because other than not being able to uninstall CounterSpy, I could not find any notable processes going on related to it... and as I mentioned above, I can't find any way to uninstall it.

I'll be near my computer all day today and looking forward to your reply.

Thanks!

 

[Rorschach112]

Hello

(1) should I just keep waiting until ComboFix completes creating its report and post it as it is?

Yes try that please

Let me know how it goes

 

[adifrank]

ComboFix Log

ComboFix 08-04-27.3 - Dog Machine 2008-04-29 2:16:54.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1255.972.1033.18.587 [GMT 3:00]
Running from: C:\Documents and Settings\Dog Machine\Desktop\Combo-Fix.exe
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\aspi32.exe
C:\WINDOWS\system32\drivers\downld
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\mdelk.exe
C:\WINDOWS\system32\drivers\srosa.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SROSA


((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-29 )))))))))))))))))))))))))))))))
.

2008-04-27 19:34 . 2008-04-27 19:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Last.fm
2008-04-27 19:33 . 2008-04-27 19:33 <DIR> d-------- C:\Program Files\Last.fm
2008-04-09 23:41 . 2008-04-09 23:41 <DIR> d-------- C:\Program Files\WinPcap
2008-04-09 23:38 . 2008-04-09 23:48 <DIR> d-------- C:\Program Files\WMR11
2008-04-08 03:34 . 2008-04-08 03:34 <DIR> d-------- C:\Program Files\SourceTec
2008-04-08 03:34 . 2008-04-08 03:34 <DIR> d-------- C:\Program Files\Common Files\SourceTec
2008-04-07 10:54 . 2008-04-07 10:54 <DIR> d-------- C:\Program Files\iPod
2008-04-07 10:43 . 2008-04-07 10:46 <DIR> d-------- C:\Program Files\QuickTime

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-27 20:16 --------- d-----w C:\Program Files\eMule
2008-04-24 20:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\pdf995
2008-04-21 10:14 --------- d-----w C:\Program Files\Apple Software Update
2008-04-07 07:54 --------- d-----w C:\Program Files\iTunes
2008-03-09 21:16 --------- d-----w C:\Program Files\Webteh
2008-03-01 14:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\GRETECH
2008-03-01 14:42 --------- d-----w C:\Documents and Settings\Dog Machine\Application Data\GRETECH
2008-03-01 14:41 --------- d-----w C:\Program Files\GRETECH
2008-03-01 10:30 --------- d-----w C:\Program Files\Vertical Moon
2008-01-30 07:58 724,992 ----a-w C:\WINDOWS\iun6002.exe
2008-01-25 23:06 443,408 ----a-w C:\Documents and Settings\Dog Machine\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:07 15360]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 18:43 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-04-29 02:21 949376]
"Matrox Powerdesk"="C:\WINDOWS\system32\PDesk\PDesk.exe" [2004-09-14 11:13 684032]
"M-Audio Delta Taskbar Icon"="C:\WINDOWS\System32\DeltTray.exe" [2004-08-27 00:43 56320]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-29 22:44 196608]
"H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2005-05-11 03:46 200069]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"Babylon Client"="C:\Program Files\Babylon\Babylon-Pro\Babylon.exe" [2006-05-24 18:39 2655272]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-02-07 01:37 1115728]
"DeltTray"="DeltTray.exe" [2004-08-27 00:43 56320 C:\WINDOWS\system32\DeltTray.exe]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-15 13:13 185896]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

C:\Documents and Settings\Dog Machine\Start Menu\Programs\Startup\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2008-04-27 19:33:40 106496]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Launchy.lnk - C:\Program Files\Launchy\Launchy.exe [2007-12-26 22:45:55 274432]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.HFYU"= huffyuv.dll
"vidc.DIV3"= divxc32.dll
"vidc.DIV4"= divxc32f.dll
"vidc.X264"= x264vfw.dll
"vidc.davc"= davcvfw.dll
"msacm.divxa32"= msaud32_divx.acm
"VIDC.ACDV"= ACDV.dll
"midi1"= ma_cmidn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2007-05-10 23:46 624248 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
--------- 2004-08-05 16:19 118784 C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-01-14 03:20 49152 C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBCSTray]
--a------ 2007-06-15 16:17 699120 C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2005-01-10 07:08 638976 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Titan FTP Server Tray App]
C:\Program Files\South River Technologies\Titan FTP Server\srxTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-01-15 13:13 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\ICQLite\\ICQLite.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\ESET\\nod32.exe"=
"C:\\Program Files\\ESET\\nod32kui.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Engineer XII\\Win32\\RpcDataSrv.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Engineer XII\\RpcSandraSrv.exe"=
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1770:TCP"= 1770:TCP:em
"1780:UDP"= 1780:UDP:em2
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"12120:TCP"= 12120:TCP:eMule
"13130:UDP"= 13130:UDP:eMule

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 SBHR;SBHR;C:\WINDOWS\system32\drivers\sbhr.sys [2008-01-24 18:25]
R1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\Cinemsup.sys [2002-07-19 10:10]
R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2004-08-04 04:07]
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 21:08]
S2 Parclass;Parclass;C:\WINDOWS\system32\Drivers\Parclass.sys [1997-11-26 08:31]
S3 MA_CMIDI;M-Audio USB Driver;C:\WINDOWS\system32\drivers\ma_cmidi.sys [2007-11-14 17:20]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 20:31]
S3 SBAPIFS;SBAPIFS;C:\WINDOWS\system32\drivers\sbapifs.sys []
S3 tj2knd5;Terayon Cable Modem (NDIS);C:\WINDOWS\system32\DRIVERS\tj2knd5.sys [2002-10-14 08:40]
S3 tj2kunic;Terayon Cable Modem (WDM);C:\WINDOWS\system32\DRIVERS\tj2kunic.sys [2002-10-14 08:40]
S3 UKS11LDR;M-Audio USB Keystation Loader;C:\WINDOWS\system32\drivers\uks11ldr.sys [2007-11-14 17:20]
S3 USBKS1X1;Midiman USB Keystation USB Driver;C:\WINDOWS\system32\drivers\usbks1x1.sys []
S3 USBKT1X1;M-Audio USB Keystation;C:\WINDOWS\system32\drivers\usbkt1x1.sys []
S3 USBMIDIM;Midiman USB MidiSport Midi Kernel Driver;C:\WINDOWS\system32\drivers\usbmidim.sys []

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2008-04-25 14:18:32 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-04-22 09:49:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-29 09:14:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

C:\WINDOWS\explorer.exe [1448] 0x871D2020

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\mgabg.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 2008-04-29 9:41:14 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-29 06:41:08

Pre-Run: 15,394,566,144 bytes free
Post-Run: 16,214,052,864 bytes free

190 --- E O F --- 2008-04-24 09:30:17



Hijackthis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:00:17 AM, on 4/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\mgabg.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\PDesk\PDesk.exe
C:\WINDOWS\System32\DeltTray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Launchy\Launchy.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Documents and Settings\Dog Machine\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.il
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\system32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [M-Audio Delta Taskbar Icon] C:\WINDOWS\System32\DeltTray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CDFC83AF-9AEB-4405-A519-DBB9C85248B7}: NameServer = 192.168.1.1,62.90.42.110,212.150.49.10
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDExchange - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDExchange.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Engineer XII\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Engineer XII\RpcSandraSrv.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 11130 bytes

 

[Rorschach112]

Hello

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

Sysrst::

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall




Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  • Extended (if available otherwise Standard)
  • Scan Options:
  • Scan Archives
    Scan Mail Bases
• Click OK
• Now under select a target to scan:
  • Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that information in your next post.

 

[adifrank]

okay. i created the notepad file, placed it comboFix.exe and it created a new log file.

i tried to run Kaspersky Online Scanner. in the initial page there is a disclaimer where i am prompted to either ACCEPT or DECLINE. I clicked ACCEPT, but nothing happened. Then I read in the fine print which says the following:

The Online Scanner service offered by Kaspersky Lab uses Microsoft ActiveX technology. Microsoft ActiveX Technology and the Kaspersky Online Scanner work only with MS Internet Explorer 6.0 or higher.
We cannot guarantee that the Online Scanner will function correctly if you are using any other browser or any Internet Explorer extensions (such as AvantBrowser). If you use a different browser, you can use the Kaspersky File Scanner to scan individual files.

I normally use Firefox, but I do have IE7. So I closed Firefox and tried opening the Kaspersky Online Scanner page in IE7. Strangely, IE couldn't connect. It behaved very strangely and was extremely sluggish. It couldn't connect to any website and when I clicked to close it, IE took about one whole minute to close. I'm very sure this has to do with the attack on my computer.

Anyway, it seems I can't run the Kaspersky Online Scanner in the situation I'm in.

What should I do??

 

[Rorschach112]

Can you post the ComboFix log and do these two scans instead

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

• Doubleclick the drweb-cureit.exe file and Allow to run the express scan
• This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
• Once the short scan has finished, mark the drives that you want to scan.
• Select all drives. A red dot shows which drives have been chosen.
• Click the green arrow at the right, and the scan will start.
• Click 'Yes to all' if it asks if you want to cure/move the file.
• When the scan has finished, in the menu, click file and choose save report list
• Save the report to your desktop. The report will be called DrWeb.csv
• Close Dr.Web Cureit.

Click here to use the F-Secure Online Scanner

• Then click the Start Scanning button below.
• You should get a notification (bar on top) to install the activeX. Click on it and select to install the ActiveX.
• Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
• In case you are having problems with installing the ActiveX/starting the scan, please read here.
• Click the Full System Scan button.
• It will start to download scanner components and databases. This can take a while.
• The main scan will start.
• Once the scan finished scanning, click the Automatic cleaning (recommended) button
• It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
• The cleaning can take a while, so please be patient.
• Then click the Show report button and copy and paste what's present under results in your next reply.

 

[adifrank]

i'm having problems with both Dr. Web CureIt AND F-Secure Online Scanner.

I clicked on the Dr. Web CureIt link and downloading started... very slowly, about 1 KB/sec and then just stops after downloading around 25 KB. No error messages or anything... just freezes at 1% complete.

The problem with F-Secure is that like Kaspersky, it only runs with IE. And as I mentioned, since running into this malicious file, my MS Internet Explorer browser just doesn't work.

Anyway....


hi. here's the new log I got from ComboFix:

ComboFix 08-04-27.3 - Dog Machine 2008-04-29 16:38:53.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1255.972.1033.18.687 [GMT 3:00]
Running from: C:\Documents and Settings\Dog Machine\Desktop\Combo-Fix.exe
Command switches used :: C:\Documents and Settings\Dog Machine\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\downld
C:\WINDOWS\system32\drivers\downld\50429015.exe
C:\WINDOWS\system32\drivers\downld\50433671.exe
C:\WINDOWS\system32\drivers\downld\50438109.exe
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\mdelk.exe
C:\WINDOWS\system32\drivers\srosa.sys

.
((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-29 )))))))))))))))))))))))))))))))
.

2008-04-27 19:34 . 2008-04-27 19:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Last.fm
2008-04-27 19:33 . 2008-04-27 19:33 <DIR> d-------- C:\Program Files\Last.fm
2008-04-09 23:41 . 2008-04-09 23:41 <DIR> d-------- C:\Program Files\WinPcap
2008-04-09 23:38 . 2008-04-09 23:48 <DIR> d-------- C:\Program Files\WMR11
2008-04-08 03:34 . 2008-04-08 03:34 <DIR> d-------- C:\Program Files\SourceTec
2008-04-08 03:34 . 2008-04-08 03:34 <DIR> d-------- C:\Program Files\Common Files\SourceTec
2008-04-07 10:54 . 2008-04-07 10:54 <DIR> d-------- C:\Program Files\iPod
2008-04-07 10:43 . 2008-04-07 10:46 <DIR> d-------- C:\Program Files\QuickTime

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-29 10:26 --------- d-----w C:\Documents and Settings\Dog Machine\Application Data\Babylon
2008-04-27 20:16 --------- d-----w C:\Program Files\eMule
2008-04-24 20:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\pdf995
2008-04-21 10:14 --------- d-----w C:\Program Files\Apple Software Update
2008-04-07 07:54 --------- d-----w C:\Program Files\iTunes
2008-03-09 21:16 --------- d-----w C:\Program Files\Webteh
2008-03-01 14:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\GRETECH
2008-03-01 14:42 --------- d-----w C:\Documents and Settings\Dog Machine\Application Data\GRETECH
2008-03-01 14:41 --------- d-----w C:\Program Files\GRETECH
2008-03-01 10:30 --------- d-----w C:\Program Files\Vertical Moon
2008-01-30 07:58 724,992 ----a-w C:\WINDOWS\iun6002.exe
2008-01-29 09:02 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll
2008-01-25 23:06 443,408 ----a-w C:\Documents and Settings\Dog Machine\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( snapshot@2008-04-29_ 9.31.29.93 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-29 06:16:02 78,616 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-04-29 07:17:32 78,616 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-04-29 06:16:02 455,668 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-04-29 07:17:32 455,668 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((((( System Restore )))))))))))))))))))))))))))))))))))))))))))))))))))
.

2000-08-31 08:00 6741 C:\Combo-Fix\Boot.bat
2000-08-31 08:00 6741 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP101\A0023145.bat

2008-04-28 21:14 334755 C:\Combo-Fix\C.bat
2008-04-28 21:14 334755 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP101\A0023146.bat

2008-04-29 16:42 33 C:\Combo-Fix\CCS.bat
2008-04-29 02:22 33 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP101\A0023147.bat

C:\Combo-Fix\CF9767.exe
2004-08-04 04:07 388608 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP101\A0023148.exe

2008-04-29 16:38 21 C:\Combo-Fix\chcp.bat
2008-04-29 02:13 21 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP101\A0023149.bat

2000-08-31 08:00 1024 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP101\A0023150.sys

C:\Combo-Fix\Combobatch.bat
2000-08-31 08:00 6684 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP101\A0023119.bat
2008-01-30 14:55 49 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP14\A0003912.drv

C:\Combo-Fix\Comspec.bat
2000-08-31 08:00 149 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP100\A0023113.bat
2000-08-31 08:00 149 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP101\A0023229.bat

2000-08-31 08:00 1363 C:\Combo-Fix\DelClsid.bat
2000-08-31 08:00 1363 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP101\A0023151.bat

C:\Combo-Fix\Disclaimer.bat
{8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP100\A0023114.batC:\Combo-Fix\restore_pt.vbs
2000-08-31 08:00 232 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP101\A0023115.vbs

2000-08-31 08:00 5883 C:\Combo-Fix\Exe.reg
2000-08-31 08:00 5883 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP101\A0023153.reg

2000-08-31 08:00 62909 C:\Combo-Fix\FIND3M.bat
2000-08-31 08:00 62909 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP101\A0023154.bat

2000-08-31 08:00 3815 C:\Combo-Fix\FIXLSP.bat
2000-08-31 08:00 3815 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP101\A0023155.bat

2000-08-31 08:00 15399 C:\Combo-Fix\FProps.vbs
2000-08-31 08:00 15399 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP101\A0023156.vbs

2000-08-31 08:00 2091 C:\Combo-Fix\history.bat
2000-08-31 08:00 2091 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP101\A0023157.bat

2000-08-31 08:00 65098 C:\Combo-Fix\Lang.bat
2000-08-31 08:00 65098 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP101\A0023120.bat
2008-04-29 02:23 65096 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP101\A0023158.bat

2000-08-31 08:00 349 C:\Combo-Fix\LFN.vbs
2000-08-31 08:00 349 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP101\A0023159.vbs

C:\Combo-Fix\List-C.bat
2000-08-31 08:00 185562 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP101\A0023118.bat
2000-08-31 08:00 185562 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP102\A0023243.bat

2000-08-31 08:00 737 C:\Combo-Fix\lnkread.vbs
2000-08-31 08:00 737 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP101\A0023160.vbs

2000-08-31 08:00 805 C:\Combo-Fix\LocalDrive.vbs
2000-08-31 08:00 805 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP101\A0023161.vbs

2008-04-29 16:43 94545 C:\Combo-Fix\LspFixed.reg
2008-04-29 02:23 94545 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP101\A0023162.reg

2000-08-31 08:00 1822 C:\Combo-Fix\MoveIt.bat
2000-08-31 08:00 1822 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP101\A0023163.bat

2000-08-31 08:00 1641 C:\Combo-Fix\ND_.bat
2000-08-31 08:00 1641 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP101\A0023164.bat

2000-08-31 08:00 28160 C:\Combo-Fix\nircmd.com
2000-08-31 08:00 28160 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP101\A0023165.com

2000-08-31 08:00 657 C:\Combo-Fix\OSid.vbs
2000-08-31 08:00 657 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP101\A0023166.vbs

2000-08-31 08:00 3398 C:\Combo-Fix\Qoo.bat
2000-08-31 08:00 3398 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP101\A0023167.bat

C:\Combo-Fix\restore_pt.vbs
2000-08-31 08:00 232 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP102\A0023235.vbs

2000-08-31 08:00 1537 C:\Combo-Fix\RestoreO4.bat
2000-08-31 08:00 1537 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP101\A0023168.bat

2000-08-31 08:00 15189 C:\Combo-Fix\SafeBootRepair.bat
2000-08-31 08:00 15189 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP101\A0023169.bat

2000-08-31 08:00 10514 C:\Combo-Fix\SetEnvmt.bat
2000-08-31 08:00 10514 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP101\A0023170.bat

2008-04-29 16:38 11016 C:\Combo-Fix\SetPath.bat
2008-04-29 02:15 10544 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP101\A0023171.bat

2000-08-31 08:00 1128 C:\Combo-Fix\SvcDrv.vbs
2000-08-31 08:00 1128 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP101\A0023172.vbs

C:\Documents and Settings\Dog Machine\Application Data\Mozilla\Firefox\Profiles\b1d9hef1.default\extensions\{825e6f35-d825-4fe9-b51c-f6911d00122e}-trash\components\FFAlert.dll
2008-01-29 19:09 11776 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP41\A0009050.dll

C:\Documents and Settings\Dog Machine\Application Data\Mozilla\Firefox\Profiles\b1d9hef1.default\extensions\{825e6f35-d825-4fe9-b51c-f6911d00122e}-trash\components\npmozax.dll
2008-01-29 19:09 114688 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP41\A0009051.dll

C:\Documents and Settings\Dog Machine\Application Data\U3\temp\cleanup.exe
2005-06-06 11:29 110592 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP99\A0022953.exe

2008-01-31 14:56 8192 C:\Documents and Settings\Dog Machine\Desktop\magnify.exe
2008-01-31 14:56 8192 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP52\A0009584.exe

2008-02-07 21:40 77526944 C:\Documents and Settings\Dog Machine\Local Settings\Application Data\Adobe\Updater5\Install\photoshop10-en_US\photoshop_10_0_1.exe
2008-01-31 16:04 4186112 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP21\A0006238.exe

C:\Documents and Settings\Dog Machine\Local Settings\Application Data\Apple\Apple Software Update\iTunesSetupAdmin.exe
2008-04-04 04:47 75048 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP78\A0018601.exe

2004-08-04 04:07 25600 C:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2004-08-04 04:07 25600 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP15\A0004783.dll
2004-08-04 04:07 25600 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP98\A0020103.dll

2002-01-01 03:40 143872 C:\Program Files\Barak013\Barak013_L2TP\update.exe
2002-01-01 02:07 143872 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP100\A0022970.exe
2004-03-14 12:19 143872 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP99\A0022954.exe

2008-03-25 12:48 906480 C:\Program Files\CCleaner\ccleaner.exe
2007-11-22 19:10 787696 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP73\A0017321.exe

2008-04-02 04:57 114122 C:\Program Files\CCleaner\uninst.exe
2007-12-11 20:58 111005 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP73\A0017323.exe

1999-01-12 16:19 851456 C:\Program Files\Common Files\Microsoft Shared\SpeechEngines\TTS\msttssyn.dll
1999-01-12 16:19 851456 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP17\A0005032.dll

1999-01-12 12:36 53760 C:\Program Files\Common Files\Microsoft Shared\SpeechEngines\TTS\wttsm22.dll
1999-01-12 12:36 53760 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP17\A0005034.dll

2008-02-25 17:00 397312 C:\Program Files\Common Files\SourceTec\SWF Catcher\SWFCatcher.dll
2007-06-07 11:00 397312 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP79\A0018958.dll
2008-02-25 17:00 397312 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP80\A0018975.dll

2002-01-01 03:51 361040 C:\Program Files\Comodo\Firewall\cmdagent.exe
2002-01-01 02:27 361040 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP100\A0022971.exe
2002-01-01 01:23 361040 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP99\A0022955.exe

2008-01-05 00:56 69632 C:\Program Files\DivX\DivX Codec\config.exe
2007-12-12 01:32 69632 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP15\A0004818.exe

2008-01-05 00:57 341504 C:\Program Files\DivX\DivX Codec\DivX EKG.exe
2007-12-12 01:33 341504 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP15\A0004819.exe

2008-01-05 00:57 270336 C:\Program Files\DivX\DivX Codec\DivXDRA1031.dll
2007-12-12 01:33 270336 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP15\A0004820.dll

2008-01-05 00:57 262144 C:\Program Files\DivX\DivX Codec\DivXDRA1033.dll
2007-12-12 01:33 262144 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP15\A0004821.dll

2008-01-05 00:57 270336 C:\Program Files\DivX\DivX Codec\DivXDRA1036.dll
2007-12-12 01:33 270336 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP15\A0004822.dll

2008-01-05 00:57 237568 C:\Program Files\DivX\DivX Codec\DivXDRA1041.dll
2007-12-12 01:33 237568 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP15\A0004823.dll

2008-01-05 00:56 1933312 C:\Program Files\DivX\DivX Content Uploader\ContentUploadCheck.dll
2007-12-12 01:32 1933312 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP15\A0004929.dll

2008-01-05 00:56 845824 C:\Program Files\DivX\DivX Content Uploader\libxml2.dll
2007-12-12 01:32 845824 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP15\A0004930.dll

2008-01-05 00:56 1359872 C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
2007-12-12 01:32 1359872 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP15\A0004932.dll

2008-01-08 04:16 1355776 C:\Program Files\DivX\DivX Converter\Converter.exe
2007-12-12 01:32 1552384 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP15\A0004844.exe

2008-01-08 04:16 61440 C:\Program Files\DivX\DivX Converter\dpil100.dll
2007-12-12 01:32 61440 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP15\A0004845.dll

2008-01-08 04:16 892928 C:\Program Files\DivX\DivX Converter\DSConverter1031.dll
2007-12-12 01:32 1196032 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP15\A0004846.dll

2008-01-08 04:16 888832 C:\Program Files\DivX\DivX Converter\DSConverter1033.dll
2007-12-12 01:32 1040384 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP15\A0004847.dll

2008-01-08 04:16 892928 C:\Program Files\DivX\DivX Converter\DSConverter1036.dll
2007-12-12 01:32 1196032 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP15\A0004848.dll

2008-01-08 04:16 884736 C:\Program Files\DivX\DivX Converter\DSConverter1041.dll
2007-12-12 01:32 1191936 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP15\A0004849.dll

2008-01-08 04:16 278528 C:\Program Files\DivX\DivX Converter\dvd2divxsub.dll
2007-12-12 01:32 81920 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP15\A0004850.dll

2008-01-08 04:16 895488 C:\Program Files\DivX\DivX Converter\libxml2.dll
2007-12-12 01:32 895488 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP15\A0004851.dll

2008-01-05 00:58 479232 C:\Program Files\DivX\DivX Converter\Microsoft.VC80.CRT\msvcm80.dll
2007-12-12 01:33 479232 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP15\A0004859.dll

2008-01-05 00:58 548864 C:\Program Files\DivX\DivX Converter\Microsoft.VC80.CRT\msvcp80.dll
2007-12-12 01:33 548864 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP15\A0004857.dll

2008-01-05 00:58 626688 C:\Program Files\DivX\DivX Converter\Microsoft.VC80.CRT\msvcr80.dll
2007-12-12 01:33 626688 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP15\A0004858.dll

2008-01-05 00:58 1101824 C:\Program Files\DivX\DivX Converter\Microsoft.VC80.MFC\mfc80.dll
2007-12-12 01:33 1101824 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP15\A0004860.dll

2008-01-05 00:58 1093120 C:\Program Files\DivX\DivX Converter\Microsoft.VC80.MFC\mfc80u.dll
2007-12-12 01:33 1093120 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP15\A0004861.dll

2008-01-05 00:58 69632 C:\Program Files\DivX\DivX Converter\Microsoft.VC80.MFC\mfcm80.dll
2007-12-12 01:33 69632 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP15\A0004862.dll

2008-01-05 00:58 57856 C:\Program Files\DivX\DivX Converter\Microsoft.VC80.MFC\mfcm80u.dll
2007-12-12 01:33 57856 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP15\A0004863.dll

2008-01-08 04:16 122880 C:\Program Files\DivX\DivX Converter\xdclm.dll
2007-12-12 01:32 122880 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP15\A0004852.dll

2008-01-08 04:16 880640 C:\Program Files\DivX\DivX Converter\xdsbp.dll
2007-12-12 01:32 1085440 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP15\A0004853.dll

2008-01-08 04:16 479232 C:\Program Files\DivX\DivX Converter\xdsbv.dll
2007-12-12 01:32 479232 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP15\A0004854.dll

C:\Program Files\DivX\DivX Player\ContentUploadCheck.dll
2007-12-12 01:35 1933312 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP15\A0004881.dll

C:\Program Files\DivX\DivX Player\ConverterPlugin.dll
2007-12-12 01:33 81920 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP15\A0004882.dll

2008-01-08 02:14 348160 C:\Program Files\DivX\DivX Player\DCManager.dll
2007-12-12 01:33 348160 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP15\A0004883.dll

2008-01-08 02:14 1585664 C:\Program Files\DivX\DivX Player\DivX Player.exe
2007-12-12 01:33 1647616 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP15\A0004884.exe

C:\Program Files\DivX\DivX Player\DXMBuilderLite.dll
2007-12-12 01:33 1290240 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP15\A0004886.dll

2008-01-05 00:57 845824 C:\Program Files\DivX\DivX Player\libxml2.dll
2007-12-12 01:33 845824 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP15\A0004887.dll

2008-01-05 00:58 479232 C:\Program Files\DivX\DivX Player\Microsoft.VC80.CRT\msvcm80.dll
2007-12-12 01:33 479232 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP15\A0004889.dll

2008-01-05 00:58 548864 C:\Program Files\DivX\DivX Player\Microsoft.VC80.CRT\msvcp80.dll
2007-12-12 01:33 548864 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP15\A0004890.dll

2008-01-05 00:58 626688 C:\Program Files\DivX\DivX Player\Microsoft.VC80.CRT\msvcr80.dll
2007-12-12 01:33 626688 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP15\A0004891.dll

2008-01-05 00:58 1101824 C:\Program Files\DivX\DivX Player\Microsoft.VC80.MFC\mfc80.dll
2007-12-12 01:33 1101824 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP15\A0004892.dll

2008-01-05 00:58 1093120 C:\Program Files\DivX\DivX Player\Microsoft.VC80.MFC\mfc80u.dll
2007-12-12 01:33 1093120 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP15\A0004893.dll

2008-01-05 00:58 69632 C:\Program Files\DivX\DivX Player\Microsoft.VC80.MFC\mfcm80.dll
2007-12-12 01:33 69632 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP15\A0004894.dll

2008-01-05 00:58 57856 C:\Program Files\DivX\DivX Player\Microsoft.VC80.MFC\mfcm80u.dll
2007-12-12 01:33 57856 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP15\A0004895.dll

2008-01-08 02:14 98304 C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
2007-12-12 01:33 98304 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP15\A0004897.dll

2008-01-08 02:14 1826816 C:\Program Files\DivX\DivX Player\PlaybackModule2.dll
2007-12-12 01:33 1789952 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP15\A0004899.dll

2008-01-05 00:58 207608 C:\Program Files\DivX\DivX Player\primosdk.dll
2007-12-12 01:34 207608 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP15\A0004900.dll

2008-01-05 00:58 479232 C:\Program Files\DivX\DivX Web Player\Microsoft.VC80.CRT\msvcm80.dll
2007-12-12 01:33 479232 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP15\A0004922.dll

2008-01-05 00:58 548864 C:\Program Files\DivX\DivX Web Player\Microsoft.VC80.CRT\msvcp80.dll
2007-12-12 01:33 548864 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP15\A0004920.dll

2008-01-05 00:58 626688 C:\Program Files\DivX\DivX Web Player\Microsoft.VC80.CRT\msvcr80.dll
2007-12-12 01:33 626688 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP15\A0004921.dll

2008-01-05 00:57 1335600 C:\Program Files\DivX\DivX Web Player\npdivx32.dll
2007-12-12 01:33 1335600 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP15\A0004917.dll

2008-02-01 18:23 122049 C:\Program Files\DivX\DivXBundleUninstall.exe
2007-12-23 20:40 121075 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP15\A0004937.exe

2008-02-01 18:22 122049 C:\Program Files\DivX\DivXCodecUninstall.exe
2007-12-23 20:39 121075 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP15\A0004841.exe

2008-02-01 18:23 122049 C:\Program Files\DivX\DivXContentUploaderUninstall.exe
2007-12-23 20:40 121075 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP15\A0004936.exe

2008-02-01 18:23 122049 C:\Program Files\DivX\DivXConverterUninstall.exe
2007-12-23 20:40 121075 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP15\A0004873.exe

2008-02-01 18:23 122049 C:\Program Files\DivX\DivXPlayerUninstall.exe
2007-12-23 20:40 121075 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP15\A0004911.exe

2008-02-01 18:23 122049 C:\Program Files\DivX\DivXWebPlayerUninstall.exe
2007-12-23 20:40 121075 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP15\A0004928.exe

2002-01-01 03:53 494712 C:\Program Files\ESET\nod32.exe
2002-01-01 02:44 494712 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP100\A0022972.exe
2002-01-01 01:11 494712 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP99\A0022956.exe

2002-01-01 03:53 552064 C:\Program Files\ESET\nod32krn.exe
2002-01-01 02:27 552064 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP100\A0022973.exe
2002-01-01 01:21 552064 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP99\A0022957.exe

2008-04-29 02:21 949376 C:\Program Files\ESET\nod32kui.exe
2002-01-01 03:00 949376 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP100\A0022974.exe
2002-01-01 01:22 949376 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP99\A0022958.exe

C:\Program Files\Fanatic Software\Uninstall.exe
2008-04-26 00:14 239102 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP98\A0020058.exe

C:\Program Files\Fanatic Software\Verbs.exe
2005-06-09 11:34 7621795 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP98\A0020055.exe

C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\gtn.dll
2008-02-18 01:16 171504 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP88\A0019445.dll

C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\res_en.dll
2008-02-18 01:16 49152 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP88\A0019446.dll

C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
2008-02-18 01:16 323568 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP88\A0019444.dll

C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\gtn.dll
2007-06-25 22:23 172984 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP32\A0007901.dll

C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\res_en.dll
2007-06-25 22:23 49152 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP32\A0007902.dll

C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
2007-06-25 22:23 325048 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP32\A0007900.dll

2005-01-10 07:08 638976 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
2007-06-25 22:23 68856 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP99\A0020185.exe

C:\Program Files\Google\GoogleToolbarNotifier\swg-2.0.1121.2472\SearchWithGoogleUpdate_en.exe
2008-02-18 01:16 738800 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP32\A0007903.exe

2007-11-29 07:58 33483 C:\Program Files\GRETECH\GomPlayer\Dodge.dll
2007-11-29 07:58 33483 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP91\A0019608.dll

2008-03-25 07:23 2602552 C:\Program Files\GRETECH\GomPlayer\GOM.exe
2008-02-20 10:14 2606648 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP91\A0019597.exe

2008-01-23 07:30 143360 C:\Program Files\GRETECH\GomPlayer\GomWeb3.dll
2008-02-20 10:14 149016 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP91\A0019596.dll

2008-03-21 07:34 308736 C:\Program Files\GRETECH\GomPlayer\GomWiz.exe
2008-01-15 08:25 306176 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP91\A0019598.exe

2008-01-23 07:30 2019384 C:\Program Files\GRETECH\GomPlayer\gomx.dll
2008-02-20 10:14 2025032 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP91\A0019595.dll

2007-03-22 13:46 126976 C:\Program Files\GRETECH\GomPlayer\GrLauncher.exe
2007-03-22 13:46 126976 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP91\A0019599.exe

2008-03-25 07:08 2860544 C:\Program Files\GRETECH\GomPlayer\GVC.dll
2008-02-18 07:52 2896896 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP91\A0019594.dll

2008-03-21 07:36 826368 C:\Program Files\GRETECH\GomPlayer\icon.dll
2008-01-16 14:31 826368 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP91\A0019603.dll

2005-11-11 11:08 3584 C:\Program Files\GRETECH\GomPlayer\KillGom.exe
2005-11-11 11:08 3584 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP91\A0019593.exe

2008-03-21 08:29 360448 C:\Program Files\GRETECH\GomPlayer\lang\GomEng.dll
2008-02-18 09:17 360448 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP91\A0019618.dll

2008-03-21 07:34 160256 C:\Program Files\GRETECH\GomPlayer\lang\GomWizEng.dll
2008-01-15 08:25 160256 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP91\A0019619.dll

2006-07-11 12:35 348160 C:\Program Files\GRETECH\GomPlayer\msvcr71.dll
2006-07-11 12:35 348160 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP91\A0019613.dll

2004-05-17 04:41 303104 C:\Program Files\GRETECH\GomPlayer\qscl.dll
2004-05-17 04:41 303104 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP91\A0019609.dll

2007-03-06 07:18 10240 C:\Program Files\GRETECH\GomPlayer\RtParser.exe
2007-03-06 07:18 10240 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP91\A0019606.exe

2007-12-21 10:23 4608 C:\Program Files\GRETECH\GomPlayer\ShellRegister.exe
2007-12-21 10:23 4608 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP91\A0019611.exe

2007-03-06 07:17 4096 C:\Program Files\GRETECH\GomPlayer\srt2smi.exe
2007-03-06 07:17 4096 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP91\A0019607.exe

2008-04-20 12:42 52550 C:\Program Files\GRETECH\GomPlayer\Uninstall.exe
2008-03-01 17:42 52550 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP91\A0019620.exe

2008-03-25 07:23 206344 C:\Program Files\GRETECH\GomPlayer\VSUtil.dll
2008-02-20 10:14 206344 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP91\A0019612.dll

2006-10-11 12:00 352256 C:\Program Files\ICQLite\ICQPhone.dll
2006-10-11 13:00 352256 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP89\A0019527.dll

2006-12-06 18:00 4608 C:\Program Files\ICQLite\LiteDataFiles\bartout.exe
2006-12-06 19:00 4608 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP89\A0019525.exe

2007-07-03 12:00 69276 C:\Program Files\ICQLite\LiteDataFiles\icqfilexfer.exe
2007-07-03 13:00 69276 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP89\A0019523.exe

2005-03-01 18:13 2560 C:\Program Files\ICQLite\LiteDataFiles\icqtoolbarpatch.exe
2005-03-01 19:13 2560 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP89\A0019524.exe

2006-10-11 12:00 208896 C:\Program Files\ICQLite\MIBFlashCtrl.dll
2006-10-11 13:00 208896 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP89\A0019526.dll

2007-12-06 14:01 625664 C:\Program Files\Internet Explorer\iexplore.exe
2007-10-10 13:59 625152 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP40\A0008934.exe

2008-04-07 10:46 143360 C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
2008-01-25 17:08 143360 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP36\A0008338.dll
2008-02-24 01:21 143360 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP78\A0018605.dll

2008-04-07 10:46 143360 C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
2008-01-25 17:08 143360 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP36\A0008341.dll
2008-02-24 01:21 143360 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP78\A0018608.dll

2008-04-07 10:46 143360 C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
2008-01-25 17:08 143360 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP36\A0008344.dll
2008-02-24 01:21 143360 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP78\A0018611.dll

2008-04-07 10:46 143360 C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
2008-01-25 17:08 143360 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP36\A0008347.dll
2008-02-24 01:21 143360 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP78\A0018614.dll

2008-04-07 10:46 143360 C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
2008-01-25 17:08 143360 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP36\A0008350.dll
2008-02-24 01:21 143360 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP78\A0018617.dll

2008-04-07 10:46 143360 C:\Program Files\Internet Explorer\PLUGINS\npqtplugin6.dll
2008-01-25 17:08 143360 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP36\A0008353.dll
2008-02-24 01:21 143360 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP78\A0018620.dll

2008-04-07 10:46 143360 C:\Program Files\Internet Explorer\PLUGINS\npqtplugin7.dll
2008-01-25 17:08 143360 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP36\A0008356.dll
2008-02-24 01:21 143360 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP78\A0018623.dll

2002-01-01 03:55 49152 C:\Program Files\Last.fm\Cleaner.exe
2002-01-01 02:20 49152 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP100\A0022975.exe
2008-01-08 16:23 49152 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP99\A0022959.exe

2008-04-07 03:12 607576 C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
2008-01-04 14:27 587096 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP59\A0013732.exe
2008-03-17 21:50 607576 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP78\A0018591.exe

2008-04-07 03:13 2711376 C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe
2008-02-26 17:44 2858320 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP78\A0018593.exe

2008-03-16 18:55 525664 C:\Program Files\Lavasoft\Ad-Aware 2007\update.dll
2007-12-27 12:13 525664 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP59\A0011465.dll

2008-03-16 18:55 271712 C:\Program Files\Lavasoft\Ad-Aware 2007\upmanager.dll
2007-12-14 11:56 271712 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP59\A0011466.dll

C:\Program Files\Madoogali\Key2Speak\adsrvm.exe
2001-11-07 17:27 102400 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP18\A0005042.exe

C:\Program Files\Madoogali\Key2Speak\Key2Speak.exe
2001-11-22 00:47 212992 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP18\A0005041.exe

C:\Program Files\Madoogali\Key2Speak\MSagent.exe
2000-10-04 00:00 400536 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP18\A0005039.exe

C:\Program Files\Madoogali\Key2Speak\msttsm22l.exe
2001-06-25 09:44 2337528 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP18\A0005043.exe

C:\Program Files\Madoogali\Key2Speak\setup\uninst.exe
2000-02-13 00:00 334848 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP18\A0005050.exe

C:\Program Files\Madoogali\Key2Speak\SPCHAPI.EXE
1999-02-16 10:20 847096 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP18\A0005040.EXE

2008-04-17 19:25 13952 C:\Program Files\Mozilla Firefox\AccessibleMarshal.dll
2007-12-02 13:09 13952 {8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP24\A0006322.dll
{
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:07 15360]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 18:43 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-04-29 02:21 949376]
"Matrox Powerdesk"="C:\WINDOWS\system32\PDesk\PDesk.exe" [2004-09-14 11:13 684032]
"M-Audio Delta Taskbar Icon"="C:\WINDOWS\System32\DeltTray.exe" [2004-08-27 00:43 56320]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-29 22:44 196608]
"H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2005-01-10 07:08 638976]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"Babylon Client"="C:\Program Files\Babylon\Babylon-Pro\Babylon.exe" [2006-05-24 18:39 2655272]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-02-07 01:37 1115728]
"DeltTray"="DeltTray.exe" [2004-08-27 00:43 56320 C:\WINDOWS\system32\DeltTray.exe]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-15 13:13 185896]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

C:\Documents and Settings\Dog Machine\Start Menu\Programs\Startup\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2008-04-27 19:33:40 106496]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Launchy.lnk - C:\Program Files\Launchy\Launchy.exe [2007-12-26 22:45:55 274432]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.HFYU"= huffyuv.dll
"vidc.DIV3"= divxc32.dll
"vidc.DIV4"= divxc32f.dll
"vidc.X264"= x264vfw.dll
"vidc.davc"= davcvfw.dll
"msacm.divxa32"= msaud32_divx.acm
"VIDC.ACDV"= ACDV.dll
"midi1"= ma_cmidn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2007-05-10 23:46 624248 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
--------- 2004-08-05 16:19 118784 C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-01-14 03:20 49152 C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBCSTray]
--a------ 2007-06-15 16:17 699120 C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2005-01-10 07:08 638976 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Titan FTP Server Tray App]
C:\Program Files\South River Technologies\Titan FTP Server\srxTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-01-15 13:13 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\ICQLite\\ICQLite.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\ESET\\nod32.exe"=
"C:\\Program Files\\ESET\\nod32kui.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Engineer XII\\Win32\\RpcDataSrv.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Engineer XII\\RpcSandraSrv.exe"=
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1770:TCP"= 1770:TCP:em
"1780:UDP"= 1780:UDP:em2
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"12120:TCP"= 12120:TCP:eMule
"13130:UDP"= 13130:UDP:eMule

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 SBHR;SBHR;C:\WINDOWS\system32\drivers\sbhr.sys [2008-01-24 18:25]
R1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\Cinemsup.sys [2002-07-19 10:10]
R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2004-08-04 04:07]
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 21:08]
S2 Parclass;Parclass;C:\WINDOWS\system32\Drivers\Parclass.sys [1997-11-26 08:31]
S3 MA_CMIDI;M-Audio USB Driver;C:\WINDOWS\system32\drivers\ma_cmidi.sys [2007-11-14 17:20]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 20:31]
S3 SBAPIFS;SBAPIFS;C:\WINDOWS\system32\drivers\sbapifs.sys []
S3 tj2knd5;Terayon Cable Modem (NDIS);C:\WINDOWS\system32\DRIVERS\tj2knd5.sys [2002-10-14 08:40]
S3 tj2kunic;Terayon Cable Modem (WDM);C:\WINDOWS\system32\DRIVERS\tj2kunic.sys [2002-10-14 08:40]
S3 UKS11LDR;M-Audio USB Keystation Loader;C:\WINDOWS\system32\drivers\uks11ldr.sys [2007-11-14 17:20]
S3 USBKS1X1;Midiman USB Keystation USB Driver;C:\WINDOWS\system32\drivers\usbks1x1.sys []
S3 USBKT1X1;M-Audio USB Keystation;C:\WINDOWS\system32\drivers\usbkt1x1.sys []
S3 USBMIDIM;Midiman USB MidiSport Midi Kernel Driver;C:\WINDOWS\system32\drivers\usbmidim.sys []

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2008-04-25 14:18:32 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-04-29 09:49:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-29 16:43:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-29 16:57:42
ComboFix-quarantined-files.txt 2008-04-29 13:57:12
ComboFix2.txt 2008-04-29 06:41:15

Pre-Run: 16,229,072,896 bytes free
Post-Run: 16,210,636,800 bytes free

521 --- E O F --- 2008-04-24 09:30:17

 

[adifrank]

Dr. Web CureIt (continued)....

After about 15 minutes I eventually got a download error message:

C:\Documents and Settings\Dog Machine\Desktop\drweb-cureit.exe part could not be saved, because the source file could not be read.

I had an idea, I am now downloading the Dr. Web CureIt file on a different computer and then I'll transfer it to the infected one and run it. Maybe that'll work.... I'll let you know.

In the meantime, is there anything else I should do?

 

[Rorschach112]

Transfer Dr. Web over and run a full scan if you get it working

Also do this

Please download and unzip Icesword to its own folder on your desktop


If you get a lot of "red entries" in an IceSword log, don't panic.

Step 1 : Close all windows and run IceSword. Click the Processes tab and watch for processes displayed in red color. A red colored process in this list indicates that it's hidden. Write down the PathName of any processes in red color. Then click on LOG at the top left. It will prompt you to save the log, call this Processes and save it to your desktop.


Step 2 : Click the Win32 Services tab and look out for red colored entries in the services list. Write down the Module name of any services in red color, you will need to expand out the Module tab to see the full name. Then click on LOG. It will prompt you to save the log, call this Services and save it to your desktop.


Step 3 : Click the Startup tab and look out for red colored entries in the startup list. Write down the Path of any startup entries in red color. Then click on LOG. It will prompt you to save the log, call this Startup and save it to your desktop.


Step 4 : Click the SSDT tab and check for red colored entries. If there are any, write down the KModule name.


Step 5 : Click the Message Hooks tab and check for any entries that are underneath Type and labelled WH_KEYBOARD. Write down the Process Path of these entries if present.



Now post all of the data collected under the headings for :

Processes
Win32 Services
Startup
SSDT
Message Hooks




Open Notepad and Copy (Control+C) and Paste (Control+V) the following code into the Notepad window.

@echo off
dir "C:\WINDOWS\system32\drivers">C:\peek.txt
start C:\peek.txt
del peek.bat

Click on 'File' then 'Save As'
In the Save in drop down box select Desktop
In the File name box type in peek.bat
In the Save as type drop down box select All Files
Close Notepad.

Now, find peek.bat on your Desktop and Double click it
A window will open and close, do not be concerned this is normal.


Attach the log it produces

 

[adifrank]

Hi Rorschach. Thanks for sticking with me on this. I really appreciate it. :bigthumb:

I finally managed to run DrWeb CureIt. The trick was to download the exe file on a different computer, burn it to cd and then copying it over from the cd to the infected computer WITH INTERNET CONNECTION DISABLED (otherwise, DrWeb would not work). Then it took a good 3 hours or more to make a complete scan.... phew... but at least it worked and i have the results on file.

Bad news is, I tried the exact same method with IceSword, but after unpacking the zip file and double clicking IceSword.exe - I got the following error message:

IceSword.exe is not a valid Win32 application.

Pasted below is the DrWeb.csv file. I'm gonna get some sleep now and I'll be back online around 9 am.

Cheers.

DrWeb.csv

gendel32.exe;C:\;Tool.Gendel;Incurable.Deleted.;
setup.exe;C:\Documents and Settings\Dog Machine\Desktop\transit folder\Babylon.7.0.0.13.Pro.Multilingual.Incl.Crack.-.UnREal updated-fixe;Win32.HLLW.Puce;Deleted.;
b64_2[1].jpg;C:\Documents and Settings\Dog Machine\Local Settings\Temporary Internet Files\Content.IE5\JU7L18JM;Win32.HLLM.Beagle;Deleted.;
b64_2[2].jpg;C:\Documents and Settings\Dog Machine\Local Settings\Temporary Internet Files\Content.IE5\JU7L18JM;Win32.HLLM.Beagle;Deleted.;
b64_2[1].jpg;C:\Documents and Settings\Dog Machine\Local Settings\Temporary Internet Files\Content.IE5\PA2WJL05;Win32.HLLM.Beagle;Deleted.;
b64_3[1].jpg;C:\Documents and Settings\Dog Machine\Local Settings\Temporary Internet Files\Content.IE5\PA2WJL05;Win32.HLLM.Beagle;Deleted.;
b64_3[2].jpg;C:\Documents and Settings\Dog Machine\Local Settings\Temporary Internet Files\Content.IE5\PA2WJL05;Win32.HLLM.Beagle;Deleted.;
b64_2[1].jpg;C:\Documents and Settings\Dog Machine\Local Settings\Temporary Internet Files\Content.IE5\TO34UYDT;Win32.HLLM.Beagle;Deleted.;
b64_3[1].jpg;C:\Documents and Settings\Dog Machine\Local Settings\Temporary Internet Files\Content.IE5\TO34UYDT;Win32.HLLM.Beagle;Deleted.;
b64_2[1].jpg;C:\Documents and Settings\Dog Machine\Local Settings\Temporary Internet Files\Content.IE5\WE4556E1;Win32.HLLM.Beagle;Deleted.;
b64_3[1].jpg;C:\Documents and Settings\Dog Machine\Local Settings\Temporary Internet Files\Content.IE5\WE4556E1;Win32.HLLM.Beagle;Deleted.;
b64_3[2].jpg;C:\Documents and Settings\Dog Machine\Local Settings\Temporary Internet Files\Content.IE5\WE4556E1;Win32.HLLM.Beagle;Deleted.;
0C4XA3CA.NQF;C:\Program Files\ESET\infected;Trojan.MulDrop.3700;Deleted.;
20WNCEAA.NQF;C:\Program Files\ESET\infected;Win32.HLLW.Puce;Deleted.;
5YHAPADA.NQF;C:\Program Files\ESET\infected;BackDoor.Bifrost;Deleted.;
D3U3LFBA.NQF;C:\Program Files\ESET\infected;Trojan.DownLoader.22050;Deleted.;
FJGUSFBA.NQF;C:\Program Files\ESET\infected;Win32.HLLW.Puce;Deleted.;
GHZBI3BA.NQF;C:\Program Files\ESET\infected;Trojan.Swizzor;Deleted.;
HHJK0JBA.NQF;C:\Program Files\ESET\infected;Trojan.DownLoader.10616;Deleted.;
Q5SXQUDA.NQF;C:\Program Files\ESET\infected;Win32.HLLW.Puce;Deleted.;
XCVZ2MBA.NQF;C:\Program Files\ESET\infected;Trojan.DownLoader.17378;Deleted.;
A0023143.EXE;C:\System Volume Information\_restore{8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP101;Program.PsExec.170;Incurable.Deleted.;
A0023146.bat;C:\System Volume Information\_restore{8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP101;Probably BATCH.Virus;Incurable.Deleted.;
A0023154.bat;C:\System Volume Information\_restore{8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP101;Probably SCRIPT.Virus;Incurable.Deleted.;
A0023237.exe;C:\System Volume Information\_restore{8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP102;Win32.HLLM.Beagle;Deleted.;
A0023249.bat;C:\System Volume Information\_restore{8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP102;Probably BATCH.Virus;Incurable.Deleted.;
A0023256.bat;C:\System Volume Information\_restore{8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP102;Probably SCRIPT.Virus;Incurable.Deleted.;
A0023348.exe;C:\System Volume Information\_restore{8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP102;Win32.HLLW.Puce;Deleted.;

 

[Rorschach112]

Ok do this in the morning for me

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

• 
  Double-click ATF-Cleaner.exe to run the program.
  Under Main choose: Select All
  Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.



Please download Deckard's System Scanner (DSS) and save it to your Desktop.

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
• If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Go to this site:
http://www.virustotal.com/
On top you'll find 'Browse'
Click the browse button and browse to the file:

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

Click open.
Then click the 'Send' button next to it.
This will scan the file. Please be patient.
Once scanned, copy and paste the results as well in your next reply.

 

[adifrank]

Deckard's System Scanner - main

Deckard's System Scanner v20071014.68
Run by Dog Machine on 2008-04-30 11:27:54
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
90: 2008-04-30 08:28:08 UTC - RP103 - Deckard's System Scanner Restore Point
89: 2008-04-29 13:38:37 UTC - RP102 - ComboFix created restore point
88: 2008-04-28 23:15:20 UTC - RP101 - ComboFix created restore point
87: 2002-01-01 00:07:53 UTC - RP100 - System Checkpoint
86: 2008-04-26 23:31:28 UTC - RP99 - System Checkpoint


-- First Restore Point --
1: 2008-01-31 10:37:30 UTC - RP14 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-30 11:30:59
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\mgabg.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\system32\PDesk\pdesk.exe
C:\WINDOWS\system32\DeltTray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Launchy\Launchy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Documents and Settings\Dog Machine\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nana.co.il
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar4.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar4.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\system32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [M-Audio Delta Taskbar Icon] C:\WINDOWS\System32\DeltTray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{CDFC83AF-9AEB-4405-A519-DBB9C85248B7}: NameServer = 192.168.1.1,62.90.42.110,212.150.49.10
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATM Service (ATMsrvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\ATMsrvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\ESET\nod32krn.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDExchange - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDExchange.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Engineer XII\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Engineer XII\RpcSandraSrv.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe


--
End of file - 11840 bytes

-- File Associations -----------------------------------------------------------

.js - unable to read key
.js - unable to read key
.txt - unable to read key
.txt - unable to read key


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 PenClass (Pen Class) - c:\windows\system32\drivers\penclass.sys <Not Verified; Wacom Technology Corporation; Wacom Pen Class Driver>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.10.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.10.0>
R2 ElbyCDIO (ElbyCDIO Driver) - c:\windows\system32\drivers\elbycdio.sys <Not Verified; Elaborate Bytes AG; CDRTools>
R2 Nsynas32 - c:\windows\system32\drivers\nsynas32.sys <Not Verified; Syncrosoft Hard- und Software GmbH; Internet Protection Hardware Driver>
R3 AnyDVD - c:\windows\system32\drivers\anydvd.sys <Not Verified; SlySoft, Inc.; AnyDVD>
R3 CLEDX (Team H2O CLEDX service) - c:\windows\system32\drivers\cledx.sys <Not Verified; Team H2O; CLEDX>
R3 DELTA (Service for Delta Driver (WDM)) - c:\windows\system32\drivers\delta.sys <Not Verified; Midiman/M-Audio; M-Audio Delta WDM Driver>
R3 ElbyDelay - c:\windows\system32\drivers\elbydelay.sys <Not Verified; Elaborate Bytes AG; CDRTools>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

S0 Inspect (Comodo Network Engine) - c:\windows\system32\drivers\inspect.sys (file missing)
S2 Parclass - c:\windows\system32\drivers\parclass.sys <Not Verified; Microsoft Corporation; Microsoft® Windows NT(TM) Operating System>
S3 RT73 (RT73 USB Wireless LAN Card Driver) - c:\windows\system32\drivers\rt73.sys (file missing)
S3 SBAPIFS - c:\windows\system32\drivers\sbapifs.sys (file missing)
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
S3 USBKS1X1 (Midiman USB Keystation USB Driver) - c:\windows\system32\drivers\usbks1x1.sys (file missing)
S3 USBKT1X1 (M-Audio USB Keystation) - c:\windows\system32\drivers\usbkt1x1.sys (file missing)
S3 USBMIDIM (Midiman USB MidiSport Midi Kernel Driver) - c:\windows\system32\drivers\usbmidim.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 TabletService - c:\windows\system32\tablet.exe <Not Verified; Wacom Technology, Corp.; Wacom Win32 Tablet Service>

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S4 ATMsrvc (ATM Service) - c:\windows\system32\atmsrvc.exe <Not Verified; Adobe Systems Incorporated; Adobe Type Manager>
S4 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Ralink Turbo Wireless LAN Card
Device ID: PCI\VEN_1814&DEV_0301&SUBSYS_25611814&REV_00\4&2E98101C&0&08F0
Manufacturer: Ralink Technology, Inc.
Name: Ralink Turbo Wireless LAN Card #3
PNP Device ID: PCI\VEN_1814&DEV_0301&SUBSYS_25611814&REV_00\4&2E98101C&0&08F0
Service: RT61

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Ethernet Controller
Device ID: PCI\VEN_8086&DEV_1050&SUBSYS_30208086&REV_01\4&2E98101C&0&40F0
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_8086&DEV_1050&SUBSYS_30208086&REV_01\4&2E98101C&0&40F0
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Audio Controller
Device ID: PCI\VEN_8086&DEV_24D5&SUBSYS_A0008086&REV_02\3&267A616A&0&FD
Manufacturer:
Name: Multimedia Audio Controller
PNP Device ID: PCI\VEN_8086&DEV_24D5&SUBSYS_A0008086&REV_02\3&267A616A&0&FD
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-04-29 12:49:03 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-04-25 17:18:32 402 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job


-- Files created between 2008-03-30 and 2008-04-30 -----------------------------

2008-04-29 22:59:37 0 d-------- C:\Documents and Settings\Dog Machine\DoctorWeb
2008-04-29 02:13:56 68096 --a------ C:\WINDOWS\zip.exe
2008-04-29 02:13:56 49152 --a------ C:\WINDOWS\VFind.exe
2008-04-29 02:13:56 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-04-29 02:13:56 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-04-29 02:13:56 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-04-29 02:13:56 98816 --a------ C:\WINDOWS\sed.exe
2008-04-29 02:13:56 80412 --a------ C:\WINDOWS\grep.exe
2008-04-29 02:13:56 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-04-27 19:34:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Last.fm
2008-04-27 19:33:38 0 d-------- C:\Program Files\Last.fm
2008-04-09 23:41:11 0 d-------- C:\Program Files\WinPcap
2008-04-09 23:38:55 0 d-------- C:\Program Files\WMR11
2008-04-08 03:34:51 0 d-------- C:\Program Files\Common Files\SourceTec
2008-04-08 03:34:49 0 d-------- C:\Program Files\SourceTec
2008-04-07 10:54:15 0 d-------- C:\Program Files\iPod
2008-04-07 10:43:31 0 d-------- C:\Program Files\QuickTime
2008-04-02 04:57:52 0 dr-h----- C:\Documents and Settings\Dog Machine\Recent


-- Find3M Report ---------------------------------------------------------------

2008-04-29 22:41:04 0 d-------- C:\Documents and Settings\Dog Machine\Application Data\Babylon
2008-04-27 23:16:11 0 d-------- C:\Program Files\eMule
2008-04-21 13:14:51 0 d-------- C:\Program Files\Apple Software Update
2008-04-19 15:37:31 2608 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-11 17:04:19 0 d-------- C:\Documents and Settings\Dog Machine\Application Data\Adobe
2008-04-08 03:34:51 0 d-------- C:\Program Files\Common Files
2008-04-07 10:54:36 0 d-------- C:\Program Files\iTunes
2008-03-20 18:09:57 0 d-------- C:\Documents and Settings\Dog Machine\Application Data\Real
2008-03-10 00:16:13 0 d-------- C:\Program Files\Webteh
2008-03-01 17:42:08 0 d-------- C:\Documents and Settings\Dog Machine\Application Data\GRETECH
2008-03-01 17:41:49 0 d-------- C:\Program Files\GRETECH
2008-03-01 13:30:46 0 d-------- C:\Program Files\Vertical Moon
2008-02-03 22:25:17 12 --a------ C:\WINDOWS\system32\dck2s21.dat
2008-01-30 10:58:18 724992 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 02:11 AM]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [04/30/2008 12:47 AM]
"Matrox Powerdesk"="C:\WINDOWS\system32\PDesk\PDesk.exe" [09/14/2004 11:13 AM]
"M-Audio Delta Taskbar Icon"="C:\WINDOWS\System32\DeltTray.exe" [08/27/2004 12:43 AM]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [11/29/2001 10:44 PM]
"H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [01/10/2005 07:08 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 08:51 PM]
"Babylon Client"="C:\Program Files\Babylon\Babylon-Pro\Babylon.exe" [05/24/2006 06:39 PM]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [02/07/2007 01:37 AM]
"DeltTray"="DeltTray.exe" [08/27/2004 12:43 AM C:\WINDOWS\system32\DeltTray.exe]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [01/15/2008 01:13 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 04:07 AM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/30/2007 06:43 PM]

C:\Documents and Settings\Dog Machine\Start Menu\Programs\Startup\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [4/27/2008 7:33:40 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Launchy.lnk - C:\Program Files\Launchy\Launchy.exe [12/26/2007 10:45:55 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 2:01:04 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
"EnableLUA"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
"C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBCSTray]
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Titan FTP Server Tray App]
"C:\Program Files\South River Technologies\Titan FTP Server\srxTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp




-- End of Deckard's System Scanner: finished at 2008-04-30 11:31:37 ------------

Deckard's System Scanner - extra


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 2.40GHz
Percentage of Memory in Use: 34%
Physical Memory (total/avail): 1021.73 MiB / 666.05 MiB
Pagefile Memory (total/avail): 2924.73 MiB / 2714.58 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1929.16 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 74.52 GiB total, 14.87 GiB free.
E: is CDROM (CDFS)
K: is Fixed (NTFS) - 39.06 GiB total, 1.21 GiB free.
L: is Fixed (NTFS) - 109.99 GiB total, 31.34 GiB free.

\\.\PHYSICALDRIVE1 - WDC WD1600JB-00EVA0 - 149.05 GiB - 2 partitions
\PARTITION0 - Installable File System - 39.06 GiB - K:
\PARTITION1 - Installable File System - 109.99 GiB - L:

\\.\PHYSICALDRIVE0 - WDC WD800JB-00ETA0 - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.52 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.

FW: COMODO Firewall Pro v2.3.035 (COMODO)
AV: ESET NOD32 antivirus system 2.70 v2.70 (ESET, spol. s r.o.)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\\Program Files\\ICQLite\\ICQLite.exe"="C:\\Program Files\\ICQLite\\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"="C:\\Program Files\\IncrediMail\\bin\\IMApp.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"="C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe:*:Enabled:tvprunner"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\ESET\\nod32.exe"="C:\\Program Files\\ESET\\nod32.exe:*:Enabled:NOD32"
"C:\\Program Files\\ESET\\nod32kui.exe"="C:\\Program Files\\ESET\\nod32kui.exe:*:Enabled:NOD32 Control Center"
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Engineer XII\\Win32\\RpcDataSrv.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Engineer XII\\Win32\\RpcDataSrv.exe:*:Enabled:SiSoftware Database Agent Service"
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Engineer XII\\RpcSandraSrv.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Engineer XII\\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service"
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"="C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Dog Machine\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=BRUCELEE
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Dog Machine
LOGONSERVER=\\BRUCELEE
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Microsoft SQL Server\80\Tools\Binn;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0207
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SAN_DIR=C:\Program Files\SiSoftware\SiSoftware Sandra Engineer XII
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\DOGMAC~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\DOGMAC~1\LOCALS~1\Temp
USERDOMAIN=BRUCELEE
USERNAME=Dog Machine
USERPROFILE=C:\Documents and Settings\Dog Machine
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Dog Machine (admin)
Administrator (new local, admin)
Guest (new local, guest)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\PROGRA~1\Yahoo!\Common\unyt.exe
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{107254A0-0ADF-11D4-9397-00D0B7020B38}\setup.exe"
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 5.0 Sprint Plus --> MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
ACDSee Pro --> MsiExec.exe /I{F99F74B4-972B-4B06-B893-6B3B0DB0128B}
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Add or Remove Adobe Creative Suite 3 Design Premium --> C:\Program Files\Common Files\Adobe\Installers\c14ac4070fd9614ffe63f4bb533db2c\Setup.exe
Adobe After Effects CS3 --> C:\Program Files\Common Files\Adobe\Installers\b7dd24a87e82dcf8af8876fd727b7cf\Setup.exe
Adobe After Effects CS3 --> MsiExec.exe /I{8AF3FB06-BDA3-42A3-995C-308812D2F094}
Adobe After Effects CS3 Presets --> MsiExec.exe /I{4B215C29-1A3E-4736-92AA-10C83FA56EB9}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe BridgeTalk Plugin CS3 --> MsiExec.exe /I{B7F560B3-6EFF-4026-A982-843895A41149}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings --> MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Creative Suite 3 Design Premium --> MsiExec.exe /I{D1C18EDD-571A-4BDD-BE7B-1DD86027D7FF}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{77D2A9D3-5800-43E3-B274-87841BC87DB2}
Adobe Extension Manager CS3 --> MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Flash CS3 --> MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Video Encoder --> MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Illustrator CS3 --> C:\Program Files\Common Files\Adobe\Installers\a04a925a57548091300ada368235fc6\Setup.exe
Adobe Illustrator CS3 --> MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
Adobe InDesign CS3 Icon Handler --> MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files --> MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}
Adobe Setup --> MsiExec.exe /I{09E2111C-16B1-4DDF-BF0D-F994C9A12350}
Adobe Setup --> MsiExec.exe /I{2C294A0B-DF22-4023-B168-8C7645B10019}
Adobe Setup --> MsiExec.exe /I{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}
Adobe Setup --> MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup --> MsiExec.exe /I{8AE03988-8C8C-40EE-BDC7-76781BEF1B1D}
Adobe SING CS3 --> MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe Version Cue CS3 Server {ko_KR} --> MsiExec.exe /I{1D58229F-C505-45CA-8223-F35F3A34B963}
Adobe Video Profiles --> MsiExec.exe /I{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}
Adobe WAS CS3 --> MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP DVA Panels CS3 --> MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AHV content for Acrobat and Flash --> MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
AnyDVD --> "C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
Ape2CD 2.0.0 --> "C:\Program Files\Ape2CD\unins000.exe"
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Babylon --> C:\Program Files\Babylon\Babylon-Pro\Utils\uninstbb.exe
Barak013 L2TP --> C:\PROGRA~1\Barak013\BARAK0~1\UNWISE.EXE C:\PROGRA~1\Barak013\BARAK0~1\INSTALL.LOG
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CloneDVD2 --> "C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2"
Cole2k Media - Codec Pack (Advanced) --> C:\WINDOWS\system32\C2MP\Uninst.exe
COMODO Firewall Pro --> C:\Program Files\Comodo\Firewall\fwconfig.exe -uninstalln
Delta --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A4810699-E859-43A6-8F40-1743873E72AB}\setup.exe" -l0x9 -removeonly
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Document Printer v2.0 --> "C:\Program Files\docPrint v2.0\unins000.exe"
eMule --> "C:\Program Files\eMule\Uninstall.exe"
EPSON Attach To Email --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Copy Utility 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x9 -UnInstall
EPSON Event Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48F22622-1CC2-4A83-9C1E-644DD96F832D}\Setup.exe" -l0x9 -u
EPSON File Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4197E46D-56D2-4527-8E40-8574FFFFBF1B}\Setup.exe" -l0x9 UNINST
EPSON Image Clip Palette --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{314F6D08-A8B7-11D8-8446-0050BA1D384D}\Setup.exe" -l0x9 -u
EPSON Scan --> C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Scan Assistant --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x9 -u
EPSON Send To Web --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{F839E2D2-4BEE-4915-A031-20A4D9006F92} /l1033 ADDREMOVEDLG
fxpansion!RobotikVocoder --> C:\UNWISE.EXE C:\PROGRA~1\FXPANS~1\INSTALL.LOG
GOM Player --> "C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar4.dll"
HijackThis 2.0.2 --> "C:\Documents and Settings\Dog Machine\Desktop\HijackThis.exe" /uninstall
HP Deskjet 5700 --> msiexec /x{85B1BEF2-2357-4C27-ABBE-15A1AE3AF78D}
hp deskjet 970c series --> rundll32 hpzcon04.dll,VendorJettison hp deskjet 970c series
hp deskjet 970c series (Remove only) --> C:\Program Files\hp deskjet 970c series\hpfiui.exe -c -vdivid=HPF -vpnum=95 -vinstport=USB003 -vproduct=970c -huninstall
HP Image Zone 4.0 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 5.3.B --> "C:\Program Files\HP\Digital Imaging\{49FB31C1-26EC-44c6-AB47-73C66E2BC41E}\setup\hpzscr01.exe" -datfile hposcr07.dat
HP Software Update --> MsiExec.exe /X{B81023A5-71ED-46EB-BE3B-9F974D1155F1}
ICQ 5.1 --> C:\Program Files\ICQLite\ICQLiteUninstall.EXE
iDump Build: 24 --> C:\Program Files\iDump\uninst.exe
IncrediMail Xe --> C:\PROGRA~1\INCRED~1\bin\imsetup.exe /remove /addon:IncrediMail /log:IncMail.log
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Japanese Fonts Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5760-0000-800000000003}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Joost (tm) 0.10.2 --> C:\Program Files\Joost\uninst.exe
Last.fm 1.4.2.59470 --> "C:\Program Files\Last.fm\unins000.exe"
Launchy 2.0 --> "C:\Program Files\Launchy\unins000.exe"
Lernout & Hauspie TruVoice American English TTS Engine --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, Uninstall
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Flash 8 Video Encoder --> MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Macromedia FreeHand MX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B4AE751-7055-4518-87B0-E148A8D50D0A}\Setup.exe" -l0x9 UNINSTALL
Matrox Graphics Software (remove only) --> C:\WINDOWS\system32\PDesk\PDUninst.exe
Microsoft Office 2000 Proofing Tools Disc 1 --> MsiExec.exe /I{00300409-78E1-11D2-B60F-006097C998E7}
Microsoft Office PowerPoint Viewer 2003 --> MsiExec.exe /X{90AF0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR) --> MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft Text-to-Speech Engine 4.0 (English) --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTSm22.inf, Uninstall
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NOD32 Antivirus System --> C:\Program Files\Eset\Setup\setup.exe /UNINSTALL
NOD32 FiX v2.1 --> "C:\Program Files\Eset\unins000.exe"
Norton Spyware Scan provided by Yahoo! --> C:\PROGRA~1\Yahoo!\Common\unynss.exe
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Pdf995 --> C:\Program Files\pdf995\setup.exe uninstall
Perf4870 Reference Guide --> C:\Program Files\EPSON\Perf4870\REF_G\DOCUNINS.EXE
PERF4990P Reference Guide --> C:\Program Files\EPSON\TPMANUAL\PERF4990P\REF_G\DOCUNINS.EXE
PerfectDisk --> MsiExec.exe /I{212F5777-1190-4DEF-8E4D-6B2F313B45E7}
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Ralink Wireless LAN Card --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FAB1F336-1B7C-4057-A7BC-2922CD82A781}\setup.exe" -l0x9 -removeonly
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Reason 3.0 --> "C:\Program Files\Propellerhead\Reason\Uninstall Reason\unins000.exe"
ReFX Slayer VSTi v1.3 --> C:\PROGRA~1\STEINB~1\VSTPLU~1\REFXSL~1.3\UNWISE.EXE C:\PROGRA~1\STEINB~1\VSTPLU~1\REFXSL~1.3\INSTALL.LOG
Revo Uninstaller 1.50 --> C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
River Past Audio Converter Pro --> C:\WINDOWS\Audio Converter Pro Uninstaller.exe
ScanToWeb --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\setup.exe" ADDREMOVEDLG
Security Task Manager 1.7e --> C:\Program Files\Security Task Manager\Uninstal.exe "C:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager"
Series II MIDI --> C:\Program Files\InstallShield Installation Information\{379BD39E-F13E-458F-96D8-56BD7F2CC516}\setup.exe -runfromtemp -l0x0009 -removeonly
SiSoftware Sandra Engineer XII --> "C:\Program Files\SiSoftware\SiSoftware Sandra Engineer XII\unins000.exe"
SmartFTP Client --> MsiExec.exe /I{C169D3BB-9A27-43F5-9979-09A0D65FE95C}
SmartFTP Client 2.0 Setup Files (remove only) --> "C:\Program Files\SmartFTP Client 2.0 Setup Files\uninst-sftp.exe"
SmartFTP Client 2.5 Setup Files (remove only) --> C:\Program Files\SmartFTP Client 2.5 Setup Files\uninst-sftp.exe
Sonic CinePlayer --> MsiExec.exe /X{26792CA7-D87A-4DBE-896B-C2F66B344511}
Sonic Scenarist --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Sonic\Scenarist\Uninst.isu"
Sony Media Manager 2.0 --> MsiExec.exe /X{B13F5727-F12F-4253-B6AD-26AFA880B709}
Sony Vegas 6.0d --> MsiExec.exe /X{4F68B605-2F2B-42A8-8689-0CA7E67797B0}
Sony Vegas Pro 8.0 --> MsiExec.exe /X{1246FF64-3035-4A92-8FE6-A968275495EB}
SopCast 1.1.2 --> C:\Program Files\SopCast\uninst.exe
Sothink SWF Decompiler --> "C:\Program Files\SourceTec\Sothink SWF Decompiler\unins000.exe"
SpeedSoft Virtual Sampler --> C:\SpeedSoft\VSampler\bin\UnInstall.exe
Spelling Dictionaries Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Steinberg Cubase SX v3.0.2.623 --> C:\PROGRA~1\STEINB~1\CUBASE~1\UNWISE.EXE C:\PROGRA~1\STEINB~1\CUBASE~1\INSTALL.LOG
Steinberg VoiceMachine v1.0 --> C:\PROGRA~1\STEINB~1\VSTPLU~1\STEINB~1\UNWISE.EXE C:\PROGRA~1\STEINB~1\VSTPLU~1\STEINB~1\INSTALL.LOG
SWF, Lock & Load 1.106 --> "C:\Program Files\Vertical Moon\SWF, Lock & Load\unins000.exe"
Syncrosoft's License Control --> C:\PROGRA~1\SYNCRO~1\UNWISE.EXE C:\PROGRA~1\SYNCRO~1\INSTALL.LOG
SyncroSoft Emu (Remove only) --> C:\Program Files\SyncroSoft\Pos\H2O\Uninst.exe
Tablet --> C:\Program Files\Tablet\Remove.exe /u
TBL BassLine v1.2 VSTi --> C:\PROGRA~1\STEINB~1\VSTPLU~1\TBLBAS~1\UNWISE.EXE C:\PROGRA~1\STEINB~1\VSTPLU~1\TBLBAS~1\INSTALL.LOG
TuneUp Utilities 2007 --> MsiExec.exe /I{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}
USB Keyboard Device 1.0.1.0 --> C:\WINDOWS\iun6002.exe "C:\Program Files\M-Audio USB Keyboard Device\irunin.ini"
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Warp VST V1.0 --> C:\PROGRA~1\STEINB~1\VSTPLU~1\WARPVS~1.0\UNWISE.EXE C:\PROGRA~1\STEINB~1\VSTPLU~1\WARPVS~1.0\INSTALL.LOG
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer Clean Up --> MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
WinPcap 4.0 --> C:\Program Files\WinPcap\uninstall.exe
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WM Recorder 12.0 --> C:\Program Files\WMR11\Uninstal.exe
XML Paper Specification Shared Components Pack 1.0 -->
XNote Stopwatch 1.40 --> C:\Program Files\XNote Stopwatch\uninstall.exe
Xvid 1.1.2 final uninstall --> "C:\Program Files\Xvid\unins000.exe"
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe
הפוך על הפוך --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\הפוך על הפוך\ST6UNST.LOG"


-- Application Event Log -------------------------------------------------------

Event Record #/Type25398 / Error
Event Submitted/Written: 04/29/2008 11:11:13 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application WINWORD.EXE, version 10.0.2627.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type25394 / Warning
Event Submitted/Written: 04/29/2008 09:20:59 PM
Event ID/Source: 32068 / Microsoft Fax
Event Description:
The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly.
Country/region code: '*'
Area code: '*'

Event Record #/Type25393 / Warning
Event Submitted/Written: 04/29/2008 09:20:59 PM
Event ID/Source: 32026 / Microsoft Fax
Event Description:
Fax Service failed to initialize any assigned fax devices (virtual or TAPI).
No faxes can be sent or received until a fax device is installed.

Event Record #/Type25388 / Warning
Event Submitted/Written: 04/29/2008 07:40:10 PM
Event ID/Source: 32068 / Microsoft Fax
Event Description:
The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly.
Country/region code: '*'
Area code: '*'

Event Record #/Type25387 / Warning
Event Submitted/Written: 04/29/2008 07:40:10 PM
Event ID/Source: 32026 / Microsoft Fax
Event Description:
Fax Service failed to initialize any assigned fax devices (virtual or TAPI).
No faxes can be sent or received until a fax device is installed.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type48376 / Warning
Event Submitted/Written: 04/27/2008 07:52:45 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type48370 / Warning
Event Submitted/Written: 04/25/2008 09:59:54 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type48335 / Warning
Event Submitted/Written: 04/24/2008 00:27:47 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type48333 / Warning
Event Submitted/Written: 04/23/2008 07:33:50 PM
Event ID/Source: 51 / Cdrom
Event Description:
An error was detected on device \Device\CdRom0 during a paging operation.

Event Record #/Type48332 / Warning
Event Submitted/Written: 04/23/2008 07:33:50 PM
Event ID/Source: 51 / Cdrom
Event Description:
An error was detected on device \Device\CdRom0 during a paging operation.



-- End of Deckard's System Scanner: finished at 2008-04-30 11:31:37 ------------

Virus Total results

File GoogleToolbarNotifier.exe received on 04.30.2008 10:51:05 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 19/31 (61.3%)
Loading server information...
Your file is queued in position: 2.
Estimated start time is between 40 and 57 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
AhnLab-V3 2008.4.30.0 2008.04.30 Win-Trojan/Bagle.638976
AntiVir 7.8.0.10 2008.04.30 TR/Dldr.Bagle.NU
Authentium 4.93.8 2008.04.27 -
Avast 4.8.1169.0 2008.04.30 Win32:Beagle-AAC
AVG 7.5.0.516 2008.04.30 I-Worm/Bagle
BitDefender 7.2 2008.04.30 Trojan.Downloader.Bagle.HO
CAT-QuickHeal 9.50 2008.04.29 TrojanDownloader.Bagle.nu
ClamAV 0.92.1 2008.04.30 PUA.Packed.Themida
DrWeb 4.44.0.09170 2008.04.30 -
eSafe 7.0.15.0 2008.04.28 -
eTrust-Vet 31.3.5746 2008.04.30 -
Ewido 4.0 2008.04.29 -
F-Prot 4.4.2.54 2008.04.30 -
F-Secure 6.70.13260.0 2008.04.30 Trojan-Downloader.Win32.Bagle.nu
Fortinet 3.14.0.0 2008.04.30 W32/Bagle.NU!tr.dldr
Ikarus T3.1.1.26 2008.04.30 Virus.Win32.Rbot.CXN
Kaspersky 7.0.0.125 2008.04.30 Trojan-Downloader.Win32.Bagle.nu
McAfee 5284 2008.04.29 -
Microsoft 1.3408 2008.04.22 -
NOD32v2 3064 2008.04.29 Win32/Bagle.OM
Norman 5.80.02 2008.04.29 W32/Mitglied.AUJ
Panda 9.0.0.4 2008.04.30 -
Prevx1 V2 2008.04.30 I-Worm/Bagle
Rising 20.42.20.00 2008.04.30 -
Sophos 4.28.0 2008.04.30 Mal/Generic-A
Sunbelt 3.0.1056.0 2008.04.17 -
Symantec 10 2008.04.30 -
TheHacker 6.2.92.297 2008.04.29 Trojan/Downloader.Bagle.nu
VBA32 3.12.6.5 2008.04.29 Trojan-Downloader.Win32.Bagle.nu
VirusBuster 4.3.26:9 2008.04.29 Worm.Bagle.ZZK
Webwasher-Gateway 6.6.2 2008.04.30 Trojan.Dldr.Bagle.NU
Additional information
File size: 638976 bytes
MD5...: 62273984f4264b8822e91ef65f06b4e8
SHA1..: 13f9f786f23f02c597bd629892f0d2d9c23c0d77
SHA256: 47ab78e30ff3b6fea4a2571e8bec2957f907e2116832792fd098d718241871e1
SHA512: 9c4fd0d3c4850a7ca6f219480733acd661bb0b76e8ebb26edc2ec232456adf77
2692d18db42d0cddbb5e08542723971f3ceb35751be7c375e3002d89c069295a
PEiD..: Themida/WinLicense V1.8.0.2 + -> Oreans Technologies
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x47f014
timedatestamp.....: 0x48122060 (Fri Apr 25 18:18:08 2008)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
0x1000 0x75000 0x36000 7.97 94c9e20a202163a92dbb9959acb86bd1
.rsrc 0x76000 0x7588 0x3000 5.53 7f015111abad34ee4127e33b8ebf8488
.idata 0x7e000 0x1000 0x1000 0.24 26d28c4d124a92eaa21dfcb5ed9354d5
Themida 0x7f000 0xe7000 0x61000 7.89 afab585c2fa71b8d28d535dd5df42e17

( 2 imports )
> KERNEL32.dll: CreateFileA, ExitProcess
> COMCTL32.dll: InitCommonControls

( 0 exports )
packers: Themida
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=64F0840C005BE2B2C0F409B9FEAB3F002518E22A

 

[Rorschach112]

Brilliant, found the file dropper

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

File::
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

Folder::

Registry::

Driver::

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall


Reboot and try run the Kaspersky Webscanner and tell me how your PC is running

 

[adifrank]

All is looking pretty good!!! :santa:

- Startup time is back to normal.
- Administrator privileges have been restored.
- I can once again download files.
- MS Internet Explorer is working.

The only apparent issue:
My security software is still not functioning: NOD32 won't open, COMODO firewall is disabled and can't be re-enabled.... I guess I should just uninstall these programs and reinstall them. Right?

I'm now running Kaspersky Online Scanner. I followed your directions running the scanner as you posted them earlier in this thread. Yes, it is running and scanning, but VERY VERY slowly. After 42 minutes the progress bar shows 4% complete. Is this normal?

I'm not sure if you need it or not, but here it is anyway -

the most recent combo-fix log file:

ComboFix 08-04-27.3 - Dog Machine 2008-04-30 17:26:05.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1255.972.1033.18.704 [GMT 3:00]
Running from: C:\Documents and Settings\Dog Machine\Desktop\Combo-Fix.exe
Command switches used :: C:\Documents and Settings\Dog Machine\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\drivers\downld
C:\WINDOWS\system32\drivers\downld\1157937.exe
C:\WINDOWS\system32\drivers\downld\1182375.exe
C:\WINDOWS\system32\drivers\downld\1223046.exe
C:\WINDOWS\system32\drivers\downld\1241046.exe
C:\WINDOWS\system32\drivers\downld\52638656.exe
C:\WINDOWS\system32\drivers\downld\52644406.exe
C:\WINDOWS\system32\drivers\downld\52646406.exe
C:\WINDOWS\system32\drivers\downld\52669125.exe
C:\WINDOWS\system32\drivers\downld\53036718.exe
C:\WINDOWS\system32\drivers\downld\53040656.exe
C:\WINDOWS\system32\drivers\downld\53045359.exe
C:\WINDOWS\system32\drivers\downld\53060125.exe
C:\WINDOWS\system32\drivers\downld\53069562.exe
C:\WINDOWS\system32\drivers\downld\53122750.exe
C:\WINDOWS\system32\drivers\downld\53128171.exe
C:\WINDOWS\system32\drivers\downld\53191921.exe
C:\WINDOWS\system32\drivers\downld\53247937.exe
C:\WINDOWS\system32\drivers\downld\53252437.exe
C:\WINDOWS\system32\drivers\downld\53255890.exe
C:\WINDOWS\system32\drivers\downld\53270375.exe
C:\WINDOWS\system32\drivers\downld\53280218.exe
C:\WINDOWS\system32\drivers\downld\60589984.exe
C:\WINDOWS\system32\drivers\downld\60595046.exe
C:\WINDOWS\system32\drivers\downld\60599343.exe
C:\WINDOWS\system32\drivers\downld\60672390.exe
C:\WINDOWS\system32\drivers\downld\60676609.exe
C:\WINDOWS\system32\drivers\downld\60679031.exe
C:\WINDOWS\system32\drivers\downld\60729593.exe
C:\WINDOWS\system32\drivers\downld\60748984.exe
C:\WINDOWS\system32\drivers\downld\60924343.exe
C:\WINDOWS\system32\drivers\downld\60953406.exe
C:\WINDOWS\system32\drivers\downld\60996593.exe
C:\WINDOWS\system32\drivers\downld\61007187.exe
C:\WINDOWS\system32\drivers\downld\937906.exe
C:\WINDOWS\system32\drivers\downld\947750.exe
C:\WINDOWS\system32\drivers\downld\959234.exe
C:\WINDOWS\system32\drivers\downld\984703.exe
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\mdelk.exe
C:\WINDOWS\system32\drivers\srosa.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SROSA


((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-30 )))))))))))))))))))))))))))))))
.

2008-04-30 11:27 . 2008-04-30 11:27 <DIR> d-------- C:\Deckard
2008-04-29 22:59 . 2008-04-29 22:59 <DIR> d-------- C:\Documents and Settings\Dog Machine\DoctorWeb
2008-04-27 19:34 . 2008-04-27 19:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Last.fm
2008-04-27 19:33 . 2008-04-27 19:33 <DIR> d-------- C:\Program Files\Last.fm
2008-04-09 23:41 . 2008-04-09 23:41 <DIR> d-------- C:\Program Files\WinPcap
2008-04-09 23:38 . 2008-04-09 23:48 <DIR> d-------- C:\Program Files\WMR11
2008-04-08 03:34 . 2008-04-08 03:34 <DIR> d-------- C:\Program Files\SourceTec
2008-04-08 03:34 . 2008-04-08 03:34 <DIR> d-------- C:\Program Files\Common Files\SourceTec
2008-04-07 10:54 . 2008-04-07 10:54 <DIR> d-------- C:\Program Files\iPod
2008-04-07 10:43 . 2008-04-07 10:46 <DIR> d-------- C:\Program Files\QuickTime
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-03-01 17:43 . 2008-03-01 17:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GRETECH
2008-03-01 17:42 . 2008-03-01 17:42 <DIR> d-------- C:\Documents and Settings\Dog Machine\Application Data\GRETECH
2008-03-01 17:41 . 2008-03-01 17:41 <DIR> d-------- C:\Program Files\GRETECH
2008-03-01 13:30 . 2008-03-01 13:30 <DIR> d-------- C:\Program Files\Vertical Moon

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-29 19:41 --------- d-----w C:\Documents and Settings\Dog Machine\Application Data\Babylon
2008-04-27 20:16 --------- d-----w C:\Program Files\eMule
2008-04-24 20:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\pdf995
2008-04-21 10:14 --------- d-----w C:\Program Files\Apple Software Update
2008-04-07 07:54 --------- d-----w C:\Program Files\iTunes
2008-03-09 21:16 --------- d-----w C:\Program Files\Webteh
2008-01-30 07:58 724,992 ----a-w C:\WINDOWS\iun6002.exe
2008-01-25 23:06 443,408 ----a-w C:\Documents and Settings\Dog Machine\Application Data\GDIPFONTCACHEV1.DAT
2008-01-19 16:38 161,532 ----a-w C:\WINDOWS\Audio Converter Pro Uninstaller.exe
.

((((((((((((((((((((((((((((( snapshot@2008-04-29_ 9.31.29.93 )))))))))))))))))))))))))))))))))))))))))
.
- 2002-01-01 01:09:08 654,848 ----a-w C:\WINDOWS\$hf_mig$\KB873339\update\update.exe
+ 2008-04-29 22:28:59 654,848 ----a-w C:\WINDOWS\$hf_mig$\KB873339\update\update.exe
- 2002-01-01 01:09:09 654,848 ----a-w C:\WINDOWS\$hf_mig$\KB885250\update\update.exe
+ 2008-04-29 22:29:01 654,848 ----a-w C:\WINDOWS\$hf_mig$\KB885250\update\update.exe
- 2002-01-01 01:09:09 654,848 ----a-w C:\WINDOWS\$hf_mig$\KB885835\update\update.exe
+ 2008-04-29 22:29:03 654,848 ----a-w C:\WINDOWS\$hf_mig$\KB885835\update\update.exe
- 2002-01-01 01:09:09 654,848 ----a-w C:\WINDOWS\$hf_mig$\KB885836\update\update.exe
+ 2008-04-29 22:29:05 654,848 ----a-w C:\WINDOWS\$hf_mig$\KB885836\update\update.exe
- 2002-01-01 01:09:10 654,848 ----a-w C:\WINDOWS\$hf_mig$\KB886185\update\update.exe
+ 2008-04-29 22:29:07 654,848 ----a-w C:\WINDOWS\$hf_mig$\KB886185\update\update.exe
- 2002-01-01 01:09:10 654,848 ----a-w C:\WINDOWS\$hf_mig$\KB887472\update\update.exe
+ 2008-04-29 22:29:08 654,848 ----a-w C:\WINDOWS\$hf_mig$\KB887472\update\update.exe
- 2002-01-01 01:09:11 654,848 ----a-w C:\WINDOWS\$hf_mig$\KB887742\update\update.exe
+ 2008-04-29 22:29:10 654,848 ----a-w C:\WINDOWS\$hf_mig$\KB887742\update\update.exe
- 2002-01-01 01:09:11 654,848 ----a-w C:\WINDOWS\$hf_mig$\KB888113\update\update.exe
+ 2008-04-29 22:29:11 654,848 ----a-w C:\WINDOWS\$hf_mig$\KB888113\update\update.exe
- 2002-01-01 01:09:11 654,848 ----a-w C:\WINDOWS\$hf_mig$\KB888302\update\update.exe
+ 2008-04-29 22:29:13 654,848 ----a-w C:\WINDOWS\$hf_mig$\KB888302\update\update.exe
- 2002-01-01 01:09:12 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB890046\update\update.exe
+ 2008-04-29 22:29:14 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB890046\update\update.exe
- 2002-01-01 01:09:13 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB890859\update\update.exe
+ 2008-04-29 22:29:20 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB890859\update\update.exe
- 2002-01-01 01:09:13 654,848 ----a-w C:\WINDOWS\$hf_mig$\KB891781\update\update.exe
+ 2008-04-29 22:29:21 654,848 ----a-w C:\WINDOWS\$hf_mig$\KB891781\update\update.exe
- 2002-01-01 01:09:14 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB893756\update\update.exe
+ 2008-04-29 22:29:23 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB893756\update\update.exe
- 2002-01-01 01:09:15 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB894391\update\update.exe
+ 2008-04-29 22:29:25 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB894391\update\update.exe
- 2002-01-01 01:09:16 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB896358\update\update.exe
+ 2008-04-29 22:29:27 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB896358\update\update.exe
- 2002-01-01 01:09:16 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB896422\update\update.exe
+ 2008-04-29 22:29:29 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB896422\update\update.exe
- 2002-01-01 01:09:17 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB896423\update\update.exe
+ 2008-04-29 22:29:30 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB896423\update\update.exe
- 2002-01-01 01:09:18 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB896424\update\update.exe
+ 2008-04-29 22:29:32 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB896424\update\update.exe
- 2002-01-01 01:09:19 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB896428\update\update.exe
+ 2008-04-29 22:29:34 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB896428\update\update.exe
- 2002-01-01 01:09:19 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB898461\update\update.exe
+ 2008-04-29 22:29:36 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB898461\update\update.exe
- 2002-01-01 01:09:20 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB899587\update\update.exe
+ 2008-04-29 22:29:37 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB899587\update\update.exe
- 2002-01-01 01:09:21 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB899589\update\update.exe
+ 2008-04-29 22:29:39 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB899589\update\update.exe
- 2002-01-01 01:09:21 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB899591\update\update.exe
+ 2008-04-29 22:29:41 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB899591\update\update.exe
- 2002-01-01 01:09:22 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB900485\update\update.exe
+ 2008-04-29 22:29:43 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB900485\update\update.exe
- 2002-01-01 01:09:23 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB900725\update\update.exe
+ 2008-04-29 22:29:45 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB900725\update\update.exe
- 2002-01-01 01:09:24 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB901017\update\update.exe
+ 2008-04-29 22:29:47 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB901017\update\update.exe
- 2002-01-01 01:09:25 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB901214\update\update.exe
+ 2008-04-29 22:29:49 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB901214\update\update.exe
- 2002-01-01 01:09:26 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB902400\update\update.exe
+ 2008-04-29 22:29:52 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB902400\update\update.exe
- 2002-01-01 01:09:27 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB904706\update\update.exe
+ 2008-04-29 22:29:55 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB904706\update\update.exe
- 2002-01-01 01:09:27 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB905414\update\update.exe
+ 2008-04-29 22:29:56 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB905414\update\update.exe
- 2002-01-01 01:09:28 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB905749\update\update.exe
+ 2008-04-29 22:29:58 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB905749\update\update.exe
- 2002-01-01 01:09:30 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB905915\update\update.exe
+ 2008-04-29 22:30:01 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB905915\update\update.exe
- 2002-01-01 01:09:30 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB908519\update\update.exe
+ 2008-04-29 22:30:03 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB908519\update\update.exe
- 2002-01-01 01:09:31 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB908531\update\update.exe
+ 2008-04-29 22:30:05 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB908531\update\update.exe
- 2002-01-01 01:09:32 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB910437\update\update.exe
+ 2008-04-29 22:30:07 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB910437\update\update.exe
- 2002-01-01 01:09:32 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB911280\update\update.exe
+ 2008-04-29 22:30:09 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB911280\update\update.exe
- 2002-01-01 01:09:33 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB911562\update\update.exe
+ 2008-04-29 22:30:11 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB911562\update\update.exe
- 2002-01-01 01:09:34 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB911567\update\update.exe
+ 2008-04-29 22:30:13 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB911567\update\update.exe
- 2002-01-01 01:09:35 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB911927\update\update.exe
+ 2008-04-29 22:30:15 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB911927\update\update.exe
- 2002-01-01 01:09:36 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB912812\update\update.exe
+ 2008-04-29 22:30:18 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB912812\update\update.exe
- 2002-01-01 01:09:37 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB912919\update\update.exe
+ 2008-04-29 22:30:20 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB912919\update\update.exe
- 2002-01-01 01:09:37 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB913446\update\update.exe
+ 2008-04-29 22:30:22 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB913446\update\update.exe
- 2002-01-01 01:09:38 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB913580\update\update.exe
+ 2008-04-29 22:30:24 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB913580\update\update.exe
- 2002-01-01 01:09:39 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB914388\update\update.exe
+ 2008-04-29 22:30:26 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB914388\update\update.exe
- 2002-01-01 01:09:40 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB914389\update\update.exe
+ 2008-04-29 22:30:28 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB914389\update\update.exe
- 2002-01-01 01:09:41 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB915865\update\update.exe
+ 2008-04-29 22:30:30 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB915865\update\update.exe
- 2002-01-01 01:09:42 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB916281\update\update.exe
+ 2008-04-29 22:30:33 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB916281\update\update.exe
- 2002-01-01 01:09:43 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB916595\update\update.exe
+ 2008-04-29 22:30:35 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB916595\update\update.exe
- 2002-01-01 01:09:44 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB917159\update\update.exe
+ 2008-04-29 22:30:37 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB917159\update\update.exe
- 2002-01-01 01:09:44 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB917344\update\update.exe
+ 2008-04-29 22:30:39 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB917344\update\update.exe
- 2002-01-01 01:09:45 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB917422\update\update.exe
+ 2008-04-29 22:30:41 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB917422\update\update.exe
- 2002-01-01 01:09:46 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB917953\update\update.exe
+ 2008-04-29 22:30:43 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB917953\update\update.exe
- 2002-01-01 01:09:46 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB918118\update\update.exe
+ 2008-04-29 22:30:45 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB918118\update\update.exe
- 2002-01-01 01:09:47 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB918439\update\update.exe
+ 2008-04-29 22:30:47 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB918439\update\update.exe
- 2002-01-01 01:09:49 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB918899\update\update.exe
+ 2008-04-29 22:30:50 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB918899\update\update.exe
- 2002-01-01 01:09:50 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB919007\update\update.exe
+ 2008-04-29 22:30:52 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB919007\update\update.exe
- 2002-01-01 01:09:50 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB920213\update\update.exe
+ 2008-04-29 22:30:54 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB920213\update\update.exe
- 2002-01-01 01:09:51 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB920214\update\update.exe
+ 2008-04-29 22:30:56 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB920214\update\update.exe
- 2002-01-01 01:09:52 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB920670\update\update.exe
+ 2008-04-29 22:30:58 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB920670\update\update.exe
- 2002-01-01 01:09:52 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB920683\update\update.exe
+ 2008-04-29 22:30:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB920683\update\update.exe
- 2002-01-01 01:09:53 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB920685\update\update.exe
+ 2008-04-29 22:31:01 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB920685\update\update.exe
- 2002-01-01 01:09:54 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB920872\update\update.exe
+ 2008-04-29 22:31:03 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB920872\update\update.exe
- 2002-01-01 01:09:55 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB921398\update\update.exe
+ 2008-04-29 22:31:05 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB921398\update\update.exe
- 2002-01-01 01:09:56 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB921503\update\update.exe
+ 2008-04-29 22:31:07 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB921503\update\update.exe
- 2002-01-01 01:09:56 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB921883\update\update.exe
+ 2008-04-29 22:31:09 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB921883\update\update.exe
- 2002-01-01 01:09:57 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB922582\update\update.exe
+ 2008-04-29 22:31:11 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB922582\update\update.exe
- 2002-01-01 01:09:58 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB922616\update\update.exe
+ 2008-04-29 22:31:12 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB922616\update\update.exe
- 2002-01-01 01:09:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB922760\update\update.exe
+ 2008-04-29 22:31:16 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB922760\update\update.exe
- 2002-01-01 01:10:00 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB922819\update\update.exe
+ 2008-04-29 22:31:18 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB922819\update\update.exe
- 2002-01-01 01:10:01 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB923414\update\update.exe
+ 2008-04-29 22:31:20 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB923414\update\update.exe
- 2002-01-01 01:10:02 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB923694\update\update.exe
+ 2008-04-29 22:31:22 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB923694\update\update.exe
- 2002-01-01 01:10:02 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB923980\update\update.exe
+ 2008-04-29 22:31:24 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB923980\update\update.exe
- 2002-01-01 01:10:03 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB924191\update\update.exe
+ 2008-04-29 22:31:26 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB924191\update\update.exe
- 2002-01-01 01:10:04 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB924270\update\update.exe
+ 2008-04-29 22:31:28 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB924270\update\update.exe
- 2002-01-01 01:10:05 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB924496\update\update.exe
+ 2008-04-29 22:31:30 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB924496\update\update.exe
- 2002-01-01 01:10:06 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB925454\update\update.exe
+ 2008-04-29 22:31:34 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB925454\update\update.exe
- 2002-01-01 01:10:07 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB925486\update\update.exe
+ 2008-04-29 22:31:36 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB925486\update\update.exe
- 2002-01-01 01:10:08 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB925720\update\update.exe
+ 2008-04-29 22:31:38 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB925720\update\update.exe
- 2002-01-01 01:10:09 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB925902\update\update.exe
+ 2008-04-29 22:31:41 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB925902\update\update.exe
- 2002-01-01 01:10:09 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB926255\update\update.exe
+ 2008-04-29 22:31:44 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB926255\update\update.exe
- 2002-01-01 01:10:10 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB926436\update\update.exe
+ 2008-04-29 22:31:45 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB926436\update\update.exe
- 2002-01-01 01:10:11 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB927779\update\update.exe
+ 2008-04-29 22:31:47 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB927779\update\update.exe
- 2002-01-01 01:10:12 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB927802\update\update.exe
+ 2008-04-29 22:31:49 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB927802\update\update.exe
- 2002-01-01 01:10:13 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB927891\update\update.exe
+ 2008-04-29 22:31:51 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB927891\update\update.exe
- 2002-01-01 01:10:14 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB928090\update\update.exe
+ 2008-04-29 22:31:54 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB928090\update\update.exe
- 2002-01-01 01:10:15 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB928255\update\update.exe
+ 2008-04-29 22:31:57 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB928255\update\update.exe
- 2002-01-01 01:10:16 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB928843\update\update.exe
+ 2008-04-29 22:31:58 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB928843\update\update.exe
- 2002-01-01 01:10:17 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB929123\update\update.exe
+ 2008-04-29 22:32:01 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB929123\update\update.exe
- 2002-01-01 01:10:18 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB929338\update\update.exe
+ 2008-04-29 22:32:05 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB929338\update\update.exe
- 2002-01-01 01:10:19 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB929969\update\update.exe
+ 2008-04-29 22:32:07 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB929969\update\update.exe
- 2002-01-01 01:10:19 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB930178\update\update.exe
+ 2008-04-29 22:32:09 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB930178\update\update.exe
- 2002-01-01 01:10:20 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB930916\update\update.exe
+ 2008-04-29 22:32:12 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB930916\update\update.exe
- 2002-01-01 01:10:21 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB931261\update\update.exe
+ 2008-04-29 22:32:13 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB931261\update\update.exe
- 2002-01-01 01:10:23 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB931768\update\update.exe
+ 2008-04-29 22:32:17 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB931768\update\update.exe
- 2002-01-01 01:10:24 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB931784\update\update.exe
+ 2008-04-29 22:32:22 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB931784\update\update.exe
- 2002-01-01 01:10:24 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB931836\update\update.exe
+ 2008-04-29 22:32:24 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB931836\update\update.exe
- 2002-01-01 01:10:25 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB932168\update\update.exe
+ 2008-04-29 22:32:26 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB932168\update\update.exe
- 2002-01-01 01:10:26 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB933360\update\update.exe
+ 2008-04-29 22:32:27 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB933360\update\update.exe
- 2002-01-01 01:10:28 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB933566\update\update.exe
+ 2008-04-29 22:32:31 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB933566\update\update.exe
- 2002-01-01 01:10:28 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB933729\update\update.exe
+ 2008-04-29 22:32:33 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB933729\update\update.exe
- 2002-01-01 01:10:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB935839\update\update.exe
+ 2008-04-29 22:32:34 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB935839\update\update.exe
- 2002-01-01 01:10:30 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB935840\update\update.exe
+ 2008-04-29 22:32:36 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB935840\update\update.exe
- 2002-01-01 01:10:31 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB936021\update\update.exe
+ 2008-04-29 22:32:38 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB936021\update\update.exe
- 2002-01-01 01:10:31 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB936357\update\update.exe
+ 2008-04-29 22:32:40 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB936357\update\update.exe
- 2002-01-01 01:10:33 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB937143\update\update.exe
+ 2008-04-29 22:32:44 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB937143\update\update.exe
- 2002-01-01 01:10:34 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB937894\update\update.exe
+ 2008-04-29 22:32:46 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB937894\update\update.exe
- 2002-01-01 01:10:36 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\update\update.exe
+ 2008-04-29 22:32:51 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\update\update.exe
- 2002-01-01 01:10:35 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB938127\update\update.exe
+ 2008-04-29 22:32:48 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB938127\update\update.exe
- 2002-01-01 01:10:36 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB938828\update\update.exe
+ 2008-04-29 22:32:53 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB938828\update\update.exe
- 2002-01-01 01:10:37 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB938829\update\update.exe
+ 2008-04-29 22:32:56 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB938829\update\update.exe
- 2002-01-01 01:10:41 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\update\update.exe
+ 2008-04-29 22:33:11 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\update\update.exe
- 2002-01-01 01:10:39 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB939653\update\update.exe
+ 2008-04-29 22:33:01 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB939653\update\update.exe
- 2002-01-01 01:10:42 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\update.exe
+ 2008-04-29 22:33:13 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\update.exe
- 2002-01-01 01:10:43 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\update.exe
+ 2008-04-29 22:33:16 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\update.exe
- 2002-01-01 01:10:44 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\update.exe
+ 2008-04-29 22:33:18 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\update.exe
- 2002-01-01 01:10:46 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\update\update.exe
+ 2008-04-29 22:33:25 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\update\update.exe
- 2002-01-01 01:10:47 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\update.exe
+ 2008-04-29 22:33:27 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\update.exe
- 2002-01-01 01:10:48 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB943055\update\update.exe
+ 2008-04-29 22:33:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB943055\update\update.exe
- 2002-01-01 01:10:48 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB943460\update\update.exe
+ 2008-04-29 22:33:31 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB943460\update\update.exe
- 2002-01-01 01:10:49 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\update.exe
+ 2008-04-29 22:33:33 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\update.exe
- 2002-01-01 01:10:52 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\update\update.exe
+ 2008-04-29 22:33:38 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\update\update.exe
- 2002-01-01 01:10:52 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\update.exe
+ 2008-04-29 22:33:40 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\update.exe
- 2002-01-01 01:10:53 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB946026\update\update.exe
+ 2008-04-29 22:33:42 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB946026\update\update.exe
- 2008-04-28 23:59:48 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-30 14:33:28 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2002-01-01 01:14:44 716,000 ----a-w C:\WINDOWS\SoftwareDistribution\Download\1b272c8a858f509af0544d58440bc6f0\update\update.exe
- 2002-01-01 01:14:45 716,000 ----a-w C:\WINDOWS\SoftwareDistribution\Download\c8795f85b506ef02f891bd42e25c5cfd\update\update.exe
- 2002-01-01 01:14:46 716,000 ----a-w C:\WINDOWS\SoftwareDistribution\Download\d61766d223927760d60364c3824ce500\update\update.exe
- 2002-01-01 01:14:47 716,000 ----a-w C:\WINDOWS\SoftwareDistribution\Download\ea3863a5336a3a84f11ecb9a77ebd04d\update\update.exe
- 2002-01-01 01:14:48 716,000 ----a-w C:\WINDOWS\SoftwareDistribution\Download\f7ad988f2335a2207e9e725b4c9d3398\update\update.exe
- 2002-01-01 01:16:10 14,848 -c--a-w C:\WINDOWS\system32\dllcache\register.exe
+ 2008-04-29 22:50:06 14,848 -c--a-w C:\WINDOWS\system32\dllcache\register.exe
- 2002-01-01 01:16:17 68,096 -c--a-w C:\WINDOWS\system32\dllcache\sysinfo.exe
+ 2008-04-29 22:50:25 68,096 -c--a-w C:\WINDOWS\system32\dllcache\sysinfo.exe
- 2008-04-29 06:16:02 78,616 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-04-29 07:17:32 78,616 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-04-29 06:16:02 455,668 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-04-29 07:17:32 455,668 ----a-w C:\WINDOWS\system32\perfh009.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:07 15360]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 18:43 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-04-30 17:29 949376]
"Matrox Powerdesk"="C:\WINDOWS\system32\PDesk\PDesk.exe" [2004-09-14 11:13 684032]
"M-Audio Delta Taskbar Icon"="C:\WINDOWS\System32\DeltTray.exe" [2004-08-27 00:43 56320]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-29 22:44 196608]
"H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2005-01-10 07:08 638976]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"Babylon Client"="C:\Program Files\Babylon\Babylon-Pro\Babylon.exe" [2006-05-24 18:39 2655272]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-02-07 01:37 1115728]
"DeltTray"="DeltTray.exe" [2004-08-27 00:43 56320 C:\WINDOWS\system32\DeltTray.exe]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-15 13:13 185896]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

C:\Documents and Settings\Dog Machine\Start Menu\Programs\Startup\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2008-04-27 19:33:40 106496]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Launchy.lnk - C:\Program Files\Launchy\Launchy.exe [2007-12-26 22:45:55 274432]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.HFYU"= huffyuv.dll
"vidc.DIV3"= divxc32.dll
"vidc.DIV4"= divxc32f.dll
"vidc.X264"= x264vfw.dll
"vidc.davc"= davcvfw.dll
"msacm.divxa32"= msaud32_divx.acm
"VIDC.ACDV"= ACDV.dll
"midi1"= ma_cmidn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2007-05-10 23:46 624248 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
--------- 2004-08-05 16:19 118784 C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-01-14 03:20 49152 C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBCSTray]
--a------ 2007-06-15 16:17 699120 C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Titan FTP Server Tray App]
C:\Program Files\South River Technologies\Titan FTP Server\srxTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-01-15 13:13 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\ICQLite\\ICQLite.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\ESET\\nod32.exe"=
"C:\\Program Files\\ESET\\nod32kui.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Engineer XII\\Win32\\RpcDataSrv.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Engineer XII\\RpcSandraSrv.exe"=
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1770:TCP"= 1770:TCP:em
"1780:UDP"= 1780:UDP:em2
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"12120:TCP"= 12120:TCP:eMule
"13130:UDP"= 13130:UDP:eMule

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 SBHR;SBHR;C:\WINDOWS\system32\drivers\sbhr.sys [2008-01-24 18:25]
R1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\Cinemsup.sys [2002-07-19 10:10]
R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2004-08-04 04:07]
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 21:08]
S2 Parclass;Parclass;C:\WINDOWS\system32\Drivers\Parclass.sys [1997-11-26 08:31]
S3 MA_CMIDI;M-Audio USB Driver;C:\WINDOWS\system32\drivers\ma_cmidi.sys [2007-11-14 17:20]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 20:31]
S3 SBAPIFS;SBAPIFS;C:\WINDOWS\system32\drivers\sbapifs.sys []
S3 tj2knd5;Terayon Cable Modem (NDIS);C:\WINDOWS\system32\DRIVERS\tj2knd5.sys [2002-10-14 08:40]
S3 tj2kunic;Terayon Cable Modem (WDM);C:\WINDOWS\system32\DRIVERS\tj2kunic.sys [2002-10-14 08:40]
S3 UKS11LDR;M-Audio USB Keystation Loader;C:\WINDOWS\system32\drivers\uks11ldr.sys [2007-11-14 17:20]
S3 USBKS1X1;Midiman USB Keystation USB Driver;C:\WINDOWS\system32\drivers\usbks1x1.sys []
S3 USBKT1X1;M-Audio USB Keystation;C:\WINDOWS\system32\drivers\usbkt1x1.sys []
S3 USBMIDIM;Midiman USB MidiSport Midi Kernel Driver;C:\WINDOWS\system32\drivers\usbmidim.sys []

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2008-04-25 14:18:32 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-04-29 09:49:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-30 17:34:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\mgabg.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2008-04-30 17:53:53 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-30 14:53:47
ComboFix2.txt 2008-04-29 13:57:43
ComboFix3.txt 2008-04-29 06:41:15

Pre-Run: 15,969,751,040 bytes free
Post-Run: 15,943,364,608 bytes free

506 --- E O F --- 2008-04-24 09:30:17

 

[Rorschach112]

Hello

I guess I should just uninstall these programs and reinstall them. Right?

Yes that should fix them, leave it till the end though

After 42 minutes the progress bar shows 4% complete. Is this normal?

Yes this is normal. It is worth the wait though


Can you do this after the Kaspersky scan


Click here to use the F-Secure Online Scanner

• Then click the Start Scanning button below.
• You should get a notification (bar on top) to install the activeX. Click on it and select to install the ActiveX.
• Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
• In case you are having problems with installing the ActiveX/starting the scan, please read here.
• Click the Full System Scan button.
• It will start to download scanner components and databases. This can take a while.
• The main scan will start.
• Once the scan finished scanning, click the Automatic cleaning (recommended) button
• It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
• The cleaning can take a while, so please be patient.
• Then click the Show report button and copy and paste what's present under results in your next reply.

Now we need to reconfigure Windows XP to show hidden files:
Double-click the My Computer icon on the Windows desktop.
Select the Tools menu and click Folder Options. Select the View Tab.

Under the Hidden files and folders heading select "Show hidden files and folders".
Uncheck the "Hide protected operating system files (recommended)" option.
Uncheck the "Hide file extensions for known file types" option.
Click Yes to confirm. Click OK.



Then can you tell me if this folder is present

C:\Windows\system32\drivers\disdn



So I need to see the Kaspersky scan, the F-Secure scan, and tell me if that folder is there

 

[adifrank]

Looks like Kaspersky found some viruses....

Below is the report.
Next I'll run F-secure scan. I'll send you the report when its done and tell you if I found that disdn file.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, April 30, 2008 9:56:34 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 30/04/2008
Kaspersky Anti-Virus database records: 733227
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
E:\
K:\
L:\

Scan Statistics:
Total number of scanned objects: 181425
Number of viruses found: 8
Number of infected objects: 38
Number of suspicious objects: 0
Duration of the scan process: 02:29:47

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Dog Machine\Application Data\Babylon\log_file.txt Object is locked skipped
C:\Documents and Settings\Dog Machine\Application Data\Microsoft\Templates\Normal.dot Object is locked skipped
C:\Documents and Settings\Dog Machine\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Dog Machine\Local Settings\Application Data\Last.fm\Client\iTunesPlugin.log Object is locked skipped
C:\Documents and Settings\Dog Machine\Local Settings\Application Data\Last.fm\Client\Last.fm.log Object is locked skipped
C:\Documents and Settings\Dog Machine\Local Settings\Application Data\Last.fm\Client\LastFmHelper.log Object is locked skipped
C:\Documents and Settings\Dog Machine\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Dog Machine\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Dog Machine\Local Settings\Application Data\Mozilla\Firefox\Profiles\b1d9hef1.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Dog Machine\Local Settings\Application Data\Mozilla\Firefox\Profiles\b1d9hef1.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Dog Machine\Local Settings\Application Data\Mozilla\Firefox\Profiles\b1d9hef1.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Dog Machine\Local Settings\Application Data\Mozilla\Firefox\Profiles\b1d9hef1.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Dog Machine\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Dog Machine\Local Settings\History\History.IE5\MSHist012008043020080501\index.dat Object is locked skipped
C:\Documents and Settings\Dog Machine\Local Settings\temp\~DF2997.tmp Object is locked skipped
C:\Documents and Settings\Dog Machine\Local Settings\temp\~DF29B4.tmp Object is locked skipped
C:\Documents and Settings\Dog Machine\Local Settings\temp\~DF428A.tmp Object is locked skipped
C:\Documents and Settings\Dog Machine\Local Settings\temp\~DF7D33.tmp Object is locked skipped
C:\Documents and Settings\Dog Machine\Local Settings\temp\~WRF0001.tmp Object is locked skipped
C:\Documents and Settings\Dog Machine\Local Settings\temp\~WRS0000.tmp Object is locked skipped
C:\Documents and Settings\Dog Machine\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Dog Machine\My Documents\bROKENkFABE\Script\080427_script.doc Object is locked skipped
C:\Documents and Settings\Dog Machine\My Documents\bROKENkFABE\Script\~WRL1452.tmp Object is locked skipped
C:\Documents and Settings\Dog Machine\My Documents\INCOMING EMULE\Babylon.7.0.0.13.Pro.Multilingual.Incl.Crack.-.UnREal updated-fixed 02-2008.rar/setup.exe Infected: P2P-Worm.Win32.Kapucen.b skipped
C:\Documents and Settings\Dog Machine\My Documents\INCOMING EMULE\Babylon.7.0.0.13.Pro.Multilingual.Incl.Crack.-.UnREal updated-fixed 02-2008.rar RAR: infected - 1 skipped
C:\Documents and Settings\Dog Machine\My Documents\My Music\iTunes\iTunes Library.itl Object is locked skipped
C:\Documents and Settings\Dog Machine\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Dog Machine\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\ESET\infected\2MXYTFAA.NQF/data0011 Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Program Files\ESET\infected\2MXYTFAA.NQF NSIS: infected - 1 skipped
C:\Program Files\ESET\infected\2MXYTFAA.NQF PE-Crypt.XorPE: infected - 1 skipped
C:\Program Files\ESET\infected\40M42WDA.NQF/data0011 Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Program Files\ESET\infected\40M42WDA.NQF NSIS: infected - 1 skipped
C:\Program Files\ESET\infected\40M42WDA.NQF PE-Crypt.XorPE: infected - 1 skipped
C:\Program Files\ESET\infected\CNHBH3BA.NQF/data0011 Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Program Files\ESET\infected\CNHBH3BA.NQF NSIS: infected - 1 skipped
C:\Program Files\ESET\infected\CNHBH3BA.NQF PE-Crypt.XorPE: infected - 1 skipped
C:\Program Files\ESET\infected\EXHTTPCA.NQF Infected: Trojan-Downloader.Win32.IstBar.is skipped
C:\Program Files\ESET\infected\PK5FQACA.NQF Infected: not-a-virus:FraudTool.Win32.WinZix.a skipped
C:\Program Files\ESET\infected\UC3J0GBA.NQF Infected: Trojan.MSIL.Agent.b skipped
C:\Program Files\Syncrosoft\POS\H2O\cledx.exe Infected: Trojan-Downloader.Win32.Bagle.nu skipped
C:\QooBox\Quarantine\C\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe.vir Infected: Trojan-Downloader.Win32.Bagle.nu skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\50433671.exe.vir Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\50438109.exe.vir Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\52644406.exe.vir Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\52646406.exe.vir Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\52669125.exe.vir Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\53040656.exe.vir Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\53045359.exe.vir Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\53060125.exe.vir Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\53128171.exe.vir Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\53191921.exe.vir Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\53252437.exe.vir Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\53255890.exe.vir Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\53270375.exe.vir Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\60595046.exe.vir Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\60599343.exe.vir Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\60676609.exe.vir Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\60679031.exe.vir Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\947750.exe.vir Object is locked skipped
C:\QooBox\Quarantine\catchme2008-04-29_ 22316.48.zip/srosa.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped
C:\QooBox\Quarantine\catchme2008-04-29_ 22316.48.zip/hldrrr.exe Infected: Trojan-Downloader.Win32.Bagle.nu skipped
C:\QooBox\Quarantine\catchme2008-04-29_ 22316.48.zip/mdelk.exe Infected: Trojan-Downloader.Win32.Bagle.nu skipped
C:\QooBox\Quarantine\catchme2008-04-29_ 22316.48.zip ZIP: infected - 3 skipped
C:\QooBox\Quarantine\catchme2008-04-30_173037.20.zip/srosa.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped
C:\QooBox\Quarantine\catchme2008-04-30_173037.20.zip/hldrrr.exe Infected: Trojan-Downloader.Win32.Bagle.nu skipped
C:\QooBox\Quarantine\catchme2008-04-30_173037.20.zip/mdelk.exe Infected: Trojan-Downloader.Win32.Bagle.nu skipped
C:\QooBox\Quarantine\catchme2008-04-30_173037.20.zip ZIP: infected - 3 skipped
C:\QooBox\Quarantine\Registry_backups\Legacy_SROSA.reg.dat Infected: Trojan-Downloader.Win32.Bagle.hp skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP102\A0023238.exe Object is locked skipped
C:\System Volume Information\_restore{8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP102\A0023239.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped
C:\System Volume Information\_restore{8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP102\A0023240.exe Infected: Trojan-Downloader.Win32.Bagle.nu skipped
C:\System Volume Information\_restore{8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP102\A0023241.exe Infected: Trojan-Downloader.Win32.Bagle.nu skipped
C:\System Volume Information\_restore{8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP102\A0023274.exe Infected: Trojan-Downloader.Win32.Bagle.nu skipped
C:\System Volume Information\_restore{8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP102\A0023295.exe Infected: Trojan-Downloader.Win32.Bagle.nu skipped
C:\System Volume Information\_restore{8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP102\A0023296.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped
C:\System Volume Information\_restore{8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP102\A0023297.exe Infected: Trojan-Downloader.Win32.Bagle.nu skipped
C:\System Volume Information\_restore{8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP102\A0023320.exe Infected: Trojan-Downloader.Win32.Bagle.nu skipped
C:\System Volume Information\_restore{8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP102\A0023321.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped
C:\System Volume Information\_restore{8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP104\A0023536.exe Object is locked skipped
C:\System Volume Information\_restore{8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP104\A0023537.exe Object is locked skipped
C:\System Volume Information\_restore{8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP104\A0023538.exe Object is locked skipped
C:\System Volume Information\_restore{8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP104\A0023540.exe Object is locked skipped
C:\System Volume Information\_restore{8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP104\A0023541.exe Object is locked skipped
C:\System Volume Information\_restore{8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP104\A0023542.exe Object is locked skipped
C:\System Volume Information\_restore{8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP104\A0023545.exe Object is locked skipped
C:\System Volume Information\_restore{8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP104\A0023546.exe Object is locked skipped
C:\System Volume Information\_restore{8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP104\A0023548.exe Object is locked skipped
C:\System Volume Information\_restore{8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP104\A0023549.exe Object is locked skipped
C:\System Volume Information\_restore{8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP104\A0023550.exe Object is locked skipped
C:\System Volume Information\_restore{8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP104\A0023553.exe Object is locked skipped
C:\System Volume Information\_restore{8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP104\A0023554.exe Object is locked skipped
C:\System Volume Information\_restore{8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP104\A0023556.exe Object is locked skipped
C:\System Volume Information\_restore{8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP104\A0023557.exe Object is locked skipped
C:\System Volume Information\_restore{8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP104\A0023565.exe Object is locked skipped
C:\System Volume Information\_restore{8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP104\A0023568.exe Infected: Trojan-Downloader.Win32.Bagle.nu skipped
C:\System Volume Information\_restore{8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP104\change.log Object is locked skipped
C:\System Volume Information\_restore{8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP99\A0022939.exe Infected: Trojan-Downloader.Win32.Bagle.nu skipped
C:\System Volume Information\_restore{8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP99\A0022940.exe Infected: Trojan-Downloader.Win32.Bagle.nu skipped
C:\System Volume Information\_restore{8A883030-E259-414B-B7CB-EF89BB24A0B8}\RP99\A0022949.exe Infected: Trojan-Downloader.Win32.Bagle.nu skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd2909.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
K:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
L:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.

 

[adifrank]

Hi Rorschach
Maybe my celebration was too soon... :red:
I tried scanning my system using F-Secure Online Scan, but after about an hour of scanning I suddenly got a message that says something like: out of memory, please close some applications and try again.

Really no reason I why there wouldn't be enough memory available to perform the scan, but in any case I made sure all applications were closed, I even quit some processes that I knew were not needed at the time and ran F-Secure Online Scan again...... and once more, after about an hour or so, I got the same "out of memory" message.

So no luck there.

By the way, Kaspersky Online Scan DID do a complete scan of my system and DID find threats and viruses as you can see from the report, but I don't think it took any action regarding those threats and viruses

Oh... and I checked and the disdn folder DOES exist in the location you mentioned.

Awaiting your instructions......

 

[Rorschach112]

Ok, well Kaspersky found the main bad guy so that is good

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

File::
C:\Documents and Settings\Dog Machine\My Documents\INCOMING EMULE\Babylon.7.0.0.13.Pro.Multilingual.Incl.Crack.-.UnREal updated-fixed 02-2008.rar
C:\Program Files\Syncrosoft\POS\H2O\cledx.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe


Folder::
C:\Documents and Settings\Dog Machine\My Documents\INCOMING EMULE\Babylon.7.0.0.13.Pro.Multilingual.Incl.Crack.-.UnREal updated-fixed 02-2008.rar

DirLook::
C:\Windows\system32\drivers\disdn

Driver::

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall



Then reboot and try F-Secure Online Scanner again