Hard drive space issue.
Alright so, basically the other day I wanted to defrag my C: drive but had low space on it so I moved some stuff off and tried a defrag...the defrag didn't do much however I did still have around 9.5 gigs of free space from moving those files, however today and yesterday all that space mysteriously dissappeared. I haven't downloaded anything (especially anything that big) but it keeps going all the way down to 0 bytes every time I try and free space up.
I tried rebooting just now and it went back up to showing 9.84 gigs as free, however I lose .01 (10 megs?) of that space about every 5-10 seconds...I'll post an HJT report after this, I had a really bad worm a little while ago but I'm pretty sure I took care of that, who knows though.
I tried rebooting just now and it went back up to showing 9.84 gigs as free, however I lose .01 (10 megs?) of that space about every 5-10 seconds...I'll post an HJT report after this, I had a really bad worm a little while ago but I'm pretty sure I took care of that, who knows though.
0
Comments
Scan saved at 1:41:34 PM, on 1/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Razer\Lycosa\razerhid.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files\Razer\Lycosa\razertra.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spyware Terminator\SpywareTerminator.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - <default> - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {8F6C5C62-F40A-41F2-ABF8-018B221EE3EB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Lycosa] "C:\Program Files\Razer\Lycosa\razerhid.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NCProTray.lnk = ?
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1217473732411
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} -
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - AppInit_DLLs: kxehes.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: StyleXPService - Unknown owner - (no file)
O24 - Desktop Component 0: (no name) - C:\Documents and Settings\Kenshin Himoura\My Documents\My Pictures\New Folder - Cuz the other one has too damn much stuff\Sweet.gif
O24 - Desktop Component 1: (no name) - C:\Documents and Settings\Kenshin Himoura\My Documents\My Pictures\New Folder - Cuz the other one has too damn much stuff\Damn wall.gif
O24 - Desktop Component 2: (no name) - C:\Documents and Settings\Kenshin Himoura\My Documents\My Pictures\New Folder - Cuz the other one has too damn much stuff\SweetRaven.gif
O24 - Desktop Component 3: (no name) - C:\Documents and Settings\Kenshin Himoura\My Documents\Temp\Dot Hack Portal (ALTIMIT Screen) (Transparent).gif
--
End of file - 9810 bytes
My name is Katana and I will be helping you to remove any infection(s) that you may have.
Please observe these rules while we work:
(Just because you can't see a problem doesn't mean it isn't there)
If you can do those few things, everything should go smoothly
Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe
Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware to your desktop.
Download and Run RSIT
Malwarebytes' Anti-Malware 1.30
Database version: 1419
Windows 5.1.2600 Service Pack 3
1/6/2009 10:35:06 PM
mbam-log-2009-01-06 (22-35-06).txt
Scan type: Full Scan (C:\|)
Objects scanned: 144975
Time elapsed: 1 hour(s), 0 minute(s), 7 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Info.txt from random:
info.txt logfile of random's system information tool 1.05 2009-01-06 21:32:59
======Uninstall list======
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->MsiExec /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.56 beta-->"C:\Program Files\7-Zip\Uninstall.exe"
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Adobe Color EU Extra Settings CS4-->MsiExec.exe /I{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}
Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Recommended Settings CS4-->MsiExec.exe /I{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}
Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
Adobe Photoshop CS4-->C:\Program Files\Common Files\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\Setup.exe --uninstall=1
Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
Adobe Photoshop CS4-->MsiExec.exe /I{E4848436-0345-47E2-B648-8B522FCDA623}
Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}
Adobe Shockwave Player-->C:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~1\INSTALL.LOG
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
AGEIA PhysX v7.09.13-->MsiExec.exe /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
Allok QuickTime to AVI MPEG DVD Converter 2.1.0630-->"C:\Program Files\Allok QuickTime to AVI MPEG DVD Converter\unins000.exe"
Apple Software Update-->MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x336d
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver (Omega 3.8.442)-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI DVD Decoder-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{9DA00558-6566-484C-87BC-1650BCF60446}
ATI HYDRAVISION-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{083F79E4-6FE9-46FB-A6C6-4F8862742947}\setup.exe"
ATI Multimedia Center 7.8.0.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E957696E-6D13-4B92-AF02-2073D7D522B4}\setup.exe"
ATI Multimedia Center 9.0.0.0-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{9C71BE6E-27D2-491E-810A-C21A015592CD}
ATI Multimedia Center 9.061-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{3CBA0E30-6F54-47EF-910E-1D4D450AFE45}
ATI RADEON 9700 Debevec RNL Demo v1.1-->MsiExec.exe /X{CC379A36-DB26-4A29-877B-B6CE813FDDD5}
ATI RADEON 9700 Dogs Screen Saver v1.1-->MsiExec.exe /X{0D007CA9-64EE-4069-8CD2-D90EDFC046E3}
ATI RADEON 9700 Moebius Strip Screen Saver v1.1-->MsiExec.exe /X{B62D2A85-847F-4748-9B12-5DA6CE8EC8BA}
ATI RADEON 9700 NPR Hatching Demo v1.1-->MsiExec.exe /X{A0F13B93-1892-4C55-B709-995BBB730F33}
ATI RADEON 9700 Pipe Dream Demo v1.1-->MsiExec.exe /X{F8B6FBC3-C28F-49D9-A00A-16283E9A1180}
ATI RADEON 9800 Caves Screen Saver v1.1-->MsiExec.exe /X{7323EFB7-865D-4E3C-8F6E-89C7F902DBE5}
ATI RADEON 9800 Gargoyle Screen Saver v1.1-->MsiExec.exe /X{C2F2543F-55B7-4F7B-93BB-BE8C405384B8}
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Audiosurf-->MsiExec.exe /I{6D316D67-DA52-4659-9C98-F479963534D6}
Avid Codecs LE-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7BDDC00E-F2F3-418E-A57F-245B7815EF20}\SETUP.exe" -l0x9 -removeonly
Avid Core Runtime-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94EACECB-3D7C-4F31-99FD-39B95B9BA158}\Setup.exe" -l0x9 -removeonly
Avid DIO Runtime-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6823E209-3E0C-45A6-9B6C-BCEC0B7AB145}\Setup.exe" -l0x9 -removeonly
Azureus Vuze-->C:\Program Files\Azureus\uninstall.exe
Battlefield 2142-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}\setup.exe" -l0x9 -removeonly
Battlezone II-->C:\WINDOWS\IsUninst.exe -fd:\games\BZII.isu
Bink and Smacker-->C:\PROGRA~1\RADVIDEO\UNWISE.EXE C:\PROGRA~1\RADVIDEO\INSTALL.LOG
BitTorrent 3.4.2-->"C:\Program Files\BitTorrent\uninstall.exe"
Blasterball 2 Deluxe (remove only)-->"C:\Program Files\Zone.com Deluxe Games\Blasterball 2 Deluxe\Uninstall.exe"
Blaze Media Pro-->"C:\Documents and Settings\All Users.WINDOWS\Application Data\{CFAB4006-0AE0-414D-866A-DCB2C46553CF}\setup_blazemp.exe" REMOVE=TRUE MODIFY=FALSE
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
Conquer1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{47D528F7-5DB1-48C3-A782-7189609B4B49}\Setup.exe"
Crawler Toolbar with Web Security Guard-->C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe uninst
Creatures 2-->C:\WINDOWS\IsUninst.exe -f"f:\games\creatures 2\Uninst.isu"
DAO-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{438D221C-5B5B-4E4B-B7BD-A86512E5B6C1}
DAO-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}
DefilerPak 1.08a (Remove Only)-->"C:\Program Files\DefilerPak\UnDefile.exe"
Digidesign Audio Drivers 7.3.1-->C:\Program Files\InstallShield Installation Information\{9F1D8E17-2AE6-4608-901D-42146D7D9C68}\setup.exe -runfromtemp -l0x0009 -removeonly
Diskeeper 2008 Pro Premier-->MsiExec.exe /X{67A48ED5-0B6A-470A-995C-B8F1942E8AB9}
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Dungeon Siege 2 Broken World-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A563C4F4-BE36-4956-BA0B-E02BDD9F70D5}\setup.exe" -l0x9 -removeonly
Dungeon Siege 2-->"F:\Program Files\Microsoft Games\Dungeon Siege 2\UNINSTAL.EXE" /runtemp /uninstall
EA Download Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{EF7E931D-DC84-471B-8DB6-A83358095474} /l1033
Fable - The Lost Chapters-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}
FEAR-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2B653229-9854-4989-B780-D978F5F13EAB}\setup.exe" -l0x9 -removeonly
FLV Player 2.0, build 24-->C:\Program Files\FLV Player\uninst.exe
Forgotten Enemies-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ECC7C8A6-77C6-4E5B-A8D9-FC11FD36F1C9}\setup.exe" -l0x9
GameGuard-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1DAFB282-29F4-44EA-AD9D-9AFE93F8C2EC}\Setup.exe" -l0x9
GameSpot Download Manager-->"C:\Program Files\GameSpot\uninstall.exe"
Genetics Kit for Creatures 2-->C:\WINDOWS\st6unst.exe -n "f:\Games\Creatures 2\ST6UNST.LOG"
GIMP 2.4.5-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
Google Toolbar for Firefox-->MsiExec.exe /X{2CCBABCB-6427-4A55-B091-49864623C43F}
Google Video Player-->"C:\Program Files\Google\Google Video Player\Uninstall.exe"
GPGNet-->MsiExec.exe /I{C194D333-B84A-4BB7-B35E-060732D98DC4}
Gravis Xperience 4.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{13599F5D-20A2-449A-BA81-A7D8B98A8DF1}\Setup.exe" -u
GTK+ 2.6.4 runtime environment-->"C:\Program Files\Common Files\GTK\2.0\unins000.exe"
Haali Media Splitter-->"C:\Program Files\Matroska Pack\haali\uninstall.exe"
Hamachi 1.0.1.5-->C:\Program Files\Hamachi\uninstall.exe
HighMAT Extension to Microsoft Windows XP CD Writing Wizard-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HydraVision-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.exe"
IGN Download Manager 2.3.2-->C:\Program Files\IGN\Download Manager\uninst.exe
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
J2SE Runtime Environment 5.0 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Japanese Language Support-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\ja.inf, Uninstall
Java 2 Runtime Environment, SE v1.4.1_02-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFCE5837-FC21-11D6-9D24-00010240CE95}\setup.exe" Anytext
Java 2 Runtime Environment, SE v1.4.2_04-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142040}
Java 2 Runtime Environment, SE v1.4.2_06-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142060}
Java Web Start-->"C:\Program Files\Java\j2re1.4.2_04\javaws\uninst-javaws.exe"
Java(TM) 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
K-Lite Codec Pack 2.78 Full-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
Kumiko Manor 2.15-->F:\Games\Bethesda Softworks\Oblivion\Data\UninstalKumikoManor.exe
LADSPA_plugins-win-0.4.15-->"C:\Program Files\Audacity\Plug-Ins\unins000.exe"
LiveUpdate BVRP Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe" -l0x9
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\setup.exe" -l0x9 UNINSTALL
Logitech iTouch Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{036AA4D4-6D32-11D4-9875-00105ACE7734}\Setup.exe" -l0x9 UNINSTALL
Logitech MouseWare 9.79.1 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\Setup.exe" -l0x9 -l0009 UNINSTALL
Logitech Resource Center-->C:\PROGRA~1\LOGITECH\RESOUR~1\rem\UNWISE.EXE C:\PROGRA~1\LOGITECH\RESOUR~1\rem\INSTALL.LOG
Logon Loader-->C:\Program Files\Logon Loader\uninstall.exe
LogonStudio-->C:\PROGRA~1\WINCUS~1\LOGONS~1\UNWISE.EXE C:\PROGRA~1\WINCUS~1\LOGONS~1\INSTALL.LOG
LucasArts' TIE Fighter-->C:\WINDOWS\uninst.exe -f"f:\games\TIE Fighter\DeIsL1.isu"
LucasArts' X-Wing Alliance-->C:\WINDOWS\uninst.exe -f"f:\games\Lucasarts\Xwing Alliance\DeIsL1.isu"
LucasArts' X-Wing-->C:\WINDOWS\uninst.exe -ff:\games\X-Wing\DeIsL1.isu
Macromedia Flash Player 8-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{2F750C77-1FEC-44F9-88CC-2CE322EBD61E}
Microsoft Halo-->"F:\Games\Microsoft Games\Halo\UNINSTAL.EXE" /runtemp /addremove
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 SR-1 Disc 2-->MsiExec.exe /I{00040409-78E1-11D2-B60F-006097C998E7}
Microsoft Office 2000 SR-1 Professional-->MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual J# 2.0 Redistributable Package-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.exe
mobile PhoneTools-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F18E8A0F-BE99-4305-96A5-6C0FD9D7D999}\setup.exe" -l0x9
Morrowind-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Games\Bethesda Softworks\Morrowind\MWUninstall\Setup.exe" -l0x9
Motherboard Monitor 5-->"C:\Program Files\Motherboard Monitor 5\unins000.exe"
Motorola Driver Installation-->MsiExec.exe /I{75A0EB9D-2D1E-4FB7-BF61-498E33C73EB4}
Motorola Software Update-->MsiExec.exe /I{E74F828A-2E73-46DA-91B2-0F85F75DF1F5}
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSI Media Center Deluxe II-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12808370-8A8B-4A0A-8A96-385C309A58D6}\setup.exe"
MSN Music Assistant-->rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
MultiRes (remove only)-->C:\Program Files\MultiRes\uninstal.exe
Natural Color Pro-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC2C7405-BC58-4E11-8F51-29671BEAC06B}\setup.exe" -l0x9
Nero 8-->MsiExec.exe /X{5FCCD531-1B38-4A94-924C-127F722F1033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Notepad++-->C:\Program Files\Notepad++\uninstall.exe
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Oblivion - Construction Set-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23D683DD-93C6-48E6-B84E-78B57778F126}\setup.exe" -l0x9 -removeonly
Oblivion - Horse Armor Pack-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3ABEBD00-299D-4DCA-967F-B912163AB5EA}\setup.exe" -l0x9 -removeonly
Oblivion - Knights of the Nine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14C87AA7-08E6-419F-A165-998EBE5023D7}\setup.exe" -l0x9 -removeonly
Oblivion - Orrery-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EC425CFC-EE78-4A91-AA25-3BFA65B75364}\setup.exe" -l0x9 -removeonly
Oblivion - Spell Tomes-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{16D919E6-F019-4E15-BFBE-4A85EF19DA57}\setup.exe" -l0x9 -removeonly
Oblivion - Thieves Den-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FFFFFD17-B460-41EB-93F1-C48ABAD63828}\setup.exe" -l0x9 -removeonly
Oblivion - Vile Lair-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{520F4B09-3A51-47A2-82B0-9FF1DC2D20FA}\setup.exe" -l0x9 -removeonly
Oblivion - Wizard's Tower-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F2E3D62-8B8C-448F-8900-451325E50948}\setup.exe" -l0x9 -removeonly
Oblivion mod manager 1.1.5-->"F:\Games\Bethesda Softworks\Oblivion\obmm\uninstall\unins000.exe"
Oblivion-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x9 -removeonly
OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
Paint Shop Pro 7-->MsiExec.exe /I{D6DE02C7-1F47-11D4-9515-00105AE4B89A}
PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
Portal-->"F:\Games\Steam\steam.exe" steam://uninstall/400
PowerDVD Ultra-->"C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -l0x000409 /z-uninstall
Project64 1.6-->MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
QuickTime-->MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Radeon Omega Drivers v3.8.421 Setup Files and Tools-->"C:\WINDOWS\Radeon Omega Drivers v3.8.421 Uninstall.exe" "/U:C:\Program Files\Radeon Omega Drivers\v3.8.421\Omega Uninstall.xml"
Radeon Omega Drivers v4.8.442 Setup Files and Tools-->"C:\WINDOWS\Radeon Omega Drivers v4.8.442 Uninstall.exe" "/U:C:\Program Files\Radeon Omega Drivers\v4.8.442\Omega Uninstall.xml"
Razer Lycosa-->C:\Program Files\InstallShield Installation Information\{E0FA1DC5-FEBF-4E7B-8FA3-DB94233E952D}\setup.exe -runfromtemp -l0x0009 -removeonly
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
RegCure-->"C:\WINDOWS\RegCure\uninstall.exe" "/U:C:\Program Files\RegCure\Uninstall\uninstall.xml"
Revolutionary Girl Utena-->C:\PROGRA~1\FILESU~1\REVOLU~1\UNWISE.EXE C:\PROGRA~1\FILESU~1\REVOLU~1\INSTALL.LOG
Rhapsody Player Engine-->MsiExec.exe /I{8A62A068-3FD6-495A-9F66-26FE94F32EC9}
Rise Of Legends-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{CADDE354-C78C-46CB-A006-E2B178EFC271}
Security Update for Microsoft .NET Framework 2.0 (KB928365)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Sentinel Protection Installer 7.2.2-->MsiExec.exe /I{6DC0632A-A838-4B34-AC19-0FA18E1C533C}
ShowSize-->"C:\Program Files\ShowSize\unins000.exe"
Sibelius Scorch Plugin-->"C:\Program Files\Musicnotes\uninstsc.exe"
SMAC 1.2-->C:\PROGRA~1\SMAC\UNWISE.EXE C:\PROGRA~1\SMAC\INSTALL.LOG
Softnyx Launcher-->"C:\Program Files\Softnyx\Launcher\unins000.exe"
Sony USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
Source SDK Base 2007-->"F:\Games\Steam\steam.exe" steam://uninstall/218
SpeechRedist-->MsiExec.exe /X{8795CBED-55E2-4693-9F14-84EC446935BE}
Spyware Doctor 5.5-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
Spyware Terminator-->"C:\Program Files\Spyware Terminator\unins000.exe"
Star Trek Starfleet Command III-->F:\Games\STARFL~1\Uninstall\Unwise.exe /u F:\Games\STARFL~1\Uninstall\Install.log
Star Wars Galactic Battlegrounds: Clone Campaigns-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0314ED3D-26A7-4F62-86A2-6B23353445E8}\Setup.exe"
Star Wars Galactic Battlegrounds-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A202BDBA-753F-41B9-B649-CFB0B45FC03E}\Setup.exe"
Starcraft-->C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
StyleBuilder (remove only)-->"C:\Program Files\TGTSoft\StyleBuilder\StyleBuilder-uninstall.exe"
StyleXP (remove only)-->"C:\Program Files\TGTSoft\StyleXP\StyleXP-uninstall.exe"
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
TAE Version 1-->F:\Games\TOTALA~1\TAE\UNWISE.EXE F:\Games\TOTALA~1\TAE\INSTALL.LOG
TES Construction Set-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Games\Bethesda Softworks\Morrowind\CSUninstall\Setup.exe" -l0x9
The Core Media Player 4.0-->"C:\Program Files\CoreCodec\The Core Media Player\uninstall-tcmp4.exe"
Total Annihilation - Battle Tactics-->F:\Games\TOTALA~1\tabtunst.exe F:\Games\TOTALA~1
Total Annihilation - Core Contingency-->F:\Games\TOTALA~1\CC\CCQUERY.EXE
Total Annihilation-->F:\GAMES\TOTAL ANNIHILATION\setup.exe -u
Tranquillity 1.0-->D:\Tranquillity\unins000.exe
Undelete Plus 2.94-->"C:\Program Files\TouchStoneSoftware\UndeletePlus\unins000.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Venue InterLok Driver Kit-->MsiExec.exe /X{5684CDBB-5CB8-4E26-9F19-9DF037C143AC}
VideoLAN VLC media player 0.8.6i-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPINST.EXE /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_C074F64CC74B03BC354BB5DC973CCF768D5A7194\amdk8.inf
Windows Driver Package - Razer (HidUsb) HIDClass (01/11/2007 1.0)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\flter2k_8C64B007D7BCAA1DFE930B43B84F11E7B5B6D0F1\flter2k.inf
Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant-->MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Rights Management client-->MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Workspace Macro Pro 5.0-->"C:\Program Files\Workspace Macro Pro 5.0\Uninstall.exe" "C:\Program Files\Workspace Macro Pro 5.0\install.log"
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft (4)\Uninstall.exe
WTF files 9.8.1-->"F:\Games\World of Warcraft\WTF\Account\RavenZ3R0\SavedVariables\unins000.exe"
ZMatrix 1.5.2-->"C:\Program Files\ZMatrix\unins000.exe"
=====HijackThis Backups=====
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdsqd.exe] C:\WINDOWS\system32\kdsqd.exe
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
======Hosts File======
127.0.0.1 activate.adobe.com
======Security center information======
AV: VirusRescue 3.0 (outdated)
System event log
Computer Name: PLANET-BOB
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk3\D.
Record Number: 72540
Source Name: Disk
Time Written: 20081123144259.000000-420
Event Type: error
User:
Computer Name: PLANET-BOB
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk3\D.
Record Number: 72539
Source Name: Disk
Time Written: 20081123144258.000000-420
Event Type: error
User:
Computer Name: PLANET-BOB
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk3\D.
Record Number: 72538
Source Name: Disk
Time Written: 20081123144153.000000-420
Event Type: error
User:
Computer Name: PLANET-BOB
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk3\D.
Record Number: 72537
Source Name: Disk
Time Written: 20081123144152.000000-420
Event Type: error
User:
Computer Name: PLANET-BOB
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk3\D.
Record Number: 72536
Source Name: Disk
Time Written: 20081123144047.000000-420
Event Type: error
User:
Application event log
Computer Name: RAPTOR---BATTOU
Event Code: 1102
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: Microsoft.Build.Utilities, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
Record Number: 793
Source Name: .NET Runtime Optimization Service
Time Written: 20061026145714.000000-360
Event Type:
User:
Computer Name: RAPTOR---BATTOU
Event Code: 1100
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Began compiling: Microsoft.Build.Utilities, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
Record Number: 792
Source Name: .NET Runtime Optimization Service
Time Written: 20061026145713.000000-360
Event Type: information
User:
Computer Name: RAPTOR---BATTOU
Event Code: 1102
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: Microsoft.Build.Tasks, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
Record Number: 791
Source Name: .NET Runtime Optimization Service
Time Written: 20061026145713.000000-360
Event Type:
User:
Computer Name: RAPTOR---BATTOU
Event Code: 1100
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Began compiling: Microsoft.Build.Tasks, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
Record Number: 790
Source Name: .NET Runtime Optimization Service
Time Written: 20061026145707.000000-360
Event Type: information
User:
Computer Name: RAPTOR---BATTOU
Event Code: 1102
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: Microsoft.Build.Framework, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
Record Number: 789
Source Name: .NET Runtime Optimization Service
Time Written: 20061026145707.000000-360
Event Type:
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\GTK\2.0\bin;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Avid;C:\PROGRA~1\DISKEE~1\DISKEE~1\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=0801
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
EOF
Logfile of random's system information tool 1.05 (written by random/random)
Run by Kenshin Himoura at 2009-01-06 21:33:17
Microsoft Windows XP Professional Service Pack 3
System drive C: has 4 GB (16%) free of 29 GB
Total RAM: 2046 MB (53% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:33:18 PM, on 1/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Razer\Lycosa\razerhid.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files\Razer\Lycosa\razertra.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Kenshin Himoura\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Kenshin Himoura.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - <default> - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {8F6C5C62-F40A-41F2-ABF8-018B221EE3EB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Lycosa] "C:\Program Files\Razer\Lycosa\razerhid.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NCProTray.lnk = ?
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Open Client to monitor &1 - C:\WINDOWS\web\AOpenClient.htm
O8 - Extra context menu item: Open Client to monitor &2 - C:\WINDOWS\web\AOpenClient.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1217473732411
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} -
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - AppInit_DLLs: kxehes.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: StyleXPService - Unknown owner - (no file)
O24 - Desktop Component 0: (no name) - C:\Documents and Settings\Kenshin Himoura\My Documents\My Pictures\New Folder - Cuz the other one has too damn much stuff\Sweet.gif
O24 - Desktop Component 1: (no name) - C:\Documents and Settings\Kenshin Himoura\My Documents\My Pictures\New Folder - Cuz the other one has too damn much stuff\Damn wall.gif
O24 - Desktop Component 2: (no name) - C:\Documents and Settings\Kenshin Himoura\My Documents\My Pictures\New Folder - Cuz the other one has too damn much stuff\SweetRaven.gif
O24 - Desktop Component 3: (no name) - C:\Documents and Settings\Kenshin Himoura\My Documents\Temp\Dot Hack Portal (ALTIMIT Screen) (Transparent).gif
--
End of file - 10264 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Pareto UNS.job
C:\WINDOWS\tasks\RegCure.job
C:\WINDOWS\tasks\RegCure Program Check.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-27 320920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8F6C5C62-F40A-41F2-ABF8-018B221EE3EB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-27 34816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler Toolbar - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2008-11-06 1192960]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"zBrowser Launcher"=C:\Program Files\Logitech\iTouch\iTouch.exe [2004-03-18 892928]
"Logitech Utility"=C:\WINDOWS\Logi_MwX.Exe [2003-12-17 19968]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-27 136600]
"LogonStudio"=C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe [2002-09-03 987187]
"ATIPTA"=C:\WINDOWS\system32\atiptaxx.exe [2006-02-21 344064]
"HydraVisionDesktopManager"=C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe [2003-09-15 270336]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2004-10-29 4620288]
"DigidesignMMERefresh"=C:\Program Files\Digidesign\Drivers\MMERefresh.exe [2006-12-09 61440]
"BDRegion"=C:\Program Files\Cyberlink\Shared Files\brs.exe [2007-11-16 91432]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2007-10-28 72736]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2007-10-11 62760]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]
"wcmdmgr"=C:\WINDOWS\wt\updater\wcmdmgrl.exe [2002-09-27 20480]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]
"Lycosa"=C:\Program Files\Razer\Lycosa\razerhid.exe [2008-05-21 155648]
"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2008-11-12 1783808]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
"ATI DeviceDetect"=C:\Program Files\ATI Multimedia\main\ATIDtct.EXE [2005-03-18 53248]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"igndlm.exe"=C:\Program Files\IGN\Download Manager\DLM.exe [2008-08-01 1103216]
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe [2008-06-13 2752512]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2007-12-13 1688872]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe [2008-03-20 216520]
"LDM"=\Program\BackWeb-8876480.exe []
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Launchpad]
C:\Program Files\ATI Multimedia\main\launchpd.exe [2005-03-18 102400]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gravis Xperience Driver Support]
Grxp4exe.exe /init []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
\Program\BackWeb-8876480.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2004-10-29 4620288]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2007-06-29 286720]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^AdwareFilter Background Protection.lnk]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^MSI Media Center Deluxe II.lnk]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^WinIRXHelper.lnk]
[]
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
NCProTray.lnk - C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Documents and Settings\Kenshin Himoura\Start Menu\Programs\Startup
GameSpot Download Manager.lnk - C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="kxehes.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-12-04 122880]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-07-30 200064]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\kdx\KHost.exe"="C:\WINDOWS\kdx\KHost.exe:*:Enabled:Secure Delivery Plug-In"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\Grisoft\AVG6\avgcc32.exe"="C:\Program Files\Grisoft\AVG6\avgcc32.exe:*:Enabled:AVG Control Center"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\Java\j2re1.4.2_04\bin\javaw.exe"="C:\Program Files\Java\j2re1.4.2_04\bin\javaw.exe:*:Enabled:javaw"
"C:\Program Files\Conquer1.0\play.exe"="C:\Program Files\Conquer1.0\play.exe:*:Enabled:Conquer 1.0"
"F:\Games\EA GAMES\Battlefield 1942\BF1942.exe"="F:\Games\EA GAMES\Battlefield 1942\BF1942.exe:*:Enabled:Battlefield 1942"
"C:\Program Files\GameSpy Arcade\Aphex.exe"="C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade"
"F:\Games\Microsoft Games\Halo\halo.exe"="F:\Games\Microsoft Games\Halo\halo.exe:*:Enabled:Halo"
"F:\Games\Microsoft Games\MechWarrior 4 - Vengeance\mw4x\MW4x.exe"="F:\Games\Microsoft Games\MechWarrior 4 - Vengeance\mw4x\MW4x.exe:*:Enabled:MechWarrior Black Knight"
"F:\Games\Microsoft Games\MechWarrior 4 - Vengeance\MW4.exe"="F:\Games\Microsoft Games\MechWarrior 4 - Vengeance\MW4.exe:*:Enabled:MechWarrior Vengeance"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"F:\Games\Far Cry\Bin32\FarCry.exe"="F:\Games\Far Cry\Bin32\FarCry.exe:*:Enabled:Play Far Cry"
"F:\Games\UT2004\System\UT2004.exe"="F:\Games\UT2004\System\UT2004.exe:*:Enabled:Play UT2004"
"F:\Games\Microsoft Games\Rise of Nations\rise.exe"="F:\Games\Microsoft Games\Rise of Nations\rise.exe:*:Enabled:Rise Of Nations"
"F:\Games\Microsoft Games\Rise of Nations\thrones.exe"="F:\Games\Microsoft Games\Rise of Nations\thrones.exe:*:Enabled:Rise of Nations Thrones and Patriots"
"C:\Program Files\SideWinder Game Voice Share\GVShare.exe"="C:\Program Files\SideWinder Game Voice Share\GVShare.exe:*:Enabled:SideWinder Game Voice Share"
"F:\Games\Starcraft\StarCraft.exe"="F:\Games\Starcraft\StarCraft.exe:*:Enabled:Starcraft - Brood War"
"F:\Games\Warcraft III\Warcraft III.exe"="F:\Games\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Program Files\Winamp\winamp.exe"="C:\Program Files\Winamp\winamp.exe:*:Enabled:Winamp"
"C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe"="C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe:*:Enabled:Acrobat Reader 5.0"
"C:\Documents and Settings\Kenshin Himoura\My Documents\My Received Files\PicoPhone163.exe"="C:\Documents and Settings\Kenshin Himoura\My Documents\My Received Files\PicoPhone163.exe:*:Enabled:PicoPhone163"
"C:\Program Files\Real\RealOne Player\RealPlay.exe"="C:\Program Files\Real\RealOne Player\RealPlay.exe:*:Enabled:RealPlayer"
"C:\Program Files\Mu Online\mu.exe"="C:\Program Files\Mu Online\mu.exe:*:Enabled:mu"
"C:\Program Files\Mu Online\main.exe"="C:\Program Files\Mu Online\main.exe:*:Enabled:main"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"F:\Games\LucasArts\ JK_ Jedi Academy\GameData\jamp.exe"="F:\Games\LucasArts\ JK_ Jedi Academy\GameData\jamp.exe:*:Enabled:Jedi Academy MultiPlayer"
"F:\Games\CS\Steam.exe"="F:\Games\CS\Steam.exe:*:Enabled:Steam"
"F:\Games\Microsoft Games\MechWarrior 4 - Vengeance\MW4.ICD"="F:\Games\Microsoft Games\MechWarrior 4 - Vengeance\MW4.ICD:*:Enabled:MechWarrior IV"
"F:\Games\BF1942\BF1942.exe"="F:\Games\BF1942\BF1942.exe:*:Enabled:BF1942"
"F:\Program Files\Microsoft Games\Mechwarrior Mercenaries\MW4MERCS.ICD"="F:\Program Files\Microsoft Games\Mechwarrior Mercenaries\MW4MERCS.ICD:*:Enabled:MechWarrior IV"
"C:\Program Files\Leisure Suit Larry(TM) - Magna Cum Laude Trailer\LSLMCMtrailer.exe"="C:\Program Files\Leisure Suit Larry(TM) - Magna Cum Laude Trailer\LSLMCMtrailer.exe:*:Enabled:LSLMCMtrailer"
"F:\CS\CounterStrike2D.exe"="F:\CS\CounterStrike2D.exe:*:Enabled:CounterStrike2D"
"F:\Qnext\qnext.exe"="F:\Qnext\qnext.exe:*:Enabled:Qnext"
"F:\Qnext\qnextclient.exe"="F:\Qnext\qnextclient.exe:*:Enabled:qnextclient"
"F:\threedegrees\musicmix.exe"="F:\threedegrees\musicmix.exe:*:Enabled:threedegrees musicmix"
"F:\Games\Empire Earth\EE2Demo.exe"="F:\Games\Empire Earth\EE2Demo.exe:*:Enabled:Empire Earth II"
"C:\WINDOWS\System32\rtcshare.exe"="C:\WINDOWS\System32\rtcshare.exe:*:Enabled:RTC App Sharing"
"C:\Program Files\Java\jre1.5.0_02\BIN\javaw.exe"="C:\Program Files\Java\jre1.5.0_02\BIN\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"F:\Games\World of Warcraft\WoW-1.5.0-enUS-downloader.exe"="F:\Games\World of Warcraft\WoW-1.5.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"F:\Games\World of Warcraft\WoW-1.5.1.4449-to-1.6.0-enUS-downloader.exe"="F:\Games\World of Warcraft\WoW-1.5.1.4449-to-1.6.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"F:\Games\World of Warcraft\WoW.exe"="F:\Games\World of Warcraft\WoW.exe:*:Enabled:World of Warcraft"
"F:\Games\softnyx\GunboundWC\GunBound.gme"="F:\Games\softnyx\GunboundWC\GunBound.gme:*:Enabled:GunBound"
"F:\Games\World of Warcraft\WoW-1.6.0.4500-to-1.6.1-enUS-downloader.exe"="F:\Games\World of Warcraft\WoW-1.6.0.4500-to-1.6.1-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"F:\Program Files\Microsoft Games\Mechwarrior Mercenaries\MW4Mercs.exe"="F:\Program Files\Microsoft Games\Mechwarrior Mercenaries\MW4Mercs.exe:*:Enabled:MechWarrior IV"
"F:\Games\World of Warcraft\WoW-1.6.1.4544-to-1.7.0-enUS-downloader.exe"="F:\Games\World of Warcraft\WoW-1.6.1.4544-to-1.7.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Java\jre1.5.0_04\BIN\javaw.exe"="C:\Program Files\Java\jre1.5.0_04\BIN\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"F:\Games\World of Warcraft\WoW-1.7.1.4695-to-1.8.0-enUS-downloader.exe"="F:\Games\World of Warcraft\WoW-1.7.1.4695-to-1.8.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"F:\Games\World of Warcraft\WoW-1.8.3.4807-to-1.8.4.4878-enUS-downloader.exe"="F:\Games\World of Warcraft\WoW-1.8.3.4807-to-1.8.4.4878-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"F:\Games\World of Warcraft\WoW-1.8.4.4878-to-1.9.0.4937-enUS-downloader.exe"="F:\Games\World of Warcraft\WoW-1.8.4.4878-to-1.9.0.4937-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"F:\Games\RavenShield\system\ravenshield.exe"="F:\Games\RavenShield\system\ravenshield.exe:*:Enabled:ravenshield"
"C:\Program Files\Java\jre1.5.0_06\BIN\javaw.exe"="C:\Program Files\Java\jre1.5.0_06\BIN\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\Downloads\WOW_Snow_EG-downloader-1.exe"="C:\Downloads\WOW_Snow_EG-downloader-1.exe:*:Enabled:Blizzard Downloader"
"C:\Downloads\WOW_Rain_EG-downloader.exe"="C:\Downloads\WOW_Rain_EG-downloader.exe:*:Enabled:Blizzard Downloader"
"F:\Games\World of Warcraft\WoW-1.9.2.4996-to-1.9.3.5059-enUS-downloader.exe"="F:\Games\World of Warcraft\WoW-1.9.2.4996-to-1.9.3.5059-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"F:\Games\softnyx\Rakion\Bin\Rakion.bin"="F:\Games\softnyx\Rakion\Bin\Rakion.bin:*:Enabled:Rakion"
"C:\Program Files\Xfire\Xfire.exe"="C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire"
"C:\Downloads\PicoPhone164.exe"="C:\Downloads\PicoPhone164.exe:*:Enabled:PicoPhone164"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"F:\Games\World of Warcraft\WoW-1.9.4.5086-to-1.10.0.5195-enUS-downloader.exe"="F:\Games\World of Warcraft\WoW-1.9.4.5086-to-1.10.0.5195-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"F:\Games\FEAR\FEAR.exe"="F:\Games\FEAR\FEAR.exe:*:Enabled:FEAR"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe"="C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD"
"F:\Games\Supreme Commander - Forged Alliance\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe"="F:\Games\Supreme Commander - Forged Alliance\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe:*:Enabled:Supreme Commander - Forged Alliance"
"F:\Games\Supreme Commander - Forged Alliance\GPGNet\GPG.Multiplayer.Client.exe"="F:\Games\Supreme Commander - Forged Alliance\GPGNet\GPG.Multiplayer.Client.exe:*:Enabled:GPGNet - Supreme Commander - Forged Alliance"
"F:\Program Files\Microsoft Games\Dungeon Siege 2\DungeonSiege2.exe"="F:\Program Files\Microsoft Games\Dungeon Siege 2\DungeonSiege2.exe:*:Enabled:Dungeon Siege 2 Game Executable"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Curse\CurseClient.exe"="C:\Program Files\Curse\CurseClient.exe:*:Enabled:Curse Client"
"C:\Program Files\Ventrilo\Ventrilo.exe"="C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{550e2432-7774-11dd-b31d-00508d6799dc}]
shell\AutoRun\command - G:\autorun.exe
shell\directx\command - G:\DirectX9\dxsetup.exe
shell\setup\command - G:\setup.exe
======List of files/folders created in the last 1 months======
2009-01-06 21:32:45 ----D---- C:\rsit
2009-01-05 23:11:54 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\FLEXnet
2009-01-05 22:58:28 ----D---- C:\Program Files\Common Files\Macrovision Shared
2009-01-03 13:15:12 ----D---- C:\Documents and Settings\Kenshin Himoura\Application Data\AvniTech
2009-01-03 13:15:09 ----D---- C:\Program Files\ShowSize
2008-12-29 23:36:46 ----SHD---- C:\FOUND.006
2008-12-28 19:00:20 ----A---- C:\DBS.TXT
2008-12-28 16:28:04 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Diskeeper Corporation
2008-12-28 16:28:03 ----D---- C:\Program Files\Diskeeper Corporation
2008-12-14 14:47:00 ----SHD---- C:\FOUND.005
======List of files/folders modified in the last 1 months======
2009-01-06 09:38:38 ----A---- C:\WINDOWS\NeroDigital.ini
2009-01-06 01:26:54 ----A---- C:\WINDOWS\msicpl.ini
2009-01-04 23:37:28 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2009-01-03 13:36:40 ----A---- C:\WINDOWS\LogonStudio.ini
2009-01-03 13:33:04 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-03 02:51:26 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-29 21:30:02 ----A---- C:\WINDOWS\ModemLog_Motorola USB Modem #3.txt
2008-12-27 15:17:38 ----A---- C:\WINDOWS\imsins.BAK
2008-12-27 11:01:54 ----A---- C:\WINDOWS\iTouch.ini
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 kid_sys;Kensington Input Devices Class filter driver; C:\WINDOWS\System32\drivers\KID_SYS.sys [2001-09-26 11920]
R1 mbmiodrvr;mbmiodrvr; \??\C:\WINDOWS\system32\mbmiodrvr.sys []
R1 NCPro;NCPro; C:\WINDOWS\system32\drivers\MTictwl.sys [2005-10-21 13396]
R1 NPPTNT;NPPTNT; \??\C:\WINDOWS\system32\npptNT.sys []
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 StyleXPHelper;StyleXPHelper; \??\C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe []
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B}; \??\C:\Program Files\CyberLink\PowerDVD\000.fcl []
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2007-11-15 278984]
R2 DigiNet;Digidesign Ethernet Support; C:\WINDOWS\system32\DRIVERS\diginet.sys [2006-12-08 11776]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2007-11-15 25416]
R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [2006-03-14 90176]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-08-06 4122112]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2007-12-04 2782208]
R3 DLKRTS;D-Link DFE-530TX+ PCI Adapter; C:\WINDOWS\System32\DRIVERS\DLKRTS.SYS [2002-06-23 45568]
R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5b.sys [2004-04-14 42496]
R3 hidusb;Lycosa HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 LycoFltr;Lycosa Keyboard; C:\WINDOWS\System32\Drivers\Lycosa.sys [2008-05-22 16896]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NtApm;NT Apm/Legacy Interface Driver; C:\WINDOWS\System32\DRIVERS\NtApm.sys [2001-08-17 9344]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-08-23 5888]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 vulfnths;VIA USB Host Controller Lower Filter; C:\WINDOWS\System32\Drivers\vulfnth.sys [2003-08-04 6912]
S2 AtiBt829;ATI WDM Bt829 Video (Microsoft); C:\WINDOWS\system32\DRIVERS\ati1btxx.sys [2004-08-03 56623]
S2 ATITUNEP;ATI WDM TV Tuner (Microsoft); C:\WINDOWS\system32\DRIVERS\ati1tuxx.sys [2004-08-03 36463]
S2 ATIXSAudio;ATI WDM TV Audio Crossbar (Microsoft); C:\WINDOWS\system32\DRIVERS\ati1xsxx.sys [2004-08-03 34735]
S2 CINEMSUP;Software Cinemaster NT4.0 Driver; C:\WINDOWS\SYSTEM32\DRIVERS\CINEMSUP.SYS []
S2 MVDCODEC;ATI WDM Specialized MVD Codec (Microsoft); C:\WINDOWS\system32\DRIVERS\ati1mdxx.sys [2004-08-03 11615]
S3 ahqbpgex;ahqbpgex; C:\WINDOWS\system32\drivers\ahqbpgex.sys []
S3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-23 400384]
S3 ati2mtaa;ati2mtaa; C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys [2004-08-03 327040]
S3 auiakzdh;auiakzdh; C:\WINDOWS\system32\drivers\auiakzdh.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ctljystk;Creative SBLive! Gameport; C:\WINDOWS\system32\DRIVERS\ctljystk.sys [2001-08-17 3712]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2001-08-17 283904]
S3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2001-08-17 6912]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2007-12-15 17480]
S3 HCF_MSFT;HCF_MSFT; C:\WINDOWS\system32\DRIVERS\HCF_MSFT.sys [2001-08-17 907456]
S3 IKFileSec;File Security Driver; C:\WINDOWS\system32\drivers\ikfilesec.sys [2008-02-01 42376]
S3 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2007-12-10 66952]
S3 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2007-12-10 81288]
S3 itchfltr;iTouch Keyboard Filter; C:\WINDOWS\System32\DRIVERS\itchfltr.sys [2004-03-10 12953]
S3 L8042pr2;Logitech PS/2 Mouse Filter Driver; C:\WINDOWS\System32\DRIVERS\L8042pr2.Sys [2003-12-17 51729]
S3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\System32\DRIVERS\LMouFlt2.Sys [2003-12-17 70801]
S3 ltmodem5;LT Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2004-08-03 606684]
S3 MagicTune;MagicTune; C:\WINDOWS\system32\drivers\MTiCtwl.sys [2005-10-21 13396]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 MotDev;Motorola Inc. USB Device; C:\WINDOWS\system32\DRIVERS\motodrv.sys [2007-10-10 42112]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-06-20 23680]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 Ndisprot;ArcNet NDIS Protocol Driver; \??\C:\WINDOWS\system32\drivers\Ndisprot.sys []
S3 NTSIM;NTSIM; \??\C:\WINDOWS\system32\ntsim.sys []
S3 ntxpusb;Gravis USB device driver; C:\WINDOWS\system32\drivers\ntxpusb.sys [2002-02-26 266432]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-10-29 2826944]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2001-08-17 36480]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 sonypvs1;Sony Digital Imaging Video2; C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 102220]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 tbhsd;Tunebite High-Speed Dubbing; C:\WINDOWS\system32\drivers\tbhsd.sys []
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbsermptxp;Motorola USB Modem Driver for MPT XP; C:\WINDOWS\system32\DRIVERS\usbsermptxp.sys [2008-04-18 25600]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 vaxscsi;vaxscsi; C:\WINDOWS\System32\Drivers\vaxscsi.sys []
S3 VIAudio;VIA AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\ac97via.sys [2002-08-29 84480]
S3 vulfntrs;VIA USB Roothub Lower Filter; C:\WINDOWS\System32\Drivers\vulfntr.sys [2003-08-04 11392]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 XTrapD12;XTrapD12; \??\F:\Games\Legend Of Ares\\XTrap\XTrapD12.sys []
S4 ACPI;ACPI; C:\WINDOWS\system32\drivers\ACPI.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-12-04 495616]
R2 DigiRefresh;Digidesign MME Refresh Service; C:\Program Files\Digidesign\Drivers\MMERefresh.exe [2006-12-09 61440]
R2 Diskeeper;Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [2007-10-16 1094936]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2007-08-30 66872]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2007-10-15 243056]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2008-11-12 570880]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-12-13 447784]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2007-09-28 593920]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2004-10-29 127043]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-01-05 655624]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-02-01 747912]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-02-01 948616]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
EOF
(I realize there are random smilies in there but I couldn't see a button to disable smileys for this post...they just came out that way. Sorry)
IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.
I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.
Also available here.
My recommendation is you go to Control Panel > Add/Remove Programs and uninstall any P2P programs
Please note: you must NOT use any P2P whilst we are cleaning your machine.
Registry Cleaners
Re. RegCure
I don't personally recommend the use of ANY registry cleaners.
Here is an excerpt from a discussion on regcleaners http://forums.whatthetech.com/Regcleaner_t42862.html
Step 1
Fix With HJT
Close all other windows and then start HiJack This
Click Do A System Scan Only
When it has finished scanning put a check next to the following lines IF still present - Close ALL open windows (especially Internet Explorer!)-
Now click Fix checked
Click yes to any prompts
Close HijackThis
Step 2
1. Click on Start > All Programs > Accessories > System Tools > Disk Cleanup.
2. Select C drive and click OK.
3. Select the More Options tab.
4. Under System Restore, click on Clean up....
5. You will be prompted. Click Yes.
6. When done, click OK.
7. You will be prompted again. Press Yes to confirm.
8. When done, Disk Cleanup will close automatically.
Step 3
Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:
Bleeping Computer ComboFix Tutorial
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
Step 4
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please download Java Runtime Environment (JRE) . ( don't install it yet )
Now download JavaRa and unzip it to your desktop.
***Please close any instances of Internet Explorer (or other web browser) before continuing!***
Now install the Java Runtime Environment (JRE) package you downloaded
(it comes with a toolbar pre-selected, so make sure you uncheck the box)
You can delete JavaRa (zip and exe)
Step 5
Remove Programs
Older versions of some programs have vulnerabilities that malware can use to infect your system.
Now click Start---Control Panel. Double click Add or Remove Programs (XP) / Programs and Features (Vista) . If any of the following programs are listed there,
click on the program to highlight it, and click on remove.
- Adobe Acrobat 5.0
- Java(TM) 6 Update 7
Now close the Control Panel.Adobe Reader 8.1.3 See below for updating Adobe
Step 6
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Additional Notes
Your Adobe Acrobat Reader is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Adobe Reader is a large program and uses unnecessary space.
If you prefer a smaller program you can get Foxit 3.0 from http://www.foxitsoftware.com/pdf/rd_intro.php << Recommended
There is a newer version of Adobe Acrobat Reader available.
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1524 [GMT -7:00]
Running from: c:\documents and settings\Kenshin Himoura\Desktop\ComboFix.exe
AV: VirusRescue 3.0 *On-access scanning enabled* (Outdated)
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Kenshin Himoura\Local Settings\Temporary Internet Files\fbk.sts
c:\program files\INSTALL.LOG
c:\windows\system32\skinboxer43.dll
c:\windows\wiaserviv.log
.
((((((((((((((((((((((((( Files Created from 2008-12-07 to 2009-01-07 )))))))))))))))))))))))))))))))
.
2009-01-06 23:56 . 2009-01-06 23:56 <DIR> d
c:\program files\OGMTOAVI
2009-01-06 21:32 . 2009-01-06 21:32 <DIR> d
C:\rsit
2009-01-05 23:11 . 2009-01-05 23:11 <DIR> d
c:\documents and settings\All Users.WINDOWS\Application Data\FLEXnet
2009-01-05 22:58 . 2009-01-05 22:58 <DIR> d
c:\program files\Common Files\Macrovision Shared
2009-01-04 18:48 . 2009-01-04 18:48 54,156 --ah
c:\windows\QTFont.qfn
2009-01-04 18:48 . 2009-01-04 18:48 1,409 --a
c:\windows\QTFont.for
2009-01-03 13:15 . 2009-01-03 13:15 <DIR> d
c:\program files\ShowSize
2009-01-03 13:15 . 2009-01-03 13:15 <DIR> d
c:\documents and settings\Kenshin Himoura\Application Data\AvniTech
2008-12-29 23:36 . 2008-12-29 23:36 <DIR> d--hs---- C:\FOUND.006
2008-12-28 16:28 . 2008-12-28 16:28 <DIR> d
c:\program files\Diskeeper Corporation
2008-12-28 16:28 . 2008-12-28 16:28 <DIR> d
c:\documents and settings\All Users.WINDOWS\Application Data\Diskeeper Corporation
2008-12-14 14:47 . 2008-12-14 14:47 <DIR> d--hs---- C:\FOUND.005
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-05 06:37 201,816 ----a-w c:\windows\system32\PnkBstrB.exe
2009-01-05 06:37 137,992 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-12-03 20:10
d
w c:\program files\DOSBox-0.72
2008-11-27 20:27 410,976 ----a-w c:\windows\system32\deploytk.dll
2008-11-24 05:13 0 ----a-w c:\documents and settings\Kenshin Himoura\dpuGUI10.dll
2008-11-24 01:37
d
w c:\program files\Trend Micro
2008-11-23 23:36
d
w c:\documents and settings\Kenshin Himoura\Application Data\Malwarebytes
2008-11-23 23:35
d
w c:\program files\Malwarebytes' Anti-Malware
2008-11-23 23:35
d
w c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-11-23 18:55 27,904 ----a-w c:\windows\system32\drivers\ndisprot.sys
2008-11-19 17:08
d
w c:\program files\Ventrilo
2008-11-15 20:22
d
w c:\documents and settings\Kenshin Himoura\Application Data\Acreon
2008-11-12 16:56 141,312 ----a-w c:\windows\system32\drivers\sp_rsdrv2.sys
2008-11-12 16:56
d
w c:\program files\Crawler
2008-11-12 16:55
d
w c:\program files\Spyware Terminator
2008-11-12 16:55
d
w c:\documents and settings\Kenshin Himoura\Application Data\Spyware Terminator
2008-11-12 16:55
d
w c:\documents and settings\All Users.WINDOWS\Application Data\Spyware Terminator
2008-10-27 00:30 1,851,544 ----a-w C:\install_flash_player.exe
2008-10-26 14:45 28,632 ----a-w c:\windows\TMPG001.TMP
2008-07-25 09:34 294,912 ----a-w c:\documents and settings\Kenshin Himoura\dpu10.dll
2008-04-19 00:41 92,064 ----a-w c:\documents and settings\Kenshin Himoura\mqdmmdm.sys
2008-04-19 00:41 9,232 ----a-w c:\documents and settings\Kenshin Himoura\mqdmmdfl.sys
2008-04-19 00:41 79,328 ----a-w c:\documents and settings\Kenshin Himoura\mqdmserd.sys
2008-04-19 00:41 66,656 ----a-w c:\documents and settings\Kenshin Himoura\mqdmbus.sys
2008-04-19 00:41 6,208 ----a-w c:\documents and settings\Kenshin Himoura\mqdmcmnt.sys
2008-04-19 00:41 5,936 ----a-w c:\documents and settings\Kenshin Himoura\mqdmwhnt.sys
2008-04-19 00:41 4,048 ----a-w c:\documents and settings\Kenshin Himoura\mqdmcr.sys
2008-04-19 00:41 25,600 ----a-w c:\documents and settings\Kenshin Himoura\usbsermptxp.sys
2008-04-19 00:41 22,768 ----a-w c:\documents and settings\Kenshin Himoura\usbsermpt.sys
2008-04-14 12:42 985,088 ----a-w c:\documents and settings\Kenshin Himoura\setupapi.dll
2008-04-14 01:12 83,456 ----a-w c:\documents and settings\Kenshin Himoura\dpvsetup.exe
2008-04-14 01:12 8,192 ----a-w c:\documents and settings\Kenshin Himoura\ntlsapi.dll
2008-04-14 01:12 6,144 ----a-w c:\documents and settings\Kenshin Himoura\dcomcnfg.exe
2008-04-14 01:12 29,696 ----a-w c:\documents and settings\Kenshin Himoura\dplaysvr.exe
2008-04-14 01:12 180,224 ----a-w c:\documents and settings\Kenshin Himoura\dwwin.exe
2008-04-14 01:12 17,920 ----a-w c:\documents and settings\Kenshin Himoura\dvdupgrd.exe
2008-04-14 01:12 15,872 ----a-w c:\documents and settings\Kenshin Himoura\help.exe
2008-04-14 01:11 71,680 ----a-w c:\documents and settings\Kenshin Himoura\dsdmoprp.dll
2008-04-14 01:11 229,888 ----a-w c:\documents and settings\Kenshin Himoura\dplayx.dll
2008-04-14 01:11 155,648 ----a-w c:\documents and settings\Kenshin Himoura\dskquoui.dll
2008-04-14 01:11 1,179,648 ----a-w c:\documents and settings\Kenshin Himoura\d3d8.dll
2008-04-14 01:09 3,072 ----a-w c:\documents and settings\Kenshin Himoura\dpnaddr.dll
2008-04-13 18:39 2,897,920 ----a-w c:\documents and settings\Kenshin Himoura\xpsp2res.dll
2007-11-21 18:23 81,920 ----a-w c:\documents and settings\Kenshin Himoura\frapsvid.dll
2007-10-28 00:40 222,720 ----a-w c:\documents and settings\Kenshin Himoura\wmasf.dll
2007-04-13 10:21 271,360 ----a-w c:\documents and settings\Kenshin Himoura\mscoree.dll
2006-10-19 04:47 542,720 ----a-w c:\documents and settings\Kenshin Himoura\blackbox.dll
2006-10-19 04:47 33,792 ----a-w c:\documents and settings\Kenshin Himoura\wmdmlog.dll
2006-09-26 20:57 28,672 ----a-w c:\documents and settings\Kenshin Himoura\AVEQT.dll
2006-07-21 09:33 98,304
w c:\windows\inf\HFX36C.tmp
2006-01-20 22:46 245,408 ----a-w c:\documents and settings\Kenshin Himoura\unicows.dll
2005-03-19 00:19 2,337,488 ----a-w c:\documents and settings\Kenshin Himoura\d3dx9_25.dll
2005-01-05 22:43 4,682 ----a-w c:\documents and settings\Kenshin Himoura\npptNT2.sys
2004-10-29 23:50 32,256 ----a-w c:\documents and settings\Kenshin Himoura\nvcodins.dll
2004-09-01 16:49 53,248 ----a-w c:\documents and settings\Kenshin Himoura\dpv10.dll
2004-09-01 16:49 335,872 ----a-w c:\documents and settings\Kenshin Himoura\dpus10.dll
2004-09-01 16:49 3,375,104 ----a-w c:\documents and settings\Kenshin Himoura\qt-mt331.dll
2004-08-11 08:45 253,688 ----a-w c:\documents and settings\Kenshin Himoura\drmclien.dll
2004-08-04 06:51 53,840 ----a-w c:\documents and settings\Kenshin Himoura\dosx.exe
2002-01-05 11:38 54,784 ----a-w c:\documents and settings\Kenshin Himoura\MSVCI70.DLL
2001-08-23 22:00 9,344 ----a-w c:\documents and settings\Kenshin Himoura\vga.dll
2001-08-23 22:00 7,040 ----a-w c:\documents and settings\Kenshin Himoura\kdcom.dll
2001-08-23 22:00 69,120 ----a-w c:\documents and settings\Kenshin Himoura\olethk32.dll
2001-08-23 22:00 5,632 ----a-w c:\documents and settings\Kenshin Himoura\kbdus.dll
2001-08-23 22:00 22,016 ----a-w c:\documents and settings\Kenshin Himoura\olesvr32.dll
2001-08-23 22:00 2,560 ----a-w c:\documents and settings\Kenshin Himoura\lz32.dll
2001-08-23 22:00 12,288 ----a-w c:\documents and settings\Kenshin Himoura\bootvid.dll
1999-01-22 00:40 94,208 ----a-w c:\documents and settings\Kenshin Himoura\msstkprp.dll
2008-07-31 04:59 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008073020080731\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATI DeviceDetect"="c:\program files\ATI Multimedia\main\ATIDtct.EXE" [2005-03-18 53248]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"igndlm.exe"="c:\program files\IGN\Download Manager\DLM.exe" [2008-08-01 1103216]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2008-06-13 2752512]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 1688872]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 52\axcmd.exe" [2008-03-20 216520]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"LogonStudio"="c:\program files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 987187]
"HydraVisionDesktopManager"="c:\program files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe" [2003-09-15 270336]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-10-29 4620288]
"DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2006-12-09 61440]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2007-11-16 91432]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-10-28 72736]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-10-11 62760]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"Lycosa"="c:\program files\Razer\Lycosa\razerhid.exe" [2008-05-21 155648]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-11-12 1783808]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 c:\windows\LOGI_MWX.EXE]
"ATIPTA"="atiptaxx.exe" [2006-02-21 c:\windows\system32\atiptaxx.exe]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:\windows\soundman.exe]
c:\documents and settings\Kenshin Himoura\Start Menu\Programs\Startup\
GameSpot Download Manager.lnk - c:\program files\GameSpot\GameSpotDownloadManager_Win32.exe [2008-04-16 876544]
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2004-06-29 450560]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-01-21 65588]
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= c:\documents and settings\Kenshin Himoura\My Documents\My Pictures\New Folder - Cuz the other one has too damn much stuff\Sweet.gif
FriendlyName=
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source= c:\documents and settings\Kenshin Himoura\My Documents\My Pictures\New Folder - Cuz the other one has too damn much stuff\Damn wall.gif
FriendlyName=
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
Source= c:\documents and settings\Kenshin Himoura\My Documents\My Pictures\New Folder - Cuz the other one has too damn much stuff\SweetRaven.gif
FriendlyName=
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\3]
Source= c:\documents and settings\Kenshin Himoura\My Documents\Temp\Dot Hack Portal (ALTIMIT Screen) (Transparent).gif
FriendlyName=
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonuiX.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= DivXa32.acm
"wave5"= Digi32.dll
"aux5"= ctwdm32.dll
"MIDI8"= diomidi.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^AdwareFilter Background Protection.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^MSI Media Center Deluxe II.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^WinIRXHelper.lnk]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Launchpad]
--a
2005-03-18 21:49 102400 c:\program files\ATI Multimedia\main\LaunchPd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a
2004-10-29 16:50 4620288 c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a
2007-06-29 06:24 286720 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gravis Xperience Driver Support]
--a
2002-02-26 10:05 36864 c:\windows\system32\grxp4exe.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Java\\j2re1.4.2_04\\bin\\javaw.exe"=
"f:\\Games\\Microsoft Games\\Halo\\halo.exe"=
"f:\\Games\\Starcraft\\StarCraft.exe"=
"f:\\Games\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Documents and Settings\\Kenshin Himoura\\My Documents\\My Received Files\\PicoPhone163.exe"=
"c:\\WINDOWS\\System32\\rtcshare.exe"=
"c:\\Program Files\\Java\\jre1.5.0_02\\BIN\\javaw.exe"=
"f:\\Games\\World of Warcraft\\WoW.exe"=
"c:\\Program Files\\Java\\jre1.5.0_04\\BIN\\javaw.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Java\\jre1.5.0_06\\BIN\\javaw.exe"=
"f:\\Games\\FEAR\\FEAR.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"f:\\Games\\Supreme Commander - Forged Alliance\\Supreme Commander - Forged Alliance\\bin\\ForgedAlliance.exe"=
"f:\\Games\\Supreme Commander - Forged Alliance\\GPGNet\\GPG.Multiplayer.Client.exe"=
"f:\\Program Files\\Microsoft Games\\Dungeon Siege 2\\DungeonSiege2.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3274:TCP"= 3274:TCP:WoW1
"6112:TCP"= 6112:TCP:WoW2
"9842:TCP"= 9842:TCP:*:Disabled:SolidNetworkManager
"9842:UDP"= 9842:UDP:*:Disabled:SolidNetworkManager
"5353:TCP"= 5353:TCP:Adobe CSI CS4
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R1 kid_sys;Kensington Input Devices Class filter driver;c:\windows\system32\drivers\KID_SYS.sys [2005-04-11 11920]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2008-11-12 141312]
R3 DLKRTS;D-Link DFE-530TX+ PCI Adapter;c:\windows\system32\drivers\DLKRTS.SYS [2004-05-27 45568]
R3 LycoFltr;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [2008-11-06 16896]
R3 NtApm;NT Apm/Legacy Interface Driver;c:\windows\system32\drivers\NtApm.sys [2004-05-27 9344]
R4 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\000.fcl [2007-11-03 00:12:32 41456]
R4 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [2008-02-28 11776]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2007-12-27 42112]
S3 Ndisprot;ArcNet NDIS Protocol Driver;c:\windows\system32\drivers\ndisprot.sys [2008-11-23 27904]
S3 ntxpusb;Gravis USB device driver;c:\windows\system32\drivers\ntxpusb.sys [2005-04-11 266432]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-02-22 747912]
S4 AtiBt829;ATI WDM Bt829 Video (Microsoft);c:\windows\system32\drivers\ati1btxx.sys [2004-08-03 56623]
S4 CINEMSUP;Software Cinemaster NT4.0 Driver;c:\windows\system32\DRIVERS\CINEMSUP.SYS --> c:\windows\system32\DRIVERS\CINEMSUP.SYS [?]
S4 SlimFTPd;SlimFTPd; [x]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - FLEXNET_LICENSING_SERVICE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{550e2432-7774-11dd-b31d-00508d6799dc}]
\Shell\AutoRun\command - G:\autorun.exe
\Shell\directx\command - g:\directx9\dxsetup.exe
\Shell\setup\command - G:\setup.exe
.
Contents of the 'Scheduled Tasks' folder
2009-01-07 c:\windows\Tasks\Pareto UNS.job
- c:\program files\Common Files\ParetoLogic\UUS\UUS.dll\Pareto_Update.exe []
2009-01-02 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe []
2009-01-07 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe []
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-LDM - \Program\BackWeb-8876480.exe
.
Supplementary Scan
.
uInternet Settings,ProxyOverride = localhost
IE: Open Client to monitor &1 - c:\windows\web\AOpenClient.htm
IE: Open Client to monitor &2 - c:\windows\web\AOpenClient.htm
Trusted Zone: music.yahoo.com
O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FF - ProfilePath - c:\documents and settings\Kenshin Himoura\Application Data\Mozilla\Firefox\Profiles\0r3pf8xs.Raven\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - isoHunt - BitTorrent
FF - prefs.js: browser.startup.homepage - hxxp://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1205006176&rver=4.5.2130.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&id=64855
FF - plugin: c:\program files\IGN\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Microsoft Silverlight\npctrl.1.0.20926.0.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npff_gdm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npvideoegg-loader.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll
FF - plugin: c:\program files\VideoEgg\Loader\2364\npvideoegg-loader.dll
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-07 14:03:43
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
LOCKED REGISTRY KEYS
[HKEY_USERS\S-1-5-21-1202660629-1078145449-854245398-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*NULL*]
"??"=hex:35,02,51,fb,0b,ea,cb,65,2d,9c,86,62,4a,31,50,e5,07,dd,5e,f6,23,c6,0a,\
75,d7,72,b5,33,95,7c,2c,01,df,1b,73,4f,6a,aa,91,19,aa,84,7a,96,69,0b,d4,ae,\
3c,64,ab,a3,c1,a4,5a,25,58,bb,77,49,61,d9,5a,95,b4,7c,fb,39,7b,bf,a4,f5,3e,\
81,bd,4a,56,07,b7,39,cc,3e,7e,0b,5d,15,ac,55,ea,a7,22,a4,f2,05,4b,bf,e6,33,\
36,0f,51,ef,8b,23,76,a9,23,0e,9a,05,23,13,6f,ec,44,5f,93,a5,53,46,6f,2f,f1,\
b1,91,f2,f6,86,e8,99,9b,cf,0d,51,ca,b3,91,7c,b9,55,ec,67,aa,4c,96,1f,d2,20,\
8e,b2,d5,88,46,b7,a4,b3,e6,c1,52,c9,ac,2f,05,7d,4c,ef,3d,e5,6f,48,4c,41,5e,\
02,c0,7c,4c,e0,ab,76,42,4a,eb,87,50,52,59,77,e2,60,f7,fb,ec,ec,22,50,d0,c5,\
0c,a1,48,7b,16,25,1f,67,ec,5d,cb,d6,a3,9f,cb,60,0c,e0,15,04,19,96,54,9a,11,\
51,bb,c7,34,d3,b0,57,e2,49,1b,4e,f0,a2,6e,25,5a,ad,be,a5,62,0d,52,20,d4,98,\
66,0a,f5,3d,a6,4c,56,30,dd,5e,87,d7,1a,6f,33,d6,aa,66,e2,bb,53,26,c8,17,77,\
db,ed,c9,97,74,45,75,81,e7,3b,c2,2f,ff,3a,a0,34,49,18,29,9c,b1,04,98,55,00,\
60,b4,f1,d6,1b,8a,2d,fb,c8,e5,90,e2,1f,3f,82,6b,e4,6b,e5,f1,b4,3b,22,4f,45,\
9c,6e,9d,c5,d4,b8,1c,3f,da,b8,4c,95,88,c1,40,03,6f,99,1c,23,5d,9b,22,12,b2,\
24,8a,1d,8a,50,d9,57,c5,5f,89,79,d0,8e,28,34,40,4c,9b,bb,23,1d,83,70,24,6e,\
48,a7,ea,ea,86,ca,0d,fc,e2,9e,e1,00,93,a4,b9,89,1f,03,1d,ba,a8,f4,28,91,1c,\
8e,40,8d,72,e9,95,13,73,7a,2c,7f,f9,cd,6f,84,9c,0d,d8,96,1a,98,63,06,9d,a2,\
c7,b8,de,ee,22,bd,9a,ef,34,1b,a1,ed,39,d3,6b,27,3a,2b,96,a1,6c,13,66,d2,de,\
64,b6,46,e1,3e,00,41,63,3f,a9,fe,c7,f7,9c,0f,d8,ad,03,e3,2e,34,e3,aa,14,0f,\
be,99,49,1e,9c,f9,69,8a,7f,28,59,9c,c0,a6,05,c7,ef,41,1c,b7,aa,52,4e,b9,e3,\
f2,7a,33,3e,c5,0e,df,42,3e,d2,c8,91,32,9f,4c,f2,8c,ec,34,06,55,11,38,02,bd,\
82,bd,6c,63,fb,34,e2,0b,d4,bd,cb,35,04,57,c7,b1,93,d2,99,fb,9c,8a,37,14,4a,\
69,1e,0a,30,1f,af,45,84,1e,e2,db,db,f8,23,4d,be,7f,c4,3d,01,c9,cb,8d,43,61,\
ab,17,f3,1c,68,9e,c2,24,da,59,d0,b3,85,da,4d,5c,88,94,9b,1b,6f,3a,ce,0d,93,\
3c,b9,f5,70,82,ad,15,9f,25,d1,d5,07,8d,89,03,ea,63,b5,54,fc,df,4e,95,3d,5f,\
9b,8a,09,30,14,37,d4,98,de,4d,13,10,b4,17,ce,43,00,a6,1a,69,10,50,9d,31,b7,\
cb,c3,e8,90,c3,16,09,3b,b8,f3,01,d6,5d,48,3e,2f,77,7e,8e,9d,03,ab,b6,f8,e3,\
63,07,5a,9d,78,df,ef,ea,6c,52,e8,1a,57,a5,41,67,8d,61,22,5f,85,e5,0e,a1,59,\
6a,72,9f,d4,4b,2b,29,97,1a,5e,5c,e5,cb,6c,93,21,b2,9a,19,3f,3b,b5,56,e4,8c,\
e4,6b,f7,a5,9a,29,2b,61,d3,34,08,d9,e7,78,b0,87,c7,a1,fe,2c,77,34,1f,a5,86,\
00,85,18,c7,78,57,dc,d4,7d,7b,92,7b,0a,cd,22,78,72,61,77,a2,b8,f3,e0,17,04,\
9d,ce,ad,a7,1c,55,01,b2,d6,93,9d,ba,e0,82,e4,7f,07,b7,bb,63,fe,1e,94,20,24,\
1c,31,ac,52,8e,c3,41,bd,a9,89,72,4e,a4,18,2b,cc,8a,3f,86,6e,08,27,23,25,64,\
66,db,97,84,2d,0f,56,ab,f2,12,11,a2,c2,25,f8,73,45,89,e1,43,22,0a,51,71,34,\
db,5c,f8,09,e6,a1,ed,d6,5e,69,e1,6d,b6,8c,ee,82,22,00,ed,85,23,64,c6,2d,75,\
b1,e4,f5,d9,0e,dc,a8,3f,26,cc,b9,37,2e,f4,a9
"??"=hex:d5,0c,52,b1,2d,63,75,12,f1,9b,7a,3b,0d,c8,b3,8a
.
DLLs Loaded Under Running Processes
- - - - - - - > 'winlogon.exe'(848)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-01-07 14:04:47
ComboFix-quarantined-files.txt 2009-01-07 21:04:46
Pre-Run: 4,098,211,840 bytes free
Post-Run: 4,254,121,984 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn /usepmtimer
Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5
331 --- E O F --- 2008-09-10 15:48:01
*note*I noticed while highlighting and copying the log that there are still entries for RegCure in there even though I uninstalled it. Is it just showing previously installed stuff or does that mean there's leftover files somewhere. My account is the only one on my computer and its the admin account so there shouldn't be any other users with profiles on them.
There appear to be system files in your user profile going back to 1999 ???
do you have any idea why they are there ?
Please re-run RSIT and post the log ( only one will be produced this time)
Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html
Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
**Note**
To optimize scanning time and produce a more sensible report for review:
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.
Run by Kenshin Himoura at 2009-01-07 15:54:52
Microsoft Windows XP Professional Service Pack 3
System drive C: has 9 GB (33%) free of 29 GB
Total RAM: 2046 MB (62% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:54:57 PM, on 1/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Razer\Lycosa\razerhid.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Razer\Lycosa\razertra.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Kenshin Himoura\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Kenshin Himoura.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Lycosa] "C:\Program Files\Razer\Lycosa\razerhid.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Open Client to monitor &1 - C:\WINDOWS\web\AOpenClient.htm
O8 - Extra context menu item: Open Client to monitor &2 - C:\WINDOWS\web\AOpenClient.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1217473732411
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: StyleXPService - Unknown owner - (no file)
O24 - Desktop Component 0: (no name) - C:\Documents and Settings\Kenshin Himoura\My Documents\My Pictures\New Folder - Cuz the other one has too damn much stuff\Sweet.gif
O24 - Desktop Component 1: (no name) - C:\Documents and Settings\Kenshin Himoura\My Documents\My Pictures\New Folder - Cuz the other one has too damn much stuff\Damn wall.gif
O24 - Desktop Component 2: (no name) - C:\Documents and Settings\Kenshin Himoura\My Documents\My Pictures\New Folder - Cuz the other one has too damn much stuff\SweetRaven.gif
O24 - Desktop Component 3: (no name) - C:\Documents and Settings\Kenshin Himoura\My Documents\Temp\Dot Hack Portal (ALTIMIT Screen) (Transparent).gif
--
End of file - 9687 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Pareto UNS.job
C:\WINDOWS\tasks\RegCure.job
C:\WINDOWS\tasks\RegCure Program Check.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-07 320920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-07 34816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-07 73728]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"zBrowser Launcher"=C:\Program Files\Logitech\iTouch\iTouch.exe [2004-03-18 892928]
"Logitech Utility"=C:\WINDOWS\Logi_MwX.Exe [2003-12-17 19968]
"LogonStudio"=C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe [2002-09-03 987187]
"ATIPTA"=C:\WINDOWS\system32\atiptaxx.exe [2006-02-21 344064]
"HydraVisionDesktopManager"=C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe [2003-09-15 270336]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2004-10-29 4620288]
"DigidesignMMERefresh"=C:\Program Files\Digidesign\Drivers\MMERefresh.exe [2006-12-09 61440]
"BDRegion"=C:\Program Files\Cyberlink\Shared Files\brs.exe [2007-11-16 91432]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2007-10-28 72736]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2007-10-11 62760]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]
"Lycosa"=C:\Program Files\Razer\Lycosa\razerhid.exe [2008-05-21 155648]
"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2008-11-12 1783808]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-07 136600]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ATI DeviceDetect"=C:\Program Files\ATI Multimedia\main\ATIDtct.EXE [2005-03-18 53248]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"igndlm.exe"=C:\Program Files\IGN\Download Manager\DLM.exe [2008-08-01 1103216]
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe [2008-06-13 2752512]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2007-12-13 1688872]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe [2008-03-20 216520]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]
"LDM"=\Program\BackWeb-8876480.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Launchpad]
C:\Program Files\ATI Multimedia\main\launchpd.exe [2005-03-18 102400]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gravis Xperience Driver Support]
Grxp4exe.exe /init []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2004-10-29 4620288]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2007-06-29 286720]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^AdwareFilter Background Protection.lnk]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^MSI Media Center Deluxe II.lnk]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^WinIRXHelper.lnk]
[]
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
C:\Documents and Settings\Kenshin Himoura\Start Menu\Programs\Startup
GameSpot Download Manager.lnk - C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-12-04 122880]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-07-30 200064]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Java\j2re1.4.2_04\bin\javaw.exe"="C:\Program Files\Java\j2re1.4.2_04\bin\javaw.exe:*:Enabled:javaw"
"F:\Games\Microsoft Games\Halo\halo.exe"="F:\Games\Microsoft Games\Halo\halo.exe:*:Enabled:Halo"
"F:\Games\Starcraft\StarCraft.exe"="F:\Games\Starcraft\StarCraft.exe:*:Enabled:Starcraft - Brood War"
"F:\Games\Warcraft III\Warcraft III.exe"="F:\Games\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Program Files\Winamp\winamp.exe"="C:\Program Files\Winamp\winamp.exe:*:Enabled:Winamp"
"C:\Documents and Settings\Kenshin Himoura\My Documents\My Received Files\PicoPhone163.exe"="C:\Documents and Settings\Kenshin Himoura\My Documents\My Received Files\PicoPhone163.exe:*:Enabled:PicoPhone163"
"C:\WINDOWS\System32\rtcshare.exe"="C:\WINDOWS\System32\rtcshare.exe:*:Enabled:RTC App Sharing"
"C:\Program Files\Java\jre1.5.0_02\BIN\javaw.exe"="C:\Program Files\Java\jre1.5.0_02\BIN\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"F:\Games\World of Warcraft\WoW.exe"="F:\Games\World of Warcraft\WoW.exe:*:Enabled:World of Warcraft"
"C:\Program Files\Java\jre1.5.0_04\BIN\javaw.exe"="C:\Program Files\Java\jre1.5.0_04\BIN\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Java\jre1.5.0_06\BIN\javaw.exe"="C:\Program Files\Java\jre1.5.0_06\BIN\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"F:\Games\FEAR\FEAR.exe"="F:\Games\FEAR\FEAR.exe:*:Enabled:FEAR"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe"="C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD"
"F:\Games\Supreme Commander - Forged Alliance\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe"="F:\Games\Supreme Commander - Forged Alliance\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe:*:Enabled:Supreme Commander - Forged Alliance"
"F:\Games\Supreme Commander - Forged Alliance\GPGNet\GPG.Multiplayer.Client.exe"="F:\Games\Supreme Commander - Forged Alliance\GPGNet\GPG.Multiplayer.Client.exe:*:Enabled:GPGNet - Supreme Commander - Forged Alliance"
"F:\Program Files\Microsoft Games\Dungeon Siege 2\DungeonSiege2.exe"="F:\Program Files\Microsoft Games\Dungeon Siege 2\DungeonSiege2.exe:*:Enabled:Dungeon Siege 2 Game Executable"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Ventrilo\Ventrilo.exe"="C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
======List of files/folders created in the last 1 months======
2009-01-07 14:31:31 ----D---- C:\WINDOWS\LastGood
2009-01-07 14:23:06 ----A---- C:\WINDOWS\system32\javaws.exe
2009-01-07 14:23:06 ----A---- C:\WINDOWS\system32\javaw.exe
2009-01-07 14:23:06 ----A---- C:\WINDOWS\system32\java.exe
2009-01-07 14:21:07 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-01-07 14:04:48 ----A---- C:\ComboFix.txt
2009-01-07 14:01:50 ----A---- C:\Boot.bak
2009-01-07 14:01:47 ----RASHD---- C:\cmdcons
2009-01-07 13:40:32 ----A---- C:\WINDOWS\zip.exe
2009-01-07 13:40:32 ----A---- C:\WINDOWS\VFIND.exe
2009-01-07 13:40:32 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-01-07 13:40:32 ----A---- C:\WINDOWS\SWSC.exe
2009-01-07 13:40:32 ----A---- C:\WINDOWS\SWREG.exe
2009-01-07 13:40:32 ----A---- C:\WINDOWS\sed.exe
2009-01-07 13:40:32 ----A---- C:\WINDOWS\NIRCMD.exe
2009-01-07 13:40:32 ----A---- C:\WINDOWS\grep.exe
2009-01-07 13:40:32 ----A---- C:\WINDOWS\fdsv.exe
2009-01-07 13:40:26 ----D---- C:\WINDOWS\ERDNT
2009-01-07 13:40:26 ----D---- C:\Qoobox
2009-01-07 12:37:21 ----SHD---- C:\Config.Msi
2009-01-06 23:56:25 ----D---- C:\Program Files\OGMTOAVI
2009-01-06 21:32:45 ----D---- C:\rsit
2009-01-05 23:11:54 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\FLEXnet
2009-01-05 22:58:28 ----D---- C:\Program Files\Common Files\Macrovision Shared
2009-01-03 13:15:12 ----D---- C:\Documents and Settings\Kenshin Himoura\Application Data\AvniTech
2009-01-03 13:15:09 ----D---- C:\Program Files\ShowSize
2008-12-29 23:36:46 ----SHD---- C:\FOUND.006
2008-12-28 19:00:20 ----A---- C:\DBS.TXT
2008-12-28 16:28:04 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Diskeeper Corporation
2008-12-28 16:28:03 ----D---- C:\Program Files\Diskeeper Corporation
2008-12-14 14:47:00 ----SHD---- C:\FOUND.005
======List of files/folders modified in the last 1 months======
2009-01-07 15:48:16 ----A---- C:\WINDOWS\NeroDigital.ini
2009-01-07 14:29:34 ----A---- C:\WINDOWS\LogonStudio.ini
2009-01-07 14:27:46 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-07 14:22:50 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-01-07 14:03:46 ----A---- C:\WINDOWS\system.ini
2009-01-07 14:01:52 ----RASH---- C:\boot.ini
2009-01-06 01:26:54 ----A---- C:\WINDOWS\msicpl.ini
2009-01-04 23:37:28 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2009-01-03 02:51:26 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-29 21:30:02 ----A---- C:\WINDOWS\ModemLog_Motorola USB Modem #3.txt
2008-12-27 15:17:38 ----A---- C:\WINDOWS\imsins.BAK
2008-12-27 11:01:54 ----A---- C:\WINDOWS\iTouch.ini
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 kid_sys;Kensington Input Devices Class filter driver; C:\WINDOWS\System32\drivers\KID_SYS.sys [2001-09-26 11920]
R1 mbmiodrvr;mbmiodrvr; \??\C:\WINDOWS\system32\mbmiodrvr.sys []
R1 NCPro;NCPro; C:\WINDOWS\system32\drivers\MTictwl.sys [2005-10-21 13396]
R1 NPPTNT;NPPTNT; \??\C:\WINDOWS\system32\npptNT.sys []
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 StyleXPHelper;StyleXPHelper; \??\C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe []
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B}; \??\C:\Program Files\CyberLink\PowerDVD\000.fcl []
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2007-11-15 278984]
R2 DigiNet;Digidesign Ethernet Support; C:\WINDOWS\system32\DRIVERS\diginet.sys [2006-12-08 11776]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2007-11-15 25416]
R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [2006-03-14 90176]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-08-06 4122112]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2007-12-04 2782208]
R3 DLKRTS;D-Link DFE-530TX+ PCI Adapter; C:\WINDOWS\System32\DRIVERS\DLKRTS.SYS [2002-06-23 45568]
R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5b.sys [2004-04-14 42496]
R3 hidusb;Lycosa HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 LycoFltr;Lycosa Keyboard; C:\WINDOWS\System32\Drivers\Lycosa.sys [2008-05-22 16896]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NtApm;NT Apm/Legacy Interface Driver; C:\WINDOWS\System32\DRIVERS\NtApm.sys [2001-08-17 9344]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-08-23 5888]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 vulfnths;VIA USB Host Controller Lower Filter; C:\WINDOWS\System32\Drivers\vulfnth.sys [2003-08-04 6912]
S2 AtiBt829;ATI WDM Bt829 Video (Microsoft); C:\WINDOWS\system32\DRIVERS\ati1btxx.sys [2004-08-03 56623]
S2 ATITUNEP;ATI WDM TV Tuner (Microsoft); C:\WINDOWS\system32\DRIVERS\ati1tuxx.sys [2004-08-03 36463]
S2 ATIXSAudio;ATI WDM TV Audio Crossbar (Microsoft); C:\WINDOWS\system32\DRIVERS\ati1xsxx.sys [2004-08-03 34735]
S2 CINEMSUP;Software Cinemaster NT4.0 Driver; C:\WINDOWS\SYSTEM32\DRIVERS\CINEMSUP.SYS []
S2 MVDCODEC;ATI WDM Specialized MVD Codec (Microsoft); C:\WINDOWS\system32\DRIVERS\ati1mdxx.sys [2004-08-03 11615]
S3 a8cn14hd;a8cn14hd; C:\WINDOWS\system32\drivers\a8cn14hd.sys []
S3 a9nqxor7;a9nqxor7; C:\WINDOWS\system32\drivers\a9nqxor7.sys []
S3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-23 400384]
S3 ati2mtaa;ati2mtaa; C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys [2004-08-03 327040]
S3 catchme;catchme; \??\C:\DOCUME~1\KENSHI~1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ctljystk;Creative SBLive! Gameport; C:\WINDOWS\system32\DRIVERS\ctljystk.sys [2001-08-17 3712]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2001-08-17 283904]
S3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2001-08-17 6912]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2007-12-15 17480]
S3 HCF_MSFT;HCF_MSFT; C:\WINDOWS\system32\DRIVERS\HCF_MSFT.sys [2001-08-17 907456]
S3 IKFileSec;File Security Driver; C:\WINDOWS\system32\drivers\ikfilesec.sys [2008-02-01 42376]
S3 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2007-12-10 66952]
S3 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2007-12-10 81288]
S3 itchfltr;iTouch Keyboard Filter; C:\WINDOWS\System32\DRIVERS\itchfltr.sys [2004-03-10 12953]
S3 L8042pr2;Logitech PS/2 Mouse Filter Driver; C:\WINDOWS\System32\DRIVERS\L8042pr2.Sys [2003-12-17 51729]
S3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\System32\DRIVERS\LMouFlt2.Sys [2003-12-17 70801]
S3 ltmodem5;LT Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2004-08-03 606684]
S3 MagicTune;MagicTune; C:\WINDOWS\system32\drivers\MTiCtwl.sys [2005-10-21 13396]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 MotDev;Motorola Inc. USB Device; C:\WINDOWS\system32\DRIVERS\motodrv.sys [2007-10-10 42112]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-06-20 23680]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 Ndisprot;ArcNet NDIS Protocol Driver; \??\C:\WINDOWS\system32\drivers\Ndisprot.sys []
S3 NTSIM;NTSIM; \??\C:\WINDOWS\system32\ntsim.sys []
S3 ntxpusb;Gravis USB device driver; C:\WINDOWS\system32\drivers\ntxpusb.sys [2002-02-26 266432]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-10-29 2826944]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2001-08-17 36480]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 sonypvs1;Sony Digital Imaging Video2; C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 102220]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 tbhsd;Tunebite High-Speed Dubbing; C:\WINDOWS\system32\drivers\tbhsd.sys []
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbsermptxp;Motorola USB Modem Driver for MPT XP; C:\WINDOWS\system32\DRIVERS\usbsermptxp.sys [2008-04-18 25600]
S3 vaxscsi;vaxscsi; C:\WINDOWS\System32\Drivers\vaxscsi.sys []
S3 VIAudio;VIA AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\ac97via.sys [2002-08-29 84480]
S3 vulfntrs;VIA USB Roothub Lower Filter; C:\WINDOWS\System32\Drivers\vulfntr.sys [2003-08-04 11392]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 XTrapD12;XTrapD12; \??\F:\Games\Legend Of Ares\\XTrap\XTrapD12.sys []
S4 ACPI;ACPI; C:\WINDOWS\system32\drivers\ACPI.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-12-04 495616]
R2 DigiRefresh;Digidesign MME Refresh Service; C:\Program Files\Digidesign\Drivers\MMERefresh.exe [2006-12-09 61440]
R2 Diskeeper;Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [2007-10-16 1094936]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-07 152984]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2007-08-30 66872]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2007-10-15 243056]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2008-11-12 570880]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-12-13 447784]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2007-09-28 593920]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2004-10-29 127043]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-01-05 655624]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-02-01 747912]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-02-01 948616]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
EOF
Also I'm not entirely sure about the profile stuff from 1999...
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, January 8, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, January 07, 2009 22:14:16
Records in database: 1581636
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
Scan statistics:
Files scanned: 208115
Threat name: 2
Infected objects: 3
Suspicious objects: 0
Duration of the scan: 04:09:42
File name / Threat name / Threats count
C:\Documents and Settings\Kenshin Himoura\My Documents\My Received Files\slimftpd.zip Infected: not-a-virus:Server-FTP.Win32.SlimFTPd.315 1
C:\WINDOWS\cache277\B_277_0_1_612800.htm Infected: Trojan-Clicker.HTML.IFrame.bk 1
C:\WINDOWS\cache277\B_277_0_1_625900.htm Infected: Trojan-Clicker.HTML.IFrame.bk 1
The selected area was scanned.
Custom CFScript
File:: C:\Documents and Settings\Kenshin Himoura\My Documents\My Received Files\slimftpd.zip C:\WINDOWS\cache277\B_277_0_1_612800.htm C:\WINDOWS\cache277\B_277_0_1_625900.htm C:\install_flash_player.exe c:\windows\Tasks\Pareto UNS.job c:\windows\Tasks\RegCure.job c:\windows\Tasks\RegCure Program Check.job Folder:: Driver:: SlimFTPd Registry:: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "LDM"=- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SpywareTerminator"=- "Adobe Reader Speed Launcher"=- "SunJavaUpdateSched"=- [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^AdwareFilter Background Protection.lnk] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^MSI Media Center Deluxe II.lnk] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^WinIRXHelper.lnk] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Authorize dApplications\List] "c:\\Program Files\\Java\\j2re1.4.2_04\\bin\\javaw.exe"=- "c:\\Program Files\\Java\\jre1.5.0_02\\BIN\\javaw.exe"=- "c:\\Program Files\\Java\\jre1.5.0_04\\BIN\\javaw.exe"=- "c:\\Program Files\\Java\\jre1.5.0_06\\BIN\\javaw.exe"=- [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints 2\{550e2432-7774-11dd-b31d-00508d6799dc}] ADS::CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1355 [GMT -7:00]
Running from: c:\documents and settings\Kenshin Himoura\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Kenshin Himoura\Desktop\CFScript.txt
AV: VirusRescue 3.0 *On-access scanning enabled* (Outdated)
* Created a new restore point
FILE ::
c:\documents and settings\Kenshin Himoura\My Documents\My Received Files\slimftpd.zip
C:\install_flash_player.exe
c:\windows\cache277\B_277_0_1_612800.htm
c:\windows\cache277\B_277_0_1_625900.htm
c:\windows\Tasks\Pareto UNS.job
c:\windows\Tasks\RegCure Program Check.job
c:\windows\Tasks\RegCure.job
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Kenshin Himoura\My Documents\My Received Files\slimftpd.zip
C:\install_flash_player.exe
c:\windows\cache277\B_277_0_1_612800.htm
c:\windows\cache277\B_277_0_1_625900.htm
c:\windows\Tasks\Pareto UNS.job
c:\windows\Tasks\RegCure Program Check.job
c:\windows\Tasks\RegCure.job
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
\Legacy_SLIMFTPD
\Service_SlimFTPd
((((((((((((((((((((((((( Files Created from 2008-12-08 to 2009-01-08 )))))))))))))))))))))))))))))))
.
2009-01-07 15:27 . 2009-01-07 15:27 54,156 --ah
c:\windows\QTFont.qfn
2009-01-07 15:27 . 2009-01-07 15:27 1,409 --a
c:\windows\QTFont.for
2009-01-07 14:23 . 2009-01-07 14:22 73,728 --a
c:\windows\system32\javacpl.cpl
2009-01-07 14:21 . 2009-01-07 14:21 <DIR> d
c:\program files\Common Files\Adobe AIR
2009-01-06 23:56 . 2009-01-06 23:56 <DIR> d
c:\program files\OGMTOAVI
2009-01-06 21:32 . 2009-01-06 21:32 <DIR> d
C:\rsit
2009-01-05 23:11 . 2009-01-05 23:11 <DIR> d
c:\documents and settings\All Users.WINDOWS\Application Data\FLEXnet
2009-01-05 22:58 . 2009-01-05 22:58 <DIR> d
c:\program files\Common Files\Macrovision Shared
2009-01-03 13:15 . 2009-01-03 13:15 <DIR> d
c:\program files\ShowSize
2009-01-03 13:15 . 2009-01-03 13:15 <DIR> d
c:\documents and settings\Kenshin Himoura\Application Data\AvniTech
2008-12-29 23:36 . 2008-12-29 23:36 <DIR> d--hs---- C:\FOUND.006
2008-12-28 16:28 . 2008-12-28 16:28 <DIR> d
c:\program files\Diskeeper Corporation
2008-12-28 16:28 . 2008-12-28 16:28 <DIR> d
c:\documents and settings\All Users.WINDOWS\Application Data\Diskeeper Corporation
2008-12-14 14:47 . 2008-12-14 14:47 <DIR> d--hs---- C:\FOUND.005
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-07 21:22 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-01-05 06:37 201,816 ----a-w c:\windows\system32\PnkBstrB.exe
2009-01-05 06:37 137,992 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-12-03 20:10
d
w c:\program files\DOSBox-0.72
2008-11-24 05:13 0 ----a-w c:\documents and settings\Kenshin Himoura\dpuGUI10.dll
2008-11-24 01:37
d
w c:\program files\Trend Micro
2008-11-23 23:36
d
w c:\documents and settings\Kenshin Himoura\Application Data\Malwarebytes
2008-11-23 23:35
d
w c:\program files\Malwarebytes' Anti-Malware
2008-11-23 23:35
d
w c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-11-23 18:55 27,904 ----a-w c:\windows\system32\drivers\ndisprot.sys
2008-11-19 17:08
d
w c:\program files\Ventrilo
2008-11-15 20:22
d
w c:\documents and settings\Kenshin Himoura\Application Data\Acreon
2008-11-12 16:56 141,312 ----a-w c:\windows\system32\drivers\sp_rsdrv2.sys
2008-11-12 16:56
d
w c:\program files\Crawler
2008-11-12 16:55
d
w c:\program files\Spyware Terminator
2008-11-12 16:55
d
w c:\documents and settings\Kenshin Himoura\Application Data\Spyware Terminator
2008-11-12 16:55
d
w c:\documents and settings\All Users.WINDOWS\Application Data\Spyware Terminator
2008-10-26 14:45 28,632 ----a-w c:\windows\TMPG001.TMP
2008-10-16 21:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 21:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 21:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 21:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 21:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 21:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 21:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 21:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 21:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 21:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 21:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 21:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 21:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 21:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 21:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-07-25 09:34 294,912 ----a-w c:\documents and settings\Kenshin Himoura\dpu10.dll
2008-04-19 00:41 92,064 ----a-w c:\documents and settings\Kenshin Himoura\mqdmmdm.sys
2008-04-19 00:41 9,232 ----a-w c:\documents and settings\Kenshin Himoura\mqdmmdfl.sys
2008-04-19 00:41 79,328 ----a-w c:\documents and settings\Kenshin Himoura\mqdmserd.sys
2008-04-19 00:41 66,656 ----a-w c:\documents and settings\Kenshin Himoura\mqdmbus.sys
2008-04-19 00:41 6,208 ----a-w c:\documents and settings\Kenshin Himoura\mqdmcmnt.sys
2008-04-19 00:41 5,936 ----a-w c:\documents and settings\Kenshin Himoura\mqdmwhnt.sys
2008-04-19 00:41 4,048 ----a-w c:\documents and settings\Kenshin Himoura\mqdmcr.sys
2008-04-19 00:41 25,600 ----a-w c:\documents and settings\Kenshin Himoura\usbsermptxp.sys
2008-04-19 00:41 22,768 ----a-w c:\documents and settings\Kenshin Himoura\usbsermpt.sys
2008-04-14 12:42 985,088 ----a-w c:\documents and settings\Kenshin Himoura\setupapi.dll
2008-04-14 01:12 83,456 ----a-w c:\documents and settings\Kenshin Himoura\dpvsetup.exe
2008-04-14 01:12 8,192 ----a-w c:\documents and settings\Kenshin Himoura\ntlsapi.dll
2008-04-14 01:12 6,144 ----a-w c:\documents and settings\Kenshin Himoura\dcomcnfg.exe
2008-04-14 01:12 29,696 ----a-w c:\documents and settings\Kenshin Himoura\dplaysvr.exe
2008-04-14 01:12 180,224 ----a-w c:\documents and settings\Kenshin Himoura\dwwin.exe
2008-04-14 01:12 17,920 ----a-w c:\documents and settings\Kenshin Himoura\dvdupgrd.exe
2008-04-14 01:12 15,872 ----a-w c:\documents and settings\Kenshin Himoura\help.exe
2008-04-14 01:11 71,680 ----a-w c:\documents and settings\Kenshin Himoura\dsdmoprp.dll
2008-04-14 01:11 229,888 ----a-w c:\documents and settings\Kenshin Himoura\dplayx.dll
2008-04-14 01:11 155,648 ----a-w c:\documents and settings\Kenshin Himoura\dskquoui.dll
2008-04-14 01:11 1,179,648 ----a-w c:\documents and settings\Kenshin Himoura\d3d8.dll
2008-04-14 01:09 3,072 ----a-w c:\documents and settings\Kenshin Himoura\dpnaddr.dll
2008-04-13 18:39 2,897,920 ----a-w c:\documents and settings\Kenshin Himoura\xpsp2res.dll
2007-11-21 18:23 81,920 ----a-w c:\documents and settings\Kenshin Himoura\frapsvid.dll
2007-10-28 00:40 222,720 ----a-w c:\documents and settings\Kenshin Himoura\wmasf.dll
2007-04-13 10:21 271,360 ----a-w c:\documents and settings\Kenshin Himoura\mscoree.dll
2006-10-19 04:47 542,720 ----a-w c:\documents and settings\Kenshin Himoura\blackbox.dll
2006-10-19 04:47 33,792 ----a-w c:\documents and settings\Kenshin Himoura\wmdmlog.dll
2006-09-26 20:57 28,672 ----a-w c:\documents and settings\Kenshin Himoura\AVEQT.dll
2006-01-20 22:46 245,408 ----a-w c:\documents and settings\Kenshin Himoura\unicows.dll
2005-03-19 00:19 2,337,488 ----a-w c:\documents and settings\Kenshin Himoura\d3dx9_25.dll
2005-01-05 22:43 4,682 ----a-w c:\documents and settings\Kenshin Himoura\npptNT2.sys
2004-10-29 23:50 32,256 ----a-w c:\documents and settings\Kenshin Himoura\nvcodins.dll
2004-09-01 16:49 53,248 ----a-w c:\documents and settings\Kenshin Himoura\dpv10.dll
2004-09-01 16:49 335,872 ----a-w c:\documents and settings\Kenshin Himoura\dpus10.dll
2004-09-01 16:49 3,375,104 ----a-w c:\documents and settings\Kenshin Himoura\qt-mt331.dll
2004-08-11 08:45 253,688 ----a-w c:\documents and settings\Kenshin Himoura\drmclien.dll
2004-08-04 06:51 53,840 ----a-w c:\documents and settings\Kenshin Himoura\dosx.exe
2002-01-05 11:38 54,784 ----a-w c:\documents and settings\Kenshin Himoura\MSVCI70.DLL
2001-08-23 22:00 9,344 ----a-w c:\documents and settings\Kenshin Himoura\vga.dll
2001-08-23 22:00 7,040 ----a-w c:\documents and settings\Kenshin Himoura\kdcom.dll
2001-08-23 22:00 69,120 ----a-w c:\documents and settings\Kenshin Himoura\olethk32.dll
2001-08-23 22:00 5,632 ----a-w c:\documents and settings\Kenshin Himoura\kbdus.dll
2001-08-23 22:00 22,016 ----a-w c:\documents and settings\Kenshin Himoura\olesvr32.dll
2001-08-23 22:00 2,560 ----a-w c:\documents and settings\Kenshin Himoura\lz32.dll
2001-08-23 22:00 12,288 ----a-w c:\documents and settings\Kenshin Himoura\bootvid.dll
1999-01-22 00:40 94,208 ----a-w c:\documents and settings\Kenshin Himoura\msstkprp.dll
2008-07-31 04:59 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008073020080731\index.dat
.
((((((((((((((((((((((((((((( snapshot@2009-01-07_14.03.55.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-21 03:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
+ 2007-12-12 22:06:42 295,606 ----a-r c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A90000000001}\SC_Reader.exe
- 2008-11-06 22:21:30 313,176 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-01-07 21:29:22 2,195,696 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2008-11-27 20:27:34 144,792 ----a-w c:\windows\system32\java.exe
+ 2009-01-07 21:22:50 144,792 ----a-w c:\windows\system32\java.exe
- 2008-11-27 20:27:34 144,792 ----a-w c:\windows\system32\javaw.exe
+ 2009-01-07 21:22:52 144,792 ----a-w c:\windows\system32\javaw.exe
- 2008-11-27 20:27:34 148,888 ----a-w c:\windows\system32\javaws.exe
+ 2009-01-07 21:22:52 148,888 ----a-w c:\windows\system32\javaws.exe
+ 2008-10-16 21:08:58 34,328 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll
+ 2008-10-16 21:09:44 43,544 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll
+ 2009-01-08 19:13:24 16,384 ----a-w c:\windows\Temp\Perflib_Perfdata_1e8.dat
+ 2009-01-08 19:13:18 16,384 ----a-w c:\windows\Temp\Perflib_Perfdata_278.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATI DeviceDetect"="c:\program files\ATI Multimedia\main\ATIDtct.EXE" [2005-03-18 53248]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"igndlm.exe"="c:\program files\IGN\Download Manager\DLM.exe" [2008-08-01 1103216]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2008-06-13 2752512]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 1688872]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 52\axcmd.exe" [2008-03-20 216520]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"LogonStudio"="c:\program files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 987187]
"HydraVisionDesktopManager"="c:\program files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe" [2003-09-15 270336]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-10-29 4620288]
"DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2006-12-09 61440]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2007-11-16 91432]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-10-28 72736]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-10-11 62760]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"Lycosa"="c:\program files\Razer\Lycosa\razerhid.exe" [2008-05-21 155648]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 c:\windows\LOGI_MWX.EXE]
"ATIPTA"="atiptaxx.exe" [2006-02-21 c:\windows\system32\atiptaxx.exe]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:\windows\soundman.exe]
c:\documents and settings\Kenshin Himoura\Start Menu\Programs\Startup\
GameSpot Download Manager.lnk - c:\program files\GameSpot\GameSpotDownloadManager_Win32.exe [2008-04-16 876544]
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2004-06-29 450560]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-01-21 65588]
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= c:\documents and settings\Kenshin Himoura\My Documents\My Pictures\New Folder - Cuz the other one has too damn much stuff\Sweet.gif
FriendlyName=
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source= c:\documents and settings\Kenshin Himoura\My Documents\My Pictures\New Folder - Cuz the other one has too damn much stuff\Damn wall.gif
FriendlyName=
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
Source= c:\documents and settings\Kenshin Himoura\My Documents\My Pictures\New Folder - Cuz the other one has too damn much stuff\SweetRaven.gif
FriendlyName=
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\3]
Source= c:\documents and settings\Kenshin Himoura\My Documents\Temp\Dot Hack Portal (ALTIMIT Screen) (Transparent).gif
FriendlyName=
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonuiX.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= DivXa32.acm
"wave5"= Digi32.dll
"aux5"= ctwdm32.dll
"MIDI8"= diomidi.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Launchpad]
--a
2005-03-18 21:49 102400 c:\program files\ATI Multimedia\main\LaunchPd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a
2004-10-29 16:50 4620288 c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a
2007-06-29 06:24 286720 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gravis Xperience Driver Support]
--a
2002-02-26 10:05 36864 c:\windows\system32\grxp4exe.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Java\\j2re1.4.2_04\\bin\\javaw.exe"=
"f:\\Games\\Microsoft Games\\Halo\\halo.exe"=
"f:\\Games\\Starcraft\\StarCraft.exe"=
"f:\\Games\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Documents and Settings\\Kenshin Himoura\\My Documents\\My Received Files\\PicoPhone163.exe"=
"c:\\WINDOWS\\System32\\rtcshare.exe"=
"f:\\Games\\World of Warcraft\\WoW.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"f:\\Games\\FEAR\\FEAR.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"f:\\Games\\Supreme Commander - Forged Alliance\\Supreme Commander - Forged Alliance\\bin\\ForgedAlliance.exe"=
"f:\\Games\\Supreme Commander - Forged Alliance\\GPGNet\\GPG.Multiplayer.Client.exe"=
"f:\\Program Files\\Microsoft Games\\Dungeon Siege 2\\DungeonSiege2.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3274:TCP"= 3274:TCP:WoW1
"6112:TCP"= 6112:TCP:WoW2
"9842:TCP"= 9842:TCP:*:Disabled:SolidNetworkManager
"9842:UDP"= 9842:UDP:*:Disabled:SolidNetworkManager
"5353:TCP"= 5353:TCP:Adobe CSI CS4
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R1 kid_sys;Kensington Input Devices Class filter driver;c:\windows\system32\drivers\KID_SYS.sys [2005-04-11 11920]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2008-11-12 141312]
R3 DLKRTS;D-Link DFE-530TX+ PCI Adapter;c:\windows\system32\drivers\DLKRTS.SYS [2004-05-27 45568]
R3 LycoFltr;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [2008-11-06 16896]
R3 NtApm;NT Apm/Legacy Interface Driver;c:\windows\system32\drivers\NtApm.sys [2004-05-27 9344]
R4 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\000.fcl [2007-11-03 00:12:32 41456]
R4 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [2008-02-28 11776]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2007-12-27 42112]
S3 Ndisprot;ArcNet NDIS Protocol Driver;c:\windows\system32\drivers\ndisprot.sys [2008-11-23 27904]
S3 ntxpusb;Gravis USB device driver;c:\windows\system32\drivers\ntxpusb.sys [2005-04-11 266432]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-02-22 747912]
S4 AtiBt829;ATI WDM Bt829 Video (Microsoft);c:\windows\system32\drivers\ati1btxx.sys [2004-08-03 56623]
S4 CINEMSUP;Software Cinemaster NT4.0 Driver;c:\windows\system32\DRIVERS\CINEMSUP.SYS --> c:\windows\system32\DRIVERS\CINEMSUP.SYS [?]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{550e2432-7774-11dd-b31d-00508d6799dc}]
\Shell\AutoRun\command - G:\autorun.exe
\Shell\directx\command - g:\directx9\dxsetup.exe
\Shell\setup\command - G:\setup.exe
.
.
Supplementary Scan
.
uInternet Settings,ProxyOverride = localhost
Trusted Zone: music.yahoo.com
O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FF - ProfilePath - c:\documents and settings\Kenshin Himoura\Application Data\Mozilla\Firefox\Profiles\0r3pf8xs.Raven\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1205006176&rver=4.5.2130.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&id=64855
FF - plugin: c:\program files\IGN\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Microsoft Silverlight\npctrl.1.0.20926.0.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npff_gdm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npvideoegg-loader.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll
FF - plugin: c:\program files\VideoEgg\Loader\2364\npvideoegg-loader.dll
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-08 12:13:48
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
LOCKED REGISTRY KEYS
[HKEY_USERS\S-1-5-21-1202660629-1078145449-854245398-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*NULL*]
"??"=hex:35,02,51,fb,0b,ea,cb,65,2d,9c,86,62,4a,31,50,e5,07,dd,5e,f6,23,c6,0a,\
75,d7,72,b5,33,95,7c,2c,01,df,1b,73,4f,6a,aa,91,19,aa,84,7a,96,69,0b,d4,ae,\
3c,64,ab,a3,c1,a4,5a,25,58,bb,77,49,61,d9,5a,95,b4,7c,fb,39,7b,bf,a4,f5,3e,\
81,bd,4a,56,07,b7,39,cc,3e,7e,0b,5d,15,ac,55,ea,a7,22,a4,f2,05,4b,bf,e6,33,\
36,0f,51,ef,8b,23,76,a9,23,0e,9a,05,23,13,6f,ec,44,5f,93,a5,53,46,6f,2f,f1,\
b1,91,f2,f6,86,e8,99,9b,cf,0d,51,ca,b3,91,7c,b9,55,ec,67,aa,4c,96,1f,d2,20,\
8e,b2,d5,88,46,b7,a4,b3,e6,c1,52,c9,ac,2f,05,7d,4c,ef,3d,e5,6f,48,4c,41,5e,\
02,c0,7c,4c,e0,ab,76,42,4a,eb,87,50,52,59,77,e2,60,f7,fb,ec,ec,22,50,d0,c5,\
0c,a1,48,7b,16,25,1f,67,ec,5d,cb,d6,a3,9f,cb,60,0c,e0,15,04,19,96,54,9a,11,\
51,bb,c7,34,d3,b0,57,e2,49,1b,4e,f0,a2,6e,25,5a,ad,be,a5,62,0d,52,20,d4,98,\
66,0a,f5,3d,a6,4c,56,30,dd,5e,87,d7,1a,6f,33,d6,aa,66,e2,bb,53,26,c8,17,77,\
db,ed,c9,97,74,45,75,81,e7,3b,c2,2f,ff,3a,a0,34,49,18,29,9c,b1,04,98,55,00,\
60,b4,f1,d6,1b,8a,2d,fb,c8,e5,90,e2,1f,3f,82,6b,e4,6b,e5,f1,b4,3b,22,4f,45,\
9c,6e,9d,c5,d4,b8,1c,3f,da,b8,4c,95,88,c1,40,03,6f,99,1c,23,5d,9b,22,12,b2,\
24,8a,1d,8a,50,d9,57,c5,5f,89,79,d0,8e,28,34,40,4c,9b,bb,23,1d,83,70,24,6e,\
48,a7,ea,ea,86,ca,0d,fc,e2,9e,e1,00,93,a4,b9,89,1f,03,1d,ba,a8,f4,28,91,1c,\
8e,40,8d,72,e9,95,13,73,7a,2c,7f,f9,cd,6f,84,9c,0d,d8,96,1a,98,63,06,9d,a2,\
c7,b8,de,ee,22,bd,9a,ef,34,1b,a1,ed,39,d3,6b,27,3a,2b,96,a1,6c,13,66,d2,de,\
64,b6,46,e1,3e,00,41,63,3f,a9,fe,c7,f7,9c,0f,d8,ad,03,e3,2e,34,e3,aa,14,0f,\
be,99,49,1e,9c,f9,69,8a,7f,28,59,9c,c0,a6,05,c7,ef,41,1c,b7,aa,52,4e,b9,e3,\
f2,7a,33,3e,c5,0e,df,42,3e,d2,c8,91,32,9f,4c,f2,8c,ec,34,06,55,11,38,02,bd,\
82,bd,6c,63,fb,34,e2,0b,d4,bd,cb,35,04,57,c7,b1,93,d2,99,fb,9c,8a,37,14,4a,\
69,1e,0a,30,1f,af,45,84,1e,e2,db,db,f8,23,4d,be,7f,c4,3d,01,c9,cb,8d,43,61,\
ab,17,f3,1c,68,9e,c2,24,da,59,d0,b3,85,da,4d,5c,88,94,9b,1b,6f,3a,ce,0d,93,\
3c,b9,f5,70,82,ad,15,9f,25,d1,d5,07,8d,89,03,ea,63,b5,54,fc,df,4e,95,3d,5f,\
9b,8a,09,30,14,37,d4,98,de,4d,13,10,b4,17,ce,43,00,a6,1a,69,10,50,9d,31,b7,\
cb,c3,e8,90,c3,16,09,3b,b8,f3,01,d6,5d,48,3e,2f,77,7e,8e,9d,03,ab,b6,f8,e3,\
63,07,5a,9d,78,df,ef,ea,6c,52,e8,1a,57,a5,41,67,8d,61,22,5f,85,e5,0e,a1,59,\
6a,72,9f,d4,4b,2b,29,97,1a,5e,5c,e5,cb,6c,93,21,b2,9a,19,3f,3b,b5,56,e4,8c,\
e4,6b,f7,a5,9a,29,2b,61,d3,34,08,d9,e7,78,b0,87,c7,a1,fe,2c,77,34,1f,a5,86,\
00,85,18,c7,78,57,dc,d4,7d,7b,92,7b,0a,cd,22,78,72,61,77,a2,b8,f3,e0,17,04,\
9d,ce,ad,a7,1c,55,01,b2,d6,93,9d,ba,e0,82,e4,7f,07,b7,bb,63,fe,1e,94,20,24,\
1c,31,ac,52,8e,c3,41,bd,a9,89,72,4e,a4,18,2b,cc,8a,3f,86,6e,08,27,23,25,64,\
66,db,97,84,2d,0f,56,ab,f2,12,11,a2,c2,25,f8,73,45,89,e1,43,22,0a,51,71,34,\
db,5c,f8,09,e6,a1,ed,d6,5e,69,e1,6d,b6,8c,ee,82,22,00,ed,85,23,64,c6,2d,75,\
b1,e4,f5,d9,0e,dc,a8,3f,26,cc,b9,37,2e,f4,a9
"??"=hex:d5,0c,52,b1,2d,63,75,12,f1,9b,7a,3b,0d,c8,b3,8a
.
DLLs Loaded Under Running Processes
- - - - - - - > 'winlogon.exe'(844)
c:\windows\system32\Ati2evxx.dll
.
Other Running Processes
.
c:\windows\SYSTEM32\ATI2EVXX.EXE
c:\windows\SYSTEM32\ATI2EVXX.EXE
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\SYSTEM32\PNKBSTRA.EXE
c:\program files\CYBERLINK\SHARED FILES\RICHVIDEO.EXE
c:\program files\SPYWARE TERMINATOR\SP_RSSER.EXE
c:\program files\ALCOHOL SOFT\ALCOHOL 52\STARWIND\STARWINDSERVICEAE.EXE
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\ATI TECHNOLOGIES\ATI.ACE\CORE-STATIC\MOM.EXE
c:\program files\COMMON FILES\NERO\LIB\NMINDEXINGSERVICE.EXE
c:\program files\ATI TECHNOLOGIES\ATI.ACE\CORE-STATIC\CCC.EXE
c:\program files\RAZER\LYCOSA\RAZERTRA.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-01-08 12:17:44 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-08 19:17:42
ComboFix2.txt 2009-01-07 21:04:50
Pre-Run: 8,292,581,376 bytes free
Post-Run: 9,605,513,216 bytes free
Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5
365 --- E O F --- 2008-09-10 15:48:01
Notes: Hard drive space seems to be going down at a slower rate before this restart. Doesn't seem to have moved at all yet on this boot, been sittin at 8.97 gigs since I first looked at it till now.
Combofix tells me that I was running an anti virus thing I've never had though VirusRescue 3.0, never had it, still don't as far as I can tell, I looked for it in add/remove programs list and found a list of it's actual files online and couldn't find any of them through searching so I don't know whats up there, none of the .exe's or .dll's associated with it were found, or the registry keys, so I just had combofix go ahead with its scan.
Please post a final HJT log for me to check
Scan saved at 5:21:57 PM, on 1/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Razer\Lycosa\razerhid.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Razer\Lycosa\razertra.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Lycosa] "C:\Program Files\Razer\Lycosa\razerhid.exe"
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1217473732411
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O24 - Desktop Component 0: (no name) - C:\Documents and Settings\Kenshin Himoura\My Documents\My Pictures\New Folder - Cuz the other one has too damn much stuff\Sweet.gif
O24 - Desktop Component 1: (no name) - C:\Documents and Settings\Kenshin Himoura\My Documents\My Pictures\New Folder - Cuz the other one has too damn much stuff\Damn wall.gif
O24 - Desktop Component 2: (no name) - C:\Documents and Settings\Kenshin Himoura\My Documents\My Pictures\New Folder - Cuz the other one has too damn much stuff\SweetRaven.gif
O24 - Desktop Component 3: (no name) - C:\Documents and Settings\Kenshin Himoura\My Documents\Temp\Dot Hack Portal (ALTIMIT Screen) (Transparent).gif
--
End of file - 8844 bytes
Scan saved at 5:21:57 PM, on 1/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Razer\Lycosa\razerhid.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Razer\Lycosa\razertra.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Lycosa] "C:\Program Files\Razer\Lycosa\razerhid.exe"
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1217473732411
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O24 - Desktop Component 0: (no name) - C:\Documents and Settings\Kenshin Himoura\My Documents\My Pictures\New Folder - Cuz the other one has too damn much stuff\Sweet.gif
O24 - Desktop Component 1: (no name) - C:\Documents and Settings\Kenshin Himoura\My Documents\My Pictures\New Folder - Cuz the other one has too damn much stuff\Damn wall.gif
O24 - Desktop Component 2: (no name) - C:\Documents and Settings\Kenshin Himoura\My Documents\My Pictures\New Folder - Cuz the other one has too damn much stuff\SweetRaven.gif
O24 - Desktop Component 3: (no name) - C:\Documents and Settings\Kenshin Himoura\My Documents\Temp\Dot Hack Portal (ALTIMIT Screen) (Transparent).gif
--
End of file - 8844 bytes
Edit: Also it seems my hard drive space is just getting eaten up more slowly now, its sitting at 8.74 gigs free as opposed to the 8.97 it was before today. leaves about 230 megs unaccounted for.
I'll check with the developer and get back to you.
Every time you use your machine it will be creating temp files and adding content from Internet pages.
Your disc space is quite low anyway, so you need to clean your temp files every time you use your machine.
It's just my C: drive that's that low on space, cuz its only a 30 gig drive that holds windows and most of the non-game programs, like photoshop and spyware scanners that type of thing, most of the new stuff I get goes to one of my other two drives. one of which is a 400 gig and the other is an 80 I have about 200 gigs free on the 400 that I can swap stuff out to if my c gets too full.
2. Select Run...
3. Type wbemtest and click OK
4. Click Connect
5. Type (or copy/paste) root/SecurityCenter in the NameSpace box
6. Click Connect
7. Click on Query
6. Type in SELECT * FROM AntiVirusProduct and click on Apply
If there is more than one result, it means there is more than one Antivirus program installed.
Double click on each result to view the properties for that Antivirus product.
Identify the product(s) installed and DELETE any records for an Antivirus software that is no longer installed.
(VirusRescue 3.0)
*edit* Never mind, under display name it says Virus Rescue 3.0. Killin it now.
Please download OTMoveIt3 by OldTimer and save it to your desktop
:Processes :Reg [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{550e2432-7774-11dd-b31d-00508d6799dc}] :FilesIf a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.