Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

In need of help please.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

In need of help please.

Unread postby smleist » July 5th, 2010, 3:51 pm

Here is what we've got:

It all started with website redirects, slow connection speeds, desktop icons for porn sites (don't do porn). All this while running Norton 360. Used combofix, didn't work. Used combination of malwarebytes, super anti-spy, ATF-Cleaner, and hi-jack this. Re-installed norton, seems to be better, but still get a warning on full scan with Norton about, infostealer and Backdoor.Tidserv!inf. Pease see attached and let me know if I need to do something else. Thank you in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:20:23 PM, on 7/5/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe
C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - (no file)
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 4764857875
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: ASWLNDLL - C:\WINDOWS\SYSTEM32\ASWLNDLL.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Emma Device Management (EmmaDevMgmtSvc) - Sony Ericsson Mobile Communications - C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe
O23 - Service: Emma Update Management (EmmaUpdMgmtSvc) - Sony Ericsson Mobile Communications - C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 11129 bytes




A Gypsy's Tale: The Tower of Secrets
AC3Filter (remove only)
Acrobat.com
Adobe Acrobat 5.0
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.3
Alice Greenfingers 2
AppCore
Apple Software Update
AppStream Technology Windows Edition Client
ATI - Software Uninstall Utility
ATI Display Driver
ATI HYDRAVISION
AutoCAD 2007 - English
Autodesk DWF Viewer
AV
Avanquest update
Be Rich
Be Richer
Big Fish Games: Game Manager
Blood Oath
Build-a-lot 3: Passport to Europe
Build-a-Lot 4: Power Source
CA Yahoo! Anti-Spy (remove only)
ccCommon
Chocolatier: Decadence by Design
Curse Client
Dark Parables - Curse of Briar Rose
DinerTown Tycoon(TM)
Disney Mix Central
Disney Mix-It Plug-in and Windows Media Player Skin
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
Dream Chronicles: The Book of Air Collector's Edition
Emma Core
Farm Craft
Farm Craft 2
Farm Frenzy 3
Farm Frenzy 3 - Ice Age
Farm Frenzy 3 - Russian Roulette
Farm Frenzy Pizza Party
Farm Mania 2
FLAC 1.2.1b (remove only)
Flash Slideshow Maker Pro 4.88
GameHouse
Gardenscapes
GearDrvs
GearDrvs
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
HappyVille: Quest for Utopia
HijackThis 2.0.2
Hotel Mogul
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Deskjet 3900 series
HP Imaging Device Functions 5.0
HP Product Assistant
HP Solution Center & Imaging Support Tools 5.0
HP Update
Java(TM) 6 Update 20
Jojo's Fashion Show
Jojo's Fashion Show 2
Jojo's Fashion Show: World Tour
Junk Mail filter update
Kool Kart Racers
Life Quest ™
Littlest Pet Shop My Teeniest Town
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Magic Farm
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Live Add-in 1.4
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Professional 2007 Trial
Microsoft Office Professional Edition 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Reader
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Midnight Mysteries: Salem Witch Trials
Midnight Mysteries: The Edgar Allan Poe Conspiracy
Mix Central Update
Mortimer Beckett and the Lost King
Mozilla Firefox (3.0.19)
MSN Toolbar
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My Life Story
MyDSC2
MyLogoMaker 2.0
NetJet 2.0
NetZero For Riverdeep
Norton 360
Norton 360
Norton 360
Norton 360 (Symantec Corporation)
Norton 360 Help
Norton Confidential Browser Component
Norton Confidential Web Authentification Component
Norton Confidential Web Protection Component
OpenAL
OverDrive Media Console
PhoTags Express
Picket Fences
Plan It Green©
PowerISO
QuickTime
Rasputin's Curse(TM)
RealPlayer
Realtek AC'97 Audio
RealUpgrade 1.0
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB982135)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB982381)
Segoe UI
SEMC OMSI Module
Sony Ericsson Media Manager 1.2
Sony Ericsson PC Suite 6.009.00
Sony Ericsson Themes Creator 4.12.2.4
SPBBC 32bit
Sunshine Acres
Super TextTwist
SUPERAntiSpyware
SuppSoft
Symantec Technical Support Controls
SymNet
The Sims 2 Family Fun Stuff
The Sims 2 Glamour Life Stuff
The Sims 2 Open For Business
The Sims 2 Pets
The Sims 2 University
The Sims™ 2 Apartment Life
The Sims™ 2 Bon Voyage
The Sims™ 2 Double Deluxe
The Sims™ 2 FreeTime
The Sims™ 2 H&M® Fashion Stuff
The Sims™ 2 IKEA® Home Stuff
The Sims™ 2 Kitchen & Bath Interior Design Stuff
The Sims™ 2 Mansion and Garden Stuff
The Sims™ 2 Seasons
The Sims™ 2 Teen Style Stuff
Townopolis Gold
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wohiper
TurboTax 2009 wrapper
Uninstall Dual Mode Camera
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Outlook 2007 Junk Email Filter (kb983486)
Update for Windows Internet Explorer 8 (KB982632)
Update Service
VC80CRTRedist - 8.0.50727.4053
Windows Internet Explorer 8
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
World of Warcraft
Xvid 1.2.1 final uninstall
Yahoo! Install Manager
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar
Zoo Tycoon: Complete Collection
smleist
Regular Member
 
Posts: 23
Joined: July 5th, 2010, 3:34 pm
Advertisement
Register to Remove

Re: In need of help please.

Unread postby MWR 3 day Mod » July 9th, 2010, 12:25 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: In need of help please.

Unread postby Cypher » July 11th, 2010, 12:29 pm

Hi and welcome to Malware Removal forums, i apologize for the delay in answering your request for help the forum is really busy.
My name is Cypher, and I will be helping you with your malware problems.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • The instructions being given are for YOUR computer and system only!.
    Using these instructions on a different computer, can damage that computer and possibly make it inoperable!
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Absence of symptoms does not mean that everything is clear.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • The logs from the tools we use can take some time to research so please be patient.

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
Read Backup Made Easy
Used combofix, didn't work.

This tool is not a toy and not for everyday use, if used incorrectly it can result in an unbootable PC.
ComboFix SHOULD NOT be used unless requested by a forum helper.
Post the contents of the ComboFix.txt log in you're next reply.
It can be found at C:\ComboFix.txt.


Add/Remove programs
  • Click on start
  • Then Run
  • In the open text entry box please copy/paste appwiz.cpl Then click enter.
  • Press the "Remove" or "Change/Remove"...button to uninstall the following.
SUPERAntiSpyware


Next.

Fix HijackThis entries

Run HijackThis

  • If you are on the Main Menu page... Click "Do a system scan only"
  • If you are on the "scan & fix stuff" page... Press the Scan...button.
  • When the scan finishes...Place a check mark next to the following entries (if they are still present)
  • Note: Only check those items listed below.
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
    O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - (no file)
    O3 - Toolbar: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)

  • After checking these items... CLOSE ALL open windows except HijackThis.
  • Click the Fix Checked ...button...to remove the entries you checked.
  • Choose YES...when prompted to fix the selected items.
  • Once it has fixed them, close HijackThis and reboot your computer normally.

Next.

Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
  • Copy the entire contents of this log in you're next reply.
  • Note: This log can be big you may need post it in separate replies.

Next.

RSIT (Random's System Information Tool)

Please download RSIT by random/random... and save it to your desktop.
  • Double click on RSIT.exe to run it.
  • Please read the disclaimer... click on Continue.
  • RSIT will start running. When done... 2 logs files...will be produced.
  • The first one, "log.txt", << will be maximized
  • The second one, "info.txt", << will be minimized.
Please post both... "log.txt" and "info.txt", file contents in your next reply.
(These logs can be lengthy, so post 1 log per reply please.)



Logs/Information to Post in your Next Reply

  • RKUnhookerLE log.
  • RSIT log.txt and info.txt contents.
  • ComboFix log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: In need of help please.

Unread postby Cypher » July 13th, 2010, 2:07 pm

Hi smleist.

It has been two days since my last post.

  • Do you still need help?
  • Do you need more time?
  • Are you having problems following my instructions?
  • According to Malware Removal's latest policy, topics can be closed after 3 days without a response.
  • If you do not reply within the next 24 hours, this topic will be closed.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: In need of help please.

Unread postby smleist » July 14th, 2010, 5:32 am

ComboFix 10-07-04.01 - The Leist Family 07/04/2010 16:57:18.5.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.1023.559 [GMT -4:00]
Running from: c:\documents and settings\The Leist Family\Desktop\ComboFix.exe
AV: Norton 360 *On-access scanning enabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\The Leist Family\Application Data\chrtmp

Infected copy of c:\windows\system32\qmgr.dll was found and disinfected
Restored copy from - c:\windows\$NtUninstallKB842773$\qmgr.dll

.
((((((((((((((((((((((((( Files Created from 2010-06-04 to 2010-07-04 )))))))))))))))))))))))))))))))
.

2010-07-04 20:55 . 2010-07-04 20:55 -------- d-----w- c:\windows\LastGood
2010-07-04 20:25 . 2002-08-29 12:00 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll
2010-07-04 20:25 . 2002-08-29 12:00 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys
2010-07-04 20:25 . 2002-08-29 12:00 86074 -c--a-w- c:\windows\system32\dllcache\voicesub.dll
2010-07-04 20:25 . 2002-08-29 12:00 48256 -c--a-w- c:\windows\system32\dllcache\w32.dll
2010-07-04 20:25 . 2002-08-29 12:00 426042 -c--a-w- c:\windows\system32\dllcache\voicepad.dll
2010-07-04 20:25 . 2002-08-29 12:00 72192 -c--a-w- c:\windows\system32\dllcache\uniime.dll
2010-07-04 20:25 . 2002-08-29 12:00 14336 -c--a-w- c:\windows\system32\dllcache\tsprof.exe
2010-07-04 20:25 . 2002-08-29 12:00 10240 -c--a-w- c:\windows\system32\dllcache\tmigrate.dll
2010-07-04 20:23 . 2002-08-29 12:00 13463552 -c--a-w- c:\windows\system32\dllcache\hwxjpn.dll
2010-07-04 20:22 . 2001-08-17 18:07 18560 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2010-07-04 20:22 . 2002-08-29 05:33 16384 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2010-07-04 20:22 . 2002-08-29 05:27 4992 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2010-07-04 20:22 . 2001-08-17 18:07 83712 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2010-07-04 20:20 . 2002-08-29 12:00 77824 -c--a-w- c:\windows\system32\dllcache\isign32.dll
2010-07-04 20:18 . 2002-08-29 12:00 272896 -c--a-w- c:\windows\system32\dllcache\pinball.exe
2010-07-04 20:17 . 2004-08-03 18:07 1081112 -c--a-w- c:\windows\system32\dllcache\wuaueng.dll
2010-07-04 20:09 . 2001-08-17 17:59 50048 ----a-w- c:\windows\system32\drivers\DMusic.sys
2010-07-04 20:09 . 2002-08-29 05:32 5888 ----a-w- c:\windows\system32\drivers\splitter.sys
2010-07-04 20:08 . 2002-08-29 05:50 24960 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-07-04 20:08 . 2002-08-29 05:27 56576 ----a-w- c:\windows\system32\drivers\redbook.sys
2010-07-04 20:06 . 2001-08-18 02:36 4096 ----a-w- c:\windows\system32\ksuser.dll
2010-07-04 20:06 . 2002-08-29 07:46 38024 ----a-w- c:\windows\system32\drivers\termdd.sys
2010-07-04 13:00 . 2010-07-04 13:00 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2010-07-04 04:07 . 2010-07-04 04:07 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-06-27 22:44 . 2010-06-27 22:44 -------- d-----w- c:\documents and settings\The Leist Family\Application Data\Hotdog Hotshot
2010-06-27 19:51 . 2010-06-27 19:52 -------- d-----w- c:\program files\Blood Oath
2010-06-27 19:45 . 2010-06-27 19:45 -------- d-----w- c:\program files\A Gypsy's Tale - The Tower of Secrets
2010-06-27 19:20 . 2010-06-27 19:21 -------- d-----w- c:\program files\Midnight Mysteries - Salem Witch Trials
2010-06-27 19:17 . 2010-06-27 19:18 -------- d-----w- c:\program files\Dream Chronicles - The Book of Air Collector's Edition
2010-06-27 00:36 . 2010-06-27 00:36 -------- d-----w- c:\program files\Trend Micro
2010-06-26 18:24 . 2008-07-30 21:42 23888 ----a-w- c:\windows\system32\drivers\COH_Mon.sys
2010-06-26 15:33 . 2010-05-31 18:25 552960 --sh--r- c:\program files\Common Files\cass.exe
2010-06-26 15:30 . 2010-06-26 15:30 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2010-06-26 15:28 . 2010-06-26 15:28 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-06-26 14:12 . 2010-06-27 14:24 -------- d-----w- c:\program files\Norton 360
2010-06-26 14:11 . 2010-06-26 14:31 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-06-26 14:11 . 2010-06-26 14:31 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-06-26 14:10 . 2010-06-26 14:31 -------- d-----w- c:\program files\Symantec
2010-06-26 14:00 . 2010-06-26 14:00 -------- d-----w- c:\program files\Windows Sidebar
2010-06-26 13:49 . 2010-06-26 13:49 -------- d-----w- c:\program files\Common Files\Java
2010-06-26 13:49 . 2010-04-12 21:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-26 03:25 . 2010-06-26 03:25 -------- d-----w- c:\documents and settings\The Leist Family\Application Data\SUPERAntiSpyware.com
2010-06-26 03:25 . 2010-06-26 03:25 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-06-26 03:25 . 2010-07-04 13:00 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-06-25 23:48 . 2010-06-25 23:48 -------- d-----w- c:\documents and settings\The Leist Family\Application Data\Malwarebytes
2010-06-25 23:48 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-25 23:48 . 2010-06-25 23:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-25 23:48 . 2010-06-25 23:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-25 23:48 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-22 09:49 . 2008-09-25 18:27 905216 ----a-w- c:\windows\system32\GearDrvs.msi
2010-06-21 01:38 . 2010-06-21 09:36 -------- d-----w- c:\documents and settings\The Leist Family\Local Settings\Application Data\vxnxrfety
2010-06-20 20:55 . 2010-06-20 20:55 120 ----a-w- c:\windows\Fpezoxozoq.dat
2010-06-20 20:55 . 2010-06-20 20:55 0 ----a-w- c:\windows\Rrirobifuyiwog.bin
2010-06-20 20:55 . 2010-06-20 20:55 -------- d-----w- c:\documents and settings\The Leist Family\Local Settings\Application Data\{7DC6F2FB-9420-4938-AC8E-818AF5E2FA35}
2010-06-08 20:41 . 2010-06-08 20:41 -------- d-----w- c:\documents and settings\The Leist Family\Application Data\NevoSoft Games
2010-06-08 20:21 . 2010-06-08 20:21 -------- d-----w- c:\program files\Farm Craft 2
2010-06-05 22:33 . 2010-06-05 22:33 -------- d--h--w- c:\windows\PIF
1601-01-01 00:00 . 1601-01-01 00:00 -------- d-----w- c:\windows\LastGood.Tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-04 20:50 . 2008-11-22 11:16 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-04 20:41 . 2008-11-22 11:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-07-04 20:22 . 2010-07-04 20:22 2678 ----a-w- c:\windows\java\Packages\Data\DBNFTVXR.DAT
2010-07-04 20:22 . 2010-07-04 20:22 2678 ----a-w- c:\windows\java\Packages\Data\9JFNFHZD.DAT
2010-07-04 20:22 . 2010-07-04 20:22 2678 ----a-w- c:\windows\java\Packages\Data\DBJXB1ZL.DAT
2010-07-04 20:22 . 2010-07-04 20:22 2678 ----a-w- c:\windows\java\Packages\Data\C3XN7RDJ.DAT
2010-07-04 20:22 . 2010-07-04 20:22 2678 ----a-w- c:\windows\java\Packages\Data\0I1FXBZ3.DAT
2010-07-04 20:20 . 2008-10-25 16:06 23348 ----a-w- c:\windows\system32\emptyregdb.dat
2010-07-04 13:01 . 2010-07-04 13:01 63488 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-07-04 13:01 . 2010-07-04 13:01 52224 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-07-04 13:01 . 2010-07-04 13:01 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-04 03:41 . 2010-04-28 22:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-07-03 22:34 . 2008-11-22 11:20 -------- d-----w- c:\documents and settings\The Leist Family\Application Data\Symantec
2010-06-28 22:37 . 2008-10-26 03:38 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-28 21:36 . 2009-04-14 18:53 -------- d-----w- c:\documents and settings\The Leist Family\Application Data\Skunk Studios
2010-06-28 20:33 . 2009-08-09 19:13 -------- d-----w- c:\documents and settings\All Users\Application Data\SulusGames
2010-06-26 17:43 . 2010-06-26 03:25 63488 ----a-w- c:\documents and settings\The Leist Family\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-06-26 17:43 . 2010-06-26 03:25 117760 ----a-w- c:\documents and settings\The Leist Family\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-26 14:31 . 2010-06-26 14:11 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-06-26 14:31 . 2010-06-26 14:11 10635 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-06-26 13:49 . 2010-06-26 13:49 503808 ----a-w- c:\documents and settings\The Leist Family\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-34a59ace-n\msvcp71.dll
2010-06-26 13:49 . 2010-06-26 13:49 61440 ----a-w- c:\documents and settings\The Leist Family\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-54bbcafe-n\decora-sse.dll
2010-06-26 13:49 . 2010-06-26 13:49 499712 ----a-w- c:\documents and settings\The Leist Family\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-34a59ace-n\jmc.dll
2010-06-26 13:49 . 2010-06-26 13:49 12800 ----a-w- c:\documents and settings\The Leist Family\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-54bbcafe-n\decora-d3d.dll
2010-06-26 13:49 . 2010-06-26 13:49 348160 ----a-w- c:\documents and settings\The Leist Family\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-34a59ace-n\msvcr71.dll
2010-06-26 13:48 . 2009-09-12 11:56 -------- d-----w- c:\program files\Java
2010-06-26 03:25 . 2010-06-26 03:25 52224 ----a-w- c:\documents and settings\The Leist Family\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-06-20 21:31 . 2008-10-25 19:54 -------- d-----w- c:\program files\uTorrent
2010-06-20 21:28 . 2008-10-25 19:54 -------- d-----w- c:\documents and settings\The Leist Family\Application Data\uTorrent
2010-06-13 20:17 . 2010-06-13 20:17 105592 ----a-w- c:\documents and settings\All Users\Application Data\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\35\1\.cp\lib\BHQFlash.dll
2010-06-13 20:17 . 2010-06-13 20:17 81016 ----a-w- c:\documents and settings\All Users\Application Data\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\69\1\.cp\lib\S1SLEngineWrapper.dll
2010-06-13 20:17 . 2010-06-13 20:17 1772664 ----a-w- c:\documents and settings\All Users\Application Data\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\35\1\.cp\lib\BHQ.dll
2010-06-13 20:17 . 2010-06-13 20:17 105592 ----a-w- c:\documents and settings\All Users\Application Data\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\59\1\.cp\lib\MemStickFlash.dll
2010-06-13 20:16 . 2010-06-13 20:16 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ggflt_01007.Wdf
2010-06-13 20:16 . 2010-06-13 20:16 101496 ----a-w- c:\documents and settings\All Users\Application Data\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\80\1\.cp\lib\USBFlash.dll
2010-06-12 07:24 . 2009-05-28 21:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-06-10 09:56 . 2010-06-10 09:56 56440 ----a-w- c:\documents and settings\All Users\Application Data\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\73\1\.cp\lib\sef3x1Controller.dll
2010-06-10 09:54 . 2010-06-10 09:54 109688 ----a-w- c:\documents and settings\All Users\Application Data\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\82\1\.cp\lib\WinMobileWrapper.dll
2010-06-10 09:54 . 2010-06-10 09:54 109688 ----a-w- c:\documents and settings\All Users\Application Data\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\65\1\.cp\lib\osds.dll
2010-06-10 09:54 . 2010-06-10 09:54 89208 ----a-w- c:\documents and settings\All Users\Application Data\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\78\1\.cp\lib\UAC.dll
2010-06-10 09:54 . 2010-06-10 09:54 323648 ----a-w- c:\documents and settings\All Users\Application Data\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\10\1\.cp\lib\win32\DIFxAPI.dll
2010-06-10 09:54 . 2010-06-10 09:54 216184 ----a-w- c:\documents and settings\All Users\Application Data\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\67\1\.cp\lib\RegistryReader.dll
2010-06-10 09:54 . 2010-06-10 09:54 158840 ----a-w- c:\documents and settings\All Users\Application Data\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\10\1\.cp\lib\win32\DriverInstaller.exe
2010-06-10 09:54 . 2010-06-10 09:54 154744 ----a-w- c:\documents and settings\All Users\Application Data\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\8\1\.cp\lib\win32\DeviceRemover.exe
2010-06-10 09:54 . 2010-06-10 09:54 57344 ----a-w- c:\documents and settings\All Users\Application Data\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\4\1\.cp\lib\serialio.dll
2010-06-10 09:54 . 2010-06-10 09:54 117880 ----a-w- c:\documents and settings\All Users\Application Data\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\6\1\.cp\lib\DeviceManager.dll
2010-06-10 09:53 . 2010-03-13 02:00 -------- d-----w- c:\program files\Common Files\Sony Ericsson
2010-06-10 09:53 . 2009-05-02 01:01 -------- d-----w- c:\program files\Sony Ericsson
2010-06-10 09:53 . 2009-05-02 01:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Ericsson
2010-06-10 01:15 . 2008-10-26 01:19 -------- d-----w- c:\program files\World of Warcraft
2010-06-06 01:05 . 2008-10-25 20:07 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-06-05 08:06 . 2009-08-08 22:08 -------- d-----w- c:\program files\Punch! Home Design - AS4000
2010-06-05 06:59 . 2010-04-25 17:41 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-06-05 06:59 . 2010-04-25 17:34 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-06-05 06:30 . 2009-05-08 03:02 -------- d-----w- c:\program files\DivX
2010-06-05 06:30 . 2009-05-08 03:02 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-06-05 06:30 . 2010-06-05 06:30 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-06-05 06:30 . 2010-06-05 06:30 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-06-05 06:30 . 2010-06-05 06:30 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-06-05 06:30 . 2010-06-05 06:30 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-06-05 06:30 . 2010-06-05 06:30 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-06-05 06:30 . 2010-06-05 06:30 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-06-05 06:30 . 2010-06-05 06:30 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-06-05 06:29 . 2010-06-05 06:29 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-06-05 06:29 . 2010-04-25 17:41 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-06-05 06:29 . 2010-04-25 17:41 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-06-05 02:39 . 2009-05-08 03:05 -------- d-----w- c:\documents and settings\The Leist Family\Application Data\DivX
2010-06-04 09:43 . 2009-09-12 10:05 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-02 02:05 . 2010-05-31 00:15 -------- d-----w- c:\documents and settings\All Users\Application Data\FarmFrenzy3_Russia
2010-06-02 00:42 . 2008-12-28 01:35 -------- d-----w- c:\program files\RealArcade
2010-05-31 01:29 . 2009-01-19 14:01 -------- d-----w- c:\documents and settings\The Leist Family\Application Data\Boomzap
2010-05-29 02:29 . 2010-05-29 02:29 -------- d-----w- c:\documents and settings\The Leist Family\Application Data\Little Noir Stories
2010-05-26 18:15 . 2010-05-26 18:15 -------- d-----w- c:\documents and settings\The Leist Family\Application Data\Fugazo
2010-05-26 10:52 . 2009-08-09 19:13 -------- d-----w- c:\documents and settings\The Leist Family\Application Data\SulusGames
2010-05-23 10:22 . 2010-05-02 00:52 -------- d-----w- c:\program files\My Life Story
2010-05-20 00:43 . 2008-11-01 11:19 -------- d-----w- c:\program files\Google
2010-05-19 09:54 . 2010-05-17 10:09 -------- d-----w- c:\documents and settings\The Leist Family\Application Data\DarkParablesBriarRoseSE_RA
2010-05-16 21:21 . 2010-05-16 20:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Happyville__
2010-05-16 21:21 . 2010-05-16 21:19 -------- d-----w- c:\program files\HappyVille - Quest for Utopia
2010-05-16 03:59 . 2009-01-17 03:11 -------- d-----w- c:\documents and settings\The Leist Family\Application Data\YoudaGames
2010-05-10 19:53 . 2010-05-09 12:35 -------- d-----w- c:\program files\Life Quest
2010-05-09 12:37 . 2009-10-25 14:44 -------- d-----w- c:\documents and settings\The Leist Family\Application Data\Big Fish Games
2010-05-08 02:24 . 2010-05-08 02:24 -------- d-----w- c:\documents and settings\All Users\Application Data\PCSettings
2010-05-08 02:22 . 2010-05-08 02:22 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-05-07 07:54 . 2010-05-07 07:54 84040 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-05-07 07:54 . 2010-05-07 07:54 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-05-07 07:54 . 2010-05-07 07:54 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-05-07 07:53 . 2010-05-07 07:53 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-05-06 23:53 . 2010-05-06 23:53 -------- d-----w- c:\documents and settings\The Leist Family\Application Data\freshgames
2010-05-06 23:53 . 2010-05-06 23:53 -------- d-----w- c:\documents and settings\All Users\Application Data\freshgames
2010-05-06 23:40 . 2010-05-02 00:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Deadtime Stories
2010-04-30 22:48 . 2010-04-30 22:48 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-04-30 22:48 . 2010-04-30 22:48 49152 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-04-30 22:48 . 2010-04-30 22:48 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-04-30 22:48 . 2010-04-30 22:48 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-04-30 22:48 . 2010-04-30 22:48 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-04-30 22:48 . 2010-04-30 22:48 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-04-30 22:48 . 2010-04-30 22:48 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-04-30 22:48 . 2010-04-30 22:48 40960 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-04-30 22:48 . 2010-04-30 22:48 341600 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
.

------- Sigcheck -------

[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\wscntfy.exe
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe

[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\xmlprov.dll
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys

[-] 2008-04-14 00:12 . C7E39EA41233E9F5B86C8DA3A9F1E4A8 . 52224 . . [9.0.1.56] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2006-10-19 01:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\ERDNT\cache\mspmsnsv.dll
[-] 2006-10-19 01:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll

[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\ERDNT\cache\d3d9.dll
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-30 39408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-03 2403568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-30 202256]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 577536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2002-08-29 40960]

c:\documents and settings\All Users\Start Menu\Programs\Startup\Disney\Mix Central
Uninstall Disney Mix-It Plug-in and Skin.lnk - c:\windows\system32\msiexec.exe [2002-8-29 64512]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ASWLNDLL]
2007-05-14 02:45 6656 ----a-w- c:\windows\system32\ASWLNDLL.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk
backup=c:\windows\pss\Event Reminder.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppMgrGui]
2006-09-28 00:49 24064 ----a-w- c:\program files\AppStream\WindowsClient\bin\exeForService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CurseClient]
2010-01-22 22:52 1845248 ----a-w- c:\program files\Curse\CurseClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 21:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2007-08-07 00:05 200704 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 21:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2009-09-24 19:41 434176 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-04-30 22:47 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wlidsvc"=2 (0x2)
"SeaPort"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"LiveUpdate Notice"=2 (0x2)
"LiveUpdate"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"gupdate"=2 (0x2)
"comHost"=2 (0x2)
"Automatic LiveUpdate Scheduler"=2 (0x2)
"Autodesk Licensing Service"=3 (0x3)
"AppMgrService"=2 (0x2)
"IntuitUpdateService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Curse\\CurseClient.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Program Files\\Sony Ericsson\\SEMC OMSI Module\\SEMC OMSI Module.exe"=
"c:\\Program Files\\Common Files\\cass.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R1 APPSTREAM;APPSTREAM;c:\windows\system32\drivers\AppStream.sys [5/13/2007 10:33 PM 115284]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 EmmaDevMgmtSvc;Emma Device Management;c:\program files\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe [6/3/2010 6:33 PM 306296]
R2 EmmaUpdMgmtSvc;Emma Update Management;c:\program files\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe [6/3/2010 6:33 PM 162936]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [1/29/2010 10:09 PM 90112]
R2 REGHOOK;REGHOOK;c:\windows\system32\drivers\RegHook.sys [9/27/2006 8:27 PM 54879]
R2 VSPD;VSPD;c:\windows\system32\drivers\VSPD.sys [9/27/2006 8:27 PM 31321]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/26/2010 10:34 AM 102448]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [1/29/2010 10:09 PM 27632]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\SUPERAntiSpyware\SABKUTIL.sys --> c:\program files\SUPERAntiSpyware\SABKUTIL.sys [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [5/1/2009 9:18 PM 13224]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [5/1/2009 9:01 PM 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [5/1/2009 9:01 PM 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [5/1/2009 9:01 PM 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [5/1/2009 9:01 PM 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [5/1/2009 9:01 PM 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [5/1/2009 9:01 PM 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [5/1/2009 9:01 PM 109736]
S4 AppMgrService;AWE 5.1.0 Application Manager;c:\program files\AppStream\WindowsClient\bin\AppMgrService.exe [9/27/2006 8:49 PM 1990656]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/4/2009 11:19 AM 133104]
.
Contents of the 'Scheduled Tasks' folder

2010-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-04 15:19]

2010-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-04 15:19]

2010-07-04 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-746137067-573735546-682003330-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-07-02 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-746137067-573735546-682003330-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-07-04 c:\windows\Tasks\User_Feed_Synchronization-{6496CA5C-9019-481C-8215-48A66F18B7A8}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
Trusted Zone: intuit.com\ttlc
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\The Leist Family\Application Data\Mozilla\Firefox\Profiles\tojrxq4z.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/result ... EF&v=18&q=
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?o=20011&l=dis
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/result ... &v=18&tid={F161E46E-9FDD-B2C3-06DB-CCCD1556AC1A}&q=
FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: XULRunner: {7DC6F2FB-9420-4938-AC8E-818AF5E2FA35} - c:\documents and settings\The Leist Family\Local Settings\Application Data\{7DC6F2FB-9420-4938-AC8E-818AF5E2FA35}
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-04 17:15
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(692)
c:\windows\System32\ODBC32.dll
c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
c:\windows\System32\msctfime.ime
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\ASWLNDLL.dll
c:\windows\System32\msi.dll

- - - - - - - > 'lsass.exe'(756)
c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
c:\windows\System32\dssenh.dll

- - - - - - - > 'explorer.exe'(476)
c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
c:\windows\System32\msctfime.ime
c:\windows\System32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\SOUNDMAN.EXE
.
**************************************************************************
.
Completion time: 2010-07-04 17:15:34 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-04 21:15
ComboFix2.txt 2010-06-21 09:39
ComboFix3.txt 2010-06-21 02:29
ComboFix4.txt 2010-01-23 15:21
ComboFix5.txt 2010-07-04 20:54

Pre-Run: 16,170,586,112 bytes free
Post-Run: 16,343,236,608 bytes free

- - End Of File - - EC4D17CFAA68183469F31C2C398E97AC
smleist
Regular Member
 
Posts: 23
Joined: July 5th, 2010, 3:34 pm

Re: In need of help please.

Unread postby smleist » July 14th, 2010, 5:38 am

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xF65E1000 C:\WINDOWS\system32\drivers\ALCXWDM.SYS 4018176 bytes (Realtek Semiconductor Corp., Realtek AC'97 Audio Driver (WDM))
0xBF0B2000 C:\WINDOWS\System32\ati3duag.dll 2367488 bytes (ATI Technologies Inc. , ati3duag.dll)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2150400 bytes
0x804D7000 RAW 2150400 bytes
0x804D7000 WMIxWDM 2150400 bytes
0xBF800000 Win32k 1851392 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xA5D86000 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100713.003\NAVEX15.SYS 1343488 bytes (Symantec Corporation, AV Engine)
0xF6A6B000 C:\WINDOWS\System32\DRIVERS\ati2mtag.sys 1331200 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xBF2F4000 C:\WINDOWS\System32\ativvaxx.dll 643072 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)
0xF734D000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xA9C19000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xA9CB4000 C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys 430080 bytes (Symantec Corporation, SPBBC Driver)
0xA9BBB000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver)
0xF6537000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xA9DF2000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA714E000 C:\WINDOWS\System32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xA6A9A000 C:\WINDOWS\System32\Drivers\SRTSP.SYS 299008 bytes (Symantec Corporation, Symantec AutoProtect)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xF69ED000 C:\WINDOWS\System32\DRIVERS\yk51x86.sys 286720 bytes (Marvell, Miniport Driver for Marvell Yukon Ethernet Controller.)
0xA726D000 C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20100707.001\SymIDSCo.sys 282624 bytes (Symantec Corporation, IDS Core Driver)
0xA6DDB000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 225280 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xBF07D000 C:\WINDOWS\System32\atikvmag.dll 217088 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)
0xBF049000 C:\WINDOWS\System32\ati2cqag.dll 212992 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xF746C000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xA9DC4000 C:\WINDOWS\System32\Drivers\SYMTDI.SYS 188416 bytes (Symantec Corporation, Network Dispatch Driver)
0xA72FC000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF7320000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0x93EC9000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xA9C89000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xA9D3F000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xA9D9E000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xA9D79000 C:\WINDOWS\system32\Drivers\SYMEVENT.SYS 151552 bytes (Symantec Corporation, Symantec Event Library)
0xA27C1000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xF65BD000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF6A33000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF69B6000 C:\WINDOWS\System32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xA9D1D000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xA72B2000 C:\WINDOWS\System32\Drivers\SYMFW.SYS 139264 bytes (Symantec Corporation, Firewall Filter Driver)
0x806E4000 ACPI_HAL 134400 bytes
0x806E4000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF7404000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF743C000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xA9FFB000 C:\WINDOWS\System32\Drivers\APPSTREAM.SYS 118784 bytes (AppStream Inc, AppStream Driver)
0xA9B9E000 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 118784 bytes (Symantec Corporation, Symantec Eraser Utility Driver)
0xF7306000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF7424000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xA9B5E000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF73ED000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF65A6000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA7711000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xA5D72000 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100713.003\NAVENG.SYS 81920 bytes (Symantec Corporation, AV Engine)
0xF69D9000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF6A57000 C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xA9E4B000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xF73DA000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xA7114000 C:\WINDOWS\System32\Drivers\REGHOOK.SYS 73728 bytes (Appstream Inc., Appstream System Services)
0xF745B000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF6595000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF76BB000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF779B000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF775B000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF77BB000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF77AB000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xA9F07000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF6D0B000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF75DB000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF776B000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF77CB000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF75BB000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xA7205000 C:\WINDOWS\System32\Drivers\VSPD.SYS 53248 bytes (Appstream Inc., Appstream communication driver)
0xA7AFE000 C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys 49152 bytes (Microsoft Corporation, Family Safety Filter Driver (TDI))
0xF77EB000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF75FB000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xF767B000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF777B000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF75AB000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF77DB000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF759B000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF6D3B000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF75EB000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF765B000 C:\WINDOWS\System32\Drivers\SRTSPX.SYS 40960 bytes (Symantec Corporation, Symantec AutoProtect)
0xF780B000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF778B000 C:\WINDOWS\System32\Drivers\AFS2K.SYS 36864 bytes (Oak Technology Inc., Audio File System)
0xF75CB000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF77FB000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF763B000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xA5F9E000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF774B000 C:\WINDOWS\System32\DRIVERS\processr.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xA73A1000 C:\WINDOWS\System32\Drivers\SYMIDS.SYS 36864 bytes (Symantec Corporation, IDS Filter Driver)
0xF6CBB000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF78E3000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF78FB000 C:\WINDOWS\System32\Drivers\SCDEmu.SYS 32768 bytes (PowerISO Computing, Inc., PowerISO Virtual Drive)
0xF799B000 C:\WINDOWS\System32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF781B000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF78AB000 C:\WINDOWS\System32\Drivers\SYMNDIS.SYS 28672 bytes (Symantec Corporation, NDIS Filter Driver)
0xF78B3000 C:\WINDOWS\System32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
0xF78A3000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xF7833000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF79A3000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF7873000 C:\WINDOWS\system32\DRIVERS\seehcri.sys 24576 bytes (Sony Ericsson Mobile Communications, seehcri Driver)
0xF788B000 C:\WINDOWS\System32\Drivers\SYMREDRV.SYS 24576 bytes (Symantec Corporation, Redirector Filter Driver)
0xF7993000 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF78D3000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF78DB000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF7823000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7863000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF786B000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF785B000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF790B000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF72CE000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA7A16000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF7A93000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF79AB000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xAA024000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF72E2000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 12288 bytes (GEAR Software Inc., CD DVD Filter)
0xF72DA000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF7A47000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7A97000 C:\WINDOWS\System32\DRIVERS\sfloppy.sys 12288 bytes (Microsoft Corporation, SCSI Floppy Driver)
0xF7AED000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7AF7000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7AEB000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7A9F000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF7A9B000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7AEF000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7B45000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF7AF1000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7AE1000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7B55000 C:\WINDOWS\System32\Drivers\SYMDNS.SYS 8192 bytes (Symantec Corporation, DNS Filter Driver)
0xF7AE3000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7A9D000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7C6F000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7BA7000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7C98000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7B63000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
==============================================
>Files
==============================================
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Alawar Stargaze\Alabama Smith in Escape from Pompeii\saves\bb990e968da34cb8ab94c3f80e6c8fc.sav
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Alawar Stargaze\Alabama Smith in Escape from Pompeii\saves\options.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Alawar Stargaze\Alabama Smith in Escape from Pompeii\saves\records.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Alawar Stargaze\Alabama Smith in Escape from Pompeii\saves\saves.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\TEMP:00811B66:$DATA
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\TEMP:02BC319B:$DATA
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\TEMP:25BB767E:$DATA
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\TEMP:ADFAD95A:$DATA
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\TEMP:C76CFF82:$DATA
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\World of Warcraft\Account Billing.lnk
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\World of Warcraft\Blizzard Technical Support.lnk
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\World of Warcraft\World of Warcraft - Repair.lnk
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\World of Warcraft\World of Warcraft - Uninstall.lnk
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\World of Warcraft\World of Warcraft Read Me.lnk
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\World of Warcraft\World of Warcraft.lnk
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\World of Warcraft\Wrath of the Lich King - Manual.lnk
!-->[Hidden] C:\Documents and Settings\The Leist Family\My Documents\Downloads\Here Come the Mummies (Boonedogmusic)\Here Come The Mummies - Terrifying Funk From Beyond The Grave\Here Come The Mummies - Terrifying Funk From Beyond The Grave - 06 - Single Double Triple.mp3annot See).mp3
!-->[Hidden] C:\Documents and Settings\The Leist Family\My Documents\Downloads\Here Come the Mummies (Boonedogmusic)\Here Come The Mummies - Terrifying Funk From Beyond The Grave\Here Come The Mummies - Terrifying Funk From Beyond The Grave - 09 - Wonders Of The World.mp3annot See).mp3
!-->[Hidden] C:\Documents and Settings\The Leist Family\My Documents\Downloads\Here Come the Mummies (Boonedogmusic)\Here Come The Mummies - Terrifying Funk From Beyond The Grave\Here Come The Mummies - Terrifying Funk From Beyond The Grave - 11 - Are You Gonna Eat Alla That_.mp3e).mp3
!-->[Hidden] C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\msvcr71.dll
!-->[Hidden] C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\unicows.dll
!-->[Hidden] C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
!-->[Hidden] C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.xml
!-->[Hidden] C:\Program Files\World of Warcraft\BackgroundDownloader.exe
!-->[Hidden] C:\Program Files\World of Warcraft\bad.piece
!-->[Hidden] C:\Program Files\World of Warcraft\Battle.net.dll
!-->[Hidden] C:\Program Files\World of Warcraft\Blizzard Updater.exe
!-->[Hidden] C:\Program Files\World of Warcraft\BNUpdate.exe
!-->[Hidden] C:\Program Files\World of Warcraft\Cache\BackgroundDownload.torrent
!-->[Hidden] C:\Program Files\World of Warcraft\Cache\Survey.mpq
!-->[Hidden] C:\Program Files\World of Warcraft\Cache\WDB\enUS\baddons.wcf
!-->[Hidden] C:\Program Files\World of Warcraft\Cache\WDB\enUS\creaturecache.wdb
!-->[Hidden] C:\Program Files\World of Warcraft\Cache\WDB\enUS\gameobjectcache.wdb
!-->[Hidden] C:\Program Files\World of Warcraft\Cache\WDB\enUS\itemcache.wdb
!-->[Hidden] C:\Program Files\World of Warcraft\Cache\WDB\enUS\itemnamecache.wdb
!-->[Hidden] C:\Program Files\World of Warcraft\Cache\WDB\enUS\itemtextcache.wdb
!-->[Hidden] C:\Program Files\World of Warcraft\Cache\WDB\enUS\npccache.wdb
!-->[Hidden] C:\Program Files\World of Warcraft\Cache\WDB\enUS\pagetextcache.wdb
!-->[Hidden] C:\Program Files\World of Warcraft\Cache\WDB\enUS\questcache.wdb
!-->[Hidden] C:\Program Files\World of Warcraft\Cache\WDB\enUS\wowcache.wdb
!-->[Hidden] C:\Program Files\World of Warcraft\Data\common-2.MPQ
!-->[Hidden] C:\Program Files\World of Warcraft\Data\common.MPQ
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\AccountBilling.url
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\backup-enUS.MPQ
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\base-enUS.MPQ
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\connection-help.html
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Credits.html
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Credits_BC.html
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Credits_LK.html
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Images\bg-botleft.jpg
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Images\bg-botright.jpg
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Images\bg-bottom.jpg
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Images\bg-left.jpg
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Images\bg-merge.jpg
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Images\bg-mergebot.jpg
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Images\bg-middle.jpg
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Images\bg-right.jpg
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Images\bg-top.jpg
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Images\Blizz.jpg
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Images\BLWidget.jpg
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Images\BRWidget.jpg
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Images\buttons\contactinfo-over.gif
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Images\buttons\contactinfo.gif
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Images\buttons\mac-over.jpg
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Images\buttons\mac.jpg
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Images\buttons\pc-over.jpg
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Images\buttons\pc.jpg
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Images\buttons\readme-over.gif
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Images\buttons\readme.gif
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Images\buttons\readme.jpg
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Images\buttons\troubleshooting-over.gif
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Images\buttons\troubleshooting.gif
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Images\buttons\troubleshooting.jpg
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Images\buttons\website-over.gif
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Images\buttons\website.gif
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Images\BWidget.jpg
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Images\CRepeat.jpg
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Images\dragon-left.jpg
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Images\dragon-right.jpg
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Images\gryphon-right.jpg
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Images\help-request.gif
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Images\ItemMarker.jpg
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Images\logo-blizzard.gif
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Images\logo-bnet.gif
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Images\logo-wow.gif
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Images\LRepeat.jpg
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Images\MacLogo.jpg
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Images\PCLogo.jpg
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Images\pixel.gif
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Images\RRepeat.jpg
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Images\splash.jpg
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Images\title-troubleshooting.jpg
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Images\titles\contactinfo-mac.jpg
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Images\titles\contactinfo-pc.jpg
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Images\titles\readme-mac.jpg
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Images\titles\readme-pc.jpg
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Images\titles\troubleshooting-mac.jpg
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Images\titles\troubleshooting-pc.jpg
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Images\TLWidget.jpg
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Images\TRWidget.jpg
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Images\TWidget.jpg
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Layout\BSpacer.html
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Layout\CSpacer.html
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Layout\Detector.js
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Layout\Greeting.html
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Layout\Index.html
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Layout\LBorder.html
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Layout\Nav.html
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Layout\RBorder.html
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Layout\Requirements.html
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Layout\Splash.html
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Layout\Styles.css
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Layout\StylesLeft.css
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Layout\TBorder.html
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Layout\TheScript.js
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Manual.pdf
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Manual_TBC.pdf
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Manual_WLK.pdf
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\ReadMe.html
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\ReadMe\(Mac)Foreword.html
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\ReadMe\(Mac)Installation.html
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\ReadMe\(Mac)Patching.html
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\ReadMe\(Mac)ReadMeMenu.html
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\ReadMe\(Mac)SystemRequirements.html
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\ReadMe\(Mac)Uninstall.html
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\ReadMe\(PC)Foreword.html
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\ReadMe\(PC)Installation.html
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\ReadMe\(PC)Patching.html
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\ReadMe\(PC)ReadMeMenu.html
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\ReadMe\(PC)SystemRequirements.html
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\ReadMe\(PC)Uninstall.html
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\ReadMe\BasicCommands.html
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\ReadMe\CharacterNaming.html
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\ReadMe\EULA.html
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\ReadMe\GettingStarted.html
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\ReadMe\ManualErrata.html
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\ReadMe\RealmSelection.html
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Support\(Mac)SupportMenu.html
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Support\(Mac)TechnicalSupport.html
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Support\(PC)SupportMenu.html
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Support\(PC)TechnicalSupport.html
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Support\AccountAdministration.html
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Support\BlizzardInsider.html
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Support\Employment.html
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Support\GameSuggestions.html
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Support\GameSupport.html
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Support\Password.html
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Troubleshooting\(Mac)AudioProblems.html
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Troubleshooting\(Mac)BlizzardDownloaderProblems.html
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Troubleshooting\(Mac)ConnectionLoginProblems.html
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Troubleshooting\(Mac)GameplayProblems.html
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Troubleshooting\(Mac)Install.html
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Troubleshooting\(Mac)PreventiveMaintenance.html
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Troubleshooting\(Mac)StartupProblems.html
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Troubleshooting\(Mac)TroubleshootingMenu.html
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Troubleshooting\(Mac)VideoProblems.html
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Troubleshooting\(PC)AudioProblems.html
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Troubleshooting\(PC)BlizzardDownloaderProblems.html
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Troubleshooting\(PC)ConnectionLoginProblems.html
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Troubleshooting\(PC)GameplayProblems.html
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Troubleshooting\(PC)Install.html
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Troubleshooting\(PC)PreventiveMaintenance.html
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Troubleshooting\(PC)StartupProblems.html
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Troubleshooting\(PC)TroubleshootingMenu.html
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Documentation\Troubleshooting\(PC)VideoProblems.html
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\eula.html
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\expansion-locale-enUS.MPQ
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\expansion-speech-enUS.MPQ
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Interface\Cinematics\Logo_1024.avi
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Interface\Cinematics\Logo_800.avi
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Interface\Cinematics\WOW_FotLK_1024.avi
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Interface\Cinematics\WOW_FotLK_800.avi
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Interface\Cinematics\WOW_Intro_1024.avi
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Interface\Cinematics\WOW_Intro_800.avi
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Interface\Cinematics\WOW_Intro_BC_1024.avi
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Interface\Cinematics\WOW_Intro_BC_800.avi
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Interface\Cinematics\WOW_Intro_LK_1024.avi
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Interface\Cinematics\WOW_Intro_LK_800.avi
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Interface\Cinematics\WOW_Wrathgate_1024.avi
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\Interface\Cinematics\WOW_Wrathgate_800.avi
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\lichking-locale-enUS.MPQ
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\lichking-speech-enUS.MPQ
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\locale-enUS.MPQ
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\patch-enUS-2.MPQ
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\patch-enUS-3.MPQ
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\patch-enUS.MPQ
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\realmlist.wtf
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\speech-enUS.MPQ
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\TechSupport.url
!-->[Hidden] C:\Program Files\World of Warcraft\Data\enUS\tos.html
!-->[Hidden] C:\Program Files\World of Warcraft\Data\expansion.MPQ
!-->[Hidden] C:\Program Files\World of Warcraft\Data\lichking.MPQ
!-->[Hidden] C:\Program Files\World of Warcraft\Data\patch-2.MPQ
!-->[Hidden] C:\Program Files\World of Warcraft\Data\patch-3.MPQ
!-->[Hidden] C:\Program Files\World of Warcraft\Data\patch.MPQ
!-->[Hidden] C:\Program Files\World of Warcraft\dbghelp.dll
!-->[Hidden] C:\Program Files\World of Warcraft\DivxDecoder.dll
!-->[Hidden] C:\Program Files\World of Warcraft\ijl15.dll
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\Blizzard_AchievementUI\Blizzard_AchievementUI.pub
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\Blizzard_ArenaUI\Blizzard_ArenaUI.pub
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\Blizzard_AuctionUI\Blizzard_AuctionUI.pub
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\Blizzard_BarbershopUI\Blizzard_BarbershopUI.pub
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\Blizzard_BattlefieldMinimap\Blizzard_BattlefieldMinimap.pub
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\Blizzard_BindingUI\Blizzard_BindingUI.pub
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\Blizzard_Calendar\Blizzard_Calendar.pub
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\Blizzard_CombatLog\Blizzard_CombatLog.pub
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\Blizzard_CombatText\Blizzard_CombatText.pub
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\Blizzard_DebugTools\Blizzard_DebugTools.pub
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\Blizzard_GlyphUI\Blizzard_GlyphUI.pub
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\Blizzard_GMChatUI\Blizzard_GMChatUI.pub
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\Blizzard_GMSurveyUI\Blizzard_GMSurveyUI.pub
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\Blizzard_GuildBankUI\Blizzard_GuildBankUI.pub
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\Blizzard_InspectUI\Blizzard_InspectUI.pub
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\Blizzard_ItemSocketingUI\Blizzard_ItemSocketingUI.pub
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\Blizzard_MacroUI\Blizzard_MacroUI.pub
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\Blizzard_RaidUI\Blizzard_RaidUI.pub
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\Blizzard_TalentUI\Blizzard_TalentUI.pub
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\Blizzard_TimeManager\Blizzard_TimeManager.pub
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\Blizzard_TokenUI\Blizzard_TokenUI.pub
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\Blizzard_TradeSkillUI\Blizzard_TradeSkillUI.pub
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\Blizzard_TrainerUI\Blizzard_TrainerUI.pub
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\CurseProfiler\Changelog-CurseProfiler-v47.txt
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\CurseProfiler\CurseProfiler.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\CurseProfiler\CurseProfiler.toc
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\CurseProfiler\data.txt
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\CurseProfiler\GameObjects.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\CurseProfiler\NPCs.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\CurseProfiler\PlayerProfile.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\CurseProfiler\Quests.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\CurseProfiler\test.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\arrow.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\arrow_image.blp
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\arrow_image_down.blp
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\Art\Fluff.tga
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\Art\Glow.tga
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\Art\Icons.tga
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\Art\Upload.tga
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\AstrolabeQH\Astrolabe.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\AstrolabeQH\AstrolabeMapMonitor.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\AstrolabeQH\DongleStub.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\AstrolabeQH\lgpl.txt
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\AstrolabeQH\Load.xml
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\bst_astrolabe.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\bst_ctl.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\bst_libaboutpanel.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\bst_post.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\bst_pre.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\cartographer.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\cartographer_is_terrible.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\changes.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\ChatThrottleLib\ChatThrottleLib.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\ChatThrottleLib\ChatThrottleLib.toc
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\ChatThrottleLib\ChatThrottleLib.xml
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\ChatThrottleLib\ChatThrottleStats.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\ChatThrottleLib\README.txt
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\collect.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\collect_achievement.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\collect_bitstream.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\collect_equip.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\collect_flight.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\collect_item.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\collect_location.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\collect_loot.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\collect_lzw.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\collect_merchant.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\collect_merger.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\collect_monster.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\collect_notifier.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\collect_object.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\collect_patterns.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\collect_quest.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\collect_spec.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\collect_traveled.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\collect_upgrade.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\collect_util.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\collect_warp.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\collect_zone.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\comm.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\core.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\custom.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\db_get.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\director_achievement.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\director_quest.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\dodads.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\dodads_triangles.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\error.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\filter_base.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\filter_core.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\flightpath.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\Fonts\readme.txt
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\graph_core.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\graph_flightpath.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\help.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\lang.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\lang\cscz.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\lang\dadk.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\lang\dede.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\lang\elel.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\lang\enus.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\lang\eses.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\lang\esmx.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\lang\fifi.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\lang\frfr.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\lang\huhu.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\lang\itit.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\lang\kokr.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\lang\nlnl.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\lang\nono.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\lang\plpl.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\lang\ptbr.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\lang\ptpt.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\lang\roro.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\lang\ruru.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\lang\svse.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\lang\trtr.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\lang\zhcn.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\lang\zhtw.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\LibAboutPanel\embeds.xml
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\LibAboutPanel\lib.xml
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\LibAboutPanel\LibAboutPanel.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\LibAboutPanel\libs\CallbackHandler-1.0\CallbackHandler-1.0.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\LibAboutPanel\libs\CallbackHandler-1.0\CallbackHandler-1.0.xml
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\LibAboutPanel\libs\LibStub\LibStub.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\LibAboutPanel\libs\LibStub\LibStub.toc
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\line.tga
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\main.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\manager_blizzobjective.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\manager_event.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\mapbutton.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\menu.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\MinimapArrow.tga
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\nag.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\objective.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\objtips.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\pathfinding.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\pattern.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\quest.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\QuestHelper.toc
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\recycle.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\routing.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\routing_controller.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\routing_core.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\routing_debug.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\routing_hidden.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\routing_loc.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\routing_route.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\static.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\static_1.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\static_2.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\static_deDE.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\static_deDE_1.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\static_deDE_2.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\static_enUS.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\static_enUS_1.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\static_enUS_2.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\static_esES.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\static_esES_1.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\static_esES_2.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\static_esMX.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\static_esMX_1.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\static_esMX_2.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\static_frFR.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\static_frFR_1.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\static_frFR_2.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\static_koKR.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\static_koKR_1.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\static_koKR_2.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\static_ruRU.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\static_ruRU_1.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\static_ruRU_2.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\static_zhCN.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\static_zhTW.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\static_zhTW_1.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\static_zhTW_2.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\teleport.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\textviewer.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\timeslice.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\tomtom.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\tooltip.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\tracker.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\triangle.tga
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\upgrade.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface.20100605-091754\AddOns\QuestHelper\utility.lua
!-->[Hidden] C:\Program Files\World of Warcraft\Interface\AddOns\Blizzard_AchievementUI\Blizzard_AchievementUI.pub
!-->[Hidden] C:\Program Files\World of Warcraft\Interface\AddOns\Blizzard_ArenaUI\Blizzard_ArenaUI.pub
!-->[Hidden] C:\Program Files\World of Warcraft\Interface\AddOns\Blizzard_AuctionUI\Blizzard_AuctionUI.pub
!-->[Hidden] C:\Program Files\World of Warcraft\Interface\AddOns\Blizzard_BarbershopUI\Blizzard_BarbershopUI.pub
!-->[Hidden] C:\Program Files\World of Warcraft\Interface\AddOns\Blizzard_BattlefieldMinimap\Blizzard_BattlefieldMinimap.pub
!-->[Hidden] C:\Program Files\World of Warcraft\Interface\AddOns\Blizzard_BindingUI\Blizzard_BindingUI.pub
!-->[Hidden] C:\Program Files\World of Warcraft\Interface\AddOns\Blizzard_Calendar\Blizzard_Calendar.pub
!-->[Hidden] C:\Program Files\World of Warcraft\Interface\AddOns\Blizzard_CombatLog\Blizzard_CombatLog.pub
!-->[Hidden] C:\Program Files\World of Warcraft\Interface\AddOns\Blizzard_CombatText\Blizzard_CombatText.pub
!-->[Hidden] C:\Program Files\World of Warcraft\Interface\AddOns\Blizzard_DebugTools\Blizzard_DebugTools.pub
!-->[Hidden] C:\Program Files\World of Warcraft\Interface\AddOns\Blizzard_GlyphUI\Blizzard_GlyphUI.pub
!-->[Hidden] C:\Program Files\World of Warcraft\Interface\AddOns\Blizzard_GMChatUI\Blizzard_GMChatUI.pub
!-->[Hidden] C:\Program Files\World of Warcraft\Interface\AddOns\Blizzard_GMSurveyUI\Blizzard_GMSurveyUI.pub
!-->[Hidden] C:\Program Files\World of Warcraft\Interface\AddOns\Blizzard_GuildBankUI\Blizzard_GuildBankUI.pub
!-->[Hidden] C:\Program Files\World of Warcraft\Interface\AddOns\Blizzard_InspectUI\Blizzard_InspectUI.pub
!-->[Hidden] C:\Program Files\World of Warcraft\Interface\AddOns\Blizzard_ItemSocketingUI\Blizzard_ItemSocketingUI.pub
!-->[Hidden] C:\Program Files\World of Warcraft\Interface\AddOns\Blizzard_MacroUI\Blizzard_MacroUI.pub
!-->[Hidden] C:\Program Files\World of Warcraft\Interface\AddOns\Blizzard_RaidUI\Blizzard_RaidUI.pub
!-->[Hidden] C:\Program Files\World of Warcraft\Interface\AddOns\Blizzard_TalentUI\Blizzard_TalentUI.pub
!-->[Hidden] C:\Program Files\World of Warcraft\Interface\AddOns\Blizzard_TimeManager\Blizzard_TimeManager.pub
!-->[Hidden] C:\Program Files\World of Warcraft\Interface\AddOns\Blizzard_TokenUI\Blizzard_TokenUI.pub
!-->[Hidden] C:\Program Files\World of Warcraft\Interface\AddOns\Blizzard_TradeSkillUI\Blizzard_TradeSkillUI.pub
!-->[Hidden] C:\Program Files\World of Warcraft\Interface\AddOns\Blizzard_TrainerUI\Blizzard_TrainerUI.pub
!-->[Hidden] C:\Program Files\World of Warcraft\Launcher.exe
!-->[Hidden] C:\Program Files\World of Warcraft\Logs\Assert.log
!-->[Hidden] C:\Program Files\World of Warcraft\Logs\Blizzard Updater Log.html
!-->[Hidden] C:\Program Files\World of Warcraft\Logs\connection.log
!-->[Hidden] C:\Program Files\World of Warcraft\Logs\cpu.log
!-->[Hidden] C:\Program Files\World of Warcraft\Logs\Downloader.log
!-->[Hidden] C:\Program Files\World of Warcraft\Logs\FrameXML.log
!-->[Hidden] C:\Program Files\World of Warcraft\Logs\gx.log
!-->[Hidden] C:\Program Files\World of Warcraft\Logs\Launcher.log
!-->[Hidden] C:\Program Files\World of Warcraft\Logs\SESound.log
!-->[Hidden] C:\Program Files\World of Warcraft\Logs\Wrath of the Lich King Install Log.html
!-->[Hidden] C:\Program Files\World of Warcraft\Microsoft.VC80.CRT.manifest
!-->[Hidden] C:\Program Files\World of Warcraft\msvcr80.dll
!-->[Hidden] C:\Program Files\World of Warcraft\Patch.html
!-->[Hidden] C:\Program Files\World of Warcraft\Patch.txt
!-->[Hidden] C:\Program Files\World of Warcraft\Patches\WoW-3.0.9-to-3.1.0-enUS-Win-patch\Blizzard Updater.exe
!-->[Hidden] C:\Program Files\World of Warcraft\Patches\WoW-3.0.9-to-3.1.0-enUS-Win-patch\wow-final.MPQ
!-->[Hidden] C:\Program Files\World of Warcraft\Patches\WoW-3.0.9-to-3.1.0-enUS-Win-patch\wow-partial-1.MPQ
!-->[Hidden] C:\Program Files\World of Warcraft\Patches\WoW-3.0.9-to-3.1.0-enUS-Win-patch\wow-partial-2.MPQ
!-->[Hidden] C:\Program Files\World of Warcraft\Patches\WoW-3.1.3-to-3.2.0-enUS-Win-patch\Blizzard Updater.exe
!-->[Hidden] C:\Program Files\World of Warcraft\Patches\WoW-3.1.3-to-3.2.0-enUS-Win-patch\wow-final.MPQ
!-->[Hidden] C:\Program Files\World of Warcraft\Patches\WoW-3.1.3-to-3.2.0-enUS-Win-patch\wow-partial-1.MPQ
!-->[Hidden] C:\Program Files\World of Warcraft\Patches\WoW-3.1.3-to-3.2.0-enUS-Win-patch\wow-partial-2.MPQ
!-->[Hidden] C:\Program Files\World of Warcraft\Repair.exe
!-->[Hidden] C:\Program Files\World of Warcraft\Repair.log
!-->[Hidden] C:\Program Files\World of Warcraft\Scan.dll
!-->[Hidden] C:\Program Files\World of Warcraft\unicows.dll
!-->[Hidden] C:\Program Files\World of Warcraft\Updates\.DS_Store
!-->[Hidden] C:\Program Files\World of Warcraft\Updates\WoW-2.4.3-to-3.0.1-Classic-USMX-Update\Installer Tome 2.mpq
!-->[Hidden] C:\Program Files\World of Warcraft\Updates\WoW-2.4.3-to-3.0.1-Classic-USMX-Update\Installer Tome 3.mpq
!-->[Hidden] C:\Program Files\World of Warcraft\Updates\WoW-2.4.3-to-3.0.1-Classic-USMX-Update\Installer Tome.mpq
!-->[Hidden] C:\Program Files\World of Warcraft\Updates\WoW-2.4.3-to-3.0.1-Classic-USMX-Update\Updater.exe
!-->[Hidden] C:\Program Files\World of Warcraft\Updates\WoW-3.0.1-to-3.0.2-Update\Updater.exe
!-->[Hidden] C:\Program Files\World of Warcraft\Updates\WoW-3.0.1-to-3.0.2-Update\wow-final.MPQ
!-->[Hidden] C:\Program Files\World of Warcraft\Updates\WoW-3.0.1-to-3.0.2-Update\wow-partial-1.MPQ
!-->[Hidden] C:\Program Files\World of Warcraft\Updates\WoW-3.0.1-to-3.0.2-Update\wow-partial-2.MPQ
!-->[Hidden] C:\Program Files\World of Warcraft\Updates\wow-3.2.2-to-3.3.0-enUS-Win-patch\wow-partial-1.MPQ
!-->[Hidden] C:\Program Files\World of Warcraft\Updates\wow-3.2.2-to-3.3.0-enUS-Win-patch\wow-partial-2.MPQ
!-->[Hidden] C:\Program Files\World of Warcraft\Updates\wow-3.3.2-to-3.3.3-enUS-Win-patch\Blizzard Updater.exe
!-->[Hidden] C:\Program Files\World of Warcraft\Updates\wow-3.3.2-to-3.3.3-enUS-Win-patch\wow-final.MPQ
!-->[Hidden] C:\Program Files\World of Warcraft\Updates\wow-3.3.2-to-3.3.3-enUS-Win-patch\wow-partial-1.MPQ
!-->[Hidden] C:\Program Files\World of Warcraft\Updates\wow-3.3.2-to-3.3.3-enUS-Win-patch\wow-partial-2.MPQ
!-->[Hidden] C:\Program Files\World of Warcraft\WDB\baddons.wcf
!-->[Hidden] C:\Program Files\World of Warcraft\WoW-2.3.0.7561-to-2.4.0.8089-enUS-downloader.exe
!-->[Hidden] C:\Program Files\World of Warcraft\WoW-2.3.0.7561-to-2.4.0.8089-enUS-patch.exe
!-->[Hidden] C:\Program Files\World of Warcraft\WoW-2.4.0.8089-to-2.4.1.8125-enUS-downloader.exe
!-->[Hidden] C:\Program Files\World of Warcraft\WoW-2.4.0.8089-to-2.4.1.8125-enUS-patch.exe
!-->[Hidden] C:\Program Files\World of Warcraft\WoW-2.4.1.8125-to-2.4.2.8278-enUS-downloader.exe
!-->[Hidden] C:\Program Files\World of Warcraft\WoW-2.4.1.8125-to-2.4.2.8278-enUS-patch.exe
!-->[Hidden] C:\Program Files\World of Warcraft\WoW-2.4.2.8278-to-2.4.3.8606-enUS-downloader.exe
!-->[Hidden] C:\Program Files\World of Warcraft\WoW-2.4.2.8278-to-2.4.3.8606-enUS-patch.exe
!-->[Hidden] C:\Program Files\World of Warcraft\WoW-2.4.3-to-3.0.2-enUS-Win-Final-downloader.exe
!-->[Hidden] C:\Program Files\World of Warcraft\WoW-3.0.1-to-3.0.2-enUS-Win-Update-downloader.exe
!-->[Hidden] C:\Program Files\World of Warcraft\WoW-3.0.2.9056-to-3.0.3.9183-enUS-downloader.exe
!-->[Hidden] C:\Program Files\World of Warcraft\WoW-3.0.2.9056-to-3.0.3.9183-enUS-patch.exe
!-->[Hidden] C:\Program Files\World of Warcraft\WoW-3.0.3.9183-to-3.0.8.9464-enUS-downloader.exe
!-->[Hidden] C:\Program Files\World of Warcraft\WoW-3.0.3.9183-to-3.0.8.9464-enUS-patch.exe
!-->[Hidden] C:\Program Files\World of Warcraft\WoW-3.0.8.9464-to-3.0.8.9506-enUS-downloader.exe
!-->[Hidden] C:\Program Files\World of Warcraft\WoW-3.0.8.9464-to-3.0.8.9506-enUS-patch.exe
!-->[Hidden] C:\Program Files\World of Warcraft\WoW-3.0.8.9506-to-3.0.9.9551-enUS-downloader.exe
!-->[Hidden] C:\Program Files\World of Warcraft\WoW-3.0.8.9506-to-3.0.9.9551-enUS-patch.exe
!-->[Hidden] C:\Program Files\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe
!-->[Hidden] C:\Program Files\World of Warcraft\WoW-3.1.0.9767-to-3.1.1.9806-enUS-downloader.exe
!-->[Hidden] C:\Program Files\World of Warcraft\WoW-3.1.0.9767-to-3.1.1.9806-enUS-patch.exe
!-->[Hidden] C:\Program Files\World of Warcraft\WoW-3.1.1.9806-to-3.1.1.9835-enUS-downloader.exe
!-->[Hidden] C:\Program Files\World of Warcraft\WoW-3.1.1.9806-to-3.1.1.9835-enUS-patch.exe
!-->[Hidden] C:\Program Files\World of Warcraft\WoW-3.1.1.9835-to-3.1.2.9901-enUS-downloader.exe
!-->[Hidden] C:\Program Files\World of Warcraft\WoW-3.1.1.9835-to-3.1.2.9901-enUS-patch.exe
!-->[Hidden] C:\Program Files\World of Warcraft\WoW-3.1.2.9901-to-3.1.3.9947-enUS-downloader.exe
!-->[Hidden] C:\Program Files\World of Warcraft\WoW-3.1.2.9901-to-3.1.3.9947-enUS-patch.exe
!-->[Hidden] C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe
!-->[Hidden] C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe
!-->[Hidden] C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-patch.exe
!-->[Hidden] C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.3.0.10958-enUS-downloader.exe
!-->[Hidden] C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.3.0.10958-enUS-patch.exe
!-->[Hidden] C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe
!-->[Hidden] C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-patch.exe
!-->[Hidden] C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe
!-->[Hidden] C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-patch.exe
!-->[Hidden] C:\Program Files\World of Warcraft\WoW-3.3.0.10958-to-3.3.0.11159-enUS-downloader.exe
!-->[Hidden] C:\Program Files\World of Warcraft\WoW-3.3.0.10958-to-3.3.0.11159-enUS-patch.exe
!-->[Hidden] C:\Program Files\World of Warcraft\WoW-3.3.0.11159-to-3.3.2.11403-enUS-downloader.exe
!-->[Hidden] C:\Program Files\World of Warcraft\WoW-3.3.0.11159-to-3.3.2.11403-enUS-patch.exe
!-->[Hidden] C:\Program Files\World of Warcraft\WoW-3.3.2.11403-to-3.3.3.11685-enUS-downloader.exe
!-->[Hidden] C:\Program Files\World of Warcraft\WoW-3.3.3.11685-to-3.3.3.11723-enUS-downloader.exe
!-->[Hidden] C:\Program Files\World of Warcraft\WoW-3.3.3.11685-to-3.3.3.11723-enUS-patch.exe
!-->[Hidden] C:\Program Files\World of Warcraft\Wow.exe
!-->[Hidden] C:\Program Files\World of Warcraft\WowError.exe
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\BUCKARCHER\cache.md5
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\BUCKARCHER\config-cache.old
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\BUCKARCHER\config-cache.wtf
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\BUCKARCHER\Misha\Emmarina\chat-cache.old
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\BUCKARCHER\Misha\Emmarina\chat-cache.txt
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\BUCKARCHER\Misha\Emmarina\config-cache.old
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\BUCKARCHER\Misha\Emmarina\config-cache.wtf
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\BUCKARCHER\Misha\Emmarina\layout-local.txt
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\BUCKARCHER\Misha\Emmarina\SavedVariables.lua
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\BUCKARCHER\Misha\Emmarina\SavedVariables.lua.bak
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\BUCKARCHER\Misha\Emmarina\SavedVariables\Blizzard_TimeManager.lua
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\BUCKARCHER\Misha\Emmarina\SavedVariables\Blizzard_TimeManager.lua.bak
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\BUCKARCHER\Nazjatar\Alalie\chat-cache.txt
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\BUCKARCHER\Nazjatar\Alalie\config-cache.wtf
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\BUCKARCHER\Nazjatar\Alalie\layout-local.txt
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\BUCKARCHER\Nazjatar\Alalie\SavedVariables.lua
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\BUCKARCHER\Nazjatar\Alalie\SavedVariables\Blizzard_TimeManager.lua
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\BUCKARCHER\SavedVariables.lua
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\BUCKARCHER\SavedVariables.lua.bak
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\BUCKARCHER\SavedVariables\Blizzard_CombatLog.lua
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\BUCKARCHER\SavedVariables\Blizzard_CombatLog.lua.bak
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\BUCKARCHER\Scarlet Crusade\Nitelfhuntr\chat-cache.old
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\BUCKARCHER\Scarlet Crusade\Nitelfhuntr\chat-cache.txt
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\BUCKARCHER\Scarlet Crusade\Nitelfhuntr\config-cache.old
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\BUCKARCHER\Scarlet Crusade\Nitelfhuntr\config-cache.wtf
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\BUCKARCHER\Scarlet Crusade\Nitelfhuntr\layout-local.txt
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\BUCKARCHER\Scarlet Crusade\Nitelfhuntr\SavedVariables.lua
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\BUCKARCHER\Scarlet Crusade\Nitelfhuntr\SavedVariables.lua.bak
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\BUCKARCHER\Scarlet Crusade\Nitelfhuntr\SavedVariables\Blizzard_TimeManager.lua
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\BUCKARCHER\Scarlet Crusade\Nitelfhuntr\SavedVariables\Blizzard_TimeManager.lua.bak
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\MTYWELLS1979\cache.md5
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\MTYWELLS1979\config-cache.old
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\MTYWELLS1979\config-cache.oldsynchronizeConfig
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\MTYWELLS1979\config-cache.wtf
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\MTYWELLS1979\SavedVariables.lua
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\MTYWELLS1979\SavedVariables.lua.bak
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\MTYWELLS1979\SavedVariables\Blizzard_CombatLog.lua
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\MTYWELLS1979\SavedVariables\Blizzard_CombatLog.lua.bak
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\MTYWELLS1979\Scarlet Crusade\Steveschar\cache.md5
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\MTYWELLS1979\Scarlet Crusade\Steveschar\chat-cache.old
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\MTYWELLS1979\Scarlet Crusade\Steveschar\chat-cache.txt
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\MTYWELLS1979\Scarlet Crusade\Steveschar\config-cache.old
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\MTYWELLS1979\Scarlet Crusade\Steveschar\config-cache.wtf
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\MTYWELLS1979\Scarlet Crusade\Steveschar\layout-local.txt
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\MTYWELLS1979\Scarlet Crusade\Steveschar\SavedVariables.lua
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\MTYWELLS1979\Scarlet Crusade\Steveschar\SavedVariables.lua.bak
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\MTYWELLS1979\Scarlet Crusade\Steveschar\SavedVariables\Blizzard_TimeManager.lua
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\MTYWELLS1979\Scarlet Crusade\Steveschar\SavedVariables\Blizzard_TimeManager.lua.bak
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\cache.md5
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\config-cache.old
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\config-cache.oldsynchronizeConfig
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\config-cache.wtf
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Misha\Kyrea\cache.md5
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Misha\Kyrea\chat-cache.old
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Misha\Kyrea\chat-cache.txt
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Misha\Kyrea\config-cache.old
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Misha\Kyrea\config-cache.wtf
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Misha\Kyrea\layout-local.txt
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Misha\Kyrea\SavedVariables.lua
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Misha\Kyrea\SavedVariables.lua.bak
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Misha\Kyrea\SavedVariables\Blizzard_TimeManager.lua
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Misha\Kyrea\SavedVariables\Blizzard_TimeManager.lua.bak
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Misha\Kyrea\SavedVariables\QuestHelper.lua
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Misha\Kyrea\SavedVariables\QuestHelper.lua.bak
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\SavedVariables.lua
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\SavedVariables.lua.bak
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\SavedVariables\Blizzard_CombatLog.lua
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\SavedVariables\Blizzard_CombatLog.lua.bak
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\SavedVariables\CurseProfiler.lua
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\SavedVariables\CurseProfiler.lua.bak
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\SavedVariables\QuestHelper.lua
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\SavedVariables\QuestHelper.lua.bak
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Aarkend\cache.md5
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Aarkend\chat-cache.old
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Aarkend\chat-cache.txt
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Aarkend\config-cache.old
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Aarkend\config-cache.wtf
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Aarkend\layout-local.txt
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Aarkend\SavedVariables.lua
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Aarkend\SavedVariables.lua.bak
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Aarkend\SavedVariables\Blizzard_TimeManager.lua
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Aarkend\SavedVariables\Blizzard_TimeManager.lua.bak
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Aarkend\SavedVariables\QuestHelper.lua
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Aarkend\SavedVariables\QuestHelper.lua.bak
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Adowelm\cache.md5
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Adowelm\chat-cache.old
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Adowelm\chat-cache.txt
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Adowelm\config-cache.old
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Adowelm\config-cache.wtf
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Adowelm\layout-local.txt
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Adowelm\SavedVariables.lua
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Adowelm\SavedVariables.lua.bak
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Adowelm\SavedVariables\Blizzard_TimeManager.lua
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Adowelm\SavedVariables\Blizzard_TimeManager.lua.bak
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Adowelm\SavedVariables\QuestHelper.lua
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Adowelm\SavedVariables\QuestHelper.lua.bak
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Blackshear\cache.md5
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Blackshear\chat-cache.old
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Blackshear\chat-cache.txt
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Blackshear\config-cache.old
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Blackshear\config-cache.wtf
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Blackshear\layout-local.txt
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Blackshear\SavedVariables.lua
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Blackshear\SavedVariables.lua.bak
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Blackshear\SavedVariables\Blizzard_TimeManager.lua
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Blackshear\SavedVariables\Blizzard_TimeManager.lua.bak
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Blackshear\SavedVariables\QuestHelper.lua
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Blackshear\SavedVariables\QuestHelper.lua.bak
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Buckarcher\cache.md5
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Buckarcher\chat-cache.old
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Buckarcher\chat-cache.txt
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Buckarcher\config-cache.old
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Buckarcher\config-cache.wtf
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Buckarcher\layout-local.txt
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Buckarcher\SavedVariables.lua
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Buckarcher\SavedVariables.lua.bak
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Buckarcher\SavedVariables\Blizzard_TimeManager.lua
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Buckarcher\SavedVariables\Blizzard_TimeManager.lua.bak
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Buckarcher\SavedVariables\QuestHelper.lua
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Buckarcher\SavedVariables\QuestHelper.lua.bak
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Horlynne\cache.md5
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Horlynne\chat-cache.old
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Horlynne\chat-cache.txt
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Horlynne\config-cache.old
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Horlynne\config-cache.wtf
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Horlynne\layout-local.txt
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Horlynne\SavedVariables.lua
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Horlynne\SavedVariables.lua.bak
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Horlynne\SavedVariables\Blizzard_TimeManager.lua
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Horlynne\SavedVariables\Blizzard_TimeManager.lua.bak
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Horlynne\SavedVariables\QuestHelper.lua
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Horlynne\SavedVariables\QuestHelper.lua.bak
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Krishar\cache.md5
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Krishar\chat-cache.old
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Krishar\chat-cache.txt
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Krishar\config-cache.old
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Krishar\config-cache.wtf
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Krishar\layout-local.txt
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Krishar\SavedVariables.lua
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Krishar\SavedVariables.lua.bak
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Krishar\SavedVariables\Blizzard_TimeManager.lua
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Krishar\SavedVariables\Blizzard_TimeManager.lua.bak
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Krishar\SavedVariables\QuestHelper.lua
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Krishar\SavedVariables\QuestHelper.lua.bak
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Razbirn\cache.md5
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Razbirn\chat-cache.old
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Razbirn\chat-cache.txt
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Razbirn\config-cache.old
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Razbirn\config-cache.wtf
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Razbirn\layout-local.txt
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Razbirn\SavedVariables.lua
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Razbirn\SavedVariables.lua.bak
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Razbirn\SavedVariables\Blizzard_BattlefieldMinimap.lua
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Razbirn\SavedVariables\Blizzard_BattlefieldMinimap.lua.bak
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Razbirn\SavedVariables\Blizzard_RaidUI.lua
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Razbirn\SavedVariables\Blizzard_RaidUI.lua.bak
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Razbirn\SavedVariables\Blizzard_TimeManager.lua
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Razbirn\SavedVariables\Blizzard_TimeManager.lua.bak
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Razbirn\SavedVariables\QuestHelper.lua
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Razbirn\SavedVariables\QuestHelper.lua.bak
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Titrakna\cache.md5
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Titrakna\chat-cache.old
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Titrakna\chat-cache.txt
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Titrakna\config-cache.old
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Titrakna\config-cache.wtf
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Titrakna\layout-local.txt
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Titrakna\SavedVariables.lua
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Titrakna\SavedVariables.lua.bak
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Titrakna\SavedVariables\Blizzard_TimeManager.lua
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Titrakna\SavedVariables\Blizzard_TimeManager.lua.bak
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Titrakna\SavedVariables\QuestHelper.lua
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEISTJR\Scarlet Crusade\Titrakna\SavedVariables\QuestHelper.lua.bak
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEIST\cache.md5
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEIST\config-cache.oldsynchronizeConfig
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEIST\config-cache.wtf
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEIST\Misha\Buckarcher\cache.md5
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEIST\Misha\Buckarcher\chat-cache.txt
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEIST\Misha\Buckarcher\config-cache.wtf
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEIST\Misha\Buckarcher\layout-local.txt
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEIST\Misha\Buckarcher\SavedVariables.lua
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEIST\Misha\Buckarcher\SavedVariables\Blizzard_TimeManager.lua
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEIST\SavedVariables.lua
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEIST\SavedVariables.lua.bak
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEIST\SavedVariables\Blizzard_CombatLog.lua
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEIST\SavedVariables\Blizzard_CombatLog.lua.bak
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEIST\Scarlet Crusade\Chastitty\cache.md5
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEIST\Scarlet Crusade\Chastitty\chat-cache.txt
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEIST\Scarlet Crusade\Chastitty\config-cache.wtf
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEIST\Scarlet Crusade\Chastitty\layout-local.txt
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEIST\Scarlet Crusade\Chastitty\SavedVariables.lua
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEIST\Scarlet Crusade\Chastitty\SavedVariables\Blizzard_TimeManager.lua
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEIST\Scarlet Crusade\Jabdor\cache.md5
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEIST\Scarlet Crusade\Jabdor\chat-cache.old
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEIST\Scarlet Crusade\Jabdor\chat-cache.txt
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEIST\Scarlet Crusade\Jabdor\config-cache.old
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEIST\Scarlet Crusade\Jabdor\config-cache.wtf
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEIST\Scarlet Crusade\Jabdor\layout-local.txt
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEIST\Scarlet Crusade\Jabdor\SavedVariables.lua
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEIST\Scarlet Crusade\Jabdor\SavedVariables.lua.bak
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEIST\Scarlet Crusade\Jabdor\SavedVariables\Blizzard_TimeManager.lua
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Account\SMLEIST\Scarlet Crusade\Jabdor\SavedVariables\Blizzard_TimeManager.lua.bak
!-->[Hidden] C:\Program Files\World of Warcraft\WTF.20100605-091754\Config.wtf
!-->[Hidden] C:\Program Files\World of Warcraft\WTF\Account\SMLEISTJR\cache.md5
!-->[Hidden] C:\Program Files\World of Warcraft\WTF\Account\SMLEISTJR\config-cache.old
!-->[Hidden] C:\Program Files\World of Warcraft\WTF\Account\SMLEISTJR\config-cache.wtf
!-->[Hidden] C:\Program Files\World of Warcraft\WTF\Account\SMLEISTJR\Dentarg\Hala\cache.md5
!-->[Hidden] C:\Program Files\World of Warcraft\WTF\Account\SMLEISTJR\Dentarg\Hala\chat-cache.txt
!-->[Hidden] C:\Program Files\World of Warcraft\WTF\Account\SMLEISTJR\Dentarg\Hala\config-cache.wtf
!-->[Hidden] C:\Program Files\World of Warcraft\WTF\Account\SMLEISTJR\Dentarg\Hala\layout-local.txt
!-->[Hidden] C:\Program Files\World of Warcraft\WTF\Account\SMLEISTJR\Dentarg\Hala\SavedVariables.lua
!-->[Hidden] C:\Program Files\World of Warcraft\WTF\Account\SMLEISTJR\Dentarg\Hala\SavedVariables\Blizzard_TimeManager.lua
!-->[Hidden] C:\Program Files\World of Warcraft\WTF\Account\SMLEISTJR\Misha\Kyrea\cache.md5
!-->[Hidden] C:\Program Files\World of Warcraft\WTF\Account\SMLEISTJR\Misha\Kyrea\chat-cache.txt
!-->[Hidden] C:\Program Files\World of Warcraft\WTF\Account\SMLEISTJR\Misha\Kyrea\config-cache.wtf
!-->[Hidden] C:\Program Files\World of Warcraft\WTF\Account\SMLEISTJR\Misha\Kyrea\layout-local.txt
!-->[Hidden] C:\Program Files\World of Warcraft\WTF\Account\SMLEISTJR\Misha\Kyrea\SavedVariables.lua
!-->[Hidden] C:\Program Files\World of Warcraft\WTF\Account\SMLEISTJR\Misha\Kyrea\SavedVariables\Blizzard_TimeManager.lua
!-->[Hidden] C:\Program Files\World of Warcraft\WTF\Account\SMLEISTJR\SavedVariables.lua
!-->[Hidden] C:\Program Files\World of Warcraft\WTF\Account\SMLEISTJR\SavedVariables.lua.bak
!-->[Hidden] C:\Program Files\World of Warcraft\WTF\Account\SMLEISTJR\SavedVariables\Blizzard_CombatLog.lua
!-->[Hidden] C:\Program Files\World of Warcraft\WTF\Account\SMLEISTJR\SavedVariables\Blizzard_CombatLog.lua.bak
!-->[Hidden] C:\Program Files\World of Warcraft\WTF\Account\SMLEISTJR\Scarlet Crusade\Aarkend\cache.md5
!-->[Hidden] C:\Program Files\World of Warcraft\WTF\Account\SMLEISTJR\Scarlet Crusade\Aarkend\chat-cache.txt
!-->[Hidden] C:\Program Files\World of Warcraft\WTF\Account\SMLEISTJR\Scarlet Crusade\Aarkend\config-cache.wtf
!-->[Hidden] C:\Program Files\World of Warcraft\WTF\Account\SMLEISTJR\Scarlet Crusade\Aarkend\layout-local.txt
!-->[Hidden] C:\Program Files\World of Warcraft\WTF\Account\SMLEISTJR\Scarlet Crusade\Aarkend\SavedVariables.lua
!-->[Hidden] C:\Program Files\World of Warcraft\WTF\Account\SMLEISTJR\Scarlet Crusade\Aarkend\SavedVariables\Blizzard_TimeManager.lua
!-->[Hidden] C:\Program Files\World of Warcraft\WTF\Account\SMLEISTJR\Scarlet Crusade\Buckarcher\cache.md5
!-->[Hidden] C:\Program Files\World of Warcraft\WTF\Account\SMLEISTJR\Scarlet Crusade\Buckarcher\chat-cache.old
!-->[Hidden] C:\Program Files\World of Warcraft\WTF\Account\SMLEISTJR\Scarlet Crusade\Buckarcher\chat-cache.txt
!-->[Hidden] C:\Program Files\World of Warcraft\WTF\Account\SMLEISTJR\Scarlet Crusade\Buckarcher\config-cache.old
!-->[Hidden] C:\Program Files\World of Warcraft\WTF\Account\SMLEISTJR\Scarlet Crusade\Buckarcher\config-cache.wtf
!-->[Hidden] C:\Program Files\World of Warcraft\WTF\Account\SMLEISTJR\Scarlet Crusade\Buckarcher\layout-local.txt
!-->[Hidden] C:\Program Files\World of Warcraft\WTF\Account\SMLEISTJR\Scarlet Crusade\Buckarcher\SavedVariables.lua
!-->[Hidden] C:\Program Files\World of Warcraft\WTF\Account\SMLEISTJR\Scarlet Crusade\Buckarcher\SavedVariables.lua.bak
!-->[Hidden] C:\Program Files\World of Warcraft\WTF\Account\SMLEISTJR\Scarlet Crusade\Buckarcher\SavedVariables\Blizzard_TimeManager.lua
!-->[Hidden] C:\Program Files\World of Warcraft\WTF\Account\SMLEISTJR\Scarlet Crusade\Buckarcher\SavedVariables\Blizzard_TimeManager.lua.bak
!-->[Hidden] C:\Program Files\World of Warcraft\WTF\Account\SMLEISTJR\Scarlet Crusade\Razbirn\cache.md5
!-->[Hidden] C:\Program Files\World of Warcraft\WTF\Account\SMLEISTJR\Scarlet Crusade\Razbirn\chat-cache.old
!-->[Hidden] C:\Program Files\World of Warcraft\WTF\Account\SMLEISTJR\Scarlet Crusade\Razbirn\chat-cache.txt
!-->[Hidden] C:\Program Files\World of Warcraft\WTF\Account\SMLEISTJR\Scarlet Crusade\Razbirn\config-cache.old
!-->[Hidden] C:\Program Files\World of Warcraft\WTF\Account\SMLEISTJR\Scarlet Crusade\Razbirn\config-cache.wtf
!-->[Hidden] C:\Program Files\World of Warcraft\WTF\Account\SMLEISTJR\Scarlet Crusade\Razbirn\layout-local.txt
!-->[Hidden] C:\Program Files\World of Warcraft\WTF\Account\SMLEISTJR\Scarlet Crusade\Razbirn\SavedVariables.lua
!-->[Hidden] C:\Program Files\World of Warcraft\WTF\Account\SMLEISTJR\Scarlet Crusade\Razbirn\SavedVariables.lua.bak
!-->[Hidden] C:\Program Files\World of Warcraft\WTF\Account\SMLEISTJR\Scarlet Crusade\Razbirn\SavedVariables\Blizzard_BattlefieldMinimap.lua
!-->[Hidden] C:\Program Files\World of Warcraft\WTF\Account\SMLEISTJR\Scarlet Crusade\Razbirn\SavedVariables\Blizzard_BattlefieldMinimap.lua.bak
!-->[Hidden] C:\Program Files\World of Warcraft\WTF\Account\SMLEISTJR\Scarlet Crusade\Razbirn\SavedVariables\Blizzard_TimeManager.lua
!-->[Hidden] C:\Program Files\World of Warcraft\WTF\Account\SMLEISTJR\Scarlet Crusade\Razbirn\SavedVariables\Blizzard_TimeManager.lua.bak
!-->[Hidden] C:\Program Files\World of Warcraft\WTF\Config.wtf
smleist
Regular Member
 
Posts: 23
Joined: July 5th, 2010, 3:34 pm

Re: In need of help please.

Unread postby smleist » July 14th, 2010, 5:40 am

(cont.)
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\2c0d861a85182505b6e0107596abb839\SP2GDR\helpsvc.exe
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\2c0d861a85182505b6e0107596abb839\SP2QFE\helpsvc.exe
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\2c0d861a85182505b6e0107596abb839\SP3GDR\helpsvc.exe
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\2c0d861a85182505b6e0107596abb839\SP3QFE\helpsvc.exe
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\2c0d861a85182505b6e0107596abb839\spmsg.dll
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\2c0d861a85182505b6e0107596abb839\spuninst.exe
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\2c0d861a85182505b6e0107596abb839\update\branches.inf
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\2c0d861a85182505b6e0107596abb839\update\eula.txt
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\2c0d861a85182505b6e0107596abb839\update\KB2229593.CAT
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\2c0d861a85182505b6e0107596abb839\update\spcustom.dll
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\2c0d861a85182505b6e0107596abb839\update\update.exe
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\2c0d861a85182505b6e0107596abb839\update\update.ver
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\2c0d861a85182505b6e0107596abb839\update\updatebr.inf
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\2c0d861a85182505b6e0107596abb839\update\update_SP2GDR.inf
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\2c0d861a85182505b6e0107596abb839\update\update_SP2QFE.inf
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\2c0d861a85182505b6e0107596abb839\update\update_SP3GDR.inf
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\2c0d861a85182505b6e0107596abb839\update\update_SP3QFE.inf
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\2c0d861a85182505b6e0107596abb839\update\updspapi.dll
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\2c0d861a85182505b6e0107596abb839\_downloadprogress_.state
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\2c0d861a85182505b6e0107596abb839\_file_to_execute_.txt
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\2c0d861a85182505b6e0107596abb839\_unpacked_.state
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\2c0d861a85182505b6e0107596abb839\_useselfcontained_.state
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x0002D4B0, Type: Inline - RelativeJump 0x805044B0-->8050443E [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002D518, Type: Inline - RelativeJump 0x80504518-->8050450E [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002D5D1, Type: Inline - RelativeJump 0x805045D1-->805045C8 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002D61C, Type: Inline - RelativeJump 0x8050461C-->805045AA [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002D801, Type: Inline - RelativeJump 0x80504801-->805047F2 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0006ECAE, Type: Inline - RelativeJump 0x80545CAE-->80545CB5 [ntkrnlpa.exe]
[148]ccApp.exe-->user32.dll-->AdjustWindowRect, Type: Inline - RelativeJump 0x7E431140-->00000000 [SymTheme.dll]
[148]ccApp.exe-->user32.dll-->AdjustWindowRectEx, Type: Inline - RelativeJump 0x7E42E7EA-->00000000 [SymTheme.dll]
[148]ccApp.exe-->user32.dll-->EnableScrollBar, Type: Inline - RelativeJump 0x7E468005-->00000000 [SymTheme.dll]
[148]ccApp.exe-->user32.dll-->EnableScrollBar, Type: Inline - SEH 0x7E46800A [unknown_code_page]
[148]ccApp.exe-->user32.dll-->EnableScrollBar, Type: Inline - SEH 0x7E46800B [unknown_code_page]
[148]ccApp.exe-->user32.dll-->GetScrollInfo, Type: Inline - RelativeJump 0x7E42DFE2-->00000000 [SymTheme.dll]
[148]ccApp.exe-->user32.dll-->GetScrollInfo, Type: Inline - SEH 0x7E42DFE7 [unknown_code_page]
[148]ccApp.exe-->user32.dll-->GetScrollInfo, Type: Inline - SEH 0x7E42DFE8 [unknown_code_page]
[148]ccApp.exe-->user32.dll-->GetScrollPos, Type: Inline - RelativeJump 0x7E42F704-->00000000 [SymTheme.dll]
[148]ccApp.exe-->user32.dll-->GetScrollRange, Type: Inline - RelativeJump 0x7E42F787-->00000000 [SymTheme.dll]
[148]ccApp.exe-->user32.dll-->GetSysColor, Type: Inline - RelativeJump 0x7E418E78-->00000000 [SymTheme.dll]
[148]ccApp.exe-->user32.dll-->GetSysColorBrush, Type: Inline - RelativeJump 0x7E418EAB-->00000000 [SymTheme.dll]
[148]ccApp.exe-->user32.dll-->SetScrollInfo, Type: Inline - RelativeJump 0x7E419056-->00000000 [SymTheme.dll]
[148]ccApp.exe-->user32.dll-->SetScrollInfo, Type: Inline - SEH 0x7E41905B [unknown_code_page]
[148]ccApp.exe-->user32.dll-->SetScrollInfo, Type: Inline - SEH 0x7E41905C [unknown_code_page]
[148]ccApp.exe-->user32.dll-->SetScrollPos, Type: Inline - RelativeJump 0x7E42F750-->00000000 [SymTheme.dll]
[148]ccApp.exe-->user32.dll-->SetScrollRange, Type: Inline - RelativeJump 0x7E42F99B-->00000000 [SymTheme.dll]
[148]ccApp.exe-->user32.dll-->ShowScrollBar, Type: Inline - RelativeJump 0x7E42F2F2-->00000000 [SymTheme.dll]
[1864]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[1864]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[1864]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[1864]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[1864]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[1864]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D9314B0-->00000000 [shimeng.dll]
[1864]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]
smleist
Regular Member
 
Posts: 23
Joined: July 5th, 2010, 3:34 pm

Re: In need of help please.

Unread postby smleist » July 14th, 2010, 5:41 am

Logfile of random's system information tool 1.08 (written by random/random)
Run by The Leist Family at 2010-07-14 05:29:22
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 13 GB (11%) free of 114 GB
Total RAM: 1023 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:29:43 AM, on 7/14/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe
C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\The Leist Family\Desktop\RSIT.exe
C:\Program Files\trend micro\The Leist Family.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 4764857875
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: ASWLNDLL - ASWLNDLL.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Emma Device Management (EmmaDevMgmtSvc) - Sony Ericsson Mobile Communications - C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe
O23 - Service: Emma Update Management (EmmaUpdMgmtSvc) - Sony Ericsson Mobile Communications - C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 10880 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-746137067-573735546-682003330-1004.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-746137067-573735546-682003330-1004.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{6496CA5C-9019-481C-8215-48A66F18B7A8}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2010-03-23 1205560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2010-06-19 61888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}]
C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll [2007-02-19 97960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-04-30 341600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-04-30 279664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2010-04-30 812528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
MSN Toolbar Helper - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll [2009-03-13 82768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-12 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-12 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2010-03-23 158520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2010-03-23 1205560]
{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - MSN Toolbar - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll [2009-03-13 82768]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-04-30 279664]
{90222687-F593-4738-B738-FBEE9C7B26DF} - Show Norton Toolbar - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll [2007-02-19 609424]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2009-02-03 111856]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-19 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-04-30 202256]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-06-02 1144104]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2007-01-10 115816]
"Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2006-08-03 577536]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Search Protection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2009-02-03 111856]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-04-30 39408]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-19 35760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppMgrGui]
C:\Program Files\AppStream\WindowsClient\bin\exeForService.exe [2006-09-27 24064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CurseClient]
C:\Program Files\Curse\CurseClient.exe [2010-01-22 1845248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE [2007-08-06 200704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2009-09-24 434176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-04-30 202256]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
C:\PROGRA~1\COMMON~1\AUTODE~1\ACSTAR~1.EXE [2006-03-05 11000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk]
C:\APPSTR~1\FltRoot\181094~1\PROGRA~1\PRINTM~1\Remind.exe [2006-02-22 344064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2005-05-11 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wlidsvc"=2
"SeaPort"=3
"ose"=3
"odserv"=3
"LiveUpdate Notice"=2
"LiveUpdate"=3
"JavaQuickStarterService"=2
"gupdate"=2
"comHost"=2
"Automatic LiveUpdate Scheduler"=2
"Autodesk Licensing Service"=3
"AppMgrService"=2
"IntuitUpdateService"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ASWLNDLL]
C:\WINDOWS\system32\ASWLNDLL.dll [2007-05-13 6656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-08-03 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Curse\CurseClient.exe"="C:\Program Files\Curse\CurseClient.exe:*:Enabled:Curse Client"
"C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe"="C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.2"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\Launcher.exe"="C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe"="C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe"="C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server"
"C:\Program Files\Sony Ericsson\Update Service\Update Service.exe"="C:\Program Files\Sony Ericsson\Update Service\Update Service.exe:*:Enabled:Update Service"
"C:\Program Files\Sony Ericsson\SEMC OMSI Module\SEMC OMSI Module.exe"="C:\Program Files\Sony Ericsson\SEMC OMSI Module\SEMC OMSI Module.exe:*:Enabled:SEMC OMSI Module"
"C:\Program Files\Common Files\cass.exe"="C:\Program Files\Common Files\cass.exe:*:Enabled:cass"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

======File associations======

.scr - open - "C:\WINDOWS\system32\NOTEPAD.EXE" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 3 months======

2010-07-14 05:29:22 ----D---- C:\rsit
2010-07-14 03:00:25 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2010-07-14 03:00:15 ----D---- C:\WINDOWS\LastGood
2010-07-13 16:12:28 ----D---- C:\Program Files\The Fifth Gate
2010-07-07 21:13:50 ----D---- C:\Program Files\Midnight Mysteries - Salem Witch Trials
2010-07-05 10:33:17 ----HDC---- C:\WINDOWS\$NtUninstallKB953155$
2010-07-05 10:29:58 ----HDC---- C:\WINDOWS\$NtUninstallKB982381$
2010-07-05 10:10:39 ----D---- C:\WINDOWS\Prefetch
2010-07-05 10:06:05 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2010-07-05 09:42:29 ----A---- C:\WINDOWS\005950_.tmp
2010-07-04 22:56:59 ----SHD---- C:\RECYCLER
2010-07-04 19:45:39 ----HDC---- C:\WINDOWS\$NtUninstallKB899587$
2010-07-04 19:45:27 ----HDC---- C:\WINDOWS\$NtUninstallKB924191$
2010-07-04 19:45:12 ----HDC---- C:\WINDOWS\$NtUninstallKB922819$
2010-07-04 19:44:59 ----HDC---- C:\WINDOWS\$NtUninstallKB885835$
2010-07-04 19:44:49 ----HDC---- C:\WINDOWS\$NtUninstallKB885836$
2010-07-04 19:44:40 ----HDC---- C:\WINDOWS\$NtUninstallKB923414$
2010-07-04 19:44:31 ----HDC---- C:\WINDOWS\$NtUninstallKB921883$
2010-07-04 19:44:21 ----HDC---- C:\WINDOWS\$NtUninstallKB911927$
2010-07-04 19:44:11 ----HDC---- C:\WINDOWS\$NtUninstallKB922616$
2010-07-04 19:44:02 ----HDC---- C:\WINDOWS\$NtUninstallKB901017$
2010-07-04 19:43:53 ----HDC---- C:\WINDOWS\$NtUninstallKB899591$
2010-07-04 19:43:43 ----HDC---- C:\WINDOWS\$NtUninstallKB920685$
2010-07-04 19:43:32 ----HDC---- C:\WINDOWS\$NtUninstallKB896424$
2010-07-04 19:43:22 ----HDC---- C:\WINDOWS\$NtUninstallKB893756$
2010-07-04 19:43:13 ----HDC---- C:\WINDOWS\$NtUninstallKB911280$
2010-07-04 19:43:04 ----HDC---- C:\WINDOWS\$NtUninstallKB911562$
2010-07-04 19:42:55 ----HDC---- C:\WINDOWS\$NtUninstallKB896423$
2010-07-04 19:42:45 ----HDC---- C:\WINDOWS\$NtUninstallKB873339$
2010-07-04 19:42:34 ----HDC---- C:\WINDOWS\$NtUninstallKB924496$
2010-07-04 19:42:22 ----HDC---- C:\WINDOWS\$NtUninstallKB921398$
2010-07-04 19:42:11 ----HDC---- C:\WINDOWS\$NtUninstallKB896358$
2010-07-04 19:42:01 ----HDC---- C:\WINDOWS\$NtUninstallKB910437$
2010-07-04 19:41:51 ----HDC---- C:\WINDOWS\$NtUninstallKB911564$
2010-07-04 19:41:12 ----HDC---- C:\WINDOWS\$NtUninstallKB920670$
2010-07-04 19:41:03 ----HDC---- C:\WINDOWS\$NtUninstallKB891781$
2010-07-04 19:40:54 ----HDC---- C:\WINDOWS\$NtUninstallKB890046$
2010-07-04 19:40:45 ----HDC---- C:\WINDOWS\$NtUninstallKB919007$
2010-07-04 19:40:36 ----HDC---- C:\WINDOWS\$NtUninstallKB914388$
2010-07-04 19:40:26 ----HDC---- C:\WINDOWS\$NtUninstallKB917344$
2010-07-04 19:40:15 ----HDC---- C:\WINDOWS\$NtUninstallKB873333$
2010-07-04 19:40:05 ----HDC---- C:\WINDOWS\$NtUninstallKB905414$
2010-07-04 19:39:56 ----HDC---- C:\WINDOWS\$NtUninstallKB917953$
2010-07-04 19:39:46 ----HDC---- C:\WINDOWS\$NtUninstallKB901214$
2010-07-04 19:39:37 ----HDC---- C:\WINDOWS\$NtUninstallKB923191$
2010-07-04 19:39:28 ----HDC---- C:\WINDOWS\$NtUninstallKB917422$
2010-07-04 19:39:18 ----HDC---- C:\WINDOWS\$NtUninstallKB888302$
2010-07-04 19:39:08 ----HDC---- C:\WINDOWS\$NtUninstallKB900725$
2010-07-04 19:38:58 ----HDC---- C:\WINDOWS\$NtUninstallKB912919$
2010-07-04 19:38:49 ----HDC---- C:\WINDOWS\$NtUninstallKB904706$
2010-07-04 19:38:38 ----HDC---- C:\WINDOWS\$NtUninstallKB908531$
2010-07-04 19:38:29 ----HDC---- C:\WINDOWS\$NtUninstallKB905749$
2010-07-04 19:38:16 ----HDC---- C:\WINDOWS\$NtUninstallKB913580$
2010-07-04 19:38:05 ----HDC---- C:\WINDOWS\$NtUninstallKB896428$
2010-07-04 19:35:23 ----HDC---- C:\WINDOWS\$NtUninstallKB908519$
2010-07-04 19:35:14 ----HDC---- C:\WINDOWS\$NtUninstallKB920683$
2010-07-04 19:35:04 ----HDC---- C:\WINDOWS\$NtUninstallKB914389$
2010-07-04 19:34:48 ----HDC---- C:\WINDOWS\$NtUninstallKB890859$
2010-07-04 19:29:44 ----A---- C:\WINDOWS\system32\wmpns.dll
2010-07-04 19:09:53 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2010-07-04 17:42:45 ----A---- C:\WINDOWS\system32\winhttp.dll
2010-07-04 17:42:45 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2010-07-04 17:15:34 ----A---- C:\ComboFix.txt
2010-07-04 16:54:01 ----D---- C:\ComboFix
2010-07-04 16:22:29 ----A---- C:\WINDOWS\system32\drivers\wstcodec.sys
2010-07-04 16:22:28 ----A---- C:\WINDOWS\system32\drivers\ccdecode.sys
2010-07-04 16:22:26 ----A---- C:\WINDOWS\system32\drivers\mstee.sys
2010-07-04 16:22:22 ----A---- C:\WINDOWS\system32\drivers\nabtsfec.sys
2010-07-04 16:21:36 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2010-07-04 16:21:06 ----A---- C:\WINDOWS\system32\safrslv.dll
2010-07-04 16:21:06 ----A---- C:\WINDOWS\system32\safrdm.dll
2010-07-04 16:21:06 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2010-07-04 16:21:05 ----A---- C:\WINDOWS\system32\racpldlg.dll
2010-07-04 16:21:02 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2010-07-04 16:21:02 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2010-07-04 16:21:01 ----A---- C:\WINDOWS\system32\inetres.dll
2010-07-04 16:20:59 ----A---- C:\WINDOWS\system32\isign32.dll
2010-07-04 16:20:59 ----A---- C:\WINDOWS\system32\icwphbk.dll
2010-07-04 16:20:59 ----A---- C:\WINDOWS\system32\icwdial.dll
2010-07-04 16:20:58 ----A---- C:\WINDOWS\system32\inetcfg.dll
2010-07-04 16:20:49 ----A---- C:\WINDOWS\system32\qmgr.dll
2010-07-04 16:20:42 ----A---- C:\WINDOWS\system32\srsvc.dll
2010-07-04 16:20:42 ----A---- C:\WINDOWS\system32\srrstr.dll
2010-07-04 16:20:42 ----A---- C:\WINDOWS\system32\srclient.dll
2010-07-04 16:20:41 ----A---- C:\WINDOWS\system32\drivers\sr.sys
2010-07-04 16:20:40 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2010-07-04 16:20:40 ----A---- C:\WINDOWS\system32\mnmdd.dll
2010-07-04 16:20:40 ----A---- C:\WINDOWS\system32\ils.dll
2010-07-04 16:20:39 ----A---- C:\WINDOWS\system32\msconf.dll
2010-07-04 16:20:36 ----A---- C:\WINDOWS\system32\msoert2.dll
2010-07-04 16:20:35 ----A---- C:\WINDOWS\system32\msoeacct.dll
2010-07-04 16:20:34 ----A---- C:\WINDOWS\system32\inetcomm.dll
2010-07-04 16:20:33 ----A---- C:\WINDOWS\system32\schedsvc.dll
2010-07-04 16:20:33 ----A---- C:\WINDOWS\system32\mstinit.exe
2010-07-04 16:20:33 ----A---- C:\WINDOWS\system32\mstask.dll
2010-07-04 16:18:13 ----A---- C:\WINDOWS\system32\accwiz.exe
2010-07-04 16:18:12 ----A---- C:\WINDOWS\system32\sndrec32.exe
2010-07-04 16:18:12 ----A---- C:\WINDOWS\system32\hypertrm.dll
2010-07-04 16:18:11 ----A---- C:\WINDOWS\system32\rdshost.exe
2010-07-04 16:18:11 ----A---- C:\WINDOWS\system32\qprocess.exe
2010-07-04 16:18:11 ----A---- C:\WINDOWS\system32\mtxoci.dll
2010-07-04 16:18:11 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2010-07-04 16:18:11 ----A---- C:\WINDOWS\system32\drivers\tdtcp.sys
2010-07-04 16:18:11 ----A---- C:\WINDOWS\system32\drivers\tdpipe.sys
2010-07-04 16:18:10 ----A---- C:\WINDOWS\system32\xolehlp.dll
2010-07-04 16:18:10 ----A---- C:\WINDOWS\system32\msdtctm.dll
2010-07-04 16:18:10 ----A---- C:\WINDOWS\system32\msdtclog.dll
2010-07-04 16:18:10 ----A---- C:\WINDOWS\system32\msdtc.exe
2010-07-04 16:18:09 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2010-07-04 16:18:08 ----A---- C:\WINDOWS\system32\stclient.dll
2010-07-04 16:18:08 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2010-07-04 16:18:08 ----A---- C:\WINDOWS\system32\mtxex.dll
2010-07-04 16:18:08 ----A---- C:\WINDOWS\system32\mtxdm.dll
2010-07-04 16:18:08 ----A---- C:\WINDOWS\system32\comrepl.dll
2010-07-04 16:18:08 ----A---- C:\WINDOWS\system32\comaddin.dll
2010-07-04 16:18:08 ----A---- C:\WINDOWS\system32\colbact.dll
2010-07-04 16:18:08 ----A---- C:\WINDOWS\system32\clbcatex.dll
2010-07-04 16:18:08 ----A---- C:\WINDOWS\system32\catsrvps.dll
2010-07-04 16:18:07 ----A---- C:\WINDOWS\system32\comuid.dll
2010-07-04 16:18:07 ----A---- C:\WINDOWS\system32\comsnap.dll
2010-07-04 16:18:07 ----A---- C:\WINDOWS\system32\catsrv.dll
2010-07-04 16:18:06 ----A---- C:\WINDOWS\system32\clbcatq.dll
2010-07-04 16:18:02 ----A---- C:\WINDOWS\system32\servdeps.dll
2010-07-04 16:18:02 ----A---- C:\WINDOWS\system32\mmfutil.dll
2010-07-04 16:18:02 ----A---- C:\WINDOWS\system32\cmprops.dll
2010-07-04 16:18:01 ----A---- C:\WINDOWS\system32\mspaint.exe
2010-07-04 16:18:01 ----A---- C:\WINDOWS\system32\mplay32.exe
2010-07-04 16:18:00 ----A---- C:\WINDOWS\system32\wuauclt.exe
2010-07-04 16:18:00 ----A---- C:\WINDOWS\system32\spider.exe
2010-07-04 16:18:00 ----A---- C:\WINDOWS\system32\clipbrd.exe
2010-07-04 16:17:59 ----A---- C:\WINDOWS\system32\wuauserv.dll
2010-07-04 16:17:59 ----A---- C:\WINDOWS\system32\wuaueng.dll
2010-07-04 16:17:59 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2010-07-04 16:17:59 ----A---- C:\WINDOWS\system32\drivers\rdpwd.sys
2010-07-04 16:17:58 ----A---- C:\WINDOWS\system32\sessmgr.exe
2010-07-04 16:17:58 ----A---- C:\WINDOWS\system32\remotepg.dll
2010-07-04 16:17:58 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2010-07-04 16:17:58 ----A---- C:\WINDOWS\system32\mstscax.dll
2010-07-04 16:17:58 ----A---- C:\WINDOWS\system32\mstsc.exe
2010-07-04 16:17:57 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2010-07-04 16:17:57 ----A---- C:\WINDOWS\system32\termsrv.dll
2010-07-04 16:17:57 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2010-07-04 16:17:57 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2010-07-04 16:17:57 ----A---- C:\WINDOWS\system32\rdpclip.exe
2010-07-04 16:17:57 ----A---- C:\WINDOWS\system32\rdchost.dll
2010-07-04 16:17:57 ----A---- C:\WINDOWS\system32\icaapi.dll
2010-07-04 16:17:57 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2010-07-04 16:17:56 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2010-07-04 16:17:56 ----A---- C:\WINDOWS\system32\catsrvut.dll
2010-07-04 16:17:55 ----A---- C:\WINDOWS\system32\comsvcs.dll
2010-07-04 16:17:50 ----A---- C:\WINDOWS\system32\licwmi.dll
2010-07-04 16:17:47 ----A---- C:\WINDOWS\system32\drivers\rdpdr.sys
2010-07-04 16:09:42 ----A---- C:\WINDOWS\system32\drivers\dmusic.sys
2010-07-04 16:09:38 ----A---- C:\WINDOWS\system32\drivers\splitter.sys
2010-07-04 16:08:44 ----A---- C:\WINDOWS\system32\drivers\usbprint.sys
2010-07-04 16:08:01 ----A---- C:\WINDOWS\system32\drivers\redbook.sys
2010-07-04 16:06:31 ----A---- C:\WINDOWS\system32\ksuser.dll
2010-07-04 16:06:07 ----A---- C:\WINDOWS\system32\drivers\termdd.sys
2010-07-04 16:05:08 ----A---- C:\WINDOWS\system32\spxcoins.dll
2010-07-04 16:05:08 ----A---- C:\WINDOWS\system32\irclass.dll
2010-07-04 16:05:08 ----A---- C:\WINDOWS\system32\drivers\irenum.sys
2010-07-04 16:05:07 ----A---- C:\WINDOWS\system32\storprop.dll
2010-07-04 16:04:48 ----RA---- C:\WINDOWS\SET12C.tmp
2010-07-04 16:04:43 ----RA---- C:\WINDOWS\SET117.tmp
2010-07-04 11:54:11 ----ASH---- C:\pagefile.sys
2010-06-27 18:44:09 ----D---- C:\Documents and Settings\The Leist Family\Application Data\Hotdog Hotshot
2010-06-27 15:45:20 ----D---- C:\Program Files\A Gypsy's Tale - The Tower of Secrets
2010-06-27 15:17:12 ----D---- C:\Program Files\Dream Chronicles - The Book of Air Collector's Edition
2010-06-26 20:36:49 ----D---- C:\Program Files\Trend Micro
2010-06-26 14:24:59 ----A---- C:\WINDOWS\system32\drivers\COH_Mon.sys
2010-06-26 11:33:04 ----RSH---- C:\Program Files\Common Files\cass.exe
2010-06-26 10:12:37 ----D---- C:\Program Files\Norton 360
2010-06-26 10:11:52 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
2010-06-26 10:11:52 ----A---- C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2010-06-26 10:10:25 ----D---- C:\Program Files\Symantec
2010-06-26 10:00:20 ----D---- C:\Program Files\Windows Sidebar
2010-06-26 09:49:42 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
2010-06-26 09:49:37 ----D---- C:\Program Files\Common Files\Java
2010-06-26 09:49:05 ----A---- C:\WINDOWS\system32\javaws.exe
2010-06-26 09:49:05 ----A---- C:\WINDOWS\system32\javaw.exe
2010-06-26 09:49:05 ----A---- C:\WINDOWS\system32\java.exe
2010-06-26 09:49:05 ----A---- C:\WINDOWS\system32\deployJava1.dll
2010-06-25 23:25:28 ----D---- C:\Documents and Settings\The Leist Family\Application Data\SUPERAntiSpyware.com
2010-06-25 19:48:30 ----D---- C:\Documents and Settings\The Leist Family\Application Data\Malwarebytes
2010-06-25 19:48:08 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-06-25 19:48:07 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-06-25 19:48:06 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-06-25 19:48:06 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-06-22 18:33:26 ----A---- C:\WINDOWS\WinInit.ini
2010-06-20 22:14:27 ----D---- C:\WINDOWS\temp
2010-06-20 22:03:52 ----A---- C:\WINDOWS\zip.exe
2010-06-20 22:03:52 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-06-20 22:03:52 ----A---- C:\WINDOWS\SWSC.exe
2010-06-20 22:03:52 ----A---- C:\WINDOWS\SWREG.exe
2010-06-20 22:03:52 ----A---- C:\WINDOWS\sed.exe
2010-06-20 22:03:52 ----A---- C:\WINDOWS\PEV.exe
2010-06-20 22:03:52 ----A---- C:\WINDOWS\NIRCMD.exe
2010-06-20 22:03:52 ----A---- C:\WINDOWS\MBR.exe
2010-06-20 22:03:52 ----A---- C:\WINDOWS\grep.exe
2010-06-08 16:41:27 ----D---- C:\Documents and Settings\The Leist Family\Application Data\NevoSoft Games
2010-06-08 16:21:03 ----D---- C:\Program Files\Farm Craft 2
2010-06-05 18:33:57 ----HD---- C:\WINDOWS\PIF
2010-05-30 20:15:20 ----D---- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3_Russia
2010-05-28 22:29:59 ----D---- C:\Documents and Settings\The Leist Family\Application Data\Little Noir Stories
2010-05-26 14:15:52 ----D---- C:\Documents and Settings\The Leist Family\Application Data\Fugazo
2010-05-24 19:29:48 ----HDC---- C:\WINDOWS\ie8
2010-05-17 06:09:02 ----D---- C:\Documents and Settings\The Leist Family\Application Data\DarkParablesBriarRoseSE_RA
2010-05-16 17:19:43 ----D---- C:\Program Files\HappyVille - Quest for Utopia
2010-05-16 16:10:54 ----D---- C:\Documents and Settings\All Users\Application Data\Happyville__
2010-05-09 08:35:31 ----D---- C:\Program Files\Life Quest
2010-05-07 22:24:10 ----D---- C:\Documents and Settings\All Users\Application Data\PCSettings
2010-05-07 22:22:37 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2010-05-06 19:53:15 ----D---- C:\Documents and Settings\The Leist Family\Application Data\freshgames
2010-05-06 19:53:15 ----D---- C:\Documents and Settings\All Users\Application Data\freshgames
2010-05-01 20:58:15 ----D---- C:\Documents and Settings\All Users\Application Data\Deadtime Stories
2010-05-01 20:52:45 ----D---- C:\Program Files\My Life Story
2010-04-30 18:47:30 ----D---- C:\Documents and Settings\All Users\Application Data\Real
2010-04-28 18:24:25 ----D---- C:\Documents and Settings\All Users\Application Data\Norton
2010-04-26 17:14:04 ----D---- C:\Documents and Settings\The Leist Family\Application Data\G-HeadGames
2010-04-26 16:28:42 ----D---- C:\Documents and Settings\The Leist Family\Application Data\VendelGAMES
2010-04-25 13:34:43 ----D---- C:\Documents and Settings\All Users\Application Data\DivX

======List of files/folders modified in the last 3 months======

2010-07-14 05:29:35 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-07-14 05:25:21 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2010-07-14 03:58:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-07-14 03:00:30 ----HD---- C:\WINDOWS\inf
2010-07-14 03:00:28 ----D---- C:\WINDOWS
2010-07-14 03:00:27 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-07-14 03:00:16 ----HD---- C:\WINDOWS\$hf_mig$
2010-07-14 00:24:30 ----D---- C:\WINDOWS\system32
2010-07-13 22:22:20 ----D---- C:\WINDOWS\system32\drivers
2010-07-13 21:34:30 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-07-13 16:12:28 ----RD---- C:\Program Files
2010-07-13 14:38:42 ----D---- C:\Documents and Settings\The Leist Family\Application Data\PlayFirst
2010-07-13 14:38:42 ----D---- C:\Documents and Settings\All Users\Application Data\PlayFirst
2010-07-13 12:06:15 ----D---- C:\Documents and Settings\The Leist Family\Application Data\Gamers Digital
2010-07-13 12:06:15 ----D---- C:\Documents and Settings\All Users\Application Data\Gamers Digital
2010-07-13 11:00:29 ----D---- C:\WINDOWS\system32\CatRoot2
2010-07-13 09:58:15 ----D---- C:\GameHouse Games
2010-07-13 09:58:04 ----D---- C:\Program Files\RealArcade
2010-07-11 09:32:36 ----SHD---- C:\System Volume Information
2010-07-11 09:32:36 ----D---- C:\WINDOWS\system32\Restore
2010-07-07 20:17:12 ----D---- C:\Documents and Settings\All Users\Application Data\MumboJumbo
2010-07-06 21:19:50 ----D---- C:\Documents and Settings\The Leist Family\Application Data\Merscom
2010-07-06 21:19:50 ----D---- C:\Documents and Settings\All Users\Application Data\Merscom
2010-07-05 14:03:28 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-07-05 13:21:55 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-07-05 13:17:12 ----D---- C:\WINDOWS\AppPatch
2010-07-05 13:17:11 ----D---- C:\WINDOWS\system32\wbem
2010-07-05 13:17:11 ----D---- C:\WINDOWS\Help
2010-07-05 13:17:11 ----D---- C:\Program Files\Internet Explorer
2010-07-05 12:18:40 ----D---- C:\Program Files\Messenger
2010-07-05 12:16:06 ----A---- C:\WINDOWS\imsins.BAK
2010-07-05 12:13:40 ----D---- C:\WINDOWS\system32\en-US
2010-07-05 10:37:03 ----D---- C:\WINDOWS\system32\CatRoot
2010-07-05 10:35:10 ----D---- C:\Program Files\Movie Maker
2010-07-05 10:31:44 ----D---- C:\Program Files\Outlook Express
2010-07-05 10:13:10 ----SHD---- C:\WINDOWS\Installer
2010-07-05 10:13:10 ----D---- C:\Config.Msi
2010-07-05 10:12:59 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2010-07-05 10:10:43 ----AC---- C:\WINDOWS\setuplog.txt
2010-07-05 10:10:11 ----RSD---- C:\WINDOWS\Fonts
2010-07-05 10:10:11 ----D---- C:\WINDOWS\system32\Setup
2010-07-05 10:05:37 ----D---- C:\WINDOWS\security
2010-07-05 10:03:19 ----D---- C:\WINDOWS\ime
2010-07-05 10:03:09 ----D---- C:\WINDOWS\peernet
2010-07-05 09:58:56 ----D---- C:\WINDOWS\system32\npp
2010-07-05 09:58:54 ----D---- C:\WINDOWS\msagent
2010-07-05 09:58:52 ----D---- C:\WINDOWS\srchasst
2010-07-05 09:58:51 ----D---- C:\Program Files\NetMeeting
2010-07-05 09:58:49 ----D---- C:\WINDOWS\system32\Com
2010-07-05 09:58:46 ----D---- C:\Program Files\Windows Media Player
2010-07-05 09:58:45 ----D---- C:\Program Files\Windows NT
2010-07-05 09:58:41 ----D---- C:\Program Files\Common Files\System
2010-07-05 09:58:20 ----D---- C:\WINDOWS\system32\oobe
2010-07-05 09:58:19 ----D---- C:\WINDOWS\system32\usmt
2010-07-05 09:58:17 ----D---- C:\WINDOWS\system
2010-07-05 09:55:16 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-07-05 09:51:03 ----D---- C:\WINDOWS\EHome
2010-07-05 08:48:48 ----SD---- C:\WINDOWS\Tasks
2010-07-05 08:46:10 ----D---- C:\Program Files\Mozilla Firefox
2010-07-04 20:13:39 ----D---- C:\WINDOWS\Debug
2010-07-04 19:39:39 ----D---- C:\WINDOWS\WinSxS
2010-07-04 19:19:31 ----RASH---- C:\boot.ini
2010-07-04 19:14:23 ----RD---- C:\WINDOWS\Web
2010-07-04 19:14:09 ----RASH---- C:\NTDETECT.COM
2010-07-04 17:52:06 ----D---- C:\WINDOWS\SoftwareDistribution
2010-07-04 17:44:57 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2010-07-04 17:44:05 ----HDC---- C:\WINDOWS\$NtUninstallKB842773$
2010-07-04 17:15:30 ----D---- C:\Qoobox
2010-07-04 17:08:23 ----A---- C:\WINDOWS\system.ini
2010-07-04 17:07:57 ----D---- C:\WINDOWS\ERDNT
2010-07-04 17:07:50 ----D---- C:\WINDOWS\system32\drivers\etc
2010-07-04 17:02:03 ----RSD---- C:\Program Files\Common Files
2010-07-04 16:55:29 ----HD---- C:\Program Files\WindowsUpdate
2010-07-04 16:39:38 ----D---- C:\WINDOWS\Registration
2010-07-04 16:30:18 ----D---- C:\WINDOWS\system32\config
2010-07-04 16:27:23 ----D---- C:\WINDOWS\repair
2010-07-04 16:23:03 ----A---- C:\WINDOWS\win.ini
2010-07-04 16:22:53 ----AC---- C:\WINDOWS\OEWABLog.txt
2010-07-04 16:22:43 ----AC---- C:\WINDOWS\ODBCINST.INI
2010-07-04 16:22:08 ----ASH---- C:\WINDOWS\fonts\desktop.ini
2010-07-04 16:22:05 ----D---- C:\WINDOWS\system32\ias
2010-07-04 16:21:30 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2010-07-04 16:04:55 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2010-07-04 11:57:26 ----D---- C:\WINDOWS\Media
2010-07-04 11:57:22 ----D---- C:\WINDOWS\twain_32
2010-07-04 11:57:07 ----D---- C:\WINDOWS\system32\icsxml
2010-07-04 11:56:27 ----D---- C:\WINDOWS\system32\1033
2010-07-04 11:54:12 ----D---- C:\WINDOWS\Driver Cache
2010-07-04 07:47:55 ----A---- C:\WINDOWS\ntbtlog.txt
2010-07-04 00:02:02 ----D---- C:\WINDOWS\network diagnostic
2010-07-03 18:34:57 ----D---- C:\Documents and Settings\The Leist Family\Application Data\Symantec
2010-06-28 17:36:41 ----D---- C:\Documents and Settings\The Leist Family\Application Data\Skunk Studios
2010-06-28 16:33:31 ----D---- C:\Documents and Settings\All Users\Application Data\SulusGames
2010-06-26 20:58:10 ----RSD---- C:\WINDOWS\assembly
2010-06-26 20:56:05 ----D---- C:\WINDOWS\Microsoft.NET
2010-06-26 10:05:31 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-06-26 09:48:31 ----D---- C:\Program Files\Java
2010-06-26 09:35:34 ----SHD---- C:\WINDOWS\ftpcache
2010-06-20 17:31:12 ----D---- C:\Program Files\uTorrent
2010-06-20 17:28:09 ----D---- C:\Documents and Settings\The Leist Family\Application Data\uTorrent
2010-06-12 03:24:19 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2010-06-12 03:19:08 ----D---- C:\WINDOWS\ie8updates
2010-06-10 05:53:30 ----D---- C:\Program Files\Common Files\Sony Ericsson
2010-06-10 05:53:11 ----D---- C:\Program Files\Sony Ericsson
2010-06-10 05:53:02 ----D---- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2010-06-09 21:15:51 ----D---- C:\Program Files\World of Warcraft
2010-06-05 21:05:20 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2010-06-05 04:06:33 ----D---- C:\Program Files\Punch! Home Design - AS4000
2010-06-05 02:30:51 ----D---- C:\Program Files\DivX
2010-06-05 02:30:51 ----D---- C:\Program Files\Common Files\DivX Shared
2010-06-04 22:39:21 ----D---- C:\Documents and Settings\The Leist Family\Application Data\DivX
2010-06-04 05:43:20 ----D---- C:\Program Files\Microsoft Silverlight
2010-05-30 21:29:14 ----D---- C:\Documents and Settings\The Leist Family\Application Data\Boomzap
2010-05-28 15:37:34 ----A---- C:\WINDOWS\system32\MRT.exe
2010-05-26 06:52:56 ----D---- C:\Documents and Settings\The Leist Family\Application Data\SulusGames
2010-05-24 18:57:18 ----D---- C:\WINDOWS\system32\URTTemp
2010-05-19 20:43:20 ----D---- C:\Program Files\Google
2010-05-15 23:59:08 ----D---- C:\Documents and Settings\The Leist Family\Application Data\YoudaGames
2010-05-09 08:37:07 ----D---- C:\Documents and Settings\The Leist Family\Application Data\Big Fish Games
2010-05-06 06:41:53 ----A---- C:\WINDOWS\system32\wininet.dll
2010-05-06 06:41:52 ----N---- C:\WINDOWS\system32\occache.dll
2010-05-06 06:41:52 ----N---- C:\WINDOWS\system32\mstime.dll
2010-05-06 06:41:52 ----A---- C:\WINDOWS\system32\urlmon.dll
2010-05-06 06:41:52 ----A---- C:\WINDOWS\system32\mshtml.dll
2010-05-06 06:41:51 ----N---- C:\WINDOWS\system32\jsproxy.dll
2010-05-06 06:41:51 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2010-05-06 06:41:51 ----A---- C:\WINDOWS\system32\msfeeds.dll
2010-05-06 06:41:50 ----A---- C:\WINDOWS\system32\iertutil.dll
2010-05-06 06:41:50 ----A---- C:\WINDOWS\system32\iepeers.dll
2010-05-06 06:41:49 ----A---- C:\WINDOWS\system32\ieframe.dll
2010-05-06 06:41:48 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2010-05-05 09:30:57 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2010-05-01 21:07:02 ----HD---- C:\Program Files\InstallShield Installation Information
2010-04-30 18:50:07 ----D---- C:\Documents and Settings\The Leist Family\Application Data\Real
2010-04-30 18:48:49 ----D---- C:\Program Files\Common Files\Real
2010-04-30 18:48:46 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2010-04-30 18:48:32 ----A---- C:\WINDOWS\system32\pndx5032.dll
2010-04-30 18:48:32 ----A---- C:\WINDOWS\system32\pndx5016.dll
2010-04-30 18:48:28 ----D---- C:\Program Files\Real
2010-04-30 18:47:40 ----A---- C:\WINDOWS\system32\pncrt.dll
2010-04-30 18:46:12 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2010-04-24 23:59:16 ----D---- C:\Documents and Settings\The Leist Family\Application Data\Total Eclipse
2010-04-22 18:18:34 ----D---- C:\Documents and Settings\The Leist Family\Application Data\BigFishGames
2010-04-21 09:28:50 ----N---- C:\WINDOWS\system32\tzchange.exe
2010-04-20 01:30:08 ----A---- C:\WINDOWS\system32\atmfd.dll
2010-04-16 12:09:07 ----A---- C:\WINDOWS\system32\shdocvw.dll
2010-04-16 12:09:05 ----A---- C:\WINDOWS\system32\browseui.dll
2010-04-15 06:52:26 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Intel AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agp440.sys [2008-04-13 42368]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-03-30 44944]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 APPSTREAM;APPSTREAM; \??\C:\WINDOWS\System32\Drivers\APPSTREAM.SYS []
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2007-08-06 33052]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SRTSPX;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [2007-11-30 43696]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2007-01-09 191544]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752]
R2 REGHOOK;REGHOOK; \??\C:\WINDOWS\System32\Drivers\REGHOOK.SYS []
R2 VSPD;VSPD; \??\C:\WINDOWS\System32\Drivers\VSPD.SYS []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-08-18 4017536]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2005-08-03 1273344]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100713.003\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100713.003\NAVEX15.SYS []
R3 seehcri;Sony Ericsson seehcri Device Driver; C:\WINDOWS\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
R3 SRTSP;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [2007-11-30 279088]
R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2007-01-09 12984]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2007-01-09 145976]
R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2007-01-09 40120]
R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20100707.001\SymIDSCo.sys []
R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2007-01-09 35256]
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2007-01-09 27576]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [2007-12-06 285952]
S1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
S1 SABKUTIL;SABKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SABKUTIL.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ggflt;SEMC USB Flash Driver Filter; C:\WINDOWS\system32\DRIVERS\ggflt.sys [2009-08-02 13224]
S3 ggsemc;SEMC USB Flash Driver; C:\WINDOWS\system32\DRIVERS\ggsemc.sys [2009-08-02 25512]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 JL2005C;Dual Mode Camera; C:\WINDOWS\System32\Drivers\jl2005c.sys [2007-02-14 68922]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS []
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM); C:\WINDOWS\system32\DRIVERS\s0017bus.sys [2008-10-21 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s0017mdfl.sys [2008-10-21 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s0017mdm.sys [2008-10-21 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s0017mgmt.sys [2008-10-21 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS); C:\WINDOWS\system32\DRIVERS\s0017nd5.sys [2008-10-21 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s0017obex.sys [2008-10-21 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM); C:\WINDOWS\system32\DRIVERS\s0017unic.sys [2008-10-21 109736]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SQTECH905C;DualCamera; C:\WINDOWS\System32\Drivers\Capt905c.sys [2007-04-11 35328]
S3 SRTSPL;SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [2007-11-30 317616]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WUDFRd;WUDFRd; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2005-08-03 380928]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-10 108648]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-10 108648]
R2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-10 108648]
R2 EmmaDevMgmtSvc;Emma Device Management; C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe [2010-06-03 306296]
R2 EmmaUpdMgmtSvc;Emma Update Management; C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe [2010-06-03 162936]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-12 153376]
R2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-10 108648]
R2 OMSI download service;Sony Ericsson OMSI download service; C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
R3 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2010-06-26 1251720]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2005-08-05 516096]
S2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 comHost;COM Host; C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [2007-01-13 49248]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-04-30 182768]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-12 2999664]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 AppMgrService;AWE 5.1.0 Application Manager; C:\Program Files\AppStream\WindowsClient\bin\AppMgrService.exe [2006-09-27 1990656]
S4 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2008-11-20 77944]
S4 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-10-04 133104]
S4 IntuitUpdateService;Intuit Update Service; C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2009-09-29 13088]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S4 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
S4 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]

-----------------EOF-----------------
smleist
Regular Member
 
Posts: 23
Joined: July 5th, 2010, 3:34 pm

Re: In need of help please.

Unread postby smleist » July 14th, 2010, 5:42 am

info.txt logfile of random's system information tool 1.08 2010-07-14 05:29:48

======Uninstall list======

-->C:\Documents and Settings\All Users\Application Data\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe /CONVERTER
-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
A Gypsy's Tale: The Tower of Secrets-->"C:\Program Files\A Gypsy's Tale - The Tower of Secrets\Uninstall.exe"
AC3Filter (remove only)-->C:\Program Files\AC3Filter\uninstall.exe
Acrobat.com-->MsiExec.exe /X{287ECFA4-719A-2143-A09B-D6A12DE54E40}
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.3.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A93000000001}
Alice Greenfingers 2-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\am-alicegreenfingers2.rguninst" "AddRemove"
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AppStream Technology Windows Edition Client-->MsiExec.exe /X{46B26804-569B-4355-9678-0DDF6ADCFB0F}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Display Driver-->rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HYDRAVISION-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{083F79E4-6FE9-46FB-A6C6-4F8862742947}\setup.exe"
AutoCAD 2007 - English-->MsiExec.exe /I{5783F2D7-5001-0409-0002-0060B0CE6BBA}
Autodesk DWF Viewer-->C:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove /q0
Avanquest update-->"C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe" -runfromtemp -l0x0009 -removeonly
Be Rich-->"C:\Program Files\Be Rich\Uninstall.exe"
Be Richer-->"C:\Program Files\Be Richer\Uninstall.exe"
Big Fish Games: Game Manager-->C:\Program Files\bfgclient\Uninstall.exe
Build-a-lot 3: Passport to Europe-->"C:\Program Files\Build-a-lot 3 - Passport to Europe\Uninstall.exe"
Build-a-Lot 4: Power Source-->"C:\Program Files\Build-a-Lot 4 - Power Source\Uninstall.exe"
CA Yahoo! Anti-Spy (remove only)-->"C:\Program Files\CA Yahoo! Anti-Spy\uninstall.exe"
ccCommon-->MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
Chocolatier: Decadence by Design-->"C:\Program Files\Chocolatier - Decadence by Design\Uninstall.exe"
Curse Client-->C:\Program Files\Curse\uninstall.exe
Dark Parables - Curse of Briar Rose-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\am-darkparablescurseofbriarrose.rguninst" "AddRemove"
DinerTown Tycoon(TM)-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\am-dinertowntycoontm.rguninst" "AddRemove"
Disney Mix Central-->MsiExec.exe /X{A84EB063-10A9-49D5-B64F-EB1192E7EA6F}
DivX Converter-->C:\Documents and Settings\All Users\Application Data\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe /CONVERTER
DivX Plus DirectShow Filters-->C:\Documents and Settings\All Users\Application Data\DivX\DivX7\DivX Plus DirectShow Filters\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Setup-->C:\Documents and Settings\All Users\Application Data\DivX\Setup\DivXSetup.exe /uninstall /bundleGroupId divx.com
Dream Chronicles: The Book of Air Collector's Edition-->"C:\Program Files\Dream Chronicles - The Book of Air Collector's Edition\Uninstall.exe"
Emma Core-->MsiExec.exe /I{34BDF3BF-AA61-42E7-8818-C16A304910FC}
Farm Craft 2-->"C:\Program Files\Farm Craft 2\Uninstall.exe"
Farm Craft-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\amg-farmcraft.rguninst" "AddRemove"
Farm Frenzy 3 - Ice Age-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\am-farmfrenzy3iceage.rguninst" "AddRemove"
Farm Frenzy 3 - Russian Roulette-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\am-farmfrenzy3russianroulette.rguninst" "AddRemove"
Farm Frenzy 3-->"C:\Program Files\Farm Frenzy 3\Uninstall.exe"
Farm Frenzy Pizza Party-->"C:\Program Files\Farm Frenzy Pizza Party\Uninstall.exe"
Farm Mania 2-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\am-farmmania2.rguninst" "AddRemove"
FLAC 1.2.1b (remove only)-->C:\Program Files\FLAC\uninstall.exe
Flash Slideshow Maker Pro 4.88-->C:\Program Files\Flash Slideshow Maker Professional\uninst.exe
GameHouse-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\GameHouse.rguninst" "AddRemove"
Gardenscapes-->"C:\Program Files\Gardenscapes\Uninstall.exe"
GearDrvs-->MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09}
GearDrvs-->MsiExec.exe /I{CB84F0F2-927B-458D-9DC5-87832E3DC653}
Google Chrome-->"C:\Program Files\Google\Chrome\Application\5.0.375.70\Installer\setup.exe" --uninstall --system-level
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E85CDE7661A53A6A.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HappyVille: Quest for Utopia-->"C:\Program Files\HappyVille - Quest for Utopia\Uninstall.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotel Mogul-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\am-hotelmogul.rguninst" "AddRemove"
HP Deskjet 3900 series-->C:\Program Files\HP\Digital Imaging\{3819891A-030B-4a4e-98ED-B28A649E48AB}\setup\hpzscr01.exe -datfile hpfscr05.dat
HP Imaging Device Functions 5.0-->C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Product Assistant-->MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC}
HP Solution Center & Imaging Support Tools 5.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{818ABC3C-635C-4651-8183-D0E9640B7DD1}
Java(TM) 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF}
Jojo's Fashion Show 2-->C:\PROGRA~1\GAMEHO~1\JOJO'S~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\JOJO'S~1\INSTALL.LOG
Jojo's Fashion Show: World Tour-->"C:\Program Files\Jojo's Fashion Show - World Tour\Uninstall.exe"
Jojo's Fashion Show-->"C:\Program Files\Jojo's Fashion Show\Uninstall.exe"
Kool Kart Racers-->"C:\Program Files\NetJet\Games\Kool Kart Racers\Uninstall.exe" "C:\Program Files\NetJet\Games\Kool Kart Racers\install.log"
Life Quest ™-->"C:\Program Files\Life Quest\Uninstall.exe"
Lisa's Fleet Flight-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\am-lisasfleetflight.rguninst" "AddRemove"
Littlest Pet Shop My Teeniest Town-->"C:\Program Files\NetJet\Games\Littlest Pet Shop My Teeniest Town\Uninstall.exe" "C:\Program Files\NetJet\Games\Littlest Pet Shop My Teeniest Town\install.log"
LiveUpdate 3.2 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Magic Farm-->"C:\Program Files\Magic Farm\Uninstall.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Security Update (KB979906)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.4-->MsiExec.exe /I{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional 2007 Trial-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROR /dll OSETUP.DLL
Microsoft Office Professional 2007-->MsiExec.exe /X{91120000-0014-0000-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Reader-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B6F7DBE7-2FE2-458F-A738-B10832746036}\Setup.exe" -L0x9
Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Midnight Mysteries: Salem Witch Trials-->"C:\Program Files\Midnight Mysteries - Salem Witch Trials\Uninstall.exe"
Midnight Mysteries: The Edgar Allan Poe Conspiracy-->"C:\Program Files\Midnight Mysteries - The Edgar Allan Poe Conspiracy\Uninstall.exe"
Mortimer Beckett and the Lost King-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\am-mortimerbeckettandthelostking.rguninst" "AddRemove"
Mozilla Firefox (3.0.19)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Toolbar-->MsiExec.exe /I{3560CE5A-C4EF-4DB0-9ECC-BA035FE309C5}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
My Life Story-->"C:\Program Files\My Life Story\Uninstall.exe"
MyDSC2-->C:\Program Files\InstallShield Installation Information\{83D96ED0-98AA-4515-8DDC-816F3EFDD104}\setup.exe -runfromtemp -l0x0009 -removeonly
MyLogoMaker 2.0-->"C:\Program Files\MySoftware\MyLogoMaker\unins000.exe"
NetJet 2.0-->C:\Program Files\NetJet\Dashboard\uninst.exe
NetZero For Riverdeep-->MsiExec.exe /X{86C1A488-24AD-42F0-BCEF-FDB11FC2BEFA}
Norton 360 (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\SymSetup\{2D617065-1C52-4240-B5BC-C0AE12157777}_1_0_0_184\{2D617065-1C52-4240-B5BC-C0AE12157777}.exe" /X
Norton 360 Help-->MsiExec.exe /I{1CA941F1-5006-487E-9FD4-09F812A7D6B8}
Norton 360-->MsiExec.exe /I{21829177-4DED-4209-AD08-490B3AC9C01A}
Norton 360-->MsiExec.exe /I{2D617065-1C52-4240-B5BC-C0AE12157777}
Norton 360-->MsiExec.exe /I{63A6E9A9-A190-46D4-9430-2DB28654AFD8}
Norton Confidential Browser Component-->MsiExec.exe /I{4843B611-8FCB-4428-8C23-31D0A5EAE164}
Norton Confidential Web Authentification Component-->MsiExec.exe /I{3074EB89-1BCA-4AEF-AFF4-EFB4634C1923}
OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
OverDrive Media Console-->MsiExec.exe /I{C1121C1F-1962-4A23-B2C2-B9515C837179}
PhoTags Express -->C:\PROGRA~1\PHOTAG~1\Setup.exe /remove /q0
Picket Fences-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\am-picketfences.rguninst" "AddRemove"
Plan It Green©-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\am-planitgreenc.rguninst" "AddRemove"
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Rasputin's Curse(TM)-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\am-rasputinscursetm.rguninst" "AddRemove"
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for 2007 Microsoft Office System (KB982312)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {B0EC5722-241F-4CDA-83B4-AA5846B6F9F4}
Security Update for 2007 Microsoft Office System (KB982331)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {E8766951-2B6C-4022-86E8-80D2D1762B76}
Security Update for Microsoft Office Excel 2007 (KB982308)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {C3F9A0DC-A5D1-4BB6-870E-2953E5A2487B}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}
Security Update for Microsoft Office PowerPoint 2007 (KB982158)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {F5B70033-E79C-4569-90BF-BC9B4E4F3F46}
Security Update for Microsoft Office Publisher 2007 (KB982124)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {289FA8BC-6A8E-4341-B194-EB26B49E9F5D}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB982135)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {0112C750-A06F-4F92-9C40-E5C1EA9A70EB}
Security Update for Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953155)-->"C:\WINDOWS\$NtUninstallKB953155$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982381)-->"C:\WINDOWS\$NtUninstallKB982381$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
SEMC OMSI Module-->C:\Program Files\Sony Ericsson\SEMC OMSI Module\uninst.exe
Sony Ericsson Media Manager 1.2-->MsiExec.exe /X{9EB1504E-FD95-4BCD-8E93-B4039F59C469}
Sony Ericsson PC Suite 6.009.00-->"C:\Program Files\InstallShield Installation Information\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\ISAdmin.exe" -runfromtemp -l0x0009 -removeonly
Sony Ericsson Themes Creator 4.12.2.4-->C:\Program Files\Sony Ericsson\Themes Creator\Uninstall.exe
SPBBC 32bit-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Sunshine Acres-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\am-sunshineacres.rguninst" "AddRemove"
Super TextTwist-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\am-supertexttwist.rguninst" "AddRemove"
SuppSoft-->MsiExec.exe /I{022DA2C3-81C7-4003-A6BC-1BB147B20097}
Symantec Technical Support Controls-->MsiExec.exe /I{92B1B3CC-EC78-45B8-96D0-8B3F11495864}
SymNet-->MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
The Fifth Gate-->"C:\Program Files\The Fifth Gate\Uninstall.exe"
The Sims 2 Family Fun Stuff-->C:\Program Files\EA GAMES\The Sims 2 Family Fun Stuff\EAUninstall.exe
The Sims 2 Glamour Life Stuff-->C:\Program Files\EA GAMES\The Sims 2 Glamour Life Stuff\EAUninstall.exe
The Sims 2 Open For Business-->C:\Program Files\EA GAMES\The Sims 2 Open For Business\EAUninstall.exe
The Sims 2 Pets-->C:\Program Files\EA GAMES\The Sims 2 Pets\EAUninstall.exe
The Sims™ 2 Apartment Life-->C:\Program Files\EA GAMES\The Sims 2 Apartment Life\EAUninstall.exe
The Sims™ 2 Double Deluxe-->C:\Program Files\EA GAMES\The Sims 2 Double Deluxe\EAUninstall.exe
The Sims™ 2 FreeTime-->C:\Program Files\EA GAMES\The Sims 2 FreeTime\EAUninstall.exe
The Sims™ 2 H&M® Fashion Stuff-->C:\Program Files\EA GAMES\The Sims 2 H&M® Fashion Stuff\EAUninstall.exe
The Sims™ 2 IKEA® Home Stuff-->C:\Program Files\EA GAMES\The Sims 2 IKEA® Home Stuff\EAUninstall.exe
The Sims™ 2 Kitchen & Bath Interior Design Stuff-->C:\Program Files\EA GAMES\The Sims 2 Kitchen & Bath Interior Design Stuff\EAUninstall.exe
The Sims™ 2 Mansion and Garden Stuff-->C:\Program Files\EA GAMES\The Sims 2 Mansion and Garden Stuff\EAUninstall.exe
The Sims™ 2 Teen Style Stuff-->C:\Program Files\EA GAMES\The Sims 2 Teen Style Stuff\EAUninstall.exe
Townopolis Gold-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\am-townopolisgold.rguninst" "AddRemove"
TurboTax 2009 WinPerFedFormset-->MsiExec.exe /I{3881DB80-EAA2-012B-ADAE-000000000000}
TurboTax 2009 WinPerReleaseEngine-->MsiExec.exe /I{38975F50-EAA2-012B-ADB4-000000000000}
TurboTax 2009 WinPerTaxSupport-->MsiExec.exe /I{38A34630-EAA2-012B-ADB6-000000000000}
TurboTax 2009 wohiper-->MsiExec.exe /I{3BAC6780-EAA2-012B-AE74-000000000000}
TurboTax 2009 wrapper-->MsiExec.exe /I{3C5A81D0-EAA2-012B-AE9F-000000000000}
TurboTax 2009-->C:\Program Files\TurboTax\Deluxe 2009\Installer\TurboTax 2009 Installer.exe /u /t /a
Uninstall Dual Mode Camera-->"C:\Program Files\JL2005D\unins000.exe"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Outlook 2007 Junk Email Filter (kb983486)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {913DFE19-32EC-4099-89AC-27FC493A7A2E}
Update for Windows Internet Explorer 8 (KB982632)-->"C:\WINDOWS\ie8updates\KB982632-IE8\spuninst\spuninst.exe"
Update Service-->C:\Program Files\Sony Ericsson\Update Service\uninst.exe
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live Family Safety-->MsiExec.exe /X{139E303E-1050-497F-98B1-9AE87B15C463}
Windows Live ID Sign-in Assistant-->MsiExec.exe /X{10A44844-4465-456E-8C97-80BDD4F68845}
Windows Live Mail-->MsiExec.exe /I{6412CECE-8172-4BE5-935B-6CECACD2CA87}
Windows Live Sync-->MsiExec.exe /X{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}
Windows Live Toolbar-->MsiExec.exe /X{995F1E2E-F542-4310-8E1D-9926F5A279B3}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live Writer-->MsiExec.exe /X{178832DE-9DE0-4C87-9F82-9315A9B03985}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Xvid 1.2.1 final uninstall-->"C:\Program Files\Xvid\unins000.exe"
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Search Protection-->C:\PROGRA~1\Yahoo!\SEARCH~1\UNINST~1.EXE
Yahoo! Software Update-->C:\PROGRA~1\Yahoo!\SOFTWA~1\UNINST~1.EXE
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
Zoo Tycoon: Complete Collection-->"C:\Program Files\Microsoft Games\Zoo Tycoon\UNINSTAL.EXE" /runtemp /addremove

======System event log======

Computer Name: FRED
Event Code: 10005
Message: DCOM got error "%1058" attempting to start the service AppMgrService with arguments "-Service"
in order to run the server:
{8252E670-8D11-45AE-8AEE-0B9BBA75E53B}

Record Number: 52285
Source Name: DCOM
Time Written: 20100703214441.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: FRED
Event Code: 10005
Message: DCOM got error "%1058" attempting to start the service AppMgrService with arguments "-Service"
in order to run the server:
{8252E670-8D11-45AE-8AEE-0B9BBA75E53B}

Record Number: 52257
Source Name: DCOM
Time Written: 20100703204819.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: FRED
Event Code: 7000
Message: The SASDIFSV service failed to start due to the following error:
Cannot create a file when that file already exists.


Record Number: 52227
Source Name: Service Control Manager
Time Written: 20100703075911.000000-240
Event Type: error
User:

Computer Name: FRED
Event Code: 10005
Message: DCOM got error "%1058" attempting to start the service AppMgrService with arguments "-Service"
in order to run the server:
{8252E670-8D11-45AE-8AEE-0B9BBA75E53B}

Record Number: 52200
Source Name: DCOM
Time Written: 20100703075625.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: FRED
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 52156
Source Name: W32Time
Time Written: 20100701053749.000000-240
Event Type: warning
User:

=====Application event log=====

Computer Name: FRED
Event Code: 20
Message:
Record Number: 45136
Source Name: Google Update
Time Written: 20100629050128.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: FRED
Event Code: 20
Message:
Record Number: 45135
Source Name: Google Update
Time Written: 20100629044027.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: FRED
Event Code: 20
Message:
Record Number: 45134
Source Name: Google Update
Time Written: 20100629040129.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: FRED
Event Code: 20
Message:
Record Number: 45133
Source Name: Google Update
Time Written: 20100629034025.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: FRED
Event Code: 20
Message:
Record Number: 45132
Source Name: Google Update
Time Written: 20100629030128.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;%CommonProgramFiles%\Microsoft Shared\Windows Live;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Common Files\DivX Shared
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 3, GenuineIntel
"PROCESSOR_REVISION"=0403
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------
smleist
Regular Member
 
Posts: 23
Joined: July 5th, 2010, 3:34 pm

Re: In need of help please.

Unread postby Cypher » July 14th, 2010, 7:30 am

Hi smleist.
Please continue with the instructions below then give me an update on you're PC's performance.

Back Up registry with ERUNT

  • Please use the following link and download ERUNT to your desktop. HERE
  • Click on the erunt-setup.exe
  • Follow the prompts to install ERUNT
  • Choose language
  • A set up window will pop up. It will ask: Create ERUNT entry in to the Start up folder, answer NO

    Image
  • Backup your registry to the default location

Note: To restore your registry (if needed), go to the folder and start ERDNT.exe

Next.

Download and run OTM

Download OTM.exe by Old Timer and save it to your Desktop.
  • Double-click OTM.exe to run it.
  • Right-click then copy the following code, Do not include the word Code.
    Code: Select all
    :Reg
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppMgrGui]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CurseClient]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\Program Files\uTorrent\uTorrent.exe"=-
    
    :Files
    C:\Program Files\uTorrent
    C:\WINDOWS\005950_.tmp
    C:\WINDOWS\SET12C.tmp
    C:\WINDOWS\SET117.tmp
    C:\WINDOWS\PIF
    C:\WINDOWS\system32\1033
     C:\Documents and Settings\The Leist Family\Application Data\uTorrent
    
    :Commands
    [emptytemp]
    [start explorer]
    [Reboot]
    

    • Return to OTM, right-click then paste the code into the blank box below Image
    • Next click on the large Image button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Next.

Re-run - RSIT (Random's System Information Tool)

You should still have this program on your desktop.
  • Double click on RSIT.exe to run it.
  • Please read the disclaimer... click on Continue.
  • RSIT will start running. When done... ONLY the "C:\RSIT\log.txt"...will be reproduced. (it will be maximized)
  • Please post ONLY the "log.txt", file contents in your next reply.
    (This log can be lengthy, so a separate post may be needed.)


Next.

Upload a File to Virustotal

Please go to Virustotal

Copy/paste this file and path into the white box at the top:
C:\Program Files\Common Files\cass.exe

Press Submit - this will submit the file for testing.
Please wait for all the scanners to finish then copy and paste the results in your next response.

If you have trouble using Virustotal try jotti.org


Next.

TDSSKiller

  • Please Download TDSSKiller.exe and save it on your desktop.
  • Important!: Run this fix once and once only.
  • Double click TDSSKiller.exe to run it.
  • a log file should be created on your C: drive named something like TDSSKiller.2.3.2.0 19.06.2010
  • To find the log click Start > Computer > C:.
  • Please post the contents of that log in your next reply.



Logs/Information to Post in your Next Reply

  • OTM log.
  • RSIT log.tx.
  • Virustotal or jotti results.
  • TDSSKiller log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: In need of help please.

Unread postby smleist » July 14th, 2010, 5:53 pm

All processes killed
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppMgrGui\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CurseClient\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\uTorrent\uTorrent.exe deleted successfully.
========== FILES ==========
C:\Program Files\uTorrent folder moved successfully.
C:\WINDOWS\005950_.tmp moved successfully.
C:\WINDOWS\SET12C.tmp moved successfully.
C:\WINDOWS\SET117.tmp moved successfully.
C:\WINDOWS\PIF folder moved successfully.
Folder move failed. C:\WINDOWS\system32\1033 scheduled to be moved on reboot.
C:\Documents and Settings\The Leist Family\Application Data\uTorrent folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33103 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 3472 bytes

User: The Leist Family
->Temp folder emptied: 530640 bytes
->Temporary Internet Files folder emptied: 30030119 bytes
->Java cache emptied: 42482395 bytes
->FireFox cache emptied: 30207395 bytes
->Google Chrome cache emptied: 9613278 bytes
->Flash cache emptied: 445081 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1158415 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10868104 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 65714 bytes
RecycleBin emptied: 1533 bytes

Total Files Cleaned = 120.00 mb


OTM by OldTimer - Version 3.1.14.0 log created on 07142010_174112

Files moved on Reboot...
Folder move failed. C:\WINDOWS\system32\1033 scheduled to be moved on reboot.
File C:\Documents and Settings\The Leist Family\Local Settings\Temp\~DFA120.tmp not found!
File C:\Documents and Settings\The Leist Family\Local Settings\Temporary Internet Files\Content.IE5\7AGO5KJ0\viewtopic[1].php not found!
File C:\WINDOWS\temp\JET13E.tmp not found!
File C:\WINDOWS\temp\JET238.tmp not found!

Registry entries deleted on Reboot...
smleist
Regular Member
 
Posts: 23
Joined: July 5th, 2010, 3:34 pm

Re: In need of help please.

Unread postby smleist » July 14th, 2010, 5:55 pm

Logfile of random's system information tool 1.08 (written by random/random)
Run by The Leist Family at 2010-07-14 17:54:10
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 13 GB (11%) free of 114 GB
Total RAM: 1023 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:54:19 PM, on 7/14/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe
C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\The Leist Family\Desktop\RSIT.exe
C:\Program Files\trend micro\The Leist Family.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 4764857875
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: ASWLNDLL - ASWLNDLL.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Emma Device Management (EmmaDevMgmtSvc) - Sony Ericsson Mobile Communications - C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe
O23 - Service: Emma Update Management (EmmaUpdMgmtSvc) - Sony Ericsson Mobile Communications - C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 10829 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-746137067-573735546-682003330-1004.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-746137067-573735546-682003330-1004.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{6496CA5C-9019-481C-8215-48A66F18B7A8}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2010-03-23 1205560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2010-06-19 61888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}]
C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll [2007-02-19 97960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-04-30 341600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-04-30 279664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2010-04-30 812528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
MSN Toolbar Helper - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll [2009-03-13 82768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-12 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-12 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2010-03-23 158520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2010-03-23 1205560]
{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - MSN Toolbar - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll [2009-03-13 82768]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-04-30 279664]
{90222687-F593-4738-B738-FBEE9C7B26DF} - Show Norton Toolbar - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll [2007-02-19 609424]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2009-02-03 111856]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-19 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-04-30 202256]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-06-02 1144104]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2007-01-10 115816]
"Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2006-08-03 577536]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Search Protection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2009-02-03 111856]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-04-30 39408]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ASWLNDLL]
C:\WINDOWS\system32\ASWLNDLL.dll [2007-05-13 6656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-08-03 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Curse\CurseClient.exe"="C:\Program Files\Curse\CurseClient.exe:*:Enabled:Curse Client"
"C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe"="C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.2"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\Launcher.exe"="C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe"="C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe"="C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server"
"C:\Program Files\Sony Ericsson\Update Service\Update Service.exe"="C:\Program Files\Sony Ericsson\Update Service\Update Service.exe:*:Enabled:Update Service"
"C:\Program Files\Sony Ericsson\SEMC OMSI Module\SEMC OMSI Module.exe"="C:\Program Files\Sony Ericsson\SEMC OMSI Module\SEMC OMSI Module.exe:*:Enabled:SEMC OMSI Module"
"C:\Program Files\Common Files\cass.exe"="C:\Program Files\Common Files\cass.exe:*:Enabled:cass"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

======File associations======

.scr - open - "C:\WINDOWS\system32\NOTEPAD.EXE" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 3 months======

2010-07-14 17:41:12 ----D---- C:\_OTM
2010-07-14 17:35:54 ----D---- C:\Program Files\ERUNT
2010-07-14 05:29:22 ----D---- C:\rsit
2010-07-14 03:00:25 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2010-07-13 16:12:28 ----D---- C:\Program Files\The Fifth Gate
2010-07-07 21:13:50 ----D---- C:\Program Files\Midnight Mysteries - Salem Witch Trials
2010-07-05 10:33:17 ----HDC---- C:\WINDOWS\$NtUninstallKB953155$
2010-07-05 10:29:58 ----HDC---- C:\WINDOWS\$NtUninstallKB982381$
2010-07-05 10:10:39 ----D---- C:\WINDOWS\Prefetch
2010-07-05 10:06:05 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2010-07-04 22:56:59 ----SHD---- C:\RECYCLER
2010-07-04 19:45:39 ----HDC---- C:\WINDOWS\$NtUninstallKB899587$
2010-07-04 19:45:27 ----HDC---- C:\WINDOWS\$NtUninstallKB924191$
2010-07-04 19:45:12 ----HDC---- C:\WINDOWS\$NtUninstallKB922819$
2010-07-04 19:44:59 ----HDC---- C:\WINDOWS\$NtUninstallKB885835$
2010-07-04 19:44:49 ----HDC---- C:\WINDOWS\$NtUninstallKB885836$
2010-07-04 19:44:40 ----HDC---- C:\WINDOWS\$NtUninstallKB923414$
2010-07-04 19:44:31 ----HDC---- C:\WINDOWS\$NtUninstallKB921883$
2010-07-04 19:44:21 ----HDC---- C:\WINDOWS\$NtUninstallKB911927$
2010-07-04 19:44:11 ----HDC---- C:\WINDOWS\$NtUninstallKB922616$
2010-07-04 19:44:02 ----HDC---- C:\WINDOWS\$NtUninstallKB901017$
2010-07-04 19:43:53 ----HDC---- C:\WINDOWS\$NtUninstallKB899591$
2010-07-04 19:43:43 ----HDC---- C:\WINDOWS\$NtUninstallKB920685$
2010-07-04 19:43:32 ----HDC---- C:\WINDOWS\$NtUninstallKB896424$
2010-07-04 19:43:22 ----HDC---- C:\WINDOWS\$NtUninstallKB893756$
2010-07-04 19:43:13 ----HDC---- C:\WINDOWS\$NtUninstallKB911280$
2010-07-04 19:43:04 ----HDC---- C:\WINDOWS\$NtUninstallKB911562$
2010-07-04 19:42:55 ----HDC---- C:\WINDOWS\$NtUninstallKB896423$
2010-07-04 19:42:45 ----HDC---- C:\WINDOWS\$NtUninstallKB873339$
2010-07-04 19:42:34 ----HDC---- C:\WINDOWS\$NtUninstallKB924496$
2010-07-04 19:42:22 ----HDC---- C:\WINDOWS\$NtUninstallKB921398$
2010-07-04 19:42:11 ----HDC---- C:\WINDOWS\$NtUninstallKB896358$
2010-07-04 19:42:01 ----HDC---- C:\WINDOWS\$NtUninstallKB910437$
2010-07-04 19:41:51 ----HDC---- C:\WINDOWS\$NtUninstallKB911564$
2010-07-04 19:41:12 ----HDC---- C:\WINDOWS\$NtUninstallKB920670$
2010-07-04 19:41:03 ----HDC---- C:\WINDOWS\$NtUninstallKB891781$
2010-07-04 19:40:54 ----HDC---- C:\WINDOWS\$NtUninstallKB890046$
2010-07-04 19:40:45 ----HDC---- C:\WINDOWS\$NtUninstallKB919007$
2010-07-04 19:40:36 ----HDC---- C:\WINDOWS\$NtUninstallKB914388$
2010-07-04 19:40:26 ----HDC---- C:\WINDOWS\$NtUninstallKB917344$
2010-07-04 19:40:15 ----HDC---- C:\WINDOWS\$NtUninstallKB873333$
2010-07-04 19:40:05 ----HDC---- C:\WINDOWS\$NtUninstallKB905414$
2010-07-04 19:39:56 ----HDC---- C:\WINDOWS\$NtUninstallKB917953$
2010-07-04 19:39:46 ----HDC---- C:\WINDOWS\$NtUninstallKB901214$
2010-07-04 19:39:37 ----HDC---- C:\WINDOWS\$NtUninstallKB923191$
2010-07-04 19:39:28 ----HDC---- C:\WINDOWS\$NtUninstallKB917422$
2010-07-04 19:39:18 ----HDC---- C:\WINDOWS\$NtUninstallKB888302$
2010-07-04 19:39:08 ----HDC---- C:\WINDOWS\$NtUninstallKB900725$
2010-07-04 19:38:58 ----HDC---- C:\WINDOWS\$NtUninstallKB912919$
2010-07-04 19:38:49 ----HDC---- C:\WINDOWS\$NtUninstallKB904706$
2010-07-04 19:38:38 ----HDC---- C:\WINDOWS\$NtUninstallKB908531$
2010-07-04 19:38:29 ----HDC---- C:\WINDOWS\$NtUninstallKB905749$
2010-07-04 19:38:16 ----HDC---- C:\WINDOWS\$NtUninstallKB913580$
2010-07-04 19:38:05 ----HDC---- C:\WINDOWS\$NtUninstallKB896428$
2010-07-04 19:35:23 ----HDC---- C:\WINDOWS\$NtUninstallKB908519$
2010-07-04 19:35:14 ----HDC---- C:\WINDOWS\$NtUninstallKB920683$
2010-07-04 19:35:04 ----HDC---- C:\WINDOWS\$NtUninstallKB914389$
2010-07-04 19:34:48 ----HDC---- C:\WINDOWS\$NtUninstallKB890859$
2010-07-04 19:29:44 ----A---- C:\WINDOWS\system32\wmpns.dll
2010-07-04 19:09:53 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2010-07-04 17:42:45 ----A---- C:\WINDOWS\system32\winhttp.dll
2010-07-04 17:42:45 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2010-07-04 17:15:34 ----A---- C:\ComboFix.txt
2010-07-04 16:54:01 ----D---- C:\ComboFix
2010-07-04 16:22:29 ----A---- C:\WINDOWS\system32\drivers\wstcodec.sys
2010-07-04 16:22:28 ----A---- C:\WINDOWS\system32\drivers\ccdecode.sys
2010-07-04 16:22:26 ----A---- C:\WINDOWS\system32\drivers\mstee.sys
2010-07-04 16:22:22 ----A---- C:\WINDOWS\system32\drivers\nabtsfec.sys
2010-07-04 16:21:36 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2010-07-04 16:21:06 ----A---- C:\WINDOWS\system32\safrslv.dll
2010-07-04 16:21:06 ----A---- C:\WINDOWS\system32\safrdm.dll
2010-07-04 16:21:06 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2010-07-04 16:21:05 ----A---- C:\WINDOWS\system32\racpldlg.dll
2010-07-04 16:21:02 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2010-07-04 16:21:02 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2010-07-04 16:21:01 ----A---- C:\WINDOWS\system32\inetres.dll
2010-07-04 16:20:59 ----A---- C:\WINDOWS\system32\isign32.dll
2010-07-04 16:20:59 ----A---- C:\WINDOWS\system32\icwphbk.dll
2010-07-04 16:20:59 ----A---- C:\WINDOWS\system32\icwdial.dll
2010-07-04 16:20:58 ----A---- C:\WINDOWS\system32\inetcfg.dll
2010-07-04 16:20:49 ----A---- C:\WINDOWS\system32\qmgr.dll
2010-07-04 16:20:42 ----A---- C:\WINDOWS\system32\srsvc.dll
2010-07-04 16:20:42 ----A---- C:\WINDOWS\system32\srrstr.dll
2010-07-04 16:20:42 ----A---- C:\WINDOWS\system32\srclient.dll
2010-07-04 16:20:41 ----A---- C:\WINDOWS\system32\drivers\sr.sys
2010-07-04 16:20:40 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2010-07-04 16:20:40 ----A---- C:\WINDOWS\system32\mnmdd.dll
2010-07-04 16:20:40 ----A---- C:\WINDOWS\system32\ils.dll
2010-07-04 16:20:39 ----A---- C:\WINDOWS\system32\msconf.dll
2010-07-04 16:20:36 ----A---- C:\WINDOWS\system32\msoert2.dll
2010-07-04 16:20:35 ----A---- C:\WINDOWS\system32\msoeacct.dll
2010-07-04 16:20:34 ----A---- C:\WINDOWS\system32\inetcomm.dll
2010-07-04 16:20:33 ----A---- C:\WINDOWS\system32\schedsvc.dll
2010-07-04 16:20:33 ----A---- C:\WINDOWS\system32\mstinit.exe
2010-07-04 16:20:33 ----A---- C:\WINDOWS\system32\mstask.dll
2010-07-04 16:18:13 ----A---- C:\WINDOWS\system32\accwiz.exe
2010-07-04 16:18:12 ----A---- C:\WINDOWS\system32\sndrec32.exe
2010-07-04 16:18:12 ----A---- C:\WINDOWS\system32\hypertrm.dll
2010-07-04 16:18:11 ----A---- C:\WINDOWS\system32\rdshost.exe
2010-07-04 16:18:11 ----A---- C:\WINDOWS\system32\qprocess.exe
2010-07-04 16:18:11 ----A---- C:\WINDOWS\system32\mtxoci.dll
2010-07-04 16:18:11 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2010-07-04 16:18:11 ----A---- C:\WINDOWS\system32\drivers\tdtcp.sys
2010-07-04 16:18:11 ----A---- C:\WINDOWS\system32\drivers\tdpipe.sys
2010-07-04 16:18:10 ----A---- C:\WINDOWS\system32\xolehlp.dll
2010-07-04 16:18:10 ----A---- C:\WINDOWS\system32\msdtctm.dll
2010-07-04 16:18:10 ----A---- C:\WINDOWS\system32\msdtclog.dll
2010-07-04 16:18:10 ----A---- C:\WINDOWS\system32\msdtc.exe
2010-07-04 16:18:09 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2010-07-04 16:18:08 ----A---- C:\WINDOWS\system32\stclient.dll
2010-07-04 16:18:08 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2010-07-04 16:18:08 ----A---- C:\WINDOWS\system32\mtxex.dll
2010-07-04 16:18:08 ----A---- C:\WINDOWS\system32\mtxdm.dll
2010-07-04 16:18:08 ----A---- C:\WINDOWS\system32\comrepl.dll
2010-07-04 16:18:08 ----A---- C:\WINDOWS\system32\comaddin.dll
2010-07-04 16:18:08 ----A---- C:\WINDOWS\system32\colbact.dll
2010-07-04 16:18:08 ----A---- C:\WINDOWS\system32\clbcatex.dll
2010-07-04 16:18:08 ----A---- C:\WINDOWS\system32\catsrvps.dll
2010-07-04 16:18:07 ----A---- C:\WINDOWS\system32\comuid.dll
2010-07-04 16:18:07 ----A---- C:\WINDOWS\system32\comsnap.dll
2010-07-04 16:18:07 ----A---- C:\WINDOWS\system32\catsrv.dll
2010-07-04 16:18:06 ----A---- C:\WINDOWS\system32\clbcatq.dll
2010-07-04 16:18:02 ----A---- C:\WINDOWS\system32\servdeps.dll
2010-07-04 16:18:02 ----A---- C:\WINDOWS\system32\mmfutil.dll
2010-07-04 16:18:02 ----A---- C:\WINDOWS\system32\cmprops.dll
2010-07-04 16:18:01 ----A---- C:\WINDOWS\system32\mspaint.exe
2010-07-04 16:18:01 ----A---- C:\WINDOWS\system32\mplay32.exe
2010-07-04 16:18:00 ----A---- C:\WINDOWS\system32\wuauclt.exe
2010-07-04 16:18:00 ----A---- C:\WINDOWS\system32\spider.exe
2010-07-04 16:18:00 ----A---- C:\WINDOWS\system32\clipbrd.exe
2010-07-04 16:17:59 ----A---- C:\WINDOWS\system32\wuauserv.dll
2010-07-04 16:17:59 ----A---- C:\WINDOWS\system32\wuaueng.dll
2010-07-04 16:17:59 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2010-07-04 16:17:59 ----A---- C:\WINDOWS\system32\drivers\rdpwd.sys
2010-07-04 16:17:58 ----A---- C:\WINDOWS\system32\sessmgr.exe
2010-07-04 16:17:58 ----A---- C:\WINDOWS\system32\remotepg.dll
2010-07-04 16:17:58 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2010-07-04 16:17:58 ----A---- C:\WINDOWS\system32\mstscax.dll
2010-07-04 16:17:58 ----A---- C:\WINDOWS\system32\mstsc.exe
2010-07-04 16:17:57 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2010-07-04 16:17:57 ----A---- C:\WINDOWS\system32\termsrv.dll
2010-07-04 16:17:57 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2010-07-04 16:17:57 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2010-07-04 16:17:57 ----A---- C:\WINDOWS\system32\rdpclip.exe
2010-07-04 16:17:57 ----A---- C:\WINDOWS\system32\rdchost.dll
2010-07-04 16:17:57 ----A---- C:\WINDOWS\system32\icaapi.dll
2010-07-04 16:17:57 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2010-07-04 16:17:56 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2010-07-04 16:17:56 ----A---- C:\WINDOWS\system32\catsrvut.dll
2010-07-04 16:17:55 ----A---- C:\WINDOWS\system32\comsvcs.dll
2010-07-04 16:17:50 ----A---- C:\WINDOWS\system32\licwmi.dll
2010-07-04 16:17:47 ----A---- C:\WINDOWS\system32\drivers\rdpdr.sys
2010-07-04 16:09:42 ----A---- C:\WINDOWS\system32\drivers\dmusic.sys
2010-07-04 16:09:38 ----A---- C:\WINDOWS\system32\drivers\splitter.sys
2010-07-04 16:08:44 ----A---- C:\WINDOWS\system32\drivers\usbprint.sys
2010-07-04 16:08:01 ----A---- C:\WINDOWS\system32\drivers\redbook.sys
2010-07-04 16:06:31 ----A---- C:\WINDOWS\system32\ksuser.dll
2010-07-04 16:06:07 ----A---- C:\WINDOWS\system32\drivers\termdd.sys
2010-07-04 16:05:08 ----A---- C:\WINDOWS\system32\spxcoins.dll
2010-07-04 16:05:08 ----A---- C:\WINDOWS\system32\irclass.dll
2010-07-04 16:05:08 ----A---- C:\WINDOWS\system32\drivers\irenum.sys
2010-07-04 16:05:07 ----A---- C:\WINDOWS\system32\storprop.dll
2010-07-04 11:54:11 ----ASH---- C:\pagefile.sys
2010-06-27 18:44:09 ----D---- C:\Documents and Settings\The Leist Family\Application Data\Hotdog Hotshot
2010-06-27 15:45:20 ----D---- C:\Program Files\A Gypsy's Tale - The Tower of Secrets
2010-06-27 15:17:12 ----D---- C:\Program Files\Dream Chronicles - The Book of Air Collector's Edition
2010-06-26 20:36:49 ----D---- C:\Program Files\Trend Micro
2010-06-26 14:24:59 ----A---- C:\WINDOWS\system32\drivers\COH_Mon.sys
2010-06-26 11:33:04 ----RSH---- C:\Program Files\Common Files\cass.exe
2010-06-26 10:12:37 ----D---- C:\Program Files\Norton 360
2010-06-26 10:11:52 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
2010-06-26 10:11:52 ----A---- C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2010-06-26 10:10:25 ----D---- C:\Program Files\Symantec
2010-06-26 10:00:20 ----D---- C:\Program Files\Windows Sidebar
2010-06-26 09:49:42 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
2010-06-26 09:49:37 ----D---- C:\Program Files\Common Files\Java
2010-06-26 09:49:05 ----A---- C:\WINDOWS\system32\javaws.exe
2010-06-26 09:49:05 ----A---- C:\WINDOWS\system32\javaw.exe
2010-06-26 09:49:05 ----A---- C:\WINDOWS\system32\java.exe
2010-06-26 09:49:05 ----A---- C:\WINDOWS\system32\deployJava1.dll
2010-06-25 23:25:28 ----D---- C:\Documents and Settings\The Leist Family\Application Data\SUPERAntiSpyware.com
2010-06-25 19:48:30 ----D---- C:\Documents and Settings\The Leist Family\Application Data\Malwarebytes
2010-06-25 19:48:08 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-06-25 19:48:07 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-06-25 19:48:06 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-06-25 19:48:06 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-06-22 18:33:26 ----A---- C:\WINDOWS\WinInit.ini
2010-06-20 22:14:27 ----D---- C:\WINDOWS\temp
2010-06-20 22:03:52 ----A---- C:\WINDOWS\zip.exe
2010-06-20 22:03:52 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-06-20 22:03:52 ----A---- C:\WINDOWS\SWSC.exe
2010-06-20 22:03:52 ----A---- C:\WINDOWS\SWREG.exe
2010-06-20 22:03:52 ----A---- C:\WINDOWS\sed.exe
2010-06-20 22:03:52 ----A---- C:\WINDOWS\PEV.exe
2010-06-20 22:03:52 ----A---- C:\WINDOWS\NIRCMD.exe
2010-06-20 22:03:52 ----A---- C:\WINDOWS\MBR.exe
2010-06-20 22:03:52 ----A---- C:\WINDOWS\grep.exe
2010-06-08 16:41:27 ----D---- C:\Documents and Settings\The Leist Family\Application Data\NevoSoft Games
2010-06-08 16:21:03 ----D---- C:\Program Files\Farm Craft 2
2010-05-30 20:15:20 ----D---- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3_Russia
2010-05-28 22:29:59 ----D---- C:\Documents and Settings\The Leist Family\Application Data\Little Noir Stories
2010-05-26 14:15:52 ----D---- C:\Documents and Settings\The Leist Family\Application Data\Fugazo
2010-05-24 19:29:48 ----HDC---- C:\WINDOWS\ie8
2010-05-17 06:09:02 ----D---- C:\Documents and Settings\The Leist Family\Application Data\DarkParablesBriarRoseSE_RA
2010-05-16 17:19:43 ----D---- C:\Program Files\HappyVille - Quest for Utopia
2010-05-16 16:10:54 ----D---- C:\Documents and Settings\All Users\Application Data\Happyville__
2010-05-09 08:35:31 ----D---- C:\Program Files\Life Quest
2010-05-07 22:24:10 ----D---- C:\Documents and Settings\All Users\Application Data\PCSettings
2010-05-07 22:22:37 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2010-05-06 19:53:15 ----D---- C:\Documents and Settings\The Leist Family\Application Data\freshgames
2010-05-06 19:53:15 ----D---- C:\Documents and Settings\All Users\Application Data\freshgames
2010-05-01 20:58:15 ----D---- C:\Documents and Settings\All Users\Application Data\Deadtime Stories
2010-05-01 20:52:45 ----D---- C:\Program Files\My Life Story
2010-04-30 18:47:30 ----D---- C:\Documents and Settings\All Users\Application Data\Real
2010-04-28 18:24:25 ----D---- C:\Documents and Settings\All Users\Application Data\Norton
2010-04-26 17:14:04 ----D---- C:\Documents and Settings\The Leist Family\Application Data\G-HeadGames
2010-04-26 16:28:42 ----D---- C:\Documents and Settings\The Leist Family\Application Data\VendelGAMES
2010-04-25 13:34:43 ----D---- C:\Documents and Settings\All Users\Application Data\DivX

======List of files/folders modified in the last 3 months======

2010-07-14 17:46:34 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-07-14 17:46:29 ----D---- C:\WINDOWS\system32\1033
2010-07-14 17:46:22 ----D---- C:\WINDOWS\system32\CatRoot2
2010-07-14 17:46:16 ----D---- C:\WINDOWS
2010-07-14 17:43:46 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-07-14 17:42:51 ----D---- C:\WINDOWS\system32
2010-07-14 17:41:17 ----RD---- C:\Program Files
2010-07-14 17:36:35 ----D---- C:\WINDOWS\ERDNT
2010-07-14 16:07:53 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2010-07-14 10:54:16 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-07-14 05:29:35 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-07-14 03:00:30 ----HD---- C:\WINDOWS\inf
2010-07-14 03:00:16 ----HD---- C:\WINDOWS\$hf_mig$
2010-07-13 22:22:20 ----D---- C:\WINDOWS\system32\drivers
2010-07-13 14:38:42 ----D---- C:\Documents and Settings\The Leist Family\Application Data\PlayFirst
2010-07-13 14:38:42 ----D---- C:\Documents and Settings\All Users\Application Data\PlayFirst
2010-07-13 12:06:15 ----D---- C:\Documents and Settings\The Leist Family\Application Data\Gamers Digital
2010-07-13 12:06:15 ----D---- C:\Documents and Settings\All Users\Application Data\Gamers Digital
2010-07-13 09:58:15 ----D---- C:\GameHouse Games
2010-07-13 09:58:04 ----D---- C:\Program Files\RealArcade
2010-07-11 09:32:36 ----SHD---- C:\System Volume Information
2010-07-11 09:32:36 ----D---- C:\WINDOWS\system32\Restore
2010-07-07 20:17:12 ----D---- C:\Documents and Settings\All Users\Application Data\MumboJumbo
2010-07-06 21:19:50 ----D---- C:\Documents and Settings\The Leist Family\Application Data\Merscom
2010-07-06 21:19:50 ----D---- C:\Documents and Settings\All Users\Application Data\Merscom
2010-07-05 14:03:28 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-07-05 13:21:55 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-07-05 13:17:12 ----D---- C:\WINDOWS\AppPatch
2010-07-05 13:17:11 ----D---- C:\WINDOWS\system32\wbem
2010-07-05 13:17:11 ----D---- C:\WINDOWS\Help
2010-07-05 13:17:11 ----D---- C:\Program Files\Internet Explorer
2010-07-05 12:18:40 ----D---- C:\Program Files\Messenger
2010-07-05 12:16:06 ----A---- C:\WINDOWS\imsins.BAK
2010-07-05 12:13:40 ----D---- C:\WINDOWS\system32\en-US
2010-07-05 10:37:03 ----D---- C:\WINDOWS\system32\CatRoot
2010-07-05 10:35:10 ----D---- C:\Program Files\Movie Maker
2010-07-05 10:31:44 ----D---- C:\Program Files\Outlook Express
2010-07-05 10:13:10 ----SHD---- C:\WINDOWS\Installer
2010-07-05 10:13:10 ----D---- C:\Config.Msi
2010-07-05 10:12:59 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2010-07-05 10:10:43 ----AC---- C:\WINDOWS\setuplog.txt
2010-07-05 10:10:11 ----RSD---- C:\WINDOWS\Fonts
2010-07-05 10:10:11 ----D---- C:\WINDOWS\system32\Setup
2010-07-05 10:05:37 ----D---- C:\WINDOWS\security
2010-07-05 10:03:19 ----D---- C:\WINDOWS\ime
2010-07-05 10:03:09 ----D---- C:\WINDOWS\peernet
2010-07-05 09:58:56 ----D---- C:\WINDOWS\system32\npp
2010-07-05 09:58:54 ----D---- C:\WINDOWS\msagent
2010-07-05 09:58:52 ----D---- C:\WINDOWS\srchasst
2010-07-05 09:58:51 ----D---- C:\Program Files\NetMeeting
2010-07-05 09:58:49 ----D---- C:\WINDOWS\system32\Com
2010-07-05 09:58:46 ----D---- C:\Program Files\Windows Media Player
2010-07-05 09:58:45 ----D---- C:\Program Files\Windows NT
2010-07-05 09:58:41 ----D---- C:\Program Files\Common Files\System
2010-07-05 09:58:20 ----D---- C:\WINDOWS\system32\oobe
2010-07-05 09:58:19 ----D---- C:\WINDOWS\system32\usmt
2010-07-05 09:58:17 ----D---- C:\WINDOWS\system
2010-07-05 09:55:16 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-07-05 09:51:03 ----D---- C:\WINDOWS\EHome
2010-07-05 08:48:48 ----SD---- C:\WINDOWS\Tasks
2010-07-05 08:46:10 ----D---- C:\Program Files\Mozilla Firefox
2010-07-04 20:13:39 ----D---- C:\WINDOWS\Debug
2010-07-04 19:39:39 ----D---- C:\WINDOWS\WinSxS
2010-07-04 19:19:31 ----RASH---- C:\boot.ini
2010-07-04 19:14:23 ----RD---- C:\WINDOWS\Web
2010-07-04 19:14:09 ----RASH---- C:\NTDETECT.COM
2010-07-04 17:52:06 ----D---- C:\WINDOWS\SoftwareDistribution
2010-07-04 17:44:57 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2010-07-04 17:44:05 ----HDC---- C:\WINDOWS\$NtUninstallKB842773$
2010-07-04 17:15:30 ----D---- C:\Qoobox
2010-07-04 17:08:23 ----A---- C:\WINDOWS\system.ini
2010-07-04 17:07:50 ----D---- C:\WINDOWS\system32\drivers\etc
2010-07-04 17:02:03 ----RSD---- C:\Program Files\Common Files
2010-07-04 16:55:29 ----HD---- C:\Program Files\WindowsUpdate
2010-07-04 16:39:38 ----D---- C:\WINDOWS\Registration
2010-07-04 16:30:18 ----D---- C:\WINDOWS\system32\config
2010-07-04 16:27:23 ----D---- C:\WINDOWS\repair
2010-07-04 16:23:03 ----A---- C:\WINDOWS\win.ini
2010-07-04 16:22:53 ----AC---- C:\WINDOWS\OEWABLog.txt
2010-07-04 16:22:43 ----AC---- C:\WINDOWS\ODBCINST.INI
2010-07-04 16:22:08 ----ASH---- C:\WINDOWS\fonts\desktop.ini
2010-07-04 16:22:05 ----D---- C:\WINDOWS\system32\ias
2010-07-04 16:21:30 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2010-07-04 16:04:55 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2010-07-04 11:57:26 ----D---- C:\WINDOWS\Media
2010-07-04 11:57:22 ----D---- C:\WINDOWS\twain_32
2010-07-04 11:57:07 ----D---- C:\WINDOWS\system32\icsxml
2010-07-04 11:54:12 ----D---- C:\WINDOWS\Driver Cache
2010-07-04 07:47:55 ----A---- C:\WINDOWS\ntbtlog.txt
2010-07-04 00:02:02 ----D---- C:\WINDOWS\network diagnostic
2010-07-03 18:34:57 ----D---- C:\Documents and Settings\The Leist Family\Application Data\Symantec
2010-07-02 15:39:05 ----A---- C:\WINDOWS\system32\MRT.exe
2010-06-28 17:36:41 ----D---- C:\Documents and Settings\The Leist Family\Application Data\Skunk Studios
2010-06-28 16:33:31 ----D---- C:\Documents and Settings\All Users\Application Data\SulusGames
2010-06-26 20:58:10 ----RSD---- C:\WINDOWS\assembly
2010-06-26 20:56:05 ----D---- C:\WINDOWS\Microsoft.NET
2010-06-26 10:05:31 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-06-26 09:48:31 ----D---- C:\Program Files\Java
2010-06-26 09:35:34 ----SHD---- C:\WINDOWS\ftpcache
2010-06-12 03:24:19 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2010-06-12 03:19:08 ----D---- C:\WINDOWS\ie8updates
2010-06-10 05:53:30 ----D---- C:\Program Files\Common Files\Sony Ericsson
2010-06-10 05:53:11 ----D---- C:\Program Files\Sony Ericsson
2010-06-10 05:53:02 ----D---- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2010-06-09 21:15:51 ----D---- C:\Program Files\World of Warcraft
2010-06-05 21:05:20 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2010-06-05 04:06:33 ----D---- C:\Program Files\Punch! Home Design - AS4000
2010-06-05 02:30:51 ----D---- C:\Program Files\DivX
2010-06-05 02:30:51 ----D---- C:\Program Files\Common Files\DivX Shared
2010-06-04 22:39:21 ----D---- C:\Documents and Settings\The Leist Family\Application Data\DivX
2010-06-04 05:43:20 ----D---- C:\Program Files\Microsoft Silverlight
2010-05-30 21:29:14 ----D---- C:\Documents and Settings\The Leist Family\Application Data\Boomzap
2010-05-26 06:52:56 ----D---- C:\Documents and Settings\The Leist Family\Application Data\SulusGames
2010-05-24 18:57:18 ----D---- C:\WINDOWS\system32\URTTemp
2010-05-19 20:43:20 ----D---- C:\Program Files\Google
2010-05-15 23:59:08 ----D---- C:\Documents and Settings\The Leist Family\Application Data\YoudaGames
2010-05-09 08:37:07 ----D---- C:\Documents and Settings\The Leist Family\Application Data\Big Fish Games
2010-05-06 06:41:53 ----A---- C:\WINDOWS\system32\wininet.dll
2010-05-06 06:41:52 ----N---- C:\WINDOWS\system32\occache.dll
2010-05-06 06:41:52 ----N---- C:\WINDOWS\system32\mstime.dll
2010-05-06 06:41:52 ----A---- C:\WINDOWS\system32\urlmon.dll
2010-05-06 06:41:52 ----A---- C:\WINDOWS\system32\mshtml.dll
2010-05-06 06:41:51 ----N---- C:\WINDOWS\system32\jsproxy.dll
2010-05-06 06:41:51 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2010-05-06 06:41:51 ----A---- C:\WINDOWS\system32\msfeeds.dll
2010-05-06 06:41:50 ----A---- C:\WINDOWS\system32\iertutil.dll
2010-05-06 06:41:50 ----A---- C:\WINDOWS\system32\iepeers.dll
2010-05-06 06:41:49 ----A---- C:\WINDOWS\system32\ieframe.dll
2010-05-06 06:41:48 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2010-05-05 09:30:57 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2010-05-01 21:07:02 ----HD---- C:\Program Files\InstallShield Installation Information
2010-04-30 18:50:07 ----D---- C:\Documents and Settings\The Leist Family\Application Data\Real
2010-04-30 18:48:49 ----D---- C:\Program Files\Common Files\Real
2010-04-30 18:48:46 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2010-04-30 18:48:32 ----A---- C:\WINDOWS\system32\pndx5032.dll
2010-04-30 18:48:32 ----A---- C:\WINDOWS\system32\pndx5016.dll
2010-04-30 18:48:28 ----D---- C:\Program Files\Real
2010-04-30 18:47:40 ----A---- C:\WINDOWS\system32\pncrt.dll
2010-04-30 18:46:12 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2010-04-24 23:59:16 ----D---- C:\Documents and Settings\The Leist Family\Application Data\Total Eclipse
2010-04-22 18:18:34 ----D---- C:\Documents and Settings\The Leist Family\Application Data\BigFishGames
2010-04-21 09:28:50 ----N---- C:\WINDOWS\system32\tzchange.exe
2010-04-20 01:30:08 ----A---- C:\WINDOWS\system32\atmfd.dll
2010-04-16 12:09:07 ----A---- C:\WINDOWS\system32\shdocvw.dll
2010-04-16 12:09:05 ----A---- C:\WINDOWS\system32\browseui.dll
2010-04-15 06:52:26 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Intel AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agp440.sys [2008-04-13 42368]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-03-30 44944]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 APPSTREAM;APPSTREAM; \??\C:\WINDOWS\System32\Drivers\APPSTREAM.SYS []
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2007-08-06 33052]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SRTSPX;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [2007-11-30 43696]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2007-01-09 191544]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752]
R2 REGHOOK;REGHOOK; \??\C:\WINDOWS\System32\Drivers\REGHOOK.SYS []
R2 VSPD;VSPD; \??\C:\WINDOWS\System32\Drivers\VSPD.SYS []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-08-18 4017536]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2005-08-03 1273344]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100714.002\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100714.002\NAVEX15.SYS []
R3 seehcri;Sony Ericsson seehcri Device Driver; C:\WINDOWS\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
R3 SRTSP;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [2007-11-30 279088]
R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2007-01-09 12984]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2007-01-09 145976]
R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2007-01-09 40120]
R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20100707.001\SymIDSCo.sys []
R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2007-01-09 35256]
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2007-01-09 27576]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [2007-12-06 285952]
S1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
S1 SABKUTIL;SABKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SABKUTIL.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ggflt;SEMC USB Flash Driver Filter; C:\WINDOWS\system32\DRIVERS\ggflt.sys [2009-08-02 13224]
S3 ggsemc;SEMC USB Flash Driver; C:\WINDOWS\system32\DRIVERS\ggsemc.sys [2009-08-02 25512]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 JL2005C;Dual Mode Camera; C:\WINDOWS\System32\Drivers\jl2005c.sys [2007-02-14 68922]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS []
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM); C:\WINDOWS\system32\DRIVERS\s0017bus.sys [2008-10-21 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s0017mdfl.sys [2008-10-21 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s0017mdm.sys [2008-10-21 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s0017mgmt.sys [2008-10-21 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS); C:\WINDOWS\system32\DRIVERS\s0017nd5.sys [2008-10-21 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s0017obex.sys [2008-10-21 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM); C:\WINDOWS\system32\DRIVERS\s0017unic.sys [2008-10-21 109736]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SQTECH905C;DualCamera; C:\WINDOWS\System32\Drivers\Capt905c.sys [2007-04-11 35328]
S3 SRTSPL;SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [2007-11-30 317616]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WUDFRd;WUDFRd; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2005-08-03 380928]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-10 108648]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-10 108648]
R2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-10 108648]
R2 EmmaDevMgmtSvc;Emma Device Management; C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe [2010-06-03 306296]
R2 EmmaUpdMgmtSvc;Emma Update Management; C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe [2010-06-03 162936]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-12 153376]
R2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-10 108648]
R2 OMSI download service;Sony Ericsson OMSI download service; C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2005-08-05 516096]
S2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 comHost;COM Host; C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [2007-01-13 49248]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-04-30 182768]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-12 2999664]
S3 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2010-06-26 1251720]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 AppMgrService;AWE 5.1.0 Application Manager; C:\Program Files\AppStream\WindowsClient\bin\AppMgrService.exe [2006-09-27 1990656]
S4 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2008-11-20 77944]
S4 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-10-04 133104]
S4 IntuitUpdateService;Intuit Update Service; C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2009-09-29 13088]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S4 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
S4 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]

-----------------EOF-----------------
smleist
Regular Member
 
Posts: 23
Joined: July 5th, 2010, 3:34 pm

Re: In need of help please.

Unread postby smleist » July 14th, 2010, 6:04 pm

smleist
Regular Member
 
Posts: 23
Joined: July 5th, 2010, 3:34 pm

Re: In need of help please.

Unread postby smleist » July 14th, 2010, 6:08 pm

18:05:45:875 3064 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49
18:05:45:875 3064 ================================================================================
18:05:45:875 3064 SystemInfo:

18:05:45:875 3064 OS Version: 5.1.2600 ServicePack: 3.0
18:05:45:875 3064 Product type: Workstation
18:05:45:875 3064 ComputerName: FRED
18:05:45:875 3064 UserName: The Leist Family
18:05:45:875 3064 Windows directory: C:\WINDOWS
18:05:45:875 3064 System windows directory: C:\WINDOWS
18:05:45:875 3064 Processor architecture: Intel x86
18:05:45:875 3064 Number of processors: 2
18:05:45:875 3064 Page size: 0x1000
18:05:45:890 3064 Boot type: Normal boot
18:05:45:890 3064 ================================================================================
18:05:46:140 3064 Initialize success
18:05:46:140 3064
18:05:46:140 3064 Scanning Services ...
18:05:46:468 3064 Raw services enum returned 377 services
18:05:46:484 3064
18:05:46:484 3064 Scanning Drivers ...
18:05:47:234 3064 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:05:47:281 3064 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:05:47:328 3064 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:05:47:375 3064 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
18:05:47:406 3064 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
18:05:47:453 3064 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
18:05:47:609 3064 ALCXWDM (34149a136b2b7525113950233f259ec1) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
18:05:47:750 3064 APPSTREAM (7ab8ad130181a1c6ea32528eab66f7dc) C:\WINDOWS\System32\Drivers\APPSTREAM.SYS
18:05:47:812 3064 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:05:47:828 3064 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:05:47:921 3064 ati2mtag (03621f7f968ff63713943405deb777f9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
18:05:47:968 3064 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:05:48:000 3064 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:05:48:031 3064 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:05:48:078 3064 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:05:48:125 3064 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
18:05:48:156 3064 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:05:48:171 3064 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:05:48:203 3064 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:05:48:265 3064 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:05:48:296 3064 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
18:05:48:343 3064 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
18:05:48:375 3064 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:05:48:406 3064 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:05:48:421 3064 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:05:48:484 3064 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
18:05:48:531 3064 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
18:05:48:578 3064 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:05:48:625 3064 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
18:05:48:640 3064 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
18:05:48:656 3064 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:05:48:687 3064 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
18:05:48:718 3064 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
18:05:48:734 3064 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:05:48:734 3064 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:05:48:765 3064 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
18:05:48:781 3064 ggflt (007aea2e06e7cef7372e40c277163959) C:\WINDOWS\system32\DRIVERS\ggflt.sys
18:05:48:796 3064 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\WINDOWS\system32\DRIVERS\ggsemc.sys
18:05:48:828 3064 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:05:48:843 3064 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:05:48:875 3064 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:05:48:906 3064 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:05:48:921 3064 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:05:48:953 3064 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
18:05:48:984 3064 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:05:49:015 3064 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
18:05:49:031 3064 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:05:49:062 3064 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:05:49:093 3064 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:05:49:109 3064 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:05:49:125 3064 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:05:49:140 3064 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:05:49:171 3064 JL2005C (b12f5ff3a2221987ac3a81ce1fe76cc6) C:\WINDOWS\system32\Drivers\jl2005c.sys
18:05:49:187 3064 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:05:49:234 3064 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\WINDOWS\system32\drivers\klmd.sys
18:05:49:250 3064 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:05:49:281 3064 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:05:49:328 3064 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:05:49:343 3064 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
18:05:49:375 3064 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:05:49:390 3064 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:05:49:421 3064 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:05:49:468 3064 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:05:49:484 3064 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:05:49:515 3064 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:05:49:546 3064 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:05:49:562 3064 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:05:49:593 3064 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:05:49:609 3064 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
18:05:49:625 3064 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
18:05:49:671 3064 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
18:05:49:750 3064 NAVENG (0953bb24c1e70a99c315f44f15993c17) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100714.002\NAVENG.SYS
18:05:49:828 3064 NAVEX15 (3ddb0bef60b65df6b110c23e17cd67dc) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100714.002\NAVEX15.SYS
18:05:49:921 3064 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:05:49:968 3064 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
18:05:49:984 3064 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:05:50:000 3064 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:05:50:015 3064 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:05:50:031 3064 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
18:05:50:046 3064 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:05:50:062 3064 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:05:50:078 3064 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:05:50:109 3064 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:05:50:156 3064 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:05:50:171 3064 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:05:50:203 3064 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:05:50:218 3064 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
18:05:50:234 3064 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:05:50:281 3064 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:05:50:296 3064 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
18:05:50:328 3064 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:05:50:343 3064 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:05:50:421 3064 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:05:50:437 3064 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
18:05:50:437 3064 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:05:50:468 3064 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:05:50:484 3064 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:05:50:546 3064 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:05:50:562 3064 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:05:50:593 3064 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:05:50:609 3064 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:05:50:625 3064 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:05:50:656 3064 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:05:50:687 3064 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
18:05:50:703 3064 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:05:50:734 3064 REGHOOK (0bc57eff4e1f8156b12fb7c7b681e371) C:\WINDOWS\System32\Drivers\REGHOOK.SYS
18:05:50:781 3064 s0017bus (594ff5620661d1386475406e78cb6f2f) C:\WINDOWS\system32\DRIVERS\s0017bus.sys
18:05:50:812 3064 s0017mdfl (7258f550419d543bc5c8e80c578a5d54) C:\WINDOWS\system32\DRIVERS\s0017mdfl.sys
18:05:50:843 3064 s0017mdm (1de4f6607feb17a15dbd4f1b139e6d2f) C:\WINDOWS\system32\DRIVERS\s0017mdm.sys
18:05:50:875 3064 s0017mgmt (9814e6bacc06d2526cd52981c7eeedf0) C:\WINDOWS\system32\DRIVERS\s0017mgmt.sys
18:05:50:921 3064 s0017nd5 (2c62cd58225973f26682cd4f783ddede) C:\WINDOWS\system32\DRIVERS\s0017nd5.sys
18:05:50:953 3064 s0017obex (f87c3422e84b2fb1b43e0a26247ad5a5) C:\WINDOWS\system32\DRIVERS\s0017obex.sys
18:05:50:968 3064 s0017unic (df5e7360a0afa5956bf75da683d0679f) C:\WINDOWS\system32\DRIVERS\s0017unic.sys
18:05:51:015 3064 SCDEmu (612a3d69e603dbbe5c3c1079186a0393) C:\WINDOWS\system32\drivers\SCDEmu.sys
18:05:51:046 3064 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:05:51:062 3064 seehcri (e5b56569a9f79b70314fede6c953641e) C:\WINDOWS\system32\DRIVERS\seehcri.sys
18:05:51:093 3064 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:05:51:093 3064 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
18:05:51:109 3064 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
18:05:51:140 3064 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
18:05:51:234 3064 SPBBCDrv (cdea9a0a0e547fef4c44ccae35a9b09c) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
18:05:51:265 3064 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:05:51:296 3064 SQTECH905C (6f6a0307c30b33e65aaf52c46cea2ecd) C:\WINDOWS\system32\Drivers\Capt905c.sys
18:05:51:312 3064 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
18:05:51:343 3064 SRTSP (655773f2f1a3730c6cf20280a49f4ee1) C:\WINDOWS\system32\Drivers\SRTSP.SYS
18:05:51:406 3064 SRTSPL (2a0aaf370d4c6574a34ae2f4a0709cae) C:\WINDOWS\system32\Drivers\SRTSPL.SYS
18:05:51:437 3064 SRTSPX (3104bdceace2d5710776dd05e6a286c1) C:\WINDOWS\system32\Drivers\SRTSPX.SYS
18:05:51:484 3064 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
18:05:51:515 3064 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
18:05:51:531 3064 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:05:51:546 3064 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:05:51:593 3064 SYMDNS (a16d76baa5d2cbe45c57fa582c1208e5) C:\WINDOWS\System32\Drivers\SYMDNS.SYS
18:05:51:625 3064 SymEvent (06b95820df51502099a8a15c93e87986) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
18:05:51:671 3064 SYMFW (c64d200569a18ea6c676266dee3ac158) C:\WINDOWS\System32\Drivers\SYMFW.SYS
18:05:51:703 3064 SYMIDS (7764d3d7a3c858f04ced3c1f16410d89) C:\WINDOWS\System32\Drivers\SYMIDS.SYS
18:05:51:796 3064 SYMIDSCO (14316306984f8ae6b6090b29a5f097b6) C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20100707.001\SymIDSCo.sys
18:05:51:859 3064 SYMNDIS (8522728ac549d31a4762c184187efa68) C:\WINDOWS\System32\Drivers\SYMNDIS.SYS
18:05:51:890 3064 SYMREDRV (829830a3ca1c5e329d68e26c9cd2de8d) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
18:05:51:921 3064 SYMTDI (b1aa9704124b494c34e8d372e6654196) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
18:05:51:968 3064 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:05:52:000 3064 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:05:52:031 3064 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:05:52:062 3064 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:05:52:093 3064 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:05:52:125 3064 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:05:52:171 3064 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:05:52:203 3064 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
18:05:52:234 3064 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:05:52:250 3064 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:05:52:359 3064 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:05:52:375 3064 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:05:52:468 3064 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:05:52:500 3064 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:05:52:531 3064 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:05:52:562 3064 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
18:05:52:718 3064 VSPD (f652a24d25e78ed487a53e1fa594fa78) C:\WINDOWS\System32\Drivers\VSPD.SYS
18:05:52:796 3064 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:05:52:843 3064 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
18:05:52:890 3064 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:05:52:921 3064 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
18:05:52:984 3064 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
18:05:53:046 3064 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:05:53:109 3064 WUDFRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
18:05:53:140 3064 yukonwxp (4322c32ced8c4772e039616dcbf01d3f) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
18:05:53:156 3064
18:05:53:156 3064 Completed
18:05:53:156 3064
18:05:53:156 3064 Results:
18:05:53:156 3064 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
18:05:53:156 3064 File objects infected / cured / cured on reboot: 0 / 0 / 0
18:05:53:156 3064
18:05:53:171 3064 KLMD(ARK) unloaded successfully
smleist
Regular Member
 
Posts: 23
Joined: July 5th, 2010, 3:34 pm

Re: In need of help please.

Unread postby smleist » July 14th, 2010, 6:11 pm

Seems to still be running a little slow. Norton360 popped up with the backdoor virus again
smleist
Regular Member
 
Posts: 23
Joined: July 5th, 2010, 3:34 pm
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 289 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware