1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved can't open antivirus site and update antivirus

Discussion in 'Malware and Virus Removal Archive' started by Varrel, 2009/01/08.

  1. 2009/01/08
    Varrel

    Varrel Inactive Thread Starter

    Joined:
    2009/01/08
    Messages:
    14
    Likes Received:
    0
    [Resolved] can't open antivirus site and update antivirus

    Hi guys, please help me. I've read all of the threads that are similar with my problem. However, I think mine is kinda different. I can't open antivirus sites and update the antivirus in normal mode, but I can do it in safe mode. And also my sites are not redirected. I've done so many things, but my AVG, registry booster, and malwarebytes' anti-malware said that my computer is clean. Please help me to get rid of this. Here are the logs from RSIT. Thank you :)


    Logfile of random's system information tool 1.05 (written by random/random)
    Run by Administrator at 2009-01-08 18:50:47
    Microsoft Windows XP Professional Service Pack 2
    System drive C: has 6 GB (31%) free of 19 GB
    Total RAM: 766 MB (68% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:50:48, on 08/01/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Safe mode with network support

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Administrator\Desktop\RSIT.exe
    C:\Program Files\trend micro\Administrator.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - Default URLSearchHook is missing
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - F:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
    O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45 "
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe "
    O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe "
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] F:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
    O4 - HKCU\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://F:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O17 - HKLM\System\CCS\Services\Tcpip\..\{89815402-CEA2-400F-B3CD-1446E8D66084}: NameServer = 202.134.1.10,202.134.0.155
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

    --
    End of file - 7323 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\1-Click Maintenance.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
    &Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28 882416]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
    BitComet Helper - F:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll [2008-08-11 656696]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
    AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-10-05 455960]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
    Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2007-12-13 222448]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
    AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-10-05 2055960]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2007-01-19 2403392]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll [2008-04-10 734704]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
    SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2008-07-28 160496]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {ACB1E670-3217-45C4-A021-6B829A8A27CB}
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2007-01-19 2403392]
    {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28 882416]
    {A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-10-05 2055960]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "VTTimer "=C:\WINDOWS\system32\VTTimer.exe [2006-09-21 53248]
    "VTTrayp "=C:\WINDOWS\system32\VTtrayp.exe [2007-02-06 176128]
    "QuickTime Task "=C:\Program Files\QuickTime\qttask.exe [2008-01-06 98304]
    "WinampAgent "=C:\Program Files\Winamp\winampa.exe [2003-12-13 33792]
    "NeroFilterCheck "=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
    "RTHDCPL "=C:\WINDOWS\RTHDCPL.EXE [2007-06-13 16377344]
    "SkyTel "=C:\WINDOWS\SkyTel.EXE [2007-05-28 1826816]
    "Alcmtr "=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
    "EPSON Stylus C45 Series "=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE [2004-01-14 99840]
    "SunJavaUpdateSched "=C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]
    "Sunkist2k "=C:\Program Files\Multimedia Card Reader\shwicon2k.exe [2004-09-03 139264]
    "YSearchProtection "=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2008-10-07 111856]
    "AVG8_TRAY "=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-12-06 1261336]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE "=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
    "Uniblue RegistryBooster 2009 "=F:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe [2008-08-26 2019624]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "NeroHomeFirstStart "=C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe [2007-06-01 16944]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS "= "avgrsstx.dll "

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername "=0
    "legalnoticecaption "=
    "legalnoticetext "=
    "shutdownwithoutlogon "=1
    "undockwithoutlogon "=1
    "DisableTaskMgr "=0

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun "=145

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoFolderOptions "=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 "
    "C:\Program Files\DAP\DAP.exe "= "C:\Program Files\DAP\DAP.exe:*:Enabled:Download Accelerator Plus (DAP) "
    "C:\Program Files\Java\jre1.6.0_03\bin\java.exe "= "C:\Program Files\Java\jre1.6.0_03\bin\java.exe:*:Enabled:Java(TM) Platform SE binary "
    "C:\Program Files\Java\jre1.6.0_03\bin\javaw.exe "= "C:\Program Files\Java\jre1.6.0_03\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary "
    "F:\Program Files\LimeWire\LimeWire.exe "= "F:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire "
    "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe "= "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger "
    "C:\Program Files\Yahoo!\Messenger\YServer.exe "= "C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server "
    "C:\Program Files\Grisoft\AVG7\avginet.exe "= "C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe "
    "C:\Program Files\Grisoft\AVG7\avgamsvr.exe "= "C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe "
    "C:\Program Files\Grisoft\AVG7\avgcc.exe "= "C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe "
    "C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe "= "C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe:*:Enabled:VideoAccelerator "
    "C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe "= "C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe:*:Enabled:VideoAcceleratorService "
    "C:\Program Files\DNA\btdna.exe "= "C:\Program Files\DNA\btdna.exe:*:Enabled:DNA "
    "F:\Program Files\BitTorrent\bittorrent.exe "= "F:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent "
    "C:\Program Files\Bonjour\mDNSResponder.exe "= "C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour "
    "C:\Program Files\AVG\AVG8\avgemc.exe "= "C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe "
    "C:\Program Files\AVG\AVG8\avgupd.exe "= "C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe "
    "C:\Program Files\Microsoft Games\Rise of Nations\rise.exe "= "C:\Program Files\Microsoft Games\Rise of Nations\rise.exe:*:Enabled:Rise of Nations "
    "F:\Program Files\BitComet\BitComet.exe "= "F:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 "

    ======List of files/folders created in the last 3 months======

    2009-01-08 18:42:15 ----D---- C:\rsit
    2009-01-08 18:42:15 ----D---- C:\Program Files\trend micro
    2009-01-08 18:22:35 ----D---- C:\Documents and Settings\Administrator\Application Data\Macromedia
    2009-01-08 18:22:35 ----D---- C:\Documents and Settings\Administrator\Application Data\Adobe
    2009-01-08 18:21:22 ----D---- C:\Documents and Settings\Administrator\Application Data\Mozilla
    2009-01-08 18:19:40 ----SHD---- C:\WINDOWS\CSC
    2009-01-08 17:19:52 ----D---- C:\Documents and Settings\Administrator\Application Data\Uniblue
    2009-01-08 17:13:48 ----D---- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
    2009-01-08 17:13:03 ----A---- C:\WINDOWS\ntbtlog.txt
    2009-01-05 18:53:22 ----D---- C:\Program Files\Enigma Software Group
    2009-01-05 12:06:43 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2009-01-04 19:33:00 ----D---- C:\Documents and Settings\All Users\Application Data\SecTaskMan
    2009-01-04 19:14:16 ----HDC---- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
    2009-01-03 15:18:48 ----D---- C:\Documents and Settings\All Users\Application Data\GameHouse
    2009-01-03 12:57:55 ----D---- C:\Program Files\GameHouse
    2009-01-03 12:36:41 ----D---- C:\Program Files\RealArcade
    2008-12-23 19:27:07 ----D---- C:\Downloads
    2008-12-11 15:56:40 ----D---- C:\WINDOWS\system32\NtmsData
    2008-12-03 15:50:12 ----D---- C:\Program Files\Microsoft Games
    2008-11-19 14:18:57 ----A---- C:\WINDOWS\system32\bad3.exe
    2008-11-19 14:18:54 ----A---- C:\WINDOWS\system32\bad2.exe
    2008-11-19 14:18:47 ----A---- C:\WINDOWS\system32\bad1.exe
    2008-10-26 07:09:05 ----A---- C:\WINDOWS\system32\ptpusb.dll
    2008-10-26 07:09:04 ----A---- C:\WINDOWS\system32\ptpusd.dll
    2008-10-26 06:57:18 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
    2008-10-21 16:48:40 ----D---- C:\WINDOWS\system32\CatRoot_bak
    2008-10-18 14:54:28 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
    2008-10-18 14:54:21 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
    2008-10-18 14:54:04 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
    2008-10-17 23:58:16 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
    2008-10-17 20:35:54 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
    2008-10-15 15:22:46 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
    2008-10-12 11:33:04 ----D---- C:\Documents and Settings\All Users\Application Data\Go Go Gourmet

    ======List of files/folders modified in the last 3 months======

    2009-01-08 18:47:43 ----D---- C:\Program Files\Mozilla Firefox
    2009-01-08 18:42:15 ----RD---- C:\Program Files
    2009-01-08 18:27:12 ----D---- C:\WINDOWS\Temp
    2009-01-08 18:27:11 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-01-08 18:25:20 ----D---- C:\WINDOWS\Prefetch
    2009-01-08 18:24:37 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
    2009-01-08 18:24:35 ----D---- C:\WINDOWS\system32
    2009-01-08 18:24:32 ----D---- C:\Program Files\DNA
    2009-01-08 18:23:05 ----SHD---- C:\RECYCLER
    2009-01-08 18:19:40 ----D---- C:\WINDOWS
    2009-01-07 18:07:06 ----A---- C:\WINDOWS\NeroDigital.ini
    2009-01-06 17:48:37 ----D---- C:\WINDOWS\system32\drivers
    2009-01-06 15:13:25 ----A---- C:\WINDOWS\win.ini
    2009-01-06 15:12:47 ----HD---- C:\Program Files\InstallShield Installation Information
    2009-01-06 11:35:06 ----A---- C:\WINDOWS\winamp.ini
    2009-01-05 11:29:32 ----D---- C:\WINDOWS\Minidump
    2009-01-05 11:09:00 ----D---- C:\WINDOWS\system32\config
    2009-01-04 19:33:17 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-01-04 19:21:49 ----SHD---- C:\WINDOWS\Installer
    2009-01-04 17:30:03 ----SHD---- C:\System Volume Information
    2009-01-04 17:30:03 ----D---- C:\WINDOWS\system32\Restore
    2009-01-04 17:28:52 ----A---- C:\WINDOWS\IE4 Error Log.txt
    2009-01-04 13:04:34 ----HD---- C:\$AVG8.VAULT$
    2008-12-11 15:56:39 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
    2008-12-05 14:04:48 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2008-12-04 14:57:31 ----HD---- C:\WINDOWS\inf
    2008-12-04 14:57:31 ----D---- C:\WINDOWS\Help
    2008-12-03 15:52:44 ----D---- C:\WINDOWS\WinSxS
    2008-11-29 12:17:57 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2008-11-19 18:51:05 ----D---- C:\WINDOWS\system
    2008-11-19 18:30:51 ----D---- C:\Program Files\Registry Mechanic
    2008-11-06 15:18:39 ----D---- C:\WINDOWS\system32\CatRoot
    2008-10-28 19:44:06 ----RASH---- C:\boot.ini
    2008-10-26 06:57:11 ----HD---- C:\WINDOWS\$hf_mig$
    2008-10-21 16:48:40 ----D---- C:\WINDOWS\Debug
    2008-10-18 14:54:09 ----D---- C:\Program Files\Internet Explorer
    2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuweb.dll
    2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll
    2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll
    2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll
    2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wups2.dll
    2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wuauclt.exe
    2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll
    2008-10-16 14:09:40 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
    2008-10-16 14:08:58 ----A---- C:\WINDOWS\system32\wups.dll
    2008-10-16 14:07:44 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
    2008-10-16 14:07:14 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
    2008-10-15 23:57:55 ----A---- C:\WINDOWS\system32\netapi32.dll

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
    R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
    R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
    R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
    R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
    R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
    S1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-10-05 97928]
    S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-10-05 26824]
    S1 BIOS;BIOS; \??\C:\WINDOWS\system32\drivers\BIOS.sys []
    S1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
    S2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-10-05 76040]
    S3 GMSIPCI;GMSIPCI; \??\I:\INSTALL\GMSIPCI.SYS []
    S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-06-14 4429312]
    S3 PCnet;AMD PCNET Compatable Adapter Driver; C:\WINDOWS\system32\DRIVERS\pcntpci5.sys [2001-08-17 35328]
    S3 s616bus;Sony Ericsson Device 616 driver (WDM); C:\WINDOWS\system32\DRIVERS\s616bus.sys [2007-04-03 83208]
    S3 s616mdfl;Sony Ericsson Device 616 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s616mdfl.sys [2007-04-03 15112]
    S3 s616mdm;Sony Ericsson Device 616 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s616mdm.sys [2007-04-03 108680]
    S3 s616mgmt;Sony Ericsson Device 616 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s616mgmt.sys [2007-04-03 100360]
    S3 s616nd5;Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (NDIS); C:\WINDOWS\system32\DRIVERS\s616nd5.sys [2007-04-03 23176]
    S3 s616obex;Sony Ericsson Device 616 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s616obex.sys [2007-04-03 98568]
    S3 s616unic;Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (WDM); C:\WINDOWS\system32\DRIVERS\s616unic.sys [2007-04-03 99080]
    S3 SunkFilt6;Alcor Micro Corp - 6360; \??\C:\WINDOWS\System32\Drivers\sunkfilt6.sys []
    S3 SunkFilt62;Alcor Micro Corp - 6362; \??\C:\WINDOWS\System32\Drivers\sunkfilt62.sys []
    S3 Sunkfiltp;HP && Alcor Micro Corp for Phison; \??\C:\WINDOWS\System32\Drivers\sunkfiltp.sys []
    S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys []
    S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys []
    S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys []
    S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
    S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
    S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
    S3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2007-03-22 281856]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
    S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    S2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-10-05 875288]
    S2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-05 231704]
    S2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
    S2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
    S2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
    S2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe []
    S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-06-26 654848]
    S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-02-27 138168]
    S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
    S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-01 271920]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
    S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2008-07-31 306432]

    -----------------EOF-----------------
     
    Varrel,
    #1
  2. 2009/01/08
    Varrel

    Varrel Inactive Thread Starter

    Joined:
    2009/01/08
    Messages:
    14
    Likes Received:
    0
    the info file

    here is the info file

    info.txt logfile of random's system information tool 1.05 2009-01-08 18:42:31

    ======Uninstall list======

    -->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
    -->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
    -->C:\WINDOWS\IsUninst.exe -f\ "C:\Program Files\Final Fantasy VII\Uninst.isu "
    -->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
    -->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
    -->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
    -->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
    -->C:\WINDOWS\UNRecode.exe /UNINSTALL
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    ACDSee 4.0-->MsiExec.exe /I{92605735-AAFB-47F7-A67D-17ED129EFF9C}
    ACE-HIGH MP3 WAV WMA OGG Converter-->E:\PROGRA~1\ACE-HI~1\UNWISE.EXE E:\PROGRA~1\ACE-HI~1\INSTALL.LOG
    Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
    Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
    Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
    Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
    Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
    Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
    Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
    Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
    Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
    Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
    Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
    Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
    Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
    Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
    Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
    Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
    Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
    Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
    Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
    Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
    Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
    Adobe Setup-->MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
    Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
    Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
    Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
    Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
    Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
    Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
    AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
    Belle's Beauty Boutique-->E:\PROGRA~1\GAMEHO~1\BELLE'~1\UNWISE.EXE /U E:\PROGRA~1\GAMEHO~1\BELLE'~1\INSTALL.LOG
    BitComet 1.07-->F:\Program Files\BitComet\uninst.exe
    Brain Workout-->E:\PROGRA~1\HAPPYN~1\BRAINW~1\UNWISE.EXE E:\PROGRA~1\HAPPYN~1\BRAINW~1\INSTALL.LOG
    Burger Shop-->E:\PROGRA~1\GAMEHO~1\BURGER~1\UNWISE.EXE /U E:\PROGRA~1\GAMEHO~1\BURGER~1\INSTALL.LOG
    Cheat Engine 5.1.1--> "D:\Program Files\Cheat Engine\unins000.exe "
    DAP Premium-->F:\Program Files\DAP Premium\Uninstal.exe
    Delicious - Emily's Tea Garden-->C:\PROGRA~1\GAMEHO~1\DELICI~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\DELICI~1\INSTALL.LOG
    Disc2Phone-->MsiExec.exe /I{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}
    Download Accelerator Plus (DAP)-->C:\PROGRA~1\DAP\DAPREMOVE.EXE
    EclipseCrossword-->MsiExec.exe /I{C61177FD-37C4-4C5F-BE6C-E04A8AC399B6}
    EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
    Escape From Paradise--> "E:\Program Files\Escape From Paradise\ReflexiveArcade\unins000.exe "
    Feeding Frenzy 2-->E:\PROGRA~1\GAMEHO~1\FEEDIN~1\UNWISE.EXE /U E:\PROGRA~1\GAMEHO~1\FEEDIN~1\INSTALL.LOG
    Final Fantasy VII - Ultima Edition--> "C:\Program Files\Final Fantasy VII\unins000.exe "
    FLV Player--> "C:\WINDOWS\FLV Player\uninstall.exe" "/U:D:\Program Files\FLV Player\Uninstall\uninstall.xml "
    FretPro V.2.00--> "E:\Program Files\FretPro\setup\uninst.exe "
    Go Go Gourmet--> "E:\Program Files\Go Go Gourmet\ReflexiveArcade\unins000.exe "
    Google Earth-->MsiExec.exe /I{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}
    Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar2.dll "
    High Definition Audio Driver Package - KB888111--> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe "
    HijackThis 2.0.2--> "C:\Program Files\trend micro\HijackThis.exe" /uninstall
    Hotfix for Windows XP (KB935448)--> "C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe "
    Hotfix for Windows XP (KB952287)--> "C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe "
    Iggle Pop!-->E:\PROGRA~1\GAMEHO~1\IGGLEP~1\UNWISE.EXE /U E:\PROGRA~1\GAMEHO~1\IGGLEP~1\INSTALL.LOG
    iolo technologies' System Mechanic 4-->C:\PROGRA~1\iolo\SYSTEM~1\UNWISE.EXE C:\PROGRA~1\iolo\SYSTEM~1\INSTALL.LOG
    Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
    Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
    Kamus 2.03-->D:\Program Files\Kamus2\Uninstall.exe
    K-Lite Mega Codec Pack 1.59--> "E:\Program Files\K-Lite Codec Pack\unins000.exe "
    LimeWire PRO 4.18.8--> "F:\Program Files\LimeWire\uninstall.exe "
    Lost Cases of Sherlock Holmes Beta-->MsiExec.exe /I{49C9C56B-E9EE-4924-A363-DA4FB9F029A9}
    Macromedia Extension Manager-->MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
    Macromedia Flash 8 Video Encoder-->MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
    Macromedia Flash 8-->MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
    Magic Farm--> "E:\Program Files\Magic Farm\ReflexiveArcade\unins000.exe "
    Malwarebytes' Anti-Malware--> "F:\Program Files\Malwarebytes' Anti-Malware\unins000.exe "
    Microsoft .NET Framework 1.1 Hotfix (KB928366)--> "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp "
    Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
    Microsoft Rise Of Nations--> "C:\Program Files\Microsoft Games\Rise of Nations\UNINSTAL.EXE" /runtemp /addremove
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
    Multimedia Card Reader-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{CA529363-D0F2-41EA-B44B-D7515A254645}
    Nero 7 Essentials-->MsiExec.exe /X{9F5AFBD2-AF6D-41E9-AFE8-F67AD7AF1033}
    neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
    PANDA-glGo--> "D:\Program Files\glGo\uninstall.exe "
    PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
    QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
    Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
    Registry Mechanic 6.0--> "C:\Program Files\Registry Mechanic\unins000.exe "
    Sandlot Games Client Services 1.2.2--> "C:\Program Files\Common Files\Sandlot Shared\unins000.exe "
    Security Update for Windows Media Player (KB911564)--> "C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe "
    Security Update for Windows Media Player 6.4 (KB925398)--> "C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe "
    Security Update for Windows Media Player 9 (KB936782)--> "C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB890046)--> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB893756)--> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB896358)--> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB896423)--> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB896428)--> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB899587)--> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB899591)--> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB900725)--> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB901017)--> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB901214)--> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB902400)--> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB905414)--> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB905749)--> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB908519)--> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB911562)--> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB911927)--> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB913580)--> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB914388)--> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB914389)--> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB918118)--> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB918439)--> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB919007)--> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB920213)--> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB920670)--> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB920683)--> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB920685)--> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB922819)--> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB923191)--> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB923414)--> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB923689)--> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB923980)--> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB924270)--> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB924496)--> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB924667)--> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB925902)--> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB926255)--> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB926436)--> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB927779)--> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB927802)--> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB928255)--> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB928843)--> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB929123)--> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB930178)--> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB931261)--> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB931784)--> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB932168)--> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB933729)--> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB935839)--> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB935840)--> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB936021)--> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB937894)--> "C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB938127)--> "C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB938464)--> "C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB938829)--> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB941202)--> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB941568)--> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB941569)--> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB941644)--> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB941693)--> "C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB943055)--> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB943460)--> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB943485)--> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB944338)--> "C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB944533)--> "C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB944653)--> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB945553)--> "C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB946026)--> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB946648)--> "C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB947864)--> "C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB948590)--> "C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB948881)--> "C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB950749)--> "C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB950759)--> "C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB950760)--> "C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB950762)--> "C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB950974)--> "C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB951066)--> "C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB951376)--> "C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB951376-v2)--> "C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB951698)--> "C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB951748)--> "C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB952954)--> "C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB953838)--> "C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB953839)--> "C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB954211)--> "C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB956390)--> "C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB956391)--> "C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB956803)--> "C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB956841)--> "C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB957095)--> "C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB958644)--> "C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe "
    Sony Ericsson Device Data-->MsiExec.exe /I{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}
    Sony Ericsson Drivers-->MsiExec.exe /I{EEFE551E-A6C7-4A2A-8C92-C805523B3B0C}
    Sony Ericsson PC Suite-->C:\WINDOWS\Installer\{D6BF6477-8369-489F-8DE6-3731F4B88560}\setup.exe /uninstall
    Sony Ericsson PC Suite-->MsiExec.exe /I{05675D95-1567-4E00-A818-DB08064EA088}
    SpongeBob Monopoly-->E:\PROGRA~1\GAMEHO~1\SPONGE~1\UNWISE.EXE /U E:\PROGRA~1\GAMEHO~1\SPONGE~1\INSTALL.LOG
    SpyHunter--> "C:\Program Files\Enigma Software Group\SpyHunter\Uninstall.exe" "C:\Program Files\Enigma Software Group\SpyHunter\install.log" -u
    TransTool-->C:\TRANST~1\Unwise.exe /U C:\TRANST~1\Unwise.sms
    TuneUp Utilities 2008-->MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
    Uniblue RegistryBooster 2009--> "C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}\Uniblue RegistryBooster.exe" REMOVE=TRUE MODIFY=FALSE
    Uniblue RegistryBooster 2009-->C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}\Uniblue RegistryBooster.exe
    Update for Windows XP (KB894391)--> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe "
    Update for Windows XP (KB898461)--> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe "
    Update for Windows XP (KB900485)--> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe "
    Update for Windows XP (KB908531)--> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe "
    Update for Windows XP (KB910437)--> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe "
    Update for Windows XP (KB911280)--> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe "
    Update for Windows XP (KB916595)--> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe "
    Update for Windows XP (KB920872)--> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe "
    Update for Windows XP (KB922582)--> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe "
    Update for Windows XP (KB927891)--> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe "
    Update for Windows XP (KB930916)--> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe "
    Update for Windows XP (KB936357)--> "C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe "
    Update for Windows XP (KB938828)--> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe "
    Update for Windows XP (KB942763)--> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe "
    Update for Windows XP (KB942840)--> "C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe "
    Update for Windows XP (KB951072-v2)--> "C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe "
    VIA Platform Device Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
    VIA/S3G Display Driver 6.14.10.0359-->C:\PROGRA~1\S3\UChromeP\s3minset.exe /u UChromeP.uns
    Winamp (remove only)--> "C:\Program Files\Winamp\UninstWA.exe "
    Windows Installer 3.1 (KB893803)--> "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe "
    Windows Media Format Runtime--> "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
    Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
    Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
    Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
    Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
    Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
    Windows XP Hotfix - KB890859--> "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe "
    Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
    WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
    WinZip--> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
    Yahoo! Browser Services-->C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
    Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
    Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
    Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
    Yahoo! Search Protection-->C:\PROGRA~1\Yahoo!\SEARCH~1\UNINST~1.EXE
    Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

    ======Hosts File======

    127.0.0.1 localhost

    ======Security center information======

    AV: AVG Anti-Virus Free (outdated)

    System event log

    Computer Name: ORGANIZA-A15595
    Event Code: 4201
    Message: The system detected that network adapter \DEVICE\TCPIP_{89815402-CEA2-400F-B3CD-1446E8D66084} was connected to the network,
    and has initiated normal operation over the network adapter.

    Record Number: 22991
    Source Name: Tcpip
    Time Written: 20081202143734.000000+420
    Event Type: information
    User:

    Computer Name: ORGANIZA-A15595
    Event Code: 7036
    Message: The IMAPI CD-Burning COM Service service entered the stopped state.

    Record Number: 22990
    Source Name: Service Control Manager
    Time Written: 20081202143731.000000+420
    Event Type: information
    User:

    Computer Name: ORGANIZA-A15595
    Event Code: 4201
    Message: The system detected that network adapter \DEVICE\TCPIP_{89815402-CEA2-400F-B3CD-1446E8D66084} was connected to the network,
    and has initiated normal operation over the network adapter.

    Record Number: 22989
    Source Name: Tcpip
    Time Written: 20081202143729.000000+420
    Event Type: information
    User:

    Computer Name: ORGANIZA-A15595
    Event Code: 7036
    Message: The Computer Browser service entered the stopped state.

    Record Number: 22988
    Source Name: Service Control Manager
    Time Written: 20081202143728.000000+420
    Event Type: information
    User:

    Computer Name: ORGANIZA-A15595
    Event Code: 7036
    Message: The Remote Access Connection Manager service entered the running state.

    Record Number: 22987
    Source Name: Service Control Manager
    Time Written: 20081202143728.000000+420
    Event Type: information
    User:

    Application event log

    Computer Name: ORGANIZA-A15595
    Event Code: 1517
    Message: Windows saved user ORGANIZA-A15595\User registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


    This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

    Record Number: 1961
    Source Name: Userenv
    Time Written: 20080425165210.000000+420
    Event Type: warning
    User: NT AUTHORITY\SYSTEM

    Computer Name: ORGANIZA-A15595
    Event Code: 1800
    Message: The Windows Security Center Service has started.

    Record Number: 1960
    Source Name: SecurityCenter
    Time Written: 20080425163304.000000+420
    Event Type: information
    User:

    Computer Name: ORGANIZA-A15595
    Event Code: 0
    Message:
    Record Number: 1959
    Source Name: NMIndexingService
    Time Written: 20080425163304.000000+420
    Event Type: information
    User:

    Computer Name: ORGANIZA-A15595
    Event Code: 1
    Message:
    Record Number: 1958
    Source Name: AVGEMS
    Time Written: 20080425163302.000000+420
    Event Type: information
    User:

    Computer Name: ORGANIZA-A15595
    Event Code: 1
    Message:
    Record Number: 1957
    Source Name: Avg7UpdSvc
    Time Written: 20080425163258.000000+420
    Event Type: information
    User:

    ======Environment variables======

    "ComSpec "=%SystemRoot%\system32\cmd.exe
    "Path "=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Teleca Shared
    "windir "=%SystemRoot%
    "FP_NO_HOST_CHECK "=NO
    "OS "=Windows_NT
    "PROCESSOR_ARCHITECTURE "=x86
    "PROCESSOR_LEVEL "=15
    "PROCESSOR_IDENTIFIER "=x86 Family 15 Model 6 Stepping 5, GenuineIntel
    "PROCESSOR_REVISION "=0605
    "NUMBER_OF_PROCESSORS "=2
    "PATHEXT "=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP "=%SystemRoot%\TEMP
    "TMP "=%SystemRoot%\TEMP
    "SAFEBOOT_OPTION "=NETWORK

    -----------------EOF-----------------
     
    Varrel,
    #2


  3. to hide this advert.

  4. 2009/01/09
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Welcome to WindowsBBS Varrel :)

    Any idea what the following files are?

    2008-11-19 14:18:57 ----A---- C:\WINDOWS\system32\bad3.exe
    2008-11-19 14:18:54 ----A---- C:\WINDOWS\system32\bad2.exe
    2008-11-19 14:18:47 ----A---- C:\WINDOWS\system32\bad1.exe

    If not, please upload them to my submission channel for analysis. Leave a link back to this topic.
     
    noahdfear,
    #3
  5. 2009/01/09
    Varrel

    Varrel Inactive Thread Starter

    Joined:
    2009/01/08
    Messages:
    14
    Likes Received:
    0
    Thank you, Dave :)

    Well,, I don't know what those are. I think those are files created by my own country cracker.
    You know what, I tried opening antivirus sites this afternoon and it worked ! It's weird. I didn't delete those files. But last night, I did the kaspersky online scanner. I just did the update, I hadn't scan my computer because I fell asleep after that. Do you have any idea about this??
    I will upload those files to you.
     
    Last edited: 2009/01/09
    Varrel,
    #4
  6. 2009/01/09
    Varrel

    Varrel Inactive Thread Starter

    Joined:
    2009/01/08
    Messages:
    14
    Likes Received:
    0
    another information

    wow, wow, wow, after I sent my last email I went out. Now I'm trying to open antivirus sites and it fails. It's really confusing.
    I forgot to tell you, after I turn on my PC and run the firefox, my firefox always wants to download spyhunter scanner installer even I always cancel it.
    Also, sometimes a box appeared and said svchost.exe error (I don't remember the exact sentence).
    I really appreciate your help, Dave :)
     
    Varrel,
    #5
  7. 2009/01/09
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Please visit the following webpage for instructions for downloading and running ComboFix

    How to use ComboFix


    Download ComboFix by sUBs from here, saving the file to your desktop.


    Disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

    • Close all open programs and windows
    • Double click ComboFix.exe and follow the prompts.
    • It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log in your next reply.
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall

    **NOTE - I recommend you allow the Recovery Console to be downloaded and installed if or when prompted.
     
    noahdfear,
    #6
  8. 2009/01/09
    Varrel

    Varrel Inactive Thread Starter

    Joined:
    2009/01/08
    Messages:
    14
    Likes Received:
    0
    log from combofix

    This is the log from combofix. I couldn't install the recovery console.

    ComboFix 09-01-09.02 - User 2009-01-10 10:43:57.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.766.468 [GMT 7:00]
    Running from: c:\documents and settings\User\Desktop\ComboFix.exe
    AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated)
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\IE4 Error Log.txt
    c:\windows\system\msvbvm60.dll

    .
    ((((((((((((((((((((((((( Files Created from 2008-12-10 to 2009-01-10 )))))))))))))))))))))))))))))))
    .

    2009-01-09 23:59 . 2009-01-09 23:59 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Ahead
    2009-01-09 20:18 . 2009-01-09 20:18 <DIR> d-------- c:\program files\Avira
    2009-01-09 20:18 . 2009-01-09 20:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira
    2009-01-08 18:42 . 2009-01-08 18:56 <DIR> d-------- C:\rsit
    2009-01-08 18:42 . 2009-01-08 18:50 <DIR> d-------- c:\program files\trend micro
    2009-01-08 17:19 . 2009-01-08 17:19 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Uniblue
    2009-01-08 17:13 . 2009-01-08 17:13 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
    2009-01-05 18:53 . 2009-01-09 20:25 <DIR> d-------- c:\program files\Enigma Software Group
    2009-01-05 12:06 . 2009-01-05 12:06 <DIR> d-------- c:\documents and settings\User\Application Data\Malwarebytes
    2009-01-05 12:06 . 2009-01-05 12:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-01-05 12:06 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2009-01-05 12:06 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2009-01-04 19:33 . 2009-01-08 18:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\SecTaskMan
    2009-01-04 19:22 . 2009-01-04 19:22 <DIR> d-------- c:\documents and settings\User\Application Data\Uniblue
    2009-01-04 19:14 . 2009-01-04 19:21 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
    2009-01-03 15:18 . 2009-01-03 15:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\GameHouse
    2009-01-03 12:57 . 2009-01-03 12:57 <DIR> d-------- c:\program files\GameHouse
    2009-01-03 12:36 . 2009-01-03 12:36 <DIR> d-------- c:\program files\RealArcade
    2008-12-23 19:27 . 2009-01-03 13:29 <DIR> d-------- C:\Downloads
    2008-12-11 15:56 . 2008-12-11 15:57 <DIR> d-------- c:\windows\system32\NtmsData

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-10 03:42 --------- d-----w c:\documents and settings\User\Application Data\DNA
    2009-01-10 03:22 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
    2009-01-10 03:22 --------- d-----w c:\program files\DNA
    2009-01-09 13:24 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
    2009-01-06 08:12 --------- d--h--w c:\program files\InstallShield Installation Information
    2009-01-03 05:59 --------- d-----w c:\documents and settings\User\Application Data\GameHouse
    2008-12-29 13:53 --------- d-----w c:\documents and settings\User\Application Data\BitTorrent
    2008-12-15 14:40 --------- d-----w c:\documents and settings\User\Application Data\LimeWire
    2008-12-03 08:54 --------- d-----w c:\documents and settings\User\Application Data\Microsoft Games
    2008-12-03 08:50 --------- d-----w c:\program files\Microsoft Games
    2008-10-16 07:13 202,776 ----a-w c:\windows\system32\wuweb.dll
    2008-10-16 07:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
    2008-10-16 07:12 561,688 ----a-w c:\windows\system32\wuapi.dll
    2008-10-16 07:12 323,608 ----a-w c:\windows\system32\wucltui.dll
    2008-10-16 07:09 92,696 ----a-w c:\windows\system32\cdm.dll
    2008-10-16 07:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
    2008-10-16 07:09 43,544 ----a-w c:\windows\system32\wups2.dll
    2008-10-16 07:08 34,328 ----a-w c:\windows\system32\wups.dll
    2008-02-27 07:44 8,036,888 ----a-w c:\program files\dap86.exe
    2007-04-16 15:52 164,746 --sha-r c:\windows\system32\iqvnyv.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{F4F10C1D-87C7-404A-B4B3-000000000000} "= "c:\progra~1\DAP\SBSearch.dll" [2008-02-27 32768]

    [HKEY_CLASSES_ROOT\clsid\{f4f10c1d-87c7-404a-b4b3-000000000000}]
    [HKEY_CLASSES_ROOT\SearchHook.SrchHook.1]
    [HKEY_CLASSES_ROOT\TypeLib\{95EFB171-F3DF-4BEC-9EF7-829A800203E6}]
    [HKEY_CLASSES_ROOT\SearchHook.SrchHook]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE "= "c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} "= "c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]
    "Yahoo! Pager "= "c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 4670704]
    "BitTorrent DNA "= "c:\program files\DNA\btdna.exe" [2008-12-18 342848]
    "Search Protection "= "c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
    "YSearchProtection "= "c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
    "DownloadAccelerator "= "c:\program files\DAP\DAP.EXE" [2008-10-05 3061248]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2008-01-06 98304]
    "WinampAgent "= "c:\program files\Winamp\winampa.exe" [2003-12-13 33792]
    "NeroFilterCheck "= "c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
    "EPSON Stylus C45 Series "= "c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE" [2004-01-14 99840]
    "SunJavaUpdateSched "= "c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
    "Sunkist2k "= "c:\program files\Multimedia Card Reader\shwicon2k.exe" [2004-09-03 139264]
    "YSearchProtection "= "c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
    "avgnt "= "c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
    "VTTimer "= "VTTimer.exe" [2006-09-21 c:\windows\system32\VTTimer.exe]
    "VTTrayp "= "VTtrayp.exe" [2007-02-06 c:\windows\system32\VTTrayp.exe]
    "RTHDCPL "= "RTHDCPL.EXE" [2007-06-13 c:\windows\RTHDCPL.exe]
    "SkyTel "= "SkyTel.EXE" [2007-05-28 c:\windows\SkyTel.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE "= "c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
    WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-01-06 106560]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "RestrictRun "= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.X264 "= x264vfw.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride "=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "c:\\Program Files\\DAP\\DAP.exe "=
    "c:\\Program Files\\Java\\jre1.6.0_03\\bin\\java.exe "=
    "c:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe "=
    "f:\\Program Files\\LimeWire\\LimeWire.exe "=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
    "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe "=
    "c:\\Program Files\\DNA\\btdna.exe "=
    "f:\\Program Files\\BitTorrent\\bittorrent.exe "=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
    "c:\\Program Files\\Microsoft Games\\Rise of Nations\\rise.exe "=
    "f:\\Program Files\\BitComet\\BitComet.exe "=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "27169:TCP "= 27169:TCP:BitComet 27169 TCP
    "27169:UDP "= 27169:UDP:BitComet 27169 UDP
    "3506:TCP "= 3506:TCP:wptcws

    R0 ViBus;ViBus;c:\windows\system32\drivers\ViBus.sys [2007-03-26 16896]
    R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [2007-03-26 52224]
    R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2008-01-06 13696]
    S3 SunkFilt6;Alcor Micro Corp - 6360;\??\c:\windows\System32\Drivers\sunkfilt6.sys --> c:\windows\System32\Drivers\sunkfilt6.sys [?]
    S3 SunkFilt62;Alcor Micro Corp - 6362;c:\windows\system32\drivers\sunkfilt62.sys [2004-07-23 46536]
    S4 hegno;Time Boot;c:\windows\system32\svchost.exe -k netsvcs [2004-08-04 14336]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - SSMDRV

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp
    hegno

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2472e4d6-2e50-11dd-9913-0060b0ec5ec5}]
    \Shell\AutoRun\command - RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
    \Shell\open\command - RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac858196-dec6-11dc-9847-0060b0ec5ec5}]
    \Shell\Auto\Command - Thumbs.com
    \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Thumbs.com

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7885c44-6f74-11dd-998b-00e04d54de05}]
    \Shell\AutoRun\command - wscript.exe .\.vbs
    \Shell\open\command - wscript.exe .\.vbs
    .
    Contents of the 'Scheduled Tasks' folder

    2009-01-02 c:\windows\Tasks\1-Click Maintenance.job
    - e:\program files\TuneUp Utilities 2008\OneClick.exe [2008-01-08 13:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page =
    mStart Page = hxxp://www.yahoo.com
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
    IE: &D&ownload &with BitComet - f:\program files\BitComet\BitComet.exe/AddLink.htm
    IE: &D&ownload all video with BitComet - f:\program files\BitComet\BitComet.exe/AddVideo.htm
    IE: &D&ownload all with BitComet - f:\program files\BitComet\BitComet.exe/AddAllLink.htm
    IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
    IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    TCP: {89815402-CEA2-400F-B3CD-1446E8D66084} = 202.134.1.10,202.134.0.155
    Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
    Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
    FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\96s7npv9.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - component: c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\96s7npv9.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
    FF - component: c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\96s7npv9.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
    FF - component: c:\program files\DAP\DAPFireFox\components\DAPFireFox.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
    FF - plugin: e:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
    FF - plugin: e:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-10 10:45:45
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hegno]
    "ServiceDll "= "c:\windows\system32\iqvnyv.dll "
    .
    Completion time: 2009-01-10 10:47:14
    ComboFix-quarantined-files.txt 2009-01-10 03:47:10

    Pre-Run: 5.842.141.184 bytes free
    Post-Run: 5,976,346,624 bytes free

    186 --- E O F --- 2008-10-25 23:57:24
     
    Varrel,
    #7
  9. 2009/01/10
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Please download Flash_Disinfector by sUBs and save it to your desktop:

    NOTE: In the event you already have Flash_Disinfector, this is a new version that I need you to download.

    • Plug in your USB flash drive.
    • Double-click Flash_Disinfector.exe to run it.
    • Follow any prompts that may appear.
    • Your desktop will vanish for a while, and then reappear. This is normal.
    • Wait until the program has finished scanning, then please exit the program. If you use more than 1 flash drive, run the tool with each plugged in.


    Once again, please disable any realtime protection applications. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

    Filename: CFScript.txt
    Save As Type: All Files (*.*)

    Code:
    
http://www.windowsbbs.com/malware-virus-removal/80289-active-cant-open-antivirus-site-update-antivirus.html#post437178

Collect::
c:\windows\system32\iqvnyv.dll
Driver::
hegno
NetSvc::
hegno
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2472e4d6-2e50-11dd-9913-0060b0ec5ec5}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac858196-dec6-11dc-9847-0060b0ec5ec5}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7885c44-6f74-11dd-998b-00e04d54de05}]
    Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log here.

    Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.


    Please note that I have instructed CFScript to collect some files. This means that when ComboFix finishes, you will be prompted to allow ComboFix to upload a zip file that was created. The zip contains the aforementioned files. Please copy the path shown in the prompt and paste it into the box, then click Send. This will assist the author in adding the files for removal in future updates. Thanks!

    Let me know if the behavior with FireFox persists.
     
    noahdfear,
    #8
  10. 2009/01/11
    Varrel

    Varrel Inactive Thread Starter

    Joined:
    2009/01/08
    Messages:
    14
    Likes Received:
    0
    the log from combofix

    here is the log

    ComboFix 09-01-10.03 - User 2009-01-11 17:57:16.3 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.766.440 [GMT 7:00]
    Running from: c:\documents and settings\User\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt
    AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated)
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\iqvnyv.dll
    .
    ---- Previous Run -------
    .
    c:\windows\system32\mfcans32.DLL
    c:\windows\system32\mfcuia32.dll
    c:\windows\system32\msrdo20.dll
    c:\windows\system32\rdocurs.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_HEGNO
    -------\Service_hegno


    ((((((((((((((((((((((((( Files Created from 2008-12-11 to 2009-01-11 )))))))))))))))))))))))))))))))
    .

    2009-01-09 23:59 . 2009-01-09 23:59 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Ahead
    2009-01-09 20:18 . 2009-01-09 20:18 <DIR> d-------- c:\program files\Avira
    2009-01-09 20:18 . 2009-01-09 20:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira
    2009-01-08 18:42 . 2009-01-08 18:56 <DIR> d-------- C:\rsit
    2009-01-08 18:42 . 2009-01-08 18:50 <DIR> d-------- c:\program files\trend micro
    2009-01-08 17:19 . 2009-01-08 17:19 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Uniblue
    2009-01-08 17:13 . 2009-01-08 17:13 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
    2009-01-05 18:53 . 2009-01-09 20:25 <DIR> d-------- c:\program files\Enigma Software Group
    2009-01-05 12:06 . 2009-01-05 12:06 <DIR> d-------- c:\documents and settings\User\Application Data\Malwarebytes
    2009-01-05 12:06 . 2009-01-05 12:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-01-05 12:06 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2009-01-05 12:06 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2009-01-04 19:33 . 2009-01-08 18:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\SecTaskMan
    2009-01-04 19:22 . 2009-01-04 19:22 <DIR> d-------- c:\documents and settings\User\Application Data\Uniblue
    2009-01-04 19:14 . 2009-01-04 19:21 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
    2009-01-03 15:18 . 2009-01-03 15:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\GameHouse
    2009-01-03 12:57 . 2009-01-03 12:57 <DIR> d-------- c:\program files\GameHouse
    2009-01-03 12:36 . 2009-01-03 12:36 <DIR> d-------- c:\program files\RealArcade
    2008-12-23 19:27 . 2009-01-03 13:29 <DIR> d-------- C:\Downloads
    2008-12-11 15:56 . 2008-12-11 15:57 <DIR> d-------- c:\windows\system32\NtmsData

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-11 11:00 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
    2009-01-11 11:00 --------- d-----w c:\program files\DNA
    2009-01-11 11:00 --------- d-----w c:\documents and settings\User\Application Data\DNA
    2009-01-09 13:24 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
    2009-01-06 08:12 --------- d--h--w c:\program files\InstallShield Installation Information
    2009-01-03 05:59 --------- d-----w c:\documents and settings\User\Application Data\GameHouse
    2008-12-29 13:53 --------- d-----w c:\documents and settings\User\Application Data\BitTorrent
    2008-12-15 14:40 --------- d-----w c:\documents and settings\User\Application Data\LimeWire
    2008-12-03 08:54 --------- d-----w c:\documents and settings\User\Application Data\Microsoft Games
    2008-12-03 08:50 --------- d-----w c:\program files\Microsoft Games
    2008-02-27 07:44 8,036,888 ----a-w c:\program files\dap86.exe
    .

    ((((((((((((((((((((((((((((( snapshot@2009-01-10_10.46.05,60 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2005-10-20 13:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{F4F10C1D-87C7-404A-B4B3-000000000000} "= "c:\progra~1\DAP\SBSearch.dll" [2008-02-27 32768]

    [HKEY_CLASSES_ROOT\clsid\{f4f10c1d-87c7-404a-b4b3-000000000000}]
    [HKEY_CLASSES_ROOT\SearchHook.SrchHook.1]
    [HKEY_CLASSES_ROOT\TypeLib\{95EFB171-F3DF-4BEC-9EF7-829A800203E6}]
    [HKEY_CLASSES_ROOT\SearchHook.SrchHook]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE "= "c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} "= "c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]
    "Yahoo! Pager "= "c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 4670704]
    "BitTorrent DNA "= "c:\program files\DNA\btdna.exe" [2008-12-18 342848]
    "Search Protection "= "c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
    "YSearchProtection "= "c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
    "DownloadAccelerator "= "c:\program files\DAP\DAP.EXE" [2008-10-05 3061248]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2008-01-06 98304]
    "WinampAgent "= "c:\program files\Winamp\winampa.exe" [2003-12-13 33792]
    "NeroFilterCheck "= "c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
    "EPSON Stylus C45 Series "= "c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE" [2004-01-14 99840]
    "SunJavaUpdateSched "= "c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
    "Sunkist2k "= "c:\program files\Multimedia Card Reader\shwicon2k.exe" [2004-09-03 139264]
    "YSearchProtection "= "c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
    "avgnt "= "c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
    "VTTimer "= "VTTimer.exe" [2006-09-21 c:\windows\system32\VTTimer.exe]
    "VTTrayp "= "VTtrayp.exe" [2007-02-06 c:\windows\system32\VTTrayp.exe]
    "RTHDCPL "= "RTHDCPL.EXE" [2007-06-13 c:\windows\RTHDCPL.exe]
    "SkyTel "= "SkyTel.EXE" [2007-05-28 c:\windows\SkyTel.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE "= "c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
    WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-01-06 106560]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "RestrictRun "= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.X264 "= x264vfw.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride "=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "c:\\Program Files\\DAP\\DAP.exe "=
    "c:\\Program Files\\Java\\jre1.6.0_03\\bin\\java.exe "=
    "c:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe "=
    "f:\\Program Files\\LimeWire\\LimeWire.exe "=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
    "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe "=
    "c:\\Program Files\\DNA\\btdna.exe "=
    "f:\\Program Files\\BitTorrent\\bittorrent.exe "=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
    "c:\\Program Files\\Microsoft Games\\Rise of Nations\\rise.exe "=
    "f:\\Program Files\\BitComet\\BitComet.exe "=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "27169:TCP "= 27169:TCP:BitComet 27169 TCP
    "27169:UDP "= 27169:UDP:BitComet 27169 UDP
    "3506:TCP "= 3506:TCP:wptcws

    R0 ViBus;ViBus;c:\windows\system32\drivers\ViBus.sys [2007-03-26 16896]
    R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [2007-03-26 52224]
    R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2008-01-06 13696]
    S3 SunkFilt6;Alcor Micro Corp - 6360;\??\c:\windows\System32\Drivers\sunkfilt6.sys --> c:\windows\System32\Drivers\sunkfilt6.sys [?]
    S3 SunkFilt62;Alcor Micro Corp - 6362;c:\windows\system32\drivers\sunkfilt62.sys [2004-07-23 46536]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp
    .
    Contents of the 'Scheduled Tasks' folder

    2009-01-02 c:\windows\Tasks\1-Click Maintenance.job
    - e:\program files\TuneUp Utilities 2008\OneClick.exe [2008-01-08 13:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page =
    mStart Page = hxxp://www.yahoo.com
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
    IE: &D&ownload &with BitComet - f:\program files\BitComet\BitComet.exe/AddLink.htm
    IE: &D&ownload all video with BitComet - f:\program files\BitComet\BitComet.exe/AddVideo.htm
    IE: &D&ownload all with BitComet - f:\program files\BitComet\BitComet.exe/AddAllLink.htm
    IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
    IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    TCP: {89815402-CEA2-400F-B3CD-1446E8D66084} = 202.134.1.10,202.134.0.155
    Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
    Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
    FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\96s7npv9.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - component: c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\96s7npv9.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
    FF - component: c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\96s7npv9.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
    FF - component: c:\program files\DAP\DAPFireFox\components\DAPFireFox.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
    FF - plugin: e:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
    FF - plugin: e:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-11 18:00:25
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
    c:\progra~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
    c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\windows\system32\wdfmgr.exe
    c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
    c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    .
    **************************************************************************
    .
    Completion time: 2009-01-11 18:04:57 - machine was rebooted [User]
    ComboFix-quarantined-files.txt 2009-01-11 11:04:54
    ComboFix2.txt 2009-01-10 03:47:15

    Pre-Run: 7,405,879,296 bytes free
    Post-Run: 7,326,621,696 bytes free

    191 --- E O F --- 2008-10-25 23:57:24
     
    Varrel,
    #9
  11. 2009/01/11
    Varrel

    Varrel Inactive Thread Starter

    Joined:
    2009/01/08
    Messages:
    14
    Likes Received:
    0
    yeah !

    YEEEEAAAAAAAAHHHHHH !!!!!!
    I think my computer has been totally 'cured'. I can open antivirus sites now !!!
    Thank you SOOOOO MUUUCH Dave !! :D
    Well, actually I'm still a little bit concerned. I will post you again tommorow to tell you whether my computer has been back to normal or not.
    By the way, I think that I got this virus from my flashdisk. I've scanned it with flash disinfector. Do you think I can use it now?? Is it virus-free??
    Oh, about the zip file I have to send after the combofix finished, I didn't have it. I don't know why.:confused:
     
    Varrel,
    #10
  12. 2009/01/11
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Once Flash_Disinfector has been run as directed it is safe to use the flash drive. :)

    Please post the contents of C:\Qoobox\ComboFix-quarantined-files.txt
     
    noahdfear,
    #11
  13. 2009/01/11
    Varrel

    Varrel Inactive Thread Starter

    Joined:
    2009/01/08
    Messages:
    14
    Likes Received:
    0
    Great, thank you :)

    here is the contents of C:\Qoobox\ComboFix-quarantined-files.txt

    2000-04-03 17:52:54 A------- 151,552 C:\Qoobox\Quarantine\C\WINDOWS\system32\RDOCURS.DLL.vir
    2000-05-11 13:06:20 A------- 397,312 C:\Qoobox\Quarantine\C\WINDOWS\system32\MSRDO20.DLL.vir
    2004-08-04 05:56:44 A------- 164,746 C:\Qoobox\Quarantine\C\WINDOWS\system32\iqvnyv.dll.vir
    2004-08-04 05:56:44 A------- 1,386,496 C:\Qoobox\Quarantine\C\WINDOWS\system\msvbvm60.dll.vir
    2008-01-10 13:08:41 A------- 999 C:\Qoobox\Quarantine\C\WINDOWS\IE4 Error Log.txt.vir
    2008-05-06 17:00:45 A------- 5,632 C:\Qoobox\Quarantine\C\WINDOWS\system32\Mfcuia32.dll.vir
    2008-05-06 17:00:45 A------- 133,904 C:\Qoobox\Quarantine\C\WINDOWS\system32\Mfcans32.dll.vir
    2009-01-10 10:43:06 A------- 376 C:\Qoobox\Quarantine\catchme.log
    2009-01-10 10:45:25 A------- 8,300 C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
    2009-01-11 16:53:02 A------- 156,434 C:\Qoobox\Quarantine\[4]-Submit_2009-01-11@16.53.zip
    2009-01-11 16:53:14 A------- 652 C:\Qoobox\Quarantine\C\WINDOWS\system32\_iqvnyv_.dll.zip
    2009-01-11 17:57:12 A------- 1,113 C:\Qoobox\Quarantine\[4]-Submit_2009-01-11@17.57.zip
    2009-01-11 17:58:46 A------- 1,010 C:\Qoobox\Quarantine\Registry_backups\Legacy_HEGNO.reg.dat
    2009-01-11 17:58:46 A------- 2,122 C:\Qoobox\Quarantine\Registry_backups\Service_hegno.reg.dat


    what do I have to do with it??
     
    Varrel,
    #12
  14. 2009/01/11
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Please upload the following file to this submission channel.

    C:\Qoobox\Quarantine\[4]-Submit_2009-01-11@16.53.zip


    Once that's done, do an online scan with Kaspersky Online Scanner

    Click Accept, when prompted to download and install the program files and database of malware definitions.
    • Click Run at the Security prompt.
    • The program will then begin downloading and installing and will also update the database.
    • Please be patient as this can take several minutes.
    • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
    • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
    • Click View scan report at the bottom.
    • Click the Save Report As... button.
    • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.
    **Note**

    To optimize scanning time and produce a more sensible report for review:
    • Close any open programs.
    • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.


    Post the Kaspersky log here.
     
    noahdfear,
    #13
  15. 2009/01/12
    Varrel

    Varrel Inactive Thread Starter

    Joined:
    2009/01/08
    Messages:
    14
    Likes Received:
    0
    kaspersky log

    I've sent the zip file that you asked. :cool:
    Here is the kaspersky log. Seems like there are still some viruses left in my PC.

    --------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7 REPORT
    Monday, January 12, 2009
    Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
    Kaspersky Online Scanner 7 version: 7.0.25.0
    Program database last update: Monday, January 12, 2009 08:20:01
    Records in database: 1606483
    --------------------------------------------------------------------------------

    Scan settings:
    Scan using the following database: extended
    Scan archives: yes
    Scan mail databases: yes

    Scan area - My Computer:
    C:\
    D:\
    E:\
    F:\
    G:\

    Scan statistics:
    Files scanned: 104633
    Threat name: 3
    Infected objects: 4
    Suspicious objects: 0
    Duration of the scan: 01:49:30


    File name / Threat name / Threats count
    C:\Qoobox\Quarantine\[4]-Submit_2009-01-11@16.53.zip Infected: Net-Worm.Win32.Kido.bt 1
    F:\System Volume Information\_restore{7AED3C37-C671-43E7-98BF-90C151E773E6}\RP12\A0005793.exe Infected: not-a-virus:RiskTool.Win32.CloseApp.e 2
    F:\System Volume Information\_restore{7AED3C37-C671-43E7-98BF-90C151E773E6}\RP12\A0005793.exe Infected: Trojan-Spy.Win32.Agent.ehl 1

    The selected area was scanned.
     
    Varrel,
    #14
  16. 2009/01/13
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    You're in good shape. Those files are in quarantine and system restore points, which we'll take care of now.

    Delete Flash_Disinfector.

    Open MBAM and remove any items quarantined. Do the same with your resident antivirus.

    Click Start>Run and type ComboFix /u then hit Enter to uninstall ComboFix and remove the files it has quarantined. This action will also reset the System Restore points, removing any infected files there as well.
    Verify the C:\Qoobox and C:\ComboFix folders were removed, as well as the C:\ComboFix.txt file.

    Delete RSIT.exe and the C:\rsit folder.
    You can delete any other logs that were created/saved too.
    Empty the recycle bin when done.

    Uninstall both existing Java components via Add/Remove Programs.

    Java(TM) 6 Update 3
    Java(TM) 6 Update 5

    Then, install the latest version from here

    That should finish things up. Geri has posted some very helpful information and recommendations regarding future protection in the following link.

    http://www.windowsbbs.com/showthread.php?t=67958

    Surf safe! :)
     
    noahdfear,
    #15
  17. 2009/01/13
    Varrel

    Varrel Inactive Thread Starter

    Joined:
    2009/01/08
    Messages:
    14
    Likes Received:
    0
    Thank you so much, Dave !!! You are really a savior. :)

    But, I got another problem now. gosh. Everytime I want to open www.yahoo.com, I always redirected to m.www.yahoo.com. What's wrong with this??
     
    Varrel,
    #16
  18. 2009/01/13
    Varrel

    Varrel Inactive Thread Starter

    Joined:
    2009/01/08
    Messages:
    14
    Likes Received:
    0
    Oh, I have solved the redirecting problem by googling. hahahahh. I thought it was another virus, but it's only a new yahoo program.

    Once again, THANK YOU VERY MUCH. I don't know how to pay you. I'm just able to pray for you so you could always have a happy and great life ! :)

    I hope I can be like you someday. :D
     
    Varrel,
    #17
  19. 2009/01/13
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Glad I could help. You're very welcome. :)
     
    noahdfear,
    #18

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...