[cherriedpie]

Can't use HijackThis & Combofix. It says it's not a valid Win32 application when I tried to run it.
And AVG's SuperAnti-Spyware hangs my computer when I try to run it. I'm only having 512MB RAM.

Also, srosa.sys, hldrr.exe, flec006.exe, wintems.exe, etc except for mdelk.exe is hidden from me although I already toggled to reveal hidden (and important) files. So I can't delete them. Although sometimes I find flec006.exe under my Windows Task Manager, I cannot delete the process as it doesn't allow me to. I also ran autorun program and tried killing srosa.sys process but it didn't work. And I ran SEEM and saw that hldrrr.exe, flec006.exe were one of the processes in my computer (under Netstat but again, I was denied deleting them. )

And before this, I scanned using Uniblu's Registry Cleaner and Spyware Remover. They detected the malware in my computer and I moved on to deleting them, but in the logs, they wrote that they did no action to certain viruses. After that, I rebooted. And removed the programs from my computer.

However, later when I used FS Black Light, only one of the hidden viruses appeared in the log. Before this, wintems.exe, srosa.sys, flec006.exe were in the log. Even if flec006.exe is missing, its 'm' directory that it creates is still in Application Data and cannot be deleted. Please help me!

This is the log from FS Black Light. (I also have Ad-Aware in my computer, fyi)

04/02/08 22:54:02 [Info]: BlackLight Engine 1.0.70 initialized
04/02/08 22:54:02 [Info]: OS: 5.1 build 2600 (Service Pack 2)
04/02/08 22:54:02 [Note]: 7019 4
04/02/08 22:54:02 [Note]: 7005 0
04/02/08 22:54:12 [Note]: 7006 0
04/02/08 22:54:12 [Note]: 7011 2136
04/02/08 22:54:12 [Note]: 7035 0
04/02/08 22:54:20 [Note]: 7026 0
04/02/08 22:54:28 [Note]: 7026 0
04/02/08 22:54:28 [Note]: 7024 3
04/02/08 22:54:28 [Info]: Hidden process: C:\WINDOWS\system32\drivers\hldrrr.exe
04/02/08 22:54:37 [Note]: FSRAW library version 1.7.1024
04/02/08 22:57:14 [Info]: Hidden file: c:\Program Files\Movie Maker\Shared\Empty.txt
04/02/08 22:57:14 [Note]: 10002 3
04/02/08 22:57:14 [Info]: Hidden file: c:\Program Files\Movie Maker\Shared\Filters.xml
04/02/08 22:57:14 [Note]: 10002 3
04/02/08 22:57:14 [Info]: Hidden file: c:\Program Files\Movie Maker\Shared\news.png
04/02/08 22:57:14 [Note]: 10002 3
04/02/08 22:57:14 [Info]: Hidden file: c:\Program Files\Movie Maker\Shared\paint.png
04/02/08 22:57:14 [Note]: 10002 3
04/02/08 22:57:14 [Info]: Hidden file: c:\Program Files\Movie Maker\Shared\Profiles\Blank.txt
04/02/08 22:57:14 [Note]: 10002 3
04/02/08 22:57:14 [Info]: Hidden file: c:\Program Files\Movie Maker\Shared\Sample1.jpg
04/02/08 22:57:14 [Note]: 10002 3
04/02/08 22:57:14 [Info]: Hidden file: c:\Program Files\Movie Maker\Shared\Sample2.jpg
04/02/08 22:57:14 [Note]: 10002 3
04/02/08 22:57:14 [Note]: 10002 2
04/02/08 22:57:14 [Note]: 10002 2
04/02/08 22:58:02 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\activity_speaker_states.bmp
04/02/08 22:58:02 [Note]: 10002 3
04/02/08 22:58:02 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\border_bot.bmp
04/02/08 22:58:02 [Note]: 10002 3
04/02/08 22:58:02 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\border_bot.rgn
04/02/08 22:58:02 [Note]: 10002 3
04/02/08 22:58:02 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\border_left.bmp
04/02/08 22:58:02 [Note]: 10002 3
04/02/08 22:58:02 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\border_left.rgn
04/02/08 22:58:02 [Note]: 10002 3
04/02/08 22:58:02 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\border_right.bmp
04/02/08 22:58:02 [Note]: 10002 3
04/02/08 22:58:02 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\border_right.rgn
04/02/08 22:58:02 [Note]: 10002 3
04/02/08 22:58:02 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\border_top.bmp
04/02/08 22:58:03 [Note]: 10002 3
04/02/08 22:58:03 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\border_top.rgn
04/02/08 22:58:03 [Note]: 10002 3
04/02/08 22:58:03 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\button_chevron_down.bmp
04/02/08 22:58:03 [Note]: 10002 3
04/02/08 22:58:03 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\button_chevron_up.bmp
04/02/08 22:58:03 [Note]: 10002 3
04/02/08 22:58:03 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\capbuttons.bmp
04/02/08 22:58:03 [Note]: 10002 3
04/02/08 22:58:03 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\columnheads.bmp
04/02/08 22:58:03 [Note]: 10002 3
04/02/08 22:58:03 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\combo.bmp
04/02/08 22:58:03 [Note]: 10002 3
04/02/08 22:58:03 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\combo_arrow.bmp
04/02/08 22:58:03 [Note]: 10002 3
04/02/08 22:58:03 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\connect_chunkyanim.bmp
04/02/08 22:58:03 [Note]: 10002 3
04/02/08 22:58:03 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\dark_connect_chunkyanim.bmp
04/02/08 22:58:03 [Note]: 10002 3
04/02/08 22:58:03 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\dialbtn_pad.bmp
04/02/08 22:58:03 [Note]: 10002 3
04/02/08 22:58:03 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\donotdisturb.bmp
04/02/08 22:58:03 [Note]: 10002 3
04/02/08 22:58:03 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\games_close.bmp
04/02/08 22:58:03 [Note]: 10002 3
04/02/08 22:58:03 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\grabbie.bmp
04/02/08 22:58:03 [Note]: 10002 3
04/02/08 22:58:03 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\grabbie.png
04/02/08 22:58:03 [Note]: 10002 3
04/02/08 22:58:03 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\groupboxedge.bmp
04/02/08 22:58:03 [Note]: 10002 3
04/02/08 22:58:03 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\headerbg.png
04/02/08 22:58:03 [Note]: 10002 3
04/02/08 22:58:03 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\icons_tbar_disabled.bmp
04/02/08 22:58:03 [Note]: 10002 3
04/02/08 22:58:03 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\icons_tbar_hot.bmp
04/02/08 22:58:03 [Note]: 10002 3
04/02/08 22:58:03 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\icons_tbar_normal.bmp
04/02/08 22:58:03 [Note]: 10002 3
04/02/08 22:58:03 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\indigo.xml
04/02/08 22:58:03 [Note]: 10002 3
04/02/08 22:58:03 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\itabs.bmp
04/02/08 22:58:03 [Note]: 10002 3
04/02/08 22:58:03 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\menubar.bmp
04/02/08 22:58:03 [Note]: 10002 3
04/02/08 22:58:03 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\menubar_states.bmp
04/02/08 22:58:03 [Note]: 10002 3
04/02/08 22:58:03 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\menuitem.bmp
04/02/08 22:58:03 [Note]: 10002 3
04/02/08 22:58:03 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\menusearchbar.bmp
04/02/08 22:58:03 [Note]: 10002 3
04/02/08 22:58:03 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\menu_bg.bmp
04/02/08 22:58:03 [Note]: 10002 3
04/02/08 22:58:03 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\menu_scroll.bmp
04/02/08 22:58:03 [Note]: 10002 3
04/02/08 22:58:03 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\menu_sep.bmp
04/02/08 22:58:03 [Note]: 10002 3
04/02/08 22:58:03 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\mute_states.bmp
04/02/08 22:58:03 [Note]: 10002 3
04/02/08 22:58:03 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\pab_abook_off.bmp
04/02/08 22:58:03 [Note]: 10002 3
04/02/08 22:58:03 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\pab_abook_on.bmp
04/02/08 22:58:03 [Note]: 10002 3
04/02/08 22:58:03 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\pab_add1.bmp
04/02/08 22:58:03 [Note]: 10002 3
04/02/08 22:58:03 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\pab_mlist1_off.bmp
04/02/08 22:58:03 [Note]: 10002 3
04/02/08 22:58:03 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\pab_mlist1_on.bmp
04/02/08 22:58:03 [Note]: 10002 3
04/02/08 22:58:03 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\photoshare_slider.bmp
04/02/08 22:58:03 [Note]: 10002 3
04/02/08 22:58:03 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\photoshare_slider_tray.bmp
04/02/08 22:58:03 [Note]: 10002 3
04/02/08 22:58:03 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\preview_indigo.jpg
04/02/08 22:58:03 [Note]: 10002 3
04/02/08 22:58:03 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\progressbar.bmp
04/02/08 22:58:03 [Note]: 10002 3
04/02/08 22:58:03 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\pushbuttons.bmp
04/02/08 22:58:03 [Note]: 10002 3
04/02/08 22:58:03 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\radio.bmp
04/02/08 22:58:03 [Note]: 10002 3
04/02/08 22:58:03 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\scroll_vbg.bmp
04/02/08 22:58:03 [Note]: 10002 3
04/02/08 22:58:03 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\scroll_hhandle.bmp
04/02/08 22:58:03 [Note]: 10002 3
04/02/08 22:58:03 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\scroll_vhandle.bmp
04/02/08 22:58:03 [Note]: 10002 3
04/02/08 22:58:03 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\scroll_buttons.bmp
04/02/08 22:58:03 [Note]: 10002 3
04/02/08 22:58:03 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\scroll_griph.bmp
04/02/08 22:58:03 [Note]: 10002 3
04/02/08 22:58:03 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\scroll_gripv.bmp
04/02/08 22:58:03 [Note]: 10002 3
04/02/08 22:58:03 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\scroll_hbg.bmp
04/02/08 22:58:03 [Note]: 10002 3
04/02/08 22:58:03 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\search_bang.bmp
04/02/08 22:58:03 [Note]: 10002 3
04/02/08 22:58:03 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\silver_bg.bmp
04/02/08 22:58:03 [Note]: 10002 3
04/02/08 22:58:03 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\slotborder.png
04/02/08 22:58:03 [Note]: 10002 3
04/02/08 22:58:03 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\slotborder_we.png
04/02/08 22:58:03 [Note]: 10002 3
04/02/08 22:58:03 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\slot_empty_bg.png
04/02/08 22:58:03 [Note]: 10002 3
04/02/08 22:58:03 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\statusbar.bmp
04/02/08 22:58:03 [Note]: 10002 3
04/02/08 22:58:03 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\statusgrabber.bmp
04/02/08 22:58:03 [Note]: 10002 3
04/02/08 22:58:03 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\subhdrbg.png
04/02/08 22:58:03 [Note]: 10002 3
04/02/08 22:58:03 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\subhdrbg_cls.png
04/02/08 22:58:03 [Note]: 10002 3
04/02/08 22:58:03 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\subhdrbg_cls_hover.png
04/02/08 22:58:03 [Note]: 10002 3
04/02/08 22:58:03 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\subhdrbg_hover.png
04/02/08 22:58:03 [Note]: 10002 3
04/02/08 22:58:03 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\checkbox.bmp
04/02/08 22:58:03 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\tool_border_top.bmp
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\trackbar_h.bmp
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\voice_tbar.bmp
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\tool_border_top.rgn
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\tool_border_bot.bmp
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\tool_border_bot.rgn
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\tool_border_left.bmp
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\tool_border_left.rgn
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\tool_border_right.bmp
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\tool_border_right.rgn
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\tool_capbuttons.bmp
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\trackbar_thumb_vert.bmp
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\trackbar_thumb_up.bmp
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\trackbar_thumb_down.bmp
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\trackbar_thumb_horz.bmp
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\trackbar_thumb_left.bmp
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\trackbar_thumb_right.bmp
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\trackbar_v.bmp
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\triangletray.bmp
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\typedown.bmp
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\up_down.bmp
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\up_down_arrow.bmp
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\up_down_h.bmp
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\up_down_h_arrow.bmp
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\voice_dialpad_3.png
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\voice_dialpad_7.png
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\voice_dialpad_4.png
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\voice_dialpad_8.png
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\voice_dialpad_5.png
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\voice_dialpad_9.png
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\voice_dialpad_2.png
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\voice_dialpad_6.png
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\voice_tbar_hold.bmp
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\sys_menu.bmp
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\tabs.bmp
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\tabs_standard.bmp
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\tab_border.bmp
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\tbar_sep.bmp
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\title.png
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\title_down.png
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\title_hover.png
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\title_up.png
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\toolbarbuttons.bmp
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\voice_tbar_incoming.bmp
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\voice_ringer.bmp
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\voice_callbtn.bmp
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\Voice_Circle.bmp
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\voice_ctrls.bmp
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\voice_dialpad_0.png
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\voice_dialpad_1.png
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\voice_dialpad_10.png
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\voice_dialpad_11.png
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\voice_lights.bmp
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\border_bot.bmp
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\border_bot.rgn
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\border_left.bmp
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\border_left.rgn
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\border_right.bmp
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\border_right.rgn
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\border_top.bmp
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\border_top.rgn
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\button_chevron_down.bmp
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\button_chevron_up.bmp
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\capbuttons.bmp
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\checkbox.bmp
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\columnheads.bmp
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\combo.bmp
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\combo_arrow.bmp
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\dialbtn_pad.bmp
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\donotdisturb.bmp
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\games_close.bmp
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\grabbie.bmp
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\grabbie.png
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\groupboxedge.bmp
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\headerbg.png
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\icons_tbar_disabled.bmp
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\icons_tbar_hot.bmp
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\icons_tbar_normal.bmp
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\itabs.bmp
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\maverick.xml
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\menubar.bmp
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\menubar_states.bmp
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\menuitem.bmp
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\menusearchbar.bmp
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\menu_bg.bmp
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\menu_scroll.bmp
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\menu_sep.bmp
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\pab_abook_off.bmp
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\pab_abook_on.bmp
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\pab_add1.bmp
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\pab_mlist1_on.bmp
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\pab_mlist1_off.bmp
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\photoshare_slider.bmp
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\photoshare_slider_tray.bmp
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\preview_mavblue.jpg
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\progressbar.bmp
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\pushbuttons.bmp
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\radio.bmp
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\scroll_vbg.bmp
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\scroll_hhandle.bmp
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\scroll_vhandle.bmp
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\scroll_buttons.bmp
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\scroll_griph.bmp
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:04 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\scroll_gripv.bmp
04/02/08 22:58:04 [Note]: 10002 3
04/02/08 22:58:05 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\scroll_hbg.bmp
04/02/08 22:58:05 [Note]: 10002 3
04/02/08 22:58:05 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\search_bang.bmp
04/02/08 22:58:05 [Note]: 10002 3
04/02/08 22:58:05 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\silver_bg.bmp
04/02/08 22:58:05 [Note]: 10002 3
04/02/08 22:58:05 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\slotborder.png
04/02/08 22:58:05 [Note]: 10002 3
04/02/08 22:58:05 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\slotborder_we.png
04/02/08 22:58:05 [Note]: 10002 3
04/02/08 22:58:05 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\slot_empty_bg.png
04/02/08 22:58:05 [Note]: 10002 3
04/02/08 22:58:05 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\statusbar.bmp
04/02/08 22:58:05 [Note]: 10002 3
04/02/08 22:58:05 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\statusgrabber.bmp
04/02/08 22:58:05 [Note]: 10002 3
04/02/08 22:58:05 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\subhdrbg.png
04/02/08 22:58:05 [Note]: 10002 3
04/02/08 22:58:05 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\subhdrbg_cls.png
04/02/08 22:58:05 [Note]: 10002 3
04/02/08 22:58:05 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\subhdrbg_cls_hover.png
04/02/08 22:58:05 [Note]: 10002 3
04/02/08 22:58:05 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\subhdrbg_hover.png
04/02/08 22:58:05 [Note]: 10002 3
04/02/08 22:58:05 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\sys_menu.bmp
04/02/08 22:58:05 [Note]: 10002 3
04/02/08 22:58:05 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\tabs_standard.bmp
04/02/08 22:58:05 [Note]: 10002 3
04/02/08 22:58:05 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\tab_border.bmp
04/02/08 22:58:05 [Note]: 10002 3
04/02/08 22:58:05 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\tbar_bg.bmp
04/02/08 22:58:05 [Note]: 10002 3
04/02/08 22:58:05 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\tbar_sep.bmp
04/02/08 22:58:05 [Note]: 10002 3
04/02/08 22:58:05 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\title.png
04/02/08 22:58:05 [Note]: 10002 3
04/02/08 22:58:05 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\title_down.png
04/02/08 22:58:05 [Note]: 10002 3
04/02/08 22:58:05 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\title_hover.png
04/02/08 22:58:05 [Note]: 10002 3
04/02/08 22:58:05 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\title_up.png
04/02/08 22:58:05 [Note]: 10002 3
04/02/08 22:58:05 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\toolbarbuttons.bmp
04/02/08 22:58:05 [Note]: 10002 3
04/02/08 22:58:05 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\tool_border_bot.bmp
04/02/08 22:58:05 [Note]: 10002 3
04/02/08 22:58:05 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\tool_border_bot.rgn
04/02/08 22:58:05 [Note]: 10002 3
04/02/08 22:58:05 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\tool_border_left.bmp
04/02/08 22:58:05 [Note]: 10002 3
04/02/08 22:58:05 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\tool_border_left.rgn
04/02/08 22:58:05 [Note]: 10002 3
04/02/08 22:58:05 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\tool_border_right.bmp
04/02/08 22:58:05 [Note]: 10002 3
04/02/08 22:58:05 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\tool_border_right.rgn
04/02/08 22:58:05 [Note]: 10002 3
04/02/08 22:58:05 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\tool_border_top.bmp
04/02/08 22:58:05 [Note]: 10002 3
04/02/08 22:58:05 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\tool_border_top.rgn
04/02/08 22:58:05 [Note]: 10002 3
04/02/08 22:58:05 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\tool_capbuttons.bmp
04/02/08 22:58:05 [Note]: 10002 3
04/02/08 22:58:05 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\tabs.bmp
04/02/08 22:58:05 [Note]: 10002 3
04/02/08 22:58:05 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\triangletray.bmp
04/02/08 22:58:05 [Note]: 10002 3
04/02/08 22:58:05 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\voice_dialpad_10.png
04/02/08 22:58:05 [Note]: 10002 3
04/02/08 22:58:05 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\trackbar_thumb_vert.bmp
04/02/08 22:58:05 [Note]: 10002 3
04/02/08 22:58:05 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\trackbar_thumb_up.bmp
04/02/08 22:58:05 [Note]: 10002 3
04/02/08 22:58:05 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\trackbar_h.bmp
04/02/08 22:58:05 [Note]: 10002 3
04/02/08 22:58:05 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\trackbar_thumb_down.bmp
04/02/08 22:58:05 [Note]: 10002 3
04/02/08 22:58:05 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\trackbar_thumb_horz.bmp
04/02/08 22:58:05 [Note]: 10002 3
04/02/08 22:58:05 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\trackbar_thumb_left.bmp
04/02/08 22:58:05 [Note]: 10002 3
04/02/08 22:58:05 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\trackbar_thumb_right.bmp
04/02/08 22:58:05 [Note]: 10002 3
04/02/08 22:58:05 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\trackbar_v.bmp
04/02/08 22:58:05 [Note]: 10002 3
04/02/08 22:58:05 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\typedown.bmp
04/02/08 22:58:05 [Note]: 10002 3
04/02/08 22:58:05 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\up_down.bmp
04/02/08 22:58:05 [Note]: 10002 3
04/02/08 22:58:05 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\up_down_arrow.bmp
04/02/08 22:58:05 [Note]: 10002 3
04/02/08 22:58:05 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\up_down_h.bmp
04/02/08 22:58:05 [Note]: 10002 3
04/02/08 22:58:05 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\up_down_h_arrow.bmp
04/02/08 22:58:05 [Note]: 10002 3
04/02/08 22:58:05 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\voice_dialpad_3.png
04/02/08 22:58:05 [Note]: 10002 3
04/02/08 22:58:05 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\voice_dialpad_7.png
04/02/08 22:58:05 [Note]: 10002 3
04/02/08 22:58:05 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\voice_dialpad_4.png
04/02/08 22:58:05 [Note]: 10002 3
04/02/08 22:58:05 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\voice_dialpad_8.png
04/02/08 22:58:05 [Note]: 10002 3
04/02/08 22:58:05 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\voice_dialpad_5.png
04/02/08 22:58:05 [Note]: 10002 3
04/02/08 22:58:05 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\voice_dialpad_9.png
04/02/08 22:58:05 [Note]: 10002 3
04/02/08 22:58:05 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\voice_dialpad_2.png
04/02/08 22:58:05 [Note]: 10002 3
04/02/08 22:58:05 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\voice_dialpad_6.png
04/02/08 22:58:05 [Note]: 10002 3
04/02/08 22:58:05 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\voice_tbar_hold.bmp
04/02/08 22:58:05 [Note]: 10002 3
04/02/08 22:58:05 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\voice_tbar.bmp
04/02/08 22:58:05 [Note]: 10002 3
04/02/08 22:58:05 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\voice_tbar_incoming.bmp
04/02/08 22:58:05 [Note]: 10002 3
04/02/08 22:58:05 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\voice_callbtn.bmp
04/02/08 22:58:05 [Note]: 10002 3
04/02/08 22:58:05 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\voice_ctrls.bmp
04/02/08 22:58:05 [Note]: 10002 3
04/02/08 22:58:05 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\voice_dialpad_0.png
04/02/08 22:58:05 [Note]: 10002 3
04/02/08 22:58:05 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\voice_dialpad_1.png
04/02/08 22:58:05 [Note]: 10002 3
04/02/08 22:58:05 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\voice_dialpad_11.png
04/02/08 22:58:05 [Note]: 10002 3
04/02/08 22:58:05 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\voice_lights.bmp
04/02/08 22:58:05 [Note]: 10002 3
04/02/08 22:58:05 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\voice_ringer.bmp
04/02/08 22:58:05 [Note]: 10002 3
04/02/08 22:58:05 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\preview_classic_msgr.jpg
04/02/08 22:58:05 [Note]: 10002 3
04/02/08 22:58:05 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\npYState.dll
04/02/08 22:58:05 [Note]: 10002 3
04/02/08 22:58:05 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\YAlertCenter.dll
04/02/08 22:58:05 [Note]: 10002 3
04/02/08 22:58:05 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\YbSkin2.dll
04/02/08 22:58:05 [Note]: 10002 3
04/02/08 22:58:05 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\YbSkinSelect.dll
04/02/08 22:58:05 [Note]: 10002 3
04/02/08 22:58:05 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\YbSkinSelectRes.dll
04/02/08 22:58:05 [Note]: 10002 3
04/02/08 22:58:05 [Note]: 10002 2
04/02/08 22:58:05 [Note]: 10002 2
04/02/08 22:58:35 [Error]: 6019 0
04/02/08 22:58:35 [Error]: 6017 0
04/02/08 22:58:50 [Note]: 7007 0

Whee, I renamed (domeow) Hijackthis when I downloaded the .exe file and here's the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:22:03 PM, on 4/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\sstray.exe
C:\WINDOWS\system32\sstray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
E:\Google Pinyin\GooglePinyinDaemon.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\DOCUME~1\kuroko\LOCALS~1\Temp\62385232\launcher.exe
C:\DOCUME~1\kuroko\LOCALS~1\Temp\62385232\as2instff.exe
C:\Documents and Settings\kuroko\Desktop\fsbl(2).exe
C:\Documents and Settings\kuroko\Desktop\domeow.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus C41 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C41 Series" /O6 "USB001" /M "Stylus C41"
O4 - HKLM\..\Run: [Google IME Autoupdater] "E:\Google Pinyin\GooglePinyinDaemon.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [EPSON Stylus C41 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /A "C:\WINDOWS\system32\E_S4F.tmp"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-18\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.c.../NowStarter.cab
O16 - DPF: {0AE0F5F9-8233-49A4-A3C8-004CE190787B} (BMSpeedCheck Control) - http://www.pdbox.co....MSpeedCheck.cab
O16 - DPF: {14E35D5F-DEBA-4DB3-B2ED-17542BA12D1F} (CV781Object Object) - http://tentco.homeip.net/AV718.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {1FAF427B-1EE5-43D3-A023-3009142AFCD4} (CS Order Entry Control (RHS)) - http://download.exce...b/csoex_rhs.cab
O16 - DPF: {1FAF427B-1EE5-43D3-A023-3009142AFCD9} (CS Order Entry Control (MBB)) - https://www.maybank2...b/csoex_mbb.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1176247111030
O16 - DPF: {A22B8FD2-4CAA-4EFB-82F7-680CD656D9B0} (NowStarter Control) - http://www.gogobox.c...GNowStarter.cab
O16 - DPF: {B9B2EE1A-E314-4338-A305-BE845EACB112} (CyberStock 250) - http://download.exce...hs/cab/cswx.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer....l/installer.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{BED72584-7F04-4214-B19B-FA43192191EE}: NameServer = 10.0.0.2,10.0.0.5
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll
O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll
O18 - Protocol: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll
O20 - AppInit_DLLs: ,wbsys.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\Program Files\McAfee\VirusScan\McShield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 11500 bytes

[Advertisements]

Hi there,

Welcome to GeeksToGo. My name is RatHat, and I will help you get through the process of cleaning the malware from your computer.


OK firstly, I need you to print out each post I make so that you can refer to it while we fix your computer. This is because there will be times when you are unable to be online to read my instructions, and I will want you to do everything very carefully. I also need you to follow my instructions in the order that they are given. If however, you cannot carry out one of them, please continue on with the next and let me know what you were unsuccessful with. Please ensure you turn off word wrap in Notepad. To do this, open Notepad, choose Format, then Un-check Word Wrap. (Word Wrap makes reading your log difficult).

Now I need to warn you, Bagle can be extremely difficult to remove, and can take quite a long time, with no guarentee of complete success. However if you are willing to see if we can get rid of it, lets get started!

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
• When it has finished, DSS will open two Notepad files: main.txt and extra.txt
• Use Save As to save both Notepad files to your Desktop and post them in your next reply.

Note: A copy of these files can be found in you root drive, usually C:\Deckard\System Scanner\

Regards,
RatHat

[RatHat]

Hi there,

Welcome to GeeksToGo. My name is RatHat, and I will help you get through the process of cleaning the malware from your computer.


OK firstly, I need you to print out each post I make so that you can refer to it while we fix your computer. This is because there will be times when you are unable to be online to read my instructions, and I will want you to do everything very carefully. I also need you to follow my instructions in the order that they are given. If however, you cannot carry out one of them, please continue on with the next and let me know what you were unsuccessful with. Please ensure you turn off word wrap in Notepad. To do this, open Notepad, choose Format, then Un-check Word Wrap. (Word Wrap makes reading your log difficult).

Now I need to warn you, Bagle can be extremely difficult to remove, and can take quite a long time, with no guarentee of complete success. However if you are willing to see if we can get rid of it, lets get started!

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
• When it has finished, DSS will open two Notepad files: main.txt and extra.txt
• Use Save As to save both Notepad files to your Desktop and post them in your next reply.

Note: A copy of these files can be found in you root drive, usually C:\Deckard\System Scanner\

Regards,
RatHat

[cherriedpie]

I'm not sure whether you want the files or the text here so I did both.

DSS logs: http://www.mediafire.com/?yvzoscgtng4

Deckard's System Scanner v20071014.68
Run by kuroko on 2008-04-03 15:55:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-04-03 22:55:48 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as kuroko.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:59:40 PM, on 4/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\sstray.exe
C:\WINDOWS\system32\sstray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Bonjour\mDNSResponder.exe
E:\Google Pinyin\GooglePinyinDaemon.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\kuroko\Desktop\dss.exe
C:\WINDOWS\system32\conime.exe
C:\DOCUME~1\kuroko\Desktop\kuroko.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus C41 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C41 Series" /O6 "USB001" /M "Stylus C41"
O4 - HKLM\..\Run: [Google IME Autoupdater] "E:\Google Pinyin\GooglePinyinDaemon.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [EPSON Stylus C41 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /A "C:\WINDOWS\system32\E_S4F.tmp"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-18\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.c.../NowStarter.cab
O16 - DPF: {0AE0F5F9-8233-49A4-A3C8-004CE190787B} (BMSpeedCheck Control) - http://www.pdbox.co....MSpeedCheck.cab
O16 - DPF: {14E35D5F-DEBA-4DB3-B2ED-17542BA12D1F} (CV781Object Object) - http://tentco.homeip.net/AV718.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {1FAF427B-1EE5-43D3-A023-3009142AFCD4} (CS Order Entry Control (RHS)) - http://download.exce...b/csoex_rhs.cab
O16 - DPF: {1FAF427B-1EE5-43D3-A023-3009142AFCD9} (CS Order Entry Control (MBB)) - https://www.maybank2...b/csoex_mbb.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1176247111030
O16 - DPF: {A22B8FD2-4CAA-4EFB-82F7-680CD656D9B0} (NowStarter Control) - http://www.gogobox.c...GNowStarter.cab
O16 - DPF: {B9B2EE1A-E314-4338-A305-BE845EACB112} (CyberStock 250) - http://download.exce...hs/cab/cswx.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer....l/installer.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{BED72584-7F04-4214-B19B-FA43192191EE}: NameServer = 10.0.0.2,10.0.0.5
O20 - AppInit_DLLs: ,wbsys.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\Program Files\McAfee\VirusScan\McShield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8596 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 BANTExt (Belarc SMBios Access) - c:\windows\system32\drivers\bantext.sys
R1 srosa (Megadrv3) - c:\windows\system32\drivers\srosa.sys

S3 Memctl - c:\program files\abit\flashmenu\memctl.sys
S3 MR97310_VGA_DUAL_CAMERA (Digital Camera) - c:\windows\system32\drivers\mr97310v.sys <Not Verified; Mars Semiconductor Corp.; USB Dual-Mode Camera>
S3 nk4Seem - c:\documents and settings\papa\desktop\seem_v4.0.en\nk4seem.sys (file missing)
S3 PortlUSB - c:\windows\system32\drivers\yh-820.sys (file missing)
S3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
S3 WINFLASH - c:\program files\abit\flashmenu\winflash.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 EPSONStatusAgent2 (EPSON Printer Status Agent2) - c:\program files\common files\epson\ebapi\sagent2.exe <Not Verified; SEIKO EPSON CORPORATION; EPSON Bidirectional Printer>
R3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>

S2 McShield (McAfee Real-time Scanner) - c:\program files\mcafee\virusscan\mcshield.exe (file missing)
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 McSysmon (McAfee SystemGuards) - c:\progra~1\mcafee\viruss~1\mcsysmon.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID:
Description: RAID Controller
Device ID: PCI\VEN_1106&DEV_3149&SUBSYS_31491106&REV_80\3&61AAA01&0&78
Manufacturer:
Name: RAID Controller
PNP Device ID: PCI\VEN_1106&DEV_3149&SUBSYS_31491106&REV_80\3&61AAA01&0&78
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-04-02 17:33:17 340 --a------ C:\WINDOWS\Tasks\Uniblue SpyEraser.job


-- Files created between 2008-03-03 and 2008-04-03 -----------------------------

2008-04-02 22:45:53 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-02 22:45:46 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-04-02 22:45:46 0 d-------- C:\Documents and Settings\kuroko\Application Data\SUPERAntiSpyware.com
2008-04-02 17:31:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Uniblue
2008-04-02 16:33:28 0 d-------- C:\Documents and Settings\kuroko\Application Data\Uniblue
2008-03-31 22:14:58 0 d-------- C:\Program Files\S450RC
2008-03-31 21:47:09 0 d-------- C:\Program Files\Autoruns
2008-03-31 21:28:06 0 d-------- C:\Program Files\DiskInternals
2008-03-31 20:19:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-31 20:19:02 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-31 18:01:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-03-30 20:55:09 0 d-------- C:\Documents and Settings\kuroko\Application Data\McAfee
2008-03-24 14:10:23 0 d-------- C:\WINDOWS\system32\LogFiles
2008-03-24 14:08:01 0 d-------- C:\Netgear
2008-03-19 09:57:51 0 d-------- C:\Documents and Settings\soon chieh\Contacts
2008-03-11 11:56:05 0 d--h----- C:\Documents and Settings\kuroko\Application Data\m
2008-03-10 22:34:48 0 d-------- C:\Documents and Settings\kuroko\Application Data\U3
2008-03-05 15:54:42 0 d-------- C:\Documents and Settings\Papa\Application Data\U3


-- Find3M Report ---------------------------------------------------------------

2008-04-03 15:51:10 0 d-------- C:\Program Files\Common Files
2008-03-31 20:19:47 0 d-------- C:\Program Files\Lavasoft
2008-03-31 17:57:28 0 d-------- C:\Documents and Settings\kuroko\Application Data\uTorrent
2008-03-31 06:44:56 0 d-------- C:\Program Files\eMule
2008-03-31 01:03:58 0 --a------ C:\WINDOWS\system32\mdelk.exe
2008-03-21 09:06:30 354220 --a------ C:\Documents and Settings\kuroko\Application Data\NMM-MetaData.db
2008-03-06 16:22:26 0 d-------- C:\Program Files\Zoom Player
2008-03-02 02:28:28 0 d-------- C:\Documents and Settings\kuroko\Application Data\Nokia Multimedia Player
2008-03-01 23:30:48 0 d-------- C:\Documents and Settings\kuroko\Application Data\PC Suite
2008-03-01 23:28:00 0 d-------- C:\Documents and Settings\kuroko\Application Data\Nokia
2008-03-01 23:18:30 0 d-------- C:\Program Files\Common Files\PCSuite
2008-03-01 23:18:28 0 d-------- C:\Program Files\Common Files\Nokia
2008-03-01 23:16:39 0 d-------- C:\Program Files\DIFX
2008-03-01 23:16:21 0 d-------- C:\Program Files\PC Connectivity Solution
2008-03-01 23:15:40 0 d-------- C:\Program Files\Nokia
2008-02-28 03:58:00 1536000 -ra------ C:\WINDOWS\system32\clubbox.exe <Not Verified; Nowcom, Co. LTD.; CLUBBOX File Transfer Manager V2>
2008-02-28 03:57:44 155648 -ra------ C:\WINDOWS\system32\downengine.dll <Not Verified; (?)???; ClubBox>
2008-02-25 09:24:40 159744 -ra------ C:\WINDOWS\system32\fscagent.exe <Not Verified; Nowcom Co., Ltd.; FSCAgent>
2008-02-05 22:02:28 0 d-------- C:\Program Files\Windows Live Toolbar


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/31/2004 05:00 PM]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [08/31/2004 05:00 PM]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/31/2004 05:00 PM]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/31/2004 05:00 PM]
"nForce Tray Options"="sstray.exe" [11/13/2002 12:34 AM C:\WINDOWS\system32\sstray.exe]
"ClubBox"="" []
"SoundMan"="SOUNDMAN.EXE" [06/18/2004 04:31 PM C:\WINDOWS\SOUNDMAN.EXE]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [10/07/2006 09:51 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [09/01/2006 04:57 PM]
"EPSON Stylus C41 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [02/18/2002 08:03 PM]
"Google IME Autoupdater"="E:\Google Pinyin\GooglePinyinDaemon.exe" [01/07/2008 03:15 AM]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [06/13/2006 05:20 AM]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [06/18/2007 04:10 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [02/10/2005 05:00 PM]
"EPSON Stylus C41 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [02/18/2002 08:03 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/31/2004 05:00 PM]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Norton SystemWorks"="C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 11:05:26 PM]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [9/25/2005 10:45:41 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/12/2001 5:01:04 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 12:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll 01/31/2005 04:13 PM 49152 C:\PROGRA~1\COMMON~1\stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll 11/30/2007 12:36 AM 229376 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"= ,wbsys.dll

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{461f0e99-193f-11dc-8578-00179a3a12da}]
Auto\command- H:\RavMonE.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e05f42a0-7d86-11db-847d-00045a75d6ff}]
Auto\command- H:\infrom.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL infrom.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e83aa278-2a6b-11da-81b7-806d6172696f}]
AutoRun\command- D:\Autorun.exe root.ini

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9032c31-eb06-11dc-86e5-00179a3a12da}]
AutoRun\command- H:\LaunchU3.exe -a




-- End of Deckard's System Scanner: finished at 2008-04-03 16:00:38 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™
Percentage of Memory in Use: 55%
Physical Memory (total/avail): 511.48 MiB / 225.63 MiB
Pagefile Memory (total/avail): 1247.62 MiB / 1004.4 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1888.59 MiB

C: is Fixed (NTFS) - 29.3 GiB total, 14.94 GiB free.
D: is CDROM (CDFS)
E: is Fixed (NTFS) - 29.3 GiB total, 6.88 GiB free.
F: is Fixed (NTFS) - 29.3 GiB total, 3.8 GiB free.
G: is Fixed (NTFS) - 26.58 GiB total, 16.26 GiB free.

\\.\PHYSICALDRIVE0 - Maxtor 6Y120L0 - 114.49 GiB - 4 partitions
\PARTITION0 (bootable) - Installable File System - 29.3 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 85.18 GiB - E: - F: - G:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Disabled:Yahoo! Messenger"
"C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\upp_2.00_final_[2005.01.28]\\mirc_upp.exe"="C:\\upp_2.00_final_[2005.01.28]\\mirc_upp.exe:*:Enabled:mIRC"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:μTorrent"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\kuroko\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_05\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=CALADAN
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\kuroko
LOGONSERVER=\\CALADAN
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\PC Connectivity Solution\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_05\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\kuroko\LOCALS~1\Temp
TMP=C:\DOCUME~1\kuroko\LOCALS~1\Temp
USERDOMAIN=CALADAN
USERNAME=kuroko
USERPROFILE=C:\Documents and Settings\kuroko
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Wingstorm (admin)
Papa (admin)
Mother Goat (admin)
kuroko (admin)
soon chieh (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\InstallShield Installation Information\{02FB2C63-5763-4CDD-99E6-566C57189742}\setup.exe -runfromtemp -l0x0009 -removeonly
--> C:\Program Files\InstallShield Installation Information\{1CA432A0-DBC7-4C5D-A6B6-5DF0E2E44BB0}\setup.exe -runfromtemp -l0x0009 -removeonly
--> C:\Program Files\InstallShield Installation Information\{28B97CAB-828F-49D8-A30A-675476F9BA92}\setup.exe -runfromtemp -l0x0009/cont -removeonly
--> C:\Program Files\InstallShield Installation Information\{3475FBEC-E0F5-4A3F-823E-6C1DEA10F1AF}\setup.exe -runfromtemp -l0x0009 -removeonly
--> C:\Program Files\InstallShield Installation Information\{3881DD58-780F-4FCF-8A16-6E6800C2FEE0}\setup.exe -runfromtemp -l0x0009 -removeonly
--> C:\Program Files\InstallShield Installation Information\{4067A0B5-FB0B-479C-8735-6F48F8E21872}\setup.exe -runfromtemp -l0x0009 -removeonly
--> C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe -runfromtemp -l0x0009 -removeonly
--> C:\Program Files\InstallShield Installation Information\{6813C983-427E-4511-8456-E98FCAA1A125}\setup.exe -runfromtemp -l0x0009 -removeonly
--> C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe -runfromtemp -l0x0009 -removeonly
--> C:\Program Files\InstallShield Installation Information\{9225EABF-4457-403B-A82B-91614C9DDDF7}\setup.exe -runfromtemp -l0x0009 -removeonly
--> C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe -runfromtemp -l0x0009 -removeonly
--> C:\Program Files\InstallShield Installation Information\{ACE66099-E18E-4037-83C8-9D182E5B9FA8}\setup.exe -runfromtemp -l0x0009 -removeonly
--> C:\Program Files\InstallShield Installation Information\{B34B6E67-FCDD-4E03-8742-B5701427FAFB}\setup.exe -runfromtemp -l0x0009 -removeonly
--> C:\Program Files\InstallShield Installation Information\{C9EFF51A-C925-4F1A-9DEB-DB5F970DE983}\setup.exe -runfromtemp -l0x0009 -removeonly
--> C:\Program Files\InstallShield Installation Information\{E8581ECC-8BEA-4E91-AB5E-587654EBB2A7}\setup.exe -runfromtemp -l0x0009 -removeonly
--> C:\Program Files\InstallShield Installation Information\{E9CCEA28-3608-4078-8A07-997646E1A357}\setup.exe -runfromtemp -l0x0009 -removeonly
--> C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe -runfromtemp -l0x0009 -removeonly
--> C:\Program Files\InstallShield Installation Information\{FD7FF74D-0AB5-48D6-929C-7E93A5162521}\setup.exe -runfromtemp -l0x0009 -removeonly
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Download Manager 2.0 (H供移除) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop Album 2.0 Starter Edition --> MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24}
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Setup --> MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Belarc Advisor 7.2 --> C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG
ccff7_screensaver --> C:\WINDOWS\system32\ccff7_screensaver.scr /u
Clubbox ?橾瞪歎婦葬濠 --> C:\WINDOWS\system32\ClubboxUninstall.exe
CoffeeCup Free HTML Editor --> C:\PROGRA~1\COFFEE~1\COFFEE~1\UNWISE.EXE C:\PROGRA~1\COFFEE~1\COFFEE~1\INSTALL.LOG
Combined Community Codec Pack 2005-09-23 (Remove Only) --> C:\Program Files\Combined Community Codec Pack\Uninstall.exe
Core FTP LE 1.3c --> C:\PROGRA~1\CoreFTP\UNWISE.EXE C:\PROGRA~1\CoreFTP\INSTALL.LOG
Core FTP LE 2.0 --> C:\PROGRA~1\CoreFTP\UNWISE.EXE C:\PROGRA~1\CoreFTP\INSTALL.LOG
DesktopX --> C:\PROGRA~1\Stardock\OBJECT~1\DesktopX\UNWISE.EXE C:\PROGRA~1\Stardock\OBJECT~1\DesktopX\INSTALL.LOG
Digital Camera Driver --> C:\PROGRA~1\DC505\UNWISE.EXE C:\PROGRA~1\DC505\INSTALL.LOG
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
eMule --> "C:\Program Files\eMule\Uninstall.exe"
EPSON PhotoQuicker3.2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B2EFE303-A594-11D5-95EB-005004BC1C65}\setup.exe" uninst
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
ES C41 Problem Solver --> C:\WINDOWS\uninst.exe -f"C:\Program Files\EPSON\PSOLVER\ES C41\E\DeIsL1.isu"
FlashMenu --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0555CC40-C007-11D4-B257-0050BAA96AA5}\Setup.exe" -l0x9
FPAdjust --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Flat Panel Adjust\Uninst.isu"
Free WMA to MP3 Converter 1.16 --> "C:\Program Files\Free WMA to MP3 Converter\unins000.exe"
Google Pinyin IME --> "E:\Google Pinyin\Uninstall.exe"
HijackThis 2.0.2 --> "C:\Documents and Settings\kuroko\Desktop\HijackThis.exe" /uninstall
J2SE Runtime Environment 5.0 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
J2SE Runtime Environment 5.0 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x9 UNINSTALL
Logitech iTouch Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{036AA4D4-6D32-11D4-9875-00105ACE7734}\Setup.exe" -l0x9 UNINSTALL
Logitech Print Service --> C:\PROGRA~1\Logitech\PRINTS~1\UNWISE.EXE C:\PROGRA~1\Logitech\PRINTS~1\INSTALL.LOG
Logitech QuickCam Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}\setup.exe" -l0x9
Logitech® Camera 驅動程式 --> "C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
LucasArts' Grim Fandango --> C:\WINDOWS\uninst.exe -f"g:\grim fandango\DeIsL1.isu"
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
MGI PhotoSuite 4 (Remove Only) --> "C:\Program Files\MGI\MGI PhotoSuite 4\System\MGIUninstall.exe" C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MGI\MGI PhotoSuite 4\Uninst.isu" -c"C:\Program Files\MGI\MGI PhotoSuite 4\System\CustomUninstall.dll"
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
mIRC --> "C:\upp_2.00_final_[2005.01.28]\mirc_upp.exe" -uninstall
Mozilla Firefox (2.0.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NJStar Communicator --> "C:\Program Files\NJStar Communicator\Remove.exe" /U:"C:\Program Files\NJStar Communicator\Remove.log"
Nokia Connectivity Cable Driver --> MsiExec.exe /X{11964613-805F-432D-A12B-169554B793E7}
Nokia PC Suite --> C:\Documents and Settings\All Users\Application Data\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Nokia_PC_Suite_6_84_10_3_APAC.exe
Nokia PC Suite --> MsiExec.exe /I{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}
NVIDIA nForce Utilities --> C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_SSUtilsNT 132 C:\WINDOWS\INF\nvautlml.inf
NVIDIA Windows 2000/XP nForce Drivers --> rundll32.exe C:\WINDOWS\system32\NVNFINST.DLL,NvUninstallCrush
NvMixer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D7A6C517-11F2-419F-B5BB-27772B939698}\Setup.exe" -uninstall
PC Connectivity Solution --> MsiExec.exe /I{99A40651-0BC2-4095-8F9A-A40FAB224FEF}
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PHP Designer 2005 3.0.6 --> C:\Program Files\PHP Designer 2005\uninst.exe
QuickTime --> MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
Real Alternative 1.43 --> "C:\Program Files\Real Alternative\unins000.exe"
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Sonic UDF Reader --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sony Picture Utility --> C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe -runfromtemp -l0x0009 /removeonly uninstall -removeonly
Sony USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\setup.exe" -l0x9 UNINSTALL -removeonly
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
The Sims Super Pack --> "G:\The Sims\unins000.exe"
VideoLAN VLC media player 0.8.5 --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Virtools 3D Life Player --> C:\Program Files\Virtools\3D Life Player\WebplayerConfig.exe -u
Warcraft III: All Products --> C:\WINDOWS\War3Unin.exe C:\WINDOWS\War3Unin.dat
WindowBlinds --> C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\UNWISE.EXE C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\INSTALL.LOG
Windows Driver Package - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_044C8712DB44F83D9DE6C376991EE9254E0A69E4\pccswpddriver.inf
Windows Driver Package - Nokia Modem (02/15/2007 3.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293B\pccs_bluetooth.inf
Windows Driver Package - Nokia Modem (02/15/2007 3.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_F12A08B6F776984A95553486F64C541356F86E38\pccs_bluetooth.inf
Windows Driver Package - Nokia Modem (05/24/2007 6.84.0.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_5E1541AFF1E1EA3554CE566743CCAD323ED1C108\nokbtmdm.inf
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Zoom Player (remove only) --> "C:\Program Files\Zoom Player\uninstall.exe"
μTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
超級大富翁 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE05850-F7FE-4BBE-BD48-AB5797A6E2E7}\SETUP.EXE"


-- Application Event Log -------------------------------------------------------

Event Record #/Type26717 / Error
Event Submitted/Written: 04/02/2008 10:48:58 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application SUPERAntiSpyware.exe, version 4.0.0.1154, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type26716 / Error
Event Submitted/Written: 04/02/2008 10:48:44 PM
Event ID/Source: 1001 / Application Hang
Event Description:
Fault bucket 671513547.

Event Record #/Type26715 / Error
Event Submitted/Written: 04/02/2008 10:48:36 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application SUPERAntiSpyware.exe, version 4.0.0.1154, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type26705 / Error
Event Submitted/Written: 04/02/2008 05:33:58 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application spyeraser.exe, version 2.0.1.1531, faulting module spyeraser.exe, version 2.0.1.1531, fault address 0x00007a9c.
Processing media-specific event for [spyeraser.exe!ws!]

Event Record #/Type26696 / Error
Event Submitted/Written: 03/31/2008 11:06:08 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application f-bagle.exe, version 1.0.14.0, faulting module f-bagle.exe, version 1.0.14.0, fault address 0x000013fc.
Processing media-specific event for [f-bagle.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type3216 / Error
Event Submitted/Written: 04/03/2008 03:57:16 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Computer Browser service terminated with the following error:
%%1460

Event Record #/Type3192 / Error
Event Submitted/Written: 04/03/2008 03:52:18 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The McAfee Real-time Scanner service failed to start due to the following error:
%%2

Event Record #/Type3191 / Error
Event Submitted/Written: 04/03/2008 03:52:18 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The Wireless Zero Configuration service depends on the NDIS Usermode I/O Protocol service which failed to start because of the following error:
%%1058

Event Record #/Type3180 / Error
Event Submitted/Written: 04/03/2008 03:50:19 PM / 04/03/2008 03:50:49 PM
Event ID/Source: 4 / nvidesm
Event Description:
Driver detected an internal error in its data structures for .

Event Record #/Type3176 / Error
Event Submitted/Written: 04/02/2008 11:26:38 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The nk4Seem service failed to start due to the following error:
%%3



-- End of Deckard's System Scanner: finished at 2008-04-03 16:00:38 ------------

[RatHat]

Hi there,

Any logs, please include them here as you have done. Only if they are too big for posting should they be attached.


Please uninstall the following programs:

eMule
μTorrent

• Go to Start then Settings, then Control Panel
• Choose Add or Remove Programs
• Remove all of the above

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Now you say that you have tried to run Combofix. I need you to delete any copies of Combofix that you have on your computer. This is important!


Please read this Combofix tutorial before continuing, then follow the instructions below.

Download ComboFix from Here, Here or Here to your Desktop. (If you already have ComboFix, please delete it and download this new version).

• If you are using Firefox, make sure that your download settings are as follows:
  
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".
• During the download, rename Combofix to Combo-Fix as follows:
  
  
  
  
  
  
• It is important you rename Combofix during the download, but not after.
• Please do not rename Combofix to other names, but only to the one indicated.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  

  -----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    

    -----------------------------------------------------------

  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

  -----------------------------------------------------------

• Double click on Combo-Fix.exe & follow the prompts.
• When finished, it shall produce a log for you. Save this log to your desktop as Combofix.txt and post it in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Regards,
RatHat

[cherriedpie]

log: http://www.mediafire.com/?3xhjy4dyjzb

Oh and I think we should set up a time where both of us can be online together. So it's easier for the both of us.
I realized that you either post in the morning or in the evenings (for my time zone), is that the only time you'll be on?

Edited by cherriedpie, 04 April 2008 - 07:37 AM.

[RatHat]

Hi there,

Please could you post your logs directly into your replies here, not upload them to mediafire. It makes it very difficult to carry out any research.

As I am presently in the US, we are at opposite time zones, so it is difficult to set up a time to be online. I do however try to check in as often as possible while I am working, and also log on each evening, so I will respond as quickly as possible.

Regards,
RatHat

[cherriedpie]

Sure NP.

ComboFix 08-04-03.5 - kuroko 2008-04-04 20:39:50.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.936.86.1033.18.237 [GMT -7:00]
Running from: C:\Documents and Settings\kuroko\Desktop\Combo-Fix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\kuroko\Application Data\m
C:\Documents and Settings\kuroko\Application Data\m\list.oct
C:\Documents and Settings\kuroko\Application Data\macromedia\Flash Player\#SharedObjects\T62CJHV2\iforex.com
C:\Documents and Settings\kuroko\Application Data\macromedia\Flash Player\#SharedObjects\T62CJHV2\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\kuroko\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\kuroko\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\WINDOWS\system32\ban_list.txt
C:\WINDOWS\system32\drivers\down
C:\WINDOWS\system32\drivers\down\10014269.exe
C:\WINDOWS\system32\drivers\down\10025766.exe
C:\WINDOWS\system32\drivers\down\10028169.exe
C:\WINDOWS\system32\drivers\down\10031134.exe
C:\WINDOWS\system32\drivers\down\10045074.exe
C:\WINDOWS\system32\drivers\down\10050101.exe
C:\WINDOWS\system32\drivers\down\10101735.exe
C:\WINDOWS\system32\drivers\down\101365.exe
C:\WINDOWS\system32\drivers\down\101475.exe
C:\WINDOWS\system32\drivers\down\101726.exe
C:\WINDOWS\system32\drivers\down\103028.exe
C:\WINDOWS\system32\drivers\down\1030341.exe
C:\WINDOWS\system32\drivers\down\103448.exe
C:\WINDOWS\system32\drivers\down\103739.exe
C:\WINDOWS\system32\drivers\down\10413313.exe
C:\WINDOWS\system32\drivers\down\10413333.exe
C:\WINDOWS\system32\drivers\down\104189.exe
C:\WINDOWS\system32\drivers\down\10442896.exe
C:\WINDOWS\system32\drivers\down\10447422.exe
C:\WINDOWS\system32\drivers\down\10452449.exe
C:\WINDOWS\system32\drivers\down\10454723.exe
C:\WINDOWS\system32\drivers\down\10460501.exe
C:\WINDOWS\system32\drivers\down\10460831.exe
C:\WINDOWS\system32\drivers\down\10468703.exe
C:\WINDOWS\system32\drivers\down\10468793.exe
C:\WINDOWS\system32\drivers\down\1049278.exe
C:\WINDOWS\system32\drivers\down\105161.exe
C:\WINDOWS\system32\drivers\down\1052453.exe
C:\WINDOWS\system32\drivers\down\105421.exe
C:\WINDOWS\system32\drivers\down\10545543.exe
C:\WINDOWS\system32\drivers\down\10545563.exe
C:\WINDOWS\system32\drivers\down\105651.exe
C:\WINDOWS\system32\drivers\down\10572692.exe
C:\WINDOWS\system32\drivers\down\10572742.exe
C:\WINDOWS\system32\drivers\down\10582196.exe
C:\WINDOWS\system32\drivers\down\10582336.exe
C:\WINDOWS\system32\drivers\down\105872.exe
C:\WINDOWS\system32\drivers\down\106222.exe
C:\WINDOWS\system32\drivers\down\109096.exe
C:\WINDOWS\system32\drivers\down\1095765.exe
C:\WINDOWS\system32\drivers\down\1096316.exe
C:\WINDOWS\system32\drivers\down\109747.exe
C:\WINDOWS\system32\drivers\down\109777.exe
C:\WINDOWS\system32\drivers\down\110388.exe
C:\WINDOWS\system32\drivers\down\110408.exe
C:\WINDOWS\system32\drivers\down\1105609.exe
C:\WINDOWS\system32\drivers\down\110909.exe
C:\WINDOWS\system32\drivers\down\111920.exe
C:\WINDOWS\system32\drivers\down\112111.exe
C:\WINDOWS\system32\drivers\down\112882.exe
C:\WINDOWS\system32\drivers\down\113733.exe
C:\WINDOWS\system32\drivers\down\114254.exe
C:\WINDOWS\system32\drivers\down\114885.exe
C:\WINDOWS\system32\drivers\down\1149272.exe
C:\WINDOWS\system32\drivers\down\115576.exe
C:\WINDOWS\system32\drivers\down\115916.exe
C:\WINDOWS\system32\drivers\down\117298.exe
C:\WINDOWS\system32\drivers\down\1185765.exe
C:\WINDOWS\system32\drivers\down\119361.exe
C:\WINDOWS\system32\drivers\down\1200606.exe
C:\WINDOWS\system32\drivers\down\120603.exe
C:\WINDOWS\system32\drivers\down\120743.exe
C:\WINDOWS\system32\drivers\down\121024.exe
C:\WINDOWS\system32\drivers\down\121314.exe
C:\WINDOWS\system32\drivers\down\1215397.exe
C:\WINDOWS\system32\drivers\down\121825.exe
C:\WINDOWS\system32\drivers\down\122255.exe
C:\WINDOWS\system32\drivers\down\122766.exe
C:\WINDOWS\system32\drivers\down\123217.exe
C:\WINDOWS\system32\drivers\down\124008.exe
C:\WINDOWS\system32\drivers\down\124448.exe
C:\WINDOWS\system32\drivers\down\124719.exe
C:\WINDOWS\system32\drivers\down\124929.exe
C:\WINDOWS\system32\drivers\down\125029.exe
C:\WINDOWS\system32\drivers\down\125630.exe
C:\WINDOWS\system32\drivers\down\128244.exe
C:\WINDOWS\system32\drivers\down\128354.exe
C:\WINDOWS\system32\drivers\down\128494.exe
C:\WINDOWS\system32\drivers\down\130707.exe
C:\WINDOWS\system32\drivers\down\130938.exe
C:\WINDOWS\system32\drivers\down\131298.exe
C:\WINDOWS\system32\drivers\down\131749.exe
C:\WINDOWS\system32\drivers\down\131899.exe
C:\WINDOWS\system32\drivers\down\132570.exe
C:\WINDOWS\system32\drivers\down\133521.exe
C:\WINDOWS\system32\drivers\down\135334.exe
C:\WINDOWS\system32\drivers\down\135745.exe
C:\WINDOWS\system32\drivers\down\136205.exe
C:\WINDOWS\system32\drivers\down\136856.exe
C:\WINDOWS\system32\drivers\down\137167.exe
C:\WINDOWS\system32\drivers\down\137497.exe
C:\WINDOWS\system32\drivers\down\137617.exe
C:\WINDOWS\system32\drivers\down\138148.exe
C:\WINDOWS\system32\drivers\down\1382287.exe
C:\WINDOWS\system32\drivers\down\138679.exe
C:\WINDOWS\system32\drivers\down\138899.exe
C:\WINDOWS\system32\drivers\down\138969.exe
C:\WINDOWS\system32\drivers\down\139110.exe
C:\WINDOWS\system32\drivers\down\139360.exe
C:\WINDOWS\system32\drivers\down\140992.exe
C:\WINDOWS\system32\drivers\down\1410277.exe
C:\WINDOWS\system32\drivers\down\142194.exe
C:\WINDOWS\system32\drivers\down\142274.exe
C:\WINDOWS\system32\drivers\down\143616.exe
C:\WINDOWS\system32\drivers\down\144497.exe
C:\WINDOWS\system32\drivers\down\144778.exe
C:\WINDOWS\system32\drivers\down\145539.exe
C:\WINDOWS\system32\drivers\down\1460099.exe
C:\WINDOWS\system32\drivers\down\146160.exe
C:\WINDOWS\system32\drivers\down\146190.exe
C:\WINDOWS\system32\drivers\down\146941.exe
C:\WINDOWS\system32\drivers\down\147241.exe
C:\WINDOWS\system32\drivers\down\14730972.exe

[cherriedpie]

C:\WINDOWS\system32\drivers\down\14739424.exe
C:\WINDOWS\system32\drivers\down\14743319.exe
C:\WINDOWS\system32\drivers\down\14769377.exe
C:\WINDOWS\system32\drivers\down\14784909.exe
C:\WINDOWS\system32\drivers\down\14792470.exe
C:\WINDOWS\system32\drivers\down\14795915.exe
C:\WINDOWS\system32\drivers\down\14799370.exe
C:\WINDOWS\system32\drivers\down\14808924.exe
C:\WINDOWS\system32\drivers\down\14823134.exe
C:\WINDOWS\system32\drivers\down\14824786.exe
C:\WINDOWS\system32\drivers\down\14827290.exe
C:\WINDOWS\system32\drivers\down\14834320.exe
C:\WINDOWS\system32\drivers\down\14838596.exe
C:\WINDOWS\system32\drivers\down\148523.exe
C:\WINDOWS\system32\drivers\down\14853067.exe
C:\WINDOWS\system32\drivers\down\14853107.exe
C:\WINDOWS\system32\drivers\down\14861569.exe
C:\WINDOWS\system32\drivers\down\14864073.exe
C:\WINDOWS\system32\drivers\down\14864984.exe
C:\WINDOWS\system32\drivers\down\14870753.exe
C:\WINDOWS\system32\drivers\down\14871093.exe
C:\WINDOWS\system32\drivers\down\14873196.exe
C:\WINDOWS\system32\drivers\down\14901947.exe
C:\WINDOWS\system32\drivers\down\14906374.exe
C:\WINDOWS\system32\drivers\down\14917520.exe
C:\WINDOWS\system32\drivers\down\14921676.exe
C:\WINDOWS\system32\drivers\down\14924009.exe
C:\WINDOWS\system32\drivers\down\14926853.exe
C:\WINDOWS\system32\drivers\down\14933052.exe
C:\WINDOWS\system32\drivers\down\14934594.exe
C:\WINDOWS\system32\drivers\down\14935826.exe
C:\WINDOWS\system32\drivers\down\14940793.exe
C:\WINDOWS\system32\drivers\down\14948294.exe
C:\WINDOWS\system32\drivers\down\14952310.exe
C:\WINDOWS\system32\drivers\down\14952871.exe
C:\WINDOWS\system32\drivers\down\14968042.exe
C:\WINDOWS\system32\drivers\down\14973841.exe
C:\WINDOWS\system32\drivers\down\14979549.exe
C:\WINDOWS\system32\drivers\down\14999588.exe
C:\WINDOWS\system32\drivers\down\15021910.exe
C:\WINDOWS\system32\drivers\down\15043871.exe
C:\WINDOWS\system32\drivers\down\15053025.exe
C:\WINDOWS\system32\drivers\down\15065122.exe
C:\WINDOWS\system32\drivers\down\15071281.exe
C:\WINDOWS\system32\drivers\down\15077099.exe
C:\WINDOWS\system32\drivers\down\15081105.exe
C:\WINDOWS\system32\drivers\down\15093363.exe
C:\WINDOWS\system32\drivers\down\15101635.exe
C:\WINDOWS\system32\drivers\down\15108705.exe
C:\WINDOWS\system32\drivers\down\15114333.exe
C:\WINDOWS\system32\drivers\down\15123746.exe
C:\WINDOWS\system32\drivers\down\15126300.exe
C:\WINDOWS\system32\drivers\down\15132769.exe
C:\WINDOWS\system32\drivers\down\15143875.exe
C:\WINDOWS\system32\drivers\down\15145968.exe
C:\WINDOWS\system32\drivers\down\15153669.exe
C:\WINDOWS\system32\drivers\down\15153709.exe
C:\WINDOWS\system32\drivers\down\15173668.exe
C:\WINDOWS\system32\drivers\down\15176943.exe
C:\WINDOWS\system32\drivers\down\151868.exe
C:\WINDOWS\system32\drivers\down\15187428.exe
C:\WINDOWS\system32\drivers\down\15194678.exe
C:\WINDOWS\system32\drivers\down\151948.exe
C:\WINDOWS\system32\drivers\down\15195690.exe
C:\WINDOWS\system32\drivers\down\15204693.exe
C:\WINDOWS\system32\drivers\down\152058.exe
C:\WINDOWS\system32\drivers\down\15206625.exe
C:\WINDOWS\system32\drivers\down\15217131.exe
C:\WINDOWS\system32\drivers\down\15230189.exe
C:\WINDOWS\system32\drivers\down\15232102.exe
C:\WINDOWS\system32\drivers\down\15233334.exe
C:\WINDOWS\system32\drivers\down\15236068.exe
C:\WINDOWS\system32\drivers\down\15251610.exe
C:\WINDOWS\system32\drivers\down\15260022.exe
C:\WINDOWS\system32\drivers\down\15266381.exe
C:\WINDOWS\system32\drivers\down\15274623.exe
C:\WINDOWS\system32\drivers\down\152749.exe
C:\WINDOWS\system32\drivers\down\15276887.exe
C:\WINDOWS\system32\drivers\down\15282755.exe
C:\WINDOWS\system32\drivers\down\15285399.exe
C:\WINDOWS\system32\drivers\down\15294221.exe
C:\WINDOWS\system32\drivers\down\15295623.exe
C:\WINDOWS\system32\drivers\down\15295684.exe
C:\WINDOWS\system32\drivers\down\15296955.exe
C:\WINDOWS\system32\drivers\down\15297186.exe
C:\WINDOWS\system32\drivers\down\15303535.exe
C:\WINDOWS\system32\drivers\down\15305828.exe
C:\WINDOWS\system32\drivers\down\15306930.exe
C:\WINDOWS\system32\drivers\down\15308031.exe
C:\WINDOWS\system32\drivers\down\15308782.exe
C:\WINDOWS\system32\drivers\down\15311556.exe
C:\WINDOWS\system32\drivers\down\15312117.exe
C:\WINDOWS\system32\drivers\down\15313159.exe
C:\WINDOWS\system32\drivers\down\15326708.exe
C:\WINDOWS\system32\drivers\down\15328761.exe
C:\WINDOWS\system32\drivers\down\15329582.exe
C:\WINDOWS\system32\drivers\down\15335220.exe
C:\WINDOWS\system32\drivers\down\15337133.exe
C:\WINDOWS\system32\drivers\down\15346196.exe
C:\WINDOWS\system32\drivers\down\15353006.exe
C:\WINDOWS\system32\drivers\down\15356441.exe
C:\WINDOWS\system32\drivers\down\153580.exe
C:\WINDOWS\system32\drivers\down\15360136.exe
C:\WINDOWS\system32\drivers\down\153660.exe
C:\WINDOWS\system32\drivers\down\15366936.exe
C:\WINDOWS\system32\drivers\down\15386104.exe
C:\WINDOWS\system32\drivers\down\15386444.exe
C:\WINDOWS\system32\drivers\down\15392333.exe
C:\WINDOWS\system32\drivers\down\15394816.exe
C:\WINDOWS\system32\drivers\down\15395787.exe
C:\WINDOWS\system32\drivers\down\15397340.exe
C:\WINDOWS\system32\drivers\down\15399343.exe
C:\WINDOWS\system32\drivers\down\15399853.exe
C:\WINDOWS\system32\drivers\down\15401816.exe
C:\WINDOWS\system32\drivers\down\15405992.exe
C:\WINDOWS\system32\drivers\down\15410879.exe
C:\WINDOWS\system32\drivers\down\15411560.exe
C:\WINDOWS\system32\drivers\down\15412822.exe
C:\WINDOWS\system32\drivers\down\154161.exe
C:\WINDOWS\system32\drivers\down\15424409.exe
C:\WINDOWS\system32\drivers\down\15424979.exe
C:\WINDOWS\system32\drivers\down\15430297.exe
C:\WINDOWS\system32\drivers\down\15433341.exe
C:\WINDOWS\system32\drivers\down\15435074.exe
C:\WINDOWS\system32\drivers\down\15442945.exe
C:\WINDOWS\system32\drivers\down\15443045.exe
C:\WINDOWS\system32\drivers\down\15458087.exe
C:\WINDOWS\system32\drivers\down\15464036.exe
C:\WINDOWS\system32\drivers\down\15466619.exe
C:\WINDOWS\system32\drivers\down\15469544.exe
C:\WINDOWS\system32\drivers\down\15476103.exe
C:\WINDOWS\system32\drivers\down\15479788.exe
C:\WINDOWS\system32\drivers\down\154852.exe
C:\WINDOWS\system32\drivers\down\15487389.exe
C:\WINDOWS\system32\drivers\down\154892.exe
C:\WINDOWS\system32\drivers\down\15494369.exe
C:\WINDOWS\system32\drivers\down\15495962.exe
C:\WINDOWS\system32\drivers\down\15501910.exe
C:\WINDOWS\system32\drivers\down\15505515.exe
C:\WINDOWS\system32\drivers\down\15512635.exe
C:\WINDOWS\system32\drivers\down\15513447.exe
C:\WINDOWS\system32\drivers\down\15514739.exe
C:\WINDOWS\system32\drivers\down\15516832.exe
C:\WINDOWS\system32\drivers\down\15517142.exe
C:\WINDOWS\system32\drivers\down\15518704.exe
C:\WINDOWS\system32\drivers\down\15525194.exe
C:\WINDOWS\system32\drivers\down\15526906.exe
C:\WINDOWS\system32\drivers\down\15531493.exe
C:\WINDOWS\system32\drivers\down\15531853.exe
C:\WINDOWS\system32\drivers\down\15535338.exe
C:\WINDOWS\system32\drivers\down\15536590.exe
C:\WINDOWS\system32\drivers\down\15549779.exe
C:\WINDOWS\system32\drivers\down\15550210.exe
C:\WINDOWS\system32\drivers\down\15552723.exe
C:\WINDOWS\system32\drivers\down\15554586.exe
C:\WINDOWS\system32\drivers\down\15564921.exe
C:\WINDOWS\system32\drivers\down\155683.exe
C:\WINDOWS\system32\drivers\down\15579191.exe
C:\WINDOWS\system32\drivers\down\15585400.exe
C:\WINDOWS\system32\drivers\down\15591158.exe
C:\WINDOWS\system32\drivers\down\15592070.exe
C:\WINDOWS\system32\drivers\down\15592801.exe
C:\WINDOWS\system32\drivers\down\15595705.exe
C:\WINDOWS\system32\drivers\down\15599040.exe
C:\WINDOWS\system32\drivers\down\15605479.exe
C:\WINDOWS\system32\drivers\down\15606080.exe
C:\WINDOWS\system32\drivers\down\15612950.exe
C:\WINDOWS\system32\drivers\down\15620340.exe
C:\WINDOWS\system32\drivers\down\15626249.exe
C:\WINDOWS\system32\drivers\down\15627260.exe
C:\WINDOWS\system32\drivers\down\15633429.exe
C:\WINDOWS\system32\drivers\down\15640579.exe
C:\WINDOWS\system32\drivers\down\15642472.exe
C:\WINDOWS\system32\drivers\down\15645176.exe
C:\WINDOWS\system32\drivers\down\15648741.exe
C:\WINDOWS\system32\drivers\down\15674849.exe
C:\WINDOWS\system32\drivers\down\15677262.exe
C:\WINDOWS\system32\drivers\down\15683191.exe
C:\WINDOWS\system32\drivers\down\15693586.exe
C:\WINDOWS\system32\drivers\down\15706464.exe
C:\WINDOWS\system32\drivers\down\15709519.exe
C:\WINDOWS\system32\drivers\down\15712643.exe
C:\WINDOWS\system32\drivers\down\15718882.exe
C:\WINDOWS\system32\drivers\down\15730499.exe
C:\WINDOWS\system32\drivers\down\15732131.exe
C:\WINDOWS\system32\drivers\down\15732231.exe
C:\WINDOWS\system32\drivers\down\157396.exe
C:\WINDOWS\system32\drivers\down\15741064.exe
C:\WINDOWS\system32\drivers\down\15765830.exe
C:\WINDOWS\system32\drivers\down\15765980.exe
C:\WINDOWS\system32\drivers\down\15766851.exe
C:\WINDOWS\system32\drivers\down\15768594.exe
C:\WINDOWS\system32\drivers\down\15771878.exe
C:\WINDOWS\system32\drivers\down\15779940.exe
C:\WINDOWS\system32\drivers\down\15780991.exe
C:\WINDOWS\system32\drivers\down\157867.exe
C:\WINDOWS\system32\drivers\down\157897.exe
C:\WINDOWS\system32\drivers\down\15791607.exe
C:\WINDOWS\system32\drivers\down\15798246.exe
C:\WINDOWS\system32\drivers\down\15811415.exe
C:\WINDOWS\system32\drivers\down\15825175.exe
C:\WINDOWS\system32\drivers\down\15828139.exe
C:\WINDOWS\system32\drivers\down\15849540.exe
C:\WINDOWS\system32\drivers\down\15853255.exe
C:\WINDOWS\system32\drivers\down\15855739.exe
C:\WINDOWS\system32\drivers\down\15861657.exe
C:\WINDOWS\system32\drivers\down\15869288.exe
C:\WINDOWS\system32\drivers\down\15872343.exe
C:\WINDOWS\system32\drivers\down\15879413.exe
C:\WINDOWS\system32\drivers\down\15884881.exe
C:\WINDOWS\system32\drivers\down\15886543.exe
C:\WINDOWS\system32\drivers\down\15891040.exe
C:\WINDOWS\system32\drivers\down\15893203.exe
C:\WINDOWS\system32\drivers\down\15895466.exe
C:\WINDOWS\system32\drivers\down\15909616.exe
C:\WINDOWS\system32\drivers\down\159098.exe
C:\WINDOWS\system32\drivers\down\15918509.exe
C:\WINDOWS\system32\drivers\down\15926621.exe
C:\WINDOWS\system32\drivers\down\15963564.exe
C:\WINDOWS\system32\drivers\down\15974890.exe
C:\WINDOWS\system32\drivers\down\15974910.exe
C:\WINDOWS\system32\drivers\down\15976853.exe
C:\WINDOWS\system32\drivers\down\15986236.exe
C:\WINDOWS\system32\drivers\down\15998885.exe
C:\WINDOWS\system32\drivers\down\16011943.exe
C:\WINDOWS\system32\drivers\down\16013846.exe
C:\WINDOWS\system32\drivers\down\16025273.exe
C:\WINDOWS\system32\drivers\down\16045732.exe
C:\WINDOWS\system32\drivers\down\16053794.exe
C:\WINDOWS\system32\drivers\down\16060113.exe
C:\WINDOWS\system32\drivers\down\16064008.exe
C:\WINDOWS\system32\drivers\down\16078740.exe
C:\WINDOWS\system32\drivers\down\160841.exe
C:\WINDOWS\system32\drivers\down\16104517.exe
C:\WINDOWS\system32\drivers\down\16119909.exe
C:\WINDOWS\system32\drivers\down\161241.exe
C:\WINDOWS\system32\drivers\down\16127730.exe
C:\WINDOWS\system32\drivers\down\16130294.exe
C:\WINDOWS\system32\drivers\down\16132347.exe
C:\WINDOWS\system32\drivers\down\16136402.exe
C:\WINDOWS\system32\drivers\down\16151614.exe
C:\WINDOWS\system32\drivers\down\16175839.exe
C:\WINDOWS\system32\drivers\down\16181928.exe
C:\WINDOWS\system32\drivers\down\16195047.exe
C:\WINDOWS\system32\drivers\down\16221094.exe
C:\WINDOWS\system32\drivers\down\16222967.exe
C:\WINDOWS\system32\drivers\down\16237628.exe
C:\WINDOWS\system32\drivers\down\162443.exe
C:\WINDOWS\system32\drivers\down\16266890.exe
C:\WINDOWS\system32\drivers\down\162683.exe
C:\WINDOWS\system32\drivers\down\162693.exe
C:\WINDOWS\system32\drivers\down\16296162.exe
C:\WINDOWS\system32\drivers\down\163224.exe
C:\WINDOWS\system32\drivers\down\163565.exe
C:\WINDOWS\system32\drivers\down\16357170.exe
C:\WINDOWS\system32\drivers\down\16366103.exe
C:\WINDOWS\system32\drivers\down\16376438.exe
C:\WINDOWS\system32\drivers\down\16385761.exe
C:\WINDOWS\system32\drivers\down\16433630.exe
C:\WINDOWS\system32\drivers\down\165528.exe
C:\WINDOWS\system32\drivers\down\166429.exe
C:\WINDOWS\system32\drivers\down\166549.exe
C:\WINDOWS\system32\drivers\down\16668207.exe
C:\WINDOWS\system32\drivers\down\16673535.exe
C:\WINDOWS\system32\drivers\down\167270.exe
C:\WINDOWS\system32\drivers\down\1680376.exe
C:\WINDOWS\system32\drivers\down\168882.exe
C:\WINDOWS\system32\drivers\down\170204.exe
C:\WINDOWS\system32\drivers\down\170214.exe
C:\WINDOWS\system32\drivers\down\172417.exe
C:\WINDOWS\system32\drivers\down\172908.exe
C:\WINDOWS\system32\drivers\down\173008.exe
C:\WINDOWS\system32\drivers\down\173399.exe
C:\WINDOWS\system32\drivers\down\173629.exe
C:\WINDOWS\system32\drivers\down\1740022.exe
C:\WINDOWS\system32\drivers\down\174130.exe
C:\WINDOWS\system32\drivers\down\174480.exe
C:\WINDOWS\system32\drivers\down\175562.exe
C:\WINDOWS\system32\drivers\down\176754.exe
C:\WINDOWS\system32\drivers\down\176764.exe
C:\WINDOWS\system32\drivers\down\177084.exe
C:\WINDOWS\system32\drivers\down\178616.exe
C:\WINDOWS\system32\drivers\down\179768.exe
C:\WINDOWS\system32\drivers\down\180199.exe
C:\WINDOWS\system32\drivers\down\180799.exe
C:\WINDOWS\system32\drivers\down\1812496.exe
C:\WINDOWS\system32\drivers\down\183393.exe
C:\WINDOWS\system32\drivers\down\183684.exe
C:\WINDOWS\system32\drivers\down\184515.exe
C:\WINDOWS\system32\drivers\down\184705.exe
C:\WINDOWS\system32\drivers\down\185256.exe
C:\WINDOWS\system32\drivers\down\185276.exe
C:\WINDOWS\system32\drivers\down\18529463.exe
C:\WINDOWS\system32\drivers\down\18534551.exe
C:\WINDOWS\system32\drivers\down\18570262.exe
C:\WINDOWS\system32\drivers\down\18593045.exe
C:\WINDOWS\system32\drivers\down\18593275.exe
C:\WINDOWS\system32\drivers\down\18618211.exe
C:\WINDOWS\system32\drivers\down\18638560.exe
C:\WINDOWS\system32\drivers\down\187169.exe
C:\WINDOWS\system32\drivers\down\187249.exe
C:\WINDOWS\system32\drivers\down\1906671.exe
C:\WINDOWS\system32\drivers\down\195431.exe
C:\WINDOWS\system32\drivers\down\195911.exe
C:\WINDOWS\system32\drivers\down\197113.exe
C:\WINDOWS\system32\drivers\down\197293.exe
C:\WINDOWS\system32\drivers\down\1992234.exe
C:\WINDOWS\system32\drivers\down\200017.exe
C:\WINDOWS\system32\drivers\down\200989.exe
C:\WINDOWS\system32\drivers\down\204043.exe
C:\WINDOWS\system32\drivers\down\204263.exe
C:\WINDOWS\system32\drivers\down\204283.exe
C:\WINDOWS\system32\drivers\down\204744.exe
C:\WINDOWS\system32\drivers\down\204904.exe
C:\WINDOWS\system32\drivers\down\2056206.exe
C:\WINDOWS\system32\drivers\down\205825.exe
C:\WINDOWS\system32\drivers\down\206276.exe
C:\WINDOWS\system32\drivers\down\207368.exe
C:\WINDOWS\system32\drivers\down\209200.exe
C:\WINDOWS\system32\drivers\down\209230.exe
C:\WINDOWS\system32\drivers\down\209891.exe
C:\WINDOWS\system32\drivers\down\210532.exe
C:\WINDOWS\system32\drivers\down\211393.exe
C:\WINDOWS\system32\drivers\down\212395.exe
C:\WINDOWS\system32\drivers\down\214738.exe
C:\WINDOWS\system32\drivers\down\215219.exe
C:\WINDOWS\system32\drivers\down\215860.exe
C:\WINDOWS\system32\drivers\down\217492.exe
C:\WINDOWS\system32\drivers\down\218504.exe
C:\WINDOWS\system32\drivers\down\218964.exe
C:\WINDOWS\system32\drivers\down\219034.exe
C:\WINDOWS\system32\drivers\down\220467.exe
C:\WINDOWS\system32\drivers\down\221017.exe
C:\WINDOWS\system32\drivers\down\2217879.exe
C:\WINDOWS\system32\drivers\down\223461.exe
C:\WINDOWS\system32\drivers\down\224232.exe
C:\WINDOWS\system32\drivers\down\224622.exe
C:\WINDOWS\system32\drivers\down\224893.exe
C:\WINDOWS\system32\drivers\down\225313.exe
C:\WINDOWS\system32\drivers\down\226946.exe
C:\WINDOWS\system32\drivers\down\228268.exe
C:\WINDOWS\system32\drivers\down\228809.exe
C:\WINDOWS\system32\drivers\down\229650.exe
C:\WINDOWS\system32\drivers\down\230281.exe
C:\WINDOWS\system32\drivers\down\231743.exe
C:\WINDOWS\system32\drivers\down\231783.exe
C:\WINDOWS\system32\drivers\down\232734.exe
C:\WINDOWS\system32\drivers\down\232824.exe
C:\WINDOWS\system32\drivers\down\234116.exe
C:\WINDOWS\system32\drivers\down\234777.exe
C:\WINDOWS\system32\drivers\down\235949.exe
C:\WINDOWS\system32\drivers\down\235959.exe
C:\WINDOWS\system32\drivers\down\237341.exe
C:\WINDOWS\system32\drivers\down\237932.exe
C:\WINDOWS\system32\drivers\down\238923.exe
C:\WINDOWS\system32\drivers\down\240105.exe
C:\WINDOWS\system32\drivers\down\241737.exe
C:\WINDOWS\system32\drivers\down\241837.exe
C:\WINDOWS\system32\drivers\down\246143.exe
C:\WINDOWS\system32\drivers\down\24633631.exe
C:\WINDOWS\system32\drivers\down\24651096.exe
C:\WINDOWS\system32\drivers\down\24660710.exe
C:\WINDOWS\system32\drivers\down\246844.exe
C:\WINDOWS\system32\drivers\down\246885.exe
C:\WINDOWS\system32\drivers\down\247125.exe
C:\WINDOWS\system32\drivers\down\247245.exe
C:\WINDOWS\system32\drivers\down\24779170.exe
C:\WINDOWS\system32\drivers\down\24822653.exe
C:\WINDOWS\system32\drivers\down\24887135.exe
C:\WINDOWS\system32\drivers\down\24904080.exe
C:\WINDOWS\system32\drivers\down\249679.exe
C:\WINDOWS\system32\drivers\down\24987009.exe
C:\WINDOWS\system32\drivers\down\25047656.exe
C:\WINDOWS\system32\drivers\down\25050751.exe
C:\WINDOWS\system32\drivers\down\250580.exe
C:\WINDOWS\system32\drivers\down\25058792.exe
C:\WINDOWS\system32\drivers\down\25094043.exe
C:\WINDOWS\system32\drivers\down\25105499.exe
C:\WINDOWS\system32\drivers\down\251481.exe
C:\WINDOWS\system32\drivers\down\25208668.exe
C:\WINDOWS\system32\drivers\down\252242.exe
C:\WINDOWS\system32\drivers\down\252412.exe
C:\WINDOWS\system32\drivers\down\253284.exe
C:\WINDOWS\system32\drivers\down\253464.exe
C:\WINDOWS\system32\drivers\down\256258.exe
C:\WINDOWS\system32\drivers\down\256899.exe
C:\WINDOWS\system32\drivers\down\258021.exe
C:\WINDOWS\system32\drivers\down\258371.exe
C:\WINDOWS\system32\drivers\down\260174.exe
C:\WINDOWS\system32\drivers\down\260624.exe
C:\WINDOWS\system32\drivers\down\260694.exe
C:\WINDOWS\system32\drivers\down\263298.exe
C:\WINDOWS\system32\drivers\down\264430.exe
C:\WINDOWS\system32\drivers\down\265081.exe
C:\WINDOWS\system32\drivers\down\265241.exe
C:\WINDOWS\system32\drivers\down\266112.exe
C:\WINDOWS\system32\drivers\down\266423.exe
C:\WINDOWS\system32\drivers\down\266603.exe
C:\WINDOWS\system32\drivers\down\268976.exe
C:\WINDOWS\system32\drivers\down\270609.exe
C:\WINDOWS\system32\drivers\down\273232.exe
C:\WINDOWS\system32\drivers\down\274224.exe
C:\WINDOWS\system32\drivers\down\274384.exe
C:\WINDOWS\system32\drivers\down\275095.exe
C:\WINDOWS\system32\drivers\down\276026.exe
C:\WINDOWS\system32\drivers\down\279682.exe
C:\WINDOWS\system32\drivers\down\280212.exe
C:\WINDOWS\system32\drivers\down\283768.exe
C:\WINDOWS\system32\drivers\down\284669.exe
C:\WINDOWS\system32\drivers\down\284699.exe
C:\WINDOWS\system32\drivers\down\286562.exe
C:\WINDOWS\system32\drivers\down\287162.exe
C:\WINDOWS\system32\drivers\down\287994.exe
C:\WINDOWS\system32\drivers\down\288514.exe
C:\WINDOWS\system32\drivers\down\289476.exe
C:\WINDOWS\system32\drivers\down\289976.exe
C:\WINDOWS\system32\drivers\down\291308.exe
C:\WINDOWS\system32\drivers\down\291399.exe
C:\WINDOWS\system32\drivers\down\295554.exe
C:\WINDOWS\system32\drivers\down\29574375.exe
C:\WINDOWS\system32\drivers\down\29587845.exe
C:\WINDOWS\system32\drivers\down\29590849.exe
C:\WINDOWS\system32\drivers\down\296035.exe
C:\WINDOWS\system32\drivers\down\29609616.exe
C:\WINDOWS\system32\drivers\down\29612730.exe
C:\WINDOWS\system32\drivers\down\29648872.exe
C:\WINDOWS\system32\drivers\down\29654080.exe
C:\WINDOWS\system32\drivers\down\29669512.exe
C:\WINDOWS\system32\drivers\down\29669542.exe
C:\WINDOWS\system32\drivers\down\29670844.exe
C:\WINDOWS\system32\drivers\down\29674740.exe
C:\WINDOWS\system32\drivers\down\29682611.exe
C:\WINDOWS\system32\drivers\down\29683582.exe
C:\WINDOWS\system32\drivers\down\29687468.exe
C:\WINDOWS\system32\drivers\down\29692605.exe
C:\WINDOWS\system32\drivers\down\29708959.exe
C:\WINDOWS\system32\drivers\down\29710892.exe
C:\WINDOWS\system32\drivers\down\29719033.exe
C:\WINDOWS\system32\drivers\down\29721126.exe
C:\WINDOWS\system32\drivers\down\29722228.exe
C:\WINDOWS\system32\drivers\down\29731271.exe
C:\WINDOWS\system32\drivers\down\29734596.exe
C:\WINDOWS\system32\drivers\down\29735347.exe
C:\WINDOWS\system32\drivers\down\29759141.exe
C:\WINDOWS\system32\drivers\down\29780191.exe
C:\WINDOWS\system32\drivers\down\29818136.exe
C:\WINDOWS\system32\drivers\down\298449.exe
C:\WINDOWS\system32\drivers\down\29870481.exe
C:\WINDOWS\system32\drivers\down\29875979.exe
C:\WINDOWS\system32\drivers\down\29879774.exe
C:\WINDOWS\system32\drivers\down\29921665.exe
C:\WINDOWS\system32\drivers\down\29941543.exe
C:\WINDOWS\system32\drivers\down\29945789.exe
C:\WINDOWS\system32\drivers\down\29956595.exe
C:\WINDOWS\system32\drivers\down\29966389.exe
C:\WINDOWS\system32\drivers\down\29974450.exe
C:\WINDOWS\system32\drivers\down\29989362.exe
C:\WINDOWS\system32\drivers\down\29995991.exe
C:\WINDOWS\system32\drivers\down\29997894.exe
C:\WINDOWS\system32\drivers\down\29998986.exe
C:\WINDOWS\system32\drivers\down\30006997.exe
C:\WINDOWS\system32\drivers\down\30010092.exe
C:\WINDOWS\system32\drivers\down\30016261.exe
C:\WINDOWS\system32\drivers\down\30030421.exe
C:\WINDOWS\system32\drivers\down\30033035.exe
C:\WINDOWS\system32\drivers\down\30043440.exe
C:\WINDOWS\system32\drivers\down\30061736.exe
C:\WINDOWS\system32\drivers\down\30109044.exe
C:\WINDOWS\system32\drivers\down\30145787.exe
C:\WINDOWS\system32\drivers\down\301473.exe
C:\WINDOWS\system32\drivers\down\30182289.exe
C:\WINDOWS\system32\drivers\down\30183591.exe
C:\WINDOWS\system32\drivers\down\30204021.exe
C:\WINDOWS\system32\drivers\down\30207365.exe
C:\WINDOWS\system32\drivers\down\30226393.exe
C:\WINDOWS\system32\drivers\down\30228986.exe
C:\WINDOWS\system32\drivers\down\30229617.exe
C:\WINDOWS\system32\drivers\down\30236978.exe
C:\WINDOWS\system32\drivers\down\302384.exe
C:\WINDOWS\system32\drivers\down\30245000.exe
C:\WINDOWS\system32\drivers\down\30287581.exe
C:\WINDOWS\system32\drivers\down\30335670.exe
C:\WINDOWS\system32\drivers\down\30342189.exe
C:\WINDOWS\system32\drivers\down\30360435.exe
C:\WINDOWS\system32\drivers\down\30363670.exe
C:\WINDOWS\system32\drivers\down\30390929.exe
C:\WINDOWS\system32\drivers\down\30411339.exe
C:\WINDOWS\system32\drivers\down\30423376.exe
C:\WINDOWS\system32\drivers\down\30428594.exe
C:\WINDOWS\system32\drivers\down\30438087.exe
C:\WINDOWS\system32\drivers\down\30438798.exe
C:\WINDOWS\system32\drivers\down\30459778.exe
C:\WINDOWS\system32\drivers\down\30470814.exe
C:\WINDOWS\system32\drivers\down\30508448.exe
C:\WINDOWS\system32\drivers\down\30513145.exe
C:\WINDOWS\system32\drivers\down\30531231.exe
C:\WINDOWS\system32\drivers\down\305879.exe
C:\WINDOWS\system32\drivers\down\30614581.exe
C:\WINDOWS\system32\drivers\down\30618857.exe
C:\WINDOWS\system32\drivers\down\30622773.exe
C:\WINDOWS\system32\drivers\down\30631756.exe
C:\WINDOWS\system32\drivers\down\30651113.exe
C:\WINDOWS\system32\drivers\down\30662780.exe
C:\WINDOWS\system32\drivers\down\306751.exe
C:\WINDOWS\system32\drivers\down\30746240.exe
C:\WINDOWS\system32\drivers\down\30804164.exe
C:\WINDOWS\system32\drivers\down\30857761.exe
C:\WINDOWS\system32\drivers\down\308814.exe
C:\WINDOWS\system32\drivers\down\30890117.exe
C:\WINDOWS\system32\drivers\down\30891339.exe
C:\WINDOWS\system32\drivers\down\30896286.exe
C:\WINDOWS\system32\drivers\down\30906731.exe
C:\WINDOWS\system32\drivers\down\30931116.exe
C:\WINDOWS\system32\drivers\down\30933620.exe
C:\WINDOWS\system32\drivers\down\30943444.exe
C:\WINDOWS\system32\drivers\down\30952056.exe
C:\WINDOWS\system32\drivers\down\30954069.exe
C:\WINDOWS\system32\drivers\down\30954189.exe
C:\WINDOWS\system32\drivers\down\30978584.exe
C:\WINDOWS\system32\drivers\down\30979375.exe
C:\WINDOWS\system32\drivers\down\30981378.exe
C:\WINDOWS\system32\drivers\down\30998303.exe
C:\WINDOWS\system32\drivers\down\31004532.exe
C:\WINDOWS\system32\drivers\down\31013575.exe
C:\WINDOWS\system32\drivers\down\31064939.exe
C:\WINDOWS\system32\drivers\down\31073200.exe
C:\WINDOWS\system32\drivers\down\31079359.exe
C:\WINDOWS\system32\drivers\down\31127478.exe
C:\WINDOWS\system32\drivers\down\31207894.exe
C:\WINDOWS\system32\drivers\down\312138.exe
C:\WINDOWS\system32\drivers\down\31223356.exe
C:\WINDOWS\system32\drivers\down\31237326.exe
C:\WINDOWS\system32\drivers\down\31304333.exe
C:\WINDOWS\system32\drivers\down\313060.exe
C:\WINDOWS\system32\drivers\down\31354845.exe
C:\WINDOWS\system32\drivers\down\31396165.exe
C:\WINDOWS\system32\drivers\down\31449772.exe
C:\WINDOWS\system32\drivers\down\31461859.exe
C:\WINDOWS\system32\drivers\down\315053.exe
C:\WINDOWS\system32\drivers\down\31516908.exe
C:\WINDOWS\system32\drivers\down\31569784.exe
C:\WINDOWS\system32\drivers\down\31583214.exe
C:\WINDOWS\system32\drivers\down\31609622.exe
C:\WINDOWS\system32\drivers\down\31641478.exe
C:\WINDOWS\system32\drivers\down\31699421.exe
C:\WINDOWS\system32\drivers\down\31708113.exe
C:\WINDOWS\system32\drivers\down\317166.exe
C:\WINDOWS\system32\drivers\down\317786.exe
C:\WINDOWS\system32\drivers\down\322023.exe
C:\WINDOWS\system32\drivers\down\322513.exe
C:\WINDOWS\system32\drivers\down\322583.exe
C:\WINDOWS\system32\drivers\down\323004.exe
C:\WINDOWS\system32\drivers\down\323795.exe
C:\WINDOWS\system32\drivers\down\324536.exe
C:\WINDOWS\system32\drivers\down\324616.exe
C:\WINDOWS\system32\drivers\down\325888.exe
C:\WINDOWS\system32\drivers\down\330004.exe
C:\WINDOWS\system32\drivers\down\331306.exe
C:\WINDOWS\system32\drivers\down\332578.exe
C:\WINDOWS\system32\drivers\down\333149.exe
C:\WINDOWS\system32\drivers\down\333890.exe
C:\WINDOWS\system32\drivers\down\335272.exe
C:\WINDOWS\system32\drivers\down\337575.exe
C:\WINDOWS\system32\drivers\down\339548.exe
C:\WINDOWS\system32\drivers\down\339658.exe
C:\WINDOWS\system32\drivers\down\341100.exe
C:\WINDOWS\system32\drivers\down\341591.exe
C:\WINDOWS\system32\drivers\down\341711.exe
C:\WINDOWS\system32\drivers\down\341921.exe
C:\WINDOWS\system32\drivers\down\342993.exe
C:\WINDOWS\system32\drivers\down\344064.exe
C:\WINDOWS\system32\drivers\down\3445143.exe
C:\WINDOWS\system32\drivers\down\345146.exe
C:\WINDOWS\system32\drivers\down\345166.exe
C:\WINDOWS\system32\drivers\down\3455038.exe
C:\WINDOWS\system32\drivers\down\345526.exe
C:\WINDOWS\system32\drivers\down\350183.exe
C:\WINDOWS\system32\drivers\down\351515.exe
C:\WINDOWS\system32\drivers\down\351525.exe
C:\WINDOWS\system32\drivers\down\352907.exe
C:\WINDOWS\system32\drivers\down\354850.exe
C:\WINDOWS\system32\drivers\down\355631.exe
C:\WINDOWS\system32\drivers\down\3562122.exe
C:\WINDOWS\system32\drivers\down\356602.exe
C:\WINDOWS\system32\drivers\down\356632.exe
C:\WINDOWS\system32\drivers\down\3577474.exe
C:\WINDOWS\system32\drivers\down\357764.exe
C:\WINDOWS\system32\drivers\down\357984.exe
C:\WINDOWS\system32\drivers\down\358225.exe
C:\WINDOWS\system32\drivers\down\360217.exe
C:\WINDOWS\system32\drivers\down\3612414.exe
C:\WINDOWS\system32\drivers\down\362190.exe
C:\WINDOWS\system32\drivers\down\3634426.exe
C:\WINDOWS\system32\drivers\down\363923.exe
C:\WINDOWS\system32\drivers\down\364023.exe
C:\WINDOWS\system32\drivers\down\364323.exe
C:\WINDOWS\system32\drivers\down\364714.exe
C:\WINDOWS\system32\drivers\down\3647214.exe
C:\WINDOWS\system32\drivers\down\364804.exe
C:\WINDOWS\system32\drivers\down\366266.exe
C:\WINDOWS\system32\drivers\down\367298.exe
C:\WINDOWS\system32\drivers\down\368379.exe
C:\WINDOWS\system32\drivers\down\3698448.exe
C:\WINDOWS\system32\drivers\down\371474.exe
C:\WINDOWS\system32\drivers\down\371914.exe
C:\WINDOWS\system32\drivers\down\3724755.exe
C:\WINDOWS\system32\drivers\down\373186.exe
C:\WINDOWS\system32\drivers\down\3739727.exe
C:\WINDOWS\system32\drivers\down\3742982.exe
C:\WINDOWS\system32\drivers\down\3756411.exe
C:\WINDOWS\system32\drivers\down\376711.exe
C:\WINDOWS\system32\drivers\down\3773305.exe
C:\WINDOWS\system32\drivers\down\378484.exe
C:\WINDOWS\system32\drivers\down\379185.exe
C:\WINDOWS\system32\drivers\down\379375.exe
C:\WINDOWS\system32\drivers\down\379635.exe
C:\WINDOWS\system32\drivers\down\380276.exe
C:\WINDOWS\system32\drivers\down\3809227.exe
C:\WINDOWS\system32\drivers\down\3827733.exe
C:\WINDOWS\system32\drivers\down\3828274.exe
C:\WINDOWS\system32\drivers\down\384633.exe
C:\WINDOWS\system32\drivers\down\385053.exe
C:\WINDOWS\system32\drivers\down\385294.exe
C:\WINDOWS\system32\drivers\down\386145.exe
C:\WINDOWS\system32\drivers\down\3861752.exe
C:\WINDOWS\system32\drivers\down\3878687.exe
C:\WINDOWS\system32\drivers\down\3894690.exe
C:\WINDOWS\system32\drivers\down\389730.exe
C:\WINDOWS\system32\drivers\down\3906837.exe
C:\WINDOWS\system32\drivers\down\391062.exe
C:\WINDOWS\system32\drivers\down\391743.exe
C:\WINDOWS\system32\drivers\down\391803.exe
C:\WINDOWS\system32\drivers\down\3953344.exe
C:\WINDOWS\system32\drivers\down\395999.exe
C:\WINDOWS\system32\drivers\down\3965902.exe
C:\WINDOWS\system32\drivers\down\3968866.exe
C:\WINDOWS\system32\drivers\down\3974625.exe
C:\WINDOWS\system32\drivers\down\398913.exe
C:\WINDOWS\system32\drivers\down\399314.exe
C:\WINDOWS\system32\drivers\down\3993482.exe
C:\WINDOWS\system32\drivers\down\3997648.exe
C:\WINDOWS\system32\drivers\down\400455.exe
C:\WINDOWS\system32\drivers\down\400976.exe
C:\WINDOWS\system32\drivers\down\402308.exe
C:\WINDOWS\system32\drivers\down\404621.exe
C:\WINDOWS\system32\drivers\down\4063192.exe
C:\WINDOWS\system32\drivers\down\406865.exe
C:\WINDOWS\system32\drivers\down\407696.exe
C:\WINDOWS\system32\drivers\down\408417.exe
C:\WINDOWS\system32\drivers\down\409659.exe
C:\WINDOWS\system32\drivers\down\411802.exe
C:\WINDOWS\system32\drivers\down\413734.exe
C:\WINDOWS\system32\drivers\down\414826.exe
C:\WINDOWS\system32\drivers\down\415988.exe
C:\WINDOWS\system32\drivers\down\416188.exe
C:\WINDOWS\system32\drivers\down\416488.exe
C:\WINDOWS\system32\drivers\down\417169.exe
C:\WINDOWS\system32\drivers\down\419483.exe
C:\WINDOWS\system32\drivers\down\421355.exe
C:\WINDOWS\system32\drivers\down\423518.exe
C:\WINDOWS\system32\drivers\down\423949.exe
C:\WINDOWS\system32\drivers\down\425121.exe
C:\WINDOWS\system32\drivers\down\426503.exe
C:\WINDOWS\system32\drivers\down\429387.exe
C:\WINDOWS\system32\drivers\down\431109.exe
C:\WINDOWS\system32\drivers\down\431380.exe
C:\WINDOWS\system32\drivers\down\431881.exe
C:\WINDOWS\system32\drivers\down\433373.exe
C:\WINDOWS\system32\drivers\down\433743.exe
C:\WINDOWS\system32\drivers\down\434124.exe
C:\WINDOWS\system32\drivers\down\434434.exe
C:\WINDOWS\system32\drivers\down\435746.exe
C:\WINDOWS\system32\drivers\down\435756.exe
C:\WINDOWS\system32\drivers\down\436447.exe
C:\WINDOWS\system32\drivers\down\436557.exe
C:\WINDOWS\system32\drivers\down\436838.exe
C:\WINDOWS\system32\drivers\down\437248.exe
C:\WINDOWS\system32\drivers\down\439672.exe
C:\WINDOWS\system32\drivers\down\44157515.exe
C:\WINDOWS\system32\drivers\down\441675.exe
C:\WINDOWS\system32\drivers\down\44182781.exe
C:\WINDOWS\system32\drivers\down\442085.exe
C:\WINDOWS\system32\drivers\down\44209720.exe
C:\WINDOWS\system32\drivers\down\44221487.exe
C:\WINDOWS\system32\drivers\down\44247885.exe
C:\WINDOWS\system32\drivers\down\44258951.exe
C:\WINDOWS\system32\drivers\down\44262295.exe
C:\WINDOWS\system32\drivers\down\44285429.exe
C:\WINDOWS\system32\drivers\down\44350102.exe
C:\WINDOWS\system32\drivers\down\44364572.exe
C:\WINDOWS\system32\drivers\down\44369259.exe
C:\WINDOWS\system32\drivers\down\44377481.exe
C:\WINDOWS\system32\drivers\down\44384922.exe
C:\WINDOWS\system32\drivers\down\44390069.exe
C:\WINDOWS\system32\drivers\down\44409837.exe
C:\WINDOWS\system32\drivers\down\44414965.exe
C:\WINDOWS\system32\drivers\down\44441433.exe
C:\WINDOWS\system32\drivers\down\44443706.exe
C:\WINDOWS\system32\drivers\down\44455073.exe
C:\WINDOWS\system32\drivers\down\44458848.exe
C:\WINDOWS\system32\drivers\down\44464867.exe
C:\WINDOWS\system32\drivers\down\44466389.exe
C:\WINDOWS\system32\drivers\down\44483764.exe
C:\WINDOWS\system32\drivers\down\44492627.exe
C:\WINDOWS\system32\drivers\down\44498164.exe
C:\WINDOWS\system32\drivers\down\44502961.exe
C:\WINDOWS\system32\drivers\down\445079.exe
C:\WINDOWS\system32\drivers\down\44515710.exe
C:\WINDOWS\system32\drivers\down\445320.exe
C:\WINDOWS\system32\drivers\down\44543009.exe
C:\WINDOWS\system32\drivers\down\445560.exe
C:\WINDOWS\system32\drivers\down\44561526.exe
C:\WINDOWS\system32\drivers\down\44583257.exe
C:\WINDOWS\system32\drivers\down\445851.exe
C:\WINDOWS\system32\drivers\down\44587513.exe
C:\WINDOWS\system32\drivers\down\44588815.exe
C:\WINDOWS\system32\drivers\down\44595855.exe
C:\WINDOWS\system32\drivers\down\446001.exe
C:\WINDOWS\system32\drivers\down\44601713.exe
C:\WINDOWS\system32\drivers\down\44603486.exe
C:\WINDOWS\system32\drivers\down\44623525.exe
C:\WINDOWS\system32\drivers\down\44634050.exe
C:\WINDOWS\system32\drivers\down\44636694.exe
C:\WINDOWS\system32\drivers\down\44638606.exe
C:\WINDOWS\system32\drivers\down\44644214.exe
C:\WINDOWS\system32\drivers\down\44649452.exe
C:\WINDOWS\system32\drivers\down\44653698.exe
C:\WINDOWS\system32\drivers\down\44701667.exe
C:\WINDOWS\system32\drivers\down\447393.exe
C:\WINDOWS\system32\drivers\down\44766540.exe
C:\WINDOWS\system32\drivers\down\44781442.exe
C:\WINDOWS\system32\drivers\down\448034.exe
C:\WINDOWS\system32\drivers\down\451659.exe
C:\WINDOWS\system32\drivers\down\452090.exe
C:\WINDOWS\system32\drivers\down\453051.exe
C:\WINDOWS\system32\drivers\down\456145.exe
C:\WINDOWS\system32\drivers\down\457928.exe
C:\WINDOWS\system32\drivers\down\458459.exe
C:\WINDOWS\system32\drivers\down\459130.exe
C:\WINDOWS\system32\drivers\down\459150.exe
C:\WINDOWS\system32\drivers\down\459560.exe
C:\WINDOWS\system32\drivers\down\461223.exe
C:\WINDOWS\system32\drivers\down\461583.exe
C:\WINDOWS\system32\drivers\down\462495.exe
C:\WINDOWS\system32\drivers\down\464027.exe
C:\WINDOWS\system32\drivers\down\464557.exe
C:\WINDOWS\system32\drivers\down\470025.exe
C:\WINDOWS\system32\drivers\down\470656.exe
C:\WINDOWS\system32\drivers\down\472329.exe
C:\WINDOWS\system32\drivers\down\472729.exe
C:\WINDOWS\system32\drivers\down\472789.exe
C:\WINDOWS\system32\drivers\down\473260.exe
C:\WINDOWS\system32\drivers\down\473280.exe
C:\WINDOWS\system32\drivers\down\473971.exe
C:\WINDOWS\system32\drivers\down\474041.exe
C:\WINDOWS\system32\drivers\down\474842.exe
C:\WINDOWS\system32\drivers\down\476575.exe
C:\WINDOWS\system32\drivers\down\477736.exe
C:\WINDOWS\system32\drivers\down\478287.exe
C:\WINDOWS\system32\drivers\down\478898.exe
C:\WINDOWS\system32\drivers\down\479619.exe
C:\WINDOWS\system32\drivers\down\480951.exe
C:\WINDOWS\system32\drivers\down\484456.exe
C:\WINDOWS\system32\drivers\down\484566.exe
C:\WINDOWS\system32\drivers\down\484727.exe
C:\WINDOWS\system32\drivers\down\485558.exe
C:\WINDOWS\system32\drivers\down\486149.exe
C:\WINDOWS\system32\drivers\down\487130.exe
C:\WINDOWS\system32\drivers\down\487350.exe
C:\WINDOWS\system32\drivers\down\488372.exe
C:\WINDOWS\system32\drivers\down\488612.exe
C:\WINDOWS\system32\drivers\down\490164.exe
C:\WINDOWS\system32\drivers\down\490835.exe
C:\WINDOWS\system32\drivers\down\492007.exe
C:\WINDOWS\system32\drivers\down\492988.exe
C:\WINDOWS\system32\drivers\down\493579.exe
C:\WINDOWS\system32\drivers\down\496574.exe
C:\WINDOWS\system32\drivers\down\497645.exe
C:\WINDOWS\system32\drivers\down\498476.exe
C:\WINDOWS\system32\drivers\down\498907.exe
C:\WINDOWS\system32\drivers\down\499157.exe
C:\WINDOWS\system32\drivers\down\500619.exe
C:\WINDOWS\system32\drivers\down\501471.exe
C:\WINDOWS\system32\drivers\down\501521.exe
C:\WINDOWS\system32\drivers\down\504916.exe
C:\WINDOWS\system32\drivers\down\504976.exe
C:\WINDOWS\system32\drivers\down\506207.exe
C:\WINDOWS\system32\drivers\down\506398.exe
C:\WINDOWS\system32\drivers\down\506418.exe
C:\WINDOWS\system32\drivers\down\507609.exe
C:\WINDOWS\system32\drivers\down\509222.exe
C:\WINDOWS\system32\drivers\down\509362.exe
C:\WINDOWS\system32\drivers\down\510914.exe
C:\WINDOWS\system32\drivers\down\513898.exe
C:\WINDOWS\system32\drivers\down\515140.exe
C:\WINDOWS\system32\drivers\down\515621.exe
C:\WINDOWS\system32\drivers\down\515751.exe
C:\WINDOWS\system32\drivers\down\519987.exe
C:\WINDOWS\system32\drivers\down\520037.exe
C:\WINDOWS\system32\drivers\down\524644.exe
C:\WINDOWS\system32\drivers\down\526256.exe
C:\WINDOWS\system32\drivers\down\526356.exe
C:\WINDOWS\system32\drivers\down\526757.exe
C:\WINDOWS\system32\drivers\down\527017.exe
C:\WINDOWS\system32\drivers\down\528239.exe
C:\WINDOWS\system32\drivers\down\528580.exe
C:\WINDOWS\system32\drivers\down\528820.exe
C:\WINDOWS\system32\drivers\down\530873.exe
C:\WINDOWS\system32\drivers\down\530883.exe
C:\WINDOWS\system32\drivers\down\533457.exe
C:\WINDOWS\system32\drivers\down\536261.exe
C:\WINDOWS\system32\drivers\down\539415.exe
C:\WINDOWS\system32\drivers\down\541428.exe
C:\WINDOWS\system32\drivers\down\543391.exe
C:\WINDOWS\system32\drivers\down\545914.exe
C:\WINDOWS\system32\drivers\down\550721.exe
C:\WINDOWS\system32\drivers\down\551723.exe
C:\WINDOWS\system32\drivers\down\555178.exe
C:\WINDOWS\system32\drivers\down\555198.exe
C:\WINDOWS\system32\drivers\down\556370.exe
C:\WINDOWS\system32\drivers\down\556660.exe
C:\WINDOWS\system32\drivers\down\557050.exe
C:\WINDOWS\system32\drivers\down\560666.exe
C:\WINDOWS\system32\drivers\down\563410.exe
C:\WINDOWS\system32\drivers\down\564351.exe
C:\WINDOWS\system32\drivers\down\566214.exe
C:\WINDOWS\system32\drivers\down\566434.exe
C:\WINDOWS\system32\drivers\down\568487.exe
C:\WINDOWS\system32\drivers\down\568918.exe

[cherriedpie]

C:\WINDOWS\system32\drivers\down\568928.exe
C:\WINDOWS\system32\drivers\down\569839.exe
C:\WINDOWS\system32\drivers\down\572212.exe
C:\WINDOWS\system32\drivers\down\572923.exe
C:\WINDOWS\system32\drivers\down\573975.exe
C:\WINDOWS\system32\drivers\down\576328.exe
C:\WINDOWS\system32\drivers\down\576478.exe
C:\WINDOWS\system32\drivers\down\579693.exe
C:\WINDOWS\system32\drivers\down\583438.exe
C:\WINDOWS\system32\drivers\down\584360.exe
C:\WINDOWS\system32\drivers\down\585451.exe
C:\WINDOWS\system32\drivers\down\585561.exe
C:\WINDOWS\system32\drivers\down\586533.exe
C:\WINDOWS\system32\drivers\down\58961702.exe
C:\WINDOWS\system32\drivers\down\58991625.exe
C:\WINDOWS\system32\drivers\down\58998094.exe
C:\WINDOWS\system32\drivers\down\59017712.exe
C:\WINDOWS\system32\drivers\down\59075385.exe
C:\WINDOWS\system32\drivers\down\59098539.exe
C:\WINDOWS\system32\drivers\down\59103446.exe
C:\WINDOWS\system32\drivers\down\59115663.exe
C:\WINDOWS\system32\drivers\down\59119939.exe
C:\WINDOWS\system32\drivers\down\59135983.exe
C:\WINDOWS\system32\drivers\down\59143003.exe
C:\WINDOWS\system32\drivers\down\59145206.exe
C:\WINDOWS\system32\drivers\down\59149772.exe
C:\WINDOWS\system32\drivers\down\59153718.exe
C:\WINDOWS\system32\drivers\down\59155771.exe
C:\WINDOWS\system32\drivers\down\59157724.exe
C:\WINDOWS\system32\drivers\down\59158134.exe
C:\WINDOWS\system32\drivers\down\59162481.exe
C:\WINDOWS\system32\drivers\down\59170522.exe
C:\WINDOWS\system32\drivers\down\591710.exe
C:\WINDOWS\system32\drivers\down\59172876.exe
C:\WINDOWS\system32\drivers\down\59218191.exe
C:\WINDOWS\system32\drivers\down\59247112.exe
C:\WINDOWS\system32\drivers\down\59427071.exe
C:\WINDOWS\system32\drivers\down\59431417.exe
C:\WINDOWS\system32\drivers\down\59439349.exe
C:\WINDOWS\system32\drivers\down\59444036.exe
C:\WINDOWS\system32\drivers\down\59489581.exe
C:\WINDOWS\system32\drivers\down\59497843.exe
C:\WINDOWS\system32\drivers\down\59499485.exe
C:\WINDOWS\system32\drivers\down\595235.exe
C:\WINDOWS\system32\drivers\down\59528387.exe
C:\WINDOWS\system32\drivers\down\59531451.exe
C:\WINDOWS\system32\drivers\down\59588603.exe
C:\WINDOWS\system32\drivers\down\596367.exe
C:\WINDOWS\system32\drivers\down\59666325.exe
C:\WINDOWS\system32\drivers\down\59684501.exe
C:\WINDOWS\system32\drivers\down\59688667.exe
C:\WINDOWS\system32\drivers\down\59728945.exe
C:\WINDOWS\system32\drivers\down\597839.exe
C:\WINDOWS\system32\drivers\down\59837601.exe
C:\WINDOWS\system32\drivers\down\598770.exe
C:\WINDOWS\system32\drivers\down\59879021.exe
C:\WINDOWS\system32\drivers\down\599101.exe
C:\WINDOWS\system32\drivers\down\59917937.exe
C:\WINDOWS\system32\drivers\down\59937615.exe
C:\WINDOWS\system32\drivers\down\60032932.exe
C:\WINDOWS\system32\drivers\down\60079249.exe
C:\WINDOWS\system32\drivers\down\60091476.exe
C:\WINDOWS\system32\drivers\down\601214.exe
C:\WINDOWS\system32\drivers\down\601294.exe
C:\WINDOWS\system32\drivers\down\60139425.exe
C:\WINDOWS\system32\drivers\down\60210077.exe
C:\WINDOWS\system32\drivers\down\602406.exe
C:\WINDOWS\system32\drivers\down\603557.exe
C:\WINDOWS\system32\drivers\down\604018.exe
C:\WINDOWS\system32\drivers\down\608314.exe
C:\WINDOWS\system32\drivers\down\610347.exe
C:\WINDOWS\system32\drivers\down\612861.exe
C:\WINDOWS\system32\drivers\down\613412.exe
C:\WINDOWS\system32\drivers\down\615715.exe
C:\WINDOWS\system32\drivers\down\618759.exe
C:\WINDOWS\system32\drivers\down\619570.exe
C:\WINDOWS\system32\drivers\down\624007.exe
C:\WINDOWS\system32\drivers\down\624928.exe
C:\WINDOWS\system32\drivers\down\625289.exe
C:\WINDOWS\system32\drivers\down\627872.exe
C:\WINDOWS\system32\drivers\down\629555.exe
C:\WINDOWS\system32\drivers\down\633751.exe
C:\WINDOWS\system32\drivers\down\634442.exe
C:\WINDOWS\system32\drivers\down\635804.exe
C:\WINDOWS\system32\drivers\down\637046.exe
C:\WINDOWS\system32\drivers\down\637246.exe
C:\WINDOWS\system32\drivers\down\639078.exe
C:\WINDOWS\system32\drivers\down\642744.exe
C:\WINDOWS\system32\drivers\down\643385.exe
C:\WINDOWS\system32\drivers\down\647060.exe
C:\WINDOWS\system32\drivers\down\648452.exe
C:\WINDOWS\system32\drivers\down\648522.exe
C:\WINDOWS\system32\drivers\down\652388.exe
C:\WINDOWS\system32\drivers\down\657064.exe
C:\WINDOWS\system32\drivers\down\660980.exe
C:\WINDOWS\system32\drivers\down\661761.exe
C:\WINDOWS\system32\drivers\down\667449.exe
C:\WINDOWS\system32\drivers\down\667529.exe
C:\WINDOWS\system32\drivers\down\668721.exe
C:\WINDOWS\system32\drivers\down\668901.exe
C:\WINDOWS\system32\drivers\down\671595.exe
C:\WINDOWS\system32\drivers\down\674590.exe
C:\WINDOWS\system32\drivers\down\674920.exe
C:\WINDOWS\system32\drivers\down\674990.exe
C:\WINDOWS\system32\drivers\down\67937.exe
C:\WINDOWS\system32\drivers\down\679777.exe
C:\WINDOWS\system32\drivers\down\680348.exe
C:\WINDOWS\system32\drivers\down\681650.exe
C:\WINDOWS\system32\drivers\down\684514.exe
C:\WINDOWS\system32\drivers\down\684964.exe
C:\WINDOWS\system32\drivers\down\687097.exe
C:\WINDOWS\system32\drivers\down\688309.exe
C:\WINDOWS\system32\drivers\down\691504.exe
C:\WINDOWS\system32\drivers\down\697042.exe
C:\WINDOWS\system32\drivers\down\698945.exe
C:\WINDOWS\system32\drivers\down\701268.exe
C:\WINDOWS\system32\drivers\down\705063.exe
C:\WINDOWS\system32\drivers\down\708008.exe
C:\WINDOWS\system32\drivers\down\709970.exe
C:\WINDOWS\system32\drivers\down\711913.exe
C:\WINDOWS\system32\drivers\down\713796.exe
C:\WINDOWS\system32\drivers\down\718352.exe
C:\WINDOWS\system32\drivers\down\719394.exe
C:\WINDOWS\system32\drivers\down\720796.exe
C:\WINDOWS\system32\drivers\down\721397.exe
C:\WINDOWS\system32\drivers\down\723590.exe
C:\WINDOWS\system32\drivers\down\724301.exe
C:\WINDOWS\system32\drivers\down\726865.exe
C:\WINDOWS\system32\drivers\down\727506.exe
C:\WINDOWS\system32\drivers\down\727686.exe
C:\WINDOWS\system32\drivers\down\728096.exe
C:\WINDOWS\system32\drivers\down\732373.exe
C:\WINDOWS\system32\drivers\down\732903.exe
C:\WINDOWS\system32\drivers\down\733064.exe
C:\WINDOWS\system32\drivers\down\73635.exe
C:\WINDOWS\system32\drivers\down\738001.exe
C:\WINDOWS\system32\drivers\down\738622.exe
C:\WINDOWS\system32\drivers\down\739263.exe
C:\WINDOWS\system32\drivers\down\739453.exe
C:\WINDOWS\system32\drivers\down\74010771.exe
C:\WINDOWS\system32\drivers\down\740244.exe
C:\WINDOWS\system32\drivers\down\74058951.exe
C:\WINDOWS\system32\drivers\down\74076416.exe
C:\WINDOWS\system32\drivers\down\74080812.exe
C:\WINDOWS\system32\drivers\down\74084748.exe
C:\WINDOWS\system32\drivers\down\74143532.exe
C:\WINDOWS\system32\drivers\down\74163491.exe
C:\WINDOWS\system32\drivers\down\74167497.exe
C:\WINDOWS\system32\drivers\down\74174427.exe
C:\WINDOWS\system32\drivers\down\74178743.exe
C:\WINDOWS\system32\drivers\down\74194926.exe
C:\WINDOWS\system32\drivers\down\74211170.exe
C:\WINDOWS\system32\drivers\down\74212121.exe
C:\WINDOWS\system32\drivers\down\74213132.exe
C:\WINDOWS\system32\drivers\down\74221204.exe
C:\WINDOWS\system32\drivers\down\74223367.exe
C:\WINDOWS\system32\drivers\down\74269904.exe
C:\WINDOWS\system32\drivers\down\744740.exe
C:\WINDOWS\system32\drivers\down\746112.exe
C:\WINDOWS\system32\drivers\down\74773007.exe
C:\WINDOWS\system32\drivers\down\74842527.exe
C:\WINDOWS\system32\drivers\down\74858160.exe
C:\WINDOWS\system32\drivers\down\74868655.exe
C:\WINDOWS\system32\drivers\down\74911026.exe
C:\WINDOWS\system32\drivers\down\75134297.exe
C:\WINDOWS\system32\drivers\down\75216115.exe
C:\WINDOWS\system32\drivers\down\75295999.exe
C:\WINDOWS\system32\drivers\down\75314556.exe
C:\WINDOWS\system32\drivers\down\753193.exe
C:\WINDOWS\system32\drivers\down\75403344.exe
C:\WINDOWS\system32\drivers\down\75458393.exe
C:\WINDOWS\system32\drivers\down\75475447.exe
C:\WINDOWS\system32\drivers\down\75530356.exe
C:\WINDOWS\system32\drivers\down\75672321.exe
C:\WINDOWS\system32\drivers\down\760533.exe
C:\WINDOWS\system32\drivers\down\77100.exe
C:\WINDOWS\system32\drivers\down\77551.exe
C:\WINDOWS\system32\drivers\down\775715.exe
C:\WINDOWS\system32\drivers\down\778128.exe
C:\WINDOWS\system32\drivers\down\780562.exe
C:\WINDOWS\system32\drivers\down\783716.exe
C:\WINDOWS\system32\drivers\down\784407.exe
C:\WINDOWS\system32\drivers\down\794081.exe
C:\WINDOWS\system32\drivers\down\795273.exe
C:\WINDOWS\system32\drivers\down\795924.exe
C:\WINDOWS\system32\drivers\down\796274.exe
C:\WINDOWS\system32\drivers\down\802854.exe
C:\WINDOWS\system32\drivers\down\809123.exe
C:\WINDOWS\system32\drivers\down\81136.exe
C:\WINDOWS\system32\drivers\down\820609.exe
C:\WINDOWS\system32\drivers\down\822562.exe
C:\WINDOWS\system32\drivers\down\823624.exe
C:\WINDOWS\system32\drivers\down\826488.exe
C:\WINDOWS\system32\drivers\down\833288.exe
C:\WINDOWS\system32\drivers\down\83349.exe
C:\WINDOWS\system32\drivers\down\835711.exe
C:\WINDOWS\system32\drivers\down\843222.exe
C:\WINDOWS\system32\drivers\down\843492.exe
C:\WINDOWS\system32\drivers\down\846036.exe
C:\WINDOWS\system32\drivers\down\846106.exe
C:\WINDOWS\system32\drivers\down\852185.exe
C:\WINDOWS\system32\drivers\down\853507.exe
C:\WINDOWS\system32\drivers\down\856050.exe
C:\WINDOWS\system32\drivers\down\85733.exe
C:\WINDOWS\system32\drivers\down\860877.exe
C:\WINDOWS\system32\drivers\down\86364.exe
C:\WINDOWS\system32\drivers\down\871483.exe
C:\WINDOWS\system32\drivers\down\881307.exe
C:\WINDOWS\system32\drivers\down\884852.exe
C:\WINDOWS\system32\drivers\down\890840.exe
C:\WINDOWS\system32\drivers\down\90210616.exe
C:\WINDOWS\system32\drivers\down\90218897.exe
C:\WINDOWS\system32\drivers\down\90264934.exe
C:\WINDOWS\system32\drivers\down\90411635.exe
C:\WINDOWS\system32\drivers\down\90474014.exe
C:\WINDOWS\system32\drivers\down\90524627.exe
C:\WINDOWS\system32\drivers\down\90534601.exe
C:\WINDOWS\system32\drivers\down\90624461.exe
C:\WINDOWS\system32\drivers\down\90627405.exe
C:\WINDOWS\system32\drivers\down\90648796.exe
C:\WINDOWS\system32\drivers\down\90711135.exe
C:\WINDOWS\system32\drivers\down\90850.exe
C:\WINDOWS\system32\drivers\down\91411.exe
C:\WINDOWS\system32\drivers\down\914434.exe
C:\WINDOWS\system32\drivers\down\915977.exe
C:\WINDOWS\system32\drivers\down\92633.exe
C:\WINDOWS\system32\drivers\down\927223.exe
C:\WINDOWS\system32\drivers\down\928865.exe
C:\WINDOWS\system32\drivers\down\934814.exe
C:\WINDOWS\system32\drivers\down\93764.exe
C:\WINDOWS\system32\drivers\down\94005.exe
C:\WINDOWS\system32\drivers\down\947202.exe
C:\WINDOWS\system32\drivers\down\96338.exe
C:\WINDOWS\system32\drivers\down\968392.exe
C:\WINDOWS\system32\drivers\down\969143.exe
C:\WINDOWS\system32\drivers\down\970395.exe
C:\WINDOWS\system32\drivers\down\984916.exe
C:\WINDOWS\system32\drivers\down\9888639.exe
C:\WINDOWS\system32\drivers\down\9894477.exe
C:\WINDOWS\system32\drivers\down\9899604.exe
C:\WINDOWS\system32\drivers\down\99402.exe
C:\WINDOWS\system32\drivers\down\99463.exe
C:\WINDOWS\system32\drivers\down\99503.exe
C:\WINDOWS\system32\drivers\down\99513.exe
C:\WINDOWS\system32\drivers\down\9962094.exe
C:\WINDOWS\system32\drivers\down\9976886.exe
C:\WINDOWS\system32\drivers\down\99793.exe
C:\WINDOWS\system32\drivers\down\998185.exe
C:\WINDOWS\system32\drivers\down\9982984.exe
C:\WINDOWS\system32\drivers\down\99853.exe
C:\WINDOWS\system32\drivers\down\9991436.exe
C:\WINDOWS\system32\drivers\down\9996033.exe
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\mdelk.exe
C:\WINDOWS\system32\wintems.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SROSA
-------\Service_srosa


((((((((((((((((((((((((( Files Created from 2008-03-05 to 2008-04-05 )))))))))))))))))))))))))))))))
.

2008-04-04 20:24 . 2008-04-04 20:25 <DIR> d-------- C:\Program Files\youar
2008-04-03 19:34 . 2008-04-03 19:34 268 --ah----- C:\sqmdata05.sqm
2008-04-03 19:34 . 2008-04-03 19:34 244 --ah----- C:\sqmnoopt05.sqm
2008-04-03 16:51 . 2008-04-03 16:51 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-03 16:51 . 2008-04-03 16:51 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-02 22:45 . 2008-04-02 22:45 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-02 22:45 . 2008-04-02 22:45 <DIR> d-------- C:\Documents and Settings\kuroko\Application Data\SUPERAntiSpyware.com
2008-04-02 22:45 . 2008-04-02 22:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-02 17:31 . 2008-04-02 17:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Uniblue
2008-04-02 16:33 . 2008-04-02 17:31 <DIR> d-------- C:\Documents and Settings\kuroko\Application Data\Uniblue
2008-03-31 22:14 . 2008-03-31 22:15 <DIR> d-------- C:\Program Files\S450RC
2008-03-31 21:47 . 2008-03-31 21:47 <DIR> d-------- C:\Program Files\Autoruns
2008-03-31 21:28 . 2008-03-31 21:28 <DIR> d-------- C:\Program Files\DiskInternals
2008-03-31 20:19 . 2008-04-02 22:45 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-31 20:19 . 2008-03-31 20:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-31 18:01 . 2008-03-31 18:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-03-30 20:55 . 2008-03-31 19:57 <DIR> d-------- C:\Documents and Settings\kuroko\Application Data\McAfee
2008-03-24 14:10 . 2008-03-24 14:10 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-03-24 14:08 . 2008-03-24 14:11 <DIR> d-------- C:\Netgear
2008-03-19 17:08 . 2008-03-19 17:08 244 --ah----- C:\sqmnoopt04.sqm
2008-03-19 17:08 . 2008-03-19 17:08 232 --ah----- C:\sqmdata04.sqm
2008-03-19 17:05 . 2008-03-19 17:05 268 --ah----- C:\sqmdata03.sqm
2008-03-19 17:05 . 2008-03-19 17:05 244 --ah----- C:\sqmnoopt03.sqm
2008-03-19 09:57 . 2008-03-19 09:59 <DIR> d-------- C:\Documents and Settings\soon chieh\Contacts
2008-03-10 22:34 . 2008-03-10 22:45 <DIR> d-------- C:\Documents and Settings\kuroko\Application Data\U3
2008-03-08 00:38 . 2008-03-08 00:38 268 --ah----- C:\sqmdata02.sqm
2008-03-08 00:38 . 2008-03-08 00:38 244 --ah----- C:\sqmnoopt02.sqm
2008-03-06 19:41 . 2008-03-06 19:41 268 --ah----- C:\sqmdata01.sqm
2008-03-06 19:41 . 2008-03-06 19:41 244 --ah----- C:\sqmnoopt01.sqm
2008-03-06 02:16 . 2008-03-06 02:16 268 --ah----- C:\sqmdata00.sqm
2008-03-06 02:16 . 2008-03-06 02:16 244 --ah----- C:\sqmnoopt00.sqm
2008-03-05 15:54 . 2008-03-05 15:54 <DIR> d-------- C:\Documents and Settings\Papa\Application Data\U3

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-05 03:27 --------- d-----w C:\Program Files\eMule
2008-04-04 00:22 --------- d-----w C:\Documents and Settings\kuroko\Application Data\PC Suite
2008-04-01 04:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-01 03:19 --------- d-----w C:\Program Files\Lavasoft
2008-04-01 03:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-03-06 23:22 --------- d-----w C:\Program Files\Zoom Player
2008-03-02 09:28 --------- d-----w C:\Documents and Settings\kuroko\Application Data\Nokia Multimedia Player
2008-03-02 06:28 --------- d-----w C:\Documents and Settings\kuroko\Application Data\Nokia
2008-03-02 06:18 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-03-02 06:18 --------- d-----w C:\Program Files\Common Files\Nokia
2008-03-02 06:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-03-02 06:16 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-03-02 06:16 --------- d-----w C:\Program Files\DIFX
2008-03-02 06:15 --------- d-----w C:\Program Files\Nokia
2008-03-02 06:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-02-06 05:02 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-02-05 09:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-06 05:03 112,240 ----a-w C:\Documents and Settings\kuroko\Application Data\GDIPFONTCACHEV1.DAT
2006-11-13 18:19 93,352 ----a-w C:\Documents and Settings\Wingstorm\Application Data\GDIPFONTCACHEV1.DAT
2006-03-13 07:03 91,784 ----a-w C:\Documents and Settings\soon chieh\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 313,472 2006-03-30 23:45:08 C:\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe

----a-w 820,736 2005-09-06 22:45:24 C:\Program Files\Common Files\PCSuite\DataLayer\bak\DataLayer.exe
----a-w 863,744 2007-05-04 16:17:36 C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe

----a-w 58,992 2008-03-31 14:50:40 C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe

----a-w 36,975 2005-08-27 01:14:44 C:\Program Files\Java\jre1.5.0_05\bin\bak\jusched.exe

----a-w 892,928 2004-03-18 16:33:26 C:\Program Files\Logitech\iTouch\bak\iTouch.exe

----a-w 458,752 2005-01-19 00:47:30 C:\Program Files\Logitech\Video\bak\ISStart.exe

----a-w 217,088 2005-01-19 00:37:30 C:\Program Files\Logitech\Video\bak\LogiTray.exe

----a-w 176,128 2005-06-29 23:29:26 C:\Program Files\Nokia\Nokia PC Suite 6\bak\LaunchApplication.exe
----a-w 271,360 2007-06-18 23:10:32 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

----a-w 131,072 2004-12-21 00:12:36 C:\Program Files\NVIDIA Corporation\NvMixer\bak\NVMixerTray.exe

----a-w 100,056 2005-09-24 15:49:11 C:\Program Files\SymNetDrv\bak\SNDMon.exe
----a-w 111,840 2006-10-08 04:51:49 C:\Program Files\SymNetDrv\SNDMon.exe

----a-w 208,952 2004-09-01 00:00:00 C:\WINDOWS\ime\imjp8_1\bak\IMJPMIG.EXE
----a-w 208,952 2004-09-01 00:00:00 C:\WINDOWS\ime\imjp8_1\imjpmig.exe

----a-w 44,032 2004-09-01 00:00:00 C:\WINDOWS\ime\imkr6_1\bak\IMEKRMIG.EXE
----a-w 44,032 2004-09-01 00:00:00 C:\WINDOWS\ime\imkr6_1\imekrmig.exe

----a-w 221,184 2004-10-08 18:52:32 C:\WINDOWS\system32\bak\LVCOMSX.EXE

----a-w 155,648 2001-07-09 17:50:42 C:\WINDOWS\system32\bak\NeroCheck.exe

----a-r 147,456 2001-10-17 13:27:40 C:\WINDOWS\system32\bak\TrayIcon.exe

----a-w 59,392 2004-09-01 00:00:00 C:\WINDOWS\system32\IME\PINTLGNT\bak\ImScInst.exe
----a-w 59,392 2004-09-01 00:00:00 C:\WINDOWS\system32\IME\PINTLGNT\imscinst.exe

----a-w 455,168 2004-09-01 00:00:00 C:\WINDOWS\system32\IME\TINTLGNT\bak\TINTSETP.EXE
----a-w 455,168 2004-09-01 00:00:00 C:\WINDOWS\system32\IME\TINTLGNT\tintsetp.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-02-10 17:00 1937408]
"EPSON Stylus C41 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [2002-02-18 20:03 74240]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-31 17:00 15360]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-31 17:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-31 17:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-31 17:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-31 17:00 455168]
"nForce Tray Options"="sstray.exe" [2002-11-13 00:34 73728 C:\WINDOWS\system32\sstray.exe]
"ClubBox"="" []
"SoundMan"="SOUNDMAN.EXE" [2004-06-18 16:31 67584 C:\WINDOWS\SOUNDMAN.EXE]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2006-10-07 21:51 111840]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 16:57 282624]
"EPSON Stylus C41 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [2002-02-18 20:03 74240]
"Google IME Autoupdater"="E:\Google Pinyin\GooglePinyinDaemon.exe" [2008-01-07 03:15 251376]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2006-06-13 05:20 127036]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 16:10 271360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Norton SystemWorks"="C:\Program Files\Norton SystemWorks\cfgwiz.exe" [ ]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 11:17 1241088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-31 17:00 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\Papa\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-09-28 09:25:55 368640]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2005-09-25 22:45:41 450560]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-12 17:01:04 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll 2005-01-31 16:13 49152 C:\PROGRA~1\COMMON~1\stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll 2007-11-30 00:36 229376 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= ,wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= lvcodec2.dll
"MSVideo"= vfwwdm32.dll
"MSVideo8"= VfWWDM32.dll
"vidc.wmv3"= C:\PROGRA~1\COMBIN~1\Filters\wmv9vcm.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\upp_2.00_final_[2005.01.28]\\mirc_upp.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26902:TCP"= 26902:TCP:BitComet 26902 TCP
"26902:UDP"= 26902:UDP:BitComet 26902 UDP
"17300:TCP"= 17300:TCP:BitComet 17300 TCP
"17300:UDP"= 17300:UDP:BitComet 17300 UDP
"18778:TCP"= 18778:TCP:BitComet 18778 TCP
"18778:UDP"= 18778:UDP:BitComet 18778 UDP

R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;C:\WINDOWS\system32\DRIVERS\SI3112r.sys [2004-08-27 16:18]
R3 DFE528TX;D-Link DFE-528TX PCI Adapter;C:\WINDOWS\system32\DRIVERS\DLKRTL.SYS [2002-06-23 21:30]
S3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2004-08-03 22:31]
S3 Memctl;Memctl;C:\Program Files\ABIT\FlashMenu\Memctl.sys [2001-11-29 19:49]
S3 MR97310_VGA_DUAL_CAMERA;Digital Camera;C:\WINDOWS\system32\DRIVERS\mr97310v.sys [2002-07-03 18:01]
S3 nk4Seem;nk4Seem;C:\Documents and Settings\Papa\Desktop\Seem_v4.0.en\nk4Seem.sys []
S3 PortlUSB;PortlUSB;C:\WINDOWS\system32\DRIVERS\YH-820.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e83aa278-2a6b-11da-81b7-806d6172696f}]
\Shell\AutoRun\command - D:\Autorun.exe root.ini

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9032c31-eb06-11dc-86e5-00179a3a12da}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2008-04-03 00:33:17 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-04 20:54:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
.
**************************************************************************
.
Completion time: 2008-04-04 21:01:53 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-05 04:01:48
Pre-Run: 15,892,316,160 bytes free
Post-Run: 18,834,386,944 bytes free
.
2008-02-14 04:07:38 --- E O F ---

[RatHat]

Looks like combo fix got a lot of it! Lets run a script to check some things and clean up a bit.

1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Folder::
C:\Program Files\eMule

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26902:TCP"=-
"26902:UDP"=-
"17300:TCP"=-
"17300:UDP"=-
"18778:TCP"=-
"18778:UDP"=-

DirLook::
C:\Program Files\S450RC

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt
• A new HijackThis log.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Please run an online scan with Kaspersky WebScanner. Note: You must use Internet Explorer to run this scan.

Click the Accept button.

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  Extended (if available otherwise Standard)
  
  • Scan Options:
  Scan Archives
  Scan Mail Bases
• Click OK
• Now under select a target to scan:Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display the results if your system has been infected.
  
  • Now click on the Save as Text button:
• Save the file to your desktop as Kaspersky.txt.
• Copy and paste that information in your next post.

Regards,
RatHat

[cherriedpie]

ComboFix 08-04-03.5 - kuroko 2008-04-04 23:47:23.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.936.86.1033.18.218 [GMT -7:00]
Running from: C:\Documents and Settings\kuroko\Desktop\Combo-Fix.exe
Command switches used :: C:\Documents and Settings\kuroko\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\eMule
C:\Program Files\eMule\Incoming\AlbumArt_{E104D65C-B071-4B6C-915D-E98F0ACEE63A}_Large.jpg
C:\Program Files\eMule\Incoming\AlbumArt_{E104D65C-B071-4B6C-915D-E98F0ACEE63A}_Small.jpg
C:\Program Files\eMule\Incoming\AlbumArtSmall.jpg
C:\Program Files\eMule\Incoming\desktop.ini
C:\Program Files\eMule\Incoming\Folder.jpg
C:\Program Files\eMule\Incoming\Thumbs.db
C:\Program Files\eMule\Temp\001.part
C:\Program Files\eMule\Temp\001.part.met
C:\Program Files\eMule\Temp\001.part.met.bak
C:\Program Files\eMule\Temp\002.part
C:\Program Files\eMule\Temp\002.part.met
C:\Program Files\eMule\Temp\002.part.met.bak
C:\Program Files\eMule\Temp\005.part
C:\Program Files\eMule\Temp\005.part.met
C:\Program Files\eMule\Temp\005.part.met.bak
C:\Program Files\eMule\Temp\010.part
C:\Program Files\eMule\Temp\010.part.met
C:\Program Files\eMule\Temp\010.part.met.bak
C:\Program Files\eMule\Temp\016.part
C:\Program Files\eMule\Temp\016.part.met
C:\Program Files\eMule\Temp\016.part.met.bak

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SROSA


((((((((((((((((((((((((( Files Created from 2008-03-05 to 2008-04-05 )))))))))))))))))))))))))))))))
.

2008-04-04 20:24 . 2008-04-04 20:25 <DIR> d-------- C:\Program Files\youar
2008-04-03 19:34 . 2008-04-03 19:34 268 --ah----- C:\sqmdata05.sqm
2008-04-03 19:34 . 2008-04-03 19:34 244 --ah----- C:\sqmnoopt05.sqm
2008-04-03 16:51 . 2008-04-04 22:38 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-03 16:51 . 2008-04-03 16:51 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-02 22:45 . 2008-04-02 22:45 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-02 22:45 . 2008-04-02 22:45 <DIR> d-------- C:\Documents and Settings\kuroko\Application Data\SUPERAntiSpyware.com
2008-04-02 22:45 . 2008-04-02 22:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-02 17:31 . 2008-04-02 17:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Uniblue
2008-04-02 16:33 . 2008-04-02 17:31 <DIR> d-------- C:\Documents and Settings\kuroko\Application Data\Uniblue
2008-03-31 22:14 . 2008-03-31 22:15 <DIR> d-------- C:\Program Files\S450RC
2008-03-31 21:47 . 2008-03-31 21:47 <DIR> d-------- C:\Program Files\Autoruns
2008-03-31 21:28 . 2008-03-31 21:28 <DIR> d-------- C:\Program Files\DiskInternals
2008-03-31 20:19 . 2008-04-02 22:45 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-31 20:19 . 2008-03-31 20:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-31 18:01 . 2008-03-31 18:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-03-30 20:55 . 2008-03-31 19:57 <DIR> d-------- C:\Documents and Settings\kuroko\Application Data\McAfee
2008-03-24 14:10 . 2008-03-24 14:10 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-03-24 14:08 . 2008-03-24 14:11 <DIR> d-------- C:\Netgear
2008-03-19 17:08 . 2008-03-19 17:08 244 --ah----- C:\sqmnoopt04.sqm
2008-03-19 17:08 . 2008-03-19 17:08 232 --ah----- C:\sqmdata04.sqm
2008-03-19 17:05 . 2008-03-19 17:05 268 --ah----- C:\sqmdata03.sqm
2008-03-19 17:05 . 2008-03-19 17:05 244 --ah----- C:\sqmnoopt03.sqm
2008-03-19 09:57 . 2008-03-19 09:59 <DIR> d-------- C:\Documents and Settings\soon chieh\Contacts
2008-03-10 22:34 . 2008-03-10 22:45 <DIR> d-------- C:\Documents and Settings\kuroko\Application Data\U3
2008-03-08 00:38 . 2008-03-08 00:38 268 --ah----- C:\sqmdata02.sqm
2008-03-08 00:38 . 2008-03-08 00:38 244 --ah----- C:\sqmnoopt02.sqm
2008-03-06 19:41 . 2008-03-06 19:41 268 --ah----- C:\sqmdata01.sqm
2008-03-06 19:41 . 2008-03-06 19:41 244 --ah----- C:\sqmnoopt01.sqm
2008-03-06 02:16 . 2008-03-06 02:16 268 --ah----- C:\sqmdata00.sqm
2008-03-06 02:16 . 2008-03-06 02:16 244 --ah----- C:\sqmnoopt00.sqm
2008-03-05 15:54 . 2008-03-05 15:54 <DIR> d-------- C:\Documents and Settings\Papa\Application Data\U3

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-04 00:22 --------- d-----w C:\Documents and Settings\kuroko\Application Data\PC Suite
2008-04-01 04:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-01 03:19 --------- d-----w C:\Program Files\Lavasoft
2008-04-01 03:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-03-06 23:22 --------- d-----w C:\Program Files\Zoom Player
2008-03-02 09:28 --------- d-----w C:\Documents and Settings\kuroko\Application Data\Nokia Multimedia Player
2008-03-02 06:28 --------- d-----w C:\Documents and Settings\kuroko\Application Data\Nokia
2008-03-02 06:18 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-03-02 06:18 --------- d-----w C:\Program Files\Common Files\Nokia
2008-03-02 06:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-03-02 06:16 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-03-02 06:16 --------- d-----w C:\Program Files\DIFX
2008-03-02 06:15 --------- d-----w C:\Program Files\Nokia
2008-03-02 06:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-02-06 05:02 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-02-05 09:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-06 05:03 112,240 ----a-w C:\Documents and Settings\kuroko\Application Data\GDIPFONTCACHEV1.DAT
2006-11-13 18:19 93,352 ----a-w C:\Documents and Settings\Wingstorm\Application Data\GDIPFONTCACHEV1.DAT
2006-03-13 07:03 91,784 ----a-w C:\Documents and Settings\soon chieh\Application Data\GDIPFONTCACHEV1.DAT
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Program Files\S450RC ----

2008-04-02 23:46 241 --a------ C:\Program Files\S450RC\Seem.ini
2007-09-22 22:18 229376 --a------ C:\Program Files\S450RC\Seem.exe
2007-08-07 01:40 6624 --a------ C:\Program Files\S450RC\English.ini
2007-07-15 12:57 77824 --a------ C:\Program Files\S450RC\nt4Seem.dll
2007-07-14 13:13 7370 --a------ C:\Program Files\S450RC\French.ini
2007-07-14 13:13 7132 --a------ C:\Program Files\S450RC\Espal.ini
2007-07-07 14:07 12750 --a------ C:\Program Files\S450RC\Changelog.txt
2007-04-10 19:50 11264 --a------ C:\Program Files\S450RC\nk4Seem.sys


((((((((((((((((((((((((((((( snapshot@2008-04-04_20.58.45.75 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-09 18:36:52 62,286 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-04-05 03:58:48 62,286 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-03-09 18:36:52 400,624 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-04-05 03:58:48 400,624 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 313,472 2006-03-30 23:45:08 C:\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe

----a-w 820,736 2005-09-06 22:45:24 C:\Program Files\Common Files\PCSuite\DataLayer\bak\DataLayer.exe
----a-w 863,744 2007-05-04 16:17:36 C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe

----a-w 58,992 2008-03-31 14:50:40 C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe

----a-w 36,975 2005-08-27 01:14:44 C:\Program Files\Java\jre1.5.0_05\bin\bak\jusched.exe

----a-w 892,928 2004-03-18 16:33:26 C:\Program Files\Logitech\iTouch\bak\iTouch.exe

----a-w 458,752 2005-01-19 00:47:30 C:\Program Files\Logitech\Video\bak\ISStart.exe

----a-w 217,088 2005-01-19 00:37:30 C:\Program Files\Logitech\Video\bak\LogiTray.exe

----a-w 176,128 2005-06-29 23:29:26 C:\Program Files\Nokia\Nokia PC Suite 6\bak\LaunchApplication.exe
----a-w 271,360 2007-06-18 23:10:32 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

----a-w 131,072 2004-12-21 00:12:36 C:\Program Files\NVIDIA Corporation\NvMixer\bak\NVMixerTray.exe

----a-w 100,056 2005-09-24 15:49:11 C:\Program Files\SymNetDrv\bak\SNDMon.exe
----a-w 111,840 2006-10-08 04:51:49 C:\Program Files\SymNetDrv\SNDMon.exe

----a-w 208,952 2004-09-01 00:00:00 C:\WINDOWS\ime\imjp8_1\bak\IMJPMIG.EXE
----a-w 208,952 2004-09-01 00:00:00 C:\WINDOWS\ime\imjp8_1\imjpmig.exe

----a-w 44,032 2004-09-01 00:00:00 C:\WINDOWS\ime\imkr6_1\bak\IMEKRMIG.EXE
----a-w 44,032 2004-09-01 00:00:00 C:\WINDOWS\ime\imkr6_1\imekrmig.exe

----a-w 221,184 2004-10-08 18:52:32 C:\WINDOWS\system32\bak\LVCOMSX.EXE

----a-w 155,648 2001-07-09 17:50:42 C:\WINDOWS\system32\bak\NeroCheck.exe

----a-r 147,456 2001-10-17 13:27:40 C:\WINDOWS\system32\bak\TrayIcon.exe

----a-w 59,392 2004-09-01 00:00:00 C:\WINDOWS\system32\IME\PINTLGNT\bak\ImScInst.exe
----a-w 59,392 2004-09-01 00:00:00 C:\WINDOWS\system32\IME\PINTLGNT\imscinst.exe

----a-w 455,168 2004-09-01 00:00:00 C:\WINDOWS\system32\IME\TINTLGNT\bak\TINTSETP.EXE
----a-w 455,168 2004-09-01 00:00:00 C:\WINDOWS\system32\IME\TINTLGNT\tintsetp.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-02-10 17:00 1937408]
"EPSON Stylus C41 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [2002-02-18 20:03 74240]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-31 17:00 15360]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-31 17:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-31 17:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-31 17:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-31 17:00 455168]
"nForce Tray Options"="sstray.exe" [2002-11-13 00:34 73728 C:\WINDOWS\system32\sstray.exe]
"ClubBox"="" []
"SoundMan"="SOUNDMAN.EXE" [2004-06-18 16:31 67584 C:\WINDOWS\SOUNDMAN.EXE]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2006-10-07 21:51 111840]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 16:57 282624]
"EPSON Stylus C41 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [2002-02-18 20:03 74240]
"Google IME Autoupdater"="E:\Google Pinyin\GooglePinyinDaemon.exe" [2008-01-07 03:15 251376]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2006-06-13 05:20 127036]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 16:10 271360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Norton SystemWorks"="C:\Program Files\Norton SystemWorks\cfgwiz.exe" [ ]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 11:17 1241088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-31 17:00 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\Papa\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-09-28 09:25:55 368640]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2005-09-25 22:45:41 450560]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-12 17:01:04 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll 2005-01-31 16:13 49152 C:\PROGRA~1\COMMON~1\stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll 2007-11-30 00:36 229376 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= ,wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= lvcodec2.dll
"MSVideo"= vfwwdm32.dll
"MSVideo8"= VfWWDM32.dll
"vidc.wmv3"= C:\PROGRA~1\COMBIN~1\Filters\wmv9vcm.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\upp_2.00_final_[2005.01.28]\\mirc_upp.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=

R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;C:\WINDOWS\system32\DRIVERS\SI3112r.sys [2004-08-27 16:18]
R3 DFE528TX;D-Link DFE-528TX PCI Adapter;C:\WINDOWS\system32\DRIVERS\DLKRTL.SYS [2002-06-23 21:30]
S3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2004-08-03 22:31]
S3 Memctl;Memctl;C:\Program Files\ABIT\FlashMenu\Memctl.sys [2001-11-29 19:49]
S3 MR97310_VGA_DUAL_CAMERA;Digital Camera;C:\WINDOWS\system32\DRIVERS\mr97310v.sys [2002-07-03 18:01]
S3 nk4Seem;nk4Seem;C:\Documents and Settings\Papa\Desktop\Seem_v4.0.en\nk4Seem.sys []
S3 PortlUSB;PortlUSB;C:\WINDOWS\system32\DRIVERS\YH-820.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e83aa278-2a6b-11da-81b7-806d6172696f}]
\Shell\AutoRun\command - D:\Autorun.exe root.ini

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9032c31-eb06-11dc-86e5-00179a3a12da}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2008-04-03 00:33:17 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-04 23:52:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
.
**************************************************************************
.
Completion time: 2008-04-04 23:58:05 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-05 06:57:59
ComboFix2.txt 2008-04-05 04:01:54
Pre-Run: 18,803,949,568 bytes free
Post-Run: 18,791,784,448 bytes free
.
2008-02-14 04:07:38 --- E O F ---

[cherriedpie]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:59:25 PM, on 4/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\sstray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
E:\Google Pinyin\GooglePinyinDaemon.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\kuroko\Desktop\kuroko.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus C41 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C41 Series" /O6 "USB001" /M "Stylus C41"
O4 - HKLM\..\Run: [Google IME Autoupdater] "E:\Google Pinyin\GooglePinyinDaemon.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [EPSON Stylus C41 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /A "C:\WINDOWS\system32\E_S4F.tmp"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-18\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.c.../NowStarter.cab
O16 - DPF: {0AE0F5F9-8233-49A4-A3C8-004CE190787B} (BMSpeedCheck Control) - http://www.pdbox.co....MSpeedCheck.cab
O16 - DPF: {14E35D5F-DEBA-4DB3-B2ED-17542BA12D1F} (CV781Object Object) - http://tentco.homeip.net/AV718.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {1FAF427B-1EE5-43D3-A023-3009142AFCD4} (CS Order Entry Control (RHS)) - http://download.exce...b/csoex_rhs.cab
O16 - DPF: {1FAF427B-1EE5-43D3-A023-3009142AFCD9} (CS Order Entry Control (MBB)) - https://www.maybank2...b/csoex_mbb.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1176247111030
O16 - DPF: {A22B8FD2-4CAA-4EFB-82F7-680CD656D9B0} (NowStarter Control) - http://www.gogobox.c...GNowStarter.cab
O16 - DPF: {B9B2EE1A-E314-4338-A305-BE845EACB112} (CyberStock 250) - http://download.exce...hs/cab/cswx.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer....l/installer.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{BED72584-7F04-4214-B19B-FA43192191EE}: NameServer = 10.0.0.2,10.0.0.5
O20 - AppInit_DLLs: ,wbsys.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\Program Files\McAfee\VirusScan\McShield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8245 bytes

[RatHat]

Could you post me the Kaspersky log please.

Regards,
RatHat

[cherriedpie]

yes, yes I know. I left it on to scan yesterday night and the next morning my computer was switched off.
Will scan again. It'll take about 3 hours. =(

[cherriedpie]

Kaspersky Log

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, April 05, 2008 2:39:45 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 5/04/2008
Kaspersky Anti-Virus database records: 682912
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 130526
Number of viruses found: 5
Number of infected objects: 189
Number of suspicious objects: 0
Duration of the scan process: 01:53:30

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\kuroko\Application Data\Google\Google Pinyin\special.lib Object is locked skipped
C:\Documents and Settings\kuroko\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\kuroko\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\kuroko\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\kuroko\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\kuroko\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\kuroko\Local Settings\History\History.IE5\MSHist012008040520080406\index.dat Object is locked skipped
C:\Documents and Settings\kuroko\Local Settings\Temp\fla716.tmp Object is locked skipped
C:\Documents and Settings\kuroko\Local Settings\Temp\fla72C.tmp Object is locked skipped
C:\Documents and Settings\kuroko\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\kuroko\Local Settings\Temporary Internet Files\Content.IE5\ETH4MO5H\15170506[1].flv Object is locked skipped
C:\Documents and Settings\kuroko\Local Settings\Temporary Internet Files\Content.IE5\ETH4MO5H\15170893[1].flv Object is locked skipped
C:\Documents and Settings\kuroko\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\kuroko\Local Settings\Temporary Internet Files\Content.IE5\Z45B8JUQ\install_all_win_ax_sgn[2].z Object is locked skipped
C:\Documents and Settings\kuroko\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\kuroko\NtUser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\101365.exe.vir Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\101726.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\103448.exe.vir Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\103739.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\10413313.exe.vir Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\10413333.exe.vir Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\104189.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\10442896.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\10447422.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\109747.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\109777.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\110388.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\110909.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\112882.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\114254.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\115916.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\117298.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\120743.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\121024.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\122766.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\124719.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\125029.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\125630.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\128494.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\130707.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\131298.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\131749.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\135334.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\135745.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\1382287.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\14730972.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\14784909.exe.vir Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\14921676.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\14940793.exe.vir Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\15126300.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\152058.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\15206625.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\15305828.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\15313159.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\15386104.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\15397340.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\15435074.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\15512635.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\15579191.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\15592070.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\15677262.exe.vir Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\15732131.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\211393.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\221017.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\265241.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\29574375.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\29682611.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\29818136.exe.vir Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\30204021.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\30428594.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\30438798.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\30618857.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\30622773.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\3445143.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\356632.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\44157515.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\44221487.exe.vir Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\44247885.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\44483764.exe.vir Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\58961702.exe.vir Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\59135983.exe.vir Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\59143003.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\59666325.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\67937.exe.vir Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\713796.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\73635.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\74010771.exe.vir Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\74058951.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\74773007.exe.vir Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\74842527.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\77100.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\77551.exe.vir Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\83349.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\85733.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\86364.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\90210616.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\90850.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\91411.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\92633.exe.vir Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\93764.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\99402.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\99463.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\99503.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\99513.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\99853.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\catchme2008-04-04_205435.55.zip/Documents and Settings/kuroko/Desktop/catchme.zip/srosa.sys Infected: Trojan-Downloader.Win32.Bagle.kh skipped
C:\QooBox\Quarantine\catchme2008-04-04_205435.55.zip/Documents and Settings/kuroko/Desktop/catchme.zip/hldrrr.exe Infected: Trojan-Downloader.Win32.Bagle.kh skipped
C:\QooBox\Quarantine\catchme2008-04-04_205435.55.zip/Documents and Settings/kuroko/Desktop/catchme.zip Infected: Trojan-Downloader.Win32.Bagle.kh skipped
C:\QooBox\Quarantine\catchme2008-04-04_205435.55.zip ZIP: infected - 3 skipped
C:\QooBox\Quarantine\Registry_backups\Service_srosa.reg.dat Infected: Trojan-Downloader.Win32.Bagle.hp skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP1\A0000035.sys Infected: Trojan-Downloader.Win32.Bagle.kh skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP1\A0000036.exe Infected: Trojan-Downloader.Win32.Bagle.kh skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0000106.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0000108.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0000111.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0000112.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0000113.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0000114.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0000115.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0000116.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0000117.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0000140.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0000141.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0000142.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0000145.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0000148.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0000150.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0000154.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0000155.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0000160.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0000161.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0000166.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0000170.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0000172.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0000173.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0000176.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0000177.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0000179.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0000180.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0000184.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0000185.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0000192.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0000211.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0000215.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0000237.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0000243.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0000263.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0000277.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0000278.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0000298.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0000304.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0000317.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0000322.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0000335.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0000351.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0000369.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0000372.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0000388.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0000396.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0000534.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0000544.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0000606.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0000631.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0000643.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0000657.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0000684.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0000700.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0000702.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0000710.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0000711.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0000783.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0000796.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0000890.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0000895.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0000896.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0000914.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0001054.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0001063.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0001064.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0001089.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0001145.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0001161.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0001175.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0001180.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0001182.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0001200.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0001201.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0001216.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0001217.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0001235.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0001244.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0001246.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0001251.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0001262.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0001263.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0001266.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0001270.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0001281.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0001282.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0001283.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0001284.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0001290.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP2\A0001306.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{482071DA-BC19-4DB3-B448-285C26F54359}\RP4\change.log Object is locked skipped
C:\upp_2.00_final_[2005.01.28]\mirc_upp.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.