Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

core.cache.dsk? Smitfraud? [RESOLVED]

Started by Shari , May 07 2008 01:18 PM

This topic is locked

#1
Shari

Posted 07 May 2008 - 01:18 PM

Member

Member
75 posts

I tried a process to remove core.cache.dsk which didn't work then ran Smitfraudfix from this site - didn't work. My system is a mess and I'm frustrated! Any help would be appreciated.

Also, before this (I downloaded shareware and was infected some time on Monday) my system was very slow. I run a lot of video/photo editing stuff - any suggestions on making my PC more efficient?

Thanks much!
Shari

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:13:30 PM, on 5/7/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: (no name) - {4F96CCB9-01EC-419E-AAEA-C2C913F2A236} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IE Developer Toolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - (no file)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [Host Process] C:\Documents and Settings\Mom\svchost.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [DellSupport-] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: TotalMedia Backup Monitor.lnk = C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-36.cab
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.h...llMgr_v01_6.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1127600540625
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgall..._2/axofupld.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.del...t/TLIEFlash.CAB
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai....02/cpbrkpie.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} - http://h30155.www3.h...edsolutions.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart...ploadClient.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.c...ers/play365.cab
O16 - DPF: {D1D98C0F-A339-42AB-BD5F-EA0FF5D0E65F} (RockYou Image Uploader Control) - http://rockyou.com/R...ageUploader.cab
O16 - DPF: {D42ED9FF-DF46-4AD9-A3FE-46BAF896466E} - http://www.sunbelt-s.../CounterSpy.CAB
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.on...e/en/crlocx.ocx
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?326
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.aka...vex-2.2.1.6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{94F40BC2-5F77-47DA-9061-4FF56BE9F588}: NameServer = 216.220.0.1,216.220.30.1
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O20 - Winlogon Notify: tuvSmMGw - tuvSmMGw.dll (file missing)
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Desktop Manager 5.7.801.1629 (GoogleDesktopManager-010108-205858) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

--
End of file - 12089 bytes

#2
Rorschach112

Posted 07 May 2008 - 01:19 PM

Ralphie

Retired Staff
47,710 posts

Hello

Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

#3
Shari

Posted 07 May 2008 - 03:34 PM

Member

Topic Starter
Member
75 posts

Thanks for the fast response. Below are my logs:

ComboFix.txt

ComboFix 08-05-01.3 - Mom 2008-05-07 14:38:23.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.452 [GMT -6:00]
Running from: C:\Documents and Settings\Mom\Desktop\combofix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\cbXRLeEW.dll
C:\WINDOWS\system32\ddeeg.ini
C:\WINDOWS\system32\drivers\drvnddmm.sys
C:\WINDOWS\system32\fjbpkvhe.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\SYSTEM32\wFeMlnpo.ini
C:\WINDOWS\SYSTEM32\wFeMlnpo.ini2

----- BITS: Possible infected sites -----

hxxp://s229.photobucket.com
hxxp://i229.photobucket.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DRVNDDMM
-------\Service_drvnddmm

((((((((((((((((((((((((( Files Created from 2008-04-07 to 2008-05-07 )))))))))))))))))))))))))))))))
.

2008-05-07 13:16 . 2008-05-07 13:16 <DIR> d-------- C:\Program Files\CCleaner
2008-05-07 13:13 . 2008-05-07 13:13 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-07 11:42 . 2008-05-07 11:42 167,545 --------- C:\WINDOWS\SYSTEM32\DRIVERS\core.cache.dsk
2008-05-06 20:16 . 2008-05-06 20:16 <DIR> d-------- C:\WINDOWS\SYSTEM32\scripting
2008-05-06 20:15 . 2008-05-06 20:15 <DIR> d-------- C:\WINDOWS\SYSTEM32\en
2008-05-06 20:15 . 2008-05-06 20:16 <DIR> d-------- C:\WINDOWS\l2schemas
2008-05-06 19:58 . 2008-04-13 18:12 291,328 --a------ C:\WINDOWS\SYSTEM32\qagentrt.dll
2008-05-06 19:58 . 2008-04-13 18:12 150,528 --a------ C:\WINDOWS\SYSTEM32\qagent.dll
2008-05-06 19:58 . 2008-04-13 18:12 144,384 --a------ C:\WINDOWS\SYSTEM32\onex.dll
2008-05-06 19:58 . 2008-04-13 18:12 76,800 --a------ C:\WINDOWS\SYSTEM32\qutil.dll
2008-05-06 19:58 . 2008-04-13 18:12 69,120 --a------ C:\WINDOWS\SYSTEM32\wlanapi.dll
2008-05-06 19:58 . 2008-04-13 18:12 62,464 --a------ C:\WINDOWS\SYSTEM32\qcliprov.dll
2008-05-06 19:58 . 2008-04-13 18:12 61,952 --a------ C:\WINDOWS\SYSTEM32\rasqec.dll
2008-05-06 19:58 . 2008-04-13 18:12 50,688 --a------ C:\WINDOWS\SYSTEM32\tspkg.dll
2008-05-06 19:58 . 2008-04-13 18:12 32,768 --a------ C:\WINDOWS\SYSTEM32\setupn.exe
2008-05-06 19:58 . 2008-04-13 12:40 10,240 --------- C:\WINDOWS\SYSTEM32\DRIVERS\sffp_mmc.sys
2008-05-06 19:56 . 2008-04-13 18:11 650,752 --a------ C:\WINDOWS\SYSTEM32\dot3ui.dll
2008-05-06 19:28 . 2008-05-06 19:19 691,545 --a------ C:\WINDOWS\unins001.exe
2008-05-06 19:28 . 2008-05-06 19:28 2,537 --a------ C:\WINDOWS\unins001.dat
2008-05-06 18:29 . 2008-05-06 18:29 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-06 18:29 . 2008-05-06 18:29 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-06 12:45 . 2008-05-06 13:08 <DIR> d--hs---- C:\Documents and Settings\Mom\!
2008-05-06 12:40 . 2008-05-06 12:40 2,112 --a------ C:\WINDOWS\SYSTEM32\lmpohnan.exe
2008-05-06 12:39 . 2008-05-06 17:04 109,861 --a------ C:\WINDOWS\BMe38aa886.xml
2008-05-06 12:24 . 2008-05-06 12:24 200,766 --a------ C:\WINDOWS\SYSTEM32\kcntmkdm.exe
2008-05-06 12:23 . 2008-05-06 12:23 <DIR> d-------- C:\WINDOWS\SYSTEM32\xdb4
2008-05-06 12:23 . 2008-05-06 12:23 <DIR> d-------- C:\WINDOWS\SYSTEM32\din3
2008-05-06 12:23 . 2008-05-06 12:23 <DIR> d-------- C:\WINDOWS\SYSTEM32\cNF
2008-05-06 12:23 . 2008-05-06 15:54 <DIR> d-------- C:\WINDOWS\SYSTEM32\cdTMP
2008-05-06 12:23 . 2008-05-06 12:23 <DIR> d-------- C:\WINDOWS\SYSTEM32\bkEur05
2008-05-06 12:23 . 2008-05-06 12:25 <DIR> d-------- C:\WINDOWS\SYSTEM32\12033
2008-05-06 12:23 . 2008-05-06 12:23 <DIR> d-------- C:\temp\maxsv15
2008-05-06 12:23 . 2008-05-06 12:23 <DIR> d-------- C:\Program Files\winvi
2008-05-06 12:23 . 2008-05-06 12:24 401,970 --a------ C:\WINDOWS\SYSTEM32\g61.exe
2008-05-06 12:23 . 2008-05-06 12:23 37,376 --a------ C:\WINDOWS\17PHolmes1000106.exe
2008-05-01 08:41 . 2007-01-10 06:00 244,736 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\c2scsi.sys
2008-04-28 15:36 . 2007-11-22 17:00 483,328 --a------ C:\WINDOWS\SYSTEM32\actskn45.ocx
2008-04-26 21:16 . 2008-05-07 14:23 1,024 --ah----- C:\Documents and Settings\Sharolyn Suek\ntuser.dat.LOG
2008-04-26 21:15 . 2008-04-26 21:15 <DIR> d-------- C:\Program Files\Common Files\SureThing Shared
2008-04-26 21:15 . 2008-04-26 21:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\YAHOO
2008-04-10 13:32 . 2001-08-17 12:19 96,256 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ctlsb16.sys
2008-04-10 13:32 . 1994-09-21 00:00 12,800 --a------ C:\WINDOWS\SYSTEM\wing32.dll
2008-04-10 08:17 . 2006-12-12 11:16 22,528 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\emAudio.sys
2008-04-10 08:14 . 2005-12-21 09:14 100,957 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\emDevice.sys
2008-04-10 08:14 . 2006-11-06 13:31 81,920 --a------ C:\WINDOWS\SYSTEM32\PCLECoInst.dll
2008-04-10 08:14 . 2005-12-21 09:14 45,056 --a------ C:\WINDOWS\SYSTEM32\emVFW.dll
2008-04-10 08:14 . 2005-12-21 09:14 32,768 --a------ C:\WINDOWS\SYSTEM32\emProp.ax
2008-04-10 08:14 . 2005-12-21 09:14 24,269 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\emStream.sys
2008-04-10 08:14 . 2005-12-21 09:14 17,808 --a------ C:\WINDOWS\SYSTEM32\emYUV.dll
2008-04-10 08:14 . 2005-12-21 09:14 9,739 --a------ C:\WINDOWS\SYSTEM32\emUSD.dll
2008-04-10 08:14 . 2005-12-21 09:14 5,245 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\emFilter.sys
2008-04-10 08:14 . 2005-12-21 09:14 4,493 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\emScan.sys
2008-04-10 08:03 . 2008-05-01 00:24 <DIR> d-------- C:\Documents and Settings\Mom\Application Data\Roxio
2008-04-10 08:03 . 2008-04-10 18:47 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Roxio
2008-04-10 08:02 . 2008-04-10 08:02 <DIR> d-------- C:\Program Files\InterActual
2008-04-10 07:23 . 2008-04-10 07:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Roxio
2008-04-10 07:20 . 2008-04-10 07:20 <DIR> d-------- C:\Program Files\SmartSound Software
2008-04-10 07:20 . 2008-04-10 07:30 <DIR> d-------- C:\Program Files\Roxio
2008-04-10 07:20 . 2008-04-10 07:28 <DIR> d-------- C:\Program Files\Common Files\Roxio Shared
2008-04-10 07:20 . 2008-04-10 10:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2008-04-10 07:20 . 2008-04-10 07:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-04-10 07:19 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\SYSTEM32\d3dx9_33.dll
2008-04-10 07:19 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\SYSTEM32\D3DCompiler_33.dll
2008-04-10 07:19 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\SYSTEM32\d3dx10_33.dll
2008-04-10 07:09 . 2008-04-10 07:10 <DIR> d-------- C:\Program Files\Pinnacle
2008-04-10 07:09 . 2002-07-26 17:02 153,088 --a------ C:\Program Files\UNWISE.EXE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-07 18:09 --------- d-----w C:\Program Files\msaccrt
2008-05-07 17:56 --------- d-----w C:\Documents and Settings\Mom\Application Data\OfficeUpdate12
2008-05-07 05:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-05-07 02:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-07 01:36 --------- d-----w C:\Documents and Settings\Mom\Application Data\LimeWire
2008-05-07 01:33 --------- d---a-w C:\Program Files\Spybot - Search & Destroy
2008-05-07 00:21 --------- d---a-w C:\Program Files\SpywareBlaster
2008-05-06 23:25 --------- d---a-w C:\Program Files\LimeWire
2008-05-06 23:16 --------- d---a-w C:\Program Files\Google
2008-05-06 19:58 --------- d-----w C:\Program Files\Common Files\InstallerA
2008-05-06 19:58 --------- d-----w C:\Documents and Settings\Mom\Application Data\Sinner
2008-05-06 17:21 --------- d---a-w C:\Program Files\QUICKENW
2008-05-06 17:19 --------- d---a-w C:\Program Files\Unlocker
2008-05-06 17:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-30 07:46 --------- d---a-w C:\Program Files\HackCleaner
2008-04-30 07:41 --------- d---a-w C:\Program Files\Wise Disk Cleaner
2008-04-27 15:57 --------- d--h--r C:\Documents and Settings\Mom\Application Data\yahoo!
2008-04-27 15:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-27 03:17 --------- d---a-w C:\Program Files\Yahoo!
2008-04-14 04:57 --------- d---a-w C:\Program Files\exPressit S.E. 2.1
2008-04-14 00:13 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 00:13 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 00:13 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 00:13 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 00:12 69,120 ----a-w C:\WINDOWS\notepad.exe
2008-04-14 00:12 50,688 --sh--w C:\WINDOWS\twain_32.dll
2008-04-14 00:12 34,816 ----a-w C:\WINDOWS\Help\sniffpol.dll
2008-04-14 00:12 33,280 ----a-w C:\WINDOWS\Help\sstub.dll
2008-04-14 00:12 32,866 ------w C:\WINDOWS\slrundll.exe
2008-04-14 00:12 3,901 ------w C:\WINDOWS\system32\drivers\siint5.dll
2008-04-14 00:12 283,648 ----a-w C:\WINDOWS\winhlp32.exe
2008-04-14 00:12 279,040 ----a-w C:\WINDOWS\Help\tshoot.dll
2008-04-14 00:12 146,432 ----a-w C:\WINDOWS\regedit.exe
2008-04-14 00:12 11,325 ------w C:\WINDOWS\system32\drivers\vchnt5.dll
2008-04-14 00:12 10,752 ----a-w C:\WINDOWS\hh.exe
2008-04-14 00:12 1,033,728 ----a-w C:\WINDOWS\explorer.exe
2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 19:18 52,480 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 19:15 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 19:00 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 18:56 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-13 18:56 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-13 18:56 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-13 18:55 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-04-13 18:53 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-13 18:53 36,608 ------w C:\WINDOWS\system32\drivers\ip6fw.sys
2008-04-13 18:53 264,832 ------w C:\WINDOWS\system32\drivers\http.sys
2008-04-13 18:51 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys
2008-04-13 18:51 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys
2008-04-13 18:51 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys
2008-04-13 18:51 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys
2008-04-13 18:51 101,120 ------w C:\WINDOWS\system32\drivers\bthpan.sys
2008-04-13 18:47 25,856 ----a-w C:\WINDOWS\system32\drivers\usbprint.sys
2008-04-13 18:45 6,272 ----a-w C:\WINDOWS\system32\drivers\splitter.sys
2008-04-13 18:45 46,592 ------w C:\WINDOWS\system32\drivers\irbus.sys
2008-04-13 18:45 36,864 ----a-w C:\WINDOWS\system32\drivers\hidclass.sys
2008-04-13 18:45 32,128 ----a-w C:\WINDOWS\system32\drivers\usbccgp.sys
2008-04-13 18:45 30,208 ----a-w C:\WINDOWS\system32\drivers\usbehci.sys
2008-04-13 18:45 25,728 ----a-w C:\WINDOWS\system32\drivers\usbcamd2.sys
2008-04-13 18:45 25,600 ----a-w C:\WINDOWS\system32\drivers\usbcamd.sys
2008-04-13 18:45 24,960 ----a-w C:\WINDOWS\system32\drivers\hidparse.sys
2008-04-13 18:45 19,200 ------w C:\WINDOWS\system32\drivers\hidir.sys
2008-04-13 18:45 172,416 ----a-w C:\WINDOWS\system32\drivers\kmixer.sys
2008-04-13 18:45 15,872 ----a-w C:\WINDOWS\system32\drivers\usbintel.sys
2008-04-13 18:45 10,368 ----a-w C:\WINDOWS\system32\drivers\hidusb.sys
2008-04-13 18:44 81,664 ----a-w C:\WINDOWS\system32\drivers\videoprt.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-03 23:47 68856]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-10-09 18:56 202544]
"DellSupport-"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 18:12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 13:52 339968]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-09 18:57 16384]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-22 13:17 185896]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 06:33 122941]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-21 12:32 29744]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"USBToolTip"="C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [2006-10-16 13:50 202312]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2007-08-24 15:52 240112]
"DMXLauncher"="C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe" [2007-08-14 03:44 113136]
"USB2Check"="C:\WINDOWS\system32\PCLECoInst.dll" [2006-11-06 13:31 81920]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-28 23:29 6731312]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
APC UPS Status.lnk - C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe [2004-09-02 08:44:51 209016]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2004-08-21 20:51:55 24576]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 00:23:26 282624]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 01:49:24 73728]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-09-19 05:33:46 282624]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 02:15:54 65588]
TotalMedia Backup Monitor.lnk - C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe [2007-11-20 15:40:29 270336]
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2008-02-05 14:29:20 54512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvSmMGw]
tuvSmMGw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.SP54"= SP5X_32.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Forget Me Not.lnk]
backup=C:\WINDOWS\pss\Forget Me Not.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HPAiODevice(hp officejet d series) - 1.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
backup=C:\WINDOWS\pss\Kodak software updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk]
backup=C:\WINDOWS\pss\Quicken Startup.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Mom^Start Menu^Programs^Startup^SpywareGuard.lnk]
path=C:\Documents and Settings\Mom\Start Menu\Programs\Startup\SpywareGuard.lnk
backup=C:\WINDOWS\pss\SpywareGuard.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
--a------ 2007-06-28 23:29 6731312 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-03-09 11:09 63712 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMe38aa886]
C:\WINDOWS\system32\ltuisjll.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--a--c--- 2004-04-11 10:43 53248 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\e0b99b1a]
C:\WINDOWS\system32\ehvkpbjf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HXDL.EXE]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2007-12-22 13:17 214560 C:\Program Files\Real\RealPlayer\RealPlay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a------ 2006-02-18 05:23 6144 C:\Program Files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherCast]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL ACS"=2 (0x2)
"WANMiniportService"=2 (0x2)
"ScsiAccess"=2 (0x2)
"IAANTMon"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"DSBrokerService"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"WMPNetworkSvc"=2 (0x2)
"SessionLauncher"=2 (0x2)
"RoxLiveShare10"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"Bonjour Service"=3 (0x3)
"AVG Anti-Spyware Guard"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R1 c2scsi;c2scsi;C:\WINDOWS\system32\drivers\c2scsi.sys [2007-01-10 06:00]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;"C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe" [2007-08-24 15:52]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-10-09 18:56]
R3 RoxMediaDB10;RoxMediaDB10;"C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe" [2007-08-24 15:52]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;"C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe" [2007-08-24 15:53]
S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);C:\WINDOWS\system32\drivers\ctlsb16.sys [2001-08-17 12:19]
S3 GoogleDesktopManager-010108-205858;Google Desktop Manager 5.7.801.1629;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-21 12:32]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;"C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe" [2007-08-24 15:53]
S4 RoxLiveShare10;LiveShare P2P Server 10;"C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" [2007-08-24 15:52]
S4 SessionLauncher;SessionLauncher;C:\DOCUME~1\Mom\LOCALS~1\Temp\DX9\SessionLauncher.exe []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e83574de-9abf-11db-8f67-00111138f0bf}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2008-05-06 23:10:04 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
- C:\WINDOWS\system32\rundll32.exelC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.5.30.2.sxt _RegistrationOffer@16
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-07 14:46:59
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\SYSTEM32\ati2evxx.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\SYSTEM32\HPZipm12.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\SYSTEM32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\WINDOWS\SYSTEM32\verclsid.exe
.
**************************************************************************
.
Completion time: 2008-05-07 14:58:57 - machine was rebooted [Mom]
ComboFix-quarantined-files.txt 2008-05-07 20:58:52
ComboFix2.txt 2007-08-01 14:03:32

Pre-Run: 81,855,741,952 bytes free
Post-Run: 81,875,668,992 bytes free

374 --- E O F --- 2008-04-09 01:38:12

Hijackthis.log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:28:42 PM, on 5/7/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [DellSupport-] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: TotalMedia Backup Monitor.lnk = C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-36.cab
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.h...llMgr_v01_6.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1127600540625
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgall..._2/axofupld.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.del...t/TLIEFlash.CAB
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai....02/cpbrkpie.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} - http://h30155.www3.h...edsolutions.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart...ploadClient.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.c...ers/play365.cab
O16 - DPF: {D1D98C0F-A339-42AB-BD5F-EA0FF5D0E65F} (RockYou Image Uploader Control) - http://rockyou.com/R...ageUploader.cab
O16 - DPF: {D42ED9FF-DF46-4AD9-A3FE-46BAF896466E} - http://www.sunbelt-s.../CounterSpy.CAB
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.on...e/en/crlocx.ocx
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?326
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.aka...vex-2.2.1.6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{94F40BC2-5F77-47DA-9061-4FF56BE9F588}: NameServer = 216.220.0.1,216.220.30.1
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O20 - Winlogon Notify: tuvSmMGw - tuvSmMGw.dll (file missing)
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Desktop Manager 5.7.801.1629 (GoogleDesktopManager-010108-205858) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

--
End of file - 12097 bytes

#4
Rorschach112

Posted 07 May 2008 - 06:42 PM

Ralphie

Retired Staff
47,710 posts

Hello

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\SYSTEM32\DRIVERS\core.cache.dsk
C:\WINDOWS\SYSTEM32\lmpohnan.exe
C:\WINDOWS\BMe38aa886.xml
C:\WINDOWS\SYSTEM32\kcntmkdm.exe
C:\WINDOWS\SYSTEM32\g61.exe
H:\LaunchU3.exe
C:\WINDOWS\17PHolmes1000106.exe
C:\WINDOWS\system32\ehvkpbjf.dll

Folder::
C:\WINDOWS\SYSTEM32\xdb4
C:\WINDOWS\SYSTEM32\din3
C:\WINDOWS\SYSTEM32\cNF
C:\WINDOWS\SYSTEM32\cdTMP
C:\WINDOWS\SYSTEM32\bkEur05
C:\WINDOWS\SYSTEM32\12033
C:\temp\maxsv15
C:\Program Files\winvi
C:\Documents and Settings\Mom\!

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\e0b99b1a]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e83574de-9abf-11db-8f67-00111138f0bf}]

Driver::

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Also post a new HijackThis log

#5
Shari

Posted 07 May 2008 - 10:52 PM

Member

Topic Starter
Member
75 posts

Ready for this? I will do the ComboFix file in the next few posts as it is quite large. The HJT file is below:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:46:39 PM, on 5/7/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [DellSupport-] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: TotalMedia Backup Monitor.lnk = C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-36.cab
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.h...llMgr_v01_6.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1127600540625
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgall..._2/axofupld.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.del...t/TLIEFlash.CAB
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai....02/cpbrkpie.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} - http://h30155.www3.h...edsolutions.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart...ploadClient.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.c...ers/play365.cab
O16 - DPF: {D1D98C0F-A339-42AB-BD5F-EA0FF5D0E65F} (RockYou Image Uploader Control) - http://rockyou.com/R...ageUploader.cab
O16 - DPF: {D42ED9FF-DF46-4AD9-A3FE-46BAF896466E} - http://www.sunbelt-s.../CounterSpy.CAB
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.on...e/en/crlocx.ocx
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?326
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.aka...vex-2.2.1.6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{94F40BC2-5F77-47DA-9061-4FF56BE9F588}: NameServer = 216.220.0.1,216.220.30.1
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O20 - Winlogon Notify: tuvSmMGw - tuvSmMGw.dll (file missing)
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Desktop Manager 5.7.801.1629 (GoogleDesktopManager-010108-205858) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

--
End of file - 12040 bytes

#6
Shari

Posted 07 May 2008 - 10:55 PM

Member

Topic Starter
Member
75 posts

ComboFix 08-05-01.3 - Mom 2008-05-07 19:23:35.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.517 [GMT -6:00]
Running from: C:\Documents and Settings\Mom\Desktop\combofix.exe
Command switches used :: C:\Documents and Settings\Mom\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\17PHolmes1000106.exe
C:\WINDOWS\BMe38aa886.xml
C:\WINDOWS\SYSTEM32\DRIVERS\core.cache.dsk
C:\WINDOWS\system32\ehvkpbjf.dll
C:\WINDOWS\SYSTEM32\g61.exe
C:\WINDOWS\SYSTEM32\kcntmkdm.exe
C:\WINDOWS\SYSTEM32\lmpohnan.exe
H:\LaunchU3.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\Mom\!
C:\Documents and Settings\Mom\!\----------------MIS CORTOS------------- .avi
C:\Documents and Settings\Mom\!\--------- HINDI MOVIE ---------- Iqraar-By Chance2006 viD 700MB.avi
C:\Documents and Settings\Mom\!\--- Heyy Babyy 2007 -by LUCKY avi (desidhamal.com).avi
C:\Documents and Settings\Mom\!\-- Being John Malkovich --.avi
C:\Documents and Settings\Mom\!\--Alexandre for cinefeel .avi
C:\Documents and Settings\Mom\!\- .avi
C:\Documents and Settings\Mom\!\- Aladdin 2 Le Retour De Jafar - Divx-Fr avi par666.avi
C:\Documents and Settings\Mom\!\- DivX - Ita Mp3The Fast And The Furious Tokyo Drift.avi
C:\Documents and Settings\Mom\!\- DVD RIP - 600 Mb.avi
C:\Documents and Settings\Mom\!\- Harry.Potter.und.der.Orden.des.Phoenix.TS.MD.German.SVCD-BXA.avi
C:\Documents and Settings\Mom\!\- Sivaji 2007 viD AC3 Subs-TmG TAMIL.avi
C:\Documents and Settings\Mom\!\- XviD - Ita Mp3 Valiant.avi
C:\Documents and Settings\Mom\!\-@@Wogo.avi
C:\Documents and Settings\Mom\!\-= CICLO ASIAN FILM =- Geisha Girl XviD ENG-JAP MP3 Sub ENG) (by Alby-Spg).avi
C:\Documents and Settings\Mom\!\-= CICLO ASIAN FILM =- IF YOU WERE ME XviD KOR Sub ITA-ENG AC3 5 1 (by Alby-Spg).avi
C:\Documents and Settings\Mom\!\-= CICLO ASIAN FILM =- NOW AND FOREVER XviD-KOR SubITA ENG AC3 5.1.avi
C:\Documents and Settings\Mom\!\-= CICLO ASIAN FILM =- the Iron Man DVD5 Jap Sub ita.avi
C:\Documents and Settings\Mom\!\-= CICLO ASIAN FILM =- Untold Scandal.avi
C:\Documents and Settings\Mom\!\-= CICLO ASIAN FILM =- WILD ANIMALS DviX-KOR SUB-ITA_ENG .avi
C:\Documents and Settings\Mom\!\-=ArgentoP2P=-Almafuerte -En Vivo Pepsi Music 09-10-05 By Flequi.avi
C:\Documents and Settings\Mom\!\-=Codex-Creations=-2 Hitmen 2007 viD-VCDVaULT.avi
C:\Documents and Settings\Mom\!\-=Codex-Creations=-Avenging Angel 2007 TV viD-DOMiNO.avi
C:\Documents and Settings\Mom\!\-=Codex-Creations=-Last Hour DVDScr xVID-OEM.avi
C:\Documents and Settings\Mom\!\-=Codex-Creations=-Skid Row LiMiTED viD-PreVail.avi
C:\Documents and Settings\Mom\!\-=Codex-Creations=-Star Wars V The Empire Strikes Back 1980 Original Theatrical viD-FRAGMENT.avi
C:\Documents and Settings\Mom\!\-=Codex-Creations=-The 11th Hour LIMITED viD-iMBT.avi
C:\Documents and Settings\Mom\!\-=Codex-Creations=-The Sun Also Rises 2007 viD-MESS.avi
C:\Documents and Settings\Mom\!\-=Codex-Creations=-Two Tigers 2007 VID Eng-DUQA.avi
C:\Documents and Settings\Mom\!\-=Codex-Creations=-Vantage Point R5 Xvid-ITL2 0.avi
C:\Documents and Settings\Mom\!\-1953- Les Trois Mousquetaires avi net.avi
C:\Documents and Settings\Mom\!\-2006 (.avi
C:\Documents and Settings\Mom\!\-Arthurthe Invisibles,Hebrew d ed.avi
C:\Documents and Settings\Mom\!\-Space Cowboys FrenchPAL 5 1 iso-RELOAD iso net.avi
C:\Documents and Settings\Mom\!\-Verwuuml;nscht- Enchanted.avi
C:\Documents and Settings\Mom\!\ Sua maestÃ Silvio Berlusconi.avi
C:\Documents and Settings\Mom\!\! ! ! Fertilizing winds causing rain.avi
C:\Documents and Settings\Mom\!\! ! ! The cyclical systems of the sky.avi
C:\Documents and Settings\Mom\!\! # Make $500 Per Day Using Bit s File Sharing.avi
C:\Documents and Settings\Mom\!\! # Very Hot Coubles Homemade XXX Video.avi
C:\Documents and Settings\Mom\!\! Documentary called Thin about Anorexia english spoken Nederlands ondertiteld.avi
C:\Documents and Settings\Mom\!\! El Ultimatum de Bourne iMBT.avi
C:\Documents and Settings\Mom\!\! Welcome To The Jungle.avi
C:\Documents and Settings\Mom\!\!!!!!! Testament - Live in London (Richo73).avi
C:\Documents and Settings\Mom\!\!!!!!!FR seacute;rie de docs socieacute;teacute;s secregrave;tes - reacute;fs de Sarko pdt d.avi
C:\Documents and Settings\Mom\!\!!!!!!FUSION DIE HARD 4 ITAENG.avi
C:\Documents and Settings\Mom\!\!Brutal Persecution of Falun Gong by Chinese Communists!.avi
C:\Documents and Settings\Mom\!\!Checked ok!.avi
C:\Documents and Settings\Mom\!\!ExDesi com HARRY POTTER AND THE ORDER OF THE PHOENIX (HINDI)(yo9esh).avi
C:\Documents and Settings\Mom\!\# Inferno DVD rip avi English( Dutch-Subs 0.avi
C:\Documents and Settings\Mom\!\# Inferno.avi
C:\Documents and Settings\Mom\!\#19996;#32463;98#24230;@www thqw com@#34880;#29611;#29808;.avi
C:\Documents and Settings\Mom\!\#24247;#26031;#22374;#27712;#65306;#39493;#39764;#31070;#25506; Constantine hdavi4.3g.avi
C:\Documents and Settings\Mom\!\#25918;#36880;.Exiled.2006.CN.DVDSCR.XviD-YiNiANLE.avi
C:\Documents and Settings\Mom\!\#28415;#22320;#30433;#24118;#40644;#37329;#30002; .avi
C:\Documents and Settings\Mom\!\#8220;Silver Streak#8221; (1976).avi
C:\Documents and Settings\Mom\!\#9733;#27426;#36814;#35775;#38382;#29233;#29609;#23089;#20048;#9734;www aiwan info#9733;.avi
C:\Documents and Settings\Mom\!\#9733;#27426;#36814;#35775;#38382;#29233;#29609;#23089;#20048;#9734;www kizz be#9733;Gina.avi
C:\Documents and Settings\Mom\!\#9734;#20260;#24515;#9794;oO#9675;#9733;#31859;#21543;#20013;#22269;#9734;m
iba cn#9733;.avi
C:\Documents and Settings\Mom\!\#Die Hard 4 0 PAL FRENCH R5 DVDR-AAV (SUR SERVEUR HAUTE VITESSE!!!).avi
C:\Documents and Settings\Mom\!\#ongakudanAyumi Hamasaki - talkin 2 myself 320kbps (2007 09 19).avi
C:\Documents and Settings\Mom\!\#vennom underground 300 (trezentos).avi
C:\Documents and Settings\Mom\!\#Vennom underground The bourne Ultimatum (o ultimato bourne 2007).avi
C:\Documents and Settings\Mom\!\#vennom underground The Simpsons movie 2007 (Os Simpsons o flme 2007).avi
C:\Documents and Settings\Mom\!\$${ com} Ratatouille2007 Hindi-=Yo9esh=-.avi
C:\Documents and Settings\Mom\!\%5bHBO%5dFlagsofOurFathers-Cam~2Bros(1-1) avi
C:\Documents and Settings\Mom\!\( 1978 DVD-R(.avi
C:\Documents and Settings\Mom\!\( 2008 1CD XviD Eu DS( net).avi
C:\Documents and Settings\Mom\!\( Ab Laut Chalen (1999) - CCE DVD-r - (.avi
C:\Documents and Settings\Mom\!\( Akbar 2008 EuEdition DVD-R (.avi
C:\Documents and Settings\Mom\!\( Akbar2008Pre viD( avi
C:\Documents and Settings\Mom\!\( Animated Cartoon VCD Part-1(.avi
C:\Documents and Settings\Mom\!\( Animated Cartoon VCD Part-2(.avi
C:\Documents and Settings\Mom\!\( Bol-2008 Best Copy(.avi
C:\Documents and Settings\Mom\!\( com) Roulette Secrets Banned - ebook pdf.avi
C:\Documents and Settings\Mom\!\( com) Spiderman 3 CAM VCD-CANALSTREET.avi
C:\Documents and Settings\Mom\!\( CONCERT ) Aerosmith - Chicago IL 12-6-94 Full Concert.avi
C:\Documents and Settings\Mom\!\( KANNUM KANNUM 2008 PDVD TMS.avi
C:\Documents and Settings\Mom\!\( Nachle 2007 viD-TmG-(.avi
C:\Documents and Settings\Mom\!\( net) Surfs Up CAM XviD-CAMERA.avi
C:\Documents and Settings\Mom\!\( net)Dus Kahaniyaan20071CD Team BMB~.avi
C:\Documents and Settings\Mom\!\( net)Kishore Kumar Legend Collection D-Z Team.avi
C:\Documents and Settings\Mom\!\( net)Mithya (2008) 1 CD Pre viD-AbcD( net) avi(.avi
C:\Documents and Settings\Mom\!\( Star (2008) Pre-DVDR - Danger Seeding(.avi
C:\Documents and Settings\Mom\!\( Stardust Awards 2008 Xvid (.avi
C:\Documents and Settings\Mom\!\( StarP (207) DZ(.avi
C:\Documents and Settings\Mom\!\( Teenage Mutant Ninja Turtles.avi
C:\Documents and Settings\Mom\!\( Zameen Par (2007) Pre DVD-R(.avi
C:\Documents and Settings\Mom\!\(1975) Jaws.avi
C:\Documents and Settings\Mom\!\(1980) DVDr-Rip- avi
C:\Documents and Settings\Mom\!\(1988) BTasia org Tetsuo the iron man 1988 DivX EngSub.avi
C:\Documents and Settings\Mom\!\(1998) BTasia org Shark Skin Man And Peach Hip Girl 1998 DivX-PosTX.avi
C:\Documents and Settings\Mom\!\(1998)Ringu Spiral-Rasen AC3Jap-DIDA.avi
C:\Documents and Settings\Mom\!\(1999) BTasia.org TVB At the Threshold of an Era (entire series) (Cantonese) DVD-.avi
C:\Documents and Settings\Mom\!\(2000) BTasia org Tears of the Black Tiger 2000 PAL DVDR-DERRIDA.avi
C:\Documents and Settings\Mom\!\(2001) BTasia org Blue Spring 2001 viD-WRD.avi
C:\Documents and Settings\Mom\!\(2001) BTasia org Electric Dragon 80000V LIMITED 2001 DVDivX-EPiC.avi
C:\Documents and Settings\Mom\!\(2001) BTasia org Volcano High 2001 DivX OGG.avi
C:\Documents and Settings\Mom\!\(2002) BTasia org Dark Water 2002 DVRrip DivX.avi
C:\Documents and Settings\Mom\!\(2002) BTasia org Deadly Outlaw Rekka 2002 PROPER viD-VoMiT.avi
C:\Documents and Settings\Mom\!\(2002) BTasia org Drive 2002 viD-WRD.avi
C:\Documents and Settings\Mom\!\(2002) BTasia.org Suicide Circle (Suicide Club) 2002 viD-TheWretched (Eng Sub).avi
C:\Documents and Settings\Mom\!\(2003) BTasia org Old boy 2003 DivX DTS-MoNG.avi
C:\Documents and Settings\Mom\!\(2003) BTasia org Ong-bak 2003 vid Int-EDRP.avi
C:\Documents and Settings\Mom\!\(2004) BTasia org The Eye 2 2004 viD-BoB.avi
C:\Documents and Settings\Mom\!\(2004) BTasia org Zebraman 2004 viD-PoD.avi
C:\Documents and Settings\Mom\!\(2007) BTasia.org TVB Heart of Greed (entire series) (Cantonese) DVD-.avi
C:\Documents and Settings\Mom\!\(2007) BTasia.org TVB Marriage of Inconvenience (entire series) (Cantonese) DVD-.avi
C:\Documents and Settings\Mom\!\(2007) BTasia.org TVB The Ultimate Crime Fighter (entire series) (Cantonese) DVD-.avi
C:\Documents and Settings\Mom\!\(2008 03 09) by fellopo10 MikeinBrazil NANDA.avi
C:\Documents and Settings\Mom\!\(66) .avi
C:\Documents and Settings\Mom\!\(Akira Kurosawa)Seven Samurai (English Subtitles).avi
C:\Documents and Settings\Mom\!\(An Inconvenient Truth)Al Gore .avi
C:\Documents and Settings\Mom\!\(Answer To Conspiracists) The Truth Behind The Moon Landings.avi
C:\Documents and Settings\Mom\!\(AV) Rion Kirishima - Beautiful Older Sister Next Door (Waap GOD-237).avi
C:\Documents and Settings\Mom\!\(BBC) The Death Of Yugoslavia (2of6) The Road to War .avi
C:\Documents and Settings\Mom\!\(BBC) The Death Of Yugoslavia (3of6) Wars Of Independence .avi
C:\Documents and Settings\Mom\!\(BBC) The Death Of Yugoslavia (4of6) The Gates Of [bleep] .avi
C:\Documents and Settings\Mom\!\(BBC) The Death Of Yugoslavia (5of6) A Safe Area .avi
C:\Documents and Settings\Mom\!\(BBC) The Death Of Yugoslavia (6of6) Pax Americana .avi
C:\Documents and Settings\Mom\!\(Black Eyed Peas) Video - Hey Mama - www.trackermania.com.avi
C:\Documents and Settings\Mom\!\(Blink 182) Video - All the Small Things - www.trackermania.com.avi
C:\Documents and Settings\Mom\!\(Bon Jovi) Video - ItÂ´s my life - www.trackermania.com.avi
C:\Documents and Settings\Mom\!\(Brazillian Movie) O Cordel Esquecido num Paiacute;s sem Memoacute;ria 2005 viD.avi
C:\Documents and Settings\Mom\!\(Britney Spears - Madona) Video - Performance - www.trackermania.com.avi
C:\Documents and Settings\Mom\!\(Colombo Jazz) Art Blakey amp; The Jazz Messengers vid-AC3.avi
C:\Documents and Settings\Mom\!\(Concert) Van Halen - Balance World Tour (Full Concert) .avi
C:\Documents and Settings\Mom\!\(Conor-Subs)Battle Royale.avi
C:\Documents and Settings\Mom\!\(CORRECTION)Ron White - They Call Me Tater Salad-DIVXSquiggiE.avi
C:\Documents and Settings\Mom\!\(CORTO) Pixar - Una ghianda egrave; per sempre .avi
C:\Documents and Settings\Mom\!\(cypress hill) insane in the membrane.avi
C:\Documents and Settings\Mom\!\(D_U_Y)Onimusha Dawn Of Dreams The Story .avi
C:\Documents and Settings\Mom\!\(Deeps) 3middot; DivX nike.avi
C:\Documents and Settings\Mom\!\(Dhoom2 Divx 2CD 2006)-BrG.avi
C:\Documents and Settings\Mom\!\(digimob) Poke Runyon - The Magick of Solomon (DivX) - occult.avi
C:\Documents and Settings\Mom\!\(digimob) Poke Runyon - The Rites of Magick (DivX).avi
C:\Documents and Settings\Mom\!\(Direct from Scene FTP To Total s Via teXy)Mission mpossible III TELESYNC SVCD-SEPTIC.avi
C:\Documents and Settings\Mom\!\(Disney Classic) Aristocats ( A UKB-KVCD by FFCcottage).avi
C:\Documents and Settings\Mom\!\(Disney Classic) Bambi (A UKB-KVCD by FFCcottage).avi
C:\Documents and Settings\Mom\!\(Disney Classic) Beauty amp; the Beast (A UKB-KVCD by FFCcottage).avi
C:\Documents and Settings\Mom\!\(Disney Classic) Cinderella (A UKB-KVCD by FFCcottage).avi
C:\Documents and Settings\Mom\!\(Disney Classic) fantasia (A UKB-KVCD by FFCcottage).avi
C:\Documents and Settings\Mom\!\(Disney Classic) Hercules (A UKB-KVCD by FFCcottage).avi
C:\Documents and Settings\Mom\!\(Disney Classic) Jungle Book (A UKB-KVCD by FFCcottage).avi
C:\Documents and Settings\Mom\!\(Disney Classic) Lady and the Tramp (A UKB-KVCD by FFCcottage).avi
C:\Documents and Settings\Mom\!\(Disney Classic) Little Mermaid (A UKB-KVCD by FFCcottage).avi
C:\Documents and Settings\Mom\!\(Disney Classic) Peter Pan (A UKB-KVCD by FFCcottage).avi
C:\Documents and Settings\Mom\!\(Disney Classic) Pinocchi (A UKB-KVCD by FFCcottage).avi
C:\Documents and Settings\Mom\!\(Disney Classic) Robin Hood (A UKB-KVCD by FFCcottage).avi
C:\Documents and Settings\Mom\!\(Disney Classic) Tarzan (A UKB-KVCD by FFCcottage).avi
C:\Documents and Settings\Mom\!\(Disney Classic) The Black Cauldron (A UKB-KVCD by FFCcottage).avi
C:\Documents and Settings\Mom\!\(Disney Classic) The Great Mouse Detective (A UKB-KVCD by FFCcottage).avi
C:\Documents and Settings\Mom\!\(Disney Classic) The Rescuers (A UKB-KVCD by FFCcottage).avi
C:\Documents and Settings\Mom\!\(Disney Classic) The Sword in the Stone (A UKB-KVCD by FFCcottage).avi
C:\Documents and Settings\Mom\!\(Disney Classic) The Three Caballeros (A UKB-KVCD by FFCcottage).avi
C:\Documents and Settings\Mom\!\(Disney Classic)101 Dalmatians (A UKB-KVCD by FFCcottage).avi
C:\Documents and Settings\Mom\!\(Disney Classic)Snow White amp; the 7 Dwarfs(A UKB-KVCD by FFCcottage).avi
C:\Documents and Settings\Mom\!\(Disney Classic)The Emperors New Groove (A UKB-KVCD by FFCcottage).avi
C:\Documents and Settings\Mom\!\(Disney Classic)The Fox and the Hound (A UKB-KVCD by FFCcottage).avi
C:\Documents and Settings\Mom\!\(Disney Classic)The Hunchback of Notre Dame (A UKB-KVCD by FFCcottage).avi
C:\Documents and Settings\Mom\!\(Disney Classic)The Many Adventures of Winnie the Pooh (A UKB-KVCD by FFCcottage).avi
C:\Documents and Settings\Mom\!\(Disney) Finding Nem WINGMAN772 (A UKB-KVCD by FFCcottage).avi
C:\Documents and Settings\Mom\!\(Disney) Toy Story 1 amp; 2 barry1965(A UKB-KVCD by FFCcottage)REQ.avi
C:\Documents and Settings\Mom\!\(Divx- Ita) wallace amp; gromit by got .avi
C:\Documents and Settings\Mom\!\(Divx-Ita) Pulpfiction by Got avi
C:\Documents and Settings\Mom\!\(Divx-r-Ita)-Totograve;- Questa E La Vita - Completo Con la Patente .avi
C:\Documents and Settings\Mom\!\(DivX -ITA)Dogma by Sword .avi
C:\Documents and Settings\Mom\!\(Divx ita) Howard e il destino del mondo.avi
C:\Documents and Settings\Mom\!\(Divx ita) Predator 2.avi
C:\Documents and Settings\Mom\!\(Divx Ita)300 avi
C:\Documents and Settings\Mom\!\(Divx ScrITA) - Madagascar .avi
C:\Documents and Settings\Mom\!\(DIVX) - VASCO ROSSI - SPECIALE NOTTE ROCK 1993.avi
C:\Documents and Settings\Mom\!\(DT) Gabriel STV FRENCH viD-iD net.avi
C:\Documents and Settings\Mom\!\(dvd-ITA) King Kong( ciao frenk ) divx.avi
C:\Documents and Settings\Mom\!\(Dvd-R Ita) Walt Disney - Le Avventure Di Peter Pan .avi
C:\Documents and Settings\Mom\!\(dvd) Moi dix Mois - Dix infernal -Scars.of.sabbath.avi
C:\Documents and Settings\Mom\!\(dvd5) il medico dei pazzi.avi
C:\Documents and Settings\Mom\!\(ES) Dragon Sword 2004 STV FRENCH INTERNAL viD-CFL .avi
C:\Documents and Settings\Mom\!\(ES) Happy Feet PROPER FRENCH DVDSCR XviD-VCDFRV.avi
C:\Documents and Settings\Mom\!\(ES) Pans.Labyrinth 2006 FRENCH.DVDSCR XviD-CiNEFOX.avi
C:\Documents and Settings\Mom\!\(ES) The Weather Man 2005 TRUEFRENCH viD-VFC.avi
C:\Documents and Settings\Mom\!\(ES) Transporter.2 2005 720p.HDTV.MULTi XviD.x264-NBS.avi
C:\Documents and Settings\Mom\!\(ES2) Chasseurs De Dragons 2008 httpelite-t3am fr nf TRUEFRENCH TS XviD-CiNEFOX.avi
C:\Documents and Settings\Mom\!\(ETM)- Disco FRENCH CAM XViD-CaRNaGe.avi
C:\Documents and Settings\Mom\!\(FRENCH)(PENSEE LIBRE)The illuminati 2005 (2CDs).avi
C:\Documents and Settings\Mom\!\(Gorillaz) - 19 2000 - www.trackermania.com.avi
C:\Documents and Settings\Mom\!\(HAMI) X-Men 3 LAffrontement Final FRENCH.avi
C:\Documents and Settings\Mom\!\(Incredible)Man With A Tail .zip.avi
C:\Documents and Settings\Mom\!\(IV) Mihiro~Pure Max .avi
C:\Documents and Settings\Mom\!\(IV) Okumura Noriko Gekisha X Wild (SOPX-018)(AVI XviD 2mbps by Airbus).avi
C:\Documents and Settings\Mom\!\(IV)~kireinasekkusu DivX nike(CON004) .avi
C:\Documents and Settings\Mom\!\(IV)YUKO! 200%!.avi
C:\Documents and Settings\Mom\!\(Kung Fu) Boxer From Shantung (Shaw Brothers) (1972).avi
C:\Documents and Settings\Mom\!\(Land conflict in Brazil ) Cabra Marcado Para Morrer - Twenty Years Later.avi
C:\Documents and Settings\Mom\!\(Les Luthiers) - Vigesimo aniversario - www.trackermania.com.avi
C:\Documents and Settings\Mom\!\(Lezmovie) Sex revelations - French.avi
C:\Documents and Settings\Mom\!\(Lightsaber Duel) Zeratul vs Hash Brown a Saberbattle.com Movie.avi
C:\Documents and Settings\Mom\!\(Los Piojos) Video - Sudestada - www.trackermania.com.avi
C:\Documents and Settings\Mom\!\(Making Of) Classic Albums - Queen - A Night At The Opera.avi
C:\Documents and Settings\Mom\!\(Marvel) Ghost Rider Movie - Video Clips - A Fans Collection of Goodies.avi
C:\Documents and Settings\Mom\!\(MastiLand com) The Simpsons Movie 1 Cd Dvd Rip .avi
C:\Documents and Settings\Mom\!\(MGA) (MOVIE) The Legend Of Zorro DVD RIP DSVCD N avi
C:\Documents and Settings\Mom\!\(movie)-FIREWALL (2006) NL subs avi
C:\Documents and Settings\Mom\!\(movie)-FIREWALL (2006)NL subs avi
C:\Documents and Settings\Mom\!\(Mpeg2)-ABBA - Kultnacht (Digital TV Rip).avi
C:\Documents and Settings\Mom\!\(Mpeg2)-George McCrae - Rock Your Baby -spain.avi
C:\Documents and Settings\Mom\!\(Mpeg2)-Pernilla Wahlgren and Niclas Wahlgren -- Moviestar (Mix 2003) (Live from Diggiloo).avi
C:\Documents and Settings\Mom\!\(Mpeg2)-Super Troupers - ABBA 30 år (From Swedish TV).avi
C:\Documents and Settings\Mom\!\(Music Video) The Doors Special EditionDVD.avi
C:\Documents and Settings\Mom\!\(Nadeshiko) () .avi
C:\Documents and Settings\Mom\!\(Nerd) - Lap Dance (Uncensored Version).avi
C:\Documents and Settings\Mom\!\(NEW ITA) Mission Impossible 3.avi
C:\Documents and Settings\Mom\!\(NS) 15 Minutes English XVID.avi
C:\Documents and Settings\Mom\!\(PC) - Quake III Team Arena 1 30 Gold Edition (CCD).avi
C:\Documents and Settings\Mom\!\(Pirate bay)APE MAN 8.avi
C:\Documents and Settings\Mom\!\(Pirate bay)APE MAN6- CONTACTO.avi
C:\Documents and Settings\Mom\!\(Pirate bay)APEMAN 10.avi
C:\Documents and Settings\Mom\!\(Pirate bay)APEMAN 9.avi
C:\Documents and Settings\Mom\!\(Pirate bay)RATATOUILLE spanish-english.avi
C:\Documents and Settings\Mom\!\(Pirate bay)X La Pelicula DVBRip Spanish.avi
C:\Documents and Settings\Mom\!\(piratecomAO) Cat Returns, the.avi
C:\Documents and Settings\Mom\!\(piratecomAO) Gundam Wing, Endless Waltz.avi
C:\Documents and Settings\Mom\!\(piratecomAO) Porco Rosso.avi
C:\Documents and Settings\Mom\!\(PLOPMAN GIVES YOU)Southpark The Movie.avi
C:\Documents and Settings\Mom\!\(PSP) Apostando al Limite Spanish DvDScreener.avi
C:\Documents and Settings\Mom\!\(PSP) Buenas Noches y Buena Suerte Spanish DvDScreener.avi
C:\Documents and Settings\Mom\!\(PSP) Dick y Jane Ladrones de Risa Spanish TeleSync.avi
C:\Documents and Settings\Mom\!\(PSP) Sin Control (Derailed) Spanish VHS-Screener.avi
C:\Documents and Settings\Mom\!\(PSP) Sophie Scholl Los Ultimos Dias Spanish DvDScreener.avi
C:\Documents and Settings\Mom\!\(PSP) Truman Capote Spanish DvDScreener.avi
C:\Documents and Settings\Mom\!\(pt2) Ali G in da house (extras)(pt 2 outta 2)(DivX)see details.avi
C:\Documents and Settings\Mom\!\(PV) Ayumi Hamasaki - Bold Delicious MTV TOP CHOICE(720x480 mpeg2).avi
C:\Documents and Settings\Mom\!\(PV) Ayumi Hamasaki - Born To Be.. M-ON(704x480 MPEG2).avi
C:\Documents and Settings\Mom\!\(PV) Ayumi Hamasaki - fairyland (704x480 MPEG2 MTV).avi
C:\Documents and Settings\Mom\!\(PV) Ayumi Hamasaki - HEAVEN (704x480 MPEG2).avi
C:\Documents and Settings\Mom\!\(PV) BENNIE K - Sky (704x480 MPEG2 MTV).avi
C:\Documents and Settings\Mom\!\(PV) Crystal KayÃ—CHEMISTRY - Two As One (704x480 MPEG2).avi
C:\Documents and Settings\Mom\!\(PV) Heartsdales - Angel Eyes (704x480 MPEG2 MTV).avi
C:\Documents and Settings\Mom\!\(PV) Heartsdales - Huyu gonna love (704x480 MPEG2 SSTV).avi
C:\Documents and Settings\Mom\!\(PV) Kumi Koda - Promise (704x480 MPEG2 MTV).avi
C:\Documents and Settings\Mom\!\(PV) Kumi Koda - WIND (704x480 MPEG2).avi
C:\Documents and Settings\Mom\!\(PV) Kumi Koda - you (704x480 MPEG2).avi
C:\Documents and Settings\Mom\!\(PV) m-flo loves LISA - TRIPOD BABY (704x480 MPEG2).avi
C:\Documents and Settings\Mom\!\(PV) Mini Moni - Lucky Cha Cha Cha !.avi
C:\Documents and Settings\Mom\!\(PV) SEAMO with BENNIE K - a love story (704x480 MPEG2).avi
C:\Documents and Settings\Mom\!\(PV) Utada - YOU MAKE ME WANT TO BE A MAN.avi
C:\Documents and Settings\Mom\!\(PV) Utada Hikaru - Be My Last.avi
C:\Documents and Settings\Mom\!\(PV) Utada Hikaru - Passion (704x480 MPEG2).avi
C:\Documents and Settings\Mom\!\(PV) ZEEBRA - Do What U Gotta Do feat. AI, Namie Amuro, Mummy-D(704x480 MPEG2 SSTV).avi
C:\Documents and Settings\Mom\!\(Sample) Winx Il Segreto del Regno Perduto iTALiAN HQ MD R5 XviD-A-TeaM.avi
C:\Documents and Settings\Mom\!\(Serie Tv - Dvd-Rip) - I Viaggiatori Serie3 Ep.1-6 Tnt-Village.avi
C:\Documents and Settings\Mom\!\(Sheryl Crow)- VH1 Behind the Music VCD.avi
C:\Documents and Settings\Mom\!\(SKATEBOARDING) Neighbours A Nordic Skateboardvideo 2006 FS viD-HACO.avi
C:\Documents and Settings\Mom\!\(SKATEBOARDING) Red Dragon Euro Fest 2007 RERiP viD-HACO.avi
C:\Documents and Settings\Mom\!\(SKATEBOARDING) Revolver Street Credit LE 2004 FS viD-HACO.avi
C:\Documents and Settings\Mom\!\(ST) ul express (vDrip XviD VO ST FR) .avi
C:\Documents and Settings\Mom\!\(SUM com) Mulholland Falls 1996.avi
C:\Documents and Settings\Mom\!\(super seed) Never Back Down FRENCHnet.avi
C:\Documents and Settings\Mom\!\(The jungle Book Ed 40th Anniversary (Extra Disc).avi
C:\Documents and Settings\Mom\!\(The Restless) Korean audio English subtitles.avi
C:\Documents and Settings\Mom\!\(VideoDok german) Moskwitsch 412 (DDR-Verkehrsmagazin 1974).avi
C:\Documents and Settings\Mom\!\(VideoDok german) Quarks amp; Co - Terrorismusangst und Ueberwachungswahn (2008).avi
C:\Documents and Settings\Mom\!\(WONG KAR WAI) Ashes of Time 1994 (Original Audio).avi
C:\Documents and Settings\Mom\!\(ww.danger-z0ne.net)My Name Is Anthony Gonsalves 2008 (ww.danger-z0ne.net).avi
C:\Documents and Settings\Mom\!\(www.ccmmovies.com)DHOOM2 SPECIAL FEATURES-DS(www.ccmmovies.com).avi
C:\Documents and Settings\Mom\!\(XTHOR.NET) I Robot 2007 720p FRENCH BRDRiP x264 AC3-iDHD.avi
C:\Documents and Settings\Mom\!\(xthor.net)27 Dresses 720p FRENCH BRDRiP x264 AC3-BRDRiP.avi
C:\Documents and Settings\Mom\!\(XTHOR.NET)Alvin And The Chipmunks 720p FRENCH BRDRiP x264 AC3-BRDRiP.avi
C:\Documents and Settings\Mom\!\(XTHOR.NET)Fools Gold FRENCH TS XViD-VCDFRV.avi
C:\Documents and Settings\Mom\!\(XTHOR.NET)Le Nouveau Protocole iNTERNAL FRENCH CAM XViD-iCARUS.avi
C:\Documents and Settings\Mom\!\(xthor.net)THE REPLACEMENT KILLERS NTSC MULTI(french) DVDR XTHOR TEAM.avi
C:\Documents and Settings\Mom\!\(xthor.net)V pour Vendetta NTSC 2005 MULTI 5 1(FRENCH) DVDR XTHORTEAM.avi
C:\Documents and Settings\Mom\!\(XTT)Shoot Em Up COMPLETE PAL MULTi(french) DVDR-NEXiUS.avi
C:\Documents and Settings\Mom\!\(XTT)Wasabi 2001 NTSC MULTi (FRENCH) DVDR-ReQuiN.avi
C:\Documents and Settings\Mom\!\..{SERBIA}.. U2 - PopMart - Live From Mexico City (2007) PAL DVD9.avi
C:\Documents and Settings\Mom\!\..So Goes The Nation.avi
C:\Documents and Settings\Mom\!\.ing (Korean Movie) ECHiZEN.avi
C:\Documents and Settings\Mom\!\.ing SUB PL,ENGSAMPLEKoreanAsina.avi
C:\Documents and Settings\Mom\!\@ Chhoti Si Love Story.avi
C:\Documents and Settings\Mom\!\{ {Tamil}Billa 2007 1CD DivX MP#3 DBB{Sathaforu}.avi
C:\Documents and Settings\Mom\!\{ }Halla Bol ~2008~ 1.CD.Eu.DvD.Rip.EnG-Germans.Sub~BstQlty~SupSeeding~.avi
C:\Documents and Settings\Mom\!\{ 60 Minutes Pirates Of The Internet Special VCD By DArkness4U.avi
C:\Documents and Settings\Mom\!\{ Airtel Presents Chak De Yara.avi
C:\Documents and Settings\Mom\!\{ Asteriks amp; Vikings 1CD.avi
C:\Documents and Settings\Mom\!\{ com} - Ek Aur Majajan - 1 CD Div X clusive - ExD .avi
C:\Documents and Settings\Mom\!\{ com} - Honeymoon Travels (2007) 1CD -700 MB.avi
C:\Documents and Settings\Mom\!\{ com} Aa Ab Laut Chalen ~1999~DvD Rip EnG-German Subs~BstQlty~ ExD XcLuSivE.avi
C:\Documents and Settings\Mom\!\{ com} Aaja Nachle ~2007~ 1 CD DvD Rip Subs~BstQlty~ ExD XcluSivE.avi
C:\Documents and Settings\Mom\!\{ com} Andaz Apna Apna ~1994~ DvD Rip~BstQlty~ ExD XcLuSivE.avi
C:\Documents and Settings\Mom\!\{ com} Bandhan ~1998~ DvD Rip Ac3~BstQlty~ ExD XcLuSivE.avi
C:\Documents and Settings\Mom\!\{ com} Bhool Bhulaiyaa 2007 2 CD SubS ~ExtremeSeeding~.avi
C:\Documents and Settings\Mom\!\{ com} Bhool Bhulayiaan ~2007~ 1 CD OrG DvD Rip Subs ~ExD ExCluSivE.avi
C:\Documents and Settings\Mom\!\{ com} Bhram 2008 1CD PDVD Rip.avi
C:\Documents and Settings\Mom\!\{ com} Big Brother (2007) P 1CD ~SuperSeeding~.avi
C:\Documents and Settings\Mom\!\{ com} Bombay to Bangkok~2008~ 1 CD DvD Rip Subs~BstQlty~ ExD XcLuSivE.avi
C:\Documents and Settings\Mom\!\{ com} Casino Royal (Hindi).avi
C:\Documents and Settings\Mom\!\{ com} Chandni Ki Kahani ~2008~ 1 CD Eu Rip MultiSubs ~BstQlty~ ExD XcLuSivE.avi
C:\Documents and Settings\Mom\!\{ com} Coolie (1983) - DVD-RipDesi Unit Share .avi
C:\Documents and Settings\Mom\!\{ com} D D Dhan Goal ~2007~TS DvD Rip Subs ~SupSeeding~.avi
C:\Documents and Settings\Mom\!\{ com} Darling ~ 2007 ~ 1 CD OrG DvD RiP ~ExtremeSeeding~ ExD.avi
C:\Documents and Settings\Mom\!\{ com} Dhara ~2008~ 1 CD DvD Rip~BstQlty~ ExD XcLuSivE.avi
C:\Documents and Settings\Mom\!\{ com} Dus Kahaniyaan ~2007~1 CD DvD Rip~SubS~BstQlty~ExtremeSeeding~.avi
C:\Documents and Settings\Mom\!\{ com} Eik Dasttak 2007 UDR SubS~SuperSeeding~ExD.avi
C:\Documents and Settings\Mom\!\{ com} Ek Chhoti Si Love Story.avi
C:\Documents and Settings\Mom\!\{ com} Fanaa ~2006~ DvD Rip Multi Subs ~BstQlty~ ExD XcLuSivE.avi
C:\Documents and Settings\Mom\!\{ com} Farhan Akthars ShortMovie - Positive DESIGUNDA.avi
C:\Documents and Settings\Mom\!\{ com} Garam Garam 2007 2 CD DvD Rip~AwesomeShoW ~ExtremeSeeding~.avi
C:\Documents and Settings\Mom\!\{ com} Goal~2007~DvD Rip~SubS ~BstQlty ~ExtremeSeeding~.avi
C:\Documents and Settings\Mom\!\{ com} Halla Bol ~2008~1 CD DvD Rip~SubS~BstQlty~ExtremeSeeding~.avi
C:\Documents and Settings\Mom\!\{ com} Hamara Dil Aapke Paas Hai ~2000~ DvD Rip Subs ~BstQlty~ ExD XcLuSivE.avi
C:\Documents and Settings\Mom\!\{ com} Heyy Babyy~2007~EU DvD-R MultiSubs ~ExTreme SeeDinG~.avi
C:\Documents and Settings\Mom\!\{ com} Home Alone 4(In Hindi) 2 CD VcDRiP ~SuperSeeding~.avi
C:\Documents and Settings\Mom\!\{ com} Humraaz ~2002~ DvD Rip Subs ~BstQlty~ ExD XcLuSivE.avi
C:\Documents and Settings\Mom\!\{ com} Jhoom Baraabar Jhoom - 1 CD CamRip~ExtremSeeding~.avi
C:\Documents and Settings\Mom\!\{ com} Laaga Chunari Mein Daag 2007 1 CD OrG Subs ~SupSeeding~.avi
C:\Documents and Settings\Mom\!\{ com} Lara Croft Tomb RaiderHINDI - 460 MB.avi
C:\Documents and Settings\Mom\!\{ com} Mera Phela Phela Pyar~2007~OrG DvD-R SubS ~ExtremeSeeding~.avi
C:\Documents and Settings\Mom\!\{ com} Miss 2007 MustWatch.avi
C:\Documents and Settings\Mom\!\{ com} Missing Scene of Jhoda Akbar-Must watch -=Yo9esh=- .avi
C:\Documents and Settings\Mom\!\{ com} Mitti Wajaan Maardi ~2007~ 1 CD Pre Rip ~ExTremeSeeding~.avi
C:\Documents and Settings\Mom\!\{ com} Murder ~2004~ 1 CD DvD Rip Eng-Ger Subs ~BstQlty~DESIGUNDA.avi
C:\Documents and Settings\Mom\!\{ com} My Name is A Gonsalves~2008~1 CD DvD Rip~EnGGerman.SubS~BstQlty~ExtremeSeeding~.avi
C:\Documents and Settings\Mom\!\{ com} Namastey London-2007.avi
C:\Documents and Settings\Mom\!\{ com} Neal N Nikki ~2005~ 1 CD DvD Rip MultiSubs ~BstQlty~ ExD XcLuSivE.avi
C:\Documents and Settings\Mom\!\{ com} Nehlle Pe Dehlla ~2007~ 1 CD DvD Rip~BstQlty~ ExD XcLuSivE.avi
C:\Documents and Settings\Mom\!\{ com} Old Is Gold ~2007~2 CD TS DvD Rip Subs ~ExtremeSeeding~.avi
C:\Documents and Settings\Mom\!\{ com} Phir Tauba Tauba ~2008~ 1 CD DvD Rip Subs ~BstQlty~ ExD XcLuSivE.avi
C:\Documents and Settings\Mom\!\{ com} Return Of Hanuman~2007~1 CD DvD Rip~SubS~BstQlty~ExtremeSeeding~.avi
C:\Documents and Settings\Mom\!\{ com} Sawariya~2007~Eu Edition DvD MultiSubs ~ExtremeSeeding~.avi
C:\Documents and Settings\Mom\!\{ com} Sehar 2005.avi
C:\Documents and Settings\Mom\!\{ com} Suhaag ~1994~ DvD Rip Subs ~BstQlty~ ExD XcLuSivE.avi
C:\Documents and Settings\Mom\!\{ com} Sun Baba Sun ~2007~ OrG VcDRip ~NiceShoW~ ExTremeSeeding~.avi
C:\Documents and Settings\Mom\!\{ com} Sunday ~2008~ 1 CD DvD Rip Subs~BstQlty~ExtremeSeeding~.avi
C:\Documents and Settings\Mom\!\{ com} Sunday ~2008~1 CD Eu DvD Rip~SubS~BstQlty~ExtremeSeeding~.avi
C:\Documents and Settings\Mom\!\{ com} The Hills Have Eyes.avi
C:\Documents and Settings\Mom\!\{ com} Tirangaa (1992) (XviD, DivX) Desi Unit SHare .avi
C:\Documents and Settings\Mom\!\{ com} Tumko Na Bhool Paayenge ~2002~ DvD Rip Subs ~BstQlty~ ExD XcLuSivE.avi
C:\Documents and Settings\Mom\!\{ com} Veer-Zaara ~2004~ DvD Rip ~BsTQlty~ ExD XcLuSivE.avi
C:\Documents and Settings\Mom\!\{ com} Vivah ~2006~ DvD Rip Subs ~BstQlty~ ExD XcluSivE.avi
C:\Documents and Settings\Mom\!\{ com} Yaariyan ~2008~ 1 CD TS DvD Rip Subs ~ExtremSeeding~ ExD XcLuSivE.avi
C:\Documents and Settings\Mom\!\{ com}}Life in a Metro ~2007~OrG DvD-R(5) MultiSubS ~ExtremeSeeding~.avi
C:\Documents and Settings\Mom\!\{ com}Aashiqo Gham Na Karo Part 2 - 2 VcDrip ~NiceShowSupSeed~.avi
C:\Documents and Settings\Mom\!\{ com}Apne~2007~OrG DvD-R(5) CCE4 MultiSubS ~ExtremSeeding~ .avi
C:\Documents and Settings\Mom\!\{ com}Aur Pappu Pass Ho Gaya - 2007 - DvD-R(5) UdR ~ExtremeSeeding~.avi
C:\Documents and Settings\Mom\!\{ com}Awarapan ~2007~PreDvD-R MultiSubS ~ExtremeSeeding~.avi
C:\Documents and Settings\Mom\!\{ com}Big Brother 2007 PreDvD-R(5)~SubS~ExtremeSeeding~.avi
C:\Documents and Settings\Mom\!\{ com}DaR Speed 2007 1CD XviD Subs~ExtremeSeeding~M N U.avi
C:\Documents and Settings\Mom\!\{ com}Dus Kahaniyaan~2007~Pre DvD Rip Subs~BestQlty~SupSeeding .avi
C:\Documents and Settings\Mom\!\{ com}Go ~2007~ 1 CD Pre DvD RiP ~ HoT-Movie ~ExtremeSeeding~.avi
C:\Documents and Settings\Mom\!\{ com}Good Boy Bad Boy - 1 CD PreDvD Rip ~ExtremeSeeding~.avi
C:\Documents and Settings\Mom\!\{ com}Good Boy Bad Boy - 2007 - PreDvD SubS ~ExtremeSeeding~.avi
C:\Documents and Settings\Mom\!\{ com}Jahan Jaaeyega Hamen Paaeyega~2007~PreDvD-R MultiSubS~ExtremeSeeding~.avi
C:\Documents and Settings\Mom\!\{ com}Jhoom Baraabar Jhoom~2007~EU DvD-R MultiSubS~ExtremSeeding~.avi
C:\Documents and Settings\Mom\!\{ com}Khoya Khoya Chand~2007~Pre DvD Rip Subs~ExtremeSeeding .avi
C:\Documents and Settings\Mom\!\{ com}Kya Love Story Hai 2007 Org DVD-R(5) SubS ~ExtremeSeeding~.avi
C:\Documents and Settings\Mom\!\{ com}Life in a Metro - 2007 - 1 GiG TS-Rip XviD Semo SubS ~ExtremeSeeding~ .avi
C:\Documents and Settings\Mom\!\{ com}Meethi Biryani 2007 Must WatchDESIGUNDA.avi
C:\Documents and Settings\Mom\!\{ com}Partner~2007~PreDvD MultiSubS~ExtremeSeeding~.avi
C:\Documents and Settings\Mom\!\{ com}Provoked - 2007 1CD Pre Subs-~ExtremeSeeding~.avi
C:\Documents and Settings\Mom\!\{ com}Showbiz~2007~1 CD Eu DvD Rip Subs ~ExtremeSeeding~.avi
C:\Documents and Settings\Mom\!\{ com}Sivaji 2007 viD.avi
C:\Documents and Settings\Mom\!\{ com}Swami 2007 2 CD Pre viD ~ExtremeSeeding~.avi
C:\Documents and Settings\Mom\!\{ com}Tara Rum Pum~2007~OrG 1 CD SubS~ExtremSeeding~.avi
C:\Documents and Settings\Mom\!\{ com}Tara Rum Pum~2007~OrG DvD-R MultiSubS~ExtremSeeding~.avi
C:\Documents and Settings\Mom\!\{ com}The Italian Job(Chor Pe More) ~In Hindi~ 2Cd Vcdrip ~SupSeed~.avi
C:\Documents and Settings\Mom\!\{ com}The Namesake - 2007 1 CD Pre SubS ~ExtremeSeeding~.avi
C:\Documents and Settings\Mom\!\{ DUS Anuranan 2008 1CD DVD-Rip XvidDesi Unit SHare {.avi
C:\Documents and Settings\Mom\!\{ Halla Bol -(2008)-1CD-P viD-Subs.avi
C:\Documents and Settings\Mom\!\{ Halla Bol 2007 264 NhaNc3.avi
C:\Documents and Settings\Mom\!\{ Hanuman Returns -2007-1CD.avi
C:\Documents and Settings\Mom\!\{ Jodha Akbar-(2008)-1CD-Pre vid-EngSubs-GiD.avi
C:\Documents and Settings\Mom\!\{ Jodhaa Akbar (2008) Pre viD-AbcD.avi
C:\Documents and Settings\Mom\!\{ Johnny Gaddaar20071CD.avi
C:\Documents and Settings\Mom\!\{ LUV amp; KUSH-The Amazing Twins (2007)-ANIMATED MOVIE-Dvd R - Ntsc.avi
C:\Documents and Settings\Mom\!\{ Mithya-(2008)-1CD-Pre viD-EngSubs.avi
C:\Documents and Settings\Mom\!\{ National Geographic Inside MeccaMTBdesibbrg.avi
C:\Documents and Settings\Mom\!\{ Om Shanti Om-(2007)-1CD EngSubs-GiD.avi
C:\Documents and Settings\Mom\!\{ Om Shanti Om2007XviD1CD DVD RIP.avi
C:\Documents and Settings\Mom\!\{ Showbiz-(2007)-1CD EngSubs.avi
C:\Documents and Settings\Mom\!\{ Speed-2007-1CDXviD EngSub.avi
C:\Documents and Settings\Mom\!\{ Star 2008 2CD viD.avi
C:\Documents and Settings\Mom\!\{ Sunday-2008-1CD-P vid-EngSubs-DDT-GiD.avi
C:\Documents and Settings\Mom\!\{ Sunday 2008 Ayesha Takia.avi
C:\Documents and Settings\Mom\!\{ umer sharrif - nayee ammi purani abba.avi
C:\Documents and Settings\Mom\!\{.avi
C:\Documents and Settings\Mom\!\{by madness}ANAND MATH(old-hindi) zip(hindioldindian).avi
C:\Documents and Settings\Mom\!\{by madness}Dr Hedgewar DAT(hindimarathi).avi
C:\Documents and Settings\Mom\!\{desibbrg com}Benazir Bhutto - In Her Own Words By D4U .avi
C:\Documents and Settings\Mom\!\{desibbrg.com} {Tamil}-Kattradhu Tamil 2 CDrip {sathaforu}.avi
C:\Documents and Settings\Mom\!\{desibbrg.com} {Tamil} Dum Dum Dum DivX MP#3 DBB{sathaforu}.avi
C:\Documents and Settings\Mom\!\{desibbrg.com} {Tamil} Kannathil Muthamittal 1CD {sathaforu}.avi
C:\Documents and Settings\Mom\!\{ExDesi Com} Arth 1982 DESIGUNDA.avi
C:\Documents and Settings\Mom\!\{MOVIES} Casino Royale 2006 TELESYNC XViD PUKKA.avi
C:\Documents and Settings\Mom\!\{N.L.N}Rush_Hour_3_2007_VOB_Cam_2Bros.avi
C:\Documents and Settings\Mom\!\{¤} KC The Sunshine Band - Do You Feel Alright.avi
C:\Documents and Settings\Mom\!\{Naina Shah} BHAGAM BHAG~2006~DvD Rip Xvid.avi
C:\Documents and Settings\Mom\!\{PaWoZA} Krazzy 4 ~2008~ 1 CD DvD Rip ~BstQlty~ PaWoZA.avi
C:\Documents and Settings\Mom\!\{POTOZTRACKER ORG} The Rock -Fr-1996- Nicolas Cage Sean Connery (130--49----) avi
C:\Documents and Settings\Mom\!\{T T} From Dusk Till Dawn.avi
C:\Documents and Settings\Mom\!\{T T}From Dusk Till Dawn 2 - Texas blood money.avi
C:\Documents and Settings\Mom\!\{T T}From Dusk Till Dawn 3 The Hangmans Daughter.avi
C:\Documents and Settings\Mom\!\{Tam} Anjathey 1CDDiv Vid {Sathaforu}{ com}.avi
C:\Documents and Settings\Mom\!\}{Ron Paul 2008 Google}{SanDPropheT}{.avi
C:\Documents and Settings\Mom\!\~ To Bangkok20081CD.avi
C:\Documents and Settings\Mom\!\== A Scanner Darkly LiMiTED FRENCH ViD.avi
C:\Documents and Settings\Mom\!\===41C NET===Invation 2007 .avi
C:\Documents and Settings\Mom\!\===41C.Net===Atonement.2007.avi
C:\Documents and Settings\Mom\!\=Aerosmith=.avi
C:\Documents and Settings\Mom\!\Ö©ÖëÏÀ3.Spider-Man.3.2007 viD-FLAiTE.avi
C:\Documents and Settings\Mom\!\Östen Med Resten - Ge Mig En Kaka Till Kaffet (Live Melodifestivalen 2006 Semi).avi
C:\Documents and Settings\Mom\!\Östermalm - Le Åt Allt.avi
C:\Documents and Settings\Mom\!\Ã„ldreomsorgen - Ebba GrÃ¶n m.fl vhs-divx.avi
C:\Documents and Settings\Mom\!\¹þÀû²¨ÌØ5¡êloveliness.avi
C:\Documents and Settings\Mom\!\Â¥ Â¥ Â¥ James Bond 007 Casino Royale XViD WP-maVen 2006.avi
C:\Documents and Settings\Mom\!\Ê®ÈýÂÞºº¡êÁ÷Ã¥ÍÃ.avi
C:\Documents and Settings\Mom\!\Ðœ.avi
C:\Documents and Settings\Mom\!\Ê¥Å®ÕêµÂ.avi
C:\Documents and Settings\Mom\!\Å»Ã³Å‚todziÃ³b - The Rookie vid-vik13Napisy PL.avi
C:\Documents and Settings\Mom\!\Åsa Schmalenbach - Jag Vill.avi
C:\Documents and Settings\Mom\!\0 - dts the ugly duckling and me KSVCD byYloh .avi
C:\Documents and Settings\Mom\!\001-Amazonia-Planeta Amazonico .avi
C:\Documents and Settings\Mom\!\001 - Madonna - Like A Prayer (LIVE 8) - Londra.avi
C:\Documents and Settings\Mom\!\002-Amazoacute;nia-Aislados .avi
C:\Documents and Settings\Mom\!\002 - Madonna - Ray Of Light (LIVE 8)- Londra.avi
C:\Documents and Settings\Mom\!\003-Amazoacute;nia-La Voz De La Selva .avi
C:\Documents and Settings\Mom\!\003 - Madonna - Music (LIVE 8) - Londra.avi
C:\Documents and Settings\Mom\!\007 - Casino Royale (DVD Rip)_By_Dilliger-cd1.avi
C:\Documents and Settings\Mom\!\007 - Goldfinger avi
C:\Documents and Settings\Mom\!\007 a view to a kill (1985) DVD rip h33tspooner.avi
C:\Documents and Settings\Mom\!\007 A View To A Kill DivX (HQ).avi
C:\Documents and Settings\Mom\!\007 Casino Royale DivX (HQ).avi
C:\Documents and Settings\Mom\!\007 Casino Royale Eng OryoN.avi
C:\Documents and Settings\Mom\!\007 Casino Royale viD-NeDiVx.avi
C:\Documents and Settings\Mom\!\007 casino royale.2006 vid.german.by.avi
C:\Documents and Settings\Mom\!\007 Casino Royale.2006.dvd rip.avi
C:\Documents and Settings\Mom\!\007 Cassino Royale 2006 Eng XviD-BTSFilms.avi
C:\Documents and Settings\Mom\!\007 contra el drno dvd1 de 20dvdrsp ensub sp(cinetvshows.avi
C:\Documents and Settings\Mom\!\007 diamonds are forever (1971) DVD rip h33tspooner.avi
C:\Documents and Settings\Mom\!\007 Die Another Day (DivX DvD RiP).avi
C:\Documents and Settings\Mom\!\007 Die Another Day 2002 UE iNTERNAL viD-iNCiTE.avi
C:\Documents and Settings\Mom\!\007 Die Another Day DVD Rip h33t Dave3737.avi
C:\Documents and Settings\Mom\!\007 die another day.avi
C:\Documents and Settings\Mom\!\007 drno (1962) DVD rip h33tspooner.avi
C:\Documents and Settings\Mom\!\007 for your eyes only (1981) DVD rip h33tspooner.avi
C:\Documents and Settings\Mom\!\007 For Your Eyes Only DivX (HQ).avi
C:\Documents and Settings\Mom\!\007 For Your Eyes Only DVD5 - Ita Eng - Sub Ita Eng.avi
C:\Documents and Settings\Mom\!\007 from russia with love (1963) DVD rip h33tspooner.avi
C:\Documents and Settings\Mom\!\007 Goldeneye - Dvd9 Ita Eng - Sub Ita Eng.avi
C:\Documents and Settings\Mom\!\007 GoldenEye (DivX DvD RiP).avi
C:\Documents and Settings\Mom\!\007 goldfinger (1964) DVD rip h33tspooner.avi
C:\Documents and Settings\Mom\!\007 James Bond - Al servizio segreto di sua maestagrave;.avi
C:\Documents and Settings\Mom\!\007 James Bond - Dalla Russia con amore.avi
C:\Documents and Settings\Mom\!\007 James Bond - Goldfinger.avi
C:\Documents and Settings\Mom\!\007 James Bond - Licence to Kill (1989) DVD rip h33tspooner.avi
C:\Documents and Settings\Mom\!\007 James Bond - Luomo dalla pistola dor.avi
C:\Documents and Settings\Mom\!\007 James Bond - Mai dire mai (Never say never again) DivX - Ita Eng .avi
C:\Documents and Settings\Mom\!\007 James Bond - Moonraker - Operazione Spazi.avi
C:\Documents and Settings\Mom\!\007 James Bond - Octopussy Operazione Piovra (Octopussy) Divx - Ita Eng .avi
C:\Documents and Settings\Mom\!\007 James Bond - Thunderball - Operazione Tuono.avi
C:\Documents and Settings\Mom\!\007 James Bond - Una cascata di diamanti.avi
C:\Documents and Settings\Mom\!\007 James Bond - Vivi e lascia morire.avi
C:\Documents and Settings\Mom\!\007 James Bond Diamantes para la eternidad( 7 de 21).avi
C:\Documents and Settings\Mom\!\007 James Bond El Hombre De La Pistola De Oro ( 9 de 21).avi
C:\Documents and Settings\Mom\!\007 James Bond La Espiacute;a Que Me Amo( 10 de 21).avi
C:\Documents and Settings\Mom\!\007 James Bond The World Is Not Enough 1999 viD-W00D.avi
C:\Documents and Settings\Mom\!\007 James Bond Tomorrow Never Dies 1997 viD-W00D.avi
C:\Documents and Settings\Mom\!\007 James Bond Vive y Deja Morir( 8 de 21).avi
C:\Documents and Settings\Mom\!\007 License To Kill (DivX DvD RiP).avi
C:\Documents and Settings\Mom\!\007 live and let die (1973) DVD rip h33tspooner.avi
C:\Documents and Settings\Mom\!\007 moonraker (1979) DVD rip h33tspooner.avi
C:\Documents and Settings\Mom\!\007 Moonraker DivX (HQ).avi
C:\Documents and Settings\Mom\!\007 Moonraker, DVD9 - Ita Eng - Sub Ita Eng.avi
C:\Documents and Settings\Mom\!\007 octopussy (1983) DVD rip h33tspooner.avi
C:\Documents and Settings\Mom\!\007 Octopussy DivX (HQ).avi
C:\Documents and Settings\Mom\!\007 on her majestys secret service (1969) DVD rip h33tspooner.avi
C:\Documents and Settings\Mom\!\007 On Her Majestys Secret Service 1969 UE iNTERNAL viD-iNCiTE.avi
C:\Documents and Settings\Mom\!\007 The Living Daylights (1987) DVD rip h33tspooner.avi
C:\Documents and Settings\Mom\!\007 The Living Daylights 1987 UE iNTERNAL viD-iNCiTE.avi
C:\Documents and Settings\Mom\!\007 The Living Daylights DivX (HQ).avi
C:\Documents and Settings\Mom\!\007 the spy who loved me (1977) DVD rip h33tspooner.avi
C:\Documents and Settings\Mom\!\007 The Spy Who Loved Me 1977 UE iNTERNAL viD-iNCiTE.avi
C:\Documents and Settings\Mom\!\007 The World Is Not Enough 1999 UE iNTERNAL viD-iNCiTE.avi
C:\Documents and Settings\Mom\!\007 the world is not enough DVD rip h33tspooner.avi
C:\Documents and Settings\Mom\!\007 The World is not Enough.avi
C:\Documents and Settings\Mom\!\007 thunderball (1965) DVD rip h33tspooner.avi
C:\Documents and Settings\Mom\!\007 Thunderball 1965 UE iNTERNAL viD-iNCiTE.avi
C:\Documents and Settings\Mom\!\007 Tomorrow never dies - DVD9 Ita Eng - Sub Ita Eng.avi
C:\Documents and Settings\Mom\!\007 Tomorrow Never Dies (DivX DvD RiP).avi
C:\Documents and Settings\Mom\!\007 Tomorrow Never Dies 1997 UE UNCUT viD-iNCiTE.avi
C:\Documents and Settings\Mom\!\007 You Only Live Twice 1967 UE iNTERNAL viD-iNCiTE.avi
C:\Documents and Settings\Mom\!\007, SI VIVE SOLO DUE VOLTE.avi
C:\Documents and Settings\Mom\!\007.Casino.Royale viD-NeDiVx.avi
C:\Documents and Settings\Mom\!\007.Casino.Royale.(AC3).French.DvDScreener.www.total s.com.avi
C:\Documents and Settings\Mom\!\007.Casino.Royale.(AC3).Spanish.DvDScreener.avi
C:\Documents and Settings\Mom\!\007.Casino.Royale.xvid.avi
C:\Documents and Settings\Mom\!\007.Cassino.Royale.2006 Eng.XviD-BTSFilms.avi
C:\Documents and Settings\Mom\!\01-Uuno Turhapuro 1973 viD-SuomiPoika.avi
C:\Documents and Settings\Mom\!\01 - cbc - correspondent - meet the stans - kazakhstan (1 of 4) .avi
C:\Documents and Settings\Mom\!\01 - Cobra - Le reveil - French.avi
C:\Documents and Settings\Mom\!\01 - En Vacker Död Stad.avi
C:\Documents and Settings\Mom\!\01 05 05 Jam Films 2 2004 viD-RiZZ.avi
C:\Documents and Settings\Mom\!\01 Conejo con perro de muestracom .avi
C:\Documents and Settings\Mom\!\01 danzel-pump_it_up-svcd-2004-se.avi
C:\Documents and Settings\Mom\!\01 LAge dor de LIslam - Partie1 .avi
C:\Documents and Settings\Mom\!\01 Tom.avi
C:\Documents and Settings\Mom\!\02-Professori Uuno D G Turhapuro 1975 viD-SuomiPoika.avi
C:\Documents and Settings\Mom\!\02-SpiceGirlsLiveinIstanbul-WhoDoYouThinkYouAre (www.melaniec.com.ar).avi
C:\Documents and Settings\Mom\!\02 --asterix---el-golpe-del-menhir.avi
C:\Documents and Settings\Mom\!\02 - cbc - correspondent - meet the stans - kyrgyzstan (2 of 4) .avi
C:\Documents and Settings\Mom\!\02 - Cobra - Zahora - French.avi
C:\Documents and Settings\Mom\!\02 - Hjärter Dam.avi
C:\Documents and Settings\Mom\!\02 02 07 Wise Guys Never Die 2006 ViD-ESPiSE.avi
C:\Documents and Settings\Mom\!\02 09 07 Curse Of The Golden Flower viD-NeDiVx.avi
C:\Documents and Settings\Mom\!\02 15 07 Death Note 2006 264 iNT-TLF.avi
C:\Documents and Settings\Mom\!\02 27 07 Protege 2007 CN viD-YSDG.avi
C:\Documents and Settings\Mom\!\02 El ojeo de la perdizcom .avi
C:\Documents and Settings\Mom\!\02 LAge dOr de lIslam - Partie 2 .avi
C:\Documents and Settings\Mom\!\02 Steve.avi
C:\Documents and Settings\Mom\!\03-Lottovoittaja UKK Turhapuro 1976 viD-SuomiPoika.avi
C:\Documents and Settings\Mom\!\03-SpiceGirlsLiveinIstanbul-SomethingKindaFunny (www.melaniec.com.ar).avi
C:\Documents and Settings\Mom\!\03 - cbc - correspondent - meet the stans - uzbekistan (3 of 4) .avi
C:\Documents and Settings\Mom\!\03 - Cobra - L homme de verre - French.avi
C:\Documents and Settings\Mom\!\03 - Life.DAT.avi
C:\Documents and Settings\Mom\!\03 - Två Två.avi
C:\Documents and Settings\Mom\!\03 Craig.avi
C:\Documents and Settings\Mom\!\03 LaLiebre de Piornalcom .avi
C:\Documents and Settings\Mom\!\038 - 1965 - Franco E Ciccio - I Due Pericoli P lici.avi
C:\Documents and Settings\Mom\!\04-SpiceGirlsLiveinIstanbul-SaturdayNightDivas (www.melaniec.com.ar).avi
C:\Documents and Settings\Mom\!\04 - cbc - correspondent - meet the stans tajikistan (4 of 4) .avi
C:\Documents and Settings\Mom\!\04 - Cobra - L evasion - French.avi
C:\Documents and Settings\Mom\!\04 Caza del conejocom .avi
C:\Documents and Settings\Mom\!\04.22.07.Music.And.Lyrics.2007 264.AC3.iNT-TLF.avi
C:\Documents and Settings\Mom\!\05 - Cobra - Le piege - French.avi
C:\Documents and Settings\Mom\!\05 La liebre y su cazacom .avi
C:\Documents and Settings\Mom\!\06-hole_-_doll_parts_(unplugged_new_york_02-14-95)-nookie-ucv.avi
C:\Documents and Settings\Mom\!\06-La Gran Aventura de la F1 DivX by anikuniCoM.avi
C:\Documents and Settings\Mom\!\06-SpiceGirlsLiveinIstanbul-StepToMe (www.melaniec.com.ar).avi
C:\Documents and Settings\Mom\!\06 --axterix---en-bretanya.avi
C:\Documents and Settings\Mom\!\06 - Cobra - Le voleur de cerveaux - French.avi
C:\Documents and Settings\Mom\!\06 Caza menor Gran Tirada de Tortolas - Caza Conejos con perros podencoscom .avi
C:\Documents and Settings\Mom\!\06 Robin.avi
C:\Documents and Settings\Mom\!\067 Playboy Voluptous Vixens Divx.avi
C:\Documents and Settings\Mom\!\069 Playboy Most Wanted Boobs Divx.avi
C:\Documents and Settings\Mom\!\07-05-18 verdi-telekomstreik-muenchende.avi
C:\Documents and Settings\Mom\!\07-SpiceGirlsLiveinIstanbul-Naked (www.melaniec.com.ar).avi
C:\Documents and Settings\Mom\!\07 --asterix---en-america.avi
C:\Documents and Settings\Mom\!\07 - Cobra - La vengeance - French.avi
C:\Documents and Settings\Mom\!\07 07 24 ConAir Blu-ray REMUX H264 1080P DTS LPCM DD51 F Silu.avi
C:\Documents and Settings\Mom\!\07 07 24 Shaun of the Dead HD DVD REMUX 1080p VC1 DDPlus DD51 F Silu.avi
C:\Documents and Settings\Mom\!\07 07 25 Hot Fuzz HD DVD REMUX 1080p VC1 DDPlus DD51 F Silu.avi
C:\Documents and Settings\Mom\!\07 07 26 Shooter HD DVD REMUX 1080p H264 DDPlus DD51 F Silu.avi
C:\Documents and Settings\Mom\!\07 07 28 Chicken Little Blu-ray REMUX H264 1080P LPCM DD51 F.avi
C:\Documents and Settings\Mom\!\07 07 31 Final Fantasy The Spirits Within Blu-Ray REMUX H264 1080p DTS LPCM DD51 F Silu.avi
C:\Documents and Settings\Mom\!\07 08 03 Trading Places Blu-ray REMUX H264 1080P DD51 F Silu 3761663 TPB.avi
C:\Documents and Settings\Mom\!\07 08 09 IMAX Blue Planet Blu-ray REMUX 1080P VC-1 TrueHD DD51 F 3767443 TPB.avi
C:\Documents and Settings\Mom\!\07 08 09 IMAX Into the Deep HDTV 1080P H264 OAR DD51 F Silu 3767453 TPB.avi
C:\Documents and Settings\Mom\!\07 08 09 IMAX The Dream is Alive Blu-ray REMUX 1080P VC-1 TrueHD 3767448 TPB.avi
C:\Documents and Settings\Mom\!\07 08 09 Mousehunt HDTV 1080P H264 OAR DTS F Silu.avi
C:\Documents and Settings\Mom\!\07 08 09 Racing Stripes HDTV 1080P H264 PREMIERE HD DD51 F Silu.avi
C:\Documents and Settings\Mom\!\07 08 09 The Hudsucker Proxy 1994 HDTV 1080P H264 DD51 F Silu.avi
C:\Documents and Settings\Mom\!\07 08 09 The Jackal HDTV 1080P H264 OAR DTS F Silu.avi
C:\Documents and Settings

#7
Shari

Posted 07 May 2008 - 10:58 PM

Member

Topic Starter
Member
75 posts

Then there are pages and pages of files listed under "C:\Documents and Settings\Mom\!\" - each ending in ".avi" Let me know if you want them all posted here. After the last post in the above area, the following are listed:

C:\Program Files\winvi
C:\Program Files\winvi\Uninst.exe
C:\temp\maxsv15
C:\temp\maxsv15\rLCubd.log
C:\WINDOWS\17PHolmes1000106.exe
C:\WINDOWS\BMe38aa886.xml
C:\WINDOWS\SYSTEM32\12033
C:\WINDOWS\SYSTEM32\bkEur05
C:\WINDOWS\SYSTEM32\bkEur05\bkEur051080.exe
C:\WINDOWS\SYSTEM32\cdTMP
C:\WINDOWS\SYSTEM32\cNF
C:\WINDOWS\SYSTEM32\cNF\srkcont3.exe
C:\WINDOWS\SYSTEM32\din3
C:\WINDOWS\SYSTEM32\din3\is-setup03x.exe
C:\WINDOWS\SYSTEM32\DRIVERS\core.cache.dsk
C:\WINDOWS\SYSTEM32\g61.exe
C:\WINDOWS\SYSTEM32\kcntmkdm.exe
C:\WINDOWS\SYSTEM32\lmpohnan.exe
C:\WINDOWS\SYSTEM32\xdb4
C:\WINDOWS\SYSTEM32\xdb4\DB-1bn.exe

.
((((((((((((((((((((((((( Files Created from 2008-04-08 to 2008-05-08 )))))))))))))))))))))))))))))))
.

2008-05-07 13:16 . 2008-05-07 13:16 <DIR> d-------- C:\Program Files\CCleaner
2008-05-07 13:13 . 2008-05-07 13:13 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-06 20:16 . 2008-05-06 20:16 <DIR> d-------- C:\WINDOWS\SYSTEM32\scripting
2008-05-06 20:15 . 2008-05-06 20:15 <DIR> d-------- C:\WINDOWS\SYSTEM32\en
2008-05-06 20:15 . 2008-05-06 20:16 <DIR> d-------- C:\WINDOWS\l2schemas
2008-05-06 19:58 . 2008-04-13 18:12 291,328 --a------ C:\WINDOWS\SYSTEM32\qagentrt.dll
2008-05-06 19:58 . 2008-04-13 18:12 150,528 --a------ C:\WINDOWS\SYSTEM32\qagent.dll
2008-05-06 19:58 . 2008-04-13 18:12 144,384 --a------ C:\WINDOWS\SYSTEM32\onex.dll
2008-05-06 19:58 . 2008-04-13 18:12 76,800 --a------ C:\WINDOWS\SYSTEM32\qutil.dll
2008-05-06 19:58 . 2008-04-13 18:12 69,120 --a------ C:\WINDOWS\SYSTEM32\wlanapi.dll
2008-05-06 19:58 . 2008-04-13 18:12 62,464 --a------ C:\WINDOWS\SYSTEM32\qcliprov.dll
2008-05-06 19:58 . 2008-04-13 18:12 61,952 --a------ C:\WINDOWS\SYSTEM32\rasqec.dll
2008-05-06 19:58 . 2008-04-13 18:12 50,688 --a------ C:\WINDOWS\SYSTEM32\tspkg.dll
2008-05-06 19:58 . 2008-04-13 18:12 32,768 --a------ C:\WINDOWS\SYSTEM32\setupn.exe
2008-05-06 19:58 . 2008-04-13 12:40 10,240 --------- C:\WINDOWS\SYSTEM32\DRIVERS\sffp_mmc.sys
2008-05-06 19:56 . 2008-04-13 18:11 650,752 --a------ C:\WINDOWS\SYSTEM32\dot3ui.dll
2008-05-06 19:28 . 2008-05-06 19:19 691,545 --a------ C:\WINDOWS\unins001.exe
2008-05-06 19:28 . 2008-05-06 19:28 2,537 --a------ C:\WINDOWS\unins001.dat
2008-05-06 18:29 . 2008-05-06 18:29 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-06 18:29 . 2008-05-06 18:29 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-01 08:41 . 2007-01-10 06:00 244,736 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\c2scsi.sys
2008-04-28 15:36 . 2007-11-22 17:00 483,328 --a------ C:\WINDOWS\SYSTEM32\actskn45.ocx
2008-04-26 21:16 . 2008-05-07 15:02 1,024 --ah----- C:\Documents and Settings\Sharolyn Suek\ntuser.dat.LOG
2008-04-26 21:15 . 2008-04-26 21:15 <DIR> d-------- C:\Program Files\Common Files\SureThing Shared
2008-04-26 21:15 . 2008-04-26 21:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\YAHOO
2008-04-10 13:32 . 2001-08-17 12:19 96,256 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ctlsb16.sys
2008-04-10 13:32 . 1994-09-21 00:00 12,800 --a------ C:\WINDOWS\SYSTEM\wing32.dll
2008-04-10 08:17 . 2006-12-12 11:16 22,528 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\emAudio.sys
2008-04-10 08:14 . 2005-12-21 09:14 100,957 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\emDevice.sys
2008-04-10 08:14 . 2006-11-06 13:31 81,920 --a------ C:\WINDOWS\SYSTEM32\PCLECoInst.dll
2008-04-10 08:14 . 2005-12-21 09:14 45,056 --a------ C:\WINDOWS\SYSTEM32\emVFW.dll
2008-04-10 08:14 . 2005-12-21 09:14 32,768 --a------ C:\WINDOWS\SYSTEM32\emProp.ax
2008-04-10 08:14 . 2005-12-21 09:14 24,269 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\emStream.sys
2008-04-10 08:14 . 2005-12-21 09:14 17,808 --a------ C:\WINDOWS\SYSTEM32\emYUV.dll
2008-04-10 08:14 . 2005-12-21 09:14 9,739 --a------ C:\WINDOWS\SYSTEM32\emUSD.dll
2008-04-10 08:14 . 2005-12-21 09:14 5,245 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\emFilter.sys
2008-04-10 08:14 . 2005-12-21 09:14 4,493 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\emScan.sys
2008-04-10 08:03 . 2008-05-01 00:24 <DIR> d-------- C:\Documents and Settings\Mom\Application Data\Roxio
2008-04-10 08:03 . 2008-04-10 18:47 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Roxio
2008-04-10 08:02 . 2008-04-10 08:02 <DIR> d-------- C:\Program Files\InterActual
2008-04-10 07:23 . 2008-04-10 07:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Roxio
2008-04-10 07:20 . 2008-04-10 07:20 <DIR> d-------- C:\Program Files\SmartSound Software
2008-04-10 07:20 . 2008-04-10 07:30 <DIR> d-------- C:\Program Files\Roxio
2008-04-10 07:20 . 2008-04-10 07:28 <DIR> d-------- C:\Program Files\Common Files\Roxio Shared
2008-04-10 07:20 . 2008-04-10 10:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2008-04-10 07:20 . 2008-04-10 07:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-04-10 07:19 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\SYSTEM32\d3dx9_33.dll
2008-04-10 07:19 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\SYSTEM32\D3DCompiler_33.dll
2008-04-10 07:19 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\SYSTEM32\d3dx10_33.dll
2008-04-10 07:09 . 2008-04-10 07:10 <DIR> d-------- C:\Program Files\Pinnacle
2008-04-10 07:09 . 2002-07-26 17:02 153,088 --a------ C:\Program Files\UNWISE.EXE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-07 18:09 --------- d-----w C:\Program Files\msaccrt
2008-05-07 17:56 --------- d-----w C:\Documents and Settings\Mom\Application Data\OfficeUpdate12
2008-05-07 05:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-05-07 02:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-07 01:36 --------- d-----w C:\Documents and Settings\Mom\Application Data\LimeWire
2008-05-07 01:33 --------- d---a-w C:\Program Files\Spybot - Search & Destroy
2008-05-07 00:21 --------- d---a-w C:\Program Files\SpywareBlaster
2008-05-06 23:25 --------- d---a-w C:\Program Files\LimeWire
2008-05-06 23:16 --------- d---a-w C:\Program Files\Google
2008-05-06 19:58 --------- d-----w C:\Program Files\Common Files\InstallerA
2008-05-06 19:58 --------- d-----w C:\Documents and Settings\Mom\Application Data\Sinner
2008-05-06 17:21 --------- d---a-w C:\Program Files\QUICKENW
2008-05-06 17:19 --------- d---a-w C:\Program Files\Unlocker
2008-05-06 17:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-30 07:46 --------- d---a-w C:\Program Files\HackCleaner
2008-04-30 07:41 --------- d---a-w C:\Program Files\Wise Disk Cleaner
2008-04-27 15:57 --------- d--h--r C:\Documents and Settings\Mom\Application Data\yahoo!
2008-04-27 15:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-27 03:17 --------- d---a-w C:\Program Files\Yahoo!
2008-04-14 04:57 --------- d---a-w C:\Program Files\exPressit S.E. 2.1
2008-04-14 00:13 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 00:13 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 00:13 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 00:13 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 00:12 69,120 ----a-w C:\WINDOWS\notepad.exe
2008-04-14 00:12 50,688 --sh--w C:\WINDOWS\twain_32.dll
2008-04-14 00:12 34,816 ----a-w C:\WINDOWS\Help\sniffpol.dll
2008-04-14 00:12 33,280 ----a-w C:\WINDOWS\Help\sstub.dll
2008-04-14 00:12 32,866 ------w C:\WINDOWS\slrundll.exe
2008-04-14 00:12 3,901 ------w C:\WINDOWS\system32\drivers\siint5.dll
2008-04-14 00:12 283,648 ----a-w C:\WINDOWS\winhlp32.exe
2008-04-14 00:12 279,040 ----a-w C:\WINDOWS\Help\tshoot.dll
2008-04-14 00:12 146,432 ----a-w C:\WINDOWS\regedit.exe
2008-04-14 00:12 11,325 ------w C:\WINDOWS\system32\drivers\vchnt5.dll
2008-04-14 00:12 10,752 ----a-w C:\WINDOWS\hh.exe
2008-04-14 00:12 1,033,728 ----a-w C:\WINDOWS\explorer.exe
2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 19:18 52,480 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 19:15 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 19:00 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 18:56 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-13 18:56 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-13 18:56 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-13 18:55 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-04-13 18:53 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-13 18:53 36,608 ------w C:\WINDOWS\system32\drivers\ip6fw.sys
2008-04-13 18:53 264,832 ------w C:\WINDOWS\system32\drivers\http.sys
2008-04-13 18:51 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys
2008-04-13 18:51 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys
2008-04-13 18:51 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys
2008-04-13 18:51 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys
2008-04-13 18:51 101,120 ------w C:\WINDOWS\system32\drivers\bthpan.sys
2008-04-13 18:47 25,856 ----a-w C:\WINDOWS\system32\drivers\usbprint.sys
2008-04-13 18:45 6,272 ----a-w C:\WINDOWS\system32\drivers\splitter.sys
2008-04-13 18:45 46,592 ------w C:\WINDOWS\system32\drivers\irbus.sys
2008-04-13 18:45 36,864 ----a-w C:\WINDOWS\system32\drivers\hidclass.sys
2008-04-13 18:45 32,128 ----a-w C:\WINDOWS\system32\drivers\usbccgp.sys
2008-04-13 18:45 30,208 ----a-w C:\WINDOWS\system32\drivers\usbehci.sys
2008-04-13 18:45 25,728 ----a-w C:\WINDOWS\system32\drivers\usbcamd2.sys
2008-04-13 18:45 25,600 ----a-w C:\WINDOWS\system32\drivers\usbcamd.sys
2008-04-13 18:45 24,960 ----a-w C:\WINDOWS\system32\drivers\hidparse.sys
2008-04-13 18:45 19,200 ------w C:\WINDOWS\system32\drivers\hidir.sys
2008-04-13 18:45 172,416 ----a-w C:\WINDOWS\system32\drivers\kmixer.sys
2008-04-13 18:45 15,872 ----a-w C:\WINDOWS\system32\drivers\usbintel.sys
2008-04-13 18:45 10,368 ----a-w C:\WINDOWS\system32\drivers\hidusb.sys
2008-04-13 18:44 81,664 ----a-w C:\WINDOWS\system32\drivers\videoprt.sys
.

((((((((((((((((((((((((((((( snapshot@2008-05-07_14.58.38.76 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-07 20:46:39 2,048 --s-a-w C:\WINDOWS\BOOTSTAT.DAT
+ 2008-05-08 04:16:14 2,048 --s-a-w C:\WINDOWS\BOOTSTAT.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-03 23:47 68856]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-10-09 18:56 202544]
"DellSupport-"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 18:12 15360]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 18:43 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 13:52 339968]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-09 18:57 16384]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-22 13:17 185896]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 06:33 122941]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-21 12:32 29744]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"USBToolTip"="C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [2006-10-16 13:50 202312]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2007-08-24 15:52 240112]
"DMXLauncher"="C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe" [2007-08-14 03:44 113136]
"USB2Check"="C:\WINDOWS\system32\PCLECoInst.dll" [2006-11-06 13:31 81920]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2008-05-07 15:01 6731312]

C:\Documents and Settings\Mom\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35 360448]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
APC UPS Status.lnk - C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe [2004-09-02 08:44:51 209016]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2004-08-21 20:51:55 24576]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 00:23:26 282624]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 01:49:24 73728]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-09-19 05:33:46 282624]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 02:15:54 65588]
TotalMedia Backup Monitor.lnk - C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe [2007-11-20 15:40:29 270336]
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2008-02-05 14:29:20 54512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvSmMGw]
tuvSmMGw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.SP54"= SP5X_32.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Forget Me Not.lnk]
backup=C:\WINDOWS\pss\Forget Me Not.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HPAiODevice(hp officejet d series) - 1.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
backup=C:\WINDOWS\pss\Kodak software updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk]
backup=C:\WINDOWS\pss\Quicken Startup.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-03-09 11:09 63712 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMe38aa886]
C:\WINDOWS\system32\ltuisjll.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--a--c--- 2004-04-11 10:43 53248 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HXDL.EXE]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2007-12-22 13:17 214560 C:\Program Files\Real\RealPlayer\RealPlay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a------ 2006-02-18 05:23 6144 C:\Program Files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherCast]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL ACS"=2 (0x2)
"WANMiniportService"=2 (0x2)
"ScsiAccess"=2 (0x2)
"IAANTMon"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"DSBrokerService"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"WMPNetworkSvc"=2 (0x2)
"SessionLauncher"=2 (0x2)
"RoxLiveShare10"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"Bonjour Service"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R1 c2scsi;c2scsi;C:\WINDOWS\system32\drivers\c2scsi.sys [2007-01-10 06:00]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;"C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe" [2007-08-24 15:52]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-10-09 18:56]
R3 RoxMediaDB10;RoxMediaDB10;"C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe" [2007-08-24 15:52]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;"C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe" [2007-08-24 15:53]
S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);C:\WINDOWS\system32\drivers\ctlsb16.sys [2001-08-17 12:19]
S3 GoogleDesktopManager-010108-205858;Google Desktop Manager 5.7.801.1629;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-21 12:32]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;"C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe" [2007-08-24 15:53]
S4 RoxLiveShare10;LiveShare P2P Server 10;"C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" [2007-08-24 15:52]
S4 SessionLauncher;SessionLauncher;C:\DOCUME~1\Mom\LOCALS~1\Temp\DX9\SessionLauncher.exe []

.
Contents of the 'Scheduled Tasks' folder
"2008-05-06 23:10:04 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
- C:\WINDOWS\system32\rundll32.exelC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.5.30.2.sxt _RegistrationOffer@16
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-07 22:16:59
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\SYSTEM32\ati2evxx.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\SYSTEM32\HPZipm12.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Completion time: 2008-05-07 22:31:26 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-08 04:31:19
ComboFix2.txt 2008-05-07 20:58:57
ComboFix3.txt 2007-08-01 14:03:32

Pre-Run: 82,023,911,424 bytes free
Post-Run: 81,973,563,392 bytes free

40356 --- E O F --- 2008-04-09 01:38:12

#8
Rorschach112

Posted 08 May 2008 - 05:16 AM

Ralphie

Retired Staff
47,710 posts

Hello

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

DeQuarantine::
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!

Quit::

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

#9
Shari

Posted 08 May 2008 - 07:43 AM

Member

Topic Starter
Member
75 posts

Here is the beginning of the Combofix file (see next post for more):

C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\ Sua maestAÿ Silvio Berlusconi.avi -> C:\Documents and Settings\Mom\!\ Sua maestAÿ Silvio Berlusconi.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\! ! ! Fertilizing winds causing rain.avi -> C:\Documents and Settings\Mom\!\! ! ! Fertilizing winds causing rain.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\! ! ! The cyclical systems of the sky.avi -> C:\Documents and Settings\Mom\!\! ! ! The cyclical systems of the sky.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\! # Make $500 Per Day Using Bit s File Sharing.avi -> C:\Documents and Settings\Mom\!\! # Make $500 Per Day Using Bit s File Sharing.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\! # Very Hot Coubles Homemade XXX Video.avi -> C:\Documents and Settings\Mom\!\! # Very Hot Coubles Homemade XXX Video.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\! Documentary called Thin about Anorexia english spoken Nederlands ondertiteld.avi -> C:\Documents and Settings\Mom\!\! Documentary called Thin about Anorexia english spoken Nederlands ondertiteld.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\! El Ultimatum de Bourne iMBT.avi -> C:\Documents and Settings\Mom\!\! El Ultimatum de Bourne iMBT.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\! Welcome To The Jungle.avi -> C:\Documents and Settings\Mom\!\! Welcome To The Jungle.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\!!!!!! Testament - Live in London (Richo73).avi -> C:\Documents and Settings\Mom\!\!!!!!! Testament - Live in London (Richo73).avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\!!!!!!FR seacute;rie de docs socieacute;teacute;s secregrave;tes - reacute;fs de Sarko pdt d.avi -> C:\Documents and Settings\Mom\!\!!!!!!FR seacute;rie de docs socieacute;teacute;s secregrave;tes - reacute;fs de Sarko pdt d.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\!!!!!!FUSION DIE HARD 4 ITAENG.avi -> C:\Documents and Settings\Mom\!\!!!!!!FUSION DIE HARD 4 ITAENG.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\!Brutal Persecution of Falun Gong by Chinese Communists!.avi -> C:\Documents and Settings\Mom\!\!Brutal Persecution of Falun Gong by Chinese Communists!.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\!Checked ok!.avi -> C:\Documents and Settings\Mom\!\!Checked ok!.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\!ExDesi com HARRY POTTER AND THE ORDER OF THE PHOENIX (HINDI)(yo9esh).avi -> C:\Documents and Settings\Mom\!\!ExDesi com HARRY POTTER AND THE ORDER OF THE PHOENIX (HINDI)(yo9esh).avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\# Inferno DVD rip avi English( Dutch-Subs 0.avi -> C:\Documents and Settings\Mom\!\# Inferno DVD rip avi English( Dutch-Subs 0.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\# Inferno.avi -> C:\Documents and Settings\Mom\!\# Inferno.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\#19996;#32463;98#24230;@www thqw com@#34880;#29611;#29808;.avi -> C:\Documents and Settings\Mom\!\#19996;#32463;98#24230;@www thqw com@#34880;#29611;#29808;.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\#24247;#26031;#22374;#27712;#65306;#39493;#39764;#31070;#25506; Constantine hdavi4.3g.avi -> C:\Documents and Settings\Mom\!\#24247;#26031;#22374;#27712;#65306;#39493;#39764;#31070;#25506; Constantine hdavi4.3g.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\#25918;#36880;.Exiled.2006.CN.DVDSCR.XviD-YiNiANLE.avi -> C:\Documents and Settings\Mom\!\#25918;#36880;.Exiled.2006.CN.DVDSCR.XviD-YiNiANLE.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\#28415;#22320;#30433;#24118;#40644;#37329;#30002; .avi -> C:\Documents and Settings\Mom\!\#28415;#22320;#30433;#24118;#40644;#37329;#30002; .avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\#8220;Silver Streak#8221; (1976).avi -> C:\Documents and Settings\Mom\!\#8220;Silver Streak#8221; (1976).avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\#9733;#27426;#36814;#35775;#38382;#29233;#29609;#23089;#20048;#9734;www aiwan info#9733;.avi -> C:\Documents and Settings\Mom\!\#9733;#27426;#36814;#35775;#38382;#29233;#29609;#23089;#20048;#9734;www aiwan info#9733;.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\#9733;#27426;#36814;#35775;#38382;#29233;#29609;#23089;#20048;#9734;www kizz be#9733;Gina.avi -> C:\Documents and Settings\Mom\!\#9733;#27426;#36814;#35775;#38382;#29233;#29609;#23089;#20048;#9734;www kizz be#9733;Gina.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\#9734;#20260;#24515;#9794;oO#9675;#9733;#31859;#21543;#20013;#22269;#9734;m
iba cn#9733;.avi -> C:\Documents and Settings\Mom\!\#9734;#20260;#24515;#9794;oO#9675;#9733;#31859;#21543;#20013;#22269;#9734;m
iba cn#9733;.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\#Die Hard 4 0 PAL FRENCH R5 DVDR-AAV (SUR SERVEUR HAUTE VITESSE!!!).avi -> C:\Documents and Settings\Mom\!\#Die Hard 4 0 PAL FRENCH R5 DVDR-AAV (SUR SERVEUR HAUTE VITESSE!!!).avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\#ongakudanAyumi Hamasaki - talkin 2 myself 320kbps (2007 09 19).avi -> C:\Documents and Settings\Mom\!\#ongakudanAyumi Hamasaki - talkin 2 myself 320kbps (2007 09 19).avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\#vennom underground 300 (trezentos).avi -> C:\Documents and Settings\Mom\!\#vennom underground 300 (trezentos).avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\#Vennom underground The bourne Ultimatum (o ultimato bourne 2007).avi -> C:\Documents and Settings\Mom\!\#Vennom underground The bourne Ultimatum (o ultimato bourne 2007).avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\#vennom underground The Simpsons movie 2007 (Os Simpsons o flme 2007).avi -> C:\Documents and Settings\Mom\!\#vennom underground The Simpsons movie 2007 (Os Simpsons o flme 2007).avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\$${ com} Ratatouille2007 Hindi-=Yo9esh=-.avi -> C:\Documents and Settings\Mom\!\$${ com} Ratatouille2007 Hindi-=Yo9esh=-.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\%5bHBO%5dFlagsofOurFathers-Cam~2Bros(1-1) avi -> C:\Documents and Settings\Mom\!\%5bHBO%5dFlagsofOurFathers-Cam~2Bros(1-1) avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\( 1978 DVD-R(.avi -> C:\Documents and Settings\Mom\!\( 1978 DVD-R(.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\( 2008 1CD XviD Eu DS( net).avi -> C:\Documents and Settings\Mom\!\( 2008 1CD XviD Eu DS( net).avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\( Ab Laut Chalen (1999) - CCE DVD-r - (.avi -> C:\Documents and Settings\Mom\!\( Ab Laut Chalen (1999) - CCE DVD-r - (.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\( Akbar 2008 EuEdition DVD-R (.avi -> C:\Documents and Settings\Mom\!\( Akbar 2008 EuEdition DVD-R (.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\( Akbar2008Pre viD( avi -> C:\Documents and Settings\Mom\!\( Akbar2008Pre viD( avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\( Animated Cartoon VCD Part-1(.avi -> C:\Documents and Settings\Mom\!\( Animated Cartoon VCD Part-1(.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\( Animated Cartoon VCD Part-2(.avi -> C:\Documents and Settings\Mom\!\( Animated Cartoon VCD Part-2(.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\( Bol-2008 Best Copy(.avi -> C:\Documents and Settings\Mom\!\( Bol-2008 Best Copy(.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\( com) Roulette Secrets Banned - ebook pdf.avi -> C:\Documents and Settings\Mom\!\( com) Roulette Secrets Banned - ebook pdf.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\( com) Spiderman 3 CAM VCD-CANALSTREET.avi -> C:\Documents and Settings\Mom\!\( com) Spiderman 3 CAM VCD-CANALSTREET.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\( CONCERT ) Aerosmith - Chicago IL 12-6-94 Full Concert.avi -> C:\Documents and Settings\Mom\!\( CONCERT ) Aerosmith - Chicago IL 12-6-94 Full Concert.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\( KANNUM KANNUM 2008 PDVD TMS.avi -> C:\Documents and Settings\Mom\!\( KANNUM KANNUM 2008 PDVD TMS.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\( Nachle 2007 viD-TmG-(.avi -> C:\Documents and Settings\Mom\!\( Nachle 2007 viD-TmG-(.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\( net) Surfs Up CAM XviD-CAMERA.avi -> C:\Documents and Settings\Mom\!\( net) Surfs Up CAM XviD-CAMERA.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\( net)Dus Kahaniyaan20071CD Team BMB~.avi -> C:\Documents and Settings\Mom\!\( net)Dus Kahaniyaan20071CD Team BMB~.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\( net)Kishore Kumar Legend Collection D-Z Team.avi -> C:\Documents and Settings\Mom\!\( net)Kishore Kumar Legend Collection D-Z Team.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\( net)Mithya (2008) 1 CD Pre viD-AbcD( net) avi(.avi -> C:\Documents and Settings\Mom\!\( net)Mithya (2008) 1 CD Pre viD-AbcD( net) avi(.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\( Star (2008) Pre-DVDR - Danger Seeding(.avi -> C:\Documents and Settings\Mom\!\( Star (2008) Pre-DVDR - Danger Seeding(.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\( Stardust Awards 2008 Xvid (.avi -> C:\Documents and Settings\Mom\!\( Stardust Awards 2008 Xvid (.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\( StarP (207) DZ(.avi -> C:\Documents and Settings\Mom\!\( StarP (207) DZ(.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\( Teenage Mutant Ninja Turtles.avi -> C:\Documents and Settings\Mom\!\( Teenage Mutant Ninja Turtles.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\( Zameen Par (2007) Pre DVD-R(.avi -> C:\Documents and Settings\Mom\!\( Zameen Par (2007) Pre DVD-R(.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(1975) Jaws.avi -> C:\Documents and Settings\Mom\!\(1975) Jaws.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(1980) DVDr-Rip- avi -> C:\Documents and Settings\Mom\!\(1980) DVDr-Rip- avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(1988) BTasia org Tetsuo the iron man 1988 DivX EngSub.avi -> C:\Documents and Settings\Mom\!\(1988) BTasia org Tetsuo the iron man 1988 DivX EngSub.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(1998) BTasia org Shark Skin Man And Peach Hip Girl 1998 DivX-PosTX.avi -> C:\Documents and Settings\Mom\!\(1998) BTasia org Shark Skin Man And Peach Hip Girl 1998 DivX-PosTX.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(1998)Ringu Spiral-Rasen AC3Jap-DIDA.avi -> C:\Documents and Settings\Mom\!\(1998)Ringu Spiral-Rasen AC3Jap-DIDA.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(1999) BTasia.org TVB At the Threshold of an Era (entire series) (Cantonese) DVD-.avi -> C:\Documents and Settings\Mom\!\(1999) BTasia.org TVB At the Threshold of an Era (entire series) (Cantonese) DVD-.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(2000) BTasia org Tears of the Black Tiger 2000 PAL DVDR-DERRIDA.avi -> C:\Documents and Settings\Mom\!\(2000) BTasia org Tears of the Black Tiger 2000 PAL DVDR-DERRIDA.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(2001) BTasia org Blue Spring 2001 viD-WRD.avi -> C:\Documents and Settings\Mom\!\(2001) BTasia org Blue Spring 2001 viD-WRD.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(2001) BTasia org Electric Dragon 80000V LIMITED 2001 DVDivX-EPiC.avi -> C:\Documents and Settings\Mom\!\(2001) BTasia org Electric Dragon 80000V LIMITED 2001 DVDivX-EPiC.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(2001) BTasia org Volcano High 2001 DivX OGG.avi -> C:\Documents and Settings\Mom\!\(2001) BTasia org Volcano High 2001 DivX OGG.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(2002) BTasia org Dark Water 2002 DVRrip DivX.avi -> C:\Documents and Settings\Mom\!\(2002) BTasia org Dark Water 2002 DVRrip DivX.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(2002) BTasia org Deadly Outlaw Rekka 2002 PROPER viD-VoMiT.avi -> C:\Documents and Settings\Mom\!\(2002) BTasia org Deadly Outlaw Rekka 2002 PROPER viD-VoMiT.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(2002) BTasia org Drive 2002 viD-WRD.avi -> C:\Documents and Settings\Mom\!\(2002) BTasia org Drive 2002 viD-WRD.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(2002) BTasia.org Suicide Circle (Suicide Club) 2002 viD-TheWretched (Eng Sub).avi -> C:\Documents and Settings\Mom\!\(2002) BTasia.org Suicide Circle (Suicide Club) 2002 viD-TheWretched (Eng Sub).avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(2003) BTasia org Old boy 2003 DivX DTS-MoNG.avi -> C:\Documents and Settings\Mom\!\(2003) BTasia org Old boy 2003 DivX DTS-MoNG.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(2003) BTasia org Ong-bak 2003 vid Int-EDRP.avi -> C:\Documents and Settings\Mom\!\(2003) BTasia org Ong-bak 2003 vid Int-EDRP.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(2004) BTasia org The Eye 2 2004 viD-BoB.avi -> C:\Documents and Settings\Mom\!\(2004) BTasia org The Eye 2 2004 viD-BoB.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(2004) BTasia org Zebraman 2004 viD-PoD.avi -> C:\Documents and Settings\Mom\!\(2004) BTasia org Zebraman 2004 viD-PoD.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(2007) BTasia.org TVB Heart of Greed (entire series) (Cantonese) DVD-.avi -> C:\Documents and Settings\Mom\!\(2007) BTasia.org TVB Heart of Greed (entire series) (Cantonese) DVD-.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(2007) BTasia.org TVB Marriage of Inconvenience (entire series) (Cantonese) DVD-.avi -> C:\Documents and Settings\Mom\!\(2007) BTasia.org TVB Marriage of Inconvenience (entire series) (Cantonese) DVD-.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(2007) BTasia.org TVB The Ultimate Crime Fighter (entire series) (Cantonese) DVD-.avi -> C:\Documents and Settings\Mom\!\(2007) BTasia.org TVB The Ultimate Crime Fighter (entire series) (Cantonese) DVD-.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(2008 03 09) by fellopo10 MikeinBrazil NANDA.avi -> C:\Documents and Settings\Mom\!\(2008 03 09) by fellopo10 MikeinBrazil NANDA.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(66) .avi -> C:\Documents and Settings\Mom\!\(66) .avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(Akira Kurosawa)Seven Samurai (English Subtitles).avi -> C:\Documents and Settings\Mom\!\(Akira Kurosawa)Seven Samurai (English Subtitles).avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(An Inconvenient Truth)Al Gore .avi -> C:\Documents and Settings\Mom\!\(An Inconvenient Truth)Al Gore .avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(Answer To Conspiracists) The Truth Behind The Moon Landings.avi -> C:\Documents and Settings\Mom\!\(Answer To Conspiracists) The Truth Behind The Moon Landings.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(AV) Rion Kirishima - Beautiful Older Sister Next Door (Waap GOD-237).avi -> C:\Documents and Settings\Mom\!\(AV) Rion Kirishima - Beautiful Older Sister Next Door (Waap GOD-237).avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(BBC) The Death Of Yugoslavia (2of6) The Road to War .avi -> C:\Documents and Settings\Mom\!\(BBC) The Death Of Yugoslavia (2of6) The Road to War .avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(BBC) The Death Of Yugoslavia (3of6) Wars Of Independence .avi -> C:\Documents and Settings\Mom\!\(BBC) The Death Of Yugoslavia (3of6) Wars Of Independence .avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(BBC) The Death Of Yugoslavia (4of6) The Gates Of [bleep] .avi -> C:\Documents and Settings\Mom\!\(BBC) The Death Of Yugoslavia (4of6) The Gates Of [bleep] .avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(BBC) The Death Of Yugoslavia (5of6) A Safe Area .avi -> C:\Documents and Settings\Mom\!\(BBC) The Death Of Yugoslavia (5of6) A Safe Area .avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(BBC) The Death Of Yugoslavia (6of6) Pax Americana .avi -> C:\Documents and Settings\Mom\!\(BBC) The Death Of Yugoslavia (6of6) Pax Americana .avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(Black Eyed Peas) Video - Hey Mama - www.trackermania.com.avi -> C:\Documents and Settings\Mom\!\(Black Eyed Peas) Video - Hey Mama - www.trackermania.com.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(Blink 182) Video - All the Small Things - www.trackermania.com.avi -> C:\Documents and Settings\Mom\!\(Blink 182) Video - All the Small Things - www.trackermania.com.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(Bon Jovi) Video - ItA's my life - www.trackermania.com.avi -> C:\Documents and Settings\Mom\!\(Bon Jovi) Video - ItA's my life - www.trackermania.com.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(Brazillian Movie) O Cordel Esquecido num Paiacute;s sem Memoacute;ria 2005 viD.avi -> C:\Documents and Settings\Mom\!\(Brazillian Movie) O Cordel Esquecido num Paiacute;s sem Memoacute;ria 2005 viD.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(Britney Spears - Madona) Video - Performance - www.trackermania.com.avi -> C:\Documents and Settings\Mom\!\(Britney Spears - Madona) Video - Performance - www.trackermania.com.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(Colombo Jazz) Art Blakey amp; The Jazz Messengers vid-AC3.avi -> C:\Documents and Settings\Mom\!\(Colombo Jazz) Art Blakey amp; The Jazz Messengers vid-AC3.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(Concert) Van Halen - Balance World Tour (Full Concert) .avi -> C:\Documents and Settings\Mom\!\(Concert) Van Halen - Balance World Tour (Full Concert) .avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(Conor-Subs)Battle Royale.avi -> C:\Documents and Settings\Mom\!\(Conor-Subs)Battle Royale.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(CORRECTION)Ron White - They Call Me Tater Salad-DIVXSquiggiE.avi -> C:\Documents and Settings\Mom\!\(CORRECTION)Ron White - They Call Me Tater Salad-DIVXSquiggiE.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(CORTO) Pixar - Una ghianda egrave; per sempre .avi -> C:\Documents and Settings\Mom\!\(CORTO) Pixar - Una ghianda egrave; per sempre .avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(cypress hill) insane in the membrane.avi -> C:\Documents and Settings\Mom\!\(cypress hill) insane in the membrane.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(Deeps) 3middot; DivX nike.avi -> C:\Documents and Settings\Mom\!\(Deeps) 3middot; DivX nike.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(Dhoom2 Divx 2CD 2006)-BrG.avi -> C:\Documents and Settings\Mom\!\(Dhoom2 Divx 2CD 2006)-BrG.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(digimob) Poke Runyon - The Magick of Solomon (DivX) - occult.avi -> C:\Documents and Settings\Mom\!\(digimob) Poke Runyon - The Magick of Solomon (DivX) - occult.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(digimob) Poke Runyon - The Rites of Magick (DivX).avi -> C:\Documents and Settings\Mom\!\(digimob) Poke Runyon - The Rites of Magick (DivX).avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(Direct from Scene FTP To Total s Via teXy)Mission mpossible III TELESYNC SVCD-SEPTIC.avi -> C:\Documents and Settings\Mom\!\(Direct from Scene FTP To Total s Via teXy)Mission mpossible III TELESYNC SVCD-SEPTIC.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(Disney Classic) Aristocats ( A UKB-KVCD by FFCcottage).avi -> C:\Documents and Settings\Mom\!\(Disney Classic) Aristocats ( A UKB-KVCD by FFCcottage).avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(Disney Classic) Bambi (A UKB-KVCD by FFCcottage).avi -> C:\Documents and Settings\Mom\!\(Disney Classic) Bambi (A UKB-KVCD by FFCcottage).avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(Disney Classic) Beauty amp; the Beast (A UKB-KVCD by FFCcottage).avi -> C:\Documents and Settings\Mom\!\(Disney Classic) Beauty amp; the Beast (A UKB-KVCD by FFCcottage).avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(Disney Classic) Cinderella (A UKB-KVCD by FFCcottage).avi -> C:\Documents and Settings\Mom\!\(Disney Classic) Cinderella (A UKB-KVCD by FFCcottage).avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(Disney Classic) fantasia (A UKB-KVCD by FFCcottage).avi -> C:\Documents and Settings\Mom\!\(Disney Classic) fantasia (A UKB-KVCD by FFCcottage).avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(Disney Classic) Hercules (A UKB-KVCD by FFCcottage).avi -> C:\Documents and Settings\Mom\!\(Disney Classic) Hercules (A UKB-KVCD by FFCcottage).avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(Disney Classic) Jungle Book (A UKB-KVCD by FFCcottage).avi -> C:\Documents and Settings\Mom\!\(Disney Classic) Jungle Book (A UKB-KVCD by FFCcottage).avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(Disney Classic) Lady and the Tramp (A UKB-KVCD by FFCcottage).avi -> C:\Documents and Settings\Mom\!\(Disney Classic) Lady and the Tramp (A UKB-KVCD by FFCcottage).avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(Disney Classic) Little Mermaid (A UKB-KVCD by FFCcottage).avi -> C:\Documents and Settings\Mom\!\(Disney Classic) Little Mermaid (A UKB-KVCD by FFCcottage).avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(Disney Classic) Peter Pan (A UKB-KVCD by FFCcottage).avi -> C:\Documents and Settings\Mom\!\(Disney Classic) Peter Pan (A UKB-KVCD by FFCcottage).avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(Disney Classic) Pinocchi (A UKB-KVCD by FFCcottage).avi -> C:\Documents and Settings\Mom\!\(Disney Classic) Pinocchi (A UKB-KVCD by FFCcottage).avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(Disney Classic) Robin Hood (A UKB-KVCD by FFCcottage).avi -> C:\Documents and Settings\Mom\!\(Disney Classic) Robin Hood (A UKB-KVCD by FFCcottage).avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(Disney Classic) Tarzan (A UKB-KVCD by FFCcottage).avi -> C:\Documents and Settings\Mom\!\(Disney Classic) Tarzan (A UKB-KVCD by FFCcottage).avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(Disney Classic) The Black Cauldron (A UKB-KVCD by FFCcottage).avi -> C:\Documents and Settings\Mom\!\(Disney Classic) The Black Cauldron (A UKB-KVCD by FFCcottage).avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(Disney Classic) The Great Mouse Detective (A UKB-KVCD by FFCcottage).avi -> C:\Documents and Settings\Mom\!\(Disney Classic) The Great Mouse Detective (A UKB-KVCD by FFCcottage).avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(Disney Classic) The Rescuers (A UKB-KVCD by FFCcottage).avi -> C:\Documents and Settings\Mom\!\(Disney Classic) The Rescuers (A UKB-KVCD by FFCcottage).avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(Disney Classic) The Sword in the Stone (A UKB-KVCD by FFCcottage).avi -> C:\Documents and Settings\Mom\!\(Disney Classic) The Sword in the Stone (A UKB-KVCD by FFCcottage).avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(Disney Classic) The Three Caballeros (A UKB-KVCD by FFCcottage).avi -> C:\Documents and Settings\Mom\!\(Disney Classic) The Three Caballeros (A UKB-KVCD by FFCcottage).avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(Disney Classic)101 Dalmatians (A UKB-KVCD by FFCcottage).avi -> C:\Documents and Settings\Mom\!\(Disney Classic)101 Dalmatians (A UKB-KVCD by FFCcottage).avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(Disney Classic)Snow White amp; the 7 Dwarfs(A UKB-KVCD by FFCcottage).avi -> C:\Documents and Settings\Mom\!\(Disney Classic)Snow White amp; the 7 Dwarfs(A UKB-KVCD by FFCcottage).avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(Disney Classic)The Emperors New Groove (A UKB-KVCD by FFCcottage).avi -> C:\Documents and Settings\Mom\!\(Disney Classic)The Emperors New Groove (A UKB-KVCD by FFCcottage).avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(Disney Classic)The Fox and the Hound (A UKB-KVCD by FFCcottage).avi -> C:\Documents and Settings\Mom\!\(Disney Classic)The Fox and the Hound (A UKB-KVCD by FFCcottage).avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(Disney Classic)The Hunchback of Notre Dame (A UKB-KVCD by FFCcottage).avi -> C:\Documents and Settings\Mom\!\(Disney Classic)The Hunchback of Notre Dame (A UKB-KVCD by FFCcottage).avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(Disney Classic)The Many Adventures of Winnie the Pooh (A UKB-KVCD by FFCcottage).avi -> C:\Documents and Settings\Mom\!\(Disney Classic)The Many Adventures of Winnie the Pooh (A UKB-KVCD by FFCcottage).avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(Disney) Finding Nem WINGMAN772 (A UKB-KVCD by FFCcottage).avi -> C:\Documents and Settings\Mom\!\(Disney) Finding Nem WINGMAN772 (A UKB-KVCD by FFCcottage).avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(Disney) Toy Story 1 amp; 2 barry1965(A UKB-KVCD by FFCcottage)REQ.avi -> C:\Documents and Settings\Mom\!\(Disney) Toy Story 1 amp; 2 barry1965(A UKB-KVCD by FFCcottage)REQ.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(DivX -ITA)Dogma by Sword .avi -> C:\Documents and Settings\Mom\!\(DivX -ITA)Dogma by Sword .avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(Divx ita) Howard e il destino del mondo.avi -> C:\Documents and Settings\Mom\!\(Divx ita) Howard e il destino del mondo.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(Divx ita) Predator 2.avi -> C:\Documents and Settings\Mom\!\(Divx ita) Predator 2.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(Divx Ita)300 avi -> C:\Documents and Settings\Mom\!\(Divx Ita)300 avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(Divx ScrITA) - Madagascar .avi -> C:\Documents and Settings\Mom\!\(Divx ScrITA) - Madagascar .avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(DIVX) - VASCO ROSSI - SPECIALE NOTTE ROCK 1993.avi -> C:\Documents and Settings\Mom\!\(DIVX) - VASCO ROSSI - SPECIALE NOTTE ROCK 1993.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(Divx- Ita) wallace amp; gromit by got .avi -> C:\Documents and Settings\Mom\!\(Divx- Ita) wallace amp; gromit by got .avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(Divx-Ita) Pulpfiction by Got avi -> C:\Documents and Settings\Mom\!\(Divx-Ita) Pulpfiction by Got avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(Divx-r-Ita)-Totograve;- Questa E La Vita - Completo Con la Patente .avi -> C:\Documents and Settings\Mom\!\(Divx-r-Ita)-Totograve;- Questa E La Vita - Completo Con la Patente .avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(DT) Gabriel STV FRENCH viD-iD net.avi -> C:\Documents and Settings\Mom\!\(DT) Gabriel STV FRENCH viD-iD net.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(dvd) Moi dix Mois - Dix infernal -Scars.of.sabbath.avi -> C:\Documents and Settings\Mom\!\(dvd) Moi dix Mois - Dix infernal -Scars.of.sabbath.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(dvd-ITA) King Kong( ciao frenk ) divx.avi -> C:\Documents and Settings\Mom\!\(dvd-ITA) King Kong( ciao frenk ) divx.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(Dvd-R Ita) Walt Disney - Le Avventure Di Peter Pan .avi -> C:\Documents and Settings\Mom\!\(Dvd-R Ita) Walt Disney - Le Avventure Di Peter Pan .avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(dvd5) il medico dei pazzi.avi -> C:\Documents and Settings\Mom\!\(dvd5) il medico dei pazzi.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(D_U_Y)Onimusha Dawn Of Dreams The Story .avi -> C:\Documents and Settings\Mom\!\(D_U_Y)Onimusha Dawn Of Dreams The Story .avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(ES) Dragon Sword 2004 STV FRENCH INTERNAL viD-CFL .avi -> C:\Documents and Settings\Mom\!\(ES) Dragon Sword 2004 STV FRENCH INTERNAL viD-CFL .avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(ES) Happy Feet PROPER FRENCH DVDSCR XviD-VCDFRV.avi -> C:\Documents and Settings\Mom\!\(ES) Happy Feet PROPER FRENCH DVDSCR XviD-VCDFRV.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(ES) Pans.Labyrinth 2006 FRENCH.DVDSCR XviD-CiNEFOX.avi -> C:\Documents and Settings\Mom\!\(ES) Pans.Labyrinth 2006 FRENCH.DVDSCR XviD-CiNEFOX.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(ES) The Weather Man 2005 TRUEFRENCH viD-VFC.avi -> C:\Documents and Settings\Mom\!\(ES) The Weather Man 2005 TRUEFRENCH viD-VFC.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(ES) Transporter.2 2005 720p.HDTV.MULTi XviD.x264-NBS.avi -> C:\Documents and Settings\Mom\!\(ES) Transporter.2 2005 720p.HDTV.MULTi XviD.x264-NBS.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(ES2) Chasseurs De Dragons 2008 httpelite-t3am fr nf TRUEFRENCH TS XviD-CiNEFOX.avi -> C:\Documents and Settings\Mom\!\(ES2) Chasseurs De Dragons 2008 httpelite-t3am fr nf TRUEFRENCH TS XviD-CiNEFOX.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(ETM)- Disco FRENCH CAM XViD-CaRNaGe.avi -> C:\Documents and Settings\Mom\!\(ETM)- Disco FRENCH CAM XViD-CaRNaGe.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(FRENCH)(PENSEE LIBRE)The illuminati 2005 (2CDs).avi -> C:\Documents and Settings\Mom\!\(FRENCH)(PENSEE LIBRE)The illuminati 2005 (2CDs).avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(Gorillaz) - 19 2000 - www.trackermania.com.avi -> C:\Documents and Settings\Mom\!\(Gorillaz) - 19 2000 - www.trackermania.com.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(HAMI) X-Men 3 LAffrontement Final FRENCH.avi -> C:\Documents and Settings\Mom\!\(HAMI) X-Men 3 LAffrontement Final FRENCH.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(Incredible)Man With A Tail .zip.avi -> C:\Documents and Settings\Mom\!\(Incredible)Man With A Tail .zip.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(IV) Mihiro~Pure Max .avi -> C:\Documents and Settings\Mom\!\(IV) Mihiro~Pure Max .avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(IV) Okumura Noriko Gekisha X Wild (SOPX-018)(AVI XviD 2mbps by Airbus).avi -> C:\Documents and Settings\Mom\!\(IV) Okumura Noriko Gekisha X Wild (SOPX-018)(AVI XviD 2mbps by Airbus).avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(IV)YUKO! 200%!.avi -> C:\Documents and Settings\Mom\!\(IV)YUKO! 200%!.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(IV)~kireinasekkusu DivX nike(CON004) .avi -> C:\Documents and Settings\Mom\!\(IV)~kireinasekkusu DivX nike(CON004) .avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(Kung Fu) Boxer From Shantung (Shaw Brothers) (1972).avi -> C:\Documents and Settings\Mom\!\(Kung Fu) Boxer From Shantung (Shaw Brothers) (1972).avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(Land conflict in Brazil ) Cabra Marcado Para Morrer - Twenty Years Later.avi -> C:\Documents and Settings\Mom\!\(Land conflict in Brazil ) Cabra Marcado Para Morrer - Twenty Years Later.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(Les Luthiers) - Vigesimo aniversario - www.trackermania.com.avi -> C:\Documents and Settings\Mom\!\(Les Luthiers) - Vigesimo aniversario - www.trackermania.com.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(Lezmovie) Sex revelations - French.avi -> C:\Documents and Settings\Mom\!\(Lezmovie) Sex revelations - French.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(Lightsaber Duel) Zeratul vs Hash Brown a Saberbattle.com Movie.avi -> C:\Documents and Settings\Mom\!\(Lightsaber Duel) Zeratul vs Hash Brown a Saberbattle.com Movie.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(Los Piojos) Video - Sudestada - www.trackermania.com.avi -> C:\Documents and Settings\Mom\!\(Los Piojos) Video - Sudestada - www.trackermania.com.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(Making Of) Classic Albums - Queen - A Night At The Opera.avi -> C:\Documents and Settings\Mom\!\(Making Of) Classic Albums - Queen - A Night At The Opera.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(Marvel) Ghost Rider Movie - Video Clips - A Fans Collection of Goodies.avi -> C:\Documents and Settings\Mom\!\(Marvel) Ghost Rider Movie - Video Clips - A Fans Collection of Goodies.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(MastiLand com) The Simpsons Movie 1 Cd Dvd Rip .avi -> C:\Documents and Settings\Mom\!\(MastiLand com) The Simpsons Movie 1 Cd Dvd Rip .avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(MGA) (MOVIE) The Legend Of Zorro DVD RIP DSVCD N avi -> C:\Documents and Settings\Mom\!\(MGA) (MOVIE) The Legend Of Zorro DVD RIP DSVCD N avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(movie)-FIREWALL (2006) NL subs avi -> C:\Documents and Settings\Mom\!\(movie)-FIREWALL (2006) NL subs avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(movie)-FIREWALL (2006)NL subs avi -> C:\Documents and Settings\Mom\!\(movie)-FIREWALL (2006)NL subs avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(Mpeg2)-ABBA - Kultnacht (Digital TV Rip).avi -> C:\Documents and Settings\Mom\!\(Mpeg2)-ABBA - Kultnacht (Digital TV Rip).avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(Mpeg2)-George McCrae - Rock Your Baby -spain.avi -> C:\Documents and Settings\Mom\!\(Mpeg2)-George McCrae - Rock Your Baby -spain.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(Mpeg2)-Pernilla Wahlgren and Niclas Wahlgren -- Moviestar (Mix 2003) (Live from Diggiloo).avi -> C:\Documents and Settings\Mom\!\(Mpeg2)-Pernilla Wahlgren and Niclas Wahlgren -- Moviestar (Mix 2003) (Live from Diggiloo).avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(Mpeg2)-Super Troupers - ABBA 30 †r (From Swedish TV).avi -> C:\Documents and Settings\Mom\!\(Mpeg2)-Super Troupers - ABBA 30 †r (From Swedish TV).avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(Music Video) The Doors Special EditionDVD.avi -> C:\Documents and Settings\Mom\!\(Music Video) The Doors Special EditionDVD.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(Nadeshiko) () .avi -> C:\Documents and Settings\Mom\!\(Nadeshiko) () .avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(Nerd) - Lap Dance (Uncensored Version).avi -> C:\Documents and Settings\Mom\!\(Nerd) - Lap Dance (Uncensored Version).avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(NEW ITA) Mission Impossible 3.avi -> C:\Documents and Settings\Mom\!\(NEW ITA) Mission Impossible 3.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(NS) 15 Minutes English XVID.avi -> C:\Documents and Settings\Mom\!\(NS) 15 Minutes English XVID.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(PC) - Quake III Team Arena 1 30 Gold Edition (CCD).avi -> C:\Documents and Settings\Mom\!\(PC) - Quake III Team Arena 1 30 Gold Edition (CCD).avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(Pirate bay)APE MAN 8.avi -> C:\Documents and Settings\Mom\!\(Pirate bay)APE MAN 8.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(Pirate bay)APE MAN6- CONTACTO.avi -> C:\Documents and Settings\Mom\!\(Pirate bay)APE MAN6- CONTACTO.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(Pirate bay)APEMAN 10.avi -> C:\Documents and Settings\Mom\!\(Pirate bay)APEMAN 10.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(Pirate bay)APEMAN 9.avi -> C:\Documents and Settings\Mom\!\(Pirate bay)APEMAN 9.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(Pirate bay)RATATOUILLE spanish-english.avi -> C:\Documents and Settings\Mom\!\(Pirate bay)RATATOUILLE spanish-english.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(Pirate bay)X La Pelicula DVBRip Spanish.avi -> C:\Documents and Settings\Mom\!\(Pirate bay)X La Pelicula DVBRip Spanish.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(piratecomAO) Cat Returns, the.avi -> C:\Documents and Settings\Mom\!\(piratecomAO) Cat Returns, the.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(piratecomAO) Gundam Wing, Endless Waltz.avi -> C:\Documents and Settings\Mom\!\(piratecomAO) Gundam Wing, Endless Waltz.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(piratecomAO) Porco Rosso.avi -> C:\Documents and Settings\Mom\!\(piratecomAO) Porco Rosso.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(PLOPMAN GIVES YOU)Southpark The Movie.avi -> C:\Documents and Settings\Mom\!\(PLOPMAN GIVES YOU)Southpark The Movie.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(PSP) Apostando al Limite Spanish DvDScreener.avi -> C:\Documents and Settings\Mom\!\(PSP) Apostando al Limite Spanish DvDScreener.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(PSP) Buenas Noches y Buena Suerte Spanish DvDScreener.avi -> C:\Documents and Settings\Mom\!\(PSP) Buenas Noches y Buena Suerte Spanish DvDScreener.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(PSP) Dick y Jane Ladrones de Risa Spanish TeleSync.avi -> C:\Documents and Settings\Mom\!\(PSP) Dick y Jane Ladrones de Risa Spanish TeleSync.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(PSP) Sin Control (Derailed) Spanish VHS-Screener.avi -> C:\Documents and Settings\Mom\!\(PSP) Sin Control (Derailed) Spanish VHS-Screener.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(PSP) Sophie Scholl Los Ultimos Dias Spanish DvDScreener.avi -> C:\Documents and Settings\Mom\!\(PSP) Sophie Scholl Los Ultimos Dias Spanish DvDScreener.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(PSP) Truman Capote Spanish DvDScreener.avi -> C:\Documents and Settings\Mom\!\(PSP) Truman Capote Spanish DvDScreener.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(pt2) Ali G in da house (extras)(pt 2 outta 2)(DivX)see details.avi -> C:\Documents and Settings\Mom\!\(pt2) Ali G in da house (extras)(pt 2 outta 2)(DivX)see details.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(PV) Ayumi Hamasaki - Bold Delicious MTV TOP CHOICE(720x480 mpeg2).avi -> C:\Documents and Settings\Mom\!\(PV) Ayumi Hamasaki - Bold Delicious MTV TOP CHOICE(720x480 mpeg2).avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(PV) Ayumi Hamasaki - Born To Be.. M-ON(704x480 MPEG2).avi -> C:\Documents and Settings\Mom\!\(PV) Ayumi Hamasaki - Born To Be.. M-ON(704x480 MPEG2).avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(PV) Ayumi Hamasaki - fairyland (704x480 MPEG2 MTV).avi -> C:\Documents and Settings\Mom\!\(PV) Ayumi Hamasaki - fairyland (704x480 MPEG2 MTV).avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(PV) Ayumi Hamasaki - HEAVEN (704x480 MPEG2).avi -> C:\Documents and Settings\Mom\!\(PV) Ayumi Hamasaki - HEAVEN (704x480 MPEG2).avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(PV) BENNIE K - Sky (704x480 MPEG2 MTV).avi -> C:\Documents and Settings\Mom\!\(PV) BENNIE K - Sky (704x480 MPEG2 MTV).avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(PV) Crystal KayA-CHEMISTRY - Two As One (704x480 MPEG2).avi -> C:\Documents and Settings\Mom\!\(PV) Crystal KayA-CHEMISTRY - Two As One (704x480 MPEG2).avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(PV) Heartsdales - Angel Eyes (704x480 MPEG2 MTV).avi -> C:\Documents and Settings\Mom\!\(PV) Heartsdales - Angel Eyes (704x480 MPEG2 MTV).avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(PV) Heartsdales - Huyu gonna love (704x480 MPEG2 SSTV).avi -> C:\Documents and Settings\Mom\!\(PV) Heartsdales - Huyu gonna love (704x480 MPEG2 SSTV).avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(PV) Kumi Koda - Promise (704x480 MPEG2 MTV).avi -> C:\Documents and Settings\Mom\!\(PV) Kumi Koda - Promise (704x480 MPEG2 MTV).avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(PV) Kumi Koda - WIND (704x480 MPEG2).avi -> C:\Documents and Settings\Mom\!\(PV) Kumi Koda - WIND (704x480 MPEG2).avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(PV) Kumi Koda - you (704x480 MPEG2).avi -> C:\Documents and Settings\Mom\!\(PV) Kumi Koda - you (704x480 MPEG2).avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(PV) m-flo loves LISA - TRIPOD BABY (704x480 MPEG2).avi -> C:\Documents and Settings\Mom\!\(PV) m-flo loves LISA - TRIPOD BABY (704x480 MPEG2).avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(PV) Mini Moni - Lucky Cha Cha Cha !.avi -> C:\Documents and Settings\Mom\!\(PV) Mini Moni - Lucky Cha Cha Cha !.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(PV) SEAMO with BENNIE K - a love story (704x480 MPEG2).avi -> C:\Documents and Settings\Mom\!\(PV) SEAMO with BENNIE K - a love story (704x480 MPEG2).avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(PV) Utada - YOU MAKE ME WANT TO BE A MAN.avi -> C:\Documents and Settings\Mom\!\(PV) Utada - YOU MAKE ME WANT TO BE A MAN.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(PV) Utada Hikaru - Be My Last.avi -> C:\Documents and Settings\Mom\!\(PV) Utada Hikaru - Be My Last.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(PV) Utada Hikaru - Passion (704x480 MPEG2).avi -> C:\Documents and Settings\Mom\!\(PV) Utada Hikaru - Passion (704x480 MPEG2).avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(PV) ZEEBRA - Do What U Gotta Do feat. AI, Namie Amuro, Mummy-D(704x480 MPEG2 SSTV).avi -> C:\Documents and Settings\Mom\!\(PV) ZEEBRA - Do What U Gotta Do feat. AI, Namie Amuro, Mummy-D(704x480 MPEG2 SSTV).avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(Sample) Winx Il Segreto del Regno Perduto iTALiAN HQ MD R5 XviD-A-TeaM.avi -> C:\Documents and Settings\Mom\!\(Sample) Winx Il Segreto del Regno Perduto iTALiAN HQ MD R5 XviD-A-TeaM.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(Serie Tv - Dvd-Rip) - I Viaggiatori Serie3 Ep.1-6 Tnt-Village.avi -> C:\Documents and Settings\Mom\!\(Serie Tv - Dvd-Rip) - I Viaggiatori Serie3 Ep.1-6 Tnt-Village.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(Sheryl Crow)- VH1 Behind the Music VCD.avi -> C:\Documents and Settings\Mom\!\(Sheryl Crow)- VH1 Behind the Music VCD.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(SKATEBOARDING) Neighbours A Nordic Skateboardvideo 2006 FS viD-HACO.avi -> C:\Documents and Settings\Mom\!\(SKATEBOARDING) Neighbours A Nordic Skateboardvideo 2006 FS viD-HACO.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(SKATEBOARDING) Red Dragon Euro Fest 2007 RERiP viD-HACO.avi -> C:\Documents and Settings\Mom\!\(SKATEBOARDING) Red Dragon Euro Fest 2007 RERiP viD-HACO.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(SKATEBOARDING) Revolver Street Credit LE 2004 FS viD-HACO.avi -> C:\Documents and Settings\Mom\!\(SKATEBOARDING) Revolver Street Credit LE 2004 FS viD-HACO.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(ST) ul express (vDrip XviD VO ST FR) .avi -> C:\Documents and Settings\Mom\!\(ST) ul express (vDrip XviD VO ST FR) .avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(SUM com) Mulholland Falls 1996.avi -> C:\Documents and Settings\Mom\!\(SUM com) Mulholland Falls 1996.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(super seed) Never Back Down FRENCHnet.avi -> C:\Documents and Settings\Mom\!\(super seed) Never Back Down FRENCHnet.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(The jungle Book Ed 40th Anniversary (Extra Disc).avi -> C:\Documents and Settings\Mom\!\(The jungle Book Ed 40th Anniversary (Extra Disc).avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(The Restless) Korean audio English subtitles.avi -> C:\Documents and Settings\Mom\!\(The Restless) Korean audio English subtitles.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(VideoDok german) Moskwitsch 412 (DDR-Verkehrsmagazin 1974).avi -> C:\Documents and Settings\Mom\!\(VideoDok german) Moskwitsch 412 (DDR-Verkehrsmagazin 1974).avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(VideoDok german) Quarks amp; Co - Terrorismusangst und Ueberwachungswahn (2008).avi -> C:\Documents and Settings\Mom\!\(VideoDok german) Quarks amp; Co - Terrorismusangst und Ueberwachungswahn (2008).avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(WONG KAR WAI) Ashes of Time 1994 (Original Audio).avi -> C:\Documents and Settings\Mom\!\(WONG KAR WAI) Ashes of Time 1994 (Original Audio).avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(ww.danger-z0ne.net)My Name Is Anthony Gonsalves 2008 (ww.danger-z0ne.net).avi -> C:\Documents and Settings\Mom\!\(ww.danger-z0ne.net)My Name Is Anthony Gonsalves 2008 (ww.danger-z0ne.net).avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(www.ccmmovies.com)DHOOM2 SPECIAL FEATURES-DS(www.ccmmovies.com).avi -> C:\Documents and Settings\Mom\!\(www.ccmmovies.com)DHOOM2 SPECIAL FEATURES-DS(www.ccmmovies.com).avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(XTHOR.NET) I Robot 2007 720p FRENCH BRDRiP x264 AC3-iDHD.avi -> C:\Documents and Settings\Mom\!\(XTHOR.NET) I Robot 2007 720p FRENCH BRDRiP x264 AC3-iDHD.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(xthor.net)27 Dresses 720p FRENCH BRDRiP x264 AC3-BRDRiP.avi -> C:\Documents and Settings\Mom\!\(xthor.net)27 Dresses 720p FRENCH BRDRiP x264 AC3-BRDRiP.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(XTHOR.NET)Alvin And The Chipmunks 720p FRENCH BRDRiP x264 AC3-BRDRiP.avi -> C:\Documents and Settings\Mom\!\(XTHOR.NET)Alvin And The Chipmunks 720p FRENCH BRDRiP x264 AC3-BRDRiP.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(XTHOR.NET)Fools Gold FRENCH TS XViD-VCDFRV.avi -> C:\Documents and Settings\Mom\!\(XTHOR.NET)Fools Gold FRENCH TS XViD-VCDFRV.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(XTHOR.NET)Le Nouveau Protocole iNTERNAL FRENCH CAM XViD-iCARUS.avi -> C:\Documents and Settings\Mom\!\(XTHOR.NET)Le Nouveau Protocole iNTERNAL FRENCH CAM XViD-iCARUS.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(xthor.net)THE REPLACEMENT KILLERS NTSC MULTI(french) DVDR XTHOR TEAM.avi -> C:\Documents and Settings\Mom\!\(xthor.net)THE REPLACEMENT KILLERS NTSC MULTI(french) DVDR XTHOR TEAM.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(xthor.net)V pour Vendetta NTSC 2005 MULTI 5 1(FRENCH) DVDR XTHORTEAM.avi -> C:\Documents and Settings\Mom\!\(xthor.net)V pour Vendetta NTSC 2005 MULTI 5 1(FRENCH) DVDR XTHORTEAM.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(XTT)Shoot Em Up COMPLETE PAL MULTi(french) DVDR-NEXiUS.avi -> C:\Documents and Settings\Mom\!\(XTT)Shoot Em Up COMPLETE PAL MULTi(french) DVDR-NEXiUS.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\(XTT)Wasabi 2001 NTSC MULTi (FRENCH) DVDR-ReQuiN.avi -> C:\Documents and Settings\Mom\!\(XTT)Wasabi 2001 NTSC MULTi (FRENCH) DVDR-ReQuiN.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\- .avi -> C:\Documents and Settings\Mom\!\- .avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\- Aladdin 2 Le Retour De Jafar - Divx-Fr avi par666.avi -> C:\Documents and Settings\Mom\!\- Aladdin 2 Le Retour De Jafar - Divx-Fr avi par666.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\- DivX - Ita Mp3The Fast And The Furious Tokyo Drift.avi -> C:\Documents and Settings\Mom\!\- DivX - Ita Mp3The Fast And The Furious Tokyo Drift.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\- DVD RIP - 600 Mb.avi -> C:\Documents and Settings\Mom\!\- DVD RIP - 600 Mb.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\- Harry.Potter.und.der.Orden.des.Phoenix.TS.MD.German.SVCD-BXA.avi -> C:\Documents and Settings\Mom\!\- Harry.Potter.und.der.Orden.des.Phoenix.TS.MD.German.SVCD-BXA.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\- Sivaji 2007 viD AC3 Subs-TmG TAMIL.avi -> C:\Documents and Settings\Mom\!\- Sivaji 2007 viD AC3 Subs-TmG TAMIL.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\- XviD - Ita Mp3 Valiant.avi -> C:\Documents and Settings\Mom\!\- XviD - Ita Mp3 Valiant.avi
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\-- Being John Malkovich --.avi -> C:\Documents and Settings�

#10
Shari

Posted 08 May 2008 - 07:44 AM

Member

Topic Starter
Member
75 posts

Many more files from the C:\Qoobox\Quarantine\C\Documents and Settings\Mom\!\ area, then the following:

39989 File(s) copied

Here is the new HJT file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:40:15 AM, on 5/8/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [DellSupport-] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: TotalMedia Backup Monitor.lnk = C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-36.cab
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.h...llMgr_v01_6.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1127600540625
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgall..._2/axofupld.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.del...t/TLIEFlash.CAB
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai....02/cpbrkpie.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} - http://h30155.www3.h...edsolutions.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart...ploadClient.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.c...ers/play365.cab
O16 - DPF: {D1D98C0F-A339-42AB-BD5F-EA0FF5D0E65F} (RockYou Image Uploader Control) - http://rockyou.com/R...ageUploader.cab
O16 - DPF: {D42ED9FF-DF46-4AD9-A3FE-46BAF896466E} - http://www.sunbelt-s.../CounterSpy.CAB
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.on...e/en/crlocx.ocx
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?326
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.aka...vex-2.2.1.6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{94F40BC2-5F77-47DA-9061-4FF56BE9F588}: NameServer = 216.220.0.1,216.220.30.1
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O20 - Winlogon Notify: tuvSmMGw - tuvSmMGw.dll (file missing)
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Desktop Manager 5.7.801.1629 (GoogleDesktopManager-010108-205858) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

--
End of file - 12041 bytes

#11
Rorschach112

Posted 08 May 2008 - 07:48 AM

Ralphie

Retired Staff
47,710 posts

Hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai....02/cpbrkpie.cab
O20 - Winlogon Notify: tuvSmMGw - tuvSmMGw.dll (file missing)

2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

Reboot and do this

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

Close all other windows before proceeding.
Double-click on dss.exe and follow the prompts.
If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

#12
Shari

Posted 08 May 2008 - 09:23 AM

Member

Topic Starter
Member
75 posts

main.text as follows:

Deckard's System Scanner v20071014.68
Run by Mom on 2008-05-08 08:53:24
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
50: 2008-05-08 14:53:32 UTC - RP357 - Deckard's System Scanner Restore Point
49: 2008-05-08 12:53:48 UTC - RP356 - ComboFix created restore point
48: 2008-05-08 01:22:57 UTC - RP355 - ComboFix created restore point
47: 2008-05-07 20:23:08 UTC - RP354 - ComboFix created restore point
46: 2008-05-07 01:59:50 UTC - RP353 - Software Distribution Service 3.0

-- First Restore Point --
1: 2008-05-06 18:37:57 UTC - RP308 - Trial - helping Dana

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Mom.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:56:02 AM, on 5/8/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Documents and Settings\Mom\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Mom.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [DellSupport-] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: TotalMedia Backup Monitor.lnk = C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-36.cab
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.h...llMgr_v01_6.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1127600540625
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgall..._2/axofupld.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.del...t/TLIEFlash.CAB
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} - http://h30155.www3.h...edsolutions.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart...ploadClient.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.c...ers/play365.cab
O16 - DPF: {D1D98C0F-A339-42AB-BD5F-EA0FF5D0E65F} (RockYou Image Uploader Control) - http://rockyou.com/R...ageUploader.cab
O16 - DPF: {D42ED9FF-DF46-4AD9-A3FE-46BAF896466E} - http://www.sunbelt-s.../CounterSpy.CAB
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.on...e/en/crlocx.ocx
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?326
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.aka...vex-2.2.1.6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{94F40BC2-5F77-47DA-9061-4FF56BE9F588}: NameServer = 216.220.0.1,216.220.30.1
O20 - Winlogon Notify: tuvSmMGw - tuvSmMGw.dll (file missing)
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Desktop Manager 5.7.801.1629 (GoogleDesktopManager-010108-205858) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

--
End of file - 11369 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080508-084328-674 O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
backup-20080508-084329-358 O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
backup-20080508-084329-380 O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai....02/cpbrkpie.cab
backup-20080508-084329-948 O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R2 dsunidrv (DellSupport UniDriver) - c:\windows\system32\drivers\dsunidrv.sys <Not Verified; Gteko Ltd.; Gteko Diagnostics>
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
R2 SbcpHid - c:\windows\system32\drivers\sbcphid.sys
R3 aeaudio - c:\windows\system32\drivers\aeaudio.sys <Not Verified; Andrea Electronics Corporation; Andrea Audio Driver>
R3 Afc (PPdus ASPI Shell) - c:\windows\system32\drivers\afc.sys <Not Verified; Arcsoft, Inc.; Arcsoft® ASPI Shell>
R3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
R3 smwdm - c:\windows\system32\drivers\smwdm.sys <Not Verified; Analog Devices, Inc.; SoundMAX Digital Audio Driver>

S3 bvrp_pci - c:\windows\system32\drivers\bvrp_pci.sys
S3 SQTECH905C (DualCamera) - c:\windows\system32\drivers\capt905c.sys <Not Verified; Service & Quality Technology.; SQ905c>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >
R2 sprtsvc_dellsupportcenter (SupportSoft Sprocket Service (dellsupportcenter)) - c:\program files\dell support center\bin\sprtsvc.exe /service /p dellsupportcenter

S4 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
S4 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S4 SessionLauncher - c:\docume~1\mom\locals~1\temp\dx9\sessionlauncher.exe (file missing)

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: Modem Audio Device
Device ID: MODEMWAVE\0\{48F01726-46DC-458C-BD6D-2341975E91D8}
Manufacturer:
Name: Modem Audio Device
PNP Device ID: MODEMWAVE\0\{48F01726-46DC-458C-BD6D-2341975E91D8}
Service:

-- Scheduled Tasks -------------------------------------------------------------

2008-05-06 17:10:04 432 --a------ C:\WINDOWS\Tasks\EasyShare Registration Task.job

-- Files created between 2008-04-08 and 2008-05-08 -----------------------------

2008-05-08 07:00:27 0 d-------- C:\Documents and Settings\Mom\!
2008-05-07 14:23:42 260272 --a------ C:\cmldr
2008-05-07 14:23:37 0 d-------- C:\cmdcons
2008-05-07 14:22:31 68096 --a------ C:\WINDOWS\zip.exe
2008-05-07 14:22:31 49152 --a------ C:\WINDOWS\VFind.exe
2008-05-07 14:22:31 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-07 14:22:31 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-07 14:22:31 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-07 14:22:31 98816 --a------ C:\WINDOWS\sed.exe
2008-05-07 14:22:31 80412 --a------ C:\WINDOWS\grep.exe
2008-05-07 14:22:31 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-07 13:16:03 0 d-------- C:\Program Files\CCleaner
2008-05-07 13:13:20 0 d-------- C:\Program Files\Trend Micro
2008-05-07 07:14:50 0 d-------- C:\WINDOWS\CSC
2008-05-06 21:13:28 0 d-------- C:\WINDOWS\Prefetch
2008-05-06 20:16:10 0 d-------- C:\WINDOWS\system32\scripting
2008-05-06 20:15:59 0 d-------- C:\WINDOWS\l2schemas
2008-05-06 20:15:57 0 d-------- C:\WINDOWS\system32\en
2008-05-06 19:28:30 691545 --a------ C:\WINDOWS\unins001.exe
2008-05-06 19:28:29 2537 --a------ C:\WINDOWS\unins001.dat
2008-05-06 15:54:51 0 d-------- C:\Program Files\msn gaming zone
2008-04-28 15:41:56 0 d-------- C:\Documents and Settings\NetworkService\My Documents
2008-04-26 21:15:25 0 d-------- C:\Documents and Settings\All Users\Application Data\YAHOO
2008-04-26 21:15:14 0 d-------- C:\Program Files\Common Files\SureThing Shared
2008-04-10 13:32:49 12800 --a------ C:\WINDOWS\system\wing32.dll <Not Verified; Microsoft Corporation; WinG>
2008-04-10 08:03:39 0 d-------- C:\Documents and Settings\LocalService\Application Data\Roxio
2008-04-10 08:03:35 0 d-------- C:\Documents and Settings\Mom\Application Data\Roxio
2008-04-10 08:02:09 0 d-------- C:\Program Files\InterActual
2008-04-10 07:23:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Roxio
2008-04-10 07:20:53 0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-04-10 07:20:37 0 d-------- C:\Program Files\SmartSound Software
2008-04-10 07:20:37 0 d-------- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2008-04-10 07:20:10 0 d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-04-10 07:20:09 0 d-------- C:\Program Files\Roxio
2008-04-10 07:09:34 153088 --a------ C:\Program Files\UNWISE.EXE
2008-04-10 07:09:34 0 d-------- C:\Program Files\Pinnacle

-- Find3M Report ---------------------------------------------------------------

2008-05-08 08:55:49 120035 --a------ C:\logfile
2008-05-07 12:09:09 0 d-------- C:\Program Files\msaccrt
2008-05-07 11:56:14 0 d-------- C:\Documents and Settings\Mom\Application Data\OfficeUpdate12
2008-05-07 11:20:59 4612 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-06 20:16:33 0 d-a------ C:\Program Files\Messenger
2008-05-06 20:15:56 0 d-a------ C:\Program Files\Movie Maker
2008-05-06 19:36:15 0 d-------- C:\Documents and Settings\Mom\Application Data\LimeWire
2008-05-06 18:21:16 0 d-a------ C:\Program Files\SpywareBlaster
2008-05-06 17:25:28 0 d-a------ C:\Program Files\LimeWire
2008-05-06 17:16:33 0 d-a------ C:\Program Files\Google
2008-05-06 13:58:14 0 d-------- C:\Documents and Settings\Mom\Application Data\Sinner
2008-05-06 13:58:12 0 d-------- C:\Program Files\Common Files\InstallerA
2008-05-06 11:54:06 4 --a------ C:\WINDOWS\system32\9A2796
2008-05-06 11:26:24 234096 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2008-05-06 11:21:30 0 d-a------ C:\Program Files\QUICKENW
2008-04-30 01:46:25 0 d-a------ C:\Program Files\HackCleaner
2008-04-30 01:41:59 0 d-a------ C:\Program Files\Wise Disk Cleaner
2008-04-27 09:57:09 0 dr-h----- C:\Documents and Settings\Mom\Application Data\yahoo!
2008-04-26 21:17:18 0 d-a------ C:\Program Files\Yahoo!
2008-04-26 21:15:14 0 d-a------ C:\Program Files\Common Files
2008-04-13 22:57:12 0 d-a------ C:\Program Files\exPressit S.E. 2.1
2008-04-10 07:32:44 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-10 07:29:15 0 d-a------ C:\Program Files\Common Files\Sonic Shared
2008-04-10 07:17:33 0 d-a------ C:\Program Files\Dell
2008-04-06 08:25:30 0 d-------- C:\Documents and Settings\Mom\Application Data\ZoomBrowser EX
2008-04-02 16:45:17 0 d-a------ C:\Program Files\Java
2008-03-30 11:25:17 0 d-------- C:\Documents and Settings\Mom\Application Data\Real
2008-03-29 10:56:43 0 d-a------ C:\Program Files\Microsoft Digital Image 2006
2008-03-26 21:38:17 0 d-------- C:\Documents and Settings\Mom\Application Data\Adobe
2008-03-26 17:39:38 96577 --a------ C:\WINDOWS\hpqins16.dat
2008-03-19 20:04:38 0 d-------- C:\Program Files\Bonjour
2008-03-19 20:04:35 0 d-a------ C:\Program Files\Common Files\Adobe
2008-03-19 19:38:21 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-03-19 19:31:23 0 d-------- C:\Documents and Settings\Mom\Application Data\Download Manager
2008-03-19 11:55:09 0 d-------- C:\Documents and Settings\Mom\Application Data\Uniblue
2008-03-19 11:39:05 0 d-------- C:\Program Files\Adobe kuler
2008-03-19 11:35:57 0 d-------- C:\Documents and Settings\Mom\Application Data\com.adobe.kuler.Desktop.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-03-19 11:33:37 0 d-------- C:\Program Files\Common Files\Adobe AIR

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [08/25/2004 01:52 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05/08/2007 04:24 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [10/09/2007 06:57 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [12/22/2007 01:17 PM]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [11/10/2006 01:35 PM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [05/31/2005 06:33 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [02/21/2008 12:32 PM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [03/09/2007 11:09 AM]
"USBToolTip"="C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [10/16/2006 01:50 PM]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [08/24/2007 03:52 PM]
"DMXLauncher"="C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe" [08/14/2007 03:44 AM]
"USB2Check"="C:\WINDOWS\system32\PCLECoInst.dll" [11/06/2006 01:31 PM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [05/07/2008 03:01 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 11:09 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [04/03/2007 11:47 PM]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [10/09/2007 06:56 PM]
"DellSupport-"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 11:09 AM]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 09:05 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 06:12 PM]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [08/30/2007 06:43 PM]

C:\Documents and Settings\Mom\Start Menu\Programs\Startup\
DESKTOP.INI [3/20/2004 11:58:38 AM]
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [8/29/2003 7:05:35 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
APC UPS Status.lnk - C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe [9/2/2004 8:44:51 AM]
DESKTOP.INI [3/20/2004 11:58:38 AM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [8/21/2004 8:51:55 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [5/12/2005 12:23:26 AM]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [5/12/2005 1:49:24 AM]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [9/19/2007 5:33:46 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1/21/2000 2:15:54 AM]
TotalMedia Backup Monitor.lnk - C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe [11/20/2007 3:40:29 PM]
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2/5/2008 2:29:20 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
"disableregistrytools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvSmMGw]
tuvSmMGw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Forget Me Not.lnk]
backup=C:\WINDOWS\pss\Forget Me Not.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HPAiODevice(hp officejet d series) - 1.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
backup=C:\WINDOWS\pss\Kodak software updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk]
backup=C:\WINDOWS\pss\Quicken Startup.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMe38aa886]
Rundll32.exe "C:\WINDOWS\system32\ltuisjll.dll",s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HXDL.EXE]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
C:\Program Files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherCast]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL ACS"=2 (0x2)
"WANMiniportService"=2 (0x2)
"ScsiAccess"=2 (0x2)
"IAANTMon"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"DSBrokerService"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"WMPNetworkSvc"=2 (0x2)
"SessionLauncher"=2 (0x2)
"RoxLiveShare10"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"Bonjour Service"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc

-- End of Deckard's System Scanner: finished at 2008-05-08 08:58:05 ------------

extra.txt as follows:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.00GHz
Percentage of Memory in Use: 44%
Physical Memory (total/avail): 1022.09 MiB / 572.09 MiB
Pagefile Memory (total/avail): 2461.09 MiB / 2015.2 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1870.65 MiB

C: is Fixed (NTFS) - 145.49 GiB total, 74.63 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
G: is CDROM (No Media)
H: is Removable (No Media)

\\.\PHYSICALDRIVE0 - ST3160023AS - 149.05 GiB - 3 partitions
\PARTITION0 - Unknown - 54.88 MiB
\PARTITION1 (bootable) - Logical Disk Manager - 145.49 GiB - C:
\PARTITION2 - Logical Disk Manager - 3.5 GiB

\\.\PHYSICALDRIVE1 - HP Photosmart 3310 USB Device

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Mom\Application Data
CLASSPATH=.;C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=SUEK
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Mom
LOGONSERVER=\\SUEK
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\PROGRA~1\COMMON~1\SONICS~1;C:\Program Files\QuickTime\QTSystem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0304
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Mom\LOCALS~1\Temp
TMP=C:\DOCUME~1\Mom\LOCALS~1\Temp
USERDOMAIN=SUEK
USERNAME=Mom
USERPROFILE=C:\Documents and Settings\Mom
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

Mom (admin)
Administrator (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\Yahoo!\Yahoo! Music Jukebox\oggcodecs\uninst.exe
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {4F3FCD41-AD1C-4EE8-9D5C-35DBA58BA060}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Ace Utilities --> "C:\Program Files\Ace Utilities\uninstall.exe"
Adobe AIR --> MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Illustrator CS3 --> C:\Program Files\Common Files\Adobe\Installers\a04a925a57548091300ada368235fc6\Setup.exe
Adobe Illustrator CS3 --> MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
Adobe kuler --> C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.kuler.Desktop 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Adobe kuler --> MsiExec.exe /I{6CD0B692-22A3-4853-B736-B589311A80A6}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Setup --> MsiExec.exe /I{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}
Adobe Setup --> MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Adobe® Photoshop® Album Starter Edition 3.2 --> MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
American Greetings Scrapbooks and More! --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{74BCC862-CCD6-4A58-BDF9-7BB59FC31AB3}\setup.exe" -l0x9 anything
APC PowerChute Personal Edition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5A0C892E-FD1C-4203-941E-0956AED20A6A}\Setup.exe" -l0x9
ArcSoft TotalMedia Backup & Record --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF6F70D0-C242-4047-946B-98EA8208481A}\Setup.exe" -l0x9
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AudioLabel --> C:\Program Files\AudioLabel\Uninstall.exe
AVG Anti-Rootkit Free --> C:\Program Files\GRISOFT\AVG Anti-Rootkit Free\Uninstall.exe
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Broadcom Advanced Control Suite 2 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2E086814-7392-4E0F-ADB8-54A81E47406C} /l1033
BUM --> MsiExec.exe /I{55937F00-A69B-4049-8D3A-1C7729742B6F}
Button Manager v1.836 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{703C4409-D597-433A-9B17-E411D9236451}\setup.exe" -l0x9 -removeonly
Calculator Powertoy for Windows XP --> MsiExec.exe /I{B37C842A-B624-46B8-A727-654E72F1C91A}
Calendar Creator 10 --> MsiExec.exe /I{C8CE30F9-CBD0-43B1-BFD3-B18F55A48827}
Canon Camera Access Library --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon Camera Window DC_DV 5 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Camera Window DC_DV 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window MC 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
Canon G.726 WMP-Decoder --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon RAW Image Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities EOS Utility --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities PhotoStitch --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
CK Digital Sampler --> C:\CKBROW~1\UNWISE.EXE C:\CKBROW~1\CKSAMPLER2.LOG
CleanUp! --> C:\Program Files\CleanUp!\uninstall.exe
Conexant D850 56K V.9x DFVc Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
CR2 --> MsiExec.exe /I{432C3720-37BF-4BD7-8E49-F38E090246D0}
Crash Analysis Tool --> MsiExec.exe /X{D5F881C2-B134-474E-AA60-B25DD218AE0D}
Cricut DesignStudio --> "C:\Program Files\Cricut Software\Cricut DesignStudio\uninstall.exe"
DAO --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}
Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell ResourceCD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
Dell Solution Center --> MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
Dell Support Center --> MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digital Camera --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D00353E1-9A80-11D8-A6E6-0000E24CCC1B}\setup.exe"
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
DirectXInstallService --> MsiExec.exe /X{098122AB-C605-4853-B441-C0A4EB359B75}
Duplicate Music Files Finder 1.5.5 --> "C:\Program Files\Duplicate Music Files Finder\unins000.exe"
Easy Duplicate Finder v. 1.4.4.0 --> "C:\Program Files\Easy Duplicate Finder\unins000.exe"
EMC 10 Content --> MsiExec.exe /X{FDB46DE7-9045-47BB-970A-3E4ED5369E03}
ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{42938595-0D83-404D-9F73-F8177FDD531A}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock --> MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC --> MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}
ESSTOOLS --> MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt --> MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
exPressit S.E. 2.1 --> "C:\Program Files\exPressit S.E. 2.1\UninstallerData\Uninstall exPressit S.E. 2.1.exe"
GdiplusUpgrade --> MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5}
GiPo@MoveOnBoot 1.9.5 --> MsiExec.exe /I{9F185C48-595B-401A-A1D6-AAB324890DC4}
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Pack Screensaver --> C:\WINDOWS\Google Pack Screensaver Uninstaller.exe
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HackCleaner 2.1 --> "C:\Program Files\HackCleaner\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Document Viewer 5.3 --> C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Driver Diagnostics --> MsiExec.exe /I{6314D540-E3C1-4F30-AEEB-4154C93375C3}
HP Extended Capabilities 5.3 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Image Zone 5.3 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Imaging Device Functions 5.3 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart, Officejet and Deskjet 7.0.A --> C:\Program Files\HP\Digital Imaging\{3A316611-45D1-429C-AA26-B71259C44689}\setup\hpzscr01.exe -datfile hposcr11.dat
HP PSC & OfficeJet 5.3.A --> "C:\Program Files\HP\Digital Imaging\{3E386744-10FA-44b2-98C9-DF7A270DECB3}\setup\hpzscr01.exe" -datfile hposcr06.dat
HP Solution Center & Imaging Support Tools 5.3 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update --> MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
Image Resizer Powertoy for Windows XP --> MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29}
Internet Explorer Default Page --> MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
Internet Explorer Developer Toolbar --> MsiExec.exe /I{E7081891-BC7F-43F9-9CE6-B5DD2F497156}
J2SE Runtime Environment 5.0 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150070}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
kgcbaby --> MsiExec.exe /I{E18B549C-5D15-45DA-8D8F-8FD2BD946344}
kgcbase --> MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}
kgchday --> MsiExec.exe /I{11F3F858-4131-4FFA-A560-3FE282933B6E}
kgchlwn --> MsiExec.exe /I{03EDED24-8375-407D-A721-4643D9768BE1}
kgcinvt --> MsiExec.exe /I{9BD54685-1496-46A5-AB62-357CD140ED8B}
kgckids --> MsiExec.exe /I{693C08A7-9E76-43FF-B11E-9A58175474C4}
kgcmove --> MsiExec.exe /I{A1588373-1D86-4D44-86C9-78ABD190F9CC}
kgcvday --> MsiExec.exe /I{8A8664E1-84C8-4936-891C-BC1F07797549}
KODAK EASYSHARE Gallery Easy Upload, v2.0 --> C:\Documents and Settings\Mom\Local Settings\Application Data\KodakGallery\EasyShareSetup\$SETUP_140007_2bf0709\Setup.exe /APR-REMOVE
Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_1e0002_e38fd\Setup.exe /APR-REMOVE
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
Macromedia Shockwave Player --> C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\Install.log
Microsoft Calculator Plus --> MsiExec.exe /I{83073C45-3003-4671-9A86-243AAADD915A}
Microsoft Digital Image Suite 2006 --> "C:\Program

#13
Rorschach112

Posted 08 May 2008 - 09:41 AM

Ralphie

Retired Staff
47,710 posts

Hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O20 - Winlogon Notify: tuvSmMGw - tuvSmMGw.dll (file missing)

2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

Please download the OTMoveIt2 by OldTimer.

Save it to your desktop.
Please double-click OTMoveIt2.exe to run it.

Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

[kill explorer]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMe38aa886
C:\WINDOWS\system32\ltuisjll.dll
purity 
[start explorer]

Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
Click the red Moveit! button.
A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
- Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.

Reboot and post a new DSS log and tell me how your PC is running

#14
Shari

Posted 08 May 2008 - 02:31 PM

Member

Topic Starter
Member
75 posts

Here is the first file with the DSS to follow:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, May 08, 2008 2:11:25 PM
Operating System: Microsoft Windows XP Professional, Service Pack 3 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 8/05/2008
Kaspersky Anti-Virus database records: 746691
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
G:\
H:\

Scan Statistics:
Total number of scanned objects: 372802
Number of viruses found: 18
Number of infected objects: 55
Number of suspicious objects: 4
Duration of the scan process: 03:21:57

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\489f0318e3466b559230a30b9c9cb1c7_9192d17a-9a72-4204-823a-85ab53b53cd0 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9e759f95a1884295b0486d56381802f3_9192d17a-9a72-4204-823a-85ab53b53cd0 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ac6a650f29659eb0067b4eec83d50fbd_9192d17a-9a72-4204-823a-85ab53b53cd0 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\SYSTEM\state\logs\sprtcmd.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Mom\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped
C:\Documents and Settings\Mom\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt_GTActions.log Object is locked skipped
C:\Documents and Settings\Mom\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\gdql_d_DSAgnt.log Object is locked skipped
C:\Documents and Settings\Mom\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\glog.log Object is locked skipped
C:\Documents and Settings\Mom\Application Data\Roxio\MediaManager10\Album.ldb Object is locked skipped
C:\Documents and Settings\Mom\Application Data\Roxio\MediaManager10\Album.psod Object is locked skipped
C:\Documents and Settings\Mom\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Mom\Desktop\PC Cleaning\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Mom\Local Settings\Application Data\ApplicationHistory\hpqimzone.exe.3204510e.ini.inuse Object is locked skipped
C:\Documents and Settings\Mom\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped
C:\Documents and Settings\Mom\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Mom\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Mom\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped
C:\Documents and Settings\Mom\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped
C:\Documents and Settings\Mom\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped
C:\Documents and Settings\Mom\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped
C:\Documents and Settings\Mom\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped
C:\Documents and Settings\Mom\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped
C:\Documents and Settings\Mom\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped
C:\Documents and Settings\Mom\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped
C:\Documents and Settings\Mom\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Mom\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Mom\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped
C:\Documents and Settings\Mom\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped
C:\Documents and Settings\Mom\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped
C:\Documents and Settings\Mom\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped
C:\Documents and Settings\Mom\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped
C:\Documents and Settings\Mom\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.cdx Object is locked skipped
C:\Documents and Settings\Mom\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.dbf Object is locked skipped
C:\Documents and Settings\Mom\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Mom\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Mom\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped
C:\Documents and Settings\Mom\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped
C:\Documents and Settings\Mom\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Mom\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Mom\Local Settings\Application Data\SupportSoft\DellSupportCenter\Mom\state\logs\sprtcmd.log Object is locked skipped
C:\Documents and Settings\Mom\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Mom\Local Settings\History\History.IE5\MSHist012008050820080509\index.dat Object is locked skipped
C:\Documents and Settings\Mom\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\Mom\Local Settings\Temp\~DF23A5.tmp Object is locked skipped
C:\Documents and Settings\Mom\Local Settings\Temp\~DF60E8.tmp Object is locked skipped
C:\Documents and Settings\Mom\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Mom\ntuser.dat Object is locked skipped
C:\Documents and Settings\Mom\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\My Games\Tropix\postcard.exe Infected: Trojan-Downloader.Win32.Agent.dro skipped
C:\outlookdata\backup.pst/Personal Folders/Deleted Items/10 Dec 2005 22:16 from eBay Member jell:Message from eBay Member.html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\outlookdata\backup.pst/Personal Folders/Deleted Items/16 Jan 2006 01:04 from [email protected]:Paypal Security Center.html Infected: Trojan-Spy.HTML.Paylap.ib skipped
C:\outlookdata\backup.pst/Personal Folders/Deleted Items/16 Feb 2006 09:50 from Chase Bank:Dear Chase Manhattan's Bank Cu.eml/html/UNNAMED Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\outlookdata\backup.pst/Personal Folders/Deleted Items/16 Feb 2006 09:50 from Chase Bank:Dear Chase Manhattan's Bank Cu.eml/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\outlookdata\backup.pst/Personal Folders/Deleted Items/16 Feb 2006 09:50 from Chase Bank:Dear Chase Manhattan's Bank Cu.eml Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\outlookdata\backup.pst MailMSMaill: infected - 1, suspicious - 4 skipped
C:\Program Files\INITIO\Button Manager v1.836\inihid.exe Infected: not-a-virus:AdWare.Win32.Look2Me.e skipped
C:\Program Files\Real\RealArcade\logs\GameError.log Object is locked skipped
C:\Program Files\Real\RealArcade\logs\IPC.log Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\17PHolmes1000106.exe.vir Infected: Trojan-Downloader.Win32.Homles.bk skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\bkEur05\bkEur051080.exe.vir Infected: Trojan-Downloader.Win32.VB.edw skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\cbXRLeEW.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\cNF\srkcont3.exe.vir/stream/data0007/stream/Script Infected: Trojan.NSIS.StartPage.c skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\cNF\srkcont3.exe.vir/stream/data0007/stream Infected: Trojan.NSIS.StartPage.c skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\cNF\srkcont3.exe.vir/stream/data0007 Infected: Trojan.NSIS.StartPage.c skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\cNF\srkcont3.exe.vir/stream Infected: Trojan.NSIS.StartPage.c skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\cNF\srkcont3.exe.vir NSIS: infected - 4 skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\din3\is-setup03x.exe.vir Infected: Trojan.Win32.Agent.lom skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\g61.exe.vir/stream/data0002 Infected: not-a-virus:AdWare.Win32.Agent.byy skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\g61.exe.vir/stream Infected: not-a-virus:AdWare.Win32.Agent.byy skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\g61.exe.vir NSIS: infected - 2 skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\kcntmkdm.exe.vir Infected: not-a-virus:AdWare.Win32.ZenoSearch.bc skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\xdb4\DB-1bn.exe.vir Infected: Trojan-Downloader.Win32.Small.vab skipped
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP349\A0032816.exe/data0006 Infected: Trojan-Downloader.Win32.VB.edw skipped
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP349\A0032816.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP349\A0032819.exe Infected: Trojan-Downloader.Win32.VB.edw skipped
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP349\A0032820.exe Infected: Trojan-Downloader.Win32.Small.vab skipped
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP349\A0032821.exe Infected: Trojan-Downloader.Win32.Homles.bk skipped
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP349\A0032825.exe Infected: Trojan-Downloader.Win32.Homles.bk skipped
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP349\A0033815.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP350\A0033934.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP353\A0042928.exe Infected: Trojan.Win32.Agent.los skipped
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP353\A0046826.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP353\A0046828.exe Infected: Trojan-Downloader.Win32.Homles.bm skipped
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP353\A0046829.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP353\A0046830.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP353\A0046831.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP353\A0047386.exe/data0002 Infected: not-a-virus:AdWare.Win32.Agent.jb skipped
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP353\A0047386.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP353\A0047555.exe/data0002 Infected: not-a-virus:AdWare.Win32.Agent.ahl skipped
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP353\A0047555.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP353\A0047585.exe/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP353\A0047585.exe RAR: infected - 1 skipped
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP353\A0047587.exe/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP353\A0047587.exe RAR: infected - 1 skipped
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP354\A0049676.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP355\A0050868.exe Infected: Trojan-Downloader.Win32.VB.edw skipped
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP355\A0050869.exe/stream/data0007/stream/Script Infected: Trojan.NSIS.StartPage.c skipped
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP355\A0050869.exe/stream/data0007/stream Infected: Trojan.NSIS.StartPage.c skipped
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP355\A0050869.exe/stream/data0007 Infected: Trojan.NSIS.StartPage.c skipped
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP355\A0050869.exe/stream Infected: Trojan.NSIS.StartPage.c skipped
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP355\A0050869.exe NSIS: infected - 4 skipped
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP355\A0050870.exe Infected: Trojan.Win32.Agent.lom skipped
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP355\A0050871.exe Infected: Trojan-Downloader.Win32.Small.vab skipped
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP355\A0050872.exe Infected: Trojan-Downloader.Win32.Homles.bk skipped
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP355\A0050874.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.Agent.byy skipped
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP355\A0050874.exe/stream Infected: not-a-virus:AdWare.Win32.Agent.byy skipped
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP355\A0050874.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP355\A0050875.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.bc skipped
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP357\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{1E51E9CB-D9E9-4340-BF3A-B1FFC4CFB69D}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\ACEEvent.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\ODiag.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\OSession.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\temp\JETA2BC.tmp Object is locked skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

DSS log:

Deckard's System Scanner v20071014.68
Run by Mom on 2008-05-08 14:29:13
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Mom.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:29:21 PM, on 5/8/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Mom\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Mom.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [DellSupport-] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: TotalMedia Backup Monitor.lnk = C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-36.cab
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.h...llMgr_v01_6.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1127600540625
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgall..._2/axofupld.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.del...t/TLIEFlash.CAB
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} - http://h30155.www3.h...edsolutions.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart...ploadClient.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.c...ers/play365.cab
O16 - DPF: {D1D98C0F-A339-42AB-BD5F-EA0FF5D0E65F} (RockYou Image Uploader Control) - http://rockyou.com/R...ageUploader.cab
O16 - DPF: {D42ED9FF-DF46-4AD9-A3FE-46BAF896466E} - http://www.sunbelt-s.../CounterSpy.CAB
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.on...e/en/crlocx.ocx
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?326
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.aka...vex-2.2.1.6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{94F40BC2-5F77-47DA-9061-4FF56BE9F588}: NameServer = 216.220.0.1,216.220.30.1
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Desktop Manager 5.7.801.1629 (GoogleDesktopManager-010108-205858) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

--
End of file - 11905 bytes

-- Files created between 2008-04-08 and 2008-05-08 -----------------------------

2008-05-08 10:10:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-08 10:10:38 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-08 07:00:27 0 d-------- C:\Documents and Settings\Mom\!
2008-05-07 14:23:42 260272 --a------ C:\cmldr
2008-05-07 14:23:37 0 d-------- C:\cmdcons
2008-05-07 14:22:31 68096 --a------ C:\WINDOWS\zip.exe
2008-05-07 14:22:31 49152 --a------ C:\WINDOWS\VFind.exe
2008-05-07 14:22:31 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-07 14:22:31 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-07 14:22:31 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-07 14:22:31 98816 --a------ C:\WINDOWS\sed.exe
2008-05-07 14:22:31 80412 --a------ C:\WINDOWS\grep.exe
2008-05-07 14:22:31 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-07 13:16:03 0 d-------- C:\Program Files\CCleaner
2008-05-07 13:13:20 0 d-------- C:\Program Files\Trend Micro
2008-05-07 07:14:50 0 d-------- C:\WINDOWS\CSC
2008-05-06 21:13:28 0 d-------- C:\WINDOWS\Prefetch
2008-05-06 20:16:10 0 d-------- C:\WINDOWS\system32\scripting
2008-05-06 20:15:59 0 d-------- C:\WINDOWS\l2schemas
2008-05-06 20:15:57 0 d-------- C:\WINDOWS\system32\en
2008-05-06 19:28:30 691545 --a------ C:\WINDOWS\unins001.exe
2008-05-06 19:28:29 2537 --a------ C:\WINDOWS\unins001.dat
2008-05-06 15:54:51 0 d-------- C:\Program Files\msn gaming zone
2008-04-28 15:41:56 0 d-------- C:\Documents and Settings\NetworkService\My Documents
2008-04-26 21:15:25 0 d-------- C:\Documents and Settings\All Users\Application Data\YAHOO
2008-04-26 21:15:14 0 d-------- C:\Program Files\Common Files\SureThing Shared
2008-04-10 13:32:49 12800 --a------ C:\WINDOWS\system\wing32.dll <Not Verified; Microsoft Corporation; WinG>
2008-04-10 08:03:39 0 d-------- C:\Documents and Settings\LocalService\Application Data\Roxio
2008-04-10 08:03:35 0 d-------- C:\Documents and Settings\Mom\Application Data\Roxio
2008-04-10 08:02:09 0 d-------- C:\Program Files\InterActual
2008-04-10 07:23:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Roxio
2008-04-10 07:20:53 0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-04-10 07:20:37 0 d-------- C:\Program Files\SmartSound Software
2008-04-10 07:20:37 0 d-------- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2008-04-10 07:20:10 0 d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-04-10 07:20:09 0 d-------- C:\Program Files\Roxio
2008-04-10 07:09:34 153088 --a------ C:\Program Files\UNWISE.EXE
2008-04-10 07:09:34 0 d-------- C:\Program Files\Pinnacle

-- Find3M Report ---------------------------------------------------------------

2008-05-08 14:27:41 120187 --a------ C:\logfile
2008-05-07 12:09:09 0 d-------- C:\Program Files\msaccrt
2008-05-07 11:56:14 0 d-------- C:\Documents and Settings\Mom\Application Data\OfficeUpdate12
2008-05-07 11:20:59 4612 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-06 20:16:33 0 d-a------ C:\Program Files\Messenger
2008-05-06 20:15:56 0 d-a------ C:\Program Files\Movie Maker
2008-05-06 19:36:15 0 d-------- C:\Documents and Settings\Mom\Application Data\LimeWire
2008-05-06 18:21:16 0 d-a------ C:\Program Files\SpywareBlaster
2008-05-06 17:25:28 0 d-a------ C:\Program Files\LimeWire
2008-05-06 17:16:33 0 d-a------ C:\Program Files\Google
2008-05-06 13:58:14 0 d-------- C:\Documents and Settings\Mom\Application Data\Sinner
2008-05-06 13:58:12 0 d-------- C:\Program Files\Common Files\InstallerA
2008-05-06 11:54:06 4 --a------ C:\WINDOWS\system32\9A2796
2008-05-06 11:26:24 234096 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2008-05-06 11:21:30 0 d-a------ C:\Program Files\QUICKENW
2008-04-30 01:46:25 0 d-a------ C:\Program Files\HackCleaner
2008-04-30 01:41:59 0 d-a------ C:\Program Files\Wise Disk Cleaner
2008-04-27 09:57:09 0 dr-h----- C:\Documents and Settings\Mom\Application Data\yahoo!
2008-04-26 21:17:18 0 d-a------ C:\Program Files\Yahoo!
2008-04-26 21:15:14 0 d-a------ C:\Program Files\Common Files
2008-04-13 22:57:12 0 d-a------ C:\Program Files\exPressit S.E. 2.1
2008-04-10 07:32:44 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-10 07:29:15 0 d-a------ C:\Program Files\Common Files\Sonic Shared
2008-04-10 07:17:33 0 d-a------ C:\Program Files\Dell
2008-04-06 08:25:30 0 d-------- C:\Documents and Settings\Mom\Application Data\ZoomBrowser EX
2008-04-02 16:45:17 0 d-a------ C:\Program Files\Java
2008-03-30 11:25:17 0 d-------- C:\Documents and Settings\Mom\Application Data\Real
2008-03-29 10:56:43 0 d-a------ C:\Program Files\Microsoft Digital Image 2006
2008-03-26 21:38:17 0 d-------- C:\Documents and Settings\Mom\Application Data\Adobe
2008-03-26 17:39:38 96577 --a------ C:\WINDOWS\hpqins16.dat
2008-03-19 20:04:38 0 d-------- C:\Program Files\Bonjour
2008-03-19 20:04:35 0 d-a------ C:\Program Files\Common Files\Adobe
2008-03-19 19:38:21 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-03-19 19:31:23 0 d-------- C:\Documents and Settings\Mom\Application Data\Download Manager
2008-03-19 11:55:09 0 d-------- C:\Documents and Settings\Mom\Application Data\Uniblue
2008-03-19 11:39:05 0 d-------- C:\Program Files\Adobe kuler
2008-03-19 11:35:57 0 d-------- C:\Documents and Settings\Mom\Application Data\com.adobe.kuler.Desktop.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-03-19 11:33:37 0 d-------- C:\Program Files\Common Files\Adobe AIR

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [08/25/2004 01:52 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05/08/2007 04:24 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [10/09/2007 06:57 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [12/22/2007 01:17 PM]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [11/10/2006 01:35 PM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [05/31/2005 06:33 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [02/21/2008 12:32 PM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [03/09/2007 11:09 AM]
"USBToolTip"="C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [10/16/2006 01:50 PM]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [08/24/2007 03:52 PM]
"DMXLauncher"="C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe" [08/14/2007 03:44 AM]
"USB2Check"="C:\WINDOWS\system32\PCLECoInst.dll" [11/06/2006 01:31 PM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [05/07/2008 03:01 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 11:09 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [04/03/2007 11:47 PM]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [10/09/2007 06:56 PM]
"DellSupport-"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 11:09 AM]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 09:05 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 06:12 PM]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [08/30/2007 06:43 PM]

C:\Documents and Settings\Mom\Start Menu\Programs\Startup\
DESKTOP.INI [3/20/2004 11:58:38 AM]
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [8/29/2003 7:05:35 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
APC UPS Status.lnk - C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe [9/2/2004 8:44:51 AM]
DESKTOP.INI [3/20/2004 11:58:38 AM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [8/21/2004 8:51:55 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [5/12/2005 12:23:26 AM]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [5/12/2005 1:49:24 AM]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [9/19/2007 5:33:46 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1/21/2000 2:15:54 AM]
TotalMedia Backup Monitor.lnk - C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe [11/20/2007 3:40:29 PM]
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2/5/2008 2:29:20 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
"disableregistrytools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Forget Me Not.lnk]
backup=C:\WINDOWS\pss\Forget Me Not.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HPAiODevice(hp officejet d series) - 1.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
backup=C:\WINDOWS\pss\Kodak software updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk]
backup=C:\WINDOWS\pss\Quicken Startup.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HXDL.EXE]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
C:\Program Files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherCast]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL ACS"=2 (0x2)
"WANMiniportService"=2 (0x2)
"ScsiAccess"=2 (0x2)
"IAANTMon"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"DSBrokerService"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"WMPNetworkSvc"=2 (0x2)
"SessionLauncher"=2 (0x2)
"RoxLiveShare10"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"Bonjour Service"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc

-- End of Deckard's System Scanner: finished at 2008-05-08 14:31:17 ------------

My system is running better but still seems a little buggy. Thanks for all your help on this! It will be nice to have a clean PC again!!!

Shari

#15
Rorschach112

Posted 08 May 2008 - 03:33 PM

Ralphie

Retired Staff
47,710 posts

Hello

Please download the OTMoveIt2 by OldTimer.

Save it to your desktop.
Please double-click OTMoveIt2.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
```
[kill explorer]
C:\My Games\Tropix\postcard.exe
C:\Program Files\INITIO\Button Manager v1.836\inihid.exe
purity 
[start explorer]
```
Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
Click the red Moveit! button.
A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.