Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Hijack This log [RESOLVED]

Started by Betel , May 10 2008 09:59 AM

This topic is locked

#1
Betel

Posted 10 May 2008 - 09:59 AM

Member

Member
20 posts

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:58:54 AM, on 5/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\PROGRA~1\Symbian\Shared\SYMBIA~1\SYMBIA~1.EXE
C:\PROGRA~1\Symbian\Shared\SYMBIA~1\SCBAL.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\PROGRA~1\Grisoft\AVG7\avgwb.dat
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [showwnd] showwnd.exe
O4 - HKLM\..\Run: [D-Link RangeBooster G WUA-2340] C:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [PC Suite for Smartphones] "C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [HTV Agent] C:\Program Files\HTV\HTV.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [mRouterConfig] "C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DeskSpace] C:\Documents and Settings\Owner\Desktop\New Folder\DeskSpace v1.5.1\deskspace.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6843 bytes

Thanks to anyone who help on this.

Regards,
Betel

#2
Betel

Posted 26 May 2008 - 08:57 PM

Member

Topic Starter
Member
20 posts

So can anyone help me?

Regards

#3
fenzodahl512

Posted 28 May 2008 - 12:15 AM

Malware Removal
9,863 posts

Hello, my name is fenzodahl512 and welcome to Geekstogo.. Please do the following..

Please download Deckard's System Scanner (DSS) from HERE or HERE and save it to your Desktop.

Close all other windows before proceeding.
Double-click on dss.exe and follow the prompts.
Please let your firewall allow the scanning/downloading process.
When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Regards
fenzodahl512

#4
Betel

Posted 02 June 2008 - 01:22 PM

Member

Topic Starter
Member
20 posts

Sorry this took so long, Thanks for looking at my thread.

Main.txt

Deckard's System Scanner v20071014.68
Run by Owner on 2008-06-02 15:20:21
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
84: 2008-06-02 19:20:25 UTC - RP148 - Deckard's System Scanner Restore Point
83: 2008-05-31 10:20:25 UTC - RP147 - System Checkpoint
82: 2008-05-29 02:44:31 UTC - RP146 - Software Distribution Service 3.0
81: 2008-05-28 10:20:01 UTC - RP145 - System Checkpoint
80: 2008-05-26 20:43:25 UTC - RP144 - System Checkpoint

-- First Restore Point --
1: 2008-03-03 02:58:02 UTC - RP65 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:21:44 PM, on 6/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\PROGRA~1\Symbian\Shared\SYMBIA~1\SYMBIA~1.EXE
C:\PROGRA~1\Symbian\Shared\SYMBIA~1\SCBAL.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Tibia\Tibia.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [showwnd] showwnd.exe
O4 - HKLM\..\Run: [D-Link RangeBooster G WUA-2340] C:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [PC Suite for Smartphones] "C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [HTV Agent] C:\Program Files\HTV\HTV.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [mRouterConfig] "C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DeskSpace] C:\Documents and Settings\Owner\Desktop\New Folder\DeskSpace v1.5.1\deskspace.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6872 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 ANIO (ANIO Service) - c:\windows\system32\anio.sys <Not Verified; Alpha Networks Inc.; ANIO (NT5) Driver>
R2 npkcrypt - c:\nexon\maplestory\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>

S2 zntport (NTPort Library Driver) - c:\windows\system32\zntport.sys (file missing)
S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)
S3 IlvMoneyDRIVER53 - c:\documents and settings\owner\desktop\xentare\ilvmoney1129.sys (file missing)
S3 MzBot.sys - c:\windows\system32\mzbot.sys
S3 npkcusb - c:\nexon\maplestory\npkcusb.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>
S3 XDva037 - c:\windows\system32\xdva037.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S2 ANIWZCSdService (ANIWZCSd Service) - c:\program files\ani\aniwzcs2 service\aniwzcsds.exe <Not Verified; Alpha Networks Inc.; ANIWZCS2 Service Launcher (NT)>

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_8086&DEV_29A4&SUBSYS_505A107B&REV_02\3&61AAA01&0&18
Manufacturer:
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_8086&DEV_29A4&SUBSYS_505A107B&REV_02\3&61AAA01&0&18
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Video Controller
Device ID: PCI\VEN_4444&DEV_0016&SUBSYS_88010070&REV_01\4&35FAE160&0&00F0
Manufacturer:
Name: Multimedia Video Controller
PNP Device ID: PCI\VEN_4444&DEV_0016&SUBSYS_88010070&REV_01\4&35FAE160&0&00F0
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ACPI\AWY0001\4&12686F5B&0
Manufacturer:
Name:
PNP Device ID: ACPI\AWY0001\4&12686F5B&0
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_283E&SUBSYS_505A107B&REV_02\3&61AAA01&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_283E&SUBSYS_505A107B&REV_02\3&61AAA01&0&FB
Service:

-- Files created between 2008-05-02 and 2008-06-02 -----------------------------

2008-06-01 02:21:27 0 d-------- C:\Documents and Settings\Owner\Application Data\Move Networks
2008-05-19 15:59:35 0 d-------- C:\Logs
2008-05-10 11:56:31 0 d-------- C:\Program Files\Trend Micro
2008-05-08 20:42:23 0 d-------- C:\Program Files\BPK
2008-05-08 20:16:24 0 d--h----- C:\WINDOWS\PIF
2008-05-08 19:44:48 0 d-------- C:\Program Files\PDM
2008-05-08 19:43:35 0 d-------- C:\Program Files\SoftwarePassport
2008-05-03 15:01:07 0 d-------- C:\Program Files\Real Desktop

-- Find3M Report ---------------------------------------------------------------

2008-06-02 00:39:07 0 d-------- C:\Documents and Settings\Owner\Application Data\Tibia
2008-06-01 14:59:13 0 d-------- C:\Documents and Settings\Owner\Application Data\AVG7
2008-06-01 01:32:35 0 d-------- C:\Program Files\TibiaBot NG
2008-06-01 00:25:49 0 d-------- C:\Program Files\Warcraft III
2008-05-31 13:18:17 0 d-------- C:\Program Files\Steam
2008-05-29 15:50:58 0 d-------- C:\Program Files\World of Warcraft
2008-05-17 00:21:46 0 d-------- C:\Program Files\AV Vcs 5.0 DIAMOND
2008-05-09 14:48:24 0 d-------- C:\Program Files\Microsoft Silverlight
2008-05-04 16:18:47 0 d-------- C:\Program Files\Tibia
2008-04-27 01:05:42 0 d-------- C:\Documents and Settings\Owner\Application Data\Sun
2008-04-25 23:38:16 0 d-------- C:\Program Files\LittleFighter2
2008-04-23 22:16:33 0 d-------- C:\Program Files\Microsoft Visual Studio 9.0
2008-04-23 22:16:33 0 d-------- C:\Program Files\Common Files
2008-04-23 22:16:27 0 d-------- C:\Program Files\Cheat Engine
2008-04-16 18:29:18 0 d-------- C:\Program Files\Garena
2008-04-14 20:58:48 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-13 11:39:30 0 d-------- C:\Program Files\Java
2008-04-13 11:38:03 0 d-------- C:\Program Files\Common Files\Java
2008-04-12 21:40:24 120973 --a------ C:\WINDOWS\War3Unin.dat
2008-04-10 20:45:01 0 d-------- C:\Documents and Settings\Owner\Application Data\Hamachi
2008-04-06 18:02:43 0 d-------- C:\Documents and Settings\Owner\Application Data\MySQL
2008-04-06 14:23:31 0 d-------- C:\Program Files\PremiumSoft
2008-04-05 13:32:55 0 d-------- C:\Program Files\MySQL
2008-04-02 17:49:53 0 d-------- C:\Program Files\Microsoft Speech SDK 5.1

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/05/2005 11:56 PM]
"CHotkey"="mHotkey.exe" [12/08/2004 09:57 PM C:\WINDOWS\mHotkey.exe]
"ledpointer"="CNYHKey.exe" [03/03/2004 12:24 AM C:\WINDOWS\CNYHKey.exe]
"showwnd"="showwnd.exe" [09/19/2003 12:09 AM C:\WINDOWS\ShowWnd.exe]
"D-Link RangeBooster G WUA-2340"="C:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe" [12/15/2005 01:18 PM]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [11/30/2005 11:35 AM]
"Lexmark 1200 Series"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [07/13/2006 01:22 AM]
"SigmatelSysTrayApp"="sttray.exe" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/05/2007 02:41 AM]
"nwiz"="nwiz.exe" [12/05/2007 02:41 AM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [12/05/2007 02:41 AM C:\WINDOWS\system32\nvmctray.dll]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [04/15/2008 08:06 AM]
"PC Suite for Smartphones"="C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" [05/28/2007 11:14 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"HTV Agent"="C:\Program Files\HTV\HTV.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 03:00 PM]
"mRouterConfig"="C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe" [03/02/2006 12:54 PM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [01/03/2008 12:15 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 07:24 PM]
"DeskSpace"="C:\Documents and Settings\Owner\Desktop\New Folder\DeskSpace v1.5.1\deskspace.exe" [09/18/2007 07:15 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeskSpace]
C:\Documents and Settings\Owner\Desktop\New Folder\DeskSpace v1.5.1\deskspace.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Diamondback]
C:\Program Files\Razer\Diamondback 3G\razerhid.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelAudioStudio]
"C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"C:\Program Files\Steam\Steam.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7ca0c3b9-cb69-11dc-a5b2-0015e9894972}]
Auto\command- F:\Ghost.pif
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Ghost.pif

-- Hosts -----------------------------------------------------------------------

127.0.0.1 login.odinms.de

-- End of Deckard's System Scanner: finished at 2008-06-02 15:22:09 ------------

extra.txt
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 CPU 6300 @ 1.86GHz
CPU 1: Intel® Core™2 CPU 6300 @ 1.86GHz
Percentage of Memory in Use: 33%
Physical Memory (total/avail): 2029.71 MiB / 1348.05 MiB
Pagefile Memory (total/avail): 3920.57 MiB / 3390.91 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1931.11 MiB

C: is Fixed (NTFS) - 292.7 GiB total, 232.68 GiB free.
D: is Fixed (FAT32) - 5.37 GiB total, 2.12 GiB free.
E: is CDROM (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)

\\.\PHYSICALDRIVE0 - ST3320833AS - 298.09 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 292.7 GiB - C:
\PARTITION1 - Unknown - 5.39 GiB - D:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: AVG 7.5.524 v7.5.524 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Nexon\\MapleStory\\MapleStory.exe"="C:\\Nexon\\MapleStory\\MapleStory.exe:*:Enabled:MapleStory"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Steam\\steamapps\\devilduck81\\counter-strike\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\devilduck81\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\WINDOWS\\system32\\LEXPPS.EXE"="C:\\WINDOWS\\system32\\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Steam\\steamapps\\devilduck81\\day of defeat\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\devilduck81\\day of defeat\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Sierra Online\\FreeStyle Street Basketball™\\FreeStyle.exe"="C:\\Program Files\\Sierra Online\\FreeStyle Street Basketball™\\FreeStyle.exe:*:Enabled:FreeStyle"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temp\\Rar$EX01.782\\CSPSPServer\\CSPSPServer.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temp\\Rar$EX01.782\\CSPSPServer\\CSPSPServer.exe:*:Enabled:CSPSPServer"
"C:\\Program Files\\Intuwave\\Shared\\mRouterRuntime\\mRouterRuntime.exe"="C:\\Program Files\\Intuwave\\Shared\\mRouterRuntime\\mRouterRuntime.exe:*:Enabled:mRouterRuntime Module"
"C:\\ijji\\ENGLISH\\u_gbound.exe"="C:\\ijji\\ENGLISH\\u_gbound.exe:*:Enabled:<ijji Downloader>"
"C:\\ijji\\ENGLISH\\Gunbound Revolution\\GunBound.gme"="C:\\ijji\\ENGLISH\\Gunbound Revolution\\GunBound.gme:*:Enabled:GunBound"
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"
"C:\\Documents and Settings\\Owner\\Desktop\\OdinMS\\MapleStory\\OdinMS.exe"="C:\\Documents and Settings\\Owner\\Desktop\\OdinMS\\MapleStory\\OdinMS.exe:*:Enabled:MapleStory"
"C:\\Documents and Settings\\Owner\\Desktop\\TibiCam\\TibiCAM.exe"="C:\\Documents and Settings\\Owner\\Desktop\\TibiCam\\TibiCAM.exe:*:Enabled:TibiCAM"
"C:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"="C:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe:*:Enabled:Apache HTTP Server"
"C:\\Documents and Settings\\Owner\\Desktop\\MapleStoryServer\\Debug\\MapleStoryServer.exe"="C:\\Documents and Settings\\Owner\\Desktop\\MapleStoryServer\\Debug\\MapleStoryServer.exe:*:Enabled:MapleStoryServer"
"C:\\Documents and Settings\\Owner\\Desktop\\6\\Debug\\MapleStoryServer.exe"="C:\\Documents and Settings\\Owner\\Desktop\\6\\Debug\\MapleStoryServer.exe:*:Enabled:MapleStoryServer"
"C:\\Program Files\\Garena\\Garena.exe"="C:\\Program Files\\Garena\\Garena.exe:*:Enabled:Garena"
"C:\\Program Files\\LittleFighter2\\LF2_v1.9c\\lf2.exe"="C:\\Program Files\\LittleFighter2\\LF2_v1.9c\\lf2.exe:*:Enabled:lf2"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=GATEWAY
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFAULT_CA_NR=CA8
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\GATEWAY
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Perl\site\bin;C:\Perl\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\Intuwave\Shared\mRouterRuntime
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=GATEWAY
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI

-- User Profiles ---------------------------------------------------------------

Owner (admin)
Administrator (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A2092B2A-A4FB-4464-A4C0-023D2C9993F8}\Setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3ivx D4 4.5.1 (remove only) --> "C:\Program Files\3ivx\3ivx D4 4.5.1\uninstall.exe"
Ad-Aware SE Professional --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
AIM 6 --> C:\Program Files\AIM6\uninst.exe
ANIO Service --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}\Setup.exe"
ANIWZCS2 Service --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C590030-7469-453E-8589-D15DA9D03F52}\Setup.exe"
AV Voice Changer Software DIAMOND 4.0 --> C:\PROGRA~1\AVVCS5~1.0DI\UNWISE.EXE C:\PROGRA~1\AVVCS5~1.0DI\INSTALL.LOG
AV Voice Changer Software DIAMOND 5.0 --> C:\PROGRA~1\AVVCS5~1.0DI\UNWISE.EXE C:\PROGRA~1\AVVCS5~1.0DI\INSTALL.LOG
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
Counter-Strike --> "C:\Program Files\Steam\steam.exe" steam://uninstall/10
Day of Defeat --> "C:\Program Files\Steam\steam.exe" steam://uninstall/30
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
Gunbound Revolution --> "c:\ijji\ENGLISH\Gunbound Revolution\unins000.exe"
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
ijji --> C:\ijji\ENGLISH\ijjiUninstall.exe
ijji FireFox Launcher 1.0 --> C:\Documents and Settings\All Users\Application Data\IJJIGame\uninst.exe
Intel Audio Studio 2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2205E3A5-DCDC-461D-8ED6-D6F2341D3B64}\setup.exe" -l0x9
Intel® PRO Network Connections Drivers --> Prounstl.exe
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Lexmark 1200 Series --> C:\WINDOWS\system32\spool\drivers\w32x86\3\LXCZUN5C.EXE -dLexmark 1200 Series
MapleStory --> MsiExec.exe /I{C2BF196F-6A27-416E-BF77-DF32B9AD9D7B}
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Speech SDK 5.1 --> MsiExec.exe /I{A403D88E-ED7D-48E3-91FD-B8C8A720EDA1}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 --> MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
mIRC --> C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
RangeBooster G WUA-2340 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{BA180519-5857-4D89-9EAD-A2248B89AEF7}
Razer Diamondback 3G --> C:\Program Files\InstallShield Installation Information\{7E659C5C-4DF1-499B-B802-77BAE9ABE4D4}\Setup.exe -runfromtemp -l0x0009 -removeonly
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Security Update for Step By Step Interactive Training (KB898458) -->
Security Update for Visio 2007 (KB947590) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1\HXFSETUP.EXE -U -IPDRSLSM5K.inf
SoftwarePassport --> C:\Program Files\SoftwarePassport\uninstall.exe
Sonic Encoders --> MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sony Ericsson PC Suite for Smartphones --> C:\WINDOWS\Installer\{E1252473-6306-4d5d-904D-B06AA7F38161}\setup.exe /uninstall
Sony Ericsson PC Suite for Smartphones --> MsiExec.exe /I{1E76BE75-F256-4BA4-A9A3-F433AD3D2D00}
Sony Ericsson Symbian 9 Drivers --> C:\Program Files\Sony Ericsson\Sony Ericsson Symbian 9 Drivers\ZEBRUninstall.exe
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Tibia --> "C:\Program Files\Tibia\unins000.exe"
TibiaBot NG 4.7.0 --> "C:\Program Files\TibiaBot NG\unins000.exe"
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb950378) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F6296086-AED5-4EC0-938B-08EA0254F20E}
Update Rollup 2 for Windows XP Media Center Edition 2005 --> C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
USB Wireless Keyboard Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6054F774-FEF0-46C6-9311-EC97FC576FC5}\Setup.exe" -l0x9
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VeohTV BETA --> C:\Program Files\InstallShield Installation Information\{D1B11537-EA51-4DD8-BF1E-098BEE48868D}\setup.exe -runfromtemp -l0x0409
VideoLAN VLC media player 0.8.6d --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Warcraft III: All Products --> C:\WINDOWS\War3Unin.exe C:\WINDOWS\War3Unin.dat
Windows Driver Package - Razer (Razerlow) HIDClass (03/07/2007 1.0.0.2) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\db3g_17CEA01FB508D63DE2A978D03A05C3D4BC0BA4B7\db3g.inf
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Media Center Edition 2005 KB914548 --> "C:\WINDOWS\$NtUninstallKB914548$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
XML Paper Specification Shared Components Pack 1.0 -->

-- Application Event Log -------------------------------------------------------

Event Record #/Type1161 / Error
Event Submitted/Written: 05/28/2008 10:47:09 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application ANIWZCSdS.exe, version 1.0.1.30507, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00010f83.
Processing media-specific event for [ANIWZCSdS.exe!ws!]

Event Record #/Type1156 / Error
Event Submitted/Written: 05/26/2008 01:52:58 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application mhotkey.exe, version 3.0.0.10, faulting module unknown, version 0.0.0.0, fault address 0x458a6428.
Processing media-specific event for [mhotkey.exe!ws!]

Event Record #/Type1150 / Error
Event Submitted/Written: 05/24/2008 08:18:20 PM
Event ID/Source: 1001 / Application Hang
Event Description:
Fault bucket 714732022.

Event Record #/Type1149 / Error
Event Submitted/Written: 05/24/2008 08:18:17 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application Tibia.exe, version 8.1.1.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type1140 / Error
Event Submitted/Written: 05/16/2008 11:27:07 PM
Event ID/Source: 1001 / Application Error
Event Description:
Fault bucket 00733296.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type7101 / Warning
Event Submitted/Written: 06/02/2008 00:47:46 PM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type7093 / Warning
Event Submitted/Written: 06/01/2008 10:50:58 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type7092 / Warning
Event Submitted/Written: 06/01/2008 02:34:58 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type7087 / Warning
Event Submitted/Written: 05/31/2008 00:12:51 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type7081 / Warning
Event Submitted/Written: 05/29/2008 00:26:22 PM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

-- End of Deckard's System Scanner: finished at 2008-06-02 15:22:09 ------------

#5
fenzodahl512

Posted 03 June 2008 - 12:40 AM

Malware Removal
9,863 posts

Looking at your system now, one or more of the identified infections is a Keylogger. If this computer is ever used for on-line banking, I suggest you do the following IMMEDIATELY:
Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.
From a clean computer, change ALL your on-line passwords for email, for banks, financial accounts, PayPal, eBay, on-line companies, any on-line forums or groups you belong to.
Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information. Please refrain from using this computer for online-banking/financial purpose until we give it all clear

Hello, thanks for the reply.. Tell me, do you use/know about Ardamax Keylogger program?

Just a bit information for you. Your AVG7 is outdated and no longer supported by Grisoft. It has been replaced with AVG8 Free. More information below:
http://free.grisoft....ownload?prd=afe

Please do the following..

Please go to Start > Control Panel > Add or Remove Programs and remove the following (if present):

Viewpoint Media Player

NEXT

We need to get rid of some of the services running on your machine. To do this, copy (Ctrl +C) and paste (Ctrl +V) the text in the code box below to Notepad.

@echo off
sc stop Viewpoint Manager Service
sc delete Viewpoint Manager Service
exit

Save it to your desktop as File name: Service.bat
Save as type: All Files

Once done, double click Service.bat to run it. A command window will open briefly, then close. This is quite normal.

If you do not sure how to make a batch file, please visit HERE for the tutorial.

NEXT

Please download the OTMoveIt2 by OldTimer.

Save it to your desktop.
Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")

Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

[kill explorer]
C:\Program Files\Viewpoint
F:\Ghost.pif
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7ca0c3b9-cb69-11dc-a5b2-0015e9894972}
EmptyTemp
[start explorer]

Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
Click the red Moveit! button.
A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the following in your next reply..

1. Tell me about Ardamax Keylogger
2. OTMoveIt2 log
3. A fresh Deckard System Scanner (after OTMoveIt2 step)

Regards
fenzodahl512

#6
Betel

Posted 03 June 2008 - 01:27 PM

Member

Topic Starter
Member
20 posts

1. The ardamax keylogger was something i installed on my own computer a while ago to make sure no one was on my computer when i was away from home. Im pretty sure i uninstalled it awhile ago.
By the way, i reformated my computer 3 months ago but i still have backup files that i cant delete. Is there anyway to remove them?

2.Explorer killed successfully
File/Folder C:\Program Files\Viewpoint not found.
File/Folder F:\Ghost.pif not found.
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D\\ deleted successfully.
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7ca0c3b9-cb69-11dc-a5b2-0015e9894972} >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7ca0c3b9-cb69-11dc-a5b2-0015e9894972}\\ deleted successfully.
< EmptyTemp >
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06032008_152504

3. Deckard's System Scanner v20071014.68
Run by Owner on 2008-06-03 15:27:11
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:27:14 PM, on 6/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\PROGRA~1\Symbian\Shared\SYMBIA~1\SYMBIA~1.EXE
C:\PROGRA~1\Symbian\Shared\SYMBIA~1\SCBAL.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Tibia\Tibia.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\TibiaBot NG\loader.exe
C:\Program Files\TibiaBot NG\loader.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [showwnd] showwnd.exe
O4 - HKLM\..\Run: [D-Link RangeBooster G WUA-2340] C:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [PC Suite for Smartphones] "C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [HTV Agent] C:\Program Files\HTV\HTV.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [mRouterConfig] "C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DeskSpace] C:\Documents and Settings\Owner\Desktop\New Folder\DeskSpace v1.5.1\deskspace.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 6726 bytes

-- Files created between 2008-05-03 and 2008-06-03 -----------------------------

2008-06-02 16:54:06 0 d-------- C:\GMDL
2008-06-01 02:21:27 0 d-------- C:\Documents and Settings\Owner\Application Data\Move Networks
2008-05-19 15:59:35 0 d-------- C:\Logs
2008-05-10 11:56:31 0 d-------- C:\Program Files\Trend Micro
2008-05-08 20:42:23 0 d-------- C:\Program Files\BPK
2008-05-08 20:16:24 0 d--h----- C:\WINDOWS\PIF
2008-05-08 19:44:48 0 d-------- C:\Program Files\PDM
2008-05-08 19:43:35 0 d-------- C:\Program Files\SoftwarePassport
2008-05-03 15:01:07 0 d-------- C:\Program Files\Real Desktop

-- Find3M Report ---------------------------------------------------------------

2008-06-02 18:26:16 0 d-------- C:\Program Files\Steam
2008-06-02 00:39:07 0 d-------- C:\Documents and Settings\Owner\Application Data\Tibia
2008-06-01 14:59:13 0 d-------- C:\Documents and Settings\Owner\Application Data\AVG7
2008-06-01 01:32:35 0 d-------- C:\Program Files\TibiaBot NG
2008-06-01 00:25:49 0 d-------- C:\Program Files\Warcraft III
2008-05-29 15:50:58 0 d-------- C:\Program Files\World of Warcraft
2008-05-17 00:21:46 0 d-------- C:\Program Files\AV Vcs 5.0 DIAMOND
2008-05-09 14:48:24 0 d-------- C:\Program Files\Microsoft Silverlight
2008-05-04 16:18:47 0 d-------- C:\Program Files\Tibia
2008-04-27 01:05:42 0 d-------- C:\Documents and Settings\Owner\Application Data\Sun
2008-04-25 23:38:16 0 d-------- C:\Program Files\LittleFighter2
2008-04-23 22:16:33 0 d-------- C:\Program Files\Microsoft Visual Studio 9.0
2008-04-23 22:16:33 0 d-------- C:\Program Files\Common Files
2008-04-23 22:16:27 0 d-------- C:\Program Files\Cheat Engine
2008-04-16 18:29:18 0 d-------- C:\Program Files\Garena
2008-04-14 20:58:48 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-13 11:39:30 0 d-------- C:\Program Files\Java
2008-04-13 11:38:03 0 d-------- C:\Program Files\Common Files\Java
2008-04-12 21:40:24 120973 --a------ C:\WINDOWS\War3Unin.dat
2008-04-10 20:45:01 0 d-------- C:\Documents and Settings\Owner\Application Data\Hamachi
2008-04-06 18:02:43 0 d-------- C:\Documents and Settings\Owner\Application Data\MySQL
2008-04-06 14:23:31 0 d-------- C:\Program Files\PremiumSoft
2008-04-05 13:32:55 0 d-------- C:\Program Files\MySQL

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/05/2005 11:56 PM]
"CHotkey"="mHotkey.exe" [12/08/2004 09:57 PM C:\WINDOWS\mHotkey.exe]
"ledpointer"="CNYHKey.exe" [03/03/2004 12:24 AM C:\WINDOWS\CNYHKey.exe]
"showwnd"="showwnd.exe" [09/19/2003 12:09 AM C:\WINDOWS\ShowWnd.exe]
"D-Link RangeBooster G WUA-2340"="C:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe" [12/15/2005 01:18 PM]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [11/30/2005 11:35 AM]
"Lexmark 1200 Series"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [07/13/2006 01:22 AM]
"SigmatelSysTrayApp"="sttray.exe" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/05/2007 02:41 AM]
"nwiz"="nwiz.exe" [12/05/2007 02:41 AM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [12/05/2007 02:41 AM C:\WINDOWS\system32\nvmctray.dll]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [04/15/2008 08:06 AM]
"PC Suite for Smartphones"="C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" [05/28/2007 11:14 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"HTV Agent"="C:\Program Files\HTV\HTV.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 03:00 PM]
"mRouterConfig"="C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe" [03/02/2006 12:54 PM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [01/03/2008 12:15 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 07:24 PM]
"DeskSpace"="C:\Documents and Settings\Owner\Desktop\New Folder\DeskSpace v1.5.1\deskspace.exe" [09/18/2007 07:15 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeskSpace]
C:\Documents and Settings\Owner\Desktop\New Folder\DeskSpace v1.5.1\deskspace.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Diamondback]
C:\Program Files\Razer\Diamondback 3G\razerhid.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelAudioStudio]
"C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"C:\Program Files\Steam\Steam.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

-- End of Deckard's System Scanner: finished at 2008-06-03 15:27:29 ------------

Edited by Betel, 03 June 2008 - 01:30 PM.

#7
fenzodahl512

Posted 03 June 2008 - 10:39 PM

Malware Removal
9,863 posts

Hello Betel, thanks for the reply.. Please tell me which back-up files you can't delete..

Please do the following..

Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")

Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
```
[kill explorer]
C:\Program Files\HTV
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\HTV Agent
[start explorer]
```
Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
Click the red Moveit! button.
A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

NEXT

Please download Malwarebytes' Anti-Malware from HERE or HERE

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Please include the following in your next reply..

1. Tell me about those backup files you can't delete
2. OTMoveIT2
3. MalwareBytes'
4. A fresh Deckard System Scanner (after MalwareBytes' Step)

Regards
fenzodahl512

#8
Betel

Posted 04 June 2008 - 02:44 PM

Member

Topic Starter
Member
20 posts

1. The backup file are in my C drive when i try to delete the backup folder i get the error

Cannot deleteAcroIEHelper.dll : Access is denied
Make sure the disk is not full or write-protected
and that the file is currently not in use.

Cannot delete flash9d.osx

2. Explorer killed successfully
File/Folder C:\Program Files\HTV not found.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\HTV Agent >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\HTV Agent deleted successfully.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06042008_150115

3. Malwarebytes' Anti-Malware 1.14
Database version: 825

4:39:53 PM 6/4/2008
mbam-log-6-4-2008 (16-39-53).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 171375
Time elapsed: 48 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\SoftwarePassport\SoftwarePassport.exe (SoftwarePassport.exe) -> Quarantined and deleted successfully.

4. Deckard's System Scanner v20071014.68
Run by Owner on 2008-06-04 16:41:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:41:47 PM, on 6/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\PROGRA~1\Symbian\Shared\SYMBIA~1\SYMBIA~1.EXE
C:\PROGRA~1\Symbian\Shared\SYMBIA~1\SCBAL.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\Tibia\Tibia.exe
C:\Program Files\TibiaBot NG\loader.exe
C:\Program Files\TibiaBot NG\loader.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [showwnd] showwnd.exe
O4 - HKLM\..\Run: [D-Link RangeBooster G WUA-2340] C:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PC Suite for Smartphones] "C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [mRouterConfig] "C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DeskSpace] C:\Documents and Settings\Owner\Desktop\New Folder\DeskSpace v1.5.1\deskspace.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 6269 bytes

-- Files created between 2008-05-04 and 2008-06-04 -----------------------------

2008-06-04 15:02:45 0 d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-06-04 15:02:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-04 15:02:43 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-03 20:20:41 0 d--h----- C:\$AVG8.VAULT$
2008-06-03 19:54:05 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-03 19:54:00 0 d-------- C:\Program Files\AVG
2008-06-03 19:54:00 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-01 02:21:27 0 d-------- C:\Documents and Settings\Owner\Application Data\Move Networks
2008-05-19 15:59:35 0 d-------- C:\Logs
2008-05-10 11:56:31 0 d-------- C:\Program Files\Trend Micro
2008-05-08 20:42:23 0 d-------- C:\Program Files\BPK
2008-05-08 20:16:24 0 d--h----- C:\WINDOWS\PIF
2008-05-08 19:44:48 0 d-------- C:\Program Files\PDM
2008-05-08 19:43:35 0 d-------- C:\Program Files\SoftwarePassport

-- Find3M Report ---------------------------------------------------------------

2008-06-04 15:01:01 0 d-------- C:\Program Files\TibiaBot NG
2008-06-02 18:26:16 0 d-------- C:\Program Files\Steam
2008-06-02 00:39:07 0 d-------- C:\Documents and Settings\Owner\Application Data\Tibia
2008-06-01 00:25:49 0 d-------- C:\Program Files\Warcraft III
2008-05-29 15:50:58 0 d-------- C:\Program Files\World of Warcraft
2008-05-17 00:21:46 0 d-------- C:\Program Files\AV Vcs 5.0 DIAMOND
2008-05-09 14:48:24 0 d-------- C:\Program Files\Microsoft Silverlight
2008-05-04 16:18:47 0 d-------- C:\Program Files\Tibia
2008-05-03 16:15:04 0 d-------- C:\Program Files\Real Desktop
2008-04-27 01:05:42 0 d-------- C:\Documents and Settings\Owner\Application Data\Sun
2008-04-25 23:38:16 0 d-------- C:\Program Files\LittleFighter2
2008-04-23 22:16:33 0 d-------- C:\Program Files\Microsoft Visual Studio 9.0
2008-04-23 22:16:33 0 d-------- C:\Program Files\Common Files
2008-04-23 22:16:27 0 d-------- C:\Program Files\Cheat Engine
2008-04-16 18:29:18 0 d-------- C:\Program Files\Garena
2008-04-14 20:58:48 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-13 11:39:30 0 d-------- C:\Program Files\Java
2008-04-13 11:38:03 0 d-------- C:\Program Files\Common Files\Java
2008-04-12 21:40:24 120973 --a------ C:\WINDOWS\War3Unin.dat
2008-04-10 20:45:01 0 d-------- C:\Documents and Settings\Owner\Application Data\Hamachi
2008-04-06 18:02:43 0 d-------- C:\Documents and Settings\Owner\Application Data\MySQL
2008-04-06 14:23:31 0 d-------- C:\Program Files\PremiumSoft
2008-04-05 13:32:55 0 d-------- C:\Program Files\MySQL

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/05/2005 11:56 PM]
"CHotkey"="mHotkey.exe" [12/08/2004 09:57 PM C:\WINDOWS\mHotkey.exe]
"ledpointer"="CNYHKey.exe" [03/03/2004 12:24 AM C:\WINDOWS\CNYHKey.exe]
"showwnd"="showwnd.exe" [09/19/2003 12:09 AM C:\WINDOWS\ShowWnd.exe]
"D-Link RangeBooster G WUA-2340"="C:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe" [12/15/2005 01:18 PM]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [11/30/2005 11:35 AM]
"Lexmark 1200 Series"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [07/13/2006 01:22 AM]
"SigmatelSysTrayApp"="sttray.exe" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/05/2007 02:41 AM]
"nwiz"="nwiz.exe" [12/05/2007 02:41 AM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [12/05/2007 02:41 AM C:\WINDOWS\system32\nvmctray.dll]
"PC Suite for Smartphones"="C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" [05/28/2007 11:14 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [06/03/2008 07:54 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 03:00 PM]
"mRouterConfig"="C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe" [03/02/2006 12:54 PM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [01/03/2008 12:15 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 07:24 PM]
"DeskSpace"="C:\Documents and Settings\Owner\Desktop\New Folder\DeskSpace v1.5.1\deskspace.exe" [09/18/2007 07:15 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeskSpace]
C:\Documents and Settings\Owner\Desktop\New Folder\DeskSpace v1.5.1\deskspace.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Diamondback]
C:\Program Files\Razer\Diamondback 3G\razerhid.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelAudioStudio]
"C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"C:\Program Files\Steam\Steam.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dccab8fd-b9bf-11dc-a583-806d6172696f}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

*Newly Created Service* - AVG8WD
*Newly Created Service* - AVGLDX86
*Newly Created Service* - AVGMFX86

-- End of Deckard's System Scanner: finished at 2008-06-04 16:42:07 ------------

#9
fenzodahl512

Posted 04 June 2008 - 11:56 PM

Malware Removal
9,863 posts

Hello, can you try to delete your backup file/folder in Safe Mode? If you can't, please give me the full path (with the file/folder name) of the backup file/folder... Tell me whether its actually a file or folder..

If you do not know how to enter into Safe Mode, please see below:

http://www.pchell.co.../safemode.shtml

#10
Betel

Posted 07 June 2008 - 11:30 PM

Member

Topic Starter
Member
20 posts

I tried deleting in safe mode and i get the same error.

both are old backup folders that have program files and windows folder.
they both are in the C:\

C:\Old

#11
fenzodahl512

Posted 08 June 2008 - 01:47 AM

Malware Removal
9,863 posts

Sorry, but I need double confirmation from you.. the fullpath is C:\Old right? So, its a folder.. right?

#12
Betel

Posted 08 June 2008 - 11:40 AM

Member

Topic Starter
Member
20 posts

Yes that is where its located.

Old is the folder, and inside the folder there are windows/program files/ documents folder which is the old backup.

#13
fenzodahl512

Posted 08 June 2008 - 02:22 PM

Malware Removal
9,863 posts

Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")

Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
```
[kill explorer]
C:\Old
EmptyTemp
[start explorer]
```
Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
Click the red Moveit! button.
A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

NEXT

Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
- Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.

Please post the following in your next reply..

1. OTMoveIt2 log
2. Kaspersky Online
3. Tell me about your computer condition..

Regards
fenzodahl512

#14
Betel

Posted 09 June 2008 - 08:49 PM

Member

Topic Starter
Member
20 posts

1.Explorer killed successfully
C:\Old\WINDOWS\system32\Macromed\Flash moved successfully.
C:\Old\WINDOWS\system32\Macromed\Director moved successfully.
C:\Old\WINDOWS\system32\Macromed\Common moved successfully.
C:\Old\WINDOWS\system32\Macromed moved successfully.
C:\Old\WINDOWS\system32\dllcache moved successfully.
C:\Old\WINDOWS\system32 moved successfully.
C:\Old\WINDOWS\PIF moved successfully.
C:\Old\WINDOWS\Installer\{E9787678-1033-0000-8E67-000000000001} moved successfully.
C:\Old\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} moved successfully.
C:\Old\WINDOWS\Installer\{DA327C6D-D8F1-4587-B4DE-10C39BF6B891} moved successfully.
C:\Old\WINDOWS\Installer\{D1696920-9794-4BBC-8A30-7A88763DE5A2} moved successfully.
C:\Old\WINDOWS\Installer\{C35BF80A-6284-485E-AE18-023AA8C43185} moved successfully.
C:\Old\WINDOWS\Installer\{C169D3BB-9A27-43F5-9979-09A0D65FE95C} moved successfully.
C:\Old\WINDOWS\Installer\{C04E32E0-0416-434D-AFB9-6969D703A9EF} moved successfully.
C:\Old\WINDOWS\Installer\{BA180519-5857-4D89-9EAD-A2248B89AEF7} moved successfully.
C:\Old\WINDOWS\Installer\{B74D4E10-1033-0000-0000-000000000001} moved successfully.
C:\Old\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A70900000002} moved successfully.
C:\Old\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9} moved successfully.
C:\Old\WINDOWS\Installer\{7C36225D-4F59-4BAF-8129-D95440F21D55} moved successfully.
C:\Old\WINDOWS\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1} moved successfully.
C:\Old\WINDOWS\Installer\{691F4068-81BF-49E3-B32E-FE3E16400111} moved successfully.
C:\Old\WINDOWS\Installer\{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875} moved successfully.
C:\Old\WINDOWS\Installer\{37477865-A3F1-4772-AD43-AAFC6BCFF99F} moved successfully.
C:\Old\WINDOWS\Installer\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227} moved successfully.
C:\Old\WINDOWS\Installer\{3248F0A8-6813-11D6-A77B-00B0D0150020} moved successfully.
C:\Old\WINDOWS\Installer\{236BB7C4-4419-42FD-0409-1E257A25E34D} moved successfully.
C:\Old\WINDOWS\Installer\{16DDE3E0-98D6-40AC-BCF0-5EAB81965AE3} moved successfully.
C:\Old\WINDOWS\Installer\$PatchCache$\Managed\D6461317C3DC4F04799BDCE9E42626FE\2.0.50727 moved successfully.
C:\Old\WINDOWS\Installer\$PatchCache$\Managed\D6461317C3DC4F04799BDCE9E42626FE moved successfully.
C:\Old\WINDOWS\Installer\$PatchCache$\Managed moved successfully.
C:\Old\WINDOWS\Installer\$PatchCache$ moved successfully.
C:\Old\WINDOWS\Installer moved successfully.
C:\Old\WINDOWS\inf\ASM moved successfully.
C:\Old\WINDOWS\inf moved successfully.
C:\Old\WINDOWS\$NtUninstallKB941202$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB941202$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB939653$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB939653$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB938829$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB938829$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB938828$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB938828$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB938127$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB938127$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB937143$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB937143$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB936782_WMP10$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB936357$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB936357$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB936021$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB936021$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB935840$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB935840$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB935839$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB935839$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB933729$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB933729$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB933566$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB933566$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB933360$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB933360$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB932168$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB932168$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB931836$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB931836$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB931784$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB931784$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB931768$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB931768$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB931261$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB931261$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB930916$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB930916$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB930494$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB930494$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB930178$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB930178$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB929969$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB929969$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB929338$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB929338$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB929123$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB929123$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB928843$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB928843$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB928255$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB928255$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB928090$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB928090$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB927891$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB927891$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB927802$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB927802$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB927779$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB927779$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB926436$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB926436$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB926255$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB926255$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB926251$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB926251$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB925902$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB925902$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB925486$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB925486$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB925454$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB925454$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB925398_WMP64$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB924667$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB924667$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB924496$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB924496$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB924270$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB924270$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB924191$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB924191$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB923980$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB923980$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB923694$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB923694$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB923689$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB923689$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB923414$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB923414$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB923191$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB923191$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB922819$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB922819$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB922760$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB922760$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB922616$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB922616$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB922582$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB922582$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB921883$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB921883$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB921503$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB921503$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB921398$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB921398$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB920872$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB920872$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB920685$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB920685$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB920683$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB920683$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB920670$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB920670$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB920214$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB920214$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB920213$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB920213$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB919007$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB919007$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB918899$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB918899$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB918439$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB918439$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB918118$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB918118$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB917953$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB917953$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB917734_WMP10$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB917537$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB917537$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB917422$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB917422$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB917344$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB917344$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB917159$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB917159$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB916595$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB916595$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB916281$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB916281$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB915381$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB915381$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB914906$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB914906$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB914548$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB914548$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB914389$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB914389$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB914388$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB914388$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB913800$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB913800$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB913580$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB913580$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB912945$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB912945$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB912919$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB912919$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB912812$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB912812$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB912067$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB912067$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB912024$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB912024$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB911927$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB911927$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB911567$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB911567$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB911565$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB911565$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB911564$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB911564$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB911562$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB911562$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB911280$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB911280$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB910728$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB910728$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB910437$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB910437$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB910393$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB910393$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB909095$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB909095$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB908531$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB908531$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB908519$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB908519$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB906569$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB906569$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB905915$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB905915$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB905749$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB905749$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB905414$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB905414$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB904706$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB904706$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB903157$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB903157$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB902841$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB902841$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB902400$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB902400$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB901190$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB901190$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB901017$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB901017$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB900725$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB900725$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB900485$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB900485$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB900325$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB900325$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB899589$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB899589$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB899510$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB899510$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB899337$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB899337$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB898461$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB898461$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB896688$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB896688$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB896424$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB896424$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB896423$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB896423$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB896358$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB896358$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB896256$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB896256$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB895961$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB895961$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB891593$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB891593$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB888795$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB888795$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB888111WXPSP2$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB887998$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB887998$ moved successfully.
C:\Old\WINDOWS\$NtUninstallKB886185$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallKB886185$ moved successfully.
C:\Old\WINDOWS\$NtUninstallAwayMode160$\spuninst moved successfully.
C:\Old\WINDOWS\$NtUninstallAwayMode160$ moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB941202\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB941202\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB941202 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB939653 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB938829\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB938829\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB938829 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB938828\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB938828\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB938828 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB938127\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB938127\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB938127 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB937143 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB936357\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB936357\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB936357 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB936021\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB936021\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB936021 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB935840\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB935840\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB935840 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB935839\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB935839\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB935839 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB933729\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB933729\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB933729 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB933566 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB933360\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB933360\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB933360 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB932168 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB931836\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB931836\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB931836 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB931784 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB931768 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB931261\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB931261\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB931261 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB930916\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB930916\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB930916 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB930178\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB930178\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB930178 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB929969\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB929969\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB929969 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB929338 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB929123\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB929123\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB929123 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB928843\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB928843\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB928843 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB928255\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB928255\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB928255 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB928090 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB927891\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB927891\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB927891 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB927802\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB927802\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB927802 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB927779\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB927779\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB927779 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB926436\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB926436\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB926436 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB926255\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB926255\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB926255 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB925902\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB925902\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB925902 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB925486\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB925486\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB925486 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB925454 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB924496 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB924270\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB924270\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB924270 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB924191\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB924191\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB924191 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB923980\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB923980\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB923980 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB923694\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB923694\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB923694 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB923414\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB923414\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB923414 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB922819\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB922819\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB922819 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB922760 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB922616\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB922616\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB922616 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB922582\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB922582\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB922582 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB921883\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB921883\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB921883 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB921503\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB921503\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB921503 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB921398\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB921398\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB921398 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB920872\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB920872\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB920872 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB920685\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB920685\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB920685 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB920683\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB920683\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB920683 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB920670\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB920670\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB920670 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB920214\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB920214\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB920214 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB920213 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB919007\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB919007\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB919007 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB918899 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB918439\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB918439\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB918439 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB918118\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB918118\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB918118 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB917953\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB917953\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB917953 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB917537\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB917537\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB917537 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB917422\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB917422\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB917422 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB917344\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB917344\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB917344 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB917159\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB917159\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB917159 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB916595\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB916595\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB916595 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB916281 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB914389\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB914389\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB914389 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB914388\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB914388\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB914388 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB913580\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB913580\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB913580 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB912945 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB912919\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB912919\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB912919 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB912812 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB911927\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB911927\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB911927 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB911567\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB911567\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB911567 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB911562\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB911562\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB911562 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB911280\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB911280\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB911280 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB910437\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB910437\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB910437 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB908531\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB908531\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB908531 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB908519\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB908519\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB908519 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB905915\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB905915\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB905915 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB905749\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB905749\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB905749 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB905414\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB905414\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB905414 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB904706 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB902400\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB902400\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB902400 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB901214\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB901214\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB901214 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB901190\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB901190\SP2QFE\lang moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB901190\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB901190 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB901017\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB901017\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB901017 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB900725\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB900725\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB900725 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB900485\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB900485\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB900485 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB899591\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB899591\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB899591 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB899589\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB899589\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB899589 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB899588\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB899588\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB899588 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB899587\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB899587\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB899587 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB898461\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB898461 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB896727\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB896727\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB896727 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB896688\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB896688\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB896688 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB896428\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB896428\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB896428 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB896424\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB896424\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB896424 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB896423\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB896423\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB896423 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB896422\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB896422\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB896422 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB896358\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB896358\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB896358 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB894391\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB894391\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB894391 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB893756\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB893756\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB893756 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB893086\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB893086\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB893086 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB893066\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB893066\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB893066 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB891781\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB891781\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB891781 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB890923\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB890923\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB890923 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB890859\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB890859\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB890859 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB890175\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB890175\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB890175 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB890047\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB890047\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB890047 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB890046\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB890046\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB890046 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB888302\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB888302\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB888302 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB888113\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB888113\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB888113 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB887472\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB887472\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB887472 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB886185\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB886185\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB886185 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB885836\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB885836\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB885836 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB885835\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB885835\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB885835 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB885250\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB885250\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB885250 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB883939\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB883939\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB883939 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB873339\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB873339\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB873339 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB873333\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB873333\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB873333 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB867282\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB867282\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB867282 moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB834707\update moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB834707\SP2QFE moved successfully.
C:\Old\WINDOWS\$hf_mig$\KB834707 moved successfully.
C:\Old\WINDOWS\$hf_mig$ moved successfully.
C:\Old\WINDOWS moved successfully.
C:\Old\RECYCLER\S-1-5-21-2874488751-2309493419-2081747597-1007 moved successfully.
C:\Old\RECYCLER\S-1-5-21-1436050097-2397625737-466221103-500 moved successfully.
C:\Old\RECYCLER moved successfully.
C:\Old\Program Files\WindowsUpdate moved successfully.
C:\Old\Program Files\Uninstall Information moved successfully.
C:\Old\Program Files\InstallShield Installation Information\{C35BF80A-6284-485E-AE18-023AA8C43185} moved successfully.
C:\Old\Program Files\InstallShield Installation Information\{BBBCAE4B-B416-4182-A6F2-438180894A81} moved successfully.
C:\Old\Program Files\InstallShield Installation Information\{BB8774C6-2751-484E-99B3-9348549E6B64} moved successfully.
C:\Old\Program Files\InstallShield Installation Information\{BA180519-5857-4D89-9EAD-A2248B89AEF7} moved successfully.
C:\Old\Program Files\InstallShield Installation Information\{B97CF5C3-0487-11D8-A36E-0050BAE317E1} moved successfully.
C:\Old\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17} moved successfully.
C:\Old\Program Files\InstallShield Installation Information\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E} moved successfully.
C:\Old\Program Files\InstallShield Installation Information\{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E} moved successfully.
C:\Old\Program Files\InstallShield Installation Information\{6054F774-FEF0-46C6-9311-EC97FC576FC5} moved successfully.
C:\Old\Program Files\InstallShield Installation Information\{4C590030-7469-453E-8589-D15DA9D03F52} moved successfully.
C:\Old\Program Files\InstallShield Installation Information\{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875} moved successfully.
C:\Old\Program Files\InstallShield Installation Information\{2205E3A5-DCDC-461D-8ED6-D6F2341D3B64} moved successfully.
C:\Old\Program Files\InstallShield Installation Information\{1DCC7418-2089-4BDD-B321-3771956160FC} moved successfully.
C:\Old\Program Files\InstallShield Installation Information\{00B93E18-7F40-4DA9-8156-8340936DCD2F} moved successfully.
C:\Old\Program Files\InstallShield Installation Information moved successfully.
C:\Old\Program Files\Adobe\Adobe Utilities\ExtendScript Toolkit\Required moved successfully.
C:\Old\Program Files\Adobe\Adobe Utilities\ExtendScript Toolkit\Plug-Ins moved successfully.
C:\Old\Program Files\Adobe\Adobe Utilities\ExtendScript Toolkit moved successfully.
C:\Old\Program Files\Adobe\Adobe Utilities moved successfully.
C:\Old\Program Files\Adobe\Adobe Stock Photos\Template\stylesheets moved successfully.
C:\Old\Program Files\Adobe\Adobe Stock Photos\Template\images\ShopCart moved successfully.
C:\Old\Program Files\Adobe\Adobe Stock Photos\Template\images\Print moved successfully.
C:\Old\Program Files\Adobe\Adobe Stock Photos\Template\images\NavBar moved successfully.
C:\Old\Program Files\Adobe\Adobe Stock Photos\Template\images\ImgDetail moved successfully.
C:\Old\Program Files\Adobe\Adobe Stock Photos\Template\images\FirstRun moved successfully.
C:\Old\Program Files\Adobe\Adobe Stock Photos\Template\images moved successfully.
C:\Old\Program Files\Adobe\Adobe Stock Photos\Template moved successfully.
C:\Old\Program Files\Adobe\Adobe Stock Photos\Resources\en_US moved successfully.
C:\Old\Program Files\Adobe\Adobe Stock Photos\Resources moved successfully.
C:\Old\Program Files\Adobe\Adobe Stock Photos\icons moved successfully.
C:\Old\Program Files\Adobe\Adobe Stock Photos moved successfully.
C:\Old\Program Files\Adobe\Adobe Photoshop CS2\Scripting Guide\Utilities moved successfully.
C:\Old\Program Files\Adobe\Adobe Photoshop CS2\Scripting Guide\Sample Scripts\VBScript moved successfully.
C:\Old\Program Files\Adobe\Adobe Photoshop CS2\Scripting Guide\Sample Scripts\JavaScript moved successfully.
C:\Old\Program Files\Adobe\Adobe Photoshop CS2\Scripting Guide\Sample Scripts\AppleScript moved successfully.
C:\Old\Program Files\Adobe\Adobe Photoshop CS2\Scripting Guide\Sample Scripts moved successfully.
C:\Old\Program Files\Adobe\Adobe Photoshop CS2\Scripting Guide moved successfully.
C:\Old\Program Files\Adobe\Adobe Photoshop CS2\Samples\Photomerge\Result moved successfully.
C:\Old\Program Files\Adobe\Adobe Photoshop CS2\Samples\Photomerge moved successfully.
C:\Old\Program Files\Adobe\Adobe Photoshop CS2\Samples\Merge to HDR moved successfully.
C:\Old\Program Files\Adobe\Adobe Photoshop CS2\Samples\ImageReady Files moved successfully.
C:\Old\Program Files\Adobe\Adobe Photoshop CS2\Samples\Droplets\Photoshop Droplets moved successfully.
C:\Old\Program Files\Adobe\Adobe Photoshop CS2\Samples\Droplets\ImageReady Droplets moved successfully.
C:\Old\Program Files\Adobe\Adobe Photoshop CS2\Samples\Droplets moved successfully.
C:\Old\Program Files\Adobe\Adobe Photoshop CS2\Samples moved successfully.
C:\Old\Program Files\Adobe\Adobe Photoshop CS2\Required\ImageReady Default Actions moved successfully.
C:\Old\Program Files\Adobe\Adobe Photoshop CS2\Required moved successfully.
C:\Old\Program Files\Adobe\Adobe Photoshop CS2\Presets\ZoomView moved successfully.
C:\Old\Program Files\Adobe\Adobe Photoshop CS2\Presets\Workspaces moved successfully.
C:\Old\Program Files\Adobe\Adobe Photoshop CS2\Presets\Web Photo Gallery\Table 2\images moved successfully.
C:\Old\Program Files\Adobe\Adobe Photoshop CS2�