[roy4423]

Some how I have come across this rootkit,virus,trojan or whatever it is..... it has disabled all my antivirus, stopped alot of my services, probably was the cause of my sound drivers missing.

Also I have to use the safeboot reg fix just to get into safe mode. I can't run highjack or combofix, Ive been researching this for three days with no luck.

Some info I have collected: it hides in c:/document and settings/username/application/data folder which I can't seem to locate.

It has screw up alot of registry files, I have no windows firewall or any other protection, I can't do a system restore.

I have ran just about every scan possible and can't get rid of this virus

Can anyone here PLEASE help me on this one

Thanks

Edited by roy4423, 31 May 2008 - 08:29 AM.

[Advertisements]

Hi

Lets see if we can get a peek at things with the following

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

[loophole]

Hi

Lets see if we can get a peek at things with the following

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

[roy4423]

Sorry...stepped away, will do

[roy4423]

Deckard's System Scanner v20071014.68
Run by Leroy Everett on 2008-05-31 13:49:02
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Unable to create WMI object; The operation completed successfully.


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-31 13:51:58
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\1st Security Agent\newadmin.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\Spy Cleaner Platinum\SpyWatcher.exe
C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Microsoft ActiveSync\rapimgr.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\TechSmith\SnagIt 8\TscHelp.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Leroy Everett\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsof...search.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SysShield IE Popup Blocker - {9A23B8A4-C6C9-4A68-8FA6-5F905DC8FF80} - C:\Program Files\Total Cleaner\PKExt.dll
O2 - BHO: MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Documents and Settings\Leroy Everett\Local Settings\Application Data\CyberDefender\cdmyidd.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll
O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\Program Files\TextAloud\TAForIE.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll
O3 - Toolbar: MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Documents and Settings\Leroy Everett\Local Settings\Application Data\CyberDefender\cdmyidd.dll (file missing)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [00saskda] "C:\Program Files\1st Security Agent\newadmin.exe" saskda
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [MBkLogOnHook] "C:\Program Files\McAfee\MBK\LogOnHook.exe"
O4 - HKLM\..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe"
O4 - HKLM\..\Run: [Spy Watcher] "C:\PROGRA~1\SPYCLE~1\SpyWatcher.exe" -S
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [CyberDefender Early Detection Center] "C:\Program Files\CyberDefender\AntiSpyware\ISSIntro.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\RunOnceEx: [Flags] 128
O4 - HKLM\..\RunOnceEx: [Title] UnHackMe Rootkit Check
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Total Cleaner.lnk = C:\Program Files\Total Cleaner\cleaner.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O8 - Extra context menu item: Download by YouTube Robot - res://C:\Program Files\YouTubeRobot\RobotExt.ocx/LINK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: about://internet (HKCU)
O15 - Trusted Zone: http://mcafee.com (HKCU)
O15 - Trusted Zone: https://mcafee.com (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab Class) - http://www.nvidia.co.../sysreqlab2.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai...l/installer.exe
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...306/mcfscan.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Unknown owner - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: .NET Runtime Optimization Service v2.0.50727_X86 (clr_optimization_v2.0.50727_32) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
O23 - Service: DNADownloader - Unknown owner - C:\Program Files\GameSpot\DownloadManager_Win32.exe
O23 - Service: Media Center Receiver Service (ehRecvr) - Unknown owner - C:\WINDOWS\eHome\ehRecvr.exe
O23 - Service: Media Center Scheduler Service (ehSched) - Unknown owner - C:\WINDOWS\eHome\ehSched.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - Unknown owner - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: FLEXnet Licensing Service - Unknown owner - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MBackMonitor - Unknown owner - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - Unknown owner - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - Unknown owner - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - Unknown owner - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: Media Center Extender Service (McrdSvc) - Unknown owner - C:\WINDOWS\ehome\McrdSvc.exe
O23 - Service: McAfee Redirector Service (McRedirector) - Unknown owner - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - Unknown owner - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Microsoft Office Diagnostics Service (odserv) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Roxio UPnP Renderer 9 - Unknown owner - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Unknown owner - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\system32\tlntsvr.exe
O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - C:\Program Files\MSN Messenger\usnsvc.exe


--
End of file - 17365 bytes

-- File Associations -----------------------------------------------------------

.js - JSFile - shell\open\command - NOTEPAD.EXE %1
.vbs - VBSFile - shell\open\command - NOTEPAD.EXE %1


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

3 ATIAVPCI (ATI Unified AVStream service) - c:\windows\system32\drivers\atinavrr.sys <Not Verified; ATI Technologies Inc.; ATI AVStream>
2 atksgt - c:\windows\system32\drivers\atksgt.sys
2 lirsgt - c:\windows\system32\drivers\lirsgt.sys
3 P2k (Motorola USB Device) - c:\windows\system32\drivers\p2k.sys <Not Verified; Motorola Inc; P2k Driver>
3 pgfilter - c:\program files\peerguardian2\pgfilter.sys
2 tmcomm - c:\windows\system32\drivers\tmcomm.sys (file missing)
3 USBIO (USBIO Driver (usbio.sys)) - c:\windows\system32\drivers\usbio.sys <Not Verified; Thesycon GmbH, Germany; Universal USB Device Driver>
3 usbsermpt (Motorola USB Modem Driver for MPT) - c:\windows\system32\drivers\usbsermpt.sys <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

2 Apple Mobile Device - c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe (file missing)
2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - c:\program files\bonjour\mdnsresponder.exe (file missing)
3 clr_optimization_v2.0.50727_32 (.NET Runtime Optimization Service v2.0.50727_X86) - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe (file missing)
2 DNADownloader - c:\program files\gamespot\downloadmanager_win32.exe (file missing)
2 ehRecvr (Media Center Receiver Service) - c:\windows\ehome\ehrecvr.exe (file missing)
2 ehSched (Media Center Scheduler Service) - c:\windows\ehome\ehsched.exe (file missing)
2 Emproxy (McAfee E-mail Proxy) - c:\progra~1\common~1\mcafee\emproxy\emproxy.exe (file missing)
3 FLEXnet Licensing Service - c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe (file missing)
2 gusvc (Google Updater Service) - c:\program files\google\common\google updater\googleupdaterservice.exe (file missing)
3 IDriverT (InstallDriver Table Manager) - c:\program files\common files\installshield\driver\1050\intel 32\idrivert.exe (file missing)
3 ImapiService (IMAPI CD-Burning COM Service) - c:\windows\system32\imapi.exe (file missing)
3 iPod Service - c:\program files\ipod\bin\ipodservice.exe (file missing)
3 Macromedia Licensing Service - c:\program files\common files\macromedia shared\service\macromedia licensing.exe (file missing)
2 MBackMonitor - c:\program files\mcafee\mbk\mbackmonitor.exe (file missing)
2 McAfee HackerWatch Service - c:\program files\common files\mcafee\hackerwatch\hwapi.exe (file missing)
2 mcmispupdmgr (McAfee Update Manager) - c:\progra~1\mcafee\msc\mcupdmgr.exe (file missing)
2 mcmscsvc (McAfee Services) - c:\progra~1\mcafee\msc\mcmscsvc.exe (file missing)
2 McNASvc (McAfee Network Agent) - c:\progra~1\common~1\mcafee\mna\mcnasvc.exe (file missing)
2 McODS (McAfee Scanner) - c:\progra~1\mcafee\viruss~1\mcods.exe (file missing)
2 mcpromgr (McAfee Protection Manager) - c:\progra~1\mcafee\msc\mcpromgr.exe (file missing)
2 McProxy (McAfee Proxy Service) - c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe (file missing)
2 McrdSvc (Media Center Extender Service) - c:\windows\ehome\mcrdsvc.exe (file missing)
2 McRedirector (McAfee Redirector Service) - c:\progra~1\common~1\mcafee\redirsvc\redirsvc.exe (file missing)
2 McShield (McAfee Real-time Scanner) - c:\progra~1\mcafee\viruss~1\mcshield.exe (file missing)
2 McSysmon (McAfee SystemGuards) - c:\progra~1\mcafee\viruss~1\mcsysmon.exe (file missing)
3 MHN - c:\windows\system32\svchost.exe
3 mnmsrvc (NetMeeting Remote Desktop Sharing) - c:\windows\system32\mnmsrvc.exe (file missing)
4 MpfService (McAfee Personal Firewall Service) - c:\program files\mcafee\mpf\mpfsrv.exe (file missing)
2 MPS9 (McAfee Privacy Service) - c:\progra~1\mcafee\mps\mps.exe (file missing)
3 MSDTC (Distributed Transaction Coordinator) - c:\windows\system32\msdtc.exe (file missing)
3 odserv (Microsoft Office Diagnostics Service) - c:\program files\common files\microsoft shared\office12\odserv.exe (file missing)
3 ose (Office Source Engine) - c:\program files\common files\microsoft shared\source engine\ose.exe (file missing)
3 RDSessMgr (Remote Desktop Help Session Manager) - c:\windows\system32\sessmgr.exe (file missing)
3 Roxio UPnP Renderer 9 - c:\program files\roxio\digital home 9\roxioupnprenderer9.exe (file missing)
2 Roxio Upnp Server 9 - c:\program files\roxio\digital home 9\roxioupnpservice9.exe (file missing)
2 RoxLiveShare9 (LiveShare P2P Server 9) - c:\program files\common files\roxio shared\9.0\sharedcom\roxliveshare9.exe (file missing)
3 RoxMediaDB9 - c:\program files\common files\roxio shared\9.0\sharedcom\roxmediadb9.exe (file missing)
2 RoxWatch9 (Roxio Hard Drive Watcher 9) - c:\program files\common files\roxio shared\9.0\sharedcom\roxwatch9.exe (file missing)
4 TlntSvr (Telnet) - c:\windows\system32\tlntsvr.exe (file missing)
3 usnjsvc (Messenger Sharing Folders USN Journal Reader service) - c:\program files\msn messenger\usnsvc.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Unable to create WMI object.

-- Scheduled Tasks -------------------------------------------------------------

2008-05-31 01:00:55 438 --ah----- C:\WINDOWS\Tasks\User_Feed_Synchronization-{653CDFD8-0770-4CE8-8518-5EB1AF4D0940}.job
2008-05-29 16:09:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-05-29 03:00:05 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-05-15 01:31:06 356 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2008-05-01 01:00:22 348 --a------ C:\WINDOWS\Tasks\McQcTask.job


-- Files created between 2008-04-30 and 2008-05-31 -----------------------------

2008-05-31 02:12:49 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-05-31 01:35:17 162304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-05-31 01:35:17 77312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-05-31 01:35:17 69632 --a------ C:\WINDOWS\system32\ztvcabinet.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
2008-05-31 01:35:16 153088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-05-31 01:35:16 75264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-05-31 01:35:15 0 d-------- C:\Program Files\Trojan Remover
2008-05-31 01:35:15 0 d-------- C:\Documents and Settings\Leroy Everett\Application Data\Simply Super Software
2008-05-31 01:35:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-05-30 01:20:02 0 d-------- C:\Documents and Settings\Administrator\.housecall6.6
2008-05-30 01:19:43 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-05-30 01:18:59 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-05-30 01:18:35 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-05-30 00:06:59 0 d-------- C:\WINDOWS\system32\vmm32
2008-05-29 22:14:19 0 d-------- C:\Documents and Settings\Leroy Everett\Application Data\Uniblue
2008-05-29 22:04:31 0 d-------- C:\Program Files\MGTOOLS
2008-05-29 21:57:48 0 d-------- C:\WINDOWS\pss
2008-05-29 21:43:58 0 d-------- C:\Documents and Settings\Leroy Everett\Application Data\PC Tools
2008-05-29 21:13:13 0 d-------- C:\Program Files\Spyware Doctor
2008-05-29 18:05:43 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-05-29 17:31:30 0 d-------- C:\RootkitNO
2008-05-29 02:30:55 0 d-------- C:\Documents and Settings\LocalService\Application Data\iolo
2008-05-29 01:57:01 155648 --a------ C:\WINDOWS\system32\ssleay32.dll
2008-05-29 01:57:01 696320 --a------ C:\WINDOWS\system32\libeay32.dll
2008-05-29 01:57:00 22528 --a------ C:\WINDOWS\system32\smrgdf.exe
2008-05-29 01:57:00 34304 --a------ C:\WINDOWS\system32\iolobtdfg.exe
2008-05-29 01:56:59 0 d-------- C:\Program Files\iolo
2008-05-29 01:31:37 0 d-------- C:\Documents and Settings\Leroy Everett\Application Data\iolo
2008-05-29 01:31:37 0 d-------- C:\Documents and Settings\All Users\Application Data\iolo
2008-05-29 00:22:39 34 --a------ C:\WINDOWS\system32\rnplf19.dll
2008-05-29 00:20:47 143360 --a------ C:\WINDOWS\system32\vbuzip10.dll <Not Verified; Info-ZIP; Info-ZIP's UnZip Windows DLL>
2008-05-29 00:20:46 147456 --a------ C:\WINDOWS\system32\Vbzip11.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>
2008-05-29 00:20:46 10752 --a------ C:\WINDOWS\system32\aamd532.dll <Not Verified; Almeida & Andrade Ltda; MD5 Maker DLL>
2008-05-29 00:20:44 368912 --a------ C:\WINDOWS\system32\vbar332.dll <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2008-05-29 00:20:44 32768 --a------ C:\WINDOWS\system32\Regtool5.dll <Not Verified; Microsoft Corporation; Registry Access Functions>
2008-05-29 00:20:44 0 d-------- C:\Program Files\Spy Cleaner Platinum
2008-05-28 23:11:55 0 d-------- C:\Program Files\Trend Micro
2008-05-28 23:11:55 0 d-------- C:\Program Files\CCleaner
2008-05-28 18:53:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-28 18:53:55 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-28 17:49:19 0 d-------- C:\WINDOWS\system32\NtmsData
2008-05-28 01:19:28 0 d-------- C:\WINDOWS\McAfee.com
2008-05-28 00:28:37 0 d-------- C:\Documents and Settings\Leroy Everett\Application Data\McAfee
2008-05-27 22:10:37 0 d--h----- C:\Documents and Settings\Leroy Everett\Application Data\m
2008-05-27 21:30:27 0 d-------- C:\Documents and Settings\Leroy Everett\Application Data\Moyea
2008-05-27 21:30:24 0 d-------- C:\Program Files\Moyea
2008-05-25 22:40:31 0 d-------- C:\Program Files\MegauploadToolbar
2008-05-25 22:40:30 0 d-------- C:\Documents and Settings\Leroy Everett\Application Data\MegauploadToolbar
2008-05-24 13:27:58 0 d-------- C:\Program Files\New Tier
2008-05-24 13:27:58 0 d-------- C:\Documents and Settings\Leroy Everett\Application Data\New Tier
2008-05-22 10:25:03 0 d-------- C:\PSP
2008-05-09 01:20:16 0 d-------- C:\Documents and Settings\Leroy Everett\Application Data\cmw
2008-05-09 01:19:14 0 d-------- C:\Program Files\winpwn


-- Find3M Report ---------------------------------------------------------------

2008-05-29 20:54:56 0 --a------ C:\Program Files\readupdate.dnp
2008-05-29 01:42:38 0 d-------- C:\Program Files\Folder Lock
2008-05-29 01:40:04 0 d-------- C:\Program Files\TextAloud
2008-05-29 01:39:20 256 --a------ C:\sccfg.sys
2008-05-28 23:43:42 0 d-------- C:\Program Files\eMule
2008-05-26 18:50:52 256 --a------ C:\WINDOWS\system32\pool.bin
2008-05-24 20:02:03 0 d-------- C:\Program Files\Audacity
2008-05-22 10:28:02 0 d-------- C:\Program Files\PSP Brew
2008-05-08 18:48:50 0 d-------- C:\Program Files\Common Files\Research In Motion
2008-04-28 18:29:11 0 d-------- C:\Documents and Settings\Leroy Everett\Application Data\Move Networks
2008-04-25 21:18:52 0 d-------- C:\Program Files\LimeWire
2008-04-23 17:37:42 0 d-------- C:\Program Files\McAfee
2008-04-16 14:57:22 0 d-------- C:\Program Files\Java
2008-04-16 13:54:47 0 d-------- C:\Documents and Settings\Leroy Everett\Application Data\Adobe
2008-04-14 14:59:59 0 d-------- C:\Documents and Settings\Leroy Everett\Application Data\LimeWire
2008-04-08 00:38:38 0 d-------- C:\Program Files\Zoom Player


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}]
C:\Documents and Settings\Leroy Everett\Local Settings\Application Data\CyberDefender\cdmyidd.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}"= C:\Documents and Settings\Leroy Everett\Local Settings\Application Data\CyberDefender\cdmyidd.dll [ ]

[-HKEY_CLASSES_ROOT\CLSID\{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}]
[HKEY_CLASSES_ROOT\Cdmyidd.SecurityToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{CD24EB02-9831-4838-99D0-726D411B1328}]
[HKEY_CLASSES_ROOT\Cdmyidd.SecurityToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/05/2005 05:56 PM]
"NvCplDaemon"="RUNDLL32.exe" [08/10/2004 07:00 AM C:\WINDOWS\system32\rundll32.exe]
"SigmatelSysTrayApp"="stsystra.exe" [03/22/2005 10:20 PM C:\WINDOWS\stsystra.exe]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [02/15/2005 08:10 PM]
"P17Helper"="P17.dll" [03/17/2006 04:11 PM C:\WINDOWS\system32\P17.DLL]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [11/07/2005 09:20 AM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [09/11/2006 05:40 AM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [09/11/2006 05:40 AM]
"tgcmd"="C:\Program Files\Support.com\bin\tgcmd.exe" [03/07/2007 10:58 AM]
"nwiz"="nwiz.exe" [06/29/2007 12:43 AM C:\WINDOWS\system32\nwiz.exe]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 06:20 PM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [03/09/2007 11:09 AM]
"00saskda"="C:\Program Files\1st Security Agent\newadmin.exe" [07/04/2007 12:36 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [09/13/2007 12:22 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [01/15/2008 04:22 AM]
"@"="" []
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [04/23/2007 12:43 PM]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [01/08/2007 11:22 AM]
"McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [01/16/2007 01:59 PM]
"Spy Watcher"="C:\PROGRA~1\SPYCLE~1\SpyWatcher.exe" [11/20/2006 01:34 PM]
"SMSystemAnalyzer"="C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe" [05/06/2008 04:48 PM]
"CyberDefender Early Detection Center"="C:\Program Files\CyberDefender\AntiSpyware\ISSIntro.exe" []
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [05/31/2008 04:38 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 07:00 AM]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [04/03/2007 06:29 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [01/23/2006 04:01 AM]
"Aim6"="" []
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [09/11/2006 05:40 AM]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [03/15/2007 05:16 PM]
"SMSystemAnalyzer"="C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe" [05/06/2008 04:48 PM]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [11/13/2006 01:39 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\Leroy Everett\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [10/26/2006 8:24:54 PM]
Total Cleaner.lnk - C:\Program Files\Total Cleaner\cleaner.exe [12/13/2002 8:21:09 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Extender Resource Monitor.lnk - C:\WINDOWS\ehome\RMSysTry.exe [10/20/2005 7:55:40 PM]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [1/5/2007 6:26:18 PM]
SnagIt 8.lnk - C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe [3/14/2006 8:01:00 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"HideShutdownScripts"=0 (0x0)
"RunLogonScriptSync"=0 (0x0)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
"EnableLUA"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableLockWorkstation"=0 (0x0)
"DisableChangePassword"=0 (0x0)
"HideLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispCPL"=0 (0x0)
"NoDispAppearancePage"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)
"NoVisualStyleChoice"=0 (0x0)
"NoColorChoice"=0 (0x0)
"NoSizeChoice"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
"DisableTaskMgr"=0 (0x0)
"DisableLockWorkstation"=0 (0x0)
"DisableChangePassword"=0 (0x0)
"HideLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeKeyboardNavigationIndicators"=0 (0x0)
"NoChangeAnimation"=0 (0x0)
"NoAddPrinter"=0 (0x0)
"NoDeletePrinter"=0 (0x0)
"RestrictCpl"=0 (0x0)
"DisallowCpl"=0 (0x0)
"NoViewOnDrive"=0 (0x0)
"RestrictRun"=0 (0x0)
"DisallowRun"=0 (0x0)
"NoRecycleFiles"=0 (0x0)
"ForceRecycleBinSize"=0 (0x0)
"NoSharedDocuments"=0 (0x0)
"NoPropertiesMyComputer"=0 (0x0)
"NoPropertiesMyDocuments"=0 (0x0)
"NoPropertiesRecycleBin"=0 (0x0)
"NoManageMyComputerVerb"=0 (0x0)
"NoDesktop"=0 (0x0)
"NoCustomizeWebView"=0 (0x0)
"NoFileMenu"=0 (0x0)
"NoShellSearchButton"=0 (0x0)
"ClearRecentDocsOnExit"=0 (0x0)
"NoWinKeys"=0 (0x0)
"NoFileAssociate"=0 (0x0)
"NoDFSTab"=0 (0x0)
"NoHardwareTab"=0 (0x0)
"NoSecurityTab"=0 (0x0)
"NoInstrumentation"=0 (0x0)
"NoCustomizeThisFolder"=0 (0x0)
"NoWebView"=0 (0x0)
"DontShowSuperHidden"=0 (0x0)
"NoOnlinePrintsWizard"=0 (0x0)
"NoPublishingWizard"=0 (0x0)
"NoRun"=0 (0x0)
"NoSetTaskbar"=0 (0x0)
"NoSMConfigurePrograms"=0 (0x0)
"NoRecentDocsMenu"=0 (0x0)
"NoSMMyPictures"=0 (0x0)
"NoStartMenuMyMusic"=0 (0x0)
"NoSMMyDocs"=0 (0x0)
"NoStartMenuNetworkPlaces"=0 (0x0)
"NoFavoritesMenu"=0 (0x0)
"NoSMHelp"=0 (0x0)
"NoHelp"=0 (0x0)
"NoNetworkConnections"=0 (0x0)
"NoCommonGroups"=0 (0x0)
"NoFind"=0 (0x0)
"NoWindowsUpdate"=0 (0x0)
"NoFolderOptions"=0 (0x0)
"NoChangeStartMenu"=0 (0x0)
"NoRecentDocsHistory"=0 (0x0)
"NoStartMenuMFUprogramsList"=0 (0x0)
"NoStartMenuPinnedList"=0 (0x0)
"NoUserNameInStartMenu"=0 (0x0)
"NoStartMenuMorePrograms"=0 (0x0)
"NoStartMenuEjectPC"=0 (0x0)
"NoSimpleStartMenu"=0 (0x0)
"ForceStartMenuLogoff"=0 (0x0)
"StartMenuLogoff"=0 (0x0)
"NoStartMenuSubFolders"=0 (0x0)
"NoDisconnect"=0 (0x0)
"NoNtSecurity"=0 (0x0)
"NoSetFolders"=0 (0x0)
"GreyMSIAds"=0 (0x0)
"ForceMaxRecentDocs"=0 (0x0)
"NoSMBalloonTip"=0 (0x0)
"NoSMBalloonTips"=0 (0x0)
"NoTrayContextMenu"=0 (0x0)
"NoTrayItemsDisplay"=0 (0x0)
"LockTaskbar"=0 (0x0)
"HideClock"=0 (0x0)
"NoToolbarsOnTaskbar"=0 (0x0)
"NoStartBanner"=00000000
"NoTaskGrouping"=0 (0x0)
"NoWebServices"=0 (0x0)
"NoFileUrl"=0 (0x0)
"NoInternetIcon"=0 (0x0)
"NoBandCustomize"=0 (0x0)
"NoToolbarCustomize"=0 (0x0)
"NoExpandedNewMenu"=0 (0x0)
"SpecifyDefaultButtons"=0 (0x0)
"NoNetConnectDisconnect"=0 (0x0)
"NoRecentDocsNetHood"=0 (0x0)
"EnforceShellExtensionSecurity"=0 (0x0)
"NoLowDiskSpaceChecks"=0 (0x0)
"NoClose"=0 (0x0)
"NoLogOff"=0 (0x0)
"NoRunasInstallPrompt"=0 (0x0)
"PromptRunasInstallNetPath"=1 (0x1)
"NoResolveTrack"=0 (0x0)
"NoResolveSearch"=0 (0x0)
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoDevMgrUpdate"=0 (0x0)
"NoDesktopCleanupWizard"=0 (0x0)
"NoThumbnailCache"=0 (0x0)
"ForceCopyAclwithFile"=0 (0x0)
"StartRunNoHOMEPATH"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\RestrictRun]
"0?"=ehtray.exe
"1?"=stsystra.exe
"2?"=pccguide.exe
"3?"=ctsysvol.exe
"4?"=updreg.exe
"5?"=dlactrlw.exe
"6?"=isuspm.exe
"7?"=issch.exe
"8?"=watchdog.exe
"9?"=jusched.exe
"10?"=tgcmd.exe
"11?"=nwiz.exe
"12?"=msascui.exe
"13?"=realsched.exe
"14?"=groovemonitor.exe
"15?"=apdproxy.exe
"16?"=reader_sl.exe
"17?"=newadmin.exe
"18?"=qttask.exe
"19?"=ituneshelper.exe
"20?"=googledesktop.exe
"21?"=rmsystry.exe
"22?"=googleupdater.exe
"23?"=snagit32.exe
"24?"=tmas_oemon.exe
"25?"=ctfmon.exe
"26?"=adobeupdatemanager.exe
"27?"=daemon.exe
"28?"=msnmsgr.exe
"29?"=googletoolbarnotifier.exe
"30?"=p2kautostart.exe
"31?"=gdm_trayapp.exe
"32?"=onenotem.exe
"33?"=cleaner.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoThemesTab"=0 (0x0)
"NoChangeKeyboardNavigationIndicators"=0 (0x0)
"NoChangeAnimation"=0 (0x0)
"NoAddPrinter"=0 (0x0)
"NoDeletePrinter"=0 (0x0)
"RestrictCpl"=0 (0x0)
"DisallowCpl"=0 (0x0)
"NoViewOnDrive"=0 (0x0)
"RestrictRun"=0 (0x0)
"DisallowRun"=0 (0x0)
"NoRecycleFiles"=0 (0x0)
"ForceRecycleBinSize"=0 (0x0)
"NoSharedDocuments"=0 (0x0)
"NoPropertiesMyComputer"=0 (0x0)
"NoPropertiesMyDocuments"=0 (0x0)
"NoPropertiesRecycleBin"=0 (0x0)
"NoManageMyComputerVerb"=0 (0x0)
"NoDesktop"=0 (0x0)
"NoCustomizeWebView"=0 (0x0)
"NoSaveSettings"=0 (0x0)
"NoViewContextMenu"=0 (0x0)
"NoFileMenu"=0 (0x0)
"NoShellSearchButton"=0 (0x0)
"ClearRecentDocsOnExit"=0 (0x0)
"NoWinKeys"=0 (0x0)
"NoFileAssociate"=0 (0x0)
"NoDFSTab"=0 (0x0)
"NoHardwareTab"=0 (0x0)
"NoSecurityTab"=0 (0x0)
"NoInstrumentation"=0 (0x0)
"NoCustomizeThisFolder"=0 (0x0)
"NoWebView"=0 (0x0)
"DontShowSuperHidden"=0 (0x0)
"NoOnlinePrintsWizard"=0 (0x0)
"NoPublishingWizard"=0 (0x0)
"NoRun"=0 (0x0)
"NoSetTaskbar"=0 (0x0)
"NoSMConfigurePrograms"=0 (0x0)
"NoRecentDocsMenu"=0 (0x0)
"NoSMMyPictures"=0 (0x0)
"NoStartMenuMyMusic"=0 (0x0)
"NoSMMyDocs"=0 (0x0)
"NoStartMenuNetworkPlaces"=0 (0x0)
"NoFavoritesMenu"=0 (0x0)
"NoSMHelp"=0 (0x0)
"NoHelp"=0 (0x0)
"NoNetworkConnections"=0 (0x0)
"NoCommonGroups"=0 (0x0)
"NoFind"=0 (0x0)
"NoWindowsUpdate"=0 (0x0)
"NoFolderOptions"=0 (0x0)
"NoChangeStartMenu"=0 (0x0)
"NoRecentDocsHistory"=0 (0x0)
"NoStartMenuMFUprogramsList"=0 (0x0)
"NoStartMenuPinnedList"=0 (0x0)
"NoUserNameInStartMenu"=0 (0x0)
"NoStartMenuMorePrograms"=0 (0x0)
"NoStartMenuEjectPC"=0 (0x0)
"NoSimpleStartMenu"=0 (0x0)
"ForceStartMenuLogoff"=0 (0x0)
"StartMenuLogoff"=0 (0x0)
"NoStartMenuSubFolders"=0 (0x0)
"NoDisconnect"=0 (0x0)
"NoNtSecurity"=0 (0x0)
"NoSetFolders"=0 (0x0)
"GreyMSIAds"=0 (0x0)
"ForceMaxRecentDocs"=0 (0x0)
"NoSMBalloonTip"=0 (0x0)
"NoSMBalloonTips"=0 (0x0)
"NoTrayContextMenu"=0 (0x0)
"NoTrayItemsDisplay"=0 (0x0)
"LockTaskbar"=0 (0x0)
"HideClock"=0 (0x0)
"NoToolbarsOnTaskbar"=0 (0x0)
"NoStartBanner"=00000000
"NoTaskGrouping"=0 (0x0)
"NoActiveDesktop"=0 (0x0)
"NoActiveDesktopChanges"=0 (0x0)
"ForceActiveDesktopOn"=0 (0x0)
"NoWebServices"=0 (0x0)
"NoFileUrl"=0 (0x0)
"NoInternetIcon"=0 (0x0)
"NoBandCustomize"=0 (0x0)
"NoToolbarCustomize"=0 (0x0)
"NoExpandedNewMenu"=0 (0x0)
"SpecifyDefaultButtons"=0 (0x0)
"NoNetConnectDisconnect"=0 (0x0)
"NoRecentDocsNetHood"=0 (0x0)
"EnforceShellExtensionSecurity"=0 (0x0)
"NoLowDiskSpaceChecks"=0 (0x0)
"NoClose"=0 (0x0)
"NoLogOff"=0 (0x0)
"NoRunasInstallPrompt"=0 (0x0)
"PromptRunasInstallNetPath"=1 (0x1)
"NoResolveTrack"=0 (0x0)
"NoResolveSearch"=0 (0x0)
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoDevMgrUpdate"=0 (0x0)
"NoDesktopCleanupWizard"=0 (0x0)
"NoThumbnailCache"=0 (0x0)
"ForceCopyAclwithFile"=0 (0x0)
"StartRunNoHOMEPATH"=0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\RestrictRun]
"0?"=ehtray.exe
"1?"=stsystra.exe
"2?"=pccguide.exe
"3?"=ctsysvol.exe
"4?"=updreg.exe
"5?"=dlactrlw.exe
"6?"=isuspm.exe
"7?"=issch.exe
"8?"=watchdog.exe
"9?"=jusched.exe
"10?"=tgcmd.exe
"11?"=nwiz.exe
"12?"=msascui.exe
"13?"=realsched.exe
"14?"=groovemonitor.exe
"15?"=apdproxy.exe
"16?"=reader_sl.exe
"17?"=newadmin.exe
"18?"=qttask.exe
"19?"=ituneshelper.exe
"20?"=googledesktop.exe
"21?"=rmsystry.exe
"22?"=googleupdater.exe
"23?"=snagit32.exe
"24?"=dwtrig20.exe
"25?"=1st.sec.-patch.exe
"26?"=unins000.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE QWAVE




-- End of Deckard's System Scanner: finished at 2008-05-31 13:52:29 ------------

[roy4423]

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Unable to create WMI object.

Architecture: X86; Language: English

Percentage of Memory in Use: 65%
Physical Memory (total/avail): 1022.09 MiB / 356.45 MiB
Pagefile Memory (total/avail): 2458.71 MiB / 1974.5 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1922.33 MiB

C: is Fixed (NTFS) - 149 GiB total, 31.57 GiB free.
D: is CDROM (No Media)
E: is Fixed (NTFS) - 144.32 GiB total, 100.72 GiB free.
F: is CDROM (No Media)
G: is CDROM (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

Unable to create WMI object.

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Leroy Everett\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=LEROY-A5AE3E7A2
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Leroy Everett
LOGONSERVER=\\LEROY-A5AE3E7A2
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0407
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\LEROYE~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\LEROYE~1\LOCALS~1\Temp
USERDOMAIN=LEROY-A5AE3E7A2
USERNAME=Leroy Everett
USERPROFILE=C:\Documents and Settings\Leroy Everett
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Leroy Everett (admin)
MCX1
MCX2
MCX3
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\1st Security Agent\newadmin.exe" uninstall
--> "C:\Program Files\Creative\SBAudigy\Program\Setup.exe" /S /U /W
--> "C:\Program Files\Moyea\FLV Downloader\unins000.exe"
--> "C:\Program Files\Moyea\FLV Player\unins000.exe"
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> MsiExec.exe /I{07159635-9DFE-4105-BFC0-2817DB540C68}
--> MsiExec.exe /I{0D397393-9B50-4C52-84D5-77E344289F87}
--> MsiExec.exe /I{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}
--> MsiExec.exe /I{83FFCFC7-88C6-41C6-8752-958A45325C82}
--> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
--> MsiExec.exe /I{F32F1F7C-322D-46B9-B69A-5C3EDC88B74C}
--> MsiExec.exe /X{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34EBD418-B8E6-4E86-89C4-33B72CF5663F}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34EBD418-B8E6-4E86-89C4-33B72CF5663F}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52338F65-A1C3-4CDC-B733-50051682B297}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52338F65-A1C3-4CDC-B733-50051682B297}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{569A9538-86EC-44C3-8EE4-C68B165F2A75}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{569A9538-86EC-44C3-8EE4-C68B165F2A75}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5B17E626-7885-4FC3-A66A-73548A4F01FD}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5B17E626-7885-4FC3-A66A-73548A4F01FD}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9194237B-7B58-40B4-A739-184AD59531A2}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9194237B-7B58-40B4-A739-184AD59531A2}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD6928A2-9F8F-4AA7-9A3A-FD4A271712EE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD6928A2-9F8F-4AA7-9A3A-FD4A271712EE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE4A4C48-2232-4CCB-AD61-490ACD29BA85}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE4A4C48-2232-4CCB-AD61-490ACD29BA85}\setup.exe" -l0x9 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3D Groove Playback Engine --> RunDll32 C:\WINDOWS\DOWNLO~1\CONFLICT.1\GrooveAX.dll,_RemoveGroove@16
Administative Templates for Internet Explorer 7 for Windows XP SP2 and Windows Server 2003 SP1 --> MsiExec.exe /I{917E0D11-D3E6-468F-96AE-C5133BDEF7A5}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Bridge Start Meeting --> MsiExec.exe /I{CE52110A-7773-444F-9E5D-4A45E4792DB6}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{AED353B9-E6D7-406F-B007-2C55C5265EB3}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe CMaps --> MsiExec.exe /I{D8FC8E35-D397-4C16-87AE-141A625221E4}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings --> MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Fonts All --> MsiExec.exe /I{162DDD86-C087-4E59-B7A8-0C1D8F884A9A}
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer 1.1 --> MsiExec.exe /I{F3697BA5-C8D8-4925-ACCA-F486C76BAD33}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\8d0dc9390f2c596455e1446b5918a40\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Setup --> MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup --> MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Setup --> MsiExec.exe /I{CBF7A9A4-C0D4-4BA0-8991-C9B7D90A5298}
Adobe Setup --> MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Type Support --> MsiExec.exe /I{A78A65E4-1D88-477A-83B4-3EC540F6A55A}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{51DC4D9C-F729-48A7-9CE0-BC77529ECCA2}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Adobe® Photoshop® Album Starter Edition 3.2 --> MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
AGEIA PhysX v7.07.09 --> MsiExec.exe /X{65F1CF63-31E0-450B-96F3-4A88BE7361A6}
AIM 6 --> C:\Program Files\AIM6\uninst.exe
All Sound Recorder XP 2.02 --> "C:\Program Files\All Sound Recorder XP\unins000.exe"
Animated GIF producer 3.3 TRIAL --> "C:\Program Files\Animated GIF producer 3.3 TRIAL\unins000.exe"
Apple Mobile Device Support --> MsiExec.exe /I{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe"
AutoEye --> C:\WINDOWS\unvise32.exe C:\AutoEyeuninstal.log
Avanquest update --> C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe -runfromtemp -l0x0009 -removeonly
AVPM-Setup --> MsiExec.exe /I{8A7B5873-D9A7-4C14-8BDB-1D8F2141D378}
BlackBerry Desktop Software 4.2.2 --> MsiExec.exe /i{98605CAA-5F52-44EC-8AF7-2EC1A4C35F2D}
BlackBerry Desktop Software 4.2.2 --> MsiExec.exe /I{98605CAA-5F52-44EC-8AF7-2EC1A4C35F2D}
BlackBerry v4.2.2 for the 8310 Series Wireless Handheld --> MsiExec.exe /X{3E0CE470-D256-4D67-A5B6-18E76546C8DE}
Camtasia Effects --> C:\Program Files\TechSmith\Camtasia Effects\UNWISE.EXE /U /Z "C:\Program Files\TechSmith\Camtasia Effects\INSTALL.LOG"
Camtasia Studio 4 --> MsiExec.exe /I{950A8D14-C48E-4508-B377-1EA45A18FA3D}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CLSetup for Tiger Woods PGA Tour 07 --> "C:\Program Files\CLSetup07\uninstall.exe"
Comcast High-Speed Internet Install Wizard --> C:\Program Files\support.com\uninstall\chsi_uninstaller.exe
Conexant D850 56K V.9x DFVc Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Cucusoft Zune Video Converter 5.07 --> "C:\Program Files\Cucusoft\zune-converter\unins000.exe"
CyberDefender Early Detection Center --> C:\Program Files\CyberDefender\cdinstx.exe /u
DDS Thumbnail Viewer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2205B8AE-490E-43F2-AB43-C13C2BEC86A7}\Setup.exe" -l0x9
Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Resource CD --> MsiExec.exe /X{FCD9CD52-7222-4672-94A0-A722BA702FD0}
DellConnect --> MsiExec.exe /X{52D56C42-8C69-4882-A661-39695537C9CF}
Desktop Doctor --> "C:\Program Files\Support.com\providerComcast\Uninstall.exe" /c "Remove Desktop Doctor?"
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Dr. DivX 2.0 OSS --> C:\Program Files\DivX\Dr. DivX 2.0 OSS\Remove.exe
DreamSuite Gel --> C:\WINDOWS\unvise32.exe C:\GelUninstall.log
DreamSuite Series2 --> C:\WINDOWS\unvise32.exe C:\DS2Uninstall.log
Drivers Install For Linksys Easylink Advisor --> MsiExec.exe /I{A1960A82-DB70-474D-A86B-FA74466103C6}
DVD Menu Maker --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1D7949FF-E551-4334-AB34-6610118365E3}\Setup.exe" -l0x9
EA SPORTS online 2008 --> C:\Program Files\EA SPORTS\EA SPORTS online\EASOUNInstaller.exe
EAX4 Unified Redist --> MsiExec.exe /X{89661B04-C646-4412-B6D3-5E19F02F1F37}
EditPlus 2 --> C:\Program Files\EditPlus 2\remove.exe
eMule --> "C:\Program Files\eMule\Uninstall.exe"
ESPNMotion --> C:\PROGRA~1\ESPNMO~1\UNWISE.EXE /u C:\PROGRA~1\ESPNMO~1\INSTALL.LOG
Flash Particle Studio 1.0(remove only) --> "C:\Program Files\Flash Particle Studio 1.0\uninst.exe"
Florida State University Desktop Communicator --> C:\Program Files\New Tier\Communicator\uninstaller.exe /u
FLV Player --> "C:\WINDOWS\FLV Player\uninstall.exe" "/U:C:\Program Files\FLV Player\Uninstall\uninstall.xml"
Fraps --> "C:\Fraps\uninstall.exe"
GalleryPlayer Images --> C:\WINDOWS\GalleryPlayer Images Uninstaller.exe
GameSpot Download Manager --> "C:\Program Files\GameSpot\uninstall.exe"
getPlus®_ocx --> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Google Video Player --> "C:\Program Files\Google\Google Video Player\Uninstall.exe"
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
Home Typist --> "C:\Program Files\Invention Pilot\Home Typist\uninstall.exe"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
IISCN VcdromX --> "C:\Program Files\IISCN Software\VcdromX\VcdromX.uninstall.exe"
Intel® PRO Network Connections Drivers --> Prounstl.exe
iolo technologies' System Mechanic Professional 7 --> "C:\Program Files\iolo\System Mechanic Professional 7\unins000.exe"
iTunes --> MsiExec.exe /I{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
Jasc Animation Shop 3 --> MsiExec.exe /I{174D5678-D941-433C-BD23-58A5C7B0D36D}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
LEGO Star Wars II --> C:\Program Files\InstallShield Installation Information\{4E074808-1B86-4230-A9EB-0904942EC4AE}\setup.exe -runfromtemp -l0x0409
LimeWire PRO 4.12.6 --> "C:\Program Files\LimeWire\uninstall.exe"
Linksys EasyLink Advisor 1.6 (0044) --> rundll32 C:\PROGRA~1\LINKSY~1\AUInst.dll,ExUninstall
Macromedia Fireworks 8 --> MsiExec.exe /I{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}
Macromedia Flash MX 2004 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F353D44-73BB-4971-B31D-F7642E9E9531}\Setup.exe" -l0x9 UNINSTALL
Macromedia Flash Player --> MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}
Madden NFL 08 --> C:\Program Files\EA Sports\Madden NFL 08\EAUninstall.exe
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
Media Center Extender --> C:\WINDOWS\eHome\DvcConn.exe /uninstall
Media Center Extender --> MsiExec.exe /I{23FE964A-853B-4176-86D7-9E18B5CA1FC0}
Media Center Solitaire --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\ehsol.inf, Uninstall
Megaupload Toolbar --> C:\Program Files\MegauploadToolbar\uninstall.exe
Microsoft ActiveSync --> MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Encarta Premium 2006 DVD --> MsiExec.exe /I{06040081-3E21-46D6-9A91-D927BA08F41D}
Microsoft Group Policy Management Console with SP1 --> MsiExec.exe /I{CA3553E0-191B-4E2F-AD3C-82E33CB9D4E4}
Microsoft Internet Explorer Administration Kit 5 --> rundll32 advpack.dll,LaunchINFSection ieak5.inf,IEAK.Uninstall
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Office XP Resource Kit Tools --> MsiExec.exe /I{95250409-6000-11D3-8CFE-0050048383C9}
Microsoft Text-to-Speech Engine 4.0 (English) --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTSf22.inf, Uninstall
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Motorola Phone Tools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe" -l0x9 -removeonly
Motorola PST --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8CC5BF82-4DD4-11D4-A39F-00C04F05E3F0}\Setup.exe" -l0x9 anything
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\Leroy Everett\Application Data\Move Networks\ie_bin\Uninst.exe
Mpeg2Decoder 1.3 --> "C:\Program Files\Mpeg2Decoder\unins000.exe"
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MyIdentityDefender Toolbar (CyberDefender Corporation) --> C:\Documents and Settings\Leroy Everett\Local Settings\Application Data\CyberDefender\cdinstx.exe /u
MyThemesMCE --> MsiExec.exe /I{DB458387-32C8-4C04-8944-9BE1CFF7296F}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
NVIDIA Photoshop Plug-ins --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23F79416-CAD1-41BF-99A3-040F6C814AAA}\setup.exe" -l0x9
OpenAL --> "C:\Program Files\OpenAL\oalinst.exe" /U
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PeerGuardian 2.0 --> "C:\Program Files\PeerGuardian2\unins000.exe"
PSP Brew 0.80 --> "C:\Program Files\PSP Brew\unins000.exe"
PureVoice --> "C:\Program Files\Qualcomm\PureVoice\uninstall.exe"
QuickTime --> MsiExec.exe /I{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Recover My Files --> "C:\Program Files\GetData\Recover My Files\unins000.exe"
Roxio DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Roxio Media Manager --> MsiExec.exe /X{66D171AA-670F-4309-9C74-5BA7F7DBA0B3}
Roxio MyDVD LE --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Roxio RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
RSD_LITE_2_5 --> MsiExec.exe /X{80B894AC-E0F4-42B2-9233-C492F03AC975}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB934062) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
Security Update for Visio 2007 (KB947590) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
SnagIt 8 --> MsiExec.exe /I{0AEA9ECE-2AD0-4DF0-932E-F0AC6B771749}
Sonic Encoders --> MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Sound Blaster Audigy --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1B1DDAD2-C704-49F8-8FC2-18DAAD9A87C5}\SETUP.EXE" -l0x9 /remove
Spy Cleaner Platinum 9.7 Trial Version --> C:\PROGRA~1\SPYCLE~1\UNWISE.EXE C:\PROGRA~1\SPYCLE~1\INSTALL.LOG
SupportSoft Assisted Service --> MsiExec.exe /I{5A3F6A80-7913-475E-8B96-477A952CFA43}
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
TextAloud --> "C:\Program Files\TextAloud\unins000.exe"
Tiger Woods PGA TOUR 08 --> C:\Program Files\EA Sports\Tiger Woods PGA TOUR 08\EAUninstall.exe
TMPGEnc 3.0 XPress --> MsiExec.exe /I{D48EAA77-E526-41EB-894C-BD6A17EABD95}
Tomb Raider: Legend 1.0 --> C:\Program Files\Tomb Raider - Legend\uninsttrl.exe
Total Cleaner --> "C:\Program Files\Total Cleaner\unins000.exe"
Trojan Remover 6.6.9 --> "C:\Program Files\Trojan Remover\unins000.exe"
Ulead PhotoImpact 12 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11AFE21E-B193-430D-B57A-DFF7815BB962}\setup.exe" -l0x9
UnHackMe 4.70 release --> "C:\Program Files\UnHackMe\unins000.exe"
Uninstall DreamSuite --> C:\WINDOWS\unvise32.exe C:\Program Files\Adobe\Adobe Bridge\Plug-Ins\DreamSuite\DreamSuite Uninstall.log
Uninstall Mystical --> C:\WINDOWS\unvise32.exe C:\Program Files\Adobe\Adobe Photoshop CS2\Plug-Ins\Mystical\Mystical Uninstall.log
Update for Office 2007 (KB932080) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB934391) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb950378) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F6296086-AED5-4EC0-938B-08EA0254F20E}
Update Rollup 2 for Windows XP Media Center Edition 2005 --> C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
Version 5.3.0 --> "C:\Program Files\ADShareit\swf2videopro\unins000.exe"
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Virtools 3D Life Player --> C:\Program Files\Virtools\3D Life Player\WebplayerConfig.exe -u
WIBU-KEY Setup (WIBU-KEY Remove) --> C:\Program Files\WIBUKEY\Setup\SETUP32.EXE /R:{00060000-0000-1004-8002-0000C06B5161}
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Vista Upgrade Advisor --> MsiExec.exe /I{F80BA35D-D1CD-4B8B-8129-9FC918F9D42D}
Windows XP Media Center Edition 2005 KB905589 --> "C:\WINDOWS\$NtUninstallKB905589$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB908250 --> "C:\WINDOWS\$NtUninstallKB908250$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB925766 --> "C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
WinISO 5.3 --> "C:\Program Files\WinISO\unins000.exe"
winpwn --> C:\Program Files\winpwn\uninstall winpwn.exe
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinSCP 4.0.6 --> "C:\Program Files\WinSCP\unins000.exe"
XChange 360 --> "C:\Program Files\Datel\XChange 360\unins000.exe"
Your Uninstaller! 2006 Version 5 --> "C:\Program Files\Your Uninstaller 2006\unins000.exe"
YouTube Robot 2.0.2007.829 --> "C:\Program Files\YouTubeRobot\unins000.exe"
Zoom Player (remove only) --> "C:\Program Files\Zoom Player\uninstall.exe"
Zune Desktop Theme --> MsiExec.exe /X{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}


-- Application Event Log -------------------------------------------------------

Event Record #/Type2340 / Error
Event Submitted/Written: 05/30/2008 11:16:21 PM
Event ID/Source: 1090 / Userenv
Event Description:
Windows couldn't log the RSoP (Resultant Set of Policies) session status. An attempt to connect to WMI failed. No more RSoP logging will be done for this application of policy.

Event Record #/Type2339 / Error
Event Submitted/Written: 05/30/2008 09:26:21 PM
Event ID/Source: 1090 / Userenv
Event Description:
Windows couldn't log the RSoP (Resultant Set of Policies) session status. An attempt to connect to WMI failed. No more RSoP logging will be done for this application of policy.

Event Record #/Type2338 / Error
Event Submitted/Written: 05/30/2008 07:36:21 PM
Event ID/Source: 1090 / Userenv
Event Description:
Windows couldn't log the RSoP (Resultant Set of Policies) session status. An attempt to connect to WMI failed. No more RSoP logging will be done for this application of policy.

Event Record #/Type2337 / Error
Event Submitted/Written: 05/30/2008 06:01:21 PM
Event ID/Source: 1090 / Userenv
Event Description:
Windows couldn't log the RSoP (Resultant Set of Policies) session status. An attempt to connect to WMI failed. No more RSoP logging will be done for this application of policy.

Event Record #/Type2336 / Error
Event Submitted/Written: 05/30/2008 04:12:20 PM
Event ID/Source: 1090 / Userenv
Event Description:
Windows couldn't log the RSoP (Resultant Set of Policies) session status. An attempt to connect to WMI failed. No more RSoP logging will be done for this application of policy.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type20919 / Error
Event Submitted/Written: 05/31/2008 02:17:07 AM
Event ID/Source: 12 / PlugPlayManager
Event Description:
The device 'Microsoft System Management BIOS Driver' (Root\SYSTEM\0002) disappeared from the system without first being prepared for removal.

Event Record #/Type20918 / Error
Event Submitted/Written: 05/31/2008 02:17:07 AM
Event ID/Source: 12 / PlugPlayManager
Event Description:
The device 'Microcode Update Device' (Root\SYSTEM\0001) disappeared from the system without first being prepared for removal.

Event Record #/Type20917 / Error
Event Submitted/Written: 05/31/2008 02:17:07 AM
Event ID/Source: 12 / PlugPlayManager
Event Description:
The device 'Plug and Play Software Device Enumerator' (Root\SYSTEM\0000) disappeared from the system without first being prepared for removal.

Event Record #/Type20915 / Warning
Event Submitted/Written: 05/31/2008 02:13:08 AM
Event ID/Source: 27 / e1express
Event Description:
Intel® PRO/1000 PL Network Connection
Link has been disconnected.

Event Record #/Type20914 / Warning
Event Submitted/Written: 05/31/2008 02:00:31 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.



-- End of Deckard's System Scanner: finished at 2008-05-31 13:52:29 ------------

Here you go....hope this helps

[loophole]

Hi

please tell me what happens when you try to run combofix

Your dss log shows there is something amiss, but I need the following log also please

Download GMER from here:
http://www.gmer.net/files.php

Unzip it to the desktop.

Open the program and click on the Rootkit tab.
Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
Click on Scan.
When the scan has run click Copy and paste the results (if any) into this thread.

[roy4423]

I was not able to run GMER... Most programs give me a "not valied win32 applacation error message" same with combofix and highjackthis

Thanks for the reply




Sorry! got it to work

The log was so huge, I'm not able to post the complete list.....but I think you will see the problem. let me know if you would like me to split up the rest in seperate post.



Rootkit scan 2008-06-01 00:36:11
Windows 5.0.2195


---- Services - GMER 1.0.14 ----

Service C:\WINDOWS\system32\drivers\srosa.sys (*** hidden *** ) [SYSTEM] srosa <-- ROOTKIT !!!

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x91 0x30 0x4B 0x61 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x22 0xC6 0x7B 0x0E ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x55 0x61 0x52 0xCF ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x7C 0x85 0xDE 0xF6 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x91 0x30 0x4B 0x61 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x22 0xC6 0x7B 0x0E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x55 0x61 0x52 0xCF ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x7C 0x85 0xDE 0xF6 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x85 0xD3 0x4E 0x0A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xC1 0xD1 0xFE 0xB3 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x9B 0x42 0x55 0xF9 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x11 0xD7 0xAC 0x9C ...
Reg HKLM\SYSTEM\ControlSet003\Services\srosa
Reg HKLM\SYSTEM\ControlSet003\Services\srosa@Type 1
Reg HKLM\SYSTEM\ControlSet003\Services\srosa@Start 1
Reg HKLM\SYSTEM\ControlSet003\Services\srosa@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\srosa@ImagePath \??\C:\WINDOWS\system32\drivers\srosa.sys
Reg HKLM\SYSTEM\ControlSet003\Services\srosa@DisplayName Megadrv3
Reg HKLM\SYSTEM\ControlSet003\Services\srosa\Security
Reg HKLM\SYSTEM\ControlSet003\Services\srosa\Security@Security 0x01 0x00 0x14 0x80 ...
Reg HKLM\SYSTEM\ControlSet004\Control\MediumCache\{197cb831-868d-440f-bffc-a843a1c29a61}-0-0@\\?\PCI#VEN_1002&DEV_4D52&SUBSYS_A3461002&REV_00#4&5855be9&0&10F0#{a799a800-a46d-11d0-a18c-00a02401dcd4}\{e6223d77-45f9-4025-a86f-27bddb4c8ca9} 1
Reg HKLM\SYSTEM\ControlSet004\Control\MediumCache\{197cb831-868d-440f-bffc-a843a1c29a61}-0-0@\\?\PCI#VEN_1002&DEV_4D52&SUBSYS_A3461002&REV_00#4&5855be9&0&20F0#{a799a801-a46d-11d0-a18c-00a02401dcd4}\{39309da7-b1c0-43a3-aac3-6d6bfcbb75a9} 0
Reg HKLM\SYSTEM\ControlSet004\Control\MediumCache\{197cb831-868d-440f-bffc-a843a1c29a61}-0-0@\\?\PCI#VEN_1002&DEV_4D52&SUBSYS_A3461002&REV_00#4&5855be9&0&20F0#{a799a800-a46d-11d0-a18c-00a02401dcd4}\{e6223d77-45f9-4025-a86f-27bddb4c8ca9} 1
Reg HKLM\SYSTEM\ControlSet004\Control\MediumCache\{197cb831-868d-440f-bffc-a843a1c29a61}-64-0@\\?\PCI#VEN_1002&DEV_4D52&SUBSYS_A3461002&REV_00#4&5855be9&0&10F0#{a799a801-a46d-11d0-a18c-00a02401dcd4}\{39309da7-b1c0-43a3-aac3-6d6bfcbb75a9} 0
Reg HKLM\SYSTEM\ControlSet004\Control\MediumCache\{32e217b7-d3f1-4028-bd0a-5ace5bad086e}-0-0@\\?\PCI#VEN_1002&DEV_4D52&SUBSYS_A3461002&REV_00#4&5855be9&0&10F0#{6994ad05-93ef-11d0-a3cc-00a0c9223196}\{bc187864-4183-4dc5-9fe0-679a7a039975} 0
Reg HKLM\SYSTEM\ControlSet004\Control\MediumCache\{32e217b7-d3f1-4028-bd0a-5ace5bad086e}-0-0@\\?\PCI#VEN_1002&DEV_4D52&SUBSYS_A3461002&REV_00#4&5855be9&0&10F0#{65e8773d-8f56-11d0-a3b9-00a0c9223196}\{bc187864-4183-4dc5-9fe0-679a7a039975} 0
Reg HKLM\SYSTEM\ControlSet004\Control\MediumCache\{32e217b7-d3f1-4028-bd0a-5ace5bad086e}-0-0@\\?\PCI#VEN_1002&DEV_4D52&SUBSYS_A3461002&REV_00#4&5855be9&0&20F0#{a799a801-a46d-11d0-a18c-00a02401dcd4}\{39309da7-b1c0-43a3-aac3-6d6bfcbb75a9} 1
Reg HKLM\SYSTEM\ControlSet004\Control\MediumCache\{32e217b7-d3f1-4028-bd0a-5ace5bad086e}-0-0@\\?\PCI#VEN_1002&DEV_4D52&SUBSYS_A3461002&REV_00#4&5855be9&0&20F0#{6994ad05-93ef-11d0-a3cc-00a0c9223196}\{bc187864-4183-4dc5-9fe0-679a7a039975} 0
Reg HKLM\SYSTEM\ControlSet004\Control\MediumCache\{32e217b7-d3f1-4028-bd0a-5ace5bad086e}-0-0@\\?\PCI#VEN_1002&DEV_4D52&SUBSYS_A3461002&REV_00#4&5855be9&0&20F0#{65e8773d-8f56-11d0-a3b9-00a0c9223196}\{bc187864-4183-4dc5-9fe0-679a7a039975} 0
Reg HKLM\SYSTEM\ControlSet004\Control\MediumCache\{426eb912-eb4d-4e03-954f-0e5ccf25993f}-0-0@\\?\PCI#VEN_1002&DEV_4D52&SUBSYS_A3461002&REV_00#4&5855be9&0&10F0#{6994ad05-93ef-11d0-a3cc-00a0c9223196}\{bc187864-4183-4dc5-9fe0-679a7a039975} 0
Reg HKLM\SYSTEM\ControlSet004\Control\MediumCache\{426eb912-eb4d-4e03-954f-0e5ccf25993f}-0-0@\\?\PCI#VEN_1002&DEV_4D52&SUBSYS_A3461002&REV_00#4&5855be9&0&10F0#{65e8773d-8f56-11d0-a3b9-00a0c9223196}\{bc187864-4183-4dc5-9fe0-679a7a039975} 0
Reg HKLM\SYSTEM\ControlSet004\Control\MediumCache\{426eb912-eb4d-4e03-954f-0e5ccf25993f}-0-0@\\?\PCI#VEN_1002&DEV_4D52&SUBSYS_A3461002&REV_00#4&5855be9&0&20F0#{a799a801-a46d-11d0-a18c-00a02401dcd4}\{39309da7-b1c0-43a3-aac3-6d6bfcbb75a9} 1
Reg HKLM\SYSTEM\ControlSet004\Control\MediumCache\{426eb912-eb4d-4e03-954f-0e5ccf25993f}-0-0@\\?\PCI#VEN_1002&DEV_4D52&SUBSYS_A3461002&REV_00#4&5855be9&0&20F0#{6994ad05-93ef-11d0-a3cc-00a0c9223196}\{bc187864-4183-4dc5-9fe0-679a7a039975} 0
Reg HKLM\SYSTEM\ControlSet004\Control\MediumCache\{426eb912-eb4d-4e03-954f-0e5ccf25993f}-0-0@\\?\PCI#VEN_1002&DEV_4D52&SUBSYS_A3461002&REV_00#4&5855be9&0&20F0#{65e8773d-8f56-11d0-a3b9-00a0c9223196}\{bc187864-4183-4dc5-9fe0-679a7a039975} 0
Reg HKLM\SYSTEM\ControlSet004\Control\MediumCache\{426eb912-eb4d-4e03-954f-0e5ccf25993f}-64-0@\\?\PCI#VEN_1002&DEV_4D52&SUBSYS_A3461002&REV_00#4&5855be9&0&10F0#{65e8773d-8f56-11d0-a3b9-00a0c9223196}\{bc187864-4183-4dc5-9fe0-679a7a039975} 0
Reg HKLM\SYSTEM\ControlSet004\Control\MediumCache\{426eb912-eb4d-4e03-954f-0e5ccf25993f}-64-0@\\?\PCI#VEN_1002&DEV_4D52&SUBSYS_A3461002&REV_00#4&5855be9&0&10F0#{a799a801-a46d-11d0-a18c-00a02401dcd4}\{39309da7-b1c0-43a3-aac3-6d6bfcbb75a9} 1
Reg HKLM\SYSTEM\ControlSet004\Control\MediumCache\{436f33cd-7400-4776-b336-e1255a3f9a87}-0-0@\\?\PCI#VEN_1002&DEV_4D52&SUBSYS_A3461002&REV_00#4&5855be9&0&10F0#{65e8773d-8f56-11d0-a3b9-00a0c9223196}\{bc187864-4183-4dc5-9fe0-679a7a039975} 1
Reg HKLM\SYSTEM\ControlSet004\Control\MediumCache\{436f33cd-7400-4776-b336-e1255a3f9a87}-0-0@\\?\PCI#VEN_1002&DEV_4D52&SUBSYS_A3461002&REV_00#4&5855be9&0&10F0#{7a5de1d3-01a1-452c-b481-4fa2b96271e8}\{6b2088b7-1e3b-4d3d-905f-2ff22040d5b2} 0
Reg HKLM\SYSTEM\ControlSet004\Control\MediumCache\{436f33cd-7400-4776-b336-e1255a3f9a87}-0-0@\\?\PCI#VEN_1002&DEV_4D52&SUBSYS_A3461002&REV_00#4&5855be9&0&10F0#{19689bf6-c384-48fd-ad51-90e58c79f70b}\{6b2088b7-1e3b-4d3d-905f-2ff22040d5b2} 0
Reg HKLM\SYSTEM\ControlSet004\Control\MediumCache\{436f33cd-7400-4776-b336-e1255a3f9a87}-0-0@\\?\PCI#VEN_1002&DEV_4D52&SUBSYS_A3461002&REV_00#4&5855be9&0&20F0#{6994ad05-93ef-11d0-a3cc-00a0c9223196}\{bc187864-4183-4dc5-9fe0-679a7a039975} 1
Reg HKLM\SYSTEM\ControlSet004\Control\MediumCache\{436f33cd-7400-4776-b336-e1255a3f9a87}-0-0@\\?\PCI#VEN_1002&DEV_4D52&SUBSYS_A3461002&REV_00#4&5855be9&0&20F0#{65e8773d-8f56-11d0-a3b9-00a0c9223196}\{bc187864-4183-4dc5-9fe0-679a7a039975} 1
Reg HKLM\SYSTEM\ControlSet004\Control\MediumCache\{436f33cd-7400-4776-b336-e1255a3f9a87}-0-0@\\?\PCI#VEN_1002&DEV_4D52&SUBSYS_A3461002&REV_00#4&5855be9&0&20F0#{7a5de1d3-01a1-452c-b481-4fa2b96271e8}\{6b2088b7-1e3b-4d3d-905f-2ff22040d5b2} 0
Reg HKLM\SYSTEM\ControlSet004\Control\MediumCache\{436f33cd-7400-4776-b336-e1255a3f9a87}-0-0@\\?\PCI#VEN_1002&DEV_4D52&SUBSYS_A3461002&REV_00#4&5855be9&0&20F0#{19689bf6-c384-48fd-ad51-90e58c79f70b}\{6b2088b7-1e3b-4d3d-905f-2ff22040d5b2} 0
Reg HKLM\SYSTEM\ControlSet004\Control\MediumCache\{436f33cd-7400-4776-b336-e1255a3f9a87}-64-0@\\?\PCI#VEN_1002&DEV_4D52&SUBSYS_A3461002&REV_00#4&5855be9&0&10F0#{65e8773d-8f56-11d0-a3b9-00a0c9223196}\{bc187864-4183-4dc5-9fe0-679a7a039975} 1
Reg HKLM\SYSTEM\ControlSet004\Control\MediumCache\{436f33cd-7400-4776-b336-e1255a3f9a87}-64-0@\\?\PCI#VEN_1002&DEV_4D52&SUBSYS_A3461002&REV_00#4&5855be9&0&10F0#{7a5de1d3-01a1-452c-b481-4fa2b96271e8}\{6b2088b7-1e3b-4d3d-905f-2ff22040d5b2} 0
Reg HKLM\SYSTEM\ControlSet004\Control\MediumCache\{436f33cd-7400-4776-b336-e1255a3f9a87}-64-0@\\?\PCI#VEN_1002&DEV_4D52&SUBSYS_A3461002&REV_00#4&5855be9&0&10F0#{19689bf6-c384-48fd-ad51-90e58c79f70b}\{6b2088b7-1e3b-4d3d-905f-2ff22040d5b2} 0
Reg HKLM\SYSTEM\ControlSet004\Control\MediumCache\{8caeaddb-7c6c-469b-b70c-3081fd0a8554}-0-0@\\?\PCI#VEN_1002&DEV_4D52&SUBSYS_A3461002&REV_00#4&5855be9&0&10F0#{65e8773d-8f56-11d0-a3b9-00a0c9223196}\{bc187864-4183-4dc5-9fe0-679a7a039975} 1
Reg HKLM\SYSTEM\ControlSet004\Control\MediumCache\{8caeaddb-7c6c-469b-b70c-3081fd0a8554}-0-0@\\?\PCI#VEN_1002&DEV_4D52&SUBSYS_A3461002&REV_00#4&5855be9&0&10F0#{7a5de1d3-01a1-452c-b481-4fa2b96271e8}\{6b2088b7-1e3b-4d3d-905f-2ff22040d5b2} 0
Reg HKLM\SYSTEM\ControlSet004\Control\MediumCache\{8caeaddb-7c6c-469b-b70c-3081fd0a8554}-0-0@\\?\PCI#VEN_1002&DEV_4D52&SUBSYS_A3461002&REV_00#4&5855be9&0&10F0#{19689bf6-c384-48fd-ad51-90e58c79f70b}\{6b2088b7-1e3b-4d3d-905f-2ff22040d5b2} 0
Reg HKLM\SYSTEM\ControlSet004\Control\MediumCache\{8caeaddb-7c6c-469b-b70c-3081fd0a8554}-0-0@\\?\PCI#VEN_1002&DEV_4D52&SUBSYS_A3461002&REV_00#4&5855be9&0&20F0#{6994ad05-93ef-11d0-a3cc-00a0c9223196}\{bc187864-4183-4dc5-9fe0-679a7a039975} 1
Reg HKLM\SYSTEM\ControlSet004\Control\MediumCache\{8caeaddb-7c6c-469b-b70c-3081fd0a8554}-0-0@\\?\PCI#VEN_1002&DEV_4D52&SUBSYS_A3461002&REV_00#4&5855be9&0&20F0#{65e8773d-8f56-11d0-a3b9-00a0c9223196}\{bc187864-4183-4dc5-9fe0-679a7a039975} 1
Reg HKLM\SYSTEM\ControlSet004\Control\MediumCache\{8caeaddb-7c6c-469b-b70c-3081fd0a8554}-0-0@\\?\PCI#VEN_1002&DEV_4D52&SUBSYS_A3461002&REV_00#4&5855be9&0&20F0#{7a5de1d3-01a1-452c-b481-4fa2b96271e8}\{6b2088b7-1e3b-4d3d-905f-2ff22040d5b2} 0
Reg HKLM\SYSTEM\ControlSet004\Control\MediumCache\{8caeaddb-7c6c-469b-b70c-3081fd0a8554}-0-0@\\?\PCI#VEN_1002&DEV_4D52&SUBSYS_A3461002&REV_00#4&5855be9&0&20F0#{19689bf6-c384-48fd-ad51-90e58c79f70b}\{6b2088b7-1e3b-4d3d-905f-2ff22040d5b2} 0
Reg HKLM\SYSTEM\ControlSet004\Control\MediumCache\{8caeaddb-7c6c-469b-b70c-3081fd0a8554}-64-0@\\?\PCI#VEN_1002&DEV_4D52&SUBSYS_A3461002&REV_00#4&5855be9&0&10F0#{65e8773d-8f56-11d0-a3b9-00a0c9223196}\{bc187864-4183-4dc5-9fe0-679a7a039975} 1
Reg HKLM\SYSTEM\ControlSet004\Control\MediumCache\{8caeaddb-7c6c-469b-b70c-3081fd0a8554}-64-0@\\?\PCI#VEN_1002&DEV_4D52&SUBSYS_A3461002&REV_00#4&5855be9&0&10F0#{7a5de1d3-01a1-452c-b481-4fa2b96271e8}\{6b2088b7-1e3b-4d3d-905f-2ff22040d5b2} 0
Reg HKLM\SYSTEM\ControlSet004\Control\MediumCache\{8caeaddb-7c6c-469b-b70c-3081fd0a8554}-64-0@\\?\PCI#VEN_1002&DEV_4D52&SUBSYS_A3461002&REV_00#4&5855be9&0&10F0#{19689bf6-c384-48fd-ad51-90e58c79f70b}\{6b2088b7-1e3b-4d3d-905f-2ff22040d5b2} 0
Reg HKLM\SYSTEM\ControlSet004\Control\MediumCache\{bb3c0060-8196-418d-b269-22c0f3eb001d}-0-0@\\?\PCI#VEN_1002&DEV_4D52&SUBSYS_A3461002&REV_00#4&5855be9&0&10F0#{a799a802-a46d-11d0-a18c-00a02401dcd4}\{61e3c270-5102-4266-864d-bde1e28e10e1} 1
Reg HKLM\SYSTEM\ControlSet004\Control\MediumCache\{bb3c0060-8196-418d-b269-22c0f3eb001d}-0-0@\\?\PCI#VEN_1002&DEV_4D52&SUBSYS_A3461002&REV_00#4&5855be9&0&20F0#{a799a801-a46d-11d0-a18c-00a02401dcd4}\{39309da7-b1c0-43a3-aac3-6d6bfcbb75a9} 0
Reg HKLM\SYSTEM\ControlSet004\Control\MediumCache\{bb3c0060-8196-418d-b269-22c0f3eb001d}-0-0@\\?\PCI#VEN_1002&DEV_4D52&SUBSYS_A3461002&REV_00#4&5855be9&0&20F0#{a799a802-a46d-11d0-a18c-00a02401dcd4}\{61e3c270-5102-4266-864d-bde1e28e10e1} 1
Reg HKLM\SYSTEM\ControlSet004\Control\MediumCache\{bb3c0060-8196-418d-b269-22c0f3eb001d}-64-0@\\?\PCI#VEN_1002&DEV_4D52&SUBSYS_A3461002&REV_00#4&5855be9&0&10F0#{a799a802-a46d-11d0-a18c-00a02401dcd4}\{61e3c270-5102-4266-864d-bde1e28e10e1} 1
Reg HKLM\SYSTEM\ControlSet004\Control\MediumCache\{bb3c0060-8196-418d-b269-22c0f3eb001d}-64-0@\\?\PCI#VEN_1002&DEV_4D52&SUBSYS_A3461002&REV_00#4&5855be9&0&10F0#{a799a801-a46d-11d0-a18c-00a02401dcd4}\{39309da7-b1c0-43a3-aac3-6d6bfcbb75a9} 0
Reg HKLM\SYSTEM\ControlSet004\Control\MediumCache\{c8082e94-48ea-4e46-b021-b352f2c923fb}-0-0@\\?\PCI#VEN_1002&DEV_4D52&SUBSYS_A3461002&REV_00#4&5855be9&0&10F0#{a799a802-a46d-11d0-a18c-00a02401dcd4}\{61e3c270-5102-4266-864d-bde1e28e10e1} 0
Reg HKLM\SYSTEM\ControlSet004\Control\MediumCache\{c8082e94-48ea-4e46-b021-b352f2c923fb}-0-0@\\?\PCI#VEN_1002&DEV_4D52&SUBSYS_A3461002&REV_00#4&5855be9&0&20F0#{a799a800-a46d-11d0-a18c-00a02401dcd4}\{e6223d77-45f9-4025-a86f-27bddb4c8ca9} 1
Reg HKLM\SYSTEM\ControlSet004\Control\MediumCache\{c8082e94-48ea-4e46-b021-b352f2c923fb}-0-0@\\?\PCI#VEN_1002&DEV_4D52&SUBSYS_A3461002&REV_00#4&5855be9&0&20F0#{a799a802-a46d-11d0-a18c-00a02401dcd4}\{61e3c270-5102-4266-864d-bde1e28e10e1} 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x85 0xD3 0x4E 0x0A ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xC1 0xD1 0xFE 0xB3 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x11 0xD7 0xAC 0x9C ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x11 0xD7 0xAC 0x9C ...
Reg HKLM\SYSTEM\ControlSet004\Services\srosa
Reg HKLM\SYSTEM\ControlSet004\Services\srosa@Type 1
Reg HKLM\SYSTEM\ControlSet004\Services\srosa@Start 1
Reg HKLM\SYSTEM\ControlSet004\Services\srosa@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet004\Services\srosa@ImagePath \??\C:\WINDOWS\system32\drivers\srosa.sys
Reg HKLM\SYSTEM\ControlSet004\Services\srosa@DisplayName Megadrv3
Reg HKLM\SYSTEM\ControlSet004\Services\srosa\Security
Reg HKLM\SYSTEM\ControlSet004\Services\srosa\Security@Security 0x01 0x00 0x14 0x80 ...

O.K. I'm going to continue to udate my situation as I move forward in trying to remove this Virus.

I used GMER in safemode to remove these reg keys:
Reg HKLM\SYSTEM\ControlSet003\Services\srosa
Reg HKLM\SYSTEM\ControlSet003\Services\srosa@Type 1
Reg HKLM\SYSTEM\ControlSet003\Services\srosa@Start 1
Reg HKLM\SYSTEM\ControlSet003\Services\srosa@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\srosa@ImagePath \??\C:\WINDOWS\system32\drivers\srosa.sys
Reg HKLM\SYSTEM\ControlSet003\Services\srosa@DisplayName Megadrv3
Reg HKLM\SYSTEM\ControlSet003\Services\srosa\Security
Reg HKLM\SYSTEM\ControlSet003\Services\srosa\Security@Security 0x01 0x00 0x14 0x80 ...

Reg HKLM\SYSTEM\ControlSet004\Services\srosa
Reg HKLM\SYSTEM\ControlSet004\Services\srosa@Type 1
Reg HKLM\SYSTEM\ControlSet004\Services\srosa@Start 1
Reg HKLM\SYSTEM\ControlSet004\Services\srosa@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet004\Services\srosa@ImagePath \??\C:\WINDOWS\system32\drivers\srosa.sys
Reg HKLM\SYSTEM\ControlSet004\Services\srosa@DisplayName Megadrv3
Reg HKLM\SYSTEM\ControlSet004\Services\srosa\Security
Reg HKLM\SYSTEM\ControlSet004\Services\srosa\Security@Security 0x01 0x00 0x14 0x80 ...

and a few others in ControlSet005/006... then my system would not reboot cause Win32system config file was damaged. After booting up with the XP cd and doing a repair, I'm able to boot up in normal mode again 'still have issue with safe mode"

sometimes I can add the safeboot key to get in and sometimes not

Overall.... still no luck

Edited by roy4423, 01 June 2008 - 12:05 PM.

[roy4423]

I think notifications are done by reply....so I'm replying

[loophole]

Follow these instructions carefully, it involves renaming combofix DURING the download. Sorry I couldnt reply sooner. Deleting things without removing the whole thing will not work as everything you fix will just get put back as it respawns

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

• If you are using Firefox, make sure that your download settings are as follows:
  
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".
• During the download, rename Combofix to Combo-Fix as follows:
  
  
  
  
  
  
• It is important you rename Combofix during the download, but not after.
• Please do not rename Combofix to other names, but only to the one indicated.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  

  -----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    

    -----------------------------------------------------------

  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

  -----------------------------------------------------------

• Double click on combo-Fix.exe & follow the prompts.
• When finished, it will produce a report for you.
• Please post the "C:\Combo-Fix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

[roy4423]

it seems that combo-fix has finished.... Still waiting on log. It seems that it my be hung up, im sending this from my phone.

Also a box that say select a file to crack as appeared

Edited by roy4423, 01 June 2008 - 02:40 PM.

[roy4423]

O.k. here is the log:

ComboFix 08-06-01.3 - Leroy Everett 2008-06-01 15:50:58.1 - NTFSx86

Running from: C:\Documents and Settings\Leroy Everett\Desktop\Combo-Fix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
The following files were disabled during the run:
C:\Program Files\iolo\common\lib\ioloHL.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Leroy Everett\Application Data\m
C:\Documents and Settings\Leroy Everett\Application Data\m\data.oct
C:\Documents and Settings\Leroy Everett\Application Data\m\list.oct
C:\Documents and Settings\Leroy Everett\Application Data\m\shared
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\#1 Flash Slideshow 2.5 [Key+Serial].zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\01.kaspersky.6.keygen.36.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\100% Free Euchre Card Game for Windows 6.54.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\4t Tray Minimizer 4.22.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Accurate Popup Killer 5.71 (Cracked).zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\ActiveQuality Iso 9000 Software 2.2.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Add 'em Up 1.0.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Additional Folders View 0.2.1.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Advanced Task Scheduler 1.5 build 0439.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Age of Rifles 1.01 patch.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\AlarmWave 1.0.1.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Alchemist Wizard 1.02.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Alert Center 1.0.4.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Altdo Apple TV Video Converter 1.1.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Amor Photo Downloader 1.6.9 (Patch).zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\ANTIVIRUS.NORTON.2003.-.Actualizaciones.HASTA.EL.2041.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Archimedes Grapher Slide Show 2.0.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\ASPImage 1.0.3.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Asset Monitor 1.10 [KeyGen].zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Asteroid ES 0.8.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Avast.Pro.v4.7.869.Incl.Keymaker-CORE.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\AW English-French Dictionary 1.7.czip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Backup Pro 3.0 [Cracked].zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Be My Valentine.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\BeeThink MP3 WMA OGG WAV Converter 3.0.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\BlueTools 1.00 beta.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\BulletProof FTP Client 2.57.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\BurnSoft Active Email Checker 3.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Calculus Problem Solver 1.0 [Key+Serial].zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\CC Get MAC Address 2.1.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Check&Get 3.2.1 build 465 [Patch].zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\ClickAssign 1.04.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Codabar Utility 2.3.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Command & Conquer Generals Zero Hour The Rise to Power mod.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Complete Messenger 1.02.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Conversation Meta Language 0.7.3.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Cowboyway Screen Saver 1.0.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Crystal CD To MP3 Ripper 2.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\DB CD Burner & Ripper 1.1.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Defragmenter Pro Plus 5.0.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Desktop Spy Agent 2.10.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Digijoe CD Labeler 1.6.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Digital Hamster 1.0 [With Crack].zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Digitally Imported Radio 1.0.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\DownloadIt Toolbar 1.0.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\DTM Data Scrubber 1.00.12 Key.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Duplicate Email Remover 2.14.2.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Easy Peasy Passwords 2.3.1.17.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\EngiLab Beam.2D ML 1.1.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\EnKoder 1.0.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Far Cry MP Dras map.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Fast Track Business Plan 1.10.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\FastSMS III Corporate 3.5.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\FlashyEffects 1.2.1.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Free Underwater Screensaver 1.0.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Grammar Fitness 4.0 Cracked.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\GWAcc Limited Application Launcher 1.1.0.40.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Halo Combat Evolved Hog World Pre-Release map.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Handy Dates for Sony Ericsson 2.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Home Budget 4.02.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Home Health Care Management 02.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\IM Collector Music Edition 1.45 (Key).zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\InstantTimeZone 3.0.2.13.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Internet Explorer Password 1.3 With Crack.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\IP Reporter (OS X) 2.0.1.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\IPBook 0.43.1508.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\IpMessage caster 1.02 KeyGen.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Kaspersky.Internet.Security.v6.0.0.300.WinAll-Deutsch.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\KAV.KIS.Kaspersky.Antivirus.and.Internet.Security.6.0.15.222a.+.keys.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\KidLogger 1.4.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\kjClipper 1.4.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Laser Dolphin 1.2.7.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\LingvoSoft FlashCards English German 1.5.07.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\LingvoSoft Suite 2007 German - French 2.0.23 [Cracked].zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\LingvoSoft Talking Dictionary 2007 English - Indonesian 4.0.22.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\MacDrive 7.0.9.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Maguma Workbench 2.5.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Maritime Quizz 1.0 Serial.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\MB3-230 Practice Exam Testing Engine Software 1.0.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\MetWeather 1.1 (Serial).zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Mimic Virtual Lab CCNA 2.1.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Monidir 2000 1.0 (KeyGen).zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\MOSED 1.0.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\MotorRacing Screensaver 1.0.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\MyGeneration 1.2.0.6.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Nalsoft Subtitle Player 1.0.200 (KeyGen).zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Navy Seals - Sea Air Land 1.0.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Network Device Explorer 1.1.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\No Hassle File Transfer 1.0.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Onlogic ImageOn 1.9.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Orandy OneClick 1.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Orneta Paint 1.0.0.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Pamela for Skype Standard Version 1.36 (Cracked).zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\PivotView 1.1 [Key+Serial].zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\PixelToy 2.6.1.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Planets of the Solar System Screensaver 1.0 [With Crack].zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\PLR Dashboard 1.0.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Pocket eAlbum 2.0.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Polar Knowledge Base 3.0.2.0.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Power Defragmenter 2.0.125.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\PowerFolder 1.0.2.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Prime Poster 2.0.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Private Post for Outlook Express 3.2.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\quick.heal.x-gen.v7.01.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Rainy Screen Saver 2.2.14.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\RealCart 2.0.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Red Faction - William Hart map.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Return to Castle Wolfenstein Enemy Territory ET Pro v3.0 Mod.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\ReviewWriter 2007 1.0.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\RoboOrganizer 1.1.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\RockIt 2000 Pro DJ 3.2 Serial.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\RuneSword II map.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\ScanWeb 1.2.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Search Engine Explorer 3.0 Patch.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\SearchAndWrite 0.5.8.0.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Sexy Kelly Brook Screen Saver 1.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Site Status Checker 2.1.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\SmartBook Pro 1.01.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\SmartRead 0.65 build 0531.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\SMS2u Agent 1.0.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\SoftAmbulance Photo Undelete 1.94 [With Crack].zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Speed Startup 1.03.03 Key.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\SplashPhoto for Pocket PC 4.42.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Star Trek Voyager - Elite Force Castle of Death map.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Stealther 0.99.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Style Workshop 1.02 [Patch].zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\SuperPower 1.2 to 1.2.2 patch.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Sureshot PopUp Killer 3.1.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Symantec_Removal_Tools.25-in1.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Tamale Loco Rumble in the Desert 2 1.0.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\TExtraFilters 1.0 Serial.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Time Shadow Professional Edition 1.75 (Key).zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Timesheets Lite 2.2.22 Crack.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\TourGroup Manager 3.00.10.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Unbrowse SNMP 1.5.1.1203.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\V-Scan 2.0.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Vidamic Netlog 3.0.10 (Key).zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Visual Patch 2.0.4.0.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\VueScan 8.3.54.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Wild and Green Costa Rica 1.0.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Wildfire Server 2.5.1.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Win32Pad 1.5.8.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\WinAutomation 1.0.1.320 [With Crack].zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\World Cup Toolbar 4.5.1.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\WSH.GUI host (JScript and VBScript) 8.2 (Cracked).zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\WuYuYo 1.0 [Cracked].zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\XML File Tagger 1.1.0.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\ZCureIT 1.2.4.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\ZipArchive Library 2.4.11.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\srvlist.oct
C:\Documents and Settings\Leroy Everett\Favorites\Online Security Test.url
C:\WINDOWS\system32\ban_list.txt
C:\WINDOWS\system32\drivers\downld
C:\WINDOWS\system32\drivers\downld\1006062.exe
C:\WINDOWS\system32\drivers\downld\1055390.exe
C:\WINDOWS\system32\drivers\downld\1066968.exe
C:\WINDOWS\system32\drivers\downld\1067843.exe
C:\WINDOWS\system32\drivers\downld\1073531.exe
C:\WINDOWS\system32\drivers\downld\1148781.exe
C:\WINDOWS\system32\drivers\downld\1193359.exe
C:\WINDOWS\system32\drivers\downld\1216140.exe
C:\WINDOWS\system32\drivers\downld\1254875.exe
C:\WINDOWS\system32\drivers\downld\1263968.exe
C:\WINDOWS\system32\drivers\downld\1268703.exe
C:\WINDOWS\system32\drivers\downld\15646468.exe
C:\WINDOWS\system32\drivers\downld\15707875.exe
C:\WINDOWS\system32\drivers\downld\15726265.exe
C:\WINDOWS\system32\drivers\downld\16501437.exe
C:\WINDOWS\system32\drivers\downld\16509484.exe
C:\WINDOWS\system32\drivers\downld\16512140.exe
C:\WINDOWS\system32\drivers\downld\181828.exe
C:\WINDOWS\system32\drivers\downld\192593.exe
C:\WINDOWS\system32\drivers\downld\192984.exe
C:\WINDOWS\system32\drivers\downld\202343.exe
C:\WINDOWS\system32\drivers\downld\202796.exe
C:\WINDOWS\system32\drivers\downld\204609.exe
C:\WINDOWS\system32\drivers\downld\209093.exe
C:\WINDOWS\system32\drivers\downld\214781.exe
C:\WINDOWS\system32\drivers\downld\226781.exe
C:\WINDOWS\system32\drivers\downld\231687.exe
C:\WINDOWS\system32\drivers\downld\240640.exe
C:\WINDOWS\system32\drivers\downld\245562.exe
C:\WINDOWS\system32\drivers\downld\248968.exe
C:\WINDOWS\system32\drivers\downld\256890.exe
C:\WINDOWS\system32\drivers\downld\261140.exe
C:\WINDOWS\system32\drivers\downld\266828.exe
C:\WINDOWS\system32\drivers\downld\267125.exe
C:\WINDOWS\system32\drivers\downld\275093.exe
C:\WINDOWS\system32\drivers\downld\278515.exe
C:\WINDOWS\system32\drivers\downld\289250.exe.vir
C:\WINDOWS\system32\drivers\downld\292093.exe
C:\WINDOWS\system32\drivers\downld\293500.exe
C:\WINDOWS\system32\drivers\downld\301953.exe
C:\WINDOWS\system32\drivers\downld\306671.exe
C:\WINDOWS\system32\drivers\downld\400296.exe
C:\WINDOWS\system32\drivers\downld\438375.exe
C:\WINDOWS\system32\drivers\downld\446046.exe
C:\WINDOWS\system32\drivers\downld\449828.exe
C:\WINDOWS\system32\drivers\downld\450828.exe
C:\WINDOWS\system32\drivers\downld\458796.exe
C:\WINDOWS\system32\drivers\downld\459406.exe
C:\WINDOWS\system32\drivers\downld\462062.exe
C:\WINDOWS\system32\drivers\downld\462546.exe
C:\WINDOWS\system32\drivers\downld\465218.exe
C:\WINDOWS\system32\drivers\downld\466671.exe
C:\WINDOWS\system32\drivers\downld\471984.exe
C:\WINDOWS\system32\drivers\downld\473015.exe
C:\WINDOWS\system32\drivers\downld\476187.exe
C:\WINDOWS\system32\drivers\downld\478593.exe
C:\WINDOWS\system32\drivers\downld\481625.exe
C:\WINDOWS\system32\drivers\downld\587640.exe
C:\WINDOWS\system32\drivers\downld\594828.exe
C:\WINDOWS\system32\drivers\downld\600625.exe
C:\WINDOWS\system32\drivers\downld\759828.exe
C:\WINDOWS\system32\drivers\downld\763421.exe
C:\WINDOWS\system32\drivers\downld\771468.exe
C:\WINDOWS\system32\drivers\downld\771921.exe
C:\WINDOWS\system32\drivers\downld\7979218.exe
C:\WINDOWS\system32\drivers\downld\799046.exe
C:\WINDOWS\system32\drivers\downld\811781.exe
C:\WINDOWS\system32\drivers\downld\8157984.exe
C:\WINDOWS\system32\drivers\downld\8166093.exe
C:\WINDOWS\system32\drivers\downld\8171640.exe
C:\WINDOWS\system32\drivers\downld\819359.exe
C:\WINDOWS\system32\drivers\downld\822890.exe
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\mdelk.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\mdelk.exe
C:\WINDOWS\system32\rnplf19.dll
C:\WINDOWS\system32\wintems.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SROSA


((((((((((((((((((((((((( Files Created from 2008-05-01 to 2008-06-01 )))))))))))))))))))))))))))))))
.

2008-06-01 16:01 . 2006-01-23 04:01 655,360 --a------ C:\Documents and Settings\Leroy Everett\stsystra.exe
2008-06-01 03:18 . 1997-01-20 15:12 71,680 --a------ C:\WINDOWS\ST5UNST.EXE
2008-06-01 03:18 . 2000-01-29 00:39 40,960 --a------ C:\WINDOWS\system32\VB5StKit.dll
2008-06-01 03:18 . 2008-06-01 03:19 806 --a------ C:\WINDOWS\ST5UNST.000
2008-06-01 00:57 . 2008-06-01 00:58 <DIR> d-------- C:\Program Files\autoruns
2008-05-31 18:56 . 2008-05-31 18:56 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-05-31 13:48 . 2008-05-31 13:48 <DIR> d-------- C:\Deckard
2008-05-31 02:12 . 2008-05-31 03:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-05-31 01:37 . 2006-01-23 04:01 655,360 --a------ C:\WINDOWS\system32\drivers\mdelk.exe.vir
2008-05-31 01:37 . 2006-01-23 04:01 655,360 --a------ C:\WINDOWS\system32\drivers\hldrrr.exe.vir
2008-05-31 01:36 . 2008-05-31 00:59 96,936 --a------ C:\WINDOWS\system32\drivers\srosa.sys.vir
2008-05-31 01:35 . 2008-05-31 01:35 <DIR> d-------- C:\Program Files\Trojan Remover
2008-05-31 01:35 . 2008-05-31 01:35 <DIR> d-------- C:\Documents and Settings\Leroy Everett\Application Data\Simply Super Software
2008-05-31 01:35 . 2008-05-31 01:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-05-31 01:35 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-05-31 01:35 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-05-31 01:35 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-05-31 01:35 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-05-31 01:35 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-05-31 01:19 . 2008-05-31 01:19 75 --a------ C:\WINDOWS\st_affiliate.ini
2008-05-30 01:20 . 2008-05-31 22:23 <DIR> d-------- C:\Documents and Settings\Administrator\.housecall6.6
2008-05-30 00:06 . 2008-05-30 00:06 <DIR> d-------- C:\WINDOWS\system32\vmm32
2008-05-29 23:38 . C:\WINDOWS\(2) C:\Combo-Fix\winstart.bat
2008-05-29 22:14 . 2008-05-29 22:14 <DIR> d-------- C:\Documents and Settings\Leroy Everett\Application Data\Uniblue
2008-05-29 22:04 . 2008-05-29 22:04 <DIR> d-------- C:\Program Files\MGTOOLS
2008-05-29 21:43 . 2008-05-29 21:43 <DIR> d-------- C:\Documents and Settings\Leroy Everett\Application Data\PC Tools
2008-05-29 21:13 . 2008-05-29 21:43 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-05-29 21:13 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-05-29 21:13 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-05-29 21:13 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-05-29 21:13 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-05-29 19:26 . 2008-05-30 00:47 134 --a------ C:\WINDOWS\rootkitno.ini
2008-05-29 18:05 . 2008-05-29 21:51 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-05-29 18:05 . 2007-03-01 19:54 21,056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-05-29 17:31 . 2008-05-30 00:57 <DIR> d-------- C:\RootkitNO
2008-05-29 03:21 . 2008-05-29 23:29 11,161 --a------ C:\WINDOWS\system32\Partizan.RRI
2008-05-29 03:06 . 2008-05-31 02:38 <DIR> d-------- C:\Program Files\UnHackMe
2008-05-29 02:30 . 2008-05-29 02:30 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\iolo
2008-05-29 02:05 . 2008-05-29 02:05 406 --a------ C:\WINDOWS\system32\ioloBootDefrag.cfg
2008-05-29 01:57 . 2006-03-28 08:54 696,320 --a------ C:\WINDOWS\system32\libeay32.dll
2008-05-29 01:57 . 2008-05-06 16:49 428,904 --a------ C:\WINDOWS\system32\Incinerator.dll
2008-05-29 01:57 . 2006-03-28 08:55 155,648 --a------ C:\WINDOWS\system32\ssleay32.dll
2008-05-29 01:57 . 2008-03-24 08:53 34,304 --a------ C:\WINDOWS\system32\iolobtdfg.exe
2008-05-29 01:57 . 2008-03-24 08:53 22,528 --a------ C:\WINDOWS\system32\smrgdf.exe
2008-05-29 01:56 . 2008-05-29 01:56 <DIR> d-------- C:\Program Files\iolo
2008-05-29 01:31 . 2008-05-29 02:36 <DIR> d-------- C:\Documents and Settings\Leroy Everett\Application Data\iolo
2008-05-29 01:31 . 2008-05-29 02:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iolo
2008-05-29 00:22 . 2008-05-31 22:48 34 --a------ C:\WINDOWS\system32\msghdf19.ocx
2008-05-29 00:20 . 2008-06-01 16:00 <DIR> d-------- C:\Program Files\Spy Cleaner Platinum
2008-05-29 00:20 . 2004-02-01 22:54 569,368 --a------ C:\WINDOWS\system32\olelib.tlb
2008-05-29 00:20 . 1998-04-24 00:00 368,912 --a------ C:\WINDOWS\system32\vbar332.dll
2008-05-29 00:20 . 2003-01-26 15:48 147,456 --a------ C:\WINDOWS\system32\Vbzip11.dll
2008-05-29 00:20 . 1998-12-02 09:11 143,360 --a------ C:\WINDOWS\system32\vbuzip10.dll
2008-05-29 00:20 . 1998-06-18 00:00 32,768 --a------ C:\WINDOWS\system32\Regtool5.dll
2008-05-29 00:20 . 1999-04-17 23:36 10,752 --a------ C:\WINDOWS\system32\aamd532.dll
2008-05-28 23:11 . 2008-05-28 23:11 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-28 23:11 . 2008-05-28 23:11 <DIR> d-------- C:\Program Files\CCleaner
2008-05-28 18:53 . 2008-05-28 18:53 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-28 18:53 . 2008-05-28 18:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-28 17:49 . 2008-06-01 15:55 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-05-28 01:19 . 2008-05-28 01:19 <DIR> d-------- C:\WINDOWS\McAfee.com
2008-05-28 00:28 . 2008-05-28 07:09 <DIR> d-------- C:\Documents and Settings\Leroy Everett\Application Data\McAfee
2008-05-27 21:30 . 2008-05-27 21:45 <DIR> d-------- C:\Program Files\Moyea
2008-05-27 21:30 . 2008-05-27 21:33 <DIR> d-------- C:\Documents and Settings\Leroy Everett\Application Data\Moyea
2008-05-25 22:40 . 2008-05-25 22:41 <DIR> d-------- C:\Program Files\MegauploadToolbar
2008-05-25 22:40 . 2008-06-01 15:48 <DIR> d-------- C:\Documents and Settings\Leroy Everett\Application Data\MegauploadToolbar
2008-05-24 13:27 . 2008-05-24 13:27 <DIR> d-------- C:\Program Files\New Tier
2008-05-24 13:27 . 2008-05-24 13:27 <DIR> d-------- C:\Documents and Settings\Leroy Everett\Application Data\New Tier
2008-05-22 10:25 . 2008-05-22 10:25 <DIR> d-------- C:\PSP
2008-05-09 01:20 . 2008-05-09 01:20 <DIR> d-------- C:\Documents and Settings\Leroy Everett\Application Data\cmw
2008-05-09 01:19 . 2008-05-09 01:19 <DIR> d-------- C:\Program Files\winpwn

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-31 05:46 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-30 00:54 0 ----a-w C:\Program Files\readupdate.dnp
2008-05-29 05:42 --------- d-----w C:\Program Files\Folder Lock
2008-05-29 05:40 --------- d-----w C:\Program Files\TextAloud
2008-05-29 05:39 256 ----a-w C:\sccfg.sys
2008-05-29 03:43 --------- d-----w C:\Program Files\eMule
2008-05-28 19:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-05-28 11:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-05-25 00:02 --------- d-----w C:\Program Files\Audacity
2008-05-22 14:28 --------- d-----w C:\Program Files\PSP Brew
2008-05-14 07:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-08 22:48 --------- d-----w C:\Program Files\Common Files\Research In Motion
2008-04-28 22:29 --------- d-----w C:\Documents and Settings\Leroy Everett\Application Data\Move Networks
2008-04-26 01:18 --------- d-----w C:\Program Files\LimeWire
2008-04-23 21:37 --------- d-----w C:\Program Files\McAfee
2008-04-16 18:57 --------- d-----w C:\Program Files\Java
2008-04-14 18:59 --------- d-----w C:\Documents and Settings\Leroy Everett\Application Data\LimeWire
2008-04-08 04:38 --------- d-----w C:\Program Files\Zoom Player
2007-02-18 23:40 24,192 ----a-w C:\Documents and Settings\Leroy Everett\usbsermptxp.sys
2007-02-18 23:40 22,768 ----a-w C:\Documents and Settings\Leroy Everett\usbsermpt.sys
2007-02-18 23:02 92,064 ----a-w C:\Documents and Settings\Leroy Everett\mqdmmdm.sys
2007-02-18 23:02 9,232 ----a-w C:\Documents and Settings\Leroy Everett\mqdmmdfl.sys
2007-02-18 23:02 79,328 ----a-w C:\Documents and Settings\Leroy Everett\mqdmserd.sys
2007-02-18 23:02 66,656 ----a-w C:\Documents and Settings\Leroy Everett\mqdmbus.sys
2007-02-18 23:02 6,208 ----a-w C:\Documents and Settings\Leroy Everett\mqdmcmnt.sys
2007-02-18 23:02 5,936 ----a-w C:\Documents and Settings\Leroy Everett\mqdmwhnt.sys
2007-02-18 23:02 4,048 ----a-w C:\Documents and Settings\Leroy Everett\mqdmcr.sys
2006-04-14 13:21 1,142,784 ----a-w C:\Program Files\XPRepairPro.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}"= C:\Documents and Settings\Leroy Everett\Local Settings\Application Data\CyberDefender\cdmyidd.dll [ ]

[HKEY_CLASSES_ROOT\clsid\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6}]
[HKEY_CLASSES_ROOT\Cdmyidd.SecurityToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{CD24EB02-9831-4838-99D0-726D411B1328}]
[HKEY_CLASSES_ROOT\Cdmyidd.SecurityToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 07:00 15360]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-03 18:29 165784]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2006-01-23 04:01 655360]
"Aim6"="" []
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 05:40 218032]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 17:16 454784]
"SMSystemAnalyzer"="C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe" [2008-05-06 16:48 764776]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 13:39 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 17:56 64512]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-10 07:00 33280 C:\WINDOWS\system32\rundll32.exe]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 22:20 339968 C:\WINDOWS\stsystra.exe]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-02-15 20:10 57344]
"P17Helper"="P17.dll" [2006-03-17 16:11 81408 C:\WINDOWS\system32\P17.DLL]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-11-07 09:20 122940]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-09-11 05:40 218032]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 05:40 86960]
"tgcmd"="C:\Program Files\Support.com\bin\tgcmd.exe" [2007-03-07 10:58 1773568]
"nwiz"="nwiz.exe" [2007-06-29 00:43 1626112 C:\WINDOWS\system32\nwiz.exe]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"00saskda"="C:\Program Files\1st Security Agent\newadmin.exe" [2007-07-04 12:36 1772544]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-13 00:22 185632]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 04:22 267048]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-04-23 12:43 228088]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 11:22 20480]
"McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [2007-01-16 13:59 4838952]
"Spy Watcher"="C:\PROGRA~1\SPYCLE~1\SpyWatcher.exe" [2006-11-20 13:34 565248]
"SMSystemAnalyzer"="C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe" [2008-05-06 16:48 764776]
"CyberDefender Early Detection Center"="C:\Program Files\CyberDefender\AntiSpyware\ISSIntro.exe" [ ]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2008-06-01 15:52 877136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 09:01 437160]

C:\Documents and Settings\Leroy Everett\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]
Total Cleaner.lnk - C:\Program Files\Total Cleaner\cleaner.exe [2002-12-13 20:21:09 334336]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Extender Resource Monitor.lnk - C:\WINDOWS\ehome\RMSysTry.exe [2005-10-20 19:55:40 18432]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-01-05 18:26:18 125624]
SnagIt 8.lnk - C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe [2006-03-14 08:01:00 5517312]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
"HideShutdownScripts"= 0 (0x0)
"EnableLUA"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableLockWorkstation"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)
"HideLogonScripts"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispCPL"= 0 (0x0)
"NoDispAppearancePage"= 0 (0x0)
"NoDispScrSavPage"= 0 (0x0)
"NoDispSettingsPage"= 0 (0x0)
"NoVisualStyleChoice"= 0 (0x0)
"NoColorChoice"= 0 (0x0)
"NoSizeChoice"= 0 (0x0)
"DisableLockWorkstation"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)
"HideLogonScripts"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeKeyboardNavigationIndicators"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)
"NoAddPrinter"= 0 (0x0)
"NoDeletePrinter"= 0 (0x0)
"RestrictCpl"= 0 (0x0)
"DisallowCpl"= 0 (0x0)
"NoViewOnDrive"= 0 (0x0)
"RestrictRun"= 0 (0x0)
"NoRecycleFiles"= 0 (0x0)
"ForceRecycleBinSize"= 0 (0x0)
"NoCustomizeWebView"= 0 (0x0)
"NoWinKeys"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoInstrumentation"= 0 (0x0)
"NoCustomizeThisFolder"= 0 (0x0)
"NoWebView"= 0 (0x0)
"DontShowSuperHidden"= 0 (0x0)
"NoOnlinePrintsWizard"= 0 (0x0)
"NoPublishingWizard"= 0 (0x0)
"NoSMConfigurePrograms"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoFavoritesMenu"= 0 (0x0)
"NoHelp"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoStartMenuMFUprogramsList"= 0 (0x0)
"NoStartMenuPinnedList"= 0 (0x0)
"NoUserNameInStartMenu"= 0 (0x0)
"NoStartMenuEjectPC"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"ForceStartMenuLogoff"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoDisconnect"= 0 (0x0)
"NoNtSecurity"= 0 (0x0)
"GreyMSIAds"= 0 (0x0)
"ForceMaxRecentDocs"= 0 (0x0)
"NoSMBalloonTip"= 0 (0x0)
"NoSMBalloonTips"= 0 (0x0)
"LockTaskbar"= 0 (0x0)
"NoTaskGrouping"= 0 (0x0)
"NoWebServices"= 0 (0x0)
"NoFileUrl"= 0 (0x0)
"NoBandCustomize"= 0 (0x0)
"NoExpandedNewMenu"= 0 (0x0)
"SpecifyDefaultButtons"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"EnforceShellExtensionSecurity"= 0 (0x0)
"NoLogOff"= 0 (0x0)
"NoRunasInstallPrompt"= 0 (0x0)
"PromptRunasInstallNetPath"= 1 (0x1)
"NoResolveTrack"= 0 (0x0)
"NoResolveSearch"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoThumbnailCache"= 0 (0x0)
"ForceCopyAclwithFile"= 0 (0x0)
"StartRunNoHOMEPATH"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoThemesTab"= 0 (0x0)
"NoChangeKeyboardNavigationIndicators"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)
"NoAddPrinter"= 0 (0x0)
"NoDeletePrinter"= 0 (0x0)
"RestrictCpl"= 0 (0x0)
"DisallowCpl"= 0 (0x0)
"NoViewOnDrive"= 0 (0x0)
"RestrictRun"= 0 (0x0)
"DisallowRun"= 0 (0x0)
"NoRecycleFiles"= 0 (0x0)
"ForceRecycleBinSize"= 0 (0x0)
"NoCustomizeWebView"= 0 (0x0)
"NoViewContextMenu"= 0 (0x0)
"NoWinKeys"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoInstrumentation"= 0 (0x0)
"NoCustomizeThisFolder"= 0 (0x0)
"NoWebView"= 0 (0x0)
"DontShowSuperHidden"= 0 (0x0)
"NoOnlinePrintsWizard"= 0 (0x0)
"NoPublishingWizard"= 0 (0x0)
"NoRun"= 0 (0x0)
"NoSMConfigurePrograms"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoFavoritesMenu"= 0 (0x0)
"NoHelp"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoFind"= 0 (0x0)
"NoStartMenuMFUprogramsList"= 0 (0x0)
"NoStartMenuPinnedList"= 0 (0x0)
"NoUserNameInStartMenu"= 0 (0x0)
"NoStartMenuMorePrograms"= 0 (0x0)
"NoStartMenuEjectPC"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"ForceStartMenuLogoff"= 0 (0x0)
"StartMenuLogoff"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoDisconnect"= 0 (0x0)
"NoNtSecurity"= 0 (0x0)
"NoSetFolders"= 0 (0x0)
"GreyMSIAds"= 0 (0x0)
"ForceMaxRecentDocs"= 0 (0x0)
"NoSMBalloonTip"= 0 (0x0)
"NoSMBalloonTips"= 0 (0x0)
"NoTrayContextMenu"= 0 (0x0)
"LockTaskbar"= 0 (0x0)
"HideClock"= 0 (0x0)
"NoTaskGrouping"= 0 (0x0)
"NoActiveDesktopChanges"= 0 (0x0)
"NoWebServices"= 0 (0x0)
"NoFileUrl"= 0 (0x0)
"NoBandCustomize"= 0 (0x0)
"NoToolbarCustomize"= 0 (0x0)
"NoExpandedNewMenu"= 0 (0x0)
"SpecifyDefaultButtons"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"EnforceShellExtensionSecurity"= 0 (0x0)
"NoClose"= 0 (0x0)
"NoLogOff"= 0 (0x0)
"NoRunasInstallPrompt"= 0 (0x0)
"PromptRunasInstallNetPath"= 1 (0x1)
"NoResolveTrack"= 0 (0x0)
"NoResolveSearch"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoThumbnailCache"= 0 (0x0)
"ForceCopyAclwithFile"= 0 (0x0)
"StartRunNoHOMEPATH"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL

Will do a new highjack log in the next post

The latest.... for some reason can't create a DSS log...will not run highjack never would.

Edited by roy4423, 01 June 2008 - 03:27 PM.

[loophole]

Please re-run combofix again, the one you renamed. I need to see if the infection respawned

[roy4423]

Here's the Log:

ComboFix 08-06-01.3 - Leroy Everett 2008-06-01 17:46:03.2 - NTFSx86

Running from: C:\Documents and Settings\Leroy Everett\Desktop\Combo-Fix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
The following files were disabled during the run:
C:\Program Files\iolo\common\lib\ioloHL.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\ban_list.txt
C:\WINDOWS\system32\drivers\downld
C:\WINDOWS\system32\drivers\downld\160296.exe
C:\WINDOWS\system32\drivers\downld\163500.exe
C:\WINDOWS\system32\drivers\downld\168093.exe
C:\WINDOWS\system32\drivers\downld\179531.exe
C:\WINDOWS\system32\drivers\downld\181875.exe
C:\WINDOWS\system32\drivers\downld\239812.exe
C:\WINDOWS\system32\drivers\downld\301500.exe
C:\WINDOWS\system32\drivers\downld\314531.exe
C:\WINDOWS\system32\drivers\downld\320968.exe
C:\WINDOWS\system32\drivers\downld\789265.exe
C:\WINDOWS\system32\drivers\downld\945500.exe
C:\WINDOWS\system32\drivers\downld\953062.exe
C:\WINDOWS\system32\drivers\downld\956562.exe
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\mdelk.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\mdelk.exe
C:\WINDOWS\system32\wintems.exe
.
---- Previous Run -------
.
C:\Documents and Settings\Leroy Everett\Application Data\m
C:\Documents and Settings\Leroy Everett\Application Data\m\data.oct
C:\Documents and Settings\Leroy Everett\Application Data\m\list.oct
C:\Documents and Settings\Leroy Everett\Application Data\m\shared
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\#1 Flash Slideshow 2.5 [Key+Serial].zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\01.kaspersky.6.keygen.36.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\100% Free Euchre Card Game for Windows 6.54.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\4t Tray Minimizer 4.22.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Accurate Popup Killer 5.71 (Cracked).zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\ActiveQuality Iso 9000 Software 2.2.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Add 'em Up 1.0.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Additional Folders View 0.2.1.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Advanced Task Scheduler 1.5 build 0439.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Age of Rifles 1.01 patch.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\AlarmWave 1.0.1.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Alchemist Wizard 1.02.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Alert Center 1.0.4.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Altdo Apple TV Video Converter 1.1.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Amor Photo Downloader 1.6.9 (Patch).zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\ANTIVIRUS.NORTON.2003.-.Actualizaciones.HASTA.EL.2041.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Archimedes Grapher Slide Show 2.0.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\ASPImage 1.0.3.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Asset Monitor 1.10 [KeyGen].zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Asteroid ES 0.8.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Avast.Pro.v4.7.869.Incl.Keymaker-CORE.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\AW English-French Dictionary 1.7.czip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Backup Pro 3.0 [Cracked].zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Be My Valentine.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\BeeThink MP3 WMA OGG WAV Converter 3.0.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\BlueTools 1.00 beta.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\BulletProof FTP Client 2.57.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\BurnSoft Active Email Checker 3.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Calculus Problem Solver 1.0 [Key+Serial].zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\CC Get MAC Address 2.1.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Check&Get 3.2.1 build 465 [Patch].zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\ClickAssign 1.04.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Codabar Utility 2.3.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Command & Conquer Generals Zero Hour The Rise to Power mod.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Complete Messenger 1.02.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Conversation Meta Language 0.7.3.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Cowboyway Screen Saver 1.0.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Crystal CD To MP3 Ripper 2.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\DB CD Burner & Ripper 1.1.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Defragmenter Pro Plus 5.0.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Desktop Spy Agent 2.10.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Digijoe CD Labeler 1.6.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Digital Hamster 1.0 [With Crack].zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Digitally Imported Radio 1.0.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\DownloadIt Toolbar 1.0.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\DTM Data Scrubber 1.00.12 Key.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Duplicate Email Remover 2.14.2.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Easy Peasy Passwords 2.3.1.17.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\EngiLab Beam.2D ML 1.1.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\EnKoder 1.0.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Far Cry MP Dras map.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Fast Track Business Plan 1.10.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\FastSMS III Corporate 3.5.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\FlashyEffects 1.2.1.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Free Underwater Screensaver 1.0.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Grammar Fitness 4.0 Cracked.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\GWAcc Limited Application Launcher 1.1.0.40.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Halo Combat Evolved Hog World Pre-Release map.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Handy Dates for Sony Ericsson 2.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Home Budget 4.02.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Home Health Care Management 02.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\IM Collector Music Edition 1.45 (Key).zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\InstantTimeZone 3.0.2.13.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Internet Explorer Password 1.3 With Crack.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\IP Reporter (OS X) 2.0.1.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\IPBook 0.43.1508.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\IpMessage caster 1.02 KeyGen.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Kaspersky.Internet.Security.v6.0.0.300.WinAll-Deutsch.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\KAV.KIS.Kaspersky.Antivirus.and.Internet.Security.6.0.15.222a.+.keys.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\KidLogger 1.4.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\kjClipper 1.4.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Laser Dolphin 1.2.7.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\LingvoSoft FlashCards English German 1.5.07.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\LingvoSoft Suite 2007 German - French 2.0.23 [Cracked].zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\LingvoSoft Talking Dictionary 2007 English - Indonesian 4.0.22.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\MacDrive 7.0.9.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Maguma Workbench 2.5.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Maritime Quizz 1.0 Serial.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\MB3-230 Practice Exam Testing Engine Software 1.0.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\MetWeather 1.1 (Serial).zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Mimic Virtual Lab CCNA 2.1.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Monidir 2000 1.0 (KeyGen).zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\MOSED 1.0.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\MotorRacing Screensaver 1.0.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\MyGeneration 1.2.0.6.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Nalsoft Subtitle Player 1.0.200 (KeyGen).zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Navy Seals - Sea Air Land 1.0.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Network Device Explorer 1.1.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\No Hassle File Transfer 1.0.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Onlogic ImageOn 1.9.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Orandy OneClick 1.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Orneta Paint 1.0.0.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Pamela for Skype Standard Version 1.36 (Cracked).zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\PivotView 1.1 [Key+Serial].zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\PixelToy 2.6.1.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Planets of the Solar System Screensaver 1.0 [With Crack].zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\PLR Dashboard 1.0.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Pocket eAlbum 2.0.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Polar Knowledge Base 3.0.2.0.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Power Defragmenter 2.0.125.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\PowerFolder 1.0.2.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Prime Poster 2.0.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Private Post for Outlook Express 3.2.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\quick.heal.x-gen.v7.01.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Rainy Screen Saver 2.2.14.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\RealCart 2.0.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Red Faction - William Hart map.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Return to Castle Wolfenstein Enemy Territory ET Pro v3.0 Mod.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\ReviewWriter 2007 1.0.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\RoboOrganizer 1.1.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\RockIt 2000 Pro DJ 3.2 Serial.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\RuneSword II map.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\ScanWeb 1.2.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Search Engine Explorer 3.0 Patch.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\SearchAndWrite 0.5.8.0.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Sexy Kelly Brook Screen Saver 1.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Site Status Checker 2.1.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\SmartBook Pro 1.01.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\SmartRead 0.65 build 0531.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\SMS2u Agent 1.0.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\SoftAmbulance Photo Undelete 1.94 [With Crack].zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Speed Startup 1.03.03 Key.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\SplashPhoto for Pocket PC 4.42.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Star Trek Voyager - Elite Force Castle of Death map.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Stealther 0.99.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Style Workshop 1.02 [Patch].zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\SuperPower 1.2 to 1.2.2 patch.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Sureshot PopUp Killer 3.1.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Symantec_Removal_Tools.25-in1.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Tamale Loco Rumble in the Desert 2 1.0.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\TExtraFilters 1.0 Serial.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Time Shadow Professional Edition 1.75 (Key).zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Timesheets Lite 2.2.22 Crack.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\TourGroup Manager 3.00.10.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Unbrowse SNMP 1.5.1.1203.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\V-Scan 2.0.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Vidamic Netlog 3.0.10 (Key).zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Visual Patch 2.0.4.0.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\VueScan 8.3.54.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Wild and Green Costa Rica 1.0.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Wildfire Server 2.5.1.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\Win32Pad 1.5.8.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\WinAutomation 1.0.1.320 [With Crack].zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\World Cup Toolbar 4.5.1.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\WSH.GUI host (JScript and VBScript) 8.2 (Cracked).zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\WuYuYo 1.0 [Cracked].zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\XML File Tagger 1.1.0.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\ZCureIT 1.2.4.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\shared\ZipArchive Library 2.4.11.zip
C:\Documents and Settings\Leroy Everett\Application Data\m\srvlist.oct
C:\Documents and Settings\Leroy Everett\Favorites\Online Security Test.url
C:\WINDOWS\system32\ban_list.txt
C:\WINDOWS\system32\drivers\downld
C:\WINDOWS\system32\drivers\downld\1006062.exe
C:\WINDOWS\system32\drivers\downld\1055390.exe
C:\WINDOWS\system32\drivers\downld\1066968.exe
C:\WINDOWS\system32\drivers\downld\1067843.exe
C:\WINDOWS\system32\drivers\downld\1073531.exe
C:\WINDOWS\system32\drivers\downld\1148781.exe
C:\WINDOWS\system32\drivers\downld\1193359.exe
C:\WINDOWS\system32\drivers\downld\1216140.exe
C:\WINDOWS\system32\drivers\downld\1254875.exe
C:\WINDOWS\system32\drivers\downld\1263968.exe
C:\WINDOWS\system32\drivers\downld\1268703.exe
C:\WINDOWS\system32\drivers\downld\15646468.exe
C:\WINDOWS\system32\drivers\downld\15707875.exe
C:\WINDOWS\system32\drivers\downld\15726265.exe
C:\WINDOWS\system32\drivers\downld\16501437.exe
C:\WINDOWS\system32\drivers\downld\16509484.exe
C:\WINDOWS\system32\drivers\downld\16512140.exe
C:\WINDOWS\system32\drivers\downld\181828.exe
C:\WINDOWS\system32\drivers\downld\192593.exe
C:\WINDOWS\system32\drivers\downld\192984.exe
C:\WINDOWS\system32\drivers\downld\202343.exe
C:\WINDOWS\system32\drivers\downld\202796.exe
C:\WINDOWS\system32\drivers\downld\204609.exe
C:\WINDOWS\system32\drivers\downld\209093.exe
C:\WINDOWS\system32\drivers\downld\214781.exe
C:\WINDOWS\system32\drivers\downld\226781.exe
C:\WINDOWS\system32\drivers\downld\231687.exe
C:\WINDOWS\system32\drivers\downld\240640.exe
C:\WINDOWS\system32\drivers\downld\245562.exe
C:\WINDOWS\system32\drivers\downld\248968.exe
C:\WINDOWS\system32\drivers\downld\256890.exe
C:\WINDOWS\system32\drivers\downld\261140.exe
C:\WINDOWS\system32\drivers\downld\266828.exe
C:\WINDOWS\system32\drivers\downld\267125.exe
C:\WINDOWS\system32\drivers\downld\275093.exe
C:\WINDOWS\system32\drivers\downld\278515.exe
C:\WINDOWS\system32\drivers\downld\289250.exe.vir
C:\WINDOWS\system32\drivers\downld\292093.exe
C:\WINDOWS\system32\drivers\downld\293500.exe
C:\WINDOWS\system32\drivers\downld\301953.exe
C:\WINDOWS\system32\drivers\downld\306671.exe
C:\WINDOWS\system32\drivers\downld\400296.exe
C:\WINDOWS\system32\drivers\downld\438375.exe
C:\WINDOWS\system32\drivers\downld\446046.exe
C:\WINDOWS\system32\drivers\downld\449828.exe
C:\WINDOWS\system32\drivers\downld\450828.exe
C:\WINDOWS\system32\drivers\downld\458796.exe
C:\WINDOWS\system32\drivers\downld\459406.exe
C:\WINDOWS\system32\drivers\downld\462062.exe
C:\WINDOWS\system32\drivers\downld\462546.exe
C:\WINDOWS\system32\drivers\downld\465218.exe
C:\WINDOWS\system32\drivers\downld\466671.exe
C:\WINDOWS\system32\drivers\downld\471984.exe
C:\WINDOWS\system32\drivers\downld\473015.exe
C:\WINDOWS\system32\drivers\downld\476187.exe
C:\WINDOWS\system32\drivers\downld\478593.exe
C:\WINDOWS\system32\drivers\downld\481625.exe
C:\WINDOWS\system32\drivers\downld\587640.exe
C:\WINDOWS\system32\drivers\downld\594828.exe
C:\WINDOWS\system32\drivers\downld\600625.exe
C:\WINDOWS\system32\drivers\downld\759828.exe
C:\WINDOWS\system32\drivers\downld\763421.exe
C:\WINDOWS\system32\drivers\downld\771468.exe
C:\WINDOWS\system32\drivers\downld\771921.exe
C:\WINDOWS\system32\drivers\downld\7979218.exe
C:\WINDOWS\system32\drivers\downld\799046.exe
C:\WINDOWS\system32\drivers\downld\811781.exe
C:\WINDOWS\system32\drivers\downld\8157984.exe
C:\WINDOWS\system32\drivers\downld\8166093.exe
C:\WINDOWS\system32\drivers\downld\8171640.exe
C:\WINDOWS\system32\drivers\downld\819359.exe
C:\WINDOWS\system32\drivers\downld\822890.exe
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\mdelk.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\mdelk.exe
C:\WINDOWS\system32\rnplf19.dll
C:\WINDOWS\system32\wintems.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SROSA
-------\Legacy_SROSA


((((((((((((((((((((((((( Files Created from 2008-05-01 to 2008-06-01 )))))))))))))))))))))))))))))))
.

2008-06-01 17:58 . 2006-01-23 04:01 655,360 --a------ C:\Documents and Settings\Leroy Everett\stsystra.exe
2008-06-01 16:30 . 2008-06-01 17:56 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-01 16:30 . 2008-06-01 16:30 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-01 03:18 . 1997-01-20 15:12 71,680 --a------ C:\WINDOWS\ST5UNST.EXE
2008-06-01 03:18 . 2000-01-29 00:39 40,960 --a------ C:\WINDOWS\system32\VB5StKit.dll
2008-06-01 03:18 . 2008-06-01 03:19 806 --a------ C:\WINDOWS\ST5UNST.000
2008-06-01 00:57 . 2008-06-01 00:58 <DIR> d-------- C:\Program Files\autoruns
2008-05-31 18:56 . 2008-05-31 18:56 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-05-31 13:48 . 2008-05-31 13:48 <DIR> d-------- C:\Deckard
2008-05-31 02:12 . 2008-05-31 03:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-05-31 01:37 . 2006-01-23 04:01 655,360 --a------ C:\WINDOWS\system32\drivers\mdelk.exe.vir
2008-05-31 01:37 . 2006-01-23 04:01 655,360 --a------ C:\WINDOWS\system32\drivers\hldrrr.exe.vir
2008-05-31 01:36 . 2008-05-31 00:59 96,936 --a------ C:\WINDOWS\system32\drivers\srosa.sys.vir
2008-05-31 01:35 . 2008-05-31 01:35 <DIR> d-------- C:\Program Files\Trojan Remover
2008-05-31 01:35 . 2008-05-31 01:35 <DIR> d-------- C:\Documents and Settings\Leroy Everett\Application Data\Simply Super Software
2008-05-31 01:35 . 2008-05-31 01:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-05-31 01:35 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-05-31 01:35 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-05-31 01:35 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-05-31 01:35 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-05-31 01:35 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-05-31 01:19 . 2008-05-31 01:19 75 --a------ C:\WINDOWS\st_affiliate.ini
2008-05-30 01:20 . 2008-05-31 22:23 <DIR> d-------- C:\Documents and Settings\Administrator\.housecall6.6
2008-05-30 00:06 . 2008-05-30 00:06 <DIR> d-------- C:\WINDOWS\system32\vmm32
2008-05-29 23:38 . C:\WINDOWS\(2) C:\Combo-Fix\winstart.bat
2008-05-29 22:14 . 2008-05-29 22:14 <DIR> d-------- C:\Documents and Settings\Leroy Everett\Application Data\Uniblue
2008-05-29 22:04 . 2008-05-29 22:04 <DIR> d-------- C:\Program Files\MGTOOLS
2008-05-29 21:43 . 2008-05-29 21:43 <DIR> d-------- C:\Documents and Settings\Leroy Everett\Application Data\PC Tools
2008-05-29 21:13 . 2008-05-29 21:43 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-05-29 21:13 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-05-29 21:13 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-05-29 21:13 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-05-29 21:13 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-05-29 19:26 . 2008-05-30 00:47 134 --a------ C:\WINDOWS\rootkitno.ini
2008-05-29 18:05 . 2008-05-29 21:51 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-05-29 18:05 . 2007-03-01 19:54 21,056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-05-29 17:31 . 2008-05-30 00:57 <DIR> d-------- C:\RootkitNO
2008-05-29 03:21 . 2008-05-29 23:29 11,161 --a------ C:\WINDOWS\system32\Partizan.RRI
2008-05-29 03:06 . 2008-05-31 02:38 <DIR> d-------- C:\Program Files\UnHackMe
2008-05-29 02:30 . 2008-05-29 02:30 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\iolo
2008-05-29 02:05 . 2008-05-29 02:05 406 --a------ C:\WINDOWS\system32\ioloBootDefrag.cfg
2008-05-29 01:57 . 2006-03-28 08:54 696,320 --a------ C:\WINDOWS\system32\libeay32.dll
2008-05-29 01:57 . 2008-05-06 16:49 428,904 --a------ C:\WINDOWS\system32\Incinerator.dll
2008-05-29 01:57 . 2006-03-28 08:55 155,648 --a------ C:\WINDOWS\system32\ssleay32.dll
2008-05-29 01:57 . 2008-03-24 08:53 34,304 --a------ C:\WINDOWS\system32\iolobtdfg.exe
2008-05-29 01:57 . 2008-03-24 08:53 22,528 --a------ C:\WINDOWS\system32\smrgdf.exe
2008-05-29 01:56 . 2008-05-29 01:56 <DIR> d-------- C:\Program Files\iolo
2008-05-29 01:31 . 2008-05-29 02:36 <DIR> d-------- C:\Documents and Settings\Leroy Everett\Application Data\iolo
2008-05-29 01:31 . 2008-05-29 02:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iolo
2008-05-29 00:22 . 2008-05-31 22:48 34 --a------ C:\WINDOWS\system32\msghdf19.ocx
2008-05-29 00:20 . 2008-06-01 16:00 <DIR> d-------- C:\Program Files\Spy Cleaner Platinum
2008-05-29 00:20 . 2004-02-01 22:54 569,368 --a------ C:\WINDOWS\system32\olelib.tlb
2008-05-29 00:20 . 1998-04-24 00:00 368,912 --a------ C:\WINDOWS\system32\vbar332.dll
2008-05-29 00:20 . 2003-01-26 15:48 147,456 --a------ C:\WINDOWS\system32\Vbzip11.dll
2008-05-29 00:20 . 1998-12-02 09:11 143,360 --a------ C:\WINDOWS\system32\vbuzip10.dll
2008-05-29 00:20 . 1998-06-18 00:00 32,768 --a------ C:\WINDOWS\system32\Regtool5.dll
2008-05-29 00:20 . 1999-04-17 23:36 10,752 --a------ C:\WINDOWS\system32\aamd532.dll
2008-05-28 23:11 . 2008-05-28 23:11 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-28 23:11 . 2008-05-28 23:11 <DIR> d-------- C:\Program Files\CCleaner
2008-05-28 18:53 . 2008-05-28 18:53 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-28 18:53 . 2008-05-28 18:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-28 17:49 . 2008-06-01 17:51 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-05-28 01:19 . 2008-05-28 01:19 <DIR> d-------- C:\WINDOWS\McAfee.com
2008-05-28 00:28 . 2008-05-28 07:09 <DIR> d-------- C:\Documents and Settings\Leroy Everett\Application Data\McAfee
2008-05-27 21:30 . 2008-05-27 21:45 <DIR> d-------- C:\Program Files\Moyea
2008-05-27 21:30 . 2008-05-27 21:33 <DIR> d-------- C:\Documents and Settings\Leroy Everett\Application Data\Moyea
2008-05-25 22:40 . 2008-05-25 22:41 <DIR> d-------- C:\Program Files\MegauploadToolbar
2008-05-25 22:40 . 2008-06-01 17:24 <DIR> d-------- C:\Documents and Settings\Leroy Everett\Application Data\MegauploadToolbar
2008-05-24 13:27 . 2008-05-24 13:27 <DIR> d-------- C:\Program Files\New Tier
2008-05-24 13:27 . 2008-05-24 13:27 <DIR> d-------- C:\Documents and Settings\Leroy Everett\Application Data\New Tier
2008-05-22 10:25 . 2008-05-22 10:25 <DIR> d-------- C:\PSP
2008-05-09 01:20 . 2008-05-09 01:20 <DIR> d-------- C:\Documents and Settings\Leroy Everett\Application Data\cmw
2008-05-09 01:19 . 2008-05-09 01:19 <DIR> d-------- C:\Program Files\winpwn

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-31 05:46 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-30 00:54 0 ----a-w C:\Program Files\readupdate.dnp
2008-05-29 05:42 --------- d-----w C:\Program Files\Folder Lock
2008-05-29 05:40 --------- d-----w C:\Program Files\TextAloud
2008-05-29 05:39 256 ----a-w C:\sccfg.sys
2008-05-29 03:43 --------- d-----w C:\Program Files\eMule
2008-05-28 19:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-05-28 11:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-05-25 00:02 --------- d-----w C:\Program Files\Audacity
2008-05-22 14:28 --------- d-----w C:\Program Files\PSP Brew
2008-05-14 07:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-08 22:48 --------- d-----w C:\Program Files\Common Files\Research In Motion
2008-04-28 22:29 --------- d-----w C:\Documents and Settings\Leroy Everett\Application Data\Move Networks
2008-04-26 01:18 --------- d-----w C:\Program Files\LimeWire
2008-04-23 21:37 --------- d-----w C:\Program Files\McAfee
2008-04-16 18:57 --------- d-----w C:\Program Files\Java
2008-04-14 18:59 --------- d-----w C:\Documents and Settings\Leroy Everett\Application Data\LimeWire
2008-04-08 04:38 --------- d-----w C:\Program Files\Zoom Player
2007-02-18 23:40 24,192 ----a-w C:\Documents and Settings\Leroy Everett\usbsermptxp.sys
2007-02-18 23:40 22,768 ----a-w C:\Documents and Settings\Leroy Everett\usbsermpt.sys
2007-02-18 23:02 92,064 ----a-w C:\Documents and Settings\Leroy Everett\mqdmmdm.sys
2007-02-18 23:02 9,232 ----a-w C:\Documents and Settings\Leroy Everett\mqdmmdfl.sys
2007-02-18 23:02 79,328 ----a-w C:\Documents and Settings\Leroy Everett\mqdmserd.sys
2007-02-18 23:02 66,656 ----a-w C:\Documents and Settings\Leroy Everett\mqdmbus.sys
2007-02-18 23:02 6,208 ----a-w C:\Documents and Settings\Leroy Everett\mqdmcmnt.sys
2007-02-18 23:02 5,936 ----a-w C:\Documents and Settings\Leroy Everett\mqdmwhnt.sys
2007-02-18 23:02 4,048 ----a-w C:\Documents and Settings\Leroy Everett\mqdmcr.sys
2006-04-14 13:21 1,142,784 ----a-w C:\Program Files\XPRepairPro.exe
.

[roy4423]

Loophole...just wanted to thank you for all the help! I think this virus finally got to me, I decided to just do a clean install and my problem got worse.

Somehow during the reinstall process, my computer prompt me to find a location for some driver... I had no control of my mouse or keyboard, so the reinstall process just stalled at that point. I decided to pull the plug and interrupt the reinstall and now I'm stuck at this point.

I can still boot from the xp disc, but can't seem to complete the job. maybe you can point me in the right direction for solving this problem

Thanks

[loophole]

I understand, sometimes you just get sick of dealing with them. Reformatting is probably the safest thing to do with this bagle virus anyway. Let me see if I can snag someone to get you through this