Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Firewall Security Popup- Level Critical- Wants To Download Program To Fix


  • Please log in to reply
14 replies to this topic

#1 lollerclops

lollerclops

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:45 AM

Posted 05 October 2008 - 09:01 PM

Windows Firewall has detected activity of spyware/stuffs

Name: Trojan-Spy.Win32.keylogger.aa <--- This is fake, because it pops up with many other names too (tinyclick stuff, etc)
Risk Level: Critical
Description: This Troan has a keyboard logging function, which is intended to ...

Tried a full PC-Cillin check, nothing. Did Spyware Doctor (Free version) and deleted every file it found suspicios (and the HKEYS)
Tried ATF-Cleaner.exe with SUPERAntiSpyware- it removed some- uninstalled both after, virus still there


A popup immediately after I was looking for the final episodes to one of my shows is how it started


Heres a hijackthis log (I think I did it right)


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Documents and Settings\All Users\Application Data\johibqvu\bkrylupa.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\PcCtlCom.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\tmproxy.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\PcScnSrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\jwvsvcxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.5470\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on
O4 - HKLM\..\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe 1
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AppApi] C:\WINDOWS\system32\jwvsvcxy.exe
O4 - HKLM\..\Policies\Explorer\Run: [boOw0bpi3u] C:\Documents and Settings\All Users\Application Data\johibqvu\bkrylupa.exe
O4 - Startup: .security
O4 - Global Startup: .security
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Program Neighborhood Agent.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Get It With Kontiki - res://C:\Program Files\Kontiki\bin\bh309190.dll/201
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {460324E8-CFB4-4357-85EF-CE3EBFE23A62} (Crystal ActiveX Report Viewer Control 11.0) - https://www.hammerheadmole.com/intranet/cry...tiveXViewer.cab
O16 - DPF: {4855C21B-E452-4661-A702-ED3493CE74DF} - http://sp.ask.com/docs/toolbar/download/askbar-inst.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187927373234
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187927345093
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O20 - Winlogon Notify: __c003DA10 - C:\WINDOWS\
O21 - SSODL: CfgComStr - {5B5138A4-F5C9-EA13-C2E0-02C993932DFF} - C:\Program Files\ioazzzc\CfgComStr.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\PcScnSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\tmproxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11372 bytes


Please help, and thanks

BC AdBot (Login to Remove)

 


#2 lollerclops

lollerclops
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:45 AM

Posted 07 October 2008 - 06:49 PM

Anybody have any help? Still infected.

Now theres a red X in the process bar thing (bottom right) and it also detects spyware- it wasn't detecting more (did I get infected with more? Running full trend micro scan now)

Trojan-Spy.Win32.Greenscreen
PAK_Generic.006
Trojan-Clicker.Win32.TinyClick.H
Trojan-Logger.Win32.KeyLogger.BQ

I'm fairly certain on the last two that have popped up (name wise)


Help- more viruses poppingn up daily

[url=http://www.a013.com/a/track/default.html?st=13&rn=0.

Something with www.a013.com/a/track always pops up when I enter websites

I think these three files are suspicious (I've tried deleting multiple times):

jwvsvcxy.exe
bkrylupa.exe
brastk.exe

Edit again:

Went into regedit, tried deleting anything associated with those three.

Red X at bottom right dissapeared- will check tommorow if it's back up

SpyNoMore will not open:
"Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."

Said the same thing about command prompt a couple days ago, was able to find a fix to that (and tasklist)

Hope for help soon.

Edited by lollerclops, 07 October 2008 - 07:57 PM.


#3 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:45 PM

Posted 12 October 2008 - 06:45 AM

Hi lollerclops

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Post:

- mbam log
- rsit logs (taken after mbam run)
Microsoft MVP Consumer Security
Posted Image

Posted Image

#4 lollerclops

lollerclops
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:45 AM

Posted 13 October 2008 - 08:22 PM

Fixed computadora before you responded:

-Ran some spyware thing (I think spydoctor) that told me every HKEY and file infected, went in and manually deleted them
-Ran PCCillin another time (full scan) deleted what it found
-Ran entire Ad-Aware thing, deleted what it found
-Downloaded Malware Bytes, ran quick scan to delete and major virus
Ran entire scan to delete everything else
ran another quick scan to delete stuff
-Went back into the system registry, searched for BKRYLUPA.exe, BRASTK.exe and JWVSVCXY.exe and deleted everything that came up for it (Some keys named 0 0 0, 0 0 1, and 0 0 2)

COMPUTER FIXED.

If you still want any of the logs ask, but I found out a bit- sorry and thanks for hte offer of help (I didn't want this thing progressing, so I took a couple risks in the registry)

Only thing that scared me was malware bytes thought my system32 FOLDER was a virus and was going to delete it on startup, so I changed the command so it only deleted the other file it was going to on startup (system32 still intact)

gg

#5 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:45 PM

Posted 14 October 2008 - 12:25 AM

Nice to hear that but I would like to see those logs I asked if possible, please :thumbsup:
Microsoft MVP Consumer Security
Posted Image

Posted Image

#6 lollerclops

lollerclops
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:45 AM

Posted 14 October 2008 - 07:56 PM

I hope not to hear "You're still infected!"

But here's my first log:

Malwarebytes' Anti-Malware 1.28
Database version: 1248
Windows 5.1.2600 Service Pack 3

10/9/2008 5:53:48 PM
mbam-log-2008-10-09 (17-53-48).txt

Scan type: Quick Scan
Objects scanned: 72157
Time elapsed: 26 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 12
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{5B5138A4-F5C9-EA13-C2E0-02C993932DFF} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c003da10 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\cfgcomstr (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\scrfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("%1" /s) Good: ("%1" /S) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\ioazzzc\CfgComStr.dll (Trojan.FakeAlert.H) -> Delete on reboot.
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
C:\WINDOWS\Help\Connect.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\.security (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\etc\.security (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\.security (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\.security (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Travis Bischel\delself.bat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Travis Bischel\Start Menu\Programs\Startup\.security (Trojan.FakeAlert) -> Quarantined and deleted successfully.



Second:_________________________________________________________


Malwarebytes' Anti-Malware 1.28
Database version: 1248
Windows 5.1.2600 Service Pack 3

10/9/2008 8:46:07 PM
mbam-log-2008-10-09 (20-46-07).txt

Scan type: Full Scan (A:\|C:\|D:\|E:\|F:\|)
Objects scanned: 193926
Time elapsed: 1 hour(s), 48 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{DE635300-124C-4B8B-B93C-003073BF8404}\RP1922\A1484268.exe (Trojan.Downloader) -> Quarantined and deleted successfully.





Here is log.txt from rsit___________________________________________

Logfile of random's system information tool 1.04 (written by random/random)
Run by Travis Bischel at 2008-10-14 19:51:27
Microsoft Windows XP Professional Service Pack 3
System drive C: has 30 GB (26%) free of 114 GB
Total RAM: 2047 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:51:39 PM, on 10/14/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\PcCtlCom.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\tmproxy.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\PcScnSrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\Travis Bischel\Local Settings\Temporary Internet Files\Content.IE5\9GMBISGF\RSIT[1].exe
C:\Program Files\Trend Micro\HijackThis\Travis Bischel.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKLM\..\Policies\Explorer\Run: [boOw0bpi3u] C:\Documents and Settings\All Users\Application Data\johibqvu\bkrylupa.exe
O4 - Global Startup: AutorunsDisabled
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Get It With Kontiki - res://C:\Program Files\Kontiki\bin\bh309190.dll/201
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {460324E8-CFB4-4357-85EF-CE3EBFE23A62} (Crystal ActiveX Report Viewer Control 11.0) - https://www.hammerheadmole.com/intranet/cry...tiveXViewer.cab
O16 - DPF: {4855C21B-E452-4661-A702-ED3493CE74DF} - http://sp.ask.com/docs/toolbar/download/askbar-inst.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187927373234
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187927345093
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\PcScnSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\tmproxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8212 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-08-22 193136]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PtiuPbmd"=C:\WINDOWS\system32\ptipbm.dll [2003-01-15 24576]
"Cmaudio"=RunDll32 cmicnfg.cpl []
"pccguide.exe"=C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe [2007-01-23 3429904]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-09-17 13574144]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-09-17 86016]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"boOw0bpi3u"=C:\Documents and Settings\All Users\Application Data\johibqvu\bkrylupa.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"ATI Launchpad"=C:\Program Files\ATI Multimedia\main\launchpd.exe []
"ATI DeviceDetect"=C:\Program Files\ATI Multimedia\main\ATIDtct.EXE []
"ATI Remote Control"=C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe []
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-06 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-10 116040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
C:\Program Files\BitTorrent\bittorrent.exe --force_start_minimized []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-02-16 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpbdfawep]
C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe [2007-12-23 618496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe [2003-05-01 65536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToolBoxFX]
C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe [2006-06-15 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~3.0\Reader\READER~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2004-11-04 258048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe [2004-11-04 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Program Neighborhood Agent.lnk]
C:\WINDOWS\Installer\{2624B680-02BC-4CBC-839C-DA20DF6EF6EC}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe [2008-08-16 61440]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
AutorunsDisabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Kontiki\bin\kontiki.exe"="C:\Program Files\Kontiki\bin\kontiki.exe:*:Disabled:Kontiki Client"
"C:\Program Files\Ubisoft\Splinter Cell Pandora Tomorrow\pandora.exe"="C:\Program Files\Ubisoft\Splinter Cell Pandora Tomorrow\pandora.exe:*:Enabled:pandora"
"C:\Program Files\Ubisoft\Splinter Cell Pandora Tomorrow\online\System\shadowstrike_static_retail.exe"="C:\Program Files\Ubisoft\Splinter Cell Pandora Tomorrow\online\System\shadowstrike_static_retail.exe:*:Enabled:shadowstrike_static_retail"
"C:\Documents and Settings\Travis Bischel\Desktop\Everything\Games\Starcraft\starcraft.exe"="C:\Documents and Settings\Travis Bischel\Desktop\Everything\Games\Starcraft\starcraft.exe:*:Enabled:Starcraft"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Real\RealOne Player\realplay.exe"="C:\Program Files\Real\RealOne Player\realplay.exe:*:Enabled:RealPlayer"
"C:\Documents and Settings\Travis Bischel\Local Settings\Application Data\Wildtangent\Cdacache\CC9503AF-E3D9-4701-9010-44FE3B4D43AA\sspm.exe"="C:\Documents and Settings\Travis Bischel\Local Settings\Application Data\Wildtangent\Cdacache\CC9503AF-E3D9-4701-9010-44FE3B4D43AA\sspm.exe:*:Disabled:sspm"
"C:\Program Files\Microsoft Games\Age of Empires\EMPIRESX.EXE"="C:\Program Files\Microsoft Games\Age of Empires\EMPIRESX.EXE:*:Enabled:Age of Empires, the Rise of Rome"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Documents and Settings\Casey Bischel\My Documents\download\BitTornado\btdownloadgui.exe"="C:\Documents and Settings\Casey Bischel\My Documents\download\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\Program Files\Ubisoft\Splinter Cell Pandora Tomorrow\online\System\shadowstrike_static_retail.ex"="C:\Program Files\Ubisoft\Splinter Cell Pandora Tomorrow\online\System\shadowstrike_static_retail.ex:*:Disabled:shadowstrike_static_retail"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\WINDOWS\system32\dxdiag.exe"="C:\WINDOWS\system32\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool"
"C:\Program Files\LucasArts\Star Wars JK II Jedi Outcast\GameData\jk2mp.exe"="C:\Program Files\LucasArts\Star Wars JK II Jedi Outcast\GameData\jk2mp.exe:*:Enabled:jk2mp"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\Program Files\THQ\Hot Wheels Bash Arena\BashArena.exe"="C:\Program Files\THQ\Hot Wheels Bash Arena\BashArena.exe:*:Enabled:Hotwheels™: Bash Arena™ executable"
"C:\SIERRA\SIGSPAT.EXE"="C:\SIERRA\SIGSPAT.EXE:*:Enabled:Auto Update"
"C:\Program Files\Activision\THPS2\THawk2.exe"="C:\Program Files\Activision\THPS2\THawk2.exe:*:Disabled:THawk2"
"C:\Program Files\Xfire\Xfire.exe"="C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire"
"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Steam\SteamApps\lollerclops\counter-strike source\hl2.exe"="C:\Program Files\Steam\SteamApps\lollerclops\counter-strike source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\NovaLogic\Joint Operations Typhoon Rising\jointops.exe"="C:\Program Files\NovaLogic\Joint Operations Typhoon Rising\jointops.exe:*:Enabled:Joint Operations Typhoon Rising"
"C:\Program Files\NovaLogic\Joint Operations Typhoon Rising\update.exe"="C:\Program Files\NovaLogic\Joint Operations Typhoon Rising\update.exe:*:Enabled:Update Game"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Common Files\AOL\1148679502\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1148679502\ee\aolsoftware.exe:*:Enabled:AOL Services"
"C:\Program Files\Common Files\AOL\1148679502\ee\aim6.exe"="C:\Program Files\Common Files\AOL\1148679502\ee\aim6.exe:*:Enabled:AIM"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\Guild Wars\Gw.exe"="C:\Program Files\Guild Wars\Gw.exe:*:Enabled:Guild Wars"
"C:\Program Files\Common Files\Adobe\ESD\AdobeDownloadManager.exe"="C:\Program Files\Common Files\Adobe\ESD\AdobeDownloadManager.exe:*:Enabled:Adobe Download Manager"
"C:\Documents and Settings\Travis Bischel\Desktop\paus\paros\IeEmbed.exe"="C:\Documents and Settings\Travis Bischel\Desktop\paus\paros\IeEmbed.exe:*:Enabled:JDesktop Integration Components binary"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Games\Halo\halo.exe"="C:\Program Files\Microsoft Games\Halo\halo.exe:*:Enabled:Halo"
"C:\Program Files\Microsoft Games\Halo Server\haloded.exe"="C:\Program Files\Microsoft Games\Halo Server\haloded.exe:*:Enabled:Halo"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Team17\Worms 2\Frontend.exe"="C:\Program Files\Team17\Worms 2\Frontend.exe:*:Enabled:Worms 2 Frontend"
"C:\Program Files\Starcraft\StarCraft.exe"="C:\Program Files\Starcraft\StarCraft.exe:*:Enabled:Starcraft"
"C:\Program Files\Steam\SteamApps\lollerclops\team fortress 2\hl2.exe"="C:\Program Files\Steam\SteamApps\lollerclops\team fortress 2\hl2.exe:*:Enabled:hl2"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Documents and Settings\Travis Bischel\Application Data\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe"="C:\Documents and Settings\Travis Bischel\Application Data\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"

======File associations======

.js - open - NOTEPAD.EXE %1
.vbs - open - NOTEPAD.EXE %1

======List of files/folders created in the last 1 months======

2008-10-14 19:51:27 ----D---- C:\rsit
2008-10-14 19:44:29 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-14 19:44:14 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-14 19:44:01 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-14 19:41:32 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-14 19:41:26 ----A---- C:\WINDOWS\imsins.BAK
2008-10-14 19:41:18 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-11 13:35:34 ----D---- C:\WINDOWS\NV23161144.TMP
2008-10-10 22:35:24 ----D---- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-10-09 18:05:43 ----D---- C:\VundoFix Backups
2008-10-09 18:05:43 ----A---- C:\VundoFix.txt
2008-10-09 16:57:12 ----D---- C:\Documents and Settings\Travis Bischel\Application Data\Malwarebytes
2008-10-09 16:57:03 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-09 16:57:03 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-05 20:17:17 ----A---- C:\WINDOWS\system32\jwvsvcxy.exe
2008-10-05 16:05:36 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-10-05 16:05:27 ----D---- C:\Documents and Settings\Travis Bischel\Application Data\SUPERAntiSpyware.com
2008-10-05 13:59:34 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-04 21:27:41 ----D---- C:\Program Files\ioazzzc
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrsth.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrsth.dll

======List of files/folders modified in the last 1 months======

2008-10-14 19:51:35 ----D---- C:\WINDOWS\Temp
2008-10-14 19:48:55 ----D---- C:\WINDOWS\Prefetch
2008-10-14 19:48:22 ----AD---- C:\WINDOWS
2008-10-14 19:47:40 ----D---- C:\WINDOWS\system32
2008-10-14 19:47:40 ----D---- C:\Program Files\Internet Explorer
2008-10-14 19:46:27 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-14 19:44:34 ----HD---- C:\WINDOWS\inf
2008-10-14 19:44:31 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-14 19:44:31 ----D---- C:\WINDOWS\system32\drivers
2008-10-14 19:44:25 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-14 19:43:18 ----SHD---- C:\WINDOWS\Installer
2008-10-14 19:43:17 ----HD---- C:\Config.Msi
2008-10-14 19:42:55 ----A---- C:\WINDOWS\win.ini
2008-10-14 19:41:28 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-14 19:39:24 ----D---- C:\WINDOWS\Debug
2008-10-13 18:24:31 ----A---- C:\WINDOWS\system32\HPPDEVX.DLL.log
2008-10-13 17:38:45 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-10-11 20:51:53 ----D---- C:\WINDOWS\Minidump
2008-10-11 19:16:15 ----RSH---- C:\boot.ini
2008-10-11 19:16:15 ----N---- C:\WINDOWS\system.ini
2008-10-11 14:20:33 ----AD---- C:\Program Files
2008-10-11 13:53:36 ----D---- C:\WINDOWS\pss
2008-10-11 13:38:28 ----D---- C:\WINDOWS\Help
2008-10-11 13:38:25 ----D---- C:\WINDOWS\nview
2008-10-10 22:21:18 ----D---- C:\WINDOWS\Registration
2008-10-10 22:20:52 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-10 22:12:01 ----RSD---- C:\WINDOWS\assembly
2008-10-08 22:29:42 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-07 14:19:40 ----AC---- C:\WINDOWS\system32\MRT.exe
2008-10-07 12:03:32 ----D---- C:\Program Files\Greetings Workshop
2008-10-06 19:22:57 ----AC---- C:\WINDOWS\BlendSettings.ini
2008-10-05 20:39:36 ----D---- C:\Program Files\Trend Micro
2008-10-05 20:22:40 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-05 14:25:55 ----D---- C:\WINDOWS\system32\NtmsData
2008-10-05 14:19:21 ----D---- C:\WINDOWS\repair
2008-10-05 00:49:26 ----D---- C:\Program Files\Common Files\Download Manager
2008-10-03 12:41:15 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-09-21 16:30:53 ----D---- C:\WINDOWS\system32\DirectX
2008-09-21 16:20:38 ----D---- C:\Program Files\Bethesda Softworks
2008-09-21 16:01:41 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2008-09-20 11:25:47 ----D---- C:\Documents and Settings\Travis Bischel\Application Data\InstallShield Installation Information
2008-09-20 11:24:23 ----D---- C:\Documents and Settings\Travis Bischel\Application Data\My Games
2008-09-17 23:55:00 ----AC---- C:\WINDOWS\system32\NVUNINST.EXE
2008-09-17 23:55:00 ----AC---- C:\WINDOWS\system32\nvudisp.exe
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nwiz.exe
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwssr.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwss.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrszht.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrszhc.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrstr.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrssv.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrssl.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrssk.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrsru.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrsptb.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrspt.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrspl.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrsno.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrsnl.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrsko.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrsja.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrsit.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrshu.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrshe.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrsfr.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrsfi.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrsesm.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrses.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrseng.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrsel.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrsde.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrsda.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrscs.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrsar.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwimg.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwdmcpl.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwddi.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvvitvsr.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvvitvs.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvsvc32.exe
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvshell.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrszht.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrszhc.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrstr.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrssv.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrssl.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrssk.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrsru.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrsptb.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrspt.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrspl.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrsno.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrsnl.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrsko.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrsja.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrsit.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrshu.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrshe.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrsfr.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrsfi.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrsesm.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrses.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrseng.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrsel.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrsde.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrsda.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrscs.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrsar.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvoglnt.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvnt4cpl.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvmoblsr.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvmobls.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvmctray.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvmccssr.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvmccss.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvmccsrs.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvmccs.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nview.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvgamesr.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvgames.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvdspsch.exe
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvdispsr.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvdisps.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvcuda.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvcpluir.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvcplui.exe
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvcpl.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvcolor.exe
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvcodins.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvcod.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvappbar.exe
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvapi.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nv4_disp.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\keystone.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2005-04-07 3840]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2003-07-17 66992]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2003-07-17 24698]
R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2003-07-17 259328]
R1 DVDVRRdr_xp;DVDVRRdr_xp; C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys [2003-07-17 146560]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2003-07-17 118409]
R1 tmtdi;Trend Micro TDI Driver; C:\WINDOWS\system32\DRIVERS\tmtdi.sys [2006-12-29 75088]
R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\system32\drivers\UdfReadr_xp.sys [2003-07-17 213120]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R2 tmmbd;Trend Micro MBD Driver; C:\WINDOWS\system32\DRIVERS\tm_mbd_c.sys [2006-12-29 111888]
R2 tmpreflt;tmpreflt; C:\WINDOWS\system32\DRIVERS\tmpreflt.sys [2008-07-18 36368]
R2 tmxpflt;tmxpflt; C:\WINDOWS\system32\DRIVERS\tmxpflt.sys [2008-07-18 205328]
R2 vsapint;vsapint; C:\WINDOWS\system32\DRIVERS\vsapint.sys [2008-07-18 1195448]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2006-06-09 1373120]
R3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2003-07-17 21993]
R3 E1000;Intel® PRO/1000 Adapter Driver; C:\WINDOWS\System32\DRIVERS\e1000325.sys [2003-05-20 121856]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HPFXBULK;HPFXBULK; C:\WINDOWS\system32\drivers\hpfxbulk.sys [2006-06-12 9344]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-09-17 6132576]
R3 Pcouffin;Low level access layer for CD devices; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2005-03-23 31680]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2007-10-21 9856]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2006-11-08 22784]
R3 tmcfw;Trend Micro Common Firewall Service; C:\WINDOWS\system32\DRIVERS\TM_CFW.sys [2006-12-29 288848]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 WinDriver6;WinDriver6; C:\WINDOWS\system32\drivers\windrvr6.sys [2005-03-21 333620]
S2 ATITUNEP;ATI WDM TV Tuner; C:\WINDOWS\system32\DRIVERS\atintuxx.sys [2003-05-12 38400]
S2 ATIXSAudio;ATI WDM TV Audio Crossbar; C:\WINDOWS\System32\DRIVERS\atinxsxx.sys [2003-05-12 62464]
S2 MVDCODEC;ATI WDM Specialized MVD Codec; C:\WINDOWS\System32\DRIVERS\atinmdxx.sys [2003-05-12 13824]
S2 PCDCODEC;ATI WDM Specialized PCD Codec; C:\WINDOWS\System32\DRIVERS\atinpdxx.sys [2003-05-12 13312]
S3 61883;61883 Unit Device; C:\WINDOWS\System32\DRIVERS\61883.sys [2008-04-13 48128]
S3 ADM851x;ADMtek Pegasus USB To Fast Ethernet Adapter; C:\WINDOWS\System32\DRIVERS\ADM851x.SYS [2003-03-07 26525]
S3 ATI Remote Wonder II;ATI Remote Wonder II; C:\WINDOWS\system32\drivers\ATIRWVD.SYS [2003-12-15 257872]
S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-05-17 2164736]
S3 ATIAVAIW;ATI T200 Unified AVStream service; C:\WINDOWS\system32\DRIVERS\atinavt2.sys [2007-04-25 169088]
S3 atinevxx;ATI WDM Rage Theater Video NSP; C:\WINDOWS\system32\DRIVERS\atinevxx.sys [2005-06-07 165888]
S3 atinrvxx;ATI WDM Rage Theater Video; C:\WINDOWS\System32\DRIVERS\atinrvxx.sys [2003-05-12 102912]
S3 ativraxx;ATI WDM Rage Theater Audio; C:\WINDOWS\System32\DRIVERS\atinraxx.sys [2003-05-12 51200]
S3 Avc;AVC Device; C:\WINDOWS\System32\DRIVERS\avc.sys [2008-04-13 38912]
S3 Bridge;MAC Bridge; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 hamachi_oem;PlayLinc Adapter; C:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-10-19 10664]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-12-14 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-12-14 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-12-14 21744]
S3 LHidUsb;Logitech USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsb.Sys [2004-03-03 37887]
S3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2003-07-17 22745]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\System32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nm;Network Monitor Driver; C:\WINDOWS\System32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 PSSdk23;PSSdk23; \??\C:\WINDOWS\system32\Drivers\PsSdk23.drv []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2007-10-31 30464]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 X10UIF;ATI Wireless Remote Receiver V2.36; C:\WINDOWS\System32\Drivers\x10uif.sys [2003-03-28 10761]
S4 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 NTACCESS;NTACCESS; \??\E:\NTACCESS.sys []
S4 SetupNTGLM7X;SetupNTGLM7X; \??\E:\NTGLM7X.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-06-15 611664]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
R2 Diskeeper;Diskeeper; C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe [2001-10-04 253952]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-07 168432]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-09-17 163908]
R2 PcCtlCom;Trend Micro Central Control Component; C:\PROGRA~1\TRENDM~1\INTERN~3\PcCtlCom.exe [2007-01-23 1922576]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-04-19 66872]
R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
R2 Tmntsrv;Trend Micro Real-time Service; C:\PROGRA~1\TRENDM~1\INTERN~3\Tmntsrv.exe [2006-12-29 480784]
R2 TmPfw;Trend Micro Personal Firewall; C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe [2006-12-29 943696]
R2 tmproxy;Trend Micro Proxy Service; C:\PROGRA~1\TRENDM~1\INTERN~3\tmproxy.exe [2006-12-29 566872]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [2001-05-01 53248]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R3 PcScnSrv;Trend Micro Protection Against Spyware ; C:\PROGRA~1\TRENDM~1\INTERN~3\PcScnSrv.exe [2006-12-29 214544]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]




Here is info.txt from rsit______________________________________________

info.txt logfile of random's system information tool 1.04 2008-10-14 19:51:44

======Uninstall list======

-->C:\WINDOWS\uninst.exe -fC:\Maxis\Simtower\DeIsL1.isu
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ACDSee for PENTAX 2.0-->MsiExec.exe /I{D8320DD6-FE47-41DE-B116-4158B7AE3F37}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 4.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.dll"
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Atmosphere Player for Acrobat and Adobe Reader-->C:\WINDOWS\atmoUn.exe
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe MPEG Encoder-->MsiExec.exe /I{9811A185-3D3D-11D6-9E14-00036D172B00}
Adobe Premiere 6.5-->C:\WINDOWS\UNINST.EXE -f"C:\Program Files\Adobe\Premiere 6.5\DeIsL1.isu" -c"C:\Program Files\Adobe\Premiere 6.5\Uninst.dll"
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe® Photoshop® Album Starter Edition 3.0-->MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
Advanced RealMedia Export Plug-in for Premiere 6.0-->C:\Program Files\Adobe\Premiere 6.5\Plug-ins\RNCompiler\rnuninst.exe RealNetworks|RNCompiler|6.0
AIM 6-->C:\Program Files\AIM6\uninst.exe
Apple Mobile Device Support-->MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AutoCAD 2000 Migration Assistance-->C:\WINDOWS\uninst.exe -f"C:\Program Files\ACAD2000\migration\DeIsL1.isu"
AutoCAD 2000-->C:\WINDOWS\uninst.exe -fC:\PROGRA~1\ACAD2000\DeIsL1.isu -c"C:\PROGRA~1\ACAD2000\unacad.dll
Autostar Suite Astronomers Edition-->C:\PROGRA~1\Meade\ASTROW~1\UNWISE.EXE C:\PROGRA~1\Meade\ASTROW~1\INSTALL.LOG
AVIVO Codecs-->MsiExec.exe /X{C941F1F1-25B3-4DF5-83E6-888C51A1AAB6}
Belarc Advisor 7.2-->C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG
Books That Work 3D Kitchen version 1.0-->C:\BTW\3DK\REGCLEAR.EXE
Call of Duty® 4 - Modern Warfare™-->C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Citrix Presentation Server Client-->MsiExec.exe /I{2624B680-02BC-4CBC-839C-DA20DF6EF6EC}
C-Media 3D Audio-->C:\WINDOWS\CMIUnInstall.exe
C-Media WDM Audio Driver-->C:\WINDOWS\system32\cmirmdrv.exe
CNET Download Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchiSetup -ether"C:\Program Files\InstallShield Installation Information\{0B4686AE-A1A7-4477-B8EA-65033218474E}" -l0x9 /ku /kp /kc
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
DAO-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}
Detroit Iron Information Systems 2.0 (C:\Program Files\Detroit\) #4-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\Detroit\ST6UNST.001"
Detroit Iron Information Systems 2.0 (C:\Program Files\Detroit\)-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\Detroit\ST6UNST.LOG"
Detroit Iron Information Systems 2.0-->C:\WINDOWS\st6unst.exe -n "D:\ST6UNST.LOG"
DH Driver Cleaner Professional Edition-->C:\Program Files\Driver Cleaner Pro\Uninstall.exe
DJ Java Decompiler v.3.6.6.79-->MsiExec.exe /I{8AD2EA30-5049-11D4-A08E-0080AD97BBF5}
DOOM Collector's Edition-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\DOOM Collector's Edition\DC.isu"
Duplicate File Finder-->C:\tools\DupFiles\UNWISE.EXE C:\tools\DupFiles\INSTALL.LOG
DVDXCopy Xpress 3.0.2-->"C:\Program Files\321Studios\Xpress\uninstall.exe"
DWGeditor-->MsiExec.exe /X{AC7190A0-EEA1-423C-A531-FCEB4E0EBBB1}
eDrawings 2006-->MsiExec.exe /I{B8EA2D6A-3EC4-4DC4-B588-123B7D38B493}
EVEREST Home Edition v2.20-->"C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"
Form Fill (Windows Live Toolbar)-->MsiExec.exe /X{548B3DC6-2300-47E1-BA7B-74AD25F8DEBF}
GDR 3068 for SQL Server Database Services 2005 ENU (KB948109)-->C:\WINDOWS\SQL9_KB948109_ENU\Hotfix.exe /Uninstall
GDR 3068 for SQL Server Tools and Workstation Components 2005 ENU (KB948109)-->C:\WINDOWS\SQLTools9_KB948109_ENU\Hotfix.exe /Uninstall
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_FE4264652A965D92.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Greetings Workshop-->C:\Program Files\Greetings Workshop\SETUP\setup.exe
Guild Wars-->"C:\Program Files\Guild Wars\Gw.exe" -uninstall
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Care Pack Core-->MsiExec.exe /I{3BC341BD-3736-45F0-B0E0-5664792AC528}
HP Extended Capabilities 6.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Image Zone 4.7-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP LaserJet P2015 Series 1.0-->C:\Program Files\HP\Digital Imaging\{BE4CEA63-8351-4A12-9E3A-556F8B76683A}\setup\hpzscr01.exe -datfile hppscr05.dat -forcereboot
HP PSC & OfficeJet 4.7-->"C:\Program Files\HP\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\setup\hpzscr01.exe" -datfile hposcr05.dat
HP Software Update-->MsiExec.exe /X{64FC0C98-B035-4530-B15D-3D30610B6DF1}
HP Update-->MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
Intel® PRO Network Adapters and Drivers-->Prounstl.exe
InterVideo WinDVD 4-->"C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
iTunes-->MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E}
Java™ 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Live Search Maps Add-In for Microsoft Office Outlook-->MsiExec.exe /I{EB9A4856-C28A-4BC2-9373-975A33BB9CD4}
Logitech iTouch Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{036AA4D4-6D32-11D4-9875-00105ACE7734}\Setup.exe" -l0x9 UNINSTALL
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MalWhere (remove only)-->"C:\Program Files\MalWhere\uninst.exe"
Map Button (Windows Live Toolbar)-->MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
MetaFrame Presentation Server Web Client for Win32-->C:\WINDOWS\system32\ctxsetup.exe /uninst C:\PROGRA~1\Citrix\icaweb32\uninst.inf
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Encarta 98 Encyclopedia-->RunDll32 C:\PROGRA~1\MICROS~4\ENCART~1\UNENC98.DLL,Uninstall C:\PROGRA~1\MICROS~4\ENCART~1\SETUP98\INST98.LOG
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft MSDN 2005 Express Edition - ENU-->C:\Program Files\Microsoft Visual Studio 8\Microsoft MSDN 2005 Express Edition - ENU\install.exe
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Project 2000 SR-1-->MsiExec.exe /I{2DFE1608-BDCA-11D1-B7AE-00C04FB92F3D}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)-->MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005 Tools Express Edition-->MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}
Microsoft SQL Server 2005-->"C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Compact 3.5 Design Tools ENU-->MsiExec.exe /X{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}
Microsoft SQL Server Compact 3.5 ENU-->MsiExec.exe /I{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}
Microsoft SQL Server Native Client-->MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}
Microsoft Text-to-Speech Engine 4.0 (English)-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTS.inf, Uninstall
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual Basic 2005 Express Edition - ENU Service Pack 1 (KB926747)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {355AD171-6294-4265-95EC-741E081E98F3} /package {577AD794-8B34-40B4-9E7A-BE4CFFE396E6}
Microsoft Visual Basic 2005 Express Edition - ENU-->C:\Program Files\Microsoft Visual Studio 8\Microsoft Visual Basic 2005 Express Edition - ENU\setup.exe
Microsoft Visual Basic 2005 Express Edition - ENU-->MsiExec.exe /X{577AD794-8B34-40B4-9E7A-BE4CFFE396E6}
Microsoft Visual Basic 2008 Express Edition - ENU-->C:\Program Files\Microsoft Visual Studio 9.0\Microsoft Visual Basic 2008 Express Edition - ENU\setup.exe
Microsoft Visual Basic 2008 Express Edition - ENU-->MsiExec.exe /X{9C2DC81B-8114-37D9-A922-95E460A1FAFB}
Microsoft Visual C++ 2008 Express Edition - ENU-->C:\Program Files\Microsoft Visual Studio 9.0\Microsoft Visual C++ 2008 Express Edition - ENU\setup.exe
Microsoft Visual C++ 2008 Express Edition - ENU-->MsiExec.exe /X{D1846BA1-6118-3EDF-8C57-6E1A04646738}
Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework-->MsiExec.exe /X{B4C0A315-07FB-39F9-85CD-8CE20C019350}
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32-->MsiExec.exe /X{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries-->MsiExec.exe /X{842FAF7C-50EF-4463-9B8F-6222E1384D7D}
MSDN Library for Microsoft Visual Studio 2008 Express Editions-->C:\Program Files\Microsoft Visual Studio 9.0\MSDN Library for Microsoft Visual Studio 2008 Express Editions\install.exe
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
Oblivion mod manager 1.1.11-->"C:\Program Files\Bethesda Softworks\Oblivion\obmm\uninstall\unins000.exe"
Oblivion-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x9 -removeonly
OneCare Advisor (Windows Live Toolbar)-->MsiExec.exe /X{DF821FC5-C198-452B-A0D4-82433EFEAE9B}
OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
Popup Blocker (Windows Live Toolbar)-->MsiExec.exe /X{66A7A386-6F35-41A7-A731-101F0C0153C8}
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
Republic: The Revolution-->MsiExec.exe /X{FEE97F95-1037-4064-B96A-F771BA1DB21C}
ScanSoft PaperPort Viewer 7.0-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ScanSoft\PaperPort Viewer\Uninst.isu"
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Encoder (KB954156)-->"C:\WINDOWS\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Smart Menus (Windows Live Toolbar)-->MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
SolidWorks 2006 SP04-->MsiExec.exe /I{A5A8E552-8624-4BDE-ADFA-36E9E38665CB}
Sony USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
SpyNoMore 2.67-->C:\Program Files\SpyNoMore\uninst.exe
Star Wars JK II Jedi Outcast-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8681B1E6-CD96-46EF-9065-CE0D1085ED99}\Setup.exe" -l0x9
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
TC Native Essentials 2.02-->C:\PROGRA~1\TCWorks\TCNativeEssentials202\UninstallTCEssentials.exe C:\PROGRA~1\TCWorks\TCNativeEssentials202\INSTALL.LOG
TES Construction Set-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Bethesda Softworks\Morrowind\CSUninstall\Setup.exe" -l0x9
TitanTV Client components for ATI-->MsiExec.exe /I{A3DD7BA6-37A6-4245-A167-B3AA137B2157}
Trend Micro PC-cillin Internet Security 2007-->C:\PROGRA~1\TRENDM~1\INTERN~3\remove.exe
Trend Micro PC-cillin Internet Security 2007-->MsiExec.exe /X{BB4B6355-D38A-492C-873B-A1B2CF6C3832}
Tweak UI-->"C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
TweakNow RegCleaner Standard-->"C:\Program Files\TweakNow RegCleaner Std\unins000.exe"
Unofficial Oblivion Patch v3.2.0-->"C:\Program Files\Bethesda Softworks\Oblivion\Unofficial Oblivion Patch\unins000.exe"
Unofficial Official Mods Patch v15-->"C:\Program Files\Bethesda Softworks\Oblivion\Unofficial Official Mods Patch\unins000.exe"
Unofficial Shivering Isles Patch v1.4.0-->"C:\Program Files\Bethesda Softworks\Oblivion\Unofficial Shivering Isles Patch\unins000.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
VideoLAN VLC media player 0.8.6b-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Manager (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
ViewSonic Monitor Drivers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B4FEA924-630D-11D4-B78E-005004566E4D}\Setup.exe" -l0x9
ViewSonic Windows XP Signed Files-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC47C7A5-BE63-11D5-B7C9-005004566E4D}\Setup.exe" -l0x9
Virtual Earth 3D (Beta)-->MsiExec.exe /I{619B8475-0F48-41B7-A370-5147F7092989}
Virtual Moon Altas Image Libraries-->C:\PROGRA~1\UNWISE.EXE C:\PROGRA~1\INSTALL.LOG
Webshots Desktop-->C:\PROGRA~1\Webshots\UNWISE.EXE C:\PROGRA~1\Webshots\INSTALL.LOG
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Favorites for Windows Live Toolbar-->MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live Outlook Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{35E1A8C8-6646-4101-B0AA-42D1EB2AB3AE}
Windows Live Toolbar Extension (Windows Live Toolbar)-->MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Windows Live Toolbar Feed Detector (Windows Live Toolbar)-->MsiExec.exe /X{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}
Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar-->MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Media Connect-->"C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinRescue XP-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\WNRSQXPZ.INF, DefaultUninstall.ntx86
Ximensions PP Starfield-->C:\Program Files\Ximensions PP Starfield\Uninstall.exe
Xvid 1.1.2 final uninstall-->"C:\Program Files\Xvid\unins000.exe"
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe
Zune Desktop Theme-->MsiExec.exe /X{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}

======Security center information======

AV: Trend Micro PC-cillin Internet Security 2007
FW: Trend Micro PC-cillin Internet Security (Firewall)

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\PROGRA~1\COMMON~1\AUTODE~1;C:\Program Files\Executive Software\DiskeeperWorkstation\;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Common Files\GTK\2.0\bin;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"PS5ROOT"=C:\Program Files\Roxio\Easy CD Creator 6\PhotoSuite\
"DiskeeperIcon"=C:\Program Files\Executive Software\DiskeeperWorkstation\
"FP_NO_HOST_CHECK"=NO
"VS90COMNTOOLS"=C:\Program Files\Microsoft Visual Studio 9.0\Common7\Tools\
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip

-----------------EOF-----------------

#7 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:45 PM

Posted 15 October 2008 - 03:19 AM

Yes I am sure that you don't want to but you are still infected.

They are leftovers though.

You are running RSIT from temp folder:

C:\Documents and Settings\Travis Bischel\Local Settings\Temporary Internet Files\Content.IE5\9GMBISGF\RSIT[1].exe

Please save it to desktop and post back a fresh RSIT log.
Microsoft MVP Consumer Security
Posted Image

Posted Image

#8 lollerclops

lollerclops
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:45 AM

Posted 15 October 2008 - 06:39 PM

Logfile of random's system information tool 1.04 (written by random/random)
Run by Travis Bischel at 2008-10-15 18:36:29
Microsoft Windows XP Professional Service Pack 3
System drive C: has 30 GB (26%) free of 114 GB
Total RAM: 2047 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:36:38 PM, on 10/15/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\PcCtlCom.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\PcScnSrv.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\tmproxy.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Travis Bischel\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Travis Bischel.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKLM\..\Policies\Explorer\Run: [boOw0bpi3u] C:\Documents and Settings\All Users\Application Data\johibqvu\bkrylupa.exe
O4 - Global Startup: AutorunsDisabled
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Get It With Kontiki - res://C:\Program Files\Kontiki\bin\bh309190.dll/201
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {460324E8-CFB4-4357-85EF-CE3EBFE23A62} (Crystal ActiveX Report Viewer Control 11.0) - https://www.hammerheadmole.com/intranet/cry...tiveXViewer.cab
O16 - DPF: {4855C21B-E452-4661-A702-ED3493CE74DF} - http://sp.ask.com/docs/toolbar/download/askbar-inst.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187927373234
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187927345093
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\PcScnSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\tmproxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8108 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-08-22 193136]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PtiuPbmd"=C:\WINDOWS\system32\ptipbm.dll [2003-01-15 24576]
"Cmaudio"=RunDll32 cmicnfg.cpl []
"pccguide.exe"=C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe [2007-01-23 3429904]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-09-17 13574144]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-09-17 86016]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"boOw0bpi3u"=C:\Documents and Settings\All Users\Application Data\johibqvu\bkrylupa.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"ATI Launchpad"=C:\Program Files\ATI Multimedia\main\launchpd.exe []
"ATI DeviceDetect"=C:\Program Files\ATI Multimedia\main\ATIDtct.EXE []
"ATI Remote Control"=C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe []
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-06 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-10 116040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
C:\Program Files\BitTorrent\bittorrent.exe --force_start_minimized []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-02-16 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpbdfawep]
C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe [2007-12-23 618496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe [2003-05-01 65536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToolBoxFX]
C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe [2006-06-15 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~3.0\Reader\READER~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2004-11-04 258048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe [2004-11-04 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Program Neighborhood Agent.lnk]
C:\WINDOWS\Installer\{2624B680-02BC-4CBC-839C-DA20DF6EF6EC}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe [2008-08-16 61440]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
AutorunsDisabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Kontiki\bin\kontiki.exe"="C:\Program Files\Kontiki\bin\kontiki.exe:*:Disabled:Kontiki Client"
"C:\Program Files\Ubisoft\Splinter Cell Pandora Tomorrow\pandora.exe"="C:\Program Files\Ubisoft\Splinter Cell Pandora Tomorrow\pandora.exe:*:Enabled:pandora"
"C:\Program Files\Ubisoft\Splinter Cell Pandora Tomorrow\online\System\shadowstrike_static_retail.exe"="C:\Program Files\Ubisoft\Splinter Cell Pandora Tomorrow\online\System\shadowstrike_static_retail.exe:*:Enabled:shadowstrike_static_retail"
"C:\Documents and Settings\Travis Bischel\Desktop\Everything\Games\Starcraft\starcraft.exe"="C:\Documents and Settings\Travis Bischel\Desktop\Everything\Games\Starcraft\starcraft.exe:*:Enabled:Starcraft"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Real\RealOne Player\realplay.exe"="C:\Program Files\Real\RealOne Player\realplay.exe:*:Enabled:RealPlayer"
"C:\Documents and Settings\Travis Bischel\Local Settings\Application Data\Wildtangent\Cdacache\CC9503AF-E3D9-4701-9010-44FE3B4D43AA\sspm.exe"="C:\Documents and Settings\Travis Bischel\Local Settings\Application Data\Wildtangent\Cdacache\CC9503AF-E3D9-4701-9010-44FE3B4D43AA\sspm.exe:*:Disabled:sspm"
"C:\Program Files\Microsoft Games\Age of Empires\EMPIRESX.EXE"="C:\Program Files\Microsoft Games\Age of Empires\EMPIRESX.EXE:*:Enabled:Age of Empires, the Rise of Rome"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Documents and Settings\Casey Bischel\My Documents\download\BitTornado\btdownloadgui.exe"="C:\Documents and Settings\Casey Bischel\My Documents\download\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\Program Files\Ubisoft\Splinter Cell Pandora Tomorrow\online\System\shadowstrike_static_retail.ex"="C:\Program Files\Ubisoft\Splinter Cell Pandora Tomorrow\online\System\shadowstrike_static_retail.ex:*:Disabled:shadowstrike_static_retail"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\WINDOWS\system32\dxdiag.exe"="C:\WINDOWS\system32\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool"
"C:\Program Files\LucasArts\Star Wars JK II Jedi Outcast\GameData\jk2mp.exe"="C:\Program Files\LucasArts\Star Wars JK II Jedi Outcast\GameData\jk2mp.exe:*:Enabled:jk2mp"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\Program Files\THQ\Hot Wheels Bash Arena\BashArena.exe"="C:\Program Files\THQ\Hot Wheels Bash Arena\BashArena.exe:*:Enabled:Hotwheels™: Bash Arena™ executable"
"C:\SIERRA\SIGSPAT.EXE"="C:\SIERRA\SIGSPAT.EXE:*:Enabled:Auto Update"
"C:\Program Files\Activision\THPS2\THawk2.exe"="C:\Program Files\Activision\THPS2\THawk2.exe:*:Disabled:THawk2"
"C:\Program Files\Xfire\Xfire.exe"="C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire"
"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Steam\SteamApps\lollerclops\counter-strike source\hl2.exe"="C:\Program Files\Steam\SteamApps\lollerclops\counter-strike source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\NovaLogic\Joint Operations Typhoon Rising\jointops.exe"="C:\Program Files\NovaLogic\Joint Operations Typhoon Rising\jointops.exe:*:Enabled:Joint Operations Typhoon Rising"
"C:\Program Files\NovaLogic\Joint Operations Typhoon Rising\update.exe"="C:\Program Files\NovaLogic\Joint Operations Typhoon Rising\update.exe:*:Enabled:Update Game"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Common Files\AOL\1148679502\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1148679502\ee\aolsoftware.exe:*:Enabled:AOL Services"
"C:\Program Files\Common Files\AOL\1148679502\ee\aim6.exe"="C:\Program Files\Common Files\AOL\1148679502\ee\aim6.exe:*:Enabled:AIM"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\Guild Wars\Gw.exe"="C:\Program Files\Guild Wars\Gw.exe:*:Enabled:Guild Wars"
"C:\Program Files\Common Files\Adobe\ESD\AdobeDownloadManager.exe"="C:\Program Files\Common Files\Adobe\ESD\AdobeDownloadManager.exe:*:Enabled:Adobe Download Manager"
"C:\Documents and Settings\Travis Bischel\Desktop\paus\paros\IeEmbed.exe"="C:\Documents and Settings\Travis Bischel\Desktop\paus\paros\IeEmbed.exe:*:Enabled:JDesktop Integration Components binary"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Games\Halo\halo.exe"="C:\Program Files\Microsoft Games\Halo\halo.exe:*:Enabled:Halo"
"C:\Program Files\Microsoft Games\Halo Server\haloded.exe"="C:\Program Files\Microsoft Games\Halo Server\haloded.exe:*:Enabled:Halo"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Team17\Worms 2\Frontend.exe"="C:\Program Files\Team17\Worms 2\Frontend.exe:*:Enabled:Worms 2 Frontend"
"C:\Program Files\Starcraft\StarCraft.exe"="C:\Program Files\Starcraft\StarCraft.exe:*:Enabled:Starcraft"
"C:\Program Files\Steam\SteamApps\lollerclops\team fortress 2\hl2.exe"="C:\Program Files\Steam\SteamApps\lollerclops\team fortress 2\hl2.exe:*:Enabled:hl2"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Documents and Settings\Travis Bischel\Application Data\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe"="C:\Documents and Settings\Travis Bischel\Application Data\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"

======File associations======

.js - open - NOTEPAD.EXE %1
.vbs - open - NOTEPAD.EXE %1

======List of files/folders created in the last 1 months======

2008-10-14 19:51:27 ----D---- C:\rsit
2008-10-14 19:44:29 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-14 19:44:14 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-14 19:44:01 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-14 19:41:32 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-14 19:41:18 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-11 13:35:34 ----D---- C:\WINDOWS\NV23161144.TMP
2008-10-10 22:35:24 ----D---- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-10-09 18:05:43 ----D---- C:\VundoFix Backups
2008-10-09 18:05:43 ----A---- C:\VundoFix.txt
2008-10-09 16:57:12 ----D---- C:\Documents and Settings\Travis Bischel\Application Data\Malwarebytes
2008-10-09 16:57:03 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-09 16:57:03 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-05 20:17:17 ----A---- C:\WINDOWS\system32\jwvsvcxy.exe
2008-10-05 16:05:36 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-10-05 16:05:27 ----D---- C:\Documents and Settings\Travis Bischel\Application Data\SUPERAntiSpyware.com
2008-10-05 13:59:34 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-04 21:27:41 ----D---- C:\Program Files\ioazzzc
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrsth.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrsth.dll

======List of files/folders modified in the last 1 months======

2008-10-15 18:36:29 ----D---- C:\WINDOWS\Prefetch
2008-10-15 18:32:39 ----D---- C:\WINDOWS\Temp
2008-10-15 18:24:47 ----AD---- C:\WINDOWS
2008-10-15 16:51:53 ----D---- C:\WINDOWS\system32
2008-10-15 16:38:04 ----A---- C:\WINDOWS\system32\HPPDEVX.DLL.log
2008-10-14 22:56:35 ----N---- C:\WINDOWS\SchedLgU.Txt
2008-10-14 21:41:00 ----D---- C:\WINDOWS\Debug
2008-10-14 19:47:40 ----D---- C:\Program Files\Internet Explorer
2008-10-14 19:44:34 ----HD---- C:\WINDOWS\inf
2008-10-14 19:44:31 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-14 19:44:31 ----D---- C:\WINDOWS\system32\drivers
2008-10-14 19:44:25 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-14 19:43:18 ----SHD---- C:\WINDOWS\Installer
2008-10-14 19:43:17 ----HD---- C:\Config.Msi
2008-10-14 19:42:55 ----A---- C:\WINDOWS\win.ini
2008-10-14 19:41:28 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-13 17:38:45 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-10-11 20:51:53 ----D---- C:\WINDOWS\Minidump
2008-10-11 19:16:15 ----RSH---- C:\boot.ini
2008-10-11 19:16:15 ----N---- C:\WINDOWS\system.ini
2008-10-11 14:20:33 ----AD---- C:\Program Files
2008-10-11 13:53:36 ----D---- C:\WINDOWS\pss
2008-10-11 13:38:28 ----D---- C:\WINDOWS\Help
2008-10-11 13:38:25 ----D---- C:\WINDOWS\nview
2008-10-10 22:21:18 ----D---- C:\WINDOWS\Registration
2008-10-10 22:20:52 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-10 22:12:01 ----RSD---- C:\WINDOWS\assembly
2008-10-08 22:29:42 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-07 14:19:40 ----AC---- C:\WINDOWS\system32\MRT.exe
2008-10-07 12:03:32 ----D---- C:\Program Files\Greetings Workshop
2008-10-06 19:22:57 ----AC---- C:\WINDOWS\BlendSettings.ini
2008-10-05 20:39:36 ----D---- C:\Program Files\Trend Micro
2008-10-05 20:22:40 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-05 14:25:55 ----D---- C:\WINDOWS\system32\NtmsData
2008-10-05 14:19:21 ----D---- C:\WINDOWS\repair
2008-10-05 00:49:26 ----D---- C:\Program Files\Common Files\Download Manager
2008-10-03 12:41:15 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-09-21 16:30:53 ----D---- C:\WINDOWS\system32\DirectX
2008-09-21 16:20:38 ----D---- C:\Program Files\Bethesda Softworks
2008-09-21 16:01:41 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2008-09-20 11:25:47 ----D---- C:\Documents and Settings\Travis Bischel\Application Data\InstallShield Installation Information
2008-09-20 11:24:23 ----D---- C:\Documents and Settings\Travis Bischel\Application Data\My Games
2008-09-17 23:55:00 ----AC---- C:\WINDOWS\system32\NVUNINST.EXE
2008-09-17 23:55:00 ----AC---- C:\WINDOWS\system32\nvudisp.exe
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nwiz.exe
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwssr.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwss.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrszht.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrszhc.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrstr.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrssv.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrssl.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrssk.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrsru.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrsptb.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrspt.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrspl.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrsno.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrsnl.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrsko.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrsja.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrsit.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrshu.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrshe.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrsfr.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrsfi.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrsesm.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrses.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrseng.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrsel.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrsde.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrsda.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrscs.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrsar.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwimg.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwdmcpl.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwddi.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvvitvsr.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvvitvs.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvsvc32.exe
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvshell.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrszht.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrszhc.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrstr.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrssv.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrssl.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrssk.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrsru.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrsptb.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrspt.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrspl.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrsno.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrsnl.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrsko.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrsja.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrsit.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrshu.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrshe.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrsfr.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrsfi.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrsesm.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrses.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrseng.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrsel.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrsde.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrsda.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrscs.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrsar.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvoglnt.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvnt4cpl.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvmoblsr.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvmobls.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvmctray.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvmccssr.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvmccss.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvmccsrs.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvmccs.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nview.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvgamesr.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvgames.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvdspsch.exe
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvdispsr.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvdisps.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvcuda.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvcpluir.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvcplui.exe
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvcpl.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvcolor.exe
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvcodins.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvcod.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvappbar.exe
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvapi.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nv4_disp.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\keystone.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2005-04-07 3840]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2003-07-17 66992]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2003-07-17 24698]
R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2003-07-17 259328]
R1 DVDVRRdr_xp;DVDVRRdr_xp; C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys [2003-07-17 146560]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2003-07-17 118409]
R1 tmtdi;Trend Micro TDI Driver; C:\WINDOWS\system32\DRIVERS\tmtdi.sys [2006-12-29 75088]
R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\system32\drivers\UdfReadr_xp.sys [2003-07-17 213120]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R2 tmmbd;Trend Micro MBD Driver; C:\WINDOWS\system32\DRIVERS\tm_mbd_c.sys [2006-12-29 111888]
R2 tmpreflt;tmpreflt; C:\WINDOWS\system32\DRIVERS\tmpreflt.sys [2008-07-18 36368]
R2 tmxpflt;tmxpflt; C:\WINDOWS\system32\DRIVERS\tmxpflt.sys [2008-07-18 205328]
R2 vsapint;vsapint; C:\WINDOWS\system32\DRIVERS\vsapint.sys [2008-07-18 1195448]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2006-06-09 1373120]
R3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2003-07-17 21993]
R3 E1000;Intel® PRO/1000 Adapter Driver; C:\WINDOWS\System32\DRIVERS\e1000325.sys [2003-05-20 121856]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HPFXBULK;HPFXBULK; C:\WINDOWS\system32\drivers\hpfxbulk.sys [2006-06-12 9344]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-09-17 6132576]
R3 Pcouffin;Low level access layer for CD devices; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2005-03-23 31680]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2007-10-21 9856]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2006-11-08 22784]
R3 tmcfw;Trend Micro Common Firewall Service; C:\WINDOWS\system32\DRIVERS\TM_CFW.sys [2006-12-29 288848]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 WinDriver6;WinDriver6; C:\WINDOWS\system32\drivers\windrvr6.sys [2005-03-21 333620]
S2 ATITUNEP;ATI WDM TV Tuner; C:\WINDOWS\system32\DRIVERS\atintuxx.sys [2003-05-12 38400]
S2 ATIXSAudio;ATI WDM TV Audio Crossbar; C:\WINDOWS\System32\DRIVERS\atinxsxx.sys [2003-05-12 62464]
S2 MVDCODEC;ATI WDM Specialized MVD Codec; C:\WINDOWS\System32\DRIVERS\atinmdxx.sys [2003-05-12 13824]
S2 PCDCODEC;ATI WDM Specialized PCD Codec; C:\WINDOWS\System32\DRIVERS\atinpdxx.sys [2003-05-12 13312]
S3 61883;61883 Unit Device; C:\WINDOWS\System32\DRIVERS\61883.sys [2008-04-13 48128]
S3 ADM851x;ADMtek Pegasus USB To Fast Ethernet Adapter; C:\WINDOWS\System32\DRIVERS\ADM851x.SYS [2003-03-07 26525]
S3 ATI Remote Wonder II;ATI Remote Wonder II; C:\WINDOWS\system32\drivers\ATIRWVD.SYS [2003-12-15 257872]
S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-05-17 2164736]
S3 ATIAVAIW;ATI T200 Unified AVStream service; C:\WINDOWS\system32\DRIVERS\atinavt2.sys [2007-04-25 169088]
S3 atinevxx;ATI WDM Rage Theater Video NSP; C:\WINDOWS\system32\DRIVERS\atinevxx.sys [2005-06-07 165888]
S3 atinrvxx;ATI WDM Rage Theater Video; C:\WINDOWS\System32\DRIVERS\atinrvxx.sys [2003-05-12 102912]
S3 ativraxx;ATI WDM Rage Theater Audio; C:\WINDOWS\System32\DRIVERS\atinraxx.sys [2003-05-12 51200]
S3 Avc;AVC Device; C:\WINDOWS\System32\DRIVERS\avc.sys [2008-04-13 38912]
S3 Bridge;MAC Bridge; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 hamachi_oem;PlayLinc Adapter; C:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-10-19 10664]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-12-14 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-12-14 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-12-14 21744]
S3 LHidUsb;Logitech USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsb.Sys [2004-03-03 37887]
S3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2003-07-17 22745]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\System32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nm;Network Monitor Driver; C:\WINDOWS\System32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 PSSdk23;PSSdk23; \??\C:\WINDOWS\system32\Drivers\PsSdk23.drv []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2007-10-31 30464]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 X10UIF;ATI Wireless Remote Receiver V2.36; C:\WINDOWS\System32\Drivers\x10uif.sys [2003-03-28 10761]
S4 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 NTACCESS;NTACCESS; \??\E:\NTACCESS.sys []
S4 SetupNTGLM7X;SetupNTGLM7X; \??\E:\NTGLM7X.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-06-15 611664]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
R2 Diskeeper;Diskeeper; C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe [2001-10-04 253952]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-07 168432]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-09-17 163908]
R2 PcCtlCom;Trend Micro Central Control Component; C:\PROGRA~1\TRENDM~1\INTERN~3\PcCtlCom.exe [2007-01-23 1922576]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-04-19 66872]
R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
R2 Tmntsrv;Trend Micro Real-time Service; C:\PROGRA~1\TRENDM~1\INTERN~3\Tmntsrv.exe [2006-12-29 480784]
R2 TmPfw;Trend Micro Personal Firewall; C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe [2006-12-29 943696]
R2 tmproxy;Trend Micro Proxy Service; C:\PROGRA~1\TRENDM~1\INTERN~3\tmproxy.exe [2006-12-29 566872]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [2001-05-01 53248]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R3 PcScnSrv;Trend Micro Protection Against Spyware ; C:\PROGRA~1\TRENDM~1\INTERN~3\PcScnSrv.exe [2006-12-29 214544]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------



Logfile of random's system information tool 1.04 (written by random/random)
Run by Travis Bischel at 2008-10-15 18:36:29
Microsoft Windows XP Professional Service Pack 3
System drive C: has 30 GB (26%) free of 114 GB
Total RAM: 2047 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:36:38 PM, on 10/15/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\PcCtlCom.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\PcScnSrv.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\tmproxy.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Travis Bischel\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Travis Bischel.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKLM\..\Policies\Explorer\Run: [boOw0bpi3u] C:\Documents and Settings\All Users\Application Data\johibqvu\bkrylupa.exe
O4 - Global Startup: AutorunsDisabled
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Get It With Kontiki - res://C:\Program Files\Kontiki\bin\bh309190.dll/201
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {460324E8-CFB4-4357-85EF-CE3EBFE23A62} (Crystal ActiveX Report Viewer Control 11.0) - https://www.hammerheadmole.com/intranet/cry...tiveXViewer.cab
O16 - DPF: {4855C21B-E452-4661-A702-ED3493CE74DF} - http://sp.ask.com/docs/toolbar/download/askbar-inst.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187927373234
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187927345093
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\PcScnSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\tmproxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8108 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-08-22 193136]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PtiuPbmd"=C:\WINDOWS\system32\ptipbm.dll [2003-01-15 24576]
"Cmaudio"=RunDll32 cmicnfg.cpl []
"pccguide.exe"=C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe [2007-01-23 3429904]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-09-17 13574144]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-09-17 86016]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"boOw0bpi3u"=C:\Documents and Settings\All Users\Application Data\johibqvu\bkrylupa.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"ATI Launchpad"=C:\Program Files\ATI Multimedia\main\launchpd.exe []
"ATI DeviceDetect"=C:\Program Files\ATI Multimedia\main\ATIDtct.EXE []
"ATI Remote Control"=C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe []
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-06 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-10 116040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
C:\Program Files\BitTorrent\bittorrent.exe --force_start_minimized []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-02-16 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpbdfawep]
C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe [2007-12-23 618496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe [2003-05-01 65536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToolBoxFX]
C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe [2006-06-15 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~3.0\Reader\READER~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2004-11-04 258048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe [2004-11-04 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Program Neighborhood Agent.lnk]
C:\WINDOWS\Installer\{2624B680-02BC-4CBC-839C-DA20DF6EF6EC}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe [2008-08-16 61440]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
AutorunsDisabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Kontiki\bin\kontiki.exe"="C:\Program Files\Kontiki\bin\kontiki.exe:*:Disabled:Kontiki Client"
"C:\Program Files\Ubisoft\Splinter Cell Pandora Tomorrow\pandora.exe"="C:\Program Files\Ubisoft\Splinter Cell Pandora Tomorrow\pandora.exe:*:Enabled:pandora"
"C:\Program Files\Ubisoft\Splinter Cell Pandora Tomorrow\online\System\shadowstrike_static_retail.exe"="C:\Program Files\Ubisoft\Splinter Cell Pandora Tomorrow\online\System\shadowstrike_static_retail.exe:*:Enabled:shadowstrike_static_retail"
"C:\Documents and Settings\Travis Bischel\Desktop\Everything\Games\Starcraft\starcraft.exe"="C:\Documents and Settings\Travis Bischel\Desktop\Everything\Games\Starcraft\starcraft.exe:*:Enabled:Starcraft"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Real\RealOne Player\realplay.exe"="C:\Program Files\Real\RealOne Player\realplay.exe:*:Enabled:RealPlayer"
"C:\Documents and Settings\Travis Bischel\Local Settings\Application Data\Wildtangent\Cdacache\CC9503AF-E3D9-4701-9010-44FE3B4D43AA\sspm.exe"="C:\Documents and Settings\Travis Bischel\Local Settings\Application Data\Wildtangent\Cdacache\CC9503AF-E3D9-4701-9010-44FE3B4D43AA\sspm.exe:*:Disabled:sspm"
"C:\Program Files\Microsoft Games\Age of Empires\EMPIRESX.EXE"="C:\Program Files\Microsoft Games\Age of Empires\EMPIRESX.EXE:*:Enabled:Age of Empires, the Rise of Rome"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Documents and Settings\Casey Bischel\My Documents\download\BitTornado\btdownloadgui.exe"="C:\Documents and Settings\Casey Bischel\My Documents\download\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\Program Files\Ubisoft\Splinter Cell Pandora Tomorrow\online\System\shadowstrike_static_retail.ex"="C:\Program Files\Ubisoft\Splinter Cell Pandora Tomorrow\online\System\shadowstrike_static_retail.ex:*:Disabled:shadowstrike_static_retail"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\WINDOWS\system32\dxdiag.exe"="C:\WINDOWS\system32\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool"
"C:\Program Files\LucasArts\Star Wars JK II Jedi Outcast\GameData\jk2mp.exe"="C:\Program Files\LucasArts\Star Wars JK II Jedi Outcast\GameData\jk2mp.exe:*:Enabled:jk2mp"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\Program Files\THQ\Hot Wheels Bash Arena\BashArena.exe"="C:\Program Files\THQ\Hot Wheels Bash Arena\BashArena.exe:*:Enabled:Hotwheels™: Bash Arena™ executable"
"C:\SIERRA\SIGSPAT.EXE"="C:\SIERRA\SIGSPAT.EXE:*:Enabled:Auto Update"
"C:\Program Files\Activision\THPS2\THawk2.exe"="C:\Program Files\Activision\THPS2\THawk2.exe:*:Disabled:THawk2"
"C:\Program Files\Xfire\Xfire.exe"="C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire"
"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Steam\SteamApps\lollerclops\counter-strike source\hl2.exe"="C:\Program Files\Steam\SteamApps\lollerclops\counter-strike source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\NovaLogic\Joint Operations Typhoon Rising\jointops.exe"="C:\Program Files\NovaLogic\Joint Operations Typhoon Rising\jointops.exe:*:Enabled:Joint Operations Typhoon Rising"
"C:\Program Files\NovaLogic\Joint Operations Typhoon Rising\update.exe"="C:\Program Files\NovaLogic\Joint Operations Typhoon Rising\update.exe:*:Enabled:Update Game"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Common Files\AOL\1148679502\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1148679502\ee\aolsoftware.exe:*:Enabled:AOL Services"
"C:\Program Files\Common Files\AOL\1148679502\ee\aim6.exe"="C:\Program Files\Common Files\AOL\1148679502\ee\aim6.exe:*:Enabled:AIM"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\Guild Wars\Gw.exe"="C:\Program Files\Guild Wars\Gw.exe:*:Enabled:Guild Wars"
"C:\Program Files\Common Files\Adobe\ESD\AdobeDownloadManager.exe"="C:\Program Files\Common Files\Adobe\ESD\AdobeDownloadManager.exe:*:Enabled:Adobe Download Manager"
"C:\Documents and Settings\Travis Bischel\Desktop\paus\paros\IeEmbed.exe"="C:\Documents and Settings\Travis Bischel\Desktop\paus\paros\IeEmbed.exe:*:Enabled:JDesktop Integration Components binary"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Games\Halo\halo.exe"="C:\Program Files\Microsoft Games\Halo\halo.exe:*:Enabled:Halo"
"C:\Program Files\Microsoft Games\Halo Server\haloded.exe"="C:\Program Files\Microsoft Games\Halo Server\haloded.exe:*:Enabled:Halo"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Team17\Worms 2\Frontend.exe"="C:\Program Files\Team17\Worms 2\Frontend.exe:*:Enabled:Worms 2 Frontend"
"C:\Program Files\Starcraft\StarCraft.exe"="C:\Program Files\Starcraft\StarCraft.exe:*:Enabled:Starcraft"
"C:\Program Files\Steam\SteamApps\lollerclops\team fortress 2\hl2.exe"="C:\Program Files\Steam\SteamApps\lollerclops\team fortress 2\hl2.exe:*:Enabled:hl2"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Documents and Settings\Travis Bischel\Application Data\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe"="C:\Documents and Settings\Travis Bischel\Application Data\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"

======File associations======

.js - open - NOTEPAD.EXE %1
.vbs - open - NOTEPAD.EXE %1

======List of files/folders created in the last 1 months======

2008-10-14 19:51:27 ----D---- C:\rsit
2008-10-14 19:44:29 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-14 19:44:14 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-14 19:44:01 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-14 19:41:32 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-14 19:41:18 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-11 13:35:34 ----D---- C:\WINDOWS\NV23161144.TMP
2008-10-10 22:35:24 ----D---- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-10-09 18:05:43 ----D---- C:\VundoFix Backups
2008-10-09 18:05:43 ----A---- C:\VundoFix.txt
2008-10-09 16:57:12 ----D---- C:\Documents and Settings\Travis Bischel\Application Data\Malwarebytes
2008-10-09 16:57:03 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-09 16:57:03 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-05 20:17:17 ----A---- C:\WINDOWS\system32\jwvsvcxy.exe
2008-10-05 16:05:36 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-10-05 16:05:27 ----D---- C:\Documents and Settings\Travis Bischel\Application Data\SUPERAntiSpyware.com
2008-10-05 13:59:34 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-04 21:27:41 ----D---- C:\Program Files\ioazzzc
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrsth.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrsth.dll

======List of files/folders modified in the last 1 months======

2008-10-15 18:36:29 ----D---- C:\WINDOWS\Prefetch
2008-10-15 18:32:39 ----D---- C:\WINDOWS\Temp
2008-10-15 18:24:47 ----AD---- C:\WINDOWS
2008-10-15 16:51:53 ----D---- C:\WINDOWS\system32
2008-10-15 16:38:04 ----A---- C:\WINDOWS\system32\HPPDEVX.DLL.log
2008-10-14 22:56:35 ----N---- C:\WINDOWS\SchedLgU.Txt
2008-10-14 21:41:00 ----D---- C:\WINDOWS\Debug
2008-10-14 19:47:40 ----D---- C:\Program Files\Internet Explorer
2008-10-14 19:44:34 ----HD---- C:\WINDOWS\inf
2008-10-14 19:44:31 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-14 19:44:31 ----D---- C:\WINDOWS\system32\drivers
2008-10-14 19:44:25 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-14 19:43:18 ----SHD---- C:\WINDOWS\Installer
2008-10-14 19:43:17 ----HD---- C:\Config.Msi
2008-10-14 19:42:55 ----A---- C:\WINDOWS\win.ini
2008-10-14 19:41:28 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-13 17:38:45 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-10-11 20:51:53 ----D---- C:\WINDOWS\Minidump
2008-10-11 19:16:15 ----RSH---- C:\boot.ini
2008-10-11 19:16:15 ----N---- C:\WINDOWS\system.ini
2008-10-11 14:20:33 ----AD---- C:\Program Files
2008-10-11 13:53:36 ----D---- C:\WINDOWS\pss
2008-10-11 13:38:28 ----D---- C:\WINDOWS\Help
2008-10-11 13:38:25 ----D---- C:\WINDOWS\nview
2008-10-10 22:21:18 ----D---- C:\WINDOWS\Registration
2008-10-10 22:20:52 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-10 22:12:01 ----RSD---- C:\WINDOWS\assembly
2008-10-08 22:29:42 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-07 14:19:40 ----AC---- C:\WINDOWS\system32\MRT.exe
2008-10-07 12:03:32 ----D---- C:\Program Files\Greetings Workshop
2008-10-06 19:22:57 ----AC---- C:\WINDOWS\BlendSettings.ini
2008-10-05 20:39:36 ----D---- C:\Program Files\Trend Micro
2008-10-05 20:22:40 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-05 14:25:55 ----D---- C:\WINDOWS\system32\NtmsData
2008-10-05 14:19:21 ----D---- C:\WINDOWS\repair
2008-10-05 00:49:26 ----D---- C:\Program Files\Common Files\Download Manager
2008-10-03 12:41:15 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-09-21 16:30:53 ----D---- C:\WINDOWS\system32\DirectX
2008-09-21 16:20:38 ----D---- C:\Program Files\Bethesda Softworks
2008-09-21 16:01:41 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2008-09-20 11:25:47 ----D---- C:\Documents and Settings\Travis Bischel\Application Data\InstallShield Installation Information
2008-09-20 11:24:23 ----D---- C:\Documents and Settings\Travis Bischel\Application Data\My Games
2008-09-17 23:55:00 ----AC---- C:\WINDOWS\system32\NVUNINST.EXE
2008-09-17 23:55:00 ----AC---- C:\WINDOWS\system32\nvudisp.exe
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nwiz.exe
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwssr.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwss.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrszht.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrszhc.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrstr.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrssv.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrssl.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrssk.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrsru.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrsptb.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrspt.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrspl.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrsno.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrsnl.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrsko.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrsja.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrsit.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrshu.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrshe.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrsfr.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrsfi.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrsesm.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrses.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrseng.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrsel.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrsde.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrsda.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrscs.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrsar.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwimg.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwdmcpl.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwddi.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvvitvsr.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvvitvs.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvsvc32.exe
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvshell.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrszht.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrszhc.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrstr.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrssv.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrssl.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrssk.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrsru.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrsptb.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrspt.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrspl.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrsno.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrsnl.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrsko.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrsja.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrsit.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrshu.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrshe.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrsfr.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrsfi.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrsesm.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrses.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrseng.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrsel.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrsde.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrsda.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrscs.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrsar.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvoglnt.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvnt4cpl.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvmoblsr.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvmobls.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvmctray.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvmccssr.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvmccss.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvmccsrs.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvmccs.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nview.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvgamesr.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvgames.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvdspsch.exe
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvdispsr.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvdisps.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvcuda.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvcpluir.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvcplui.exe
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvcpl.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvcolor.exe
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvcodins.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvcod.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvappbar.exe
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvapi.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nv4_disp.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\keystone.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2005-04-07 3840]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2003-07-17 66992]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2003-07-17 24698]
R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2003-07-17 259328]
R1 DVDVRRdr_xp;DVDVRRdr_xp; C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys [2003-07-17 146560]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2003-07-17 118409]
R1 tmtdi;Trend Micro TDI Driver; C:\WINDOWS\system32\DRIVERS\tmtdi.sys [2006-12-29 75088]
R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\system32\drivers\UdfReadr_xp.sys [2003-07-17 213120]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R2 tmmbd;Trend Micro MBD Driver; C:\WINDOWS\system32\DRIVERS\tm_mbd_c.sys [2006-12-29 111888]
R2 tmpreflt;tmpreflt; C:\WINDOWS\system32\DRIVERS\tmpreflt.sys [2008-07-18 36368]
R2 tmxpflt;tmxpflt; C:\WINDOWS\system32\DRIVERS\tmxpflt.sys [2008-07-18 205328]
R2 vsapint;vsapint; C:\WINDOWS\system32\DRIVERS\vsapint.sys [2008-07-18 1195448]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2006-06-09 1373120]
R3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2003-07-17 21993]
R3 E1000;Intel® PRO/1000 Adapter Driver; C:\WINDOWS\System32\DRIVERS\e1000325.sys [2003-05-20 121856]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HPFXBULK;HPFXBULK; C:\WINDOWS\system32\drivers\hpfxbulk.sys [2006-06-12 9344]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-09-17 6132576]
R3 Pcouffin;Low level access layer for CD devices; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2005-03-23 31680]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2007-10-21 9856]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2006-11-08 22784]
R3 tmcfw;Trend Micro Common Firewall Service; C:\WINDOWS\system32\DRIVERS\TM_CFW.sys [2006-12-29 288848]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 WinDriver6;WinDriver6; C:\WINDOWS\system32\drivers\windrvr6.sys [2005-03-21 333620]
S2 ATITUNEP;ATI WDM TV Tuner; C:\WINDOWS\system32\DRIVERS\atintuxx.sys [2003-05-12 38400]
S2 ATIXSAudio;ATI WDM TV Audio Crossbar; C:\WINDOWS\System32\DRIVERS\atinxsxx.sys [2003-05-12 62464]
S2 MVDCODEC;ATI WDM Specialized MVD Codec; C:\WINDOWS\System32\DRIVERS\atinmdxx.sys [2003-05-12 13824]
S2 PCDCODEC;ATI WDM Specialized PCD Codec; C:\WINDOWS\System32\DRIVERS\atinpdxx.sys [2003-05-12 13312]
S3 61883;61883 Unit Device; C:\WINDOWS\System32\DRIVERS\61883.sys [2008-04-13 48128]
S3 ADM851x;ADMtek Pegasus USB To Fast Ethernet Adapter; C:\WINDOWS\System32\DRIVERS\ADM851x.SYS [2003-03-07 26525]
S3 ATI Remote Wonder II;ATI Remote Wonder II; C:\WINDOWS\system32\drivers\ATIRWVD.SYS [2003-12-15 257872]
S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-05-17 2164736]
S3 ATIAVAIW;ATI T200 Unified AVStream service; C:\WINDOWS\system32\DRIVERS\atinavt2.sys [2007-04-25 169088]
S3 atinevxx;ATI WDM Rage Theater Video NSP; C:\WINDOWS\system32\DRIVERS\atinevxx.sys [2005-06-07 165888]
S3 atinrvxx;ATI WDM Rage Theater Video; C:\WINDOWS\System32\DRIVERS\atinrvxx.sys [2003-05-12 102912]
S3 ativraxx;ATI WDM Rage Theater Audio; C:\WINDOWS\System32\DRIVERS\atinraxx.sys [2003-05-12 51200]
S3 Avc;AVC Device; C:\WINDOWS\System32\DRIVERS\avc.sys [2008-04-13 38912]
S3 Bridge;MAC Bridge; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 hamachi_oem;PlayLinc Adapter; C:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-10-19 10664]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-12-14 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-12-14 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-12-14 21744]
S3 LHidUsb;Logitech USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsb.Sys [2004-03-03 37887]
S3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2003-07-17 22745]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\System32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nm;Network Monitor Driver; C:\WINDOWS\System32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 PSSdk23;PSSdk23; \??\C:\WINDOWS\system32\Drivers\PsSdk23.drv []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2007-10-31 30464]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 X10UIF;ATI Wireless Remote Receiver V2.36; C:\WINDOWS\System32\Drivers\x10uif.sys [2003-03-28 10761]
S4 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 NTACCESS;NTACCESS; \??\E:\NTACCESS.sys []
S4 SetupNTGLM7X;SetupNTGLM7X; \??\E:\NTGLM7X.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-06-15 611664]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
R2 Diskeeper;Diskeeper; C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe [2001-10-04 253952]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-07 168432]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-09-17 163908]
R2 PcCtlCom;Trend Micro Central Control Component; C:\PROGRA~1\TRENDM~1\INTERN~3\PcCtlCom.exe [2007-01-23 1922576]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-04-19 66872]
R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
R2 Tmntsrv;Trend Micro Real-time Service; C:\PROGRA~1\TRENDM~1\INTERN~3\Tmntsrv.exe [2006-12-29 480784]
R2 TmPfw;Trend Micro Personal Firewall; C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe [2006-12-29 943696]
R2 tmproxy;Trend Micro Proxy Service; C:\PROGRA~1\TRENDM~1\INTERN~3\tmproxy.exe [2006-12-29 566872]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [2001-05-01 53248]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R3 PcScnSrv;Trend Micro Protection Against Spyware ; C:\PROGRA~1\TRENDM~1\INTERN~3\PcScnSrv.exe [2006-12-29 214544]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

only "log" popped up

#9 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:45 PM

Posted 16 October 2008 - 02:59 AM

Yes, that is normal upon second run.

Please download the OTMoveIt3 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :reg
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    "boOw0bpi3u"=-
    
    :files
    C:\WINDOWS\system32\jwvsvcxy.exe
    C:\Program Files\ioazzzc
  • Return to OTMoveIt3, right click in the "Paste List of Files/Folders to Move" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Re-run rsit.

Post:

- rsit log
- otmoveit3 log
Microsoft MVP Consumer Security
Posted Image

Posted Image

#10 lollerclops

lollerclops
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:45 AM

Posted 16 October 2008 - 04:07 PM

MoveIt log _____________________________________________________________________________




========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\\boOw0bpi3u deleted successfully.
========== FILES ==========
C:\WINDOWS\system32\jwvsvcxy.exe moved successfully.
C:\Program Files\ioazzzc moved successfully.

OTMoveIt3 by OldTimer - Version 1.0.5.0 log created on 10162008_160358



rsit log __________________________________________________________________________________



Logfile of random's system information tool 1.04 (written by random/random)
Run by Travis Bischel at 2008-10-16 16:05:04
Microsoft Windows XP Professional Service Pack 3
System drive C: has 30 GB (26%) free of 114 GB
Total RAM: 2047 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:05:12 PM, on 10/16/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\PcCtlCom.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\PcScnSrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\tmproxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Travis Bischel\Desktop\OTMoveIt3.exe
C:\Documents and Settings\Travis Bischel\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Travis Bischel.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: AutorunsDisabled
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Get It With Kontiki - res://C:\Program Files\Kontiki\bin\bh309190.dll/201
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {460324E8-CFB4-4357-85EF-CE3EBFE23A62} (Crystal ActiveX Report Viewer Control 11.0) - https://www.hammerheadmole.com/intranet/cry...tiveXViewer.cab
O16 - DPF: {4855C21B-E452-4661-A702-ED3493CE74DF} - http://sp.ask.com/docs/toolbar/download/askbar-inst.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187927373234
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187927345093
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\PcScnSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\tmproxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8047 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-08-22 193136]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PtiuPbmd"=C:\WINDOWS\system32\ptipbm.dll [2003-01-15 24576]
"Cmaudio"=RunDll32 cmicnfg.cpl []
"pccguide.exe"=C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe [2007-01-23 3429904]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-09-17 13574144]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-09-17 86016]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"ATI Launchpad"=C:\Program Files\ATI Multimedia\main\launchpd.exe []
"ATI DeviceDetect"=C:\Program Files\ATI Multimedia\main\ATIDtct.EXE []
"ATI Remote Control"=C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe []
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-06 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-10 116040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
C:\Program Files\BitTorrent\bittorrent.exe --force_start_minimized []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-02-16 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpbdfawep]
C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe [2007-12-23 618496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe [2003-05-01 65536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToolBoxFX]
C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe [2006-06-15 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~3.0\Reader\READER~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2004-11-04 258048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe [2004-11-04 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Program Neighborhood Agent.lnk]
C:\WINDOWS\Installer\{2624B680-02BC-4CBC-839C-DA20DF6EF6EC}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe [2008-08-16 61440]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
AutorunsDisabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Kontiki\bin\kontiki.exe"="C:\Program Files\Kontiki\bin\kontiki.exe:*:Disabled:Kontiki Client"
"C:\Program Files\Ubisoft\Splinter Cell Pandora Tomorrow\pandora.exe"="C:\Program Files\Ubisoft\Splinter Cell Pandora Tomorrow\pandora.exe:*:Enabled:pandora"
"C:\Program Files\Ubisoft\Splinter Cell Pandora Tomorrow\online\System\shadowstrike_static_retail.exe"="C:\Program Files\Ubisoft\Splinter Cell Pandora Tomorrow\online\System\shadowstrike_static_retail.exe:*:Enabled:shadowstrike_static_retail"
"C:\Documents and Settings\Travis Bischel\Desktop\Everything\Games\Starcraft\starcraft.exe"="C:\Documents and Settings\Travis Bischel\Desktop\Everything\Games\Starcraft\starcraft.exe:*:Enabled:Starcraft"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Real\RealOne Player\realplay.exe"="C:\Program Files\Real\RealOne Player\realplay.exe:*:Enabled:RealPlayer"
"C:\Documents and Settings\Travis Bischel\Local Settings\Application Data\Wildtangent\Cdacache\CC9503AF-E3D9-4701-9010-44FE3B4D43AA\sspm.exe"="C:\Documents and Settings\Travis Bischel\Local Settings\Application Data\Wildtangent\Cdacache\CC9503AF-E3D9-4701-9010-44FE3B4D43AA\sspm.exe:*:Disabled:sspm"
"C:\Program Files\Microsoft Games\Age of Empires\EMPIRESX.EXE"="C:\Program Files\Microsoft Games\Age of Empires\EMPIRESX.EXE:*:Enabled:Age of Empires, the Rise of Rome"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Documents and Settings\Casey Bischel\My Documents\download\BitTornado\btdownloadgui.exe"="C:\Documents and Settings\Casey Bischel\My Documents\download\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\Program Files\Ubisoft\Splinter Cell Pandora Tomorrow\online\System\shadowstrike_static_retail.ex"="C:\Program Files\Ubisoft\Splinter Cell Pandora Tomorrow\online\System\shadowstrike_static_retail.ex:*:Disabled:shadowstrike_static_retail"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\WINDOWS\system32\dxdiag.exe"="C:\WINDOWS\system32\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool"
"C:\Program Files\LucasArts\Star Wars JK II Jedi Outcast\GameData\jk2mp.exe"="C:\Program Files\LucasArts\Star Wars JK II Jedi Outcast\GameData\jk2mp.exe:*:Enabled:jk2mp"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\Program Files\THQ\Hot Wheels Bash Arena\BashArena.exe"="C:\Program Files\THQ\Hot Wheels Bash Arena\BashArena.exe:*:Enabled:Hotwheels™: Bash Arena™ executable"
"C:\SIERRA\SIGSPAT.EXE"="C:\SIERRA\SIGSPAT.EXE:*:Enabled:Auto Update"
"C:\Program Files\Activision\THPS2\THawk2.exe"="C:\Program Files\Activision\THPS2\THawk2.exe:*:Disabled:THawk2"
"C:\Program Files\Xfire\Xfire.exe"="C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire"
"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Steam\SteamApps\lollerclops\counter-strike source\hl2.exe"="C:\Program Files\Steam\SteamApps\lollerclops\counter-strike source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\NovaLogic\Joint Operations Typhoon Rising\jointops.exe"="C:\Program Files\NovaLogic\Joint Operations Typhoon Rising\jointops.exe:*:Enabled:Joint Operations Typhoon Rising"
"C:\Program Files\NovaLogic\Joint Operations Typhoon Rising\update.exe"="C:\Program Files\NovaLogic\Joint Operations Typhoon Rising\update.exe:*:Enabled:Update Game"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Common Files\AOL\1148679502\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1148679502\ee\aolsoftware.exe:*:Enabled:AOL Services"
"C:\Program Files\Common Files\AOL\1148679502\ee\aim6.exe"="C:\Program Files\Common Files\AOL\1148679502\ee\aim6.exe:*:Enabled:AIM"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\Guild Wars\Gw.exe"="C:\Program Files\Guild Wars\Gw.exe:*:Enabled:Guild Wars"
"C:\Program Files\Common Files\Adobe\ESD\AdobeDownloadManager.exe"="C:\Program Files\Common Files\Adobe\ESD\AdobeDownloadManager.exe:*:Enabled:Adobe Download Manager"
"C:\Documents and Settings\Travis Bischel\Desktop\paus\paros\IeEmbed.exe"="C:\Documents and Settings\Travis Bischel\Desktop\paus\paros\IeEmbed.exe:*:Enabled:JDesktop Integration Components binary"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Games\Halo\halo.exe"="C:\Program Files\Microsoft Games\Halo\halo.exe:*:Enabled:Halo"
"C:\Program Files\Microsoft Games\Halo Server\haloded.exe"="C:\Program Files\Microsoft Games\Halo Server\haloded.exe:*:Enabled:Halo"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Team17\Worms 2\Frontend.exe"="C:\Program Files\Team17\Worms 2\Frontend.exe:*:Enabled:Worms 2 Frontend"
"C:\Program Files\Starcraft\StarCraft.exe"="C:\Program Files\Starcraft\StarCraft.exe:*:Enabled:Starcraft"
"C:\Program Files\Steam\SteamApps\lollerclops\team fortress 2\hl2.exe"="C:\Program Files\Steam\SteamApps\lollerclops\team fortress 2\hl2.exe:*:Enabled:hl2"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Documents and Settings\Travis Bischel\Application Data\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe"="C:\Documents and Settings\Travis Bischel\Application Data\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"

======File associations======

.js - open - NOTEPAD.EXE %1
.vbs - open - NOTEPAD.EXE %1

======List of files/folders created in the last 1 months======

2008-10-16 16:03:58 ----D---- C:\_OTMoveIt
2008-10-14 19:51:27 ----D---- C:\rsit
2008-10-14 19:44:29 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-14 19:44:14 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-14 19:44:01 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-14 19:41:32 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-14 19:41:18 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-11 13:35:34 ----D---- C:\WINDOWS\NV23161144.TMP
2008-10-10 22:35:24 ----D---- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-10-09 18:05:43 ----D---- C:\VundoFix Backups
2008-10-09 18:05:43 ----A---- C:\VundoFix.txt
2008-10-09 16:57:12 ----D---- C:\Documents and Settings\Travis Bischel\Application Data\Malwarebytes
2008-10-09 16:57:03 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-09 16:57:03 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-05 16:05:36 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-10-05 16:05:27 ----D---- C:\Documents and Settings\Travis Bischel\Application Data\SUPERAntiSpyware.com
2008-10-05 13:59:34 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrsth.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrsth.dll

======List of files/folders modified in the last 1 months======

2008-10-16 16:05:04 ----D---- C:\WINDOWS\Temp
2008-10-16 16:03:59 ----D---- C:\WINDOWS\system32
2008-10-16 16:03:59 ----AD---- C:\Program Files
2008-10-16 16:02:52 ----D---- C:\WINDOWS\Prefetch
2008-10-16 15:56:23 ----AD---- C:\WINDOWS
2008-10-15 23:12:37 ----N---- C:\WINDOWS\SchedLgU.Txt
2008-10-15 16:38:04 ----A---- C:\WINDOWS\system32\HPPDEVX.DLL.log
2008-10-14 21:41:00 ----D---- C:\WINDOWS\Debug
2008-10-14 19:47:40 ----D---- C:\Program Files\Internet Explorer
2008-10-14 19:44:34 ----HD---- C:\WINDOWS\inf
2008-10-14 19:44:31 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-14 19:44:31 ----D---- C:\WINDOWS\system32\drivers
2008-10-14 19:44:25 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-14 19:43:18 ----SHD---- C:\WINDOWS\Installer
2008-10-14 19:43:17 ----HD---- C:\Config.Msi
2008-10-14 19:42:55 ----A---- C:\WINDOWS\win.ini
2008-10-14 19:41:28 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-13 17:38:45 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-10-11 20:51:53 ----D---- C:\WINDOWS\Minidump
2008-10-11 19:16:15 ----RSH---- C:\boot.ini
2008-10-11 19:16:15 ----N---- C:\WINDOWS\system.ini
2008-10-11 13:53:36 ----D---- C:\WINDOWS\pss
2008-10-11 13:38:28 ----D---- C:\WINDOWS\Help
2008-10-11 13:38:25 ----D---- C:\WINDOWS\nview
2008-10-10 22:21:18 ----D---- C:\WINDOWS\Registration
2008-10-10 22:20:52 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-10 22:12:01 ----RSD---- C:\WINDOWS\assembly
2008-10-08 22:29:42 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-07 14:19:40 ----AC---- C:\WINDOWS\system32\MRT.exe
2008-10-07 12:03:32 ----D---- C:\Program Files\Greetings Workshop
2008-10-06 19:22:57 ----AC---- C:\WINDOWS\BlendSettings.ini
2008-10-05 20:39:36 ----D---- C:\Program Files\Trend Micro
2008-10-05 20:22:40 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-05 14:25:55 ----D---- C:\WINDOWS\system32\NtmsData
2008-10-05 14:19:21 ----D---- C:\WINDOWS\repair
2008-10-05 00:49:26 ----D---- C:\Program Files\Common Files\Download Manager
2008-10-03 12:41:15 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-09-21 16:30:53 ----D---- C:\WINDOWS\system32\DirectX
2008-09-21 16:20:38 ----D---- C:\Program Files\Bethesda Softworks
2008-09-21 16:01:41 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2008-09-20 11:25:47 ----D---- C:\Documents and Settings\Travis Bischel\Application Data\InstallShield Installation Information
2008-09-20 11:24:23 ----D---- C:\Documents and Settings\Travis Bischel\Application Data\My Games
2008-09-17 23:55:00 ----AC---- C:\WINDOWS\system32\NVUNINST.EXE
2008-09-17 23:55:00 ----AC---- C:\WINDOWS\system32\nvudisp.exe
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nwiz.exe
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwssr.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwss.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrszht.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrszhc.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrstr.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrssv.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrssl.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrssk.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrsru.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrsptb.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrspt.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrspl.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrsno.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrsnl.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrsko.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrsja.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrsit.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrshu.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrshe.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrsfr.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrsfi.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrsesm.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrses.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrseng.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrsel.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrsde.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrsda.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrscs.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrsar.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwimg.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwdmcpl.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwddi.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvvitvsr.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvvitvs.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvsvc32.exe
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvshell.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrszht.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrszhc.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrstr.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrssv.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrssl.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrssk.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrsru.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrsptb.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrspt.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrspl.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrsno.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrsnl.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrsko.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrsja.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrsit.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrshu.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrshe.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrsfr.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrsfi.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrsesm.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrses.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrseng.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrsel.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrsde.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrsda.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrscs.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrsar.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvoglnt.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvnt4cpl.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvmoblsr.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvmobls.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvmctray.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvmccssr.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvmccss.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvmccsrs.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvmccs.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nview.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvgamesr.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvgames.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvdspsch.exe
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvdispsr.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvdisps.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvcuda.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvcpluir.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvcplui.exe
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvcpl.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvcolor.exe
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvcodins.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvcod.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvappbar.exe
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvapi.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nv4_disp.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\keystone.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2005-04-07 3840]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2003-07-17 66992]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2003-07-17 24698]
R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2003-07-17 259328]
R1 DVDVRRdr_xp;DVDVRRdr_xp; C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys [2003-07-17 146560]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2003-07-17 118409]
R1 tmtdi;Trend Micro TDI Driver; C:\WINDOWS\system32\DRIVERS\tmtdi.sys [2006-12-29 75088]
R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\system32\drivers\UdfReadr_xp.sys [2003-07-17 213120]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R2 tmmbd;Trend Micro MBD Driver; C:\WINDOWS\system32\DRIVERS\tm_mbd_c.sys [2006-12-29 111888]
R2 tmpreflt;tmpreflt; C:\WINDOWS\system32\DRIVERS\tmpreflt.sys [2008-07-18 36368]
R2 tmxpflt;tmxpflt; C:\WINDOWS\system32\DRIVERS\tmxpflt.sys [2008-07-18 205328]
R2 vsapint;vsapint; C:\WINDOWS\system32\DRIVERS\vsapint.sys [2008-07-18 1195448]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2006-06-09 1373120]
R3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2003-07-17 21993]
R3 E1000;Intel® PRO/1000 Adapter Driver; C:\WINDOWS\System32\DRIVERS\e1000325.sys [2003-05-20 121856]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HPFXBULK;HPFXBULK; C:\WINDOWS\system32\drivers\hpfxbulk.sys [2006-06-12 9344]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-09-17 6132576]
R3 Pcouffin;Low level access layer for CD devices; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2005-03-23 31680]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2007-10-21 9856]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2006-11-08 22784]
R3 tmcfw;Trend Micro Common Firewall Service; C:\WINDOWS\system32\DRIVERS\TM_CFW.sys [2006-12-29 288848]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 WinDriver6;WinDriver6; C:\WINDOWS\system32\drivers\windrvr6.sys [2005-03-21 333620]
S2 ATITUNEP;ATI WDM TV Tuner; C:\WINDOWS\system32\DRIVERS\atintuxx.sys [2003-05-12 38400]
S2 ATIXSAudio;ATI WDM TV Audio Crossbar; C:\WINDOWS\System32\DRIVERS\atinxsxx.sys [2003-05-12 62464]
S2 MVDCODEC;ATI WDM Specialized MVD Codec; C:\WINDOWS\System32\DRIVERS\atinmdxx.sys [2003-05-12 13824]
S2 PCDCODEC;ATI WDM Specialized PCD Codec; C:\WINDOWS\System32\DRIVERS\atinpdxx.sys [2003-05-12 13312]
S3 61883;61883 Unit Device; C:\WINDOWS\System32\DRIVERS\61883.sys [2008-04-13 48128]
S3 ADM851x;ADMtek Pegasus USB To Fast Ethernet Adapter; C:\WINDOWS\System32\DRIVERS\ADM851x.SYS [2003-03-07 26525]
S3 ATI Remote Wonder II;ATI Remote Wonder II; C:\WINDOWS\system32\drivers\ATIRWVD.SYS [2003-12-15 257872]
S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-05-17 2164736]
S3 ATIAVAIW;ATI T200 Unified AVStream service; C:\WINDOWS\system32\DRIVERS\atinavt2.sys [2007-04-25 169088]
S3 atinevxx;ATI WDM Rage Theater Video NSP; C:\WINDOWS\system32\DRIVERS\atinevxx.sys [2005-06-07 165888]
S3 atinrvxx;ATI WDM Rage Theater Video; C:\WINDOWS\System32\DRIVERS\atinrvxx.sys [2003-05-12 102912]
S3 ativraxx;ATI WDM Rage Theater Audio; C:\WINDOWS\System32\DRIVERS\atinraxx.sys [2003-05-12 51200]
S3 Avc;AVC Device; C:\WINDOWS\System32\DRIVERS\avc.sys [2008-04-13 38912]
S3 Bridge;MAC Bridge; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 hamachi_oem;PlayLinc Adapter; C:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-10-19 10664]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-12-14 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-12-14 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-12-14 21744]
S3 LHidUsb;Logitech USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsb.Sys [2004-03-03 37887]
S3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2003-07-17 22745]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\System32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nm;Network Monitor Driver; C:\WINDOWS\System32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 PSSdk23;PSSdk23; \??\C:\WINDOWS\system32\Drivers\PsSdk23.drv []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2007-10-31 30464]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 X10UIF;ATI Wireless Remote Receiver V2.36; C:\WINDOWS\System32\Drivers\x10uif.sys [2003-03-28 10761]
S4 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 NTACCESS;NTACCESS; \??\E:\NTACCESS.sys []
S4 SetupNTGLM7X;SetupNTGLM7X; \??\E:\NTGLM7X.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-06-15 611664]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
R2 Diskeeper;Diskeeper; C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe [2001-10-04 253952]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-07 168432]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-09-17 163908]
R2 PcCtlCom;Trend Micro Central Control Component; C:\PROGRA~1\TRENDM~1\INTERN~3\PcCtlCom.exe [2007-01-23 1922576]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-04-19 66872]
R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
R2 Tmntsrv;Trend Micro Real-time Service; C:\PROGRA~1\TRENDM~1\INTERN~3\Tmntsrv.exe [2006-12-29 480784]
R2 TmPfw;Trend Micro Personal Firewall; C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe [2006-12-29 943696]
R2 tmproxy;Trend Micro Proxy Service; C:\PROGRA~1\TRENDM~1\INTERN~3\tmproxy.exe [2006-12-29 566872]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [2001-05-01 53248]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R3 PcScnSrv;Trend Micro Protection Against Spyware ; C:\PROGRA~1\TRENDM~1\INTERN~3\PcScnSrv.exe [2006-12-29 214544]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------



MoveIt log _____________________________________________________________________________




========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\\boOw0bpi3u deleted successfully.
========== FILES ==========
C:\WINDOWS\system32\jwvsvcxy.exe moved successfully.
C:\Program Files\ioazzzc moved successfully.

OTMoveIt3 by OldTimer - Version 1.0.5.0 log created on 10162008_160358



rsit log __________________________________________________________________________________



Logfile of random's system information tool 1.04 (written by random/random)
Run by Travis Bischel at 2008-10-16 16:05:04
Microsoft Windows XP Professional Service Pack 3
System drive C: has 30 GB (26%) free of 114 GB
Total RAM: 2047 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:05:12 PM, on 10/16/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\PcCtlCom.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\PcScnSrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\tmproxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Travis Bischel\Desktop\OTMoveIt3.exe
C:\Documents and Settings\Travis Bischel\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Travis Bischel.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: AutorunsDisabled
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Get It With Kontiki - res://C:\Program Files\Kontiki\bin\bh309190.dll/201
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {460324E8-CFB4-4357-85EF-CE3EBFE23A62} (Crystal ActiveX Report Viewer Control 11.0) - https://www.hammerheadmole.com/intranet/cry...tiveXViewer.cab
O16 - DPF: {4855C21B-E452-4661-A702-ED3493CE74DF} - http://sp.ask.com/docs/toolbar/download/askbar-inst.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187927373234
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187927345093
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\PcScnSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\tmproxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8047 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-08-22 193136]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PtiuPbmd"=C:\WINDOWS\system32\ptipbm.dll [2003-01-15 24576]
"Cmaudio"=RunDll32 cmicnfg.cpl []
"pccguide.exe"=C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe [2007-01-23 3429904]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-09-17 13574144]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-09-17 86016]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"ATI Launchpad"=C:\Program Files\ATI Multimedia\main\launchpd.exe []
"ATI DeviceDetect"=C:\Program Files\ATI Multimedia\main\ATIDtct.EXE []
"ATI Remote Control"=C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe []
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-06 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-10 116040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
C:\Program Files\BitTorrent\bittorrent.exe --force_start_minimized []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-02-16 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpbdfawep]
C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe [2007-12-23 618496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe [2003-05-01 65536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToolBoxFX]
C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe [2006-06-15 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~3.0\Reader\READER~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2004-11-04 258048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe [2004-11-04 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Program Neighborhood Agent.lnk]
C:\WINDOWS\Installer\{2624B680-02BC-4CBC-839C-DA20DF6EF6EC}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe [2008-08-16 61440]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
AutorunsDisabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Kontiki\bin\kontiki.exe"="C:\Program Files\Kontiki\bin\kontiki.exe:*:Disabled:Kontiki Client"
"C:\Program Files\Ubisoft\Splinter Cell Pandora Tomorrow\pandora.exe"="C:\Program Files\Ubisoft\Splinter Cell Pandora Tomorrow\pandora.exe:*:Enabled:pandora"
"C:\Program Files\Ubisoft\Splinter Cell Pandora Tomorrow\online\System\shadowstrike_static_retail.exe"="C:\Program Files\Ubisoft\Splinter Cell Pandora Tomorrow\online\System\shadowstrike_static_retail.exe:*:Enabled:shadowstrike_static_retail"
"C:\Documents and Settings\Travis Bischel\Desktop\Everything\Games\Starcraft\starcraft.exe"="C:\Documents and Settings\Travis Bischel\Desktop\Everything\Games\Starcraft\starcraft.exe:*:Enabled:Starcraft"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Real\RealOne Player\realplay.exe"="C:\Program Files\Real\RealOne Player\realplay.exe:*:Enabled:RealPlayer"
"C:\Documents and Settings\Travis Bischel\Local Settings\Application Data\Wildtangent\Cdacache\CC9503AF-E3D9-4701-9010-44FE3B4D43AA\sspm.exe"="C:\Documents and Settings\Travis Bischel\Local Settings\Application Data\Wildtangent\Cdacache\CC9503AF-E3D9-4701-9010-44FE3B4D43AA\sspm.exe:*:Disabled:sspm"
"C:\Program Files\Microsoft Games\Age of Empires\EMPIRESX.EXE"="C:\Program Files\Microsoft Games\Age of Empires\EMPIRESX.EXE:*:Enabled:Age of Empires, the Rise of Rome"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Documents and Settings\Casey Bischel\My Documents\download\BitTornado\btdownloadgui.exe"="C:\Documents and Settings\Casey Bischel\My Documents\download\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\Program Files\Ubisoft\Splinter Cell Pandora Tomorrow\online\System\shadowstrike_static_retail.ex"="C:\Program Files\Ubisoft\Splinter Cell Pandora Tomorrow\online\System\shadowstrike_static_retail.ex:*:Disabled:shadowstrike_static_retail"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\WINDOWS\system32\dxdiag.exe"="C:\WINDOWS\system32\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool"
"C:\Program Files\LucasArts\Star Wars JK II Jedi Outcast\GameData\jk2mp.exe"="C:\Program Files\LucasArts\Star Wars JK II Jedi Outcast\GameData\jk2mp.exe:*:Enabled:jk2mp"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\Program Files\THQ\Hot Wheels Bash Arena\BashArena.exe"="C:\Program Files\THQ\Hot Wheels Bash Arena\BashArena.exe:*:Enabled:Hotwheels™: Bash Arena™ executable"
"C:\SIERRA\SIGSPAT.EXE"="C:\SIERRA\SIGSPAT.EXE:*:Enabled:Auto Update"
"C:\Program Files\Activision\THPS2\THawk2.exe"="C:\Program Files\Activision\THPS2\THawk2.exe:*:Disabled:THawk2"
"C:\Program Files\Xfire\Xfire.exe"="C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire"
"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Steam\SteamApps\lollerclops\counter-strike source\hl2.exe"="C:\Program Files\Steam\SteamApps\lollerclops\counter-strike source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\NovaLogic\Joint Operations Typhoon Rising\jointops.exe"="C:\Program Files\NovaLogic\Joint Operations Typhoon Rising\jointops.exe:*:Enabled:Joint Operations Typhoon Rising"
"C:\Program Files\NovaLogic\Joint Operations Typhoon Rising\update.exe"="C:\Program Files\NovaLogic\Joint Operations Typhoon Rising\update.exe:*:Enabled:Update Game"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Common Files\AOL\1148679502\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1148679502\ee\aolsoftware.exe:*:Enabled:AOL Services"
"C:\Program Files\Common Files\AOL\1148679502\ee\aim6.exe"="C:\Program Files\Common Files\AOL\1148679502\ee\aim6.exe:*:Enabled:AIM"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\Guild Wars\Gw.exe"="C:\Program Files\Guild Wars\Gw.exe:*:Enabled:Guild Wars"
"C:\Program Files\Common Files\Adobe\ESD\AdobeDownloadManager.exe"="C:\Program Files\Common Files\Adobe\ESD\AdobeDownloadManager.exe:*:Enabled:Adobe Download Manager"
"C:\Documents and Settings\Travis Bischel\Desktop\paus\paros\IeEmbed.exe"="C:\Documents and Settings\Travis Bischel\Desktop\paus\paros\IeEmbed.exe:*:Enabled:JDesktop Integration Components binary"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Games\Halo\halo.exe"="C:\Program Files\Microsoft Games\Halo\halo.exe:*:Enabled:Halo"
"C:\Program Files\Microsoft Games\Halo Server\haloded.exe"="C:\Program Files\Microsoft Games\Halo Server\haloded.exe:*:Enabled:Halo"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Team17\Worms 2\Frontend.exe"="C:\Program Files\Team17\Worms 2\Frontend.exe:*:Enabled:Worms 2 Frontend"
"C:\Program Files\Starcraft\StarCraft.exe"="C:\Program Files\Starcraft\StarCraft.exe:*:Enabled:Starcraft"
"C:\Program Files\Steam\SteamApps\lollerclops\team fortress 2\hl2.exe"="C:\Program Files\Steam\SteamApps\lollerclops\team fortress 2\hl2.exe:*:Enabled:hl2"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Documents and Settings\Travis Bischel\Application Data\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe"="C:\Documents and Settings\Travis Bischel\Application Data\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"

======File associations======

.js - open - NOTEPAD.EXE %1
.vbs - open - NOTEPAD.EXE %1

======List of files/folders created in the last 1 months======

2008-10-16 16:03:58 ----D---- C:\_OTMoveIt
2008-10-14 19:51:27 ----D---- C:\rsit
2008-10-14 19:44:29 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-14 19:44:14 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-14 19:44:01 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-14 19:41:32 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-14 19:41:18 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-11 13:35:34 ----D---- C:\WINDOWS\NV23161144.TMP
2008-10-10 22:35:24 ----D---- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-10-09 18:05:43 ----D---- C:\VundoFix Backups
2008-10-09 18:05:43 ----A---- C:\VundoFix.txt
2008-10-09 16:57:12 ----D---- C:\Documents and Settings\Travis Bischel\Application Data\Malwarebytes
2008-10-09 16:57:03 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-09 16:57:03 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-05 16:05:36 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-10-05 16:05:27 ----D---- C:\Documents and Settings\Travis Bischel\Application Data\SUPERAntiSpyware.com
2008-10-05 13:59:34 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrsth.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrsth.dll

======List of files/folders modified in the last 1 months======

2008-10-16 16:05:04 ----D---- C:\WINDOWS\Temp
2008-10-16 16:03:59 ----D---- C:\WINDOWS\system32
2008-10-16 16:03:59 ----AD---- C:\Program Files
2008-10-16 16:02:52 ----D---- C:\WINDOWS\Prefetch
2008-10-16 15:56:23 ----AD---- C:\WINDOWS
2008-10-15 23:12:37 ----N---- C:\WINDOWS\SchedLgU.Txt
2008-10-15 16:38:04 ----A---- C:\WINDOWS\system32\HPPDEVX.DLL.log
2008-10-14 21:41:00 ----D---- C:\WINDOWS\Debug
2008-10-14 19:47:40 ----D---- C:\Program Files\Internet Explorer
2008-10-14 19:44:34 ----HD---- C:\WINDOWS\inf
2008-10-14 19:44:31 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-14 19:44:31 ----D---- C:\WINDOWS\system32\drivers
2008-10-14 19:44:25 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-14 19:43:18 ----SHD---- C:\WINDOWS\Installer
2008-10-14 19:43:17 ----HD---- C:\Config.Msi
2008-10-14 19:42:55 ----A---- C:\WINDOWS\win.ini
2008-10-14 19:41:28 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-13 17:38:45 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-10-11 20:51:53 ----D---- C:\WINDOWS\Minidump
2008-10-11 19:16:15 ----RSH---- C:\boot.ini
2008-10-11 19:16:15 ----N---- C:\WINDOWS\system.ini
2008-10-11 13:53:36 ----D---- C:\WINDOWS\pss
2008-10-11 13:38:28 ----D---- C:\WINDOWS\Help
2008-10-11 13:38:25 ----D---- C:\WINDOWS\nview
2008-10-10 22:21:18 ----D---- C:\WINDOWS\Registration
2008-10-10 22:20:52 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-10 22:12:01 ----RSD---- C:\WINDOWS\assembly
2008-10-08 22:29:42 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-07 14:19:40 ----AC---- C:\WINDOWS\system32\MRT.exe
2008-10-07 12:03:32 ----D---- C:\Program Files\Greetings Workshop
2008-10-06 19:22:57 ----AC---- C:\WINDOWS\BlendSettings.ini
2008-10-05 20:39:36 ----D---- C:\Program Files\Trend Micro
2008-10-05 20:22:40 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-05 14:25:55 ----D---- C:\WINDOWS\system32\NtmsData
2008-10-05 14:19:21 ----D---- C:\WINDOWS\repair
2008-10-05 00:49:26 ----D---- C:\Program Files\Common Files\Download Manager
2008-10-03 12:41:15 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-09-21 16:30:53 ----D---- C:\WINDOWS\system32\DirectX
2008-09-21 16:20:38 ----D---- C:\Program Files\Bethesda Softworks
2008-09-21 16:01:41 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2008-09-20 11:25:47 ----D---- C:\Documents and Settings\Travis Bischel\Application Data\InstallShield Installation Information
2008-09-20 11:24:23 ----D---- C:\Documents and Settings\Travis Bischel\Application Data\My Games
2008-09-17 23:55:00 ----AC---- C:\WINDOWS\system32\NVUNINST.EXE
2008-09-17 23:55:00 ----AC---- C:\WINDOWS\system32\nvudisp.exe
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nwiz.exe
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwssr.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwss.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrszht.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrszhc.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrstr.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrssv.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrssl.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrssk.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrsru.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrsptb.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrspt.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrspl.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrsno.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrsnl.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrsko.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrsja.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrsit.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrshu.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrshe.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrsfr.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrsfi.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrsesm.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrses.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrseng.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrsel.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrsde.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrsda.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrscs.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwrsar.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwimg.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwdmcpl.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvwddi.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvvitvsr.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvvitvs.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvsvc32.exe
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvshell.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrszht.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrszhc.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrstr.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrssv.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrssl.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrssk.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrsru.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrsptb.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrspt.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrspl.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrsno.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrsnl.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrsko.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrsja.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrsit.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrshu.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrshe.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrsfr.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrsfi.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrsesm.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrses.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrseng.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrsel.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrsde.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrsda.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrscs.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvrsar.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvoglnt.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvnt4cpl.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvmoblsr.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvmobls.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvmctray.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvmccssr.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvmccss.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvmccsrs.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvmccs.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nview.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvgamesr.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvgames.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvdspsch.exe
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvdispsr.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvdisps.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvcuda.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvcpluir.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvcplui.exe
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvcpl.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvcolor.exe
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvcodins.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvcod.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvappbar.exe
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nvapi.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\nv4_disp.dll
2008-09-17 23:55:00 ----A---- C:\WINDOWS\system32\keystone.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2005-04-07 3840]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2003-07-17 66992]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2003-07-17 24698]
R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2003-07-17 259328]
R1 DVDVRRdr_xp;DVDVRRdr_xp; C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys [2003-07-17 146560]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2003-07-17 118409]
R1 tmtdi;Trend Micro TDI Driver; C:\WINDOWS\system32\DRIVERS\tmtdi.sys [2006-12-29 75088]
R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\system32\drivers\UdfReadr_xp.sys [2003-07-17 213120]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R2 tmmbd;Trend Micro MBD Driver; C:\WINDOWS\system32\DRIVERS\tm_mbd_c.sys [2006-12-29 111888]
R2 tmpreflt;tmpreflt; C:\WINDOWS\system32\DRIVERS\tmpreflt.sys [2008-07-18 36368]
R2 tmxpflt;tmxpflt; C:\WINDOWS\system32\DRIVERS\tmxpflt.sys [2008-07-18 205328]
R2 vsapint;vsapint; C:\WINDOWS\system32\DRIVERS\vsapint.sys [2008-07-18 1195448]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2006-06-09 1373120]
R3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2003-07-17 21993]
R3 E1000;Intel® PRO/1000 Adapter Driver; C:\WINDOWS\System32\DRIVERS\e1000325.sys [2003-05-20 121856]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HPFXBULK;HPFXBULK; C:\WINDOWS\system32\drivers\hpfxbulk.sys [2006-06-12 9344]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-09-17 6132576]
R3 Pcouffin;Low level access layer for CD devices; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2005-03-23 31680]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2007-10-21 9856]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2006-11-08 22784]
R3 tmcfw;Trend Micro Common Firewall Service; C:\WINDOWS\system32\DRIVERS\TM_CFW.sys [2006-12-29 288848]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 WinDriver6;WinDriver6; C:\WINDOWS\system32\drivers\windrvr6.sys [2005-03-21 333620]
S2 ATITUNEP;ATI WDM TV Tuner; C:\WINDOWS\system32\DRIVERS\atintuxx.sys [2003-05-12 38400]
S2 ATIXSAudio;ATI WDM TV Audio Crossbar; C:\WINDOWS\System32\DRIVERS\atinxsxx.sys [2003-05-12 62464]
S2 MVDCODEC;ATI WDM Specialized MVD Codec; C:\WINDOWS\System32\DRIVERS\atinmdxx.sys [2003-05-12 13824]
S2 PCDCODEC;ATI WDM Specialized PCD Codec; C:\WINDOWS\System32\DRIVERS\atinpdxx.sys [2003-05-12 13312]
S3 61883;61883 Unit Device; C:\WINDOWS\System32\DRIVERS\61883.sys [2008-04-13 48128]
S3 ADM851x;ADMtek Pegasus USB To Fast Ethernet Adapter; C:\WINDOWS\System32\DRIVERS\ADM851x.SYS [2003-03-07 26525]
S3 ATI Remote Wonder II;ATI Remote Wonder II; C:\WINDOWS\system32\drivers\ATIRWVD.SYS [2003-12-15 257872]
S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-05-17 2164736]
S3 ATIAVAIW;ATI T200 Unified AVStream service; C:\WINDOWS\system32\DRIVERS\atinavt2.sys [2007-04-25 169088]
S3 atinevxx;ATI WDM Rage Theater Video NSP; C:\WINDOWS\system32\DRIVERS\atinevxx.sys [2005-06-07 165888]
S3 atinrvxx;ATI WDM Rage Theater Video; C:\WINDOWS\System32\DRIVERS\atinrvxx.sys [2003-05-12 102912]
S3 ativraxx;ATI WDM Rage Theater Audio; C:\WINDOWS\System32\DRIVERS\atinraxx.sys [2003-05-12 51200]
S3 Avc;AVC Device; C:\WINDOWS\System32\DRIVERS\avc.sys [2008-04-13 38912]
S3 Bridge;MAC Bridge; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 hamachi_oem;PlayLinc Adapter; C:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-10-19 10664]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-12-14 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-12-14 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-12-14 21744]
S3 LHidUsb;Logitech USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsb.Sys [2004-03-03 37887]
S3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2003-07-17 22745]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\System32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nm;Network Monitor Driver; C:\WINDOWS\System32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 PSSdk23;PSSdk23; \??\C:\WINDOWS\system32\Drivers\PsSdk23.drv []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2007-10-31 30464]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 X10UIF;ATI Wireless Remote Receiver V2.36; C:\WINDOWS\System32\Drivers\x10uif.sys [2003-03-28 10761]
S4 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 NTACCESS;NTACCESS; \??\E:\NTACCESS.sys []
S4 SetupNTGLM7X;SetupNTGLM7X; \??\E:\NTGLM7X.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-06-15 611664]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
R2 Diskeeper;Diskeeper; C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe [2001-10-04 253952]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-07 168432]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-09-17 163908]
R2 PcCtlCom;Trend Micro Central Control Component; C:\PROGRA~1\TRENDM~1\INTERN~3\PcCtlCom.exe [2007-01-23 1922576]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-04-19 66872]
R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
R2 Tmntsrv;Trend Micro Real-time Service; C:\PROGRA~1\TRENDM~1\INTERN~3\Tmntsrv.exe [2006-12-29 480784]
R2 TmPfw;Trend Micro Personal Firewall; C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe [2006-12-29 943696]
R2 tmproxy;Trend Micro Proxy Service; C:\PROGRA~1\TRENDM~1\INTERN~3\tmproxy.exe [2006-12-29 566872]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [2001-05-01 53248]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R3 PcScnSrv;Trend Micro Protection Against Spyware ; C:\PROGRA~1\TRENDM~1\INTERN~3\PcScnSrv.exe [2006-12-29 214544]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

#11 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:45 PM

Posted 17 October 2008 - 01:37 AM

Open HijackThis, click do a system scan only and checkmark these:

O2 - BHO: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O16 - DPF: {4855C21B-E452-4661-A702-ED3493CE74DF} - http://sp.ask.com/docs/toolbar/download/askbar-inst.cab
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)


Close all windows including browser and press fix checked.

Reboot.

Please go to Kaspersky website and perform an online antivirus scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply along with a fresh HijackThis log.
If you need a tutorial, see here
Microsoft MVP Consumer Security
Posted Image

Posted Image

#12 lollerclops

lollerclops
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:45 AM

Posted 19 October 2008 - 01:24 AM

Kapersky Scan Log_______________________________________________


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, October 19, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, October 19, 2008 03:10:35
Records in database: 1322842
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 125401
Threat name: 2
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 02:09:52


File name / Threat name / Threats count
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\6.tmp Infected: not-a-virus:Downloader.Win32.Agent.bs 1
C:\_OTMoveIt\MovedFiles\10162008_160358\WINDOWS\system32\jwvsvcxy.exe Infected: Trojan.Win32.Obfuscated.gx 1

The selected area was scanned.



HijackThis Log___________________________________________________




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:21:35 AM, on 10/19/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\PcScnSrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\PccGuide.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: AutorunsDisabled
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Get It With Kontiki - res://C:\Program Files\Kontiki\bin\bh309190.dll/201
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {460324E8-CFB4-4357-85EF-CE3EBFE23A62} (Crystal ActiveX Report Viewer Control 11.0) - https://www.hammerheadmole.com/intranet/cry...tiveXViewer.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187927373234
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187927345093
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\PcScnSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\tmproxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7686 bytes

#13 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:45 PM

Posted 19 October 2008 - 03:34 AM

Empty these folders:

C:\Program Files\Trend Micro\Internet Security 2007\Quarantine
C:\_OTMoveIt\MovedFiles

Empty Recycle Bin.

Still problems?
Microsoft MVP Consumer Security
Posted Image

Posted Image

#14 lollerclops

lollerclops
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:45 AM

Posted 19 October 2008 - 02:02 PM

Nope, seems fixed.

#15 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:45 PM

Posted 19 October 2008 - 02:05 PM

Great :)

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Next we remove all used tools.

You can delete rsit and c:\rsit folder

Please download OTCleanIt and save it to desktop.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.
  • Disable and Enable System Restore. - If you are using Windows XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

    You can find instructions on how to enable and re-enable system restore here:

    Windows XP System Restore Guide
Re-enable system restore with instructions from tutorial above
  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety
Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

Happy surfing and stay clean! :thumbsup:
Microsoft MVP Consumer Security
Posted Image

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users