Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Vundo, Virtumonde, Trojan.Fake Alert Infection


  • This topic is locked This topic is locked
12 replies to this topic

#1 bprescot

bprescot

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:04 AM

Posted 29 December 2008 - 07:58 PM

OS: Windows XP Home SP3

After weeks of trying to get rid of a severe Vundo and Virtumonde infection, as well as a discovered infection that SpyDoctor calls Trojan.Fake Alert, I'm coming to the experts for help. Per this forum's recommendation I've tried Malware Bytes as well as VundoFix, going so far as to use VundoFix in conjunction with ProcessExplorer as I've seen recommended. Nothing seems to work. I've also been using SpyDoctor with AntiVirus (purchased), SpyBot S&D, SuperAntiSpyware (Trial) and a full version of SAV 10, though not all simultaneously as several seem to conflict (namely SAV 10 and SpyDoctor). After cleaning, which never gets completely clean (reg entries aren't deleting), the computer will run fine for about 8 hours or so, after which ie starts spamming popups for Netshield. My programs kill the popups, but it's still annoying. Additionally, I get warnings about .dlls running suspicious scripts. The .dlls are always eight characters. Examples include DUVABOVA.DLL; LISADOPA.DLL; LIGAMOSA.DLL

Sorry if this is just useless information, I'm just trying to provide as much info as possible. Below please find my dds Log and attached please find the dds attach.txt.

Any help you could provide is appreciated,

Ben


DDS (Version 1.1.0) - NTFSx86
Run by Benjamin Prescott at 19:52:40.45 on Mon 12/29/2008
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1580 [GMT -5:00]

AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Profiler\lwemon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Benjamin Prescott\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
TB: Pop-Up Blocker: {d7f30b62-8269-41af-9539-b2697fa7d77e} - c:\program files\earthlink totalaccess\PnEL.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [igndlm.exe] c:\program files\ign\download manager\DLM.exe /windowsstart /startifwork
uRun: [Start WingMan Profiler] "c:\program files\logitech\profiler\lwemon.exe" /noui
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [CPM43c3196a] Rundll32.exe "c:\windows\system32\duvabova.dll",a
StartupFolder: c:\docume~1\benjam~1\startm~1\programs\startup\gamesp~1.lnk - c:\program files\gamespot\GameSpotDownloadManager_Win32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\amazon~1.lnk - c:\program files\amazon\amazon unbox video\ADVWindowsClientSystemTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
Trusted Zone: antispyexpert.com
Trusted Zone: imageservr.com
Trusted Zone: antispyexpert.com
Trusted Zone: imageservr.com
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: yaywwUNG - yaywwUNG.dll
AppInit_DLLs: c:\windows\system32\dipaposa.dll c:\windows\system32\tumaveko.dll c:\windows\system32\foyorere.dll c:\windows\system32\kufubabe.dll c:\windows\system32\yizobejo.dll c:\windows\system32\vozafiwu.dll c:\windows\system32\zugezevu.dll c:\windows\system32\duvabova.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\duvabova.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\duvabova.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\benjam~1\applic~1\mozilla\firefox\profiles\e49lun67.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox
FF - plugin: c:\program files\ign\download manager\npfpdlm.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npff_gdm.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll

ATTENTION: FIREFOX POLICES IS IN FORCE
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("general.useragent.vendorComment", "ax");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("security.xpconnect.activex.global.hosting_flags", 9);
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("security.classID.allowByDefault", false);
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID22D6F312-B0F6-11D0-94AB-0080C74C7E95", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID6BF52A52-394A-11D3-B153-00C04F79FAA6", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDA9FC132B-096D-460B-B7D5-1DB0FAE0C062", "AllAccess");

============= SERVICES / DRIVERS ===============

R1 BIOS;BIOS;\??\c:\windows\system32\drivers\BIOS.sys [2005-12-8 13696]
R1 pctfw2;pctfw2;\??\c:\windows\system32\drivers\pctfw2.sys [2008-12-23 160792]
R1 SASDIFSV;SASDIFSV;\??\c:\program files\superantispyware\SASDIFSV.SYS [2008-12-4 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\SASKUTIL.sys [2008-12-4 55024]
R1 SSHDRV85;SSHDRV85;\??\c:\windows\system32\drivers\SSHDRV85.sys [2006-1-13 78848]
R2 Iprip;RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [2004-10-8 14336]
R3 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2008-12-23 40840]
R3 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2008-12-23 66952]
R3 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2008-12-23 81288]
R3 SASENUM;SASENUM;\??\c:\program files\superantispyware\SASENUM.SYS [2008-12-4 7408]
S3 PciCon;PciCon;\??\D:\PciCon.sys []
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2008-12-23 356920]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2008-12-23 1079176]

=============== Created Last 30 ================

2008-12-29 19:26 120 ---sh--- c:\windows\system32\ufoyidul.ini
2008-12-29 18:26 664 a------- c:\windows\system32\d3d9caps.dat
2008-12-29 18:26 13,588 a------- c:\windows\system32\wpa.dbl
2008-12-28 18:44 <DIR> --d----- c:\program files\CCleaner
2008-12-28 17:39 <DIR> --d----- c:\docume~1\benjam~1\applic~1\Malwarebytes
2008-12-28 17:39 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-28 17:39 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-28 17:39 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2008-12-28 17:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-12-24 08:57 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2008-12-24 08:52 <DIR> --d----- c:\documents and settings\benjamin prescott\SmitfraudFix
2008-12-23 23:25 120 ---sh--- c:\windows\system32\azitutah.ini
2008-12-23 20:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2008-12-23 20:54 160,792 a------- c:\windows\system32\drivers\pctfw2.sys
2008-12-23 20:53 <DIR> --d----- c:\program files\common files\PC Tools
2008-12-23 20:39 81,288 a------- c:\windows\system32\drivers\iksyssec.sys
2008-12-23 20:39 66,952 a------- c:\windows\system32\drivers\iksysflt.sys
2008-12-23 20:39 40,840 a------- c:\windows\system32\drivers\ikfilesec.sys
2008-12-23 20:39 29,576 a------- c:\windows\system32\drivers\kcom.sys
2008-12-23 20:39 <DIR> --d----- c:\program files\Spyware Doctor
2008-12-23 20:39 <DIR> --d----- c:\docume~1\benjam~1\applic~1\PC Tools
2008-12-20 13:09 0 a------- c:\windows\vpc32.INI
2008-12-20 13:00 <DIR> --d----- c:\program files\Symantec AntiVirus
2008-12-20 12:56 1,060,864 a------- c:\windows\system32\MFC71.DL1
2008-12-20 12:56 348,160 a------- c:\windows\system32\MSVCR71.DL1
2008-12-20 12:56 <DIR> --d----- c:\program files\Symantec
2008-12-20 12:56 <DIR> --d----- c:\program files\common files\Symantec Shared
2008-12-20 12:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2008-12-20 12:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avg8
2008-12-20 12:01 120 ---sh--- c:\windows\system32\owilesed.ini
2008-12-20 00:01 120 ---sh--- c:\windows\system32\isawalub.ini
2008-12-19 12:00 120 ---sh--- c:\windows\system32\ukihozuy.ini
2008-12-19 00:05 120 ---sh--- c:\windows\system32\aholujeg.ini
2008-12-18 23:29 <DIR> --d----- C:\VundoFix Backups
2008-12-17 07:08 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2008-12-17 07:00 <DIR> --d----- c:\program files\SUPERAntiSpyware
2008-12-17 07:00 <DIR> --d----- c:\docume~1\benjam~1\applic~1\SUPERAntiSpyware.com
2008-12-16 21:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2008-12-02 22:57 18,477 a------- c:\windows\system32\nvdisp.nvu
2008-12-02 22:57 <DIR> --d----- c:\windows\nview

==================== Find3M ====================

2008-12-29 19:26 97,047 a--sh--- c:\windows\system32\duvabova.dll
2008-12-29 19:26 85,569 a--sh--- c:\windows\system32\ludiyofu.dll
2008-12-28 15:38 64,276 a--sh--- c:\windows\system32\bigitita.dll
2008-12-23 10:24 61,604 a--sh--- c:\windows\system32\hafedeku.dll
2008-12-18 23:00 62,664 a--sh--- c:\windows\system32\samabiro.dll
2008-10-23 07:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-18 12:20 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-10-16 15:38 826,368 a------- c:\windows\system32\wininet.dll
2008-10-07 12:33 453,152 a------- c:\windows\system32\nvudisp.exe
2008-10-03 05:02 247,326 a------- c:\windows\system32\strmdll.dll
2007-10-20 11:38 15,407 a------- c:\program files\install.log
2007-01-01 21:13 79,328 a------- c:\documents and settings\benjamin prescott\mqdmserd.sys
2007-01-01 21:13 25,600 a------- c:\documents and settings\benjamin prescott\usbsermptxp.sys
2007-01-01 21:13 22,768 a------- c:\documents and settings\benjamin prescott\usbsermpt.sys
2007-01-01 21:13 5,936 a------- c:\documents and settings\benjamin prescott\mqdmwhnt.sys
2007-01-01 21:13 92,064 a------- c:\documents and settings\benjamin prescott\mqdmmdm.sys
2007-01-01 21:13 66,656 a------- c:\documents and settings\benjamin prescott\mqdmbus.sys
2007-01-01 21:13 9,232 a------- c:\documents and settings\benjamin prescott\mqdmmdfl.sys
2007-01-01 21:13 6,208 a------- c:\documents and settings\benjamin prescott\mqdmcmnt.sys
2007-01-01 21:13 4,048 a------- c:\documents and settings\benjamin prescott\mqdmcr.sys
2006-11-30 19:26 1 a------- c:\documents and settings\benjamin prescott\SI.bin
2008-09-18 23:00 64,170 a--sh--- c:\windows\system32\bojiwuba.dll
2008-09-18 23:00 64,170 a--sh--- c:\windows\system32\mahoyape.dll
2008-09-29 18:26 73,728 a--sh--- c:\windows\system32\yileduyu.dll

============= FINISH: 19:53:25.53 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 05 January 2009 - 06:17 AM

Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.



NEXT


Please download GMER and unzip it to your Desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.


Post me these logs in your next reply.. Post each log in separate post..

1. RSIT log.txt
2. RSIT info.txt
3. Attach GMER result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 bprescot

bprescot
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:04 AM

Posted 05 January 2009 - 08:17 PM

Logfile of random's system information tool 1.05 (written by random/random)
Run by Benjamin Prescott at 2009-01-05 20:14:58
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 18 GB (9%) free of 194 GB
Total RAM: 2047 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:15:22, on 1/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Profiler\lwemon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spyware Doctor\pctsGui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Benjamin Prescott\Desktop\RSIT(3).exe
C:\Program Files\trend micro\Benjamin Prescott.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - S-1-5-18 Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe (User 'Default user')
O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Amazon Unbox.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.antispyexpert.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.antispyexpert.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {332bd5a0-8000-11d7-b657-00c04faedb18} (Oracle JInitiator 1.1.8.22) -
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.0.84.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://www.yougamers.com/systeminfo/MSC3.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://remoteaccess.wyndhamworldwide.com/d...perSetupSP1.cab
O20 - AppInit_DLLs: c:\windows\system32\dipaposa.dll c:\windows\system32\tumaveko.dll c:\windows\system32\foyorere.dll c:\windows\system32\kufubabe.dll c:\windows\system32\yizobejo.dll c:\windows\system32\vozafiwu.dll c:\windows\system32\zugezevu.dll
O20 - Winlogon Notify: yaywwUNG - yaywwUNG.dll (file missing)
O23 - Service: Amazon Unbox Video Service (ADVService) - Amazon.com - C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 8160 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\qjpllloo.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D7F30B62-8269-41AF-9539-B2697FA7D77E} - Pop-Up Blocker - C:\Program Files\EarthLink TotalAccess\PnEL.dll [2003-08-15 389120]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2008-08-08 691656]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-01-27 77824]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-06 57344]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-09-10 289576]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-10-07 13574144]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-10-07 86016]
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2008-08-25 1168264]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"MsnMsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe [2006-07-29 5354792]
"igndlm.exe"=C:\Program Files\IGN\Download Manager\DLM.exe [2007-01-11 972432]
"Start WingMan Profiler"=C:\Program Files\Logitech\Profiler\lwemon.exe [2005-04-18 73728]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-08-08 490952]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Amazon Unbox.lnk - C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

C:\Documents and Settings\Benjamin Prescott\Start Menu\Programs\Startup
GameSpot Download Manager.lnk - C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="c:\windows\system32\dipaposa.dll c:\windows\system32\tumaveko.dll c:\windows\system32\foyorere.dll c:\windows\system32\kufubabe.dll c:\windows\system32\yizobejo.dll c:\windows\system32\vozafiwu.dll c:\windows\system32\zugezevu.dll "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\yaywwUNG]
yaywwUNG.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255
"_NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:TaskPanl"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Common Files\AOL\1140132730\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1140132730\ee\aolsoftware.exe:*:Enabled:AOL Services"
"C:\Program Files\Common Files\AOL\1140132730\ee\aim6.exe"="C:\Program Files\Common Files\AOL\1140132730\ee\aim6.exe:*:Enabled:AIM"
"C:\Program Files\EA GAMES\Battlefield 2\BF2.exe"="C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2"
"C:\Program Files\Microsoft Games\Dungeon Siege 2\DungeonSiege2.exe"="C:\Program Files\Microsoft Games\Dungeon Siege 2\DungeonSiege2.exe:*:Enabled:Dungeon Siege 2 Game Executable"
"C:\Program Files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe"="C:\Program Files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe:*:Enabled:Star Wars: Empire at War"
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files\1701 A.D. Demo\1701_Demo.exe"="C:\Program Files\1701 A.D. Demo\1701_Demo.exe:*:Disabled:Anno 1701"
"C:\Program Files\Ubisoft\Demo\Tom Clancy's Splinter Cell Double Agent Demo\SCDA-Offline\System\SplinterCell4.exe"="C:\Program Files\Ubisoft\Demo\Tom Clancy's Splinter Cell Double Agent Demo\SCDA-Offline\System\SplinterCell4.exe:*:Enabled:SplinterCell4"
"C:\Program Files\Monte Cristo\Silverfall Demo\Silverfall.exe"="C:\Program Files\Monte Cristo\Silverfall Demo\Silverfall.exe:*:Enabled:Silverfall"
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client"
"C:\Program Files\1701 A.D\1701.exe"="C:\Program Files\1701 A.D\1701.exe:*:Enabled:Anno 1701"
"C:\Program Files\Microsoft Games\Halo\halo.exe"="C:\Program Files\Microsoft Games\Halo\halo.exe:*:Enabled:Halo"
"C:\Program Files\CAPCOM\LOST_PLANET_TRIAL_DX9\LostPlanetDX9.exe"="C:\Program Files\CAPCOM\LOST_PLANET_TRIAL_DX9\LostPlanetDX9.exe:*:Enabled:LostPlanetDX9"
"C:\Program Files\2K Games\Firaxis Games\Sid Meier's Railroads!\RailRoads.exe"="C:\Program Files\2K Games\Firaxis Games\Sid Meier's Railroads!\RailRoads.exe:*:Enabled:Sid Meier's Railroads!"
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main"
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD"
"C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater"
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\GameHouse\TextTwist\TextTwist.exe"="C:\Program Files\GameHouse\TextTwist\TextTwist.exe:*:Enabled:Super TextTwist"
"C:\Program Files\Monte Cristo\Silverfall\Silverfall.exe"="C:\Program Files\Monte Cristo\Silverfall\Silverfall.exe:*:Disabled:Silverfall"
"C:\Program Files\SpellForce\SpellForce 2 - Shadow Wars\spellforce2.exe"="C:\Program Files\SpellForce\SpellForce 2 - Shadow Wars\spellforce2.exe:*:Enabled:SpellForce 2 - Shadow Wars"
"C:\Program Files\Stardock Games\Sins of a Solar Empire Demo\Sins of a Solar Empire.exe"="C:\Program Files\Stardock Games\Sins of a Solar Empire Demo\Sins of a Solar Empire.exe:*:Enabled:Sins of a Solar Empire Demo"
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe"="C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9"
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe"="C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10"
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe"="C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update"
"C:\Program Files\Mass Effect\Binaries\MassEffect.exe"="C:\Program Files\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game"
"C:\Program Files\Mass Effect\MassEffectLauncher.exe"="C:\Program Files\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe:*:Enabled:AppleMobileDeviceService"
"C:\Program Files\iPod\bin\iPodService.exe"="C:\Program Files\iPod\bin\iPodService.exe:*:Enabled:iPodService"
"C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe"="C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe:*:Enabled:ADVWindowsClientService"
"C:\Documents and Settings\Benjamin Prescott\Desktop\utorrent.exe"="C:\Documents and Settings\Benjamin Prescott\Desktop\utorrent.exe:*:Enabled:µTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{27bfb0f3-6d13-11da-ac3a-806d6172696f}]
shell\AutoRun\command - D:\setup.exe


======List of files/folders created in the last 3 months======

2009-01-05 20:14:59 ----D---- C:\Program Files\trend micro
2009-01-05 20:14:58 ----D---- C:\rsit
2008-12-29 18:33:49 ----A---- C:\WINDOWS\setuplog.txt
2008-12-28 19:26:02 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-28 18:44:33 ----D---- C:\Program Files\CCleaner
2008-12-28 17:39:07 ----D---- C:\Documents and Settings\Benjamin Prescott\Application Data\Malwarebytes
2008-12-28 17:39:01 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-28 17:39:01 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-24 08:57:46 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-24 08:53:47 ----A---- C:\rapport.txt
2008-12-23 23:25:23 ----SH---- C:\WINDOWS\system32\azitutah.ini
2008-12-23 20:54:48 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-12-23 20:53:32 ----D---- C:\Program Files\Common Files\PC Tools
2008-12-23 20:39:58 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-23 20:39:46 ----D---- C:\Program Files\Spyware Doctor
2008-12-23 20:39:46 ----D---- C:\Documents and Settings\Benjamin Prescott\Application Data\PC Tools
2008-12-20 13:09:07 ----A---- C:\WINDOWS\vpc32.INI
2008-12-20 13:00:10 ----D---- C:\Program Files\Symantec AntiVirus
2008-12-20 12:56:38 ----A---- C:\WINDOWS\system32\capicom.dll
2008-12-20 12:56:37 ----D---- C:\Program Files\Symantec
2008-12-20 12:56:37 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-12-20 12:56:37 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2008-12-20 12:49:04 ----D---- C:\Documents and Settings\All Users\Application Data\Avg8
2008-12-20 12:28:04 ----D---- C:\Config.Msi
2008-12-20 12:01:24 ----SH---- C:\WINDOWS\system32\owilesed.ini
2008-12-20 00:01:21 ----SH---- C:\WINDOWS\system32\isawalub.ini
2008-12-19 12:00:58 ----SH---- C:\WINDOWS\system32\ukihozuy.ini
2008-12-19 00:05:35 ----SH---- C:\WINDOWS\system32\aholujeg.ini
2008-12-18 23:29:17 ----D---- C:\VundoFix Backups
2008-12-18 23:29:17 ----A---- C:\VundoFix.txt
2008-12-17 07:08:53 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-17 07:00:02 ----D---- C:\Program Files\SUPERAntiSpyware
2008-12-17 07:00:02 ----D---- C:\Documents and Settings\Benjamin Prescott\Application Data\SUPERAntiSpyware.com
2008-12-16 21:06:57 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-16 20:52:50 ----A---- C:\WINDOWS\system32\4bd3ee88-.txt
2008-12-11 17:01:04 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-11 16:57:52 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-11 16:57:33 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-11 16:57:22 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-02 23:04:07 ----D---- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-12-02 22:57:58 ----D---- C:\WINDOWS\nview
2008-11-12 03:00:52 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 03:00:48 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-12 03:00:42 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-10-23 21:54:06 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-21 19:34:37 ----D---- C:\WINDOWS\NV34643468.TMP
2008-10-21 19:34:37 ----A---- C:\WINDOWS\system32\nvudisp.exe
2008-10-21 19:28:50 ----A---- C:\WINDOWS\system32\nvunrm.exe
2008-10-21 19:23:57 ----D---- C:\NVIDIA
2008-10-21 19:17:14 ----A---- C:\WINDOWS\UPGRADE.TXT
2008-10-21 19:15:46 ----A---- C:\WINDOWS\system32\simptcp.dll
2008-10-19 17:53:35 ----D---- C:\Program Files\Driver Cleaner Pro
2008-10-19 17:09:47 ----D---- C:\WINDOWS\NV27122836.TMP
2008-10-19 02:00:30 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-10-18 14:34:45 ----D---- C:\WINDOWS\Prefetch
2008-10-18 12:22:00 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-18 12:21:55 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-18 12:21:51 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-18 12:21:45 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-18 12:21:40 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-10-18 12:21:35 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-10-18 12:21:30 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-10-18 12:21:25 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-10-18 12:21:21 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-10-18 12:21:17 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-10-18 12:21:11 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-10-18 12:21:06 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-10-18 12:21:01 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-10-18 12:20:57 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-10-18 12:20:53 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-10-18 12:19:08 ----D---- C:\WINDOWS\system32\scripting
2008-10-18 12:19:08 ----D---- C:\WINDOWS\system32\en
2008-10-18 12:19:08 ----D---- C:\WINDOWS\system32\bits
2008-10-18 12:19:08 ----D---- C:\WINDOWS\l2schemas
2008-10-18 12:17:38 ----D---- C:\WINDOWS\ServicePackFiles
2008-10-18 12:14:40 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-10-18 12:14:39 ----D---- C:\WINDOWS\EHome
2008-10-18 12:12:16 ----D---- C:\Program Files\Sun
2008-10-18 12:11:57 ----A---- C:\WINDOWS\system32\javaws.exe
2008-10-18 12:11:57 ----A---- C:\WINDOWS\system32\javaw.exe
2008-10-18 12:11:57 ----A---- C:\WINDOWS\system32\java.exe
2008-10-17 02:02:35 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2008-10-17 02:02:31 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-17 02:02:26 ----HDC---- C:\WINDOWS\$NtUninstallKB957095_0$
2008-10-17 02:02:04 ----HDC---- C:\WINDOWS\$NtUninstallKB954211_0$
2008-10-17 02:01:53 ----HDC---- C:\WINDOWS\$NtUninstallKB956841_0$
2008-10-11 21:41:16 ----D---- C:\TWEE_Upgrade
2008-10-11 21:13:10 ----D---- C:\Program Files\DAEMON Tools Toolbar
2008-10-11 21:13:08 ----D---- C:\Program Files\DAEMON Tools Lite
2008-10-11 21:01:02 ----D---- C:\Documents and Settings\Benjamin Prescott\Application Data\DAEMON Tools
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nwiz.exe
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvwss.dll
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvwimg.dll
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvwdmcpl.dll
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvwddi.dll
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvvitvs.dll
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvsvc32.exe
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvshell.dll
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvoglnt.dll
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvnt4cpl.dll
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvmobls.dll
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvmctray.dll
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvmccss.dll
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvmccsrs.dll
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvmccs.dll
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nview.dll
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvgames.dll
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvdspsch.exe
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvdisps.dll
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvcuda.dll
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvcplui.exe
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvcpl.dll
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvcolor.exe
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvcodins.dll
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvcod.dll
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvappbar.exe
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvapi.dll
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\keystone.exe

======List of files/folders modified in the last 3 months======

2009-01-05 20:14:59 ----RD---- C:\Program Files
2009-01-05 20:12:17 ----D---- C:\Program Files\Mozilla Firefox
2009-01-05 20:09:40 ----SHD---- C:\WINDOWS\Installer
2009-01-05 20:09:40 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-01-05 20:04:16 ----D---- C:\WINDOWS\Temp
2009-01-05 20:03:51 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-05 20:02:24 ----D---- C:\WINDOWS\system32\drivers
2008-12-30 23:11:32 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-30 20:54:13 ----D---- C:\WINDOWS\system32
2008-12-30 20:54:10 ----D---- C:\WINDOWS
2008-12-29 23:14:31 ----HD---- C:\WINDOWS\inf
2008-12-29 23:14:28 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-29 23:14:16 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-29 18:34:19 ----A---- C:\WINDOWS\system32\wpa.bak
2008-12-28 19:02:15 ----A---- C:\WINDOWS\NeroDigital.ini
2008-12-28 18:45:52 ----D---- C:\WINDOWS\Debug
2008-12-28 18:45:51 ----D---- C:\WINDOWS\Minidump
2008-12-28 16:50:31 ----A---- C:\WINDOWS\wininit.ini
2008-12-28 15:38:19 ----ASH---- C:\WINDOWS\system32\bigitita.dll
2008-12-24 07:47:45 ----D---- C:\Program Files\EarthLink TotalAccess
2008-12-23 21:08:10 ----D---- C:\Documents and Settings
2008-12-23 20:53:32 ----D---- C:\Program Files\Common Files
2008-12-23 20:41:09 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-23 10:24:58 ----ASH---- C:\WINDOWS\system32\hafedeku.dll
2008-12-20 16:18:26 ----D---- C:\WINDOWS\system32\Restore
2008-12-20 12:56:14 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-12-18 23:00:16 ----ASH---- C:\WINDOWS\system32\samabiro.dll
2008-12-16 20:47:23 ----SD---- C:\WINDOWS\Tasks
2008-12-13 01:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-11 17:00:41 ----D---- C:\Program Files\Internet Explorer
2008-12-11 17:00:28 ----D---- C:\WINDOWS\ie7updates
2008-12-02 22:57:58 ----D---- C:\WINDOWS\Help
2008-11-12 03:00:31 ----D---- C:\WINDOWS\WinSxS
2008-11-06 12:16:28 ----D---- C:\Documents and Settings\Benjamin Prescott\Application Data\WinEdt
2008-11-03 20:36:49 ----HD---- C:\Documents and Settings\Benjamin Prescott\Application Data\Move Networks
2008-10-23 07:36:14 ----A---- C:\WINDOWS\system32\gdi32.dll
2008-10-23 05:06:59 ----N---- C:\WINDOWS\system32\tzchange.exe
2008-10-21 19:28:46 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-21 19:25:04 ----D---- C:\WINDOWS\security
2008-10-21 19:18:04 ----D---- C:\Program Files\Windows NT
2008-10-21 19:15:56 ----D---- C:\Program Files\Online Services
2008-10-18 18:39:32 ----D---- C:\Documents and Settings\Benjamin Prescott\Application Data\AdobeUM
2008-10-18 16:07:00 ----D---- C:\Program Files\MSN Messenger
2008-10-18 14:34:23 ----D---- C:\WINDOWS\system32\Setup
2008-10-18 14:34:23 ----D---- C:\WINDOWS\AppPatch
2008-10-18 14:34:22 ----RSD---- C:\WINDOWS\Fonts
2008-10-18 14:34:22 ----D---- C:\WINDOWS\system32\wbem
2008-10-18 12:20:58 ----D---- C:\Program Files\Messenger
2008-10-18 12:19:16 ----D---- C:\WINDOWS\network diagnostic
2008-10-18 12:19:16 ----D---- C:\WINDOWS\ime
2008-10-18 12:19:08 ----D---- C:\WINDOWS\system32\usmt
2008-10-18 12:19:08 ----D---- C:\WINDOWS\system32\en-US
2008-10-18 12:19:08 ----D---- C:\WINDOWS\PeerNet
2008-10-18 12:19:08 ----D---- C:\Program Files\Movie Maker
2008-10-18 12:17:34 ----D---- C:\WINDOWS\system32\npp
2008-10-18 12:17:33 ----D---- C:\WINDOWS\msagent
2008-10-18 12:17:32 ----D---- C:\WINDOWS\srchasst
2008-10-18 12:17:31 ----D---- C:\Program Files\NetMeeting
2008-10-18 12:17:30 ----D---- C:\WINDOWS\system32\Com
2008-10-18 12:17:29 ----D---- C:\Program Files\Windows Media Player
2008-10-18 12:17:28 ----D---- C:\Program Files\Outlook Express
2008-10-18 12:17:26 ----D---- C:\Program Files\Common Files\System
2008-10-18 12:17:14 ----D---- C:\WINDOWS\system32\oobe
2008-10-18 12:17:12 ----D---- C:\WINDOWS\system
2008-10-18 12:11:56 ----D---- C:\Program Files\Java
2008-10-16 15:38:40 ----A---- C:\WINDOWS\system32\wininet.dll
2008-10-16 15:38:39 ----N---- C:\WINDOWS\system32\occache.dll
2008-10-16 15:38:39 ----N---- C:\WINDOWS\system32\mstime.dll
2008-10-16 15:38:39 ----A---- C:\WINDOWS\system32\webcheck.dll
2008-10-16 15:38:39 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-10-16 15:38:39 ----A---- C:\WINDOWS\system32\url.dll
2008-10-16 15:38:39 ----A---- C:\WINDOWS\system32\pngfilt.dll
2008-10-16 15:38:38 ----N---- C:\WINDOWS\system32\msrating.dll
2008-10-16 15:38:38 ----N---- C:\WINDOWS\system32\mshtmled.dll
2008-10-16 15:38:37 ----N---- C:\WINDOWS\system32\jsproxy.dll
2008-10-16 15:38:37 ----N---- C:\WINDOWS\system32\iernonce.dll
2008-10-16 15:38:37 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2008-10-16 15:38:37 ----A---- C:\WINDOWS\system32\msfeeds.dll
2008-10-16 15:38:37 ----A---- C:\WINDOWS\system32\iertutil.dll
2008-10-16 15:38:37 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-10-16 15:38:35 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2008-10-16 15:38:35 ----N---- C:\WINDOWS\system32\ieaksie.dll
2008-10-16 15:38:35 ----N---- C:\WINDOWS\system32\ieakeng.dll
2008-10-16 15:38:35 ----N---- C:\WINDOWS\system32\extmgr.dll
2008-10-16 15:38:35 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2008-10-16 15:38:35 ----A---- C:\WINDOWS\system32\icardie.dll
2008-10-16 15:38:34 ----N---- C:\WINDOWS\system32\dxtrans.dll
2008-10-16 15:38:34 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2008-10-16 15:38:34 ----A---- C:\WINDOWS\system32\advpack.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll
2008-10-16 14:09:40 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:08:58 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-16 14:07:44 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 14:07:14 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-16 08:11:09 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2008-10-16 08:11:09 ----A---- C:\WINDOWS\system32\ieudinit.exe
2008-10-15 11:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-15 02:04:53 ----N---- C:\WINDOWS\system32\ieakui.dll
2008-10-11 22:51:43 ----D---- C:\Program Files\The Witcher
2008-10-11 21:27:22 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-11 18:04:05 ----D---- C:\Program Files\7-Zip
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nv4_disp.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 BIOS;BIOS; \??\C:\WINDOWS\system32\drivers\BIOS.sys []
R1 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2008-08-25 66952]
R1 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2008-08-25 81288]
R1 pctfw2;pctfw2; \??\C:\WINDOWS\system32\drivers\pctfw2.sys []
R1 SSHDRV85;SSHDRV85; \??\C:\WINDOWS\system32\drivers\SSHDRV85.sys []
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-10-08 12032]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2007-12-06 278984]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2006-08-27 18048]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-01-31 2310272]
R3 dsNcAdpt;Juniper Network Connect Adapter; C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys [2007-01-29 24576]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-10-08 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-10-07 6133856]
R3 NVENETFD;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2008-08-01 54784]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2008-08-01 22016]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2005-04-12 10144]
R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2005-04-12 45504]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 a87335zt;a87335zt; C:\WINDOWS\system32\drivers\a87335zt.sys []
S3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-02-27 21504]
S3 PciCon;PciCon; \??\D:\PciCon.sys []
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbsermpt;Motorola USB Modem Driver for MPT; C:\WINDOWS\system32\DRIVERS\usbsermpt.sys [2007-01-01 22768]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2005-04-12 22240]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2005-04-12 5600]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 xnacc;Microsoft Common Controller For Windows Driver Service; C:\WINDOWS\system32\DRIVERS\xnacc.sys [2005-09-15 476672]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 ADVService;Amazon Unbox Video Service; C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe [2007-07-11 25640]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-10 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 dsNcService;Juniper Network Connect Service; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [2007-01-29 393268]
R2 Iprip;RIP Listener; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-10-07 163908]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-10-09 1079176]
R2 SimpTcp;Simple TCP/IP Services; C:\WINDOWS\system32\tcpsvcs.exe [2004-10-08 19456]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-10 536872]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 Imapi Helper;Imapi Helper; C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe [2006-01-04 163840]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-08-28 2999664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 p2pgasvc;Peer Networking Group Authentication; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 p2pimsvc;Peer Networking Identity Manager; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 p2psvc;Peer Networking; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 PNRPSvc;Peer Name Resolution Protocol; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 usnsvc;Messenger Sharing USN Journal Reader service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.05 2009-01-05 20:15:25

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->MsiExec /X{A7E07C2B-2220-4415-87E3-784D5814BC93}
-->MsiExec.exe /X{7B4AB13C-1A5C-4BC5-ABA6-762F8198444C}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
1701 A.D.-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A2433A63-5F5D-40E5-B529-9123C2B3E734}\Setup.exe" -l0x9 -removeonly
7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe"
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.5 Language Support-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-7050000000A7}
Adobe Reader 7.0.9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe® Photoshop® Album Starter Edition 3.0-->MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
AFPL Ghostscript 8.53-->C:\Program Files\gs\uninstgs.exe "C:\Program Files\gs\gs8.53\uninstal.txt"
AFPL Ghostscript Fonts-->C:\Program Files\gs\uninstgs.exe "C:\Program Files\gs\fonts\uninstal.txt"
Amazon Unbox Video-->C:\Program Files\InstallShield Installation Information\{54A4839E-87F8-4BD1-9682-A349E9943F0A}\setup.exe -runfromtemp -l0x0409
Apple Mobile Device Support-->MsiExec.exe /I{AA9768AA-FF0B-4C66-A085-31E934F77841}
Apple Software Update-->MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}
Assassin's Creed-->C:\Program Files\InstallShield Installation Information\{8CFA9151-6404-409A-AF22-4632D04582FD}\setup.exe -runfromtemp -l0x0009 -removeonly
Audible Download Manager-->C:\Program Files\Audible\Bin\ADMSetup[1].exe /Uninstall
Avanquest update-->C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe -runfromtemp -l0x0009 -removeonly
Battlefield 2™-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x9 -removeonly
BioShock-->C:\Program Files\InstallShield Installation Information\{E280923D-C5D9-4728-8C79-AC9A0DC75875}\Setup.exe -runfromtemp -l0x0009 -removeonly
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Call of Duty Game of the Year Edition-->C:\PROGRA~1\CALLOF~1\Uninstall\Unwise.exe /u C:\PROGRA~1\CALLOF~1\Uninstall\Install.log
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Cinemaware Marquee\Space Rangers 2-->C:\WINDOWS\setup_rangers_2.exe
Civilization III-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}\setup.exe"
DAEMON Tools Toolbar-->C:\Program Files\DAEMON Tools Toolbar\uninst.exe
DeductionPro 2006-->C:\Program Files\DeductionPro 2006\RemoveDPro.EXE C:\PROGRA~1\DEDUCT~1\INSTALL.LOG
DeductionPro 2007-->"C:\Program Files\InstallShield Installation Information\{8A5EBB62-ADE7-41E2-8884-1517DE3505D1}\setup.exe" -runfromtemp -l0x0009 -removeonly
DH Driver Cleaner Professional Edition-->C:\Program Files\Driver Cleaner Pro\Uninstall.exe
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Dungeon Siege 2 Broken World-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A563C4F4-BE36-4956-BA0B-E02BDD9F70D5}\setup.exe" -l0x9 -removeonly
Dungeon Siege 2-->"C:\Program Files\Microsoft Games\Dungeon Siege 2\UNINSTAL.EXE" /runtemp /uninstall
EarthLink FastLane-->MsiExec.exe /X{50915408-4940-4C36-B4CC-0D9944FA4C59}
EarthLink TotalAccess 2004-->C:\Program Files\EarthLink TotalAccess\uninstll.exe /UC:\Program Files\EarthLink TotalAccess\setupmisc.cfg
Fable - The Lost Chapters-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}
Futuremark Measurement Services Client-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msc3.inf,DefaultUninstall,5
GameSpot Download Manager-->"C:\Program Files\GameSpot\uninstall.exe"
GameSpy Arcade-->C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
GnuWin32: CoreUtils version 5.3.0-->"C:\Program Files\GnuWin32\uninstall\unins004.exe"
GnuWin32: GetText version 0.14.4-->"C:\Program Files\GnuWin32\uninstall\unins005.exe"
GnuWin32: Gzip-1.3.5-3-->"C:\Program Files\GnuWin32\uninstall\unins001.exe"
GnuWin32: Gzip-1.3.5-3-->"C:\Program Files\GnuWin32\uninstall\unins010.exe"
GnuWin32: LibIconv version 1.9.2-->"C:\Program Files\GnuWin32\uninstall\unins007.exe"
GnuWin32: LibIntl version 0.14.4-->"C:\Program Files\GnuWin32\uninstall\unins006.exe"
GnuWin32: LibTool version 1.5.8-->"C:\Program Files\GnuWin32\uninstall\unins003.exe"
GnuWin32: UnZip version 5.51-->"C:\Program Files\GnuWin32\uninstall\unins002.exe"
Graphviz-->C:\PROGRA~1\ATT\UNWISE.EXE C:\PROGRA~1\ATT\INSTALL.LOG
GSview 4.8-->C:\Program Files\Ghostgum\gsview\uninstgs.exe "C:\Program Files\Ghostgum\gsview\uninstal.txt"
GTA San Andreas-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E0303B6A-C675-4102-95DA-C013625BFA99}\setup.exe" -l0x9 -removeonly
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Icewind Dale II-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{588C135F-0B15-4A02-8F2D-04697BE2904E}\setup.exe" -l0x9
IGN Download Manager 2.2.0-->C:\Program Files\IGN\Download Manager\uninst.exe
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
ISO Recorder-->MsiExec.exe /I{DFC6573E-124D-4026-BFA4-B433C9D3FF21}
iTunes-->MsiExec.exe /I{41B9E2CF-0B3F-442A-B5B3-592A4A355634}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java 2 Runtime Environment Standard Edition v1.3.1_18-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{68249B78-B714-11D7-88E8-0050DA21757E}\Setup.exe" -uninst
Java 2 SDK Standard Edition v1.3.1_18-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9653982A-B716-11D7-88E8-0050DA21757E}\Setup.exe" -uninst
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java™ SE Development Kit 6 Update 1-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160010}
Java™ SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
jEdit 4.2-->"C:\Program Files\jEdit\unins000.exe"
Juniper Networks Network Connect 5.4.0-->"C:\Program Files\Juniper Networks\Network Connect 5.4.0\uninstall.exe"
LiveUpdate 3.2 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Logitech Gaming Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C1DA723-24FC-48AD-93BA-925695C3EF26}\setup.exe" -l0x9 -removeonly
Macromedia Flash Player 8-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Mass Effect-->C:\Program Files\Common Files\BioWare\Uninstall Mass Effect.exe
MATLAB R2006b-->C:\matlabR2006b\uninstall\uninstall.exe C:\matlabR2006b\
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MiKTeX 2.5-->"C:\Program Files\MiKTeX 2.5\miktex\bin\copystart.exe" "C:\Program Files\MiKTeX 2.5\miktex\config\uninstall.dat"
Motorola Driver Installation-->MsiExec.exe /I{3324A5DC-C7F6-430A-ACC8-F251CD8F4FC7}
Motorola Phone Tools-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe" -l0x9 -removeonly
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Netflix Movie Viewer-->MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
Neverwinter Nights 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F20C1251-1D0A-4944-B2AE-678581B33B19}\SETUP.exe" -l0x9 -removeonly
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA PhysX v8.09.04-->MsiExec.exe /X{A7E07C2B-2220-4415-87E3-784D5814BC93}
Oblivion - Construction Set-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23D683DD-93C6-48E6-B84E-78B57778F126}\setup.exe" -l0x9 -removeonly
Oblivion - Horse Armor Pack-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3ABEBD00-299D-4DCA-967F-B912163AB5EA}\setup.exe" -l0x9 -removeonly
Oblivion - Knights of the Nine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14C87AA7-08E6-419F-A165-998EBE5023D7}\setup.exe" -l0x9 -removeonly
Oblivion - Mehrunes Razor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF295F5C-7B57-47AA-8889-6B3E8E214E89}\setup.exe" -l0x9 -removeonly
Oblivion - Orrery-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EC425CFC-EE78-4A91-AA25-3BFA65B75364}\setup.exe" -l0x9 -removeonly
Oblivion - Spell Tomes-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{16D919E6-F019-4E15-BFBE-4A85EF19DA57}\setup.exe" -l0x9 -removeonly
Oblivion - Thieves Den-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FFFFFD17-B460-41EB-93F1-C48ABAD63828}\setup.exe" -l0x9 -removeonly
Oblivion - Vile Lair-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{520F4B09-3A51-47A2-82B0-9FF1DC2D20FA}\setup.exe" -l0x9 -removeonly
Oblivion - Wizard's Tower-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F2E3D62-8B8C-448F-8900-451325E50948}\setup.exe" -l0x9 -removeonly
Oblivion-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x9 -removeonly
On the Rain-Slick Precipice of Darkness, Episode One-->C:\Program Files\Hothead Games\Precipice of Darkness\uninstall.exe
OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
Pcsx2 0.9.2 Watermoose-->"C:\Program Files\Pcsx2\unins000.exe"
Pdf995 (installed by TaxCut)-->C:\Program Files\pdf995\setup.exe uninstall
PdfEdit995 (installed by TaxCut)-->C:\Program Files\pdf995\res\utilities\thinsetup.exe - uninstall
Port Royale 2-->C:\Program Files\Cinemaware Marquee\Port Royale 2\Uninstall.exe
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Prince of Persia T2T-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DFFE2B1F-07E0-45A9-8801-CD8514CAA876}\setup.exe" -l0x9 -removeonly
Prince of Persia The Sands of Time-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8C453F13-6877-4D34-8816-009ABDE306DB}\setup.exe" -l0x9
Prince Of Persia: Warrior Within-->C:\PROGRA~1\Ubisoft\PRINCE~2\UNWISE.EXE C:\PROGRA~1\Ubisoft\PRINCE~2\INSTALL.LOG
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sid Meier's Pirates!-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{1632FD86-1BA4-4FC4-8B25-A8C655D63F68} /l1033
Sid Meier's Railroads!-->C:\Program Files\InstallShield Installation Information\{EE3FBD3C-782E-4A90-9507-0ECFE1FECCE4}\setup.exe -runfromtemp -l0x0009 -removeonly
Silverfall-->C:\Program Files\Monte Cristo\Silverfall\uninst.exe
Sins of a Solar Empire Demo-->"C:\Documents and Settings\All Users\Application Data\{5553977E-AF8B-4870-AEB6-53B6C1BC822D}\Sins_of_a_Solar_Empire_setup.exe" REMOVE=TRUE MODIFY=FALSE
Sins of a Solar Empire Demo-->C:\Documents and Settings\All Users\Application Data\{5553977E-AF8B-4870-AEB6-53B6C1BC822D}\Sins_of_a_Solar_Empire_setup.exe
SpellForce 2 - Shadow Wars-->MsiExec.exe /X{12BC79CA-8138-40C5-870C-C7F821C0C143}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 6.0-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
Star Wars Empire at War-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{99AE7207-8612-4DBA-A8F8-BAE5C633390D}\Setup.exe" -l0x9 -removeonly
Star Wars Republic Commando-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DFAE9340-E8BB-4433-9A08-C8334DAFE1B9}\Setup.exe" -l0x9
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Tar-1.13 Binaries (GnuWin32)-->"C:\Program Files\GnuWin32\uninstall\unins000.exe"
Tar-1.13 Documentation (GnuWin32)-->"C:\Program Files\GnuWin32\uninstall\unins008.exe"
Tar-1.13 Sources (GnuWin32)-->"C:\Program Files\GnuWin32\uninstall\unins009.exe"
TaxCut New Jersey 2007-->MsiExec.exe /X{0FE55E01-5D5A-4823-A71E-F4F5E8BB473D}
TaxCut Premium + State 2007-->MsiExec.exe /X{663E217E-FC26-4249-9E8E-F190CD63E737}
TaxCut Premium 2005-->C:\PROGRA~1\TaxCut05\Program\removetc.exe
TaxCut Premium 2006-->C:\PROGRA~1\TaxCut06\Program\removetc.exe
TBS WMP Plug-in-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{13515135-48BB-4184-8C1F-2FAE0138E200}
TES Construction Set-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Bethesda Softworks\Morrowind\CSUninstall\Setup.exe" -l0x9
TeX4PPT-->MsiExec.exe /I{CEEE4FBD-B6B6-4FD2-A436-BD0B137AFD47}
The Movies™-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{0556F885-2415-4666-B53E-33727E46AEA1} /l1033
The Witcher-->"C:\Program Files\InstallShield Installation Information\{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}\setup.exe" -runfromtemp -l0x0009 -removeonly
Titan Quest-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}\setup.exe" -l0x9 -removeonly
Trillian-->C:\Program Files\Trillian\trillian.exe /uninstall
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Virtual Drive Creator V2.1.3-->"C:\Program Files\J. A. Associates\Virtual Drive Creator\unins000.exe"
Windows Live Messenger-->MsiExec.exe /I{FCE50DB8-C610-4C42-BE5C-193F46C6F812}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinEdt-->"C:\Program Files\WinEdt Team\WinEdt\unins000.exe"
WinGraphviz-->MsiExec.exe /I{3B2D7DCA-6291-41B8-9B1E-D1ADC7F49E9F}
WinZip 11.1-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}
Xbox 360 Controller for Windows-->"C:\WINDOWS\$NtUninstall_Xbox_360_CC_Driver$\spuninst\spuninst.exe"

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: Spyware Doctor with AntiVirus

System event log

Computer Name: LHANNAH
Event Code: 7035
Message: The IP Traffic Filter Driver service was successfully sent a start control.

Record Number: 10600
Source Name: Service Control Manager
Time Written: 20081021203635.000000-240
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: LHANNAH
Event Code: 7036
Message: The Network Location Awareness (NLA) service entered the running state.

Record Number: 10599
Source Name: Service Control Manager
Time Written: 20081021203635.000000-240
Event Type: information
User:

Computer Name: LHANNAH
Event Code: 7035
Message: The Network Location Awareness (NLA) service was successfully sent a start control.

Record Number: 10598
Source Name: Service Control Manager
Time Written: 20081021203635.000000-240
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: LHANNAH
Event Code: 7036
Message: The Fast User Switching Compatibility service entered the running state.

Record Number: 10597
Source Name: Service Control Manager
Time Written: 20081021203635.000000-240
Event Type: information
User:

Computer Name: LHANNAH
Event Code: 7035
Message: The Fast User Switching Compatibility service was successfully sent a start control.

Record Number: 10596
Source Name: Service Control Manager
Time Written: 20081021203635.000000-240
Event Type: information
User: NT AUTHORITY\SYSTEM

Application event log

Computer Name: LHANNAH
Event Code: 1904
Message:
Record Number: 2851
Source Name: HHCTRL
Time Written: 20071207050124.000000-300
Event Type: information
User:

Computer Name: LHANNAH
Event Code: 1904
Message:
Record Number: 2850
Source Name: HHCTRL
Time Written: 20071207050124.000000-300
Event Type: information
User:

Computer Name: LHANNAH
Event Code: 1904
Message:
Record Number: 2849
Source Name: HHCTRL
Time Written: 20071207050124.000000-300
Event Type: information
User:

Computer Name: LHANNAH
Event Code: 1904
Message:
Record Number: 2848
Source Name: HHCTRL
Time Written: 20071207050124.000000-300
Event Type: information
User:

Computer Name: LHANNAH
Event Code: 1904
Message:
Record Number: 2847
Source Name: HHCTRL
Time Written: 20071207050124.000000-300
Event Type: information
User:

Security event log

Computer Name: LHANNAH
Event Code: 513
Message: Windows is shutting down.
All logon sessions will be terminated by this shutdown.

Record Number: 111375
Source Name: Security
Time Written: 20081224075937.000000-300
Event Type: audit success
User: NT AUTHORITY\SYSTEM

Computer Name: LHANNAH
Event Code: 551
Message: User initiated logoff:

User Name: Benjamin Prescott

Domain: LHANNAH

Logon ID: (0x0,0xb9473)


Record Number: 111374
Source Name: Security
Time Written: 20081224075910.000000-300
Event Type: audit success
User: LHANNAH\Benjamin Prescott

Computer Name: LHANNAH
Event Code: 576
Message: Special privileges assigned to new logon:

User Name: NETWORK SERVICE

Domain: NT AUTHORITY

Logon ID: (0x0,0x3E4)

Privileges: SeAuditPrivilege
SeAssignPrimaryTokenPrivilege
SeDebugPrivilege
SeChangeNotifyPrivilege

Record Number: 111373
Source Name: Security
Time Written: 20081224034543.000000-300
Event Type: audit success
User: NT AUTHORITY\NETWORK SERVICE

Computer Name: LHANNAH
Event Code: 528
Message: Successful Logon:

User Name: NETWORK SERVICE

Domain: NT AUTHORITY

Logon ID: (0x0,0x3E4)

Logon Type: 5

Logon Process: Advapi

Authentication Package: Negotiate

Workstation Name:

Logon GUID: -

Record Number: 111372
Source Name: Security
Time Written: 20081224034543.000000-300
Event Type: audit success
User: NT AUTHORITY\NETWORK SERVICE

Computer Name: LHANNAH
Event Code: 855
Message: A Windows Firewall ICMP setting has changed.



Policy origin: Local Policy

Profile changed: Standard

Interface: All interfaces

New Setting:

Allow incoming echo request: Disabled

Old Setting:

Allow incoming echo request: Enabled

Record Number: 111371
Source Name: Security
Time Written: 20081224000103.000000-300
Event Type: audit success
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=1
"OS"=Windows_NT
"Path"=c:\program files\miktex 2.5\miktex\bin;%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;c:\progra~1\att\graphviz\bin;c:\progra~1\att\graphviz\bin;c:\jdk1.3.1_18\bin;C:\matlabR2006b\bin;C:\matlabR2006b\bin\win32;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 39 Stepping 1, AuthenticAMD
"PROCESSOR_LEVEL"=15
"PROCESSOR_REVISION"=2701
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip

-----------------EOF-----------------

#4 bprescot

bprescot
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:04 AM

Posted 05 January 2009 - 08:54 PM

First, thanks so much for the assistance. I truly appreciate it.

After running GMER (results attached) I got a warning message that my system had been altered due to rootkit activity. Thought that you should be aware.

Thanks again,
Ben

Attached Files



#5 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 06 January 2009 - 12:42 AM

IMPORTANT!! Uninstall these programs before proceed with our fixes..

1. Spybot S&D
2. Viewpoint




Please re-open HijackThis and click on Do a system scan only. Check the boxes next to all the entries listed below.

O15 - Trusted Zone: *.antispyexpert.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.antispyexpert.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)


Now close all windows other than HijackThis, then click Fix checked. Close HijackThis.




NEXT


Please download JavaRa to your desktop and unzip it to its own folder. <<MIRROR>>
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
Then, please download and install the latest Java from HERE





NEXT


Please download the OTMoveIt3 by OldTimer
  • Save it to your Desktop.
  • Please double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
  • Copy the codebox contents and paste it to the "Paste List of Files/Folders to Move" window (under the light Yellow bar)

    :processes
    explorer.exe
    
    :services
    a87335zt
    
    :files
    C:\WINDOWS\tasks\qjpllloo.job
    c:\windows\system32\dipaposa.dll
    c:\windows\system32\tumaveko.dll
    c:\windows\system32\foyorere.dl
    c:\windows\system32\kufubabe.dll
    c:\windows\system32\yizobejo.dll
    c:\windows\system32\vozafiwu.dll
    c:\windows\system32\zugezevu.dll
    C:\WINDOWS\system32\owilesed.ini
    C:\WINDOWS\system32\isawalub.ini
    C:\WINDOWS\system32\ukihozuy.ini
    C:\WINDOWS\system32\aholujeg.ini
    C:\WINDOWS\system32\4bd3ee88-.txt
    C:\WINDOWS\system32\hafedeku.dll
    C:\WINDOWS\system32\bigitita.dll
    C:\WINDOWS\system32\samabiro.dll
    C:\WINDOWS\system32\drivers\a87335zt.sys
    
    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"=""
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\yaywwUNG]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{27bfb0f3-6d13-11da-ac3a-806d6172696f}]
    
    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Run RSIT again.. Post these logs in your next reply..

1. OTMoveIt3
2. RSIT log.txt

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#6 bprescot

bprescot
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:04 AM

Posted 06 January 2009 - 07:53 PM

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Unable to stop service a87335zt .
========== FILES ==========
C:\WINDOWS\tasks\qjpllloo.job moved successfully.
File/Folder c:\windows\system32\dipaposa.dll not found.
File/Folder c:\windows\system32\tumaveko.dll not found.
File/Folder c:\windows\system32\foyorere.dl not found.
File/Folder c:\windows\system32\kufubabe.dll not found.
File/Folder c:\windows\system32\yizobejo.dll not found.
File/Folder c:\windows\system32\vozafiwu.dll not found.
File/Folder c:\windows\system32\zugezevu.dll not found.
C:\WINDOWS\system32\owilesed.ini moved successfully.
C:\WINDOWS\system32\isawalub.ini moved successfully.
C:\WINDOWS\system32\ukihozuy.ini moved successfully.
C:\WINDOWS\system32\aholujeg.ini moved successfully.
C:\WINDOWS\system32\4bd3ee88-.txt moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\hafedeku.dll
C:\WINDOWS\system32\hafedeku.dll NOT unregistered.
C:\WINDOWS\system32\hafedeku.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\bigitita.dll
C:\WINDOWS\system32\bigitita.dll NOT unregistered.
C:\WINDOWS\system32\bigitita.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\samabiro.dll
C:\WINDOWS\system32\samabiro.dll NOT unregistered.
C:\WINDOWS\system32\samabiro.dll moved successfully.
File/Folder C:\WINDOWS\system32\drivers\a87335zt.sys not found.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_DLLS"|"" /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\yaywwUNG\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{27bfb0f3-6d13-11da-ac3a-806d6172696f}\\ deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\BENJAM~1\LOCALS~1\Temp\etilqs_Dlh5uaClGQCmQu0AMh13 scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Amazon Digital Video\Servicelog.adv scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Amazon Digital Video\Systraylog.adv scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_9d0.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Benjamin Prescott\Local Settings\Application Data\Mozilla\Firefox\Profiles\e49lun67.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Benjamin Prescott\Local Settings\Application Data\Mozilla\Firefox\Profiles\e49lun67.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Benjamin Prescott\Local Settings\Application Data\Mozilla\Firefox\Profiles\e49lun67.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Benjamin Prescott\Local Settings\Application Data\Mozilla\Firefox\Profiles\e49lun67.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Benjamin Prescott\Local Settings\Application Data\Mozilla\Firefox\Profiles\e49lun67.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Benjamin Prescott\Local Settings\Application Data\Mozilla\Firefox\Profiles\e49lun67.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01062009_192842

Files moved on Reboot...
File C:\DOCUME~1\BENJAM~1\LOCALS~1\Temp\etilqs_Dlh5uaClGQCmQu0AMh13 not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\Amazon Digital Video\Servicelog.adv scheduled to be moved on reboot.
C:\WINDOWS\temp\Amazon Digital Video\Systraylog.adv moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_9d0.dat not found!
C:\Documents and Settings\Benjamin Prescott\Local Settings\Application Data\Mozilla\Firefox\Profiles\e49lun67.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Benjamin Prescott\Local Settings\Application Data\Mozilla\Firefox\Profiles\e49lun67.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Benjamin Prescott\Local Settings\Application Data\Mozilla\Firefox\Profiles\e49lun67.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Benjamin Prescott\Local Settings\Application Data\Mozilla\Firefox\Profiles\e49lun67.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Benjamin Prescott\Local Settings\Application Data\Mozilla\Firefox\Profiles\e49lun67.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Benjamin Prescott\Local Settings\Application Data\Mozilla\Firefox\Profiles\e49lun67.default\XUL.mfl moved successfully.

Logfile of random's system information tool 1.05 (written by random/random)
Run by Benjamin Prescott at 2009-01-06 19:38:12
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 18 GB (9%) free of 194 GB
Total RAM: 2047 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:38:19, on 1/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Profiler\lwemon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Benjamin Prescott\Desktop\RSIT(3).exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Benjamin Prescott\Desktop\Benjamin Prescott.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - S-1-5-18 Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe (User 'Default user')
O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Amazon Unbox.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {332bd5a0-8000-11d7-b657-00c04faedb18} (Oracle JInitiator 1.1.8.22) -
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.0.84.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://www.yougamers.com/systeminfo/MSC3.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://remoteaccess.wyndhamworldwide.com/d...perSetupSP1.cab
O23 - Service: Amazon Unbox Video Service (ADVService) - Amazon.com - C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 7443 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-06 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-06 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-06 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D7F30B62-8269-41AF-9539-B2697FA7D77E} - Pop-Up Blocker - C:\Program Files\EarthLink TotalAccess\PnEL.dll [2003-08-15 389120]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2008-08-08 691656]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-01-27 77824]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-06 136600]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-06 57344]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-09-10 289576]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-10-07 13574144]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-10-07 86016]
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2008-08-25 1168264]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"MsnMsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe [2006-07-29 5354792]
"igndlm.exe"=C:\Program Files\IGN\Download Manager\DLM.exe [2007-01-11 972432]
"Start WingMan Profiler"=C:\Program Files\Logitech\Profiler\lwemon.exe [2005-04-18 73728]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-08-08 490952]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Amazon Unbox.lnk - C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

C:\Documents and Settings\Benjamin Prescott\Start Menu\Programs\Startup
GameSpot Download Manager.lnk - C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255
"_NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:TaskPanl"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Common Files\AOL\1140132730\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1140132730\ee\aolsoftware.exe:*:Enabled:AOL Services"
"C:\Program Files\Common Files\AOL\1140132730\ee\aim6.exe"="C:\Program Files\Common Files\AOL\1140132730\ee\aim6.exe:*:Enabled:AIM"
"C:\Program Files\EA GAMES\Battlefield 2\BF2.exe"="C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2"
"C:\Program Files\Microsoft Games\Dungeon Siege 2\DungeonSiege2.exe"="C:\Program Files\Microsoft Games\Dungeon Siege 2\DungeonSiege2.exe:*:Enabled:Dungeon Siege 2 Game Executable"
"C:\Program Files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe"="C:\Program Files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe:*:Enabled:Star Wars: Empire at War"
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files\1701 A.D. Demo\1701_Demo.exe"="C:\Program Files\1701 A.D. Demo\1701_Demo.exe:*:Disabled:Anno 1701"
"C:\Program Files\Ubisoft\Demo\Tom Clancy's Splinter Cell Double Agent Demo\SCDA-Offline\System\SplinterCell4.exe"="C:\Program Files\Ubisoft\Demo\Tom Clancy's Splinter Cell Double Agent Demo\SCDA-Offline\System\SplinterCell4.exe:*:Enabled:SplinterCell4"
"C:\Program Files\Monte Cristo\Silverfall Demo\Silverfall.exe"="C:\Program Files\Monte Cristo\Silverfall Demo\Silverfall.exe:*:Enabled:Silverfall"
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client"
"C:\Program Files\1701 A.D\1701.exe"="C:\Program Files\1701 A.D\1701.exe:*:Enabled:Anno 1701"
"C:\Program Files\Microsoft Games\Halo\halo.exe"="C:\Program Files\Microsoft Games\Halo\halo.exe:*:Enabled:Halo"
"C:\Program Files\CAPCOM\LOST_PLANET_TRIAL_DX9\LostPlanetDX9.exe"="C:\Program Files\CAPCOM\LOST_PLANET_TRIAL_DX9\LostPlanetDX9.exe:*:Enabled:LostPlanetDX9"
"C:\Program Files\2K Games\Firaxis Games\Sid Meier's Railroads!\RailRoads.exe"="C:\Program Files\2K Games\Firaxis Games\Sid Meier's Railroads!\RailRoads.exe:*:Enabled:Sid Meier's Railroads!"
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main"
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD"
"C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater"
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\GameHouse\TextTwist\TextTwist.exe"="C:\Program Files\GameHouse\TextTwist\TextTwist.exe:*:Enabled:Super TextTwist"
"C:\Program Files\Monte Cristo\Silverfall\Silverfall.exe"="C:\Program Files\Monte Cristo\Silverfall\Silverfall.exe:*:Disabled:Silverfall"
"C:\Program Files\SpellForce\SpellForce 2 - Shadow Wars\spellforce2.exe"="C:\Program Files\SpellForce\SpellForce 2 - Shadow Wars\spellforce2.exe:*:Enabled:SpellForce 2 - Shadow Wars"
"C:\Program Files\Stardock Games\Sins of a Solar Empire Demo\Sins of a Solar Empire.exe"="C:\Program Files\Stardock Games\Sins of a Solar Empire Demo\Sins of a Solar Empire.exe:*:Enabled:Sins of a Solar Empire Demo"
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe"="C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9"
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe"="C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10"
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe"="C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update"
"C:\Program Files\Mass Effect\Binaries\MassEffect.exe"="C:\Program Files\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game"
"C:\Program Files\Mass Effect\MassEffectLauncher.exe"="C:\Program Files\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe:*:Enabled:AppleMobileDeviceService"
"C:\Program Files\iPod\bin\iPodService.exe"="C:\Program Files\iPod\bin\iPodService.exe:*:Enabled:iPodService"
"C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe"="C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe:*:Enabled:ADVWindowsClientService"
"C:\Documents and Settings\Benjamin Prescott\Desktop\utorrent.exe"="C:\Documents and Settings\Benjamin Prescott\Desktop\utorrent.exe:*:Enabled:µTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"

======List of files/folders created in the last 3 months======

2009-01-06 19:28:42 ----D---- C:\_OTMoveIt
2009-01-06 19:26:07 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-01-05 20:18:57 ----A---- C:\WINDOWS\gmer.ini
2009-01-05 20:18:56 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2009-01-05 20:18:56 ----A---- C:\WINDOWS\gmer.exe
2009-01-05 20:18:56 ----A---- C:\WINDOWS\gmer.dll
2009-01-05 20:14:59 ----D---- C:\Program Files\trend micro
2009-01-05 20:14:58 ----D---- C:\rsit
2008-12-29 18:33:49 ----A---- C:\WINDOWS\setuplog.txt
2008-12-28 19:26:02 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-28 18:44:33 ----D---- C:\Program Files\CCleaner
2008-12-28 17:39:07 ----D---- C:\Documents and Settings\Benjamin Prescott\Application Data\Malwarebytes
2008-12-28 17:39:01 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-28 17:39:01 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-24 08:57:46 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-24 08:53:47 ----A---- C:\rapport.txt
2008-12-23 23:25:23 ----SH---- C:\WINDOWS\system32\azitutah.ini
2008-12-23 20:54:48 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-12-23 20:53:32 ----D---- C:\Program Files\Common Files\PC Tools
2008-12-23 20:39:58 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-23 20:39:46 ----D---- C:\Program Files\Spyware Doctor
2008-12-23 20:39:46 ----D---- C:\Documents and Settings\Benjamin Prescott\Application Data\PC Tools
2008-12-20 13:09:07 ----A---- C:\WINDOWS\vpc32.INI
2008-12-20 13:00:10 ----D---- C:\Program Files\Symantec AntiVirus
2008-12-20 12:56:38 ----A---- C:\WINDOWS\system32\capicom.dll
2008-12-20 12:56:37 ----D---- C:\Program Files\Symantec
2008-12-20 12:56:37 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-12-20 12:56:37 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2008-12-20 12:49:04 ----D---- C:\Documents and Settings\All Users\Application Data\Avg8
2008-12-20 12:28:04 ----D---- C:\Config.Msi
2008-12-18 23:29:17 ----D---- C:\VundoFix Backups
2008-12-18 23:29:17 ----A---- C:\VundoFix.txt
2008-12-17 07:08:53 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-17 07:00:02 ----D---- C:\Program Files\SUPERAntiSpyware
2008-12-17 07:00:02 ----D---- C:\Documents and Settings\Benjamin Prescott\Application Data\SUPERAntiSpyware.com
2008-12-16 21:06:57 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-11 17:01:04 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-11 16:57:52 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-11 16:57:33 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-11 16:57:22 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-02 23:04:07 ----D---- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-12-02 22:57:58 ----D---- C:\WINDOWS\nview
2008-11-12 03:00:52 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 03:00:48 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-12 03:00:42 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-10-23 21:54:06 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-21 19:34:37 ----D---- C:\WINDOWS\NV34643468.TMP
2008-10-21 19:34:37 ----A---- C:\WINDOWS\system32\nvudisp.exe
2008-10-21 19:28:50 ----A---- C:\WINDOWS\system32\nvunrm.exe
2008-10-21 19:23:57 ----D---- C:\NVIDIA
2008-10-21 19:17:14 ----A---- C:\WINDOWS\UPGRADE.TXT
2008-10-21 19:15:46 ----A---- C:\WINDOWS\system32\simptcp.dll
2008-10-19 17:53:35 ----D---- C:\Program Files\Driver Cleaner Pro
2008-10-19 17:09:47 ----D---- C:\WINDOWS\NV27122836.TMP
2008-10-19 02:00:30 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-10-18 14:34:45 ----D---- C:\WINDOWS\Prefetch
2008-10-18 12:22:00 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-18 12:21:55 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-18 12:21:51 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-18 12:21:45 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-18 12:21:40 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-10-18 12:21:35 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-10-18 12:21:30 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-10-18 12:21:25 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-10-18 12:21:21 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-10-18 12:21:17 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-10-18 12:21:11 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-10-18 12:21:06 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-10-18 12:21:01 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-10-18 12:20:57 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-10-18 12:20:53 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-10-18 12:19:08 ----D---- C:\WINDOWS\system32\scripting
2008-10-18 12:19:08 ----D---- C:\WINDOWS\system32\en
2008-10-18 12:19:08 ----D---- C:\WINDOWS\system32\bits
2008-10-18 12:19:08 ----D---- C:\WINDOWS\l2schemas
2008-10-18 12:17:38 ----D---- C:\WINDOWS\ServicePackFiles
2008-10-18 12:14:40 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-10-18 12:14:39 ----D---- C:\WINDOWS\EHome
2008-10-18 12:12:16 ----D---- C:\Program Files\Sun
2008-10-18 12:11:57 ----A---- C:\WINDOWS\system32\javaws.exe
2008-10-18 12:11:57 ----A---- C:\WINDOWS\system32\javaw.exe
2008-10-18 12:11:57 ----A---- C:\WINDOWS\system32\java.exe
2008-10-17 02:02:35 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2008-10-17 02:02:31 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-17 02:02:26 ----HDC---- C:\WINDOWS\$NtUninstallKB957095_0$
2008-10-17 02:02:04 ----HDC---- C:\WINDOWS\$NtUninstallKB954211_0$
2008-10-17 02:01:53 ----HDC---- C:\WINDOWS\$NtUninstallKB956841_0$
2008-10-11 21:41:16 ----D---- C:\TWEE_Upgrade
2008-10-11 21:13:10 ----D---- C:\Program Files\DAEMON Tools Toolbar
2008-10-11 21:13:08 ----D---- C:\Program Files\DAEMON Tools Lite
2008-10-11 21:01:02 ----D---- C:\Documents and Settings\Benjamin Prescott\Application Data\DAEMON Tools
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nwiz.exe
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvwss.dll
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvwimg.dll
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvwdmcpl.dll
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvwddi.dll
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvvitvs.dll
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvsvc32.exe
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvshell.dll
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvoglnt.dll
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvnt4cpl.dll
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvmobls.dll
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvmctray.dll
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvmccss.dll
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvmccsrs.dll
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvmccs.dll
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nview.dll
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvgames.dll
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvdspsch.exe
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvdisps.dll
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvcuda.dll
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvcplui.exe
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvcpl.dll
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvcolor.exe
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvcodins.dll
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvcod.dll
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvappbar.exe
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nvapi.dll
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\keystone.exe

======List of files/folders modified in the last 3 months======

2009-01-06 19:35:04 ----D---- C:\Program Files\Mozilla Firefox
2009-01-06 19:34:17 ----D---- C:\WINDOWS\Temp
2009-01-06 19:33:46 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-06 19:33:43 ----D---- C:\WINDOWS\system32
2009-01-06 19:33:16 ----D---- C:\WINDOWS\system32\drivers
2009-01-06 19:32:11 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-06 19:28:42 ----SD---- C:\WINDOWS\Tasks
2009-01-06 19:26:10 ----SHD---- C:\WINDOWS\Installer
2009-01-06 19:25:52 ----D---- C:\Program Files\Java
2009-01-06 19:23:53 ----RD---- C:\Program Files
2009-01-05 20:18:57 ----D---- C:\WINDOWS
2009-01-05 20:09:40 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-29 23:14:31 ----HD---- C:\WINDOWS\inf
2008-12-29 23:14:28 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-29 23:14:16 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-29 18:34:19 ----A---- C:\WINDOWS\system32\wpa.bak
2008-12-28 19:02:15 ----A---- C:\WINDOWS\NeroDigital.ini
2008-12-28 18:45:52 ----D---- C:\WINDOWS\Debug
2008-12-28 18:45:51 ----D---- C:\WINDOWS\Minidump
2008-12-28 16:50:31 ----A---- C:\WINDOWS\wininit.ini
2008-12-24 07:47:45 ----D---- C:\Program Files\EarthLink TotalAccess
2008-12-23 21:08:10 ----D---- C:\Documents and Settings
2008-12-23 20:53:32 ----D---- C:\Program Files\Common Files
2008-12-23 20:41:09 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-20 16:18:26 ----D---- C:\WINDOWS\system32\Restore
2008-12-20 12:56:14 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-12-13 01:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-11 17:00:41 ----D---- C:\Program Files\Internet Explorer
2008-12-11 17:00:28 ----D---- C:\WINDOWS\ie7updates
2008-12-02 22:57:58 ----D---- C:\WINDOWS\Help
2008-11-12 03:00:31 ----D---- C:\WINDOWS\WinSxS
2008-11-06 12:16:28 ----D---- C:\Documents and Settings\Benjamin Prescott\Application Data\WinEdt
2008-11-03 20:36:49 ----HD---- C:\Documents and Settings\Benjamin Prescott\Application Data\Move Networks
2008-10-23 07:36:14 ----A---- C:\WINDOWS\system32\gdi32.dll
2008-10-23 05:06:59 ----N---- C:\WINDOWS\system32\tzchange.exe
2008-10-21 19:28:46 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-21 19:25:04 ----D---- C:\WINDOWS\security
2008-10-21 19:18:04 ----D---- C:\Program Files\Windows NT
2008-10-21 19:15:56 ----D---- C:\Program Files\Online Services
2008-10-18 18:39:32 ----D---- C:\Documents and Settings\Benjamin Prescott\Application Data\AdobeUM
2008-10-18 16:07:00 ----D---- C:\Program Files\MSN Messenger
2008-10-18 14:34:23 ----D---- C:\WINDOWS\system32\Setup
2008-10-18 14:34:23 ----D---- C:\WINDOWS\AppPatch
2008-10-18 14:34:22 ----RSD---- C:\WINDOWS\Fonts
2008-10-18 14:34:22 ----D---- C:\WINDOWS\system32\wbem
2008-10-18 12:20:58 ----D---- C:\Program Files\Messenger
2008-10-18 12:19:16 ----D---- C:\WINDOWS\network diagnostic
2008-10-18 12:19:16 ----D---- C:\WINDOWS\ime
2008-10-18 12:19:08 ----D---- C:\WINDOWS\system32\usmt
2008-10-18 12:19:08 ----D---- C:\WINDOWS\system32\en-US
2008-10-18 12:19:08 ----D---- C:\WINDOWS\PeerNet
2008-10-18 12:19:08 ----D---- C:\Program Files\Movie Maker
2008-10-18 12:17:34 ----D---- C:\WINDOWS\system32\npp
2008-10-18 12:17:33 ----D---- C:\WINDOWS\msagent
2008-10-18 12:17:32 ----D---- C:\WINDOWS\srchasst
2008-10-18 12:17:31 ----D---- C:\Program Files\NetMeeting
2008-10-18 12:17:30 ----D---- C:\WINDOWS\system32\Com
2008-10-18 12:17:29 ----D---- C:\Program Files\Windows Media Player
2008-10-18 12:17:28 ----D---- C:\Program Files\Outlook Express
2008-10-18 12:17:26 ----D---- C:\Program Files\Common Files\System
2008-10-18 12:17:14 ----D---- C:\WINDOWS\system32\oobe
2008-10-18 12:17:12 ----D---- C:\WINDOWS\system
2008-10-16 15:38:40 ----A---- C:\WINDOWS\system32\wininet.dll
2008-10-16 15:38:39 ----N---- C:\WINDOWS\system32\occache.dll
2008-10-16 15:38:39 ----N---- C:\WINDOWS\system32\mstime.dll
2008-10-16 15:38:39 ----A---- C:\WINDOWS\system32\webcheck.dll
2008-10-16 15:38:39 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-10-16 15:38:39 ----A---- C:\WINDOWS\system32\url.dll
2008-10-16 15:38:39 ----A---- C:\WINDOWS\system32\pngfilt.dll
2008-10-16 15:38:38 ----N---- C:\WINDOWS\system32\msrating.dll
2008-10-16 15:38:38 ----N---- C:\WINDOWS\system32\mshtmled.dll
2008-10-16 15:38:37 ----N---- C:\WINDOWS\system32\jsproxy.dll
2008-10-16 15:38:37 ----N---- C:\WINDOWS\system32\iernonce.dll
2008-10-16 15:38:37 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2008-10-16 15:38:37 ----A---- C:\WINDOWS\system32\msfeeds.dll
2008-10-16 15:38:37 ----A---- C:\WINDOWS\system32\iertutil.dll
2008-10-16 15:38:37 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-10-16 15:38:35 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2008-10-16 15:38:35 ----N---- C:\WINDOWS\system32\ieaksie.dll
2008-10-16 15:38:35 ----N---- C:\WINDOWS\system32\ieakeng.dll
2008-10-16 15:38:35 ----N---- C:\WINDOWS\system32\extmgr.dll
2008-10-16 15:38:35 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2008-10-16 15:38:35 ----A---- C:\WINDOWS\system32\icardie.dll
2008-10-16 15:38:34 ----N---- C:\WINDOWS\system32\dxtrans.dll
2008-10-16 15:38:34 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2008-10-16 15:38:34 ----A---- C:\WINDOWS\system32\advpack.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll
2008-10-16 14:09:40 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:08:58 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-16 14:07:44 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 14:07:14 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-16 08:11:09 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2008-10-16 08:11:09 ----A---- C:\WINDOWS\system32\ieudinit.exe
2008-10-15 11:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-15 02:04:53 ----N---- C:\WINDOWS\system32\ieakui.dll
2008-10-11 22:51:43 ----D---- C:\Program Files\The Witcher
2008-10-11 21:27:22 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-11 18:04:05 ----D---- C:\Program Files\7-Zip
2008-10-07 13:33:00 ----A---- C:\WINDOWS\system32\nv4_disp.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 BIOS;BIOS; \??\C:\WINDOWS\system32\drivers\BIOS.sys []
R1 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2008-08-25 66952]
R1 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2008-08-25 81288]
R1 pctfw2;pctfw2; \??\C:\WINDOWS\system32\drivers\pctfw2.sys []
R1 SSHDRV85;SSHDRV85; \??\C:\WINDOWS\system32\drivers\SSHDRV85.sys []
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-10-08 12032]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2007-12-06 278984]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2006-08-27 18048]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-01-31 2310272]
R3 dsNcAdpt;Juniper Network Connect Adapter; C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys [2007-01-29 24576]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-10-08 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-10-07 6133856]
R3 NVENETFD;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2008-08-01 54784]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2008-08-01 22016]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2005-04-12 10144]
R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2005-04-12 45504]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 an531k17;an531k17; C:\WINDOWS\system32\drivers\an531k17.sys []
S3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2009-01-05 85969]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-02-27 21504]
S3 PciCon;PciCon; \??\D:\PciCon.sys []
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbsermpt;Motorola USB Modem Driver for MPT; C:\WINDOWS\system32\DRIVERS\usbsermpt.sys [2007-01-01 22768]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2005-04-12 22240]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2005-04-12 5600]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 xnacc;Microsoft Common Controller For Windows Driver Service; C:\WINDOWS\system32\DRIVERS\xnacc.sys [2005-09-15 476672]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 ADVService;Amazon Unbox Video Service; C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe [2007-07-11 25640]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-10 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 dsNcService;Juniper Network Connect Service; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [2007-01-29 393268]
R2 Iprip;RIP Listener; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-06 152984]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-10-07 163908]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-10-09 1079176]
R2 SimpTcp;Simple TCP/IP Services; C:\WINDOWS\system32\tcpsvcs.exe [2004-10-08 19456]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-10 536872]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 Imapi Helper;Imapi Helper; C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe [2006-01-04 163840]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-08-28 2999664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 p2pgasvc;Peer Networking Group Authentication; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 p2pimsvc;Peer Networking Identity Manager; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 p2psvc;Peer Networking; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 PNRPSvc;Peer Name Resolution Protocol; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 usnsvc;Messenger Sharing USN Journal Reader service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

#7 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 07 January 2009 - 02:56 AM

Log looks very nice.. How is the computer now?.. Lets do an online scan to make sure we got everything..


Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#8 bprescot

bprescot
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:04 AM

Posted 08 January 2009 - 07:40 AM

# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3749 (20090107)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=7683a9eb88e4f54198add5cb4905ace7
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-01-08 05:45:13
# local_time=2009-01-08 12:45:13 (-0500, Eastern Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=873961
# found=7
# scan_time=10795
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GE6P2RPE\pldr8[1].htm Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\bojiwuba.dll Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\kuwuhabi.dll.tmp Win32/Agent.OOY trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\mahoyape.dll Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\parojuse.dll_old Win32/Agent.OOY trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\yileduyu.dll Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000
C:\_OTMoveIt\MovedFiles\01062009_192842\WINDOWS\system32\samabiro.dll Win32/Agent.OOY trojan (unable to clean - deleted) 00000000000000000000000000000000

#9 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 08 January 2009 - 08:54 AM

Looks very good to me.. Lets do some cleanup...


Please download OTCleanIt and save it to Desktop.
  • Make sure you have internet connection..
  • Double-click OTCleanIt.exe
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes


Please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware

Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :thumbsup:



Have a safe and happy computing day!


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#10 bprescot

bprescot
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:04 AM

Posted 11 January 2009 - 10:58 PM

So I've been using the computer for a couple days now, running scans nightly and I'm VERY happy to report that the system is behaving perfectly! All scans have come back clean and no more popups or virus alerts. Thank you so much for all of your help.

Quick question thought. I have a full version of SpyDoctor with AntiVirus and access to Symantec Anti Virus 10. Is one markedly better than the other? Or is there a separate program altogether I should be using (aside from Spybot S&D)?

Thanks Again,
Ben

#11 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 12 January 2009 - 02:29 AM

Among those two, I prefer Spyware Doctor with Antivirus.. I never use Norton product before, so I cant tell you much about it :thumbsup:

And, just keep Malwarebytes'.. Its a great software and I personally recommend it :)

Make sure you updates the antispyware/antivirus regularly and run a full scan with them occasionally..

Anymore question?:)

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#12 bprescot

bprescot
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:04 AM

Posted 12 January 2009 - 02:21 PM

Nope! I'm good to go. Thanks so much for your help!

#13 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 12 January 2009 - 02:50 PM

You are very welcome, I'm glad that we could help.

I will now close this topic. If you need this topic to be re-open, please pm me or Moderators regarding the matter..

If you have any new malware related questions or issues in the future please start a new topic.

Cheers and Happy Computing !

fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users