View Full Version : Virtumonde and Vundo Attack!
HayJayJay
2008-12-15, 04:03
Hi, I have recently been attacked by Virtumonde and Vundo.
I have been looking at other Threads/Topics about their attacks, and the processes needed to fix them.
Here is what i have done to rid myself of these.
I have Ran Common Virus/Spyware programs, most removed parts of it, but not all.
I have also ran ComboFix, and it cleared the symptoms, so i gained hope there.
I also ran SDfix.
I have also ran VundoFix and it did not find any infected files.
I have used Hijack This to look for suspicious files.
So basically the Symptoms are clear, but i'm not sure if i have removed it completely or not.
Can anyone help me with this?
i forgot to put my logfile in my first post, but here it is.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:05, on 2008-12-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [SDFix] C:\SDFix\RunThis.bat /second
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{28BA37C4-78D2-422A-8127-C93DFEFE4B33}: NameServer = 205.152.37.23,205.152.132.23
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC9942B2-ECD2-48A0-B798-E29E07865002}: NameServer = 205.152.37.23,205.152.132.23
O17 - HKLM\System\CS1\Services\Tcpip\..\{28BA37C4-78D2-422A-8127-C93DFEFE4B33}: NameServer = 205.152.37.23,205.152.132.23
O17 - HKLM\System\CS2\Services\Tcpip\..\{28BA37C4-78D2-422A-8127-C93DFEFE4B33}: NameServer = 205.152.37.23,205.152.132.23
O20 - Winlogon Notify: !saswinlogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: qoMgfGwT - qoMgfGwT.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 3062 bytes
i just searched my pc with Spybot S&D and it is still finding Virtumonde..
Ergh.
SOMEONE HELP PLEASE!
-------------------------------------
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)
The Waiting Room: Post here if waiting for help longer than four days (http://forums.spybot.info/forumdisplay.php?f=37)
Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.
If you think you have similar problems, please post a log in the HJT forum and wait for help.
Hello and welcome to the forums
My name is Katana and I will be helping you to remove any infection(s) that you may have.
Please observe these rules while we work:
Please Read All Instructions Carefully
If you don't understand something, stop and ask! Don't keep going on.
Please do not run any other tools or scans whilst I am helping you
Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)
If you can do those few things, everything should go smoothly http://www.countingcows.de/laechel.gif
Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe
----------------------------------------------------------------------------------------
I apologize for the delay in responding, but as you can probably see the forums are quite busy.
Unfortunately there are far more people needing help than there are helpers.
If you still require help please do the following
Download and Run RSIT
Please download Random's System Information Tool by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open:
log.txt will be opened maximized.
info.txt will be opened minimized.
Please post the contents of both log.txt and info.txt.
HayJayJay
2008-12-20, 18:40
Thanks for assisting me Katana! I greatly appreciate it!
LOG:
Logfile of random's system information tool 1.05 (written by random/random)
Run by Reid Quisenberry at 2008-12-20 00:35:02
Microsoft Windows XP Professional Service Pack 2
System drive C: has 89 GB (37%) free of 238 GB
Total RAM: 3071 MB (84% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:35, on 2008-12-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Reid Quisenberry.GAMINGPC\Desktop\RSIT.exe
C:\Program Files\HJT\Reid Quisenberry.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{28BA37C4-78D2-422A-8127-C93DFEFE4B33}: NameServer = 205.152.37.23,205.152.132.23
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC9942B2-ECD2-48A0-B798-E29E07865002}: NameServer = 205.152.37.23,205.152.132.23
O17 - HKLM\System\CS1\Services\Tcpip\..\{28BA37C4-78D2-422A-8127-C93DFEFE4B33}: NameServer = 205.152.37.23,205.152.132.23
O17 - HKLM\System\CS2\Services\Tcpip\..\{28BA37C4-78D2-422A-8127-C93DFEFE4B33}: NameServer = 205.152.37.23,205.152.132.23
O20 - Winlogon Notify: !saswinlogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: qoMgfGwT - qoMgfGwT.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 3915 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\MP Scheduled Scan.job
======Registry dump======
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-06-28 8466432]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]
"MSConfig"=C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE [2004-10-08 158208]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Aim6"=C:\Program Files\AIM6\aim6.exe [2008-10-21 50472]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\30f0e3c1]
C:\WINDOWS\system32\riquxycl.dll []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\aim6]
C:\Program Files\AIM6\aim6.exe [2008-10-21 50472]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diamondback]
C:\Program Files\Razer\Diamondback 3G\razerhid.exe [2007-06-29 147456]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehtray]
C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\h/pc connection agent]
C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jnskdfmf9eldfd]
C:\DOCUME~1\REIDQU~1.GAM\LOCALS~1\Temp\csrssc.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jsg8jfgfdfhfhf]
C:\WINDOWS\TEMP\winlogun.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nvcpldaemon]
C:\WINDOWS\system32\NvCpl.dll [2007-06-28 8466432]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nvmediacenter]
C:\WINDOWS\system32\NvMcTray.dll [2007-06-28 81920]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\quicktime task]
C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rs32net]
C:\WINDOWS\System32\rs32net.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-07-07 2156368]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\0118cc35-d08f-4356-95c3-2b6094db82d3.exe [2008-12-04 1809648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xsjfn83jkemfofght]
C:\WINDOWS\TEMP\winlogin.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^reid quisenberry.gamingpc^start menu^programs^startup^adobe gamma.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2005-03-16 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^reid quisenberry.gamingpc^start menu^programs^startup^adobe media player.lnk]
C:\PROGRA~1\ADOBEM~1\ADOBEM~1.EXE [2008-11-17 261120]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WUSB54GCSVC"=2
"WLSetupSvc"=3
"Viewpoint Manager Service"=2
"usnjsvc"=3
"RemoteRegistry"=2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!saswinlogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-03 352256]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\qoMgfGwT]
qoMgfGwT.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati3yfxx.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati3yfxx.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Ventrilo\Ventrilo.exe"="C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"
"C:\Program Files\Xfire\xfire.exe"="C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\BitLord\BitLord.exe"="C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord"
"C:\Documents and Settings\Reid Quisenberry.GAMINGPC\My Documents\Glider\lbwfwenspv.exe"="C:\Documents and Settings\Reid Quisenberry.GAMINGPC\My Documents\Glider\lbwfwenspv.exe:*:Enabled: "
"C:\Documents and Settings\Reid Quisenberry.GAMINGPC\Local Settings\Application Data\Dyyno Receiver\DPPM.exe"="C:\Documents and Settings\Reid Quisenberry.GAMINGPC\Local Settings\Application Data\Dyyno Receiver\DPPM.exe:*:Enabled:dppmmain Application"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
======List of files/folders created in the last 2 months======
2085-12-25 23:35:53 ----D---- C:\Program Files\MSI
2008-12-18 03:00:17 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
2008-12-16 05:51:58 ----A---- C:\WINDOWS\system32\aswBoot.exe
2008-12-16 05:51:57 ----D---- C:\Program Files\Alwil Software
2008-12-15 09:34:57 ----A---- C:\WINDOWS\gmer.ini
2008-12-15 09:34:56 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2008-12-15 09:34:56 ----A---- C:\WINDOWS\gmer.exe
2008-12-15 09:34:56 ----A---- C:\WINDOWS\gmer.dll
2008-12-15 09:21:30 ----AD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-12-15 06:39:48 ----D---- C:\ComboFix
2008-12-15 06:39:48 ----A---- C:\WINDOWS\system32\CF5090.exe
2008-12-15 06:32:37 ----D---- C:\rsit
2008-12-14 19:46:15 ----D---- C:\Documents and Settings\Reid Quisenberry.GAMINGPC\Application Data\Malwarebytes
2008-12-14 19:46:10 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-14 19:46:10 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-12-14 19:36:52 ----D---- C:\WINDOWS\temp
2008-12-14 19:34:10 ----A---- C:\WINDOWS\system32\CF5744.exe
2008-12-14 19:30:38 ----A---- C:\WINDOWS\system32\muweb.dll
2008-12-14 19:30:38 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-12-14 19:30:38 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-12-14 19:27:11 ----A---- C:\WINDOWS\PSEXESVC.EXE
2008-12-14 19:20:22 ----A---- C:\Boot.bak
2008-12-14 19:20:02 ----D---- C:\cmdcons
2008-12-14 19:18:39 ----A---- C:\WINDOWS\zip.exe
2008-12-14 19:18:39 ----A---- C:\WINDOWS\VFIND.exe
2008-12-14 19:18:39 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-14 19:18:39 ----A---- C:\WINDOWS\SWSC.exe
2008-12-14 19:18:39 ----A---- C:\WINDOWS\SWREG.exe
2008-12-14 19:18:39 ----A---- C:\WINDOWS\sed.exe
2008-12-14 19:18:39 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-14 19:18:39 ----A---- C:\WINDOWS\grep.exe
2008-12-14 19:18:39 ----A---- C:\WINDOWS\fdsv.exe
2008-12-14 19:18:35 ----D---- C:\WINDOWS\ERDNT
2008-12-14 19:18:35 ----D---- C:\Qoobox
2008-12-14 15:44:28 ----D---- C:\Program Files\Windows Defender
2008-12-14 15:43:19 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Windows Genuine Advantage
2008-12-14 15:24:49 ----D---- C:\Program Files\HJT
2008-12-14 11:36:28 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-12-14 11:30:51 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2008-12-14 11:21:42 ----D---- C:\Program Files\Trend Micro
2008-12-14 09:24:58 ----D---- C:\WINDOWS\ERUNT
2008-12-14 09:23:57 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-14 09:13:06 ----D---- C:\SDFix
2008-12-14 09:02:09 ----A---- C:\VundoFix.txt
2008-12-13 22:14:17 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2008-12-13 22:13:57 ----D---- C:\Program Files\SUPERAntiSpyware
2008-12-13 22:13:57 ----D---- C:\Documents and Settings\Reid Quisenberry.GAMINGPC\Application Data\SUPERAntiSpyware.com
2008-12-13 20:31:38 ----A---- C:\WINDOWS\system32\3bd327bf-.txt
2008-12-13 20:08:52 ----A---- C:\fqqqea.exe
2008-12-13 20:08:21 ----A---- C:\WINDOWS\system32\nokye.exe
2008-12-13 20:08:09 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab Setup Files
2008-12-13 19:09:32 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2008-12-13 19:08:30 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2008-12-13 18:59:06 ----SHDC---- C:\Program Files\Common Files\WindowsLiveInstaller
2008-12-13 18:59:02 ----D---- C:\Program Files\Windows Live
2008-12-13 18:58:54 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
2008-12-13 18:54:59 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Google
2008-12-12 03:00:42 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-12 03:00:39 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-12 03:00:29 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2008-12-12 03:00:23 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-12 03:00:17 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-11 18:20:48 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe Systems
2008-12-11 15:37:44 ----A---- C:\WINDOWS\system32\xfcodec.dll
2008-12-10 19:13:02 ----D---- C:\Documents and Settings\Reid Quisenberry.GAMINGPC\Application Data\Thunderbird
2008-12-10 19:12:57 ----D---- C:\Program Files\Mozilla Thunderbird
2008-12-10 13:51:07 ----D---- C:\Program Files\TeamViewer
2008-12-08 21:48:16 ----D---- C:\Documents and Settings\Reid Quisenberry.GAMINGPC\Application Data\TeamViewer
2008-12-01 17:01:48 ----D---- C:\Program Files\Algebrator
2008-12-01 15:19:59 ----D---- C:\Program Files\Fogware
2008-11-26 02:49:22 ----HDC---- C:\WINDOWS\$NtUninstallKB894476$
2008-11-25 23:43:04 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
2008-11-25 23:42:50 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple
2008-11-24 22:45:03 ----D---- C:\Documents and Settings\Reid Quisenberry.GAMINGPC\Application Data\Corel
2008-11-24 19:41:28 ----A---- C:\WINDOWS\system32\XLLDFRequest2.dll
2008-11-24 19:41:28 ----A---- C:\WINDOWS\system32\LLInstances2.dll
2008-11-24 19:41:28 ----A---- C:\WINDOWS\system32\LLClientMiddleWare2.dll
2008-11-24 19:41:28 ----A---- C:\WINDOWS\system32\LLClasses2.dll
2008-11-24 19:41:27 ----D---- C:\Program Files\WordPerfect OfficeReady 1.5
2008-11-24 19:41:27 ----A---- C:\WINDOWS\system32\regobj.dll
2008-11-24 19:41:27 ----A---- C:\WINDOWS\system32\MSSTKPRP.DLL
2008-11-24 19:40:01 ----D---- C:\Program Files\WordPerfect Office X3 - Home Edition
2008-11-24 19:40:01 ----D---- C:\Program Files\Common Files\Corel
2008-11-24 19:40:01 ----D---- C:\Program Files\Common Files\Borland Shared
2008-11-24 19:40:01 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Corel
2008-11-24 19:40:01 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Borland
2008-11-24 19:36:39 ----D---- C:\Documents and Settings\Reid Quisenberry.GAMINGPC\Application Data\InstallShield
2008-11-22 14:35:03 ----D---- C:\Documents and Settings\Reid Quisenberry.GAMINGPC\Application Data\dyyno-vlc
2008-11-22 14:34:47 ----D---- C:\Program Files\Dyyno
2008-11-20 21:09:03 ----D---- C:\Program Files\Virtual Audio Cable
2008-11-20 21:07:52 ----D---- C:\Documents and Settings\Reid Quisenberry.GAMINGPC\Application Data\WinRAR
2008-11-20 21:00:53 ----N---- C:\WINDOWS\system32\vxblock.dll
2008-11-20 21:00:53 ----N---- C:\WINDOWS\system32\pxwave.dll
2008-11-20 21:00:53 ----N---- C:\WINDOWS\system32\pxsfs.dll
2008-11-20 21:00:53 ----N---- C:\WINDOWS\system32\pxmas.dll
2008-11-20 21:00:53 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2008-11-20 21:00:53 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2008-11-20 21:00:53 ----N---- C:\WINDOWS\system32\pxdrv.dll
2008-11-20 21:00:53 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2008-11-20 21:00:53 ----N---- C:\WINDOWS\system32\pxafs.dll
2008-11-20 21:00:53 ----N---- C:\WINDOWS\system32\px.dll
2008-11-20 06:00:34 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2008-11-20 06:00:27 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP10$
2008-11-19 06:05:09 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-11-19 06:03:13 ----N---- C:\WINDOWS\kb913800.exe
2008-11-19 06:00:17 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-11-19 00:04:59 ----D---- C:\Documents and Settings\Reid Quisenberry.GAMINGPC\Application Data\acccore
2008-11-19 00:04:27 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint
2008-11-19 00:04:26 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\acccore
2008-11-19 00:04:19 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL OCP
2008-11-19 00:04:19 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL
2008-11-19 00:03:49 ----D---- C:\Program Files\AIM6
2008-11-18 01:26:05 ----A---- C:\WINDOWS\system32\wpa.bak
2008-11-18 01:23:59 ----D---- C:\Documents and Settings\Reid Quisenberry.GAMINGPC\Application Data\Xfire
2008-11-18 01:18:57 ----D---- C:\Documents and Settings\Reid Quisenberry.GAMINGPC\Application Data\Mozilla
2008-11-18 00:50:50 ----D---- C:\Documents and Settings\Reid Quisenberry.GAMINGPC\Application Data\Macromedia
2008-11-18 00:45:52 ----A---- C:\WINDOWS\system32\WLAN.INI
2008-11-18 00:40:14 ----A---- C:\WINDOWS\system32\results.txt
2008-11-18 00:40:09 ----A---- C:\WINDOWS\system32\GTW32N50.dll
2008-11-18 00:40:08 ----A---- C:\WINDOWS\system32\GTGina.dll
2008-11-18 00:27:45 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Motive
2008-11-18 00:27:45 ----A---- C:\WINDOWS\system32\WebFlowIDPersist.dll
2008-11-18 00:27:45 ----A---- C:\WINDOWS\system32\ReportReader.dll
2008-11-18 00:27:45 ----A---- C:\WINDOWS\system32\BJAXSecurityManager.dll
2008-11-18 00:27:42 ----D---- C:\Program Files\Common Files\Motive
2008-11-18 00:27:42 ----A---- C:\WINDOWS\system32\snmpaxctrl.dll
2008-11-18 00:27:42 ----A---- C:\WINDOWS\system32\ActiveUtils.dll
2008-11-18 00:27:41 ----A---- C:\WINDOWS\system32\BJInstaller.dll
2008-11-18 00:27:40 ----A---- C:\WINDOWS\system32\BinaryAggregator1.dll
2008-11-18 00:17:36 ----D---- C:\Documents and Settings\Reid Quisenberry.GAMINGPC\Application Data\Identities
2008-11-18 00:13:04 ----A---- C:\WINDOWS\system32\xpsp3res.dll
2008-11-18 00:12:42 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2008-11-18 00:10:56 ----A---- C:\WINDOWS\system32\jit.dll
2008-11-18 00:10:56 ----A---- C:\WINDOWS\system32\javaee.dll
2008-11-18 00:10:56 ----A---- C:\WINDOWS\system32\dx3j.dll
2008-11-18 00:10:56 ----A---- C:\WINDOWS\setdebug.exe
2008-11-18 00:10:54 ----A---- C:\WINDOWS\system32\wjview.exe
2008-11-18 00:10:54 ----A---- C:\WINDOWS\system32\vmhelper.dll
2008-11-18 00:10:54 ----A---- C:\WINDOWS\system32\msjdbc10.dll
2008-11-18 00:10:53 ----A---- C:\WINDOWS\system32\msjava.dll
2008-11-18 00:10:53 ----A---- C:\WINDOWS\system32\msawt.dll
2008-11-18 00:10:53 ----A---- C:\WINDOWS\system32\jview.exe
2008-11-18 00:10:53 ----A---- C:\WINDOWS\system32\jdbgmgr.exe
2008-11-18 00:10:53 ----A---- C:\WINDOWS\system32\javart.dll
2008-11-18 00:10:53 ----A---- C:\WINDOWS\system32\javaprxy.dll
2008-11-18 00:10:53 ----A---- C:\WINDOWS\system32\javacypt.dll
2008-11-18 00:10:53 ----A---- C:\WINDOWS\system32\clspack.exe
2008-11-18 00:10:48 ----SD---- C:\Documents and Settings\Reid Quisenberry.GAMINGPC\Application Data\Microsoft
2008-11-18 00:10:48 ----ASH---- C:\Documents and Settings\Reid Quisenberry.GAMINGPC\Application Data\desktop.ini
2008-11-18 00:09:12 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-18 00:05:20 ----A---- C:\WINDOWS\control.ini
2008-11-18 00:05:09 ----A---- C:\WINDOWS\OEWABLog.txt
2008-11-18 00:05:07 ----A---- C:\WINDOWS\system32\mapi32.dll
2008-11-18 00:04:00 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2008-11-18 00:03:54 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2008-11-18 00:03:13 ----A---- C:\WINDOWS\system32\atrace.dll
2008-11-18 00:03:11 ----A---- C:\WINDOWS\system32\desktop.ini
2008-11-18 00:03:11 ----A---- C:\WINDOWS\desktop.ini
2008-11-18 00:03:05 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2008-11-18 00:03:04 ----A---- C:\WINDOWS\system32\acctres.dll
2008-11-18 00:03:03 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2008-11-18 00:02:58 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-11-18 00:02:58 ----A---- C:\WINDOWS\system32\wups.dll
2008-11-18 00:02:58 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-11-18 00:02:58 ----A---- C:\WINDOWS\system32\wuauserv.dll
2008-11-18 00:02:58 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2008-11-18 00:02:58 ----A---- C:\WINDOWS\system32\wuaueng.dll.wusetup.110312500.bak
2008-11-18 00:02:58 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-11-18 00:02:58 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2008-11-18 00:02:58 ----A---- C:\WINDOWS\system32\wuauclt.exe.wusetup.110312343.bak
2008-11-18 00:02:58 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-11-18 00:02:58 ----A---- C:\WINDOWS\system32\wuapi.dll.wusetup.110312296.bak
2008-11-18 00:02:58 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-11-18 00:02:57 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2008-11-18 00:02:57 ----A---- C:\WINDOWS\system32\qmgr.dll
2008-11-18 00:02:57 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2008-11-18 00:02:57 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2008-11-18 00:02:51 ----A---- C:\WINDOWS\system32\safrslv.dll
2008-11-18 00:02:51 ----A---- C:\WINDOWS\system32\safrdm.dll
2008-11-18 00:02:51 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2008-11-18 00:02:51 ----A---- C:\WINDOWS\system32\racpldlg.dll
2008-11-18 00:02:49 ----A---- C:\WINDOWS\system32\fltlib.dll
2008-11-18 00:02:48 ----A---- C:\WINDOWS\system32\srsvc.dll
2008-11-18 00:02:48 ----A---- C:\WINDOWS\system32\srrstr.dll
2008-11-18 00:02:48 ----A---- C:\WINDOWS\system32\srclient.dll
2008-11-18 00:02:48 ----A---- C:\WINDOWS\system32\fltMc.exe
2008-11-18 00:02:47 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2008-11-18 00:02:47 ----A---- C:\WINDOWS\system32\msconf.dll
2008-11-18 00:02:47 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2008-11-18 00:02:47 ----A---- C:\WINDOWS\system32\mnmdd.dll
2008-11-18 00:02:47 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2008-11-18 00:02:47 ----A---- C:\WINDOWS\system32\ils.dll
2008-11-18 00:02:44 ----A---- C:\WINDOWS\system32\msoert2.dll
2008-11-18 00:02:44 ----A---- C:\WINDOWS\system32\msoeacct.dll
2008-11-18 00:02:43 ----A---- C:\WINDOWS\system32\inetres.dll
2008-11-18 00:02:43 ----A---- C:\WINDOWS\system32\inetcomm.dll
2008-11-18 00:02:41 ----A---- C:\WINDOWS\system32\schedsvc.dll
2008-11-18 00:02:41 ----A---- C:\WINDOWS\system32\mstinit.exe
2008-11-18 00:02:41 ----A---- C:\WINDOWS\system32\mstask.dll
2008-11-18 00:02:40 ----A---- C:\WINDOWS\system32\isign32.dll
2008-11-18 00:02:40 ----A---- C:\WINDOWS\system32\inetcfg.dll
2008-11-18 00:02:40 ----A---- C:\WINDOWS\system32\icwphbk.dll
2008-11-18 00:02:40 ----A---- C:\WINDOWS\system32\icwdial.dll
2008-11-18 00:01:37 ----A---- C:\WINDOWS\vbaddin.ini
2008-11-18 00:01:37 ----A---- C:\WINDOWS\vb.ini
2008-11-18 00:01:05 ----A---- C:\WINDOWS\system32\mhn.dll
2008-11-18 00:01:05 ----A---- C:\WINDOWS\system32\igdetect.dll
2008-11-18 00:00:28 ----A---- C:\WINDOWS\system32\write.exe
2008-11-18 00:00:22 ----A---- C:\WINDOWS\system32\sndvol32.exe
2008-11-18 00:00:22 ----A---- C:\WINDOWS\system32\hticons.dll
2008-11-18 00:00:22 ----A---- C:\WINDOWS\system32\avwav.dll
2008-11-18 00:00:22 ----A---- C:\WINDOWS\system32\avtapi.dll
2008-11-18 00:00:22 ----A---- C:\WINDOWS\system32\avmeter.dll
2008-11-18 00:00:21 ----A---- C:\WINDOWS\system32\winchat.exe
2008-11-18 00:00:15 ----A---- C:\WINDOWS\system32\getuname.dll
2008-11-18 00:00:15 ----A---- C:\WINDOWS\system32\charmap.exe
2008-11-18 00:00:15 ----A---- C:\WINDOWS\system32\calc.exe
2008-11-18 00:00:14 ----A---- C:\WINDOWS\system32\winmine.exe
2008-11-18 00:00:14 ----A---- C:\WINDOWS\system32\sol.exe
2008-11-18 00:00:14 ----A---- C:\WINDOWS\system32\mshearts.exe
2008-11-18 00:00:13 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2008-11-18 00:00:13 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2008-11-18 00:00:13 ----A---- C:\WINDOWS\system32\tslabels.ini
2008-11-18 00:00:13 ----A---- C:\WINDOWS\system32\tskill.exe
2008-11-18 00:00:13 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2008-11-18 00:00:13 ----A---- C:\WINDOWS\system32\tscon.exe
2008-11-18 00:00:13 ----A---- C:\WINDOWS\system32\shadow.exe
2008-11-18 00:00:13 ----A---- C:\WINDOWS\system32\rwinsta.exe
2008-11-18 00:00:13 ----A---- C:\WINDOWS\system32\reset.exe
2008-11-18 00:00:13 ----A---- C:\WINDOWS\system32\regini.exe
2008-11-18 00:00:13 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2008-11-18 00:00:13 ----A---- C:\WINDOWS\system32\qwinsta.exe
2008-11-18 00:00:13 ----A---- C:\WINDOWS\system32\freecell.exe
2008-11-18 00:00:12 ----A---- C:\WINDOWS\system32\qappsrv.exe
2008-11-18 00:00:12 ----A---- C:\WINDOWS\system32\msg.exe
2008-11-18 00:00:12 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2008-11-18 00:00:12 ----A---- C:\WINDOWS\system32\logoff.exe
2008-11-18 00:00:12 ----A---- C:\WINDOWS\system32\cdmodem.dll
2008-11-18 00:00:11 ----A---- C:\WINDOWS\system32\stclient.dll
2008-11-18 00:00:11 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2008-11-18 00:00:11 ----A---- C:\WINDOWS\system32\mtxex.dll
2008-11-18 00:00:11 ----A---- C:\WINDOWS\system32\mtxdm.dll
2008-11-18 00:00:11 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2008-11-18 00:00:11 ----A---- C:\WINDOWS\system32\comrepl.dll
2008-11-18 00:00:11 ----A---- C:\WINDOWS\system32\comaddin.dll
2008-11-18 00:00:10 ----A---- C:\WINDOWS\system32\comsnap.dll
2008-11-18 00:00:06 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2008-11-18 00:00:05 ----A---- C:\WINDOWS\system32\sndrec32.exe
2008-11-18 00:00:05 ----A---- C:\WINDOWS\system32\accwiz.exe
2008-11-18 00:00:04 ----A---- C:\WINDOWS\system32\mspaint.exe
2008-11-18 00:00:04 ----A---- C:\WINDOWS\system32\mplay32.exe
2008-11-18 00:00:04 ----A---- C:\WINDOWS\system32\hypertrm.dll
2008-11-18 00:00:03 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2008-11-18 00:00:03 ----A---- C:\WINDOWS\system32\spider.exe
2008-11-18 00:00:03 ----A---- C:\WINDOWS\system32\clipbrd.exe
2008-11-18 00:00:02 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2008-11-18 00:00:02 ----A---- C:\WINDOWS\system32\sessmgr.exe
2008-11-18 00:00:02 ----A---- C:\WINDOWS\system32\remotepg.dll
2008-11-18 00:00:02 ----A---- C:\WINDOWS\system32\rdshost.exe
2008-11-18 00:00:02 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2008-11-18 00:00:02 ----A---- C:\WINDOWS\system32\rdchost.dll
2008-11-18 00:00:02 ----A---- C:\WINDOWS\system32\mstscax.dll
2008-11-18 00:00:02 ----A---- C:\WINDOWS\system32\mstsc.exe
2008-11-18 00:00:01 ----A---- C:\WINDOWS\system32\termsrv.dll
2008-11-18 00:00:01 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2008-11-18 00:00:01 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2008-11-18 00:00:01 ----A---- C:\WINDOWS\system32\rdpclip.exe
2008-11-18 00:00:01 ----A---- C:\WINDOWS\system32\qprocess.exe
2008-11-18 00:00:01 ----A---- C:\WINDOWS\system32\mtxoci.dll
2008-11-18 00:00:01 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2008-11-18 00:00:01 ----A---- C:\WINDOWS\system32\icaapi.dll
2008-11-18 00:00:01 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2008-11-18 00:00:00 ----A---- C:\WINDOWS\system32\xolehlp.dll
2008-11-18 00:00:00 ----A---- C:\WINDOWS\system32\msdtctm.dll
2008-11-18 00:00:00 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2008-11-18 00:00:00 ----A---- C:\WINDOWS\system32\msdtclog.dll
2008-11-18 00:00:00 ----A---- C:\WINDOWS\system32\msdtc.exe
2008-11-17 23:59:59 ----A---- C:\WINDOWS\system32\colbact.dll
2008-11-17 23:59:59 ----A---- C:\WINDOWS\system32\clbcatex.dll
2008-11-17 23:59:59 ----A---- C:\WINDOWS\system32\catsrvut.dll
2008-11-17 23:59:59 ----A---- C:\WINDOWS\system32\catsrvps.dll
2008-11-17 23:59:58 ----A---- C:\WINDOWS\system32\comuid.dll
2008-11-17 23:59:58 ----A---- C:\WINDOWS\system32\comsvcs.dll
2008-11-17 23:59:58 ----A---- C:\WINDOWS\system32\clbcatq.dll
2008-11-17 23:59:58 ----A---- C:\WINDOWS\system32\catsrv.dll
2008-11-17 23:59:53 ----A---- C:\WINDOWS\system32\servdeps.dll
2008-11-17 23:59:53 ----A---- C:\WINDOWS\system32\mmfutil.dll
2008-11-17 23:59:53 ----A---- C:\WINDOWS\system32\licwmi.dll
2008-11-17 23:59:52 ----A---- C:\WINDOWS\system32\cmprops.dll
2008-11-17 22:12:07 ----A---- C:\WINDOWS\system32\ksuser.dll
2008-11-17 22:06:13 ----A---- C:\WINDOWS\system32\nvudisp.exe
2008-11-17 22:01:51 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe
2008-11-17 22:01:49 ----D---- C:\Program Files\Adobe Media Player
2008-11-17 21:58:04 ----D---- C:\Documents and Settings\Reid Quisenberry.GAMINGPC\Application Data\Adobe
2008-11-17 21:54:21 ----D---- C:\Documents and Settings\Reid Quisenberry.GAMINGPC\Application Data\Ventrilo
2008-11-17 21:54:01 ----A---- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2008-11-17 21:52:47 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2008-11-17 18:25:48 ----D---- C:\Program Files\IObit
2008-11-17 18:09:50 ----HD---- C:\$AVG8.VAULT$
2008-11-17 18:09:29 ----D---- C:\Program Files\AVG
2008-11-17 17:55:14 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-11-17 17:55:10 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-11-17 17:55:06 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-11-17 17:55:02 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-11-17 17:54:58 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-11-17 17:54:49 ----DC---- C:\WINDOWS\$NtUninstallKB951978$
2008-11-17 17:54:45 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-11-17 17:54:40 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-11-17 17:52:58 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-11-17 17:52:54 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-17 17:52:50 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-11-17 17:52:45 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-11-17 17:52:41 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-11-17 17:52:37 ----DC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-17 17:52:34 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-11-17 17:52:30 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-17 17:52:21 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-11-17 17:26:38 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-11-17 17:26:19 ----DC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-11-17 16:51:11 ----D---- C:\gakdokz
2008-11-17 15:59:29 ----A---- C:\WINDOWS\system32\h323log.txt
2008-11-17 15:55:26 ----A---- C:\WINDOWS\system32\hidserv.dll
2008-11-17 15:54:48 ----A---- C:\WINDOWS\system32\wshirda.dll
2008-11-17 15:54:48 ----A---- C:\WINDOWS\system32\irmon.dll
2008-11-17 15:54:48 ----A---- C:\WINDOWS\system32\irftp.exe
2008-11-17 15:54:20 ----A---- C:\WINDOWS\system32\usbui.dll
2008-11-17 15:48:38 ----A---- C:\WINDOWS\imsins.BAK
2008-11-17 15:48:35 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-17 15:48:35 ----A---- C:\WINDOWS\ODBCINST.INI
2008-11-17 15:48:30 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2008-11-17 15:48:30 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2008-11-17 15:48:30 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2008-11-17 15:48:29 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2008-11-17 15:48:29 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2008-11-17 15:48:28 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2008-11-17 15:48:28 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2008-11-17 15:48:28 ----RA---- C:\WINDOWS\system32\kbdur.dll
2008-11-17 15:48:28 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2008-11-17 15:48:28 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2008-11-17 15:48:28 ----RA---- C:\WINDOWS\system32\kbdru.dll
2008-11-17 15:48:28 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2008-11-17 15:48:28 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2008-11-17 15:48:28 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2008-11-17 15:48:28 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2008-11-17 15:48:27 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2008-11-17 15:48:26 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2008-11-17 15:48:26 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2008-11-17 15:48:26 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2008-11-17 15:48:26 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2008-11-17 15:48:26 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2008-11-17 15:48:26 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2008-11-17 15:48:25 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2008-11-17 15:48:25 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2008-11-17 15:48:25 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2008-11-17 15:48:25 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2008-11-17 15:48:25 ----RA---- C:\WINDOWS\system32\kbdest.dll
2008-11-17 15:48:23 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2008-11-17 15:48:23 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2008-11-17 15:48:23 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2008-11-17 15:48:23 ----RA---- C:\WINDOWS\system32\kbdro.dll
2008-11-17 15:48:23 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2008-11-17 15:48:23 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2008-11-17 15:48:23 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2008-11-17 15:48:23 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2008-11-17 15:48:23 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2008-11-17 15:48:23 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2008-11-17 15:48:23 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2008-11-17 15:48:23 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2008-11-17 15:48:23 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2008-11-17 15:48:21 ----A---- C:\WINDOWS\system32\irclass.dll
2008-11-17 15:48:21 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2008-11-17 15:48:20 ----A---- C:\WINDOWS\system32\spxcoins.dll
2008-11-17 15:48:20 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2008-11-17 15:48:20 ----A---- C:\WINDOWS\system32\dgsetup.dll
2008-11-17 15:48:18 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2008-11-17 15:48:18 ----A---- C:\WINDOWS\TASKMAN.EXE
2008-11-17 15:48:18 ----A---- C:\WINDOWS\system32\batt.dll
2008-11-17 15:48:17 ----A---- C:\WINDOWS\system32\storprop.dll
2008-11-17 15:48:17 ----A---- C:\WINDOWS\NOTEPAD.EXE
2008-11-17 15:48:13 ----ASH---- C:\Documents and Settings\All Users.WINDOWS\Application Data\desktop.ini
2008-11-17 15:48:10 ----RA---- C:\WINDOWS\SET8.tmp
2008-11-17 15:48:08 ----RA---- C:\WINDOWS\SET4.tmp
2008-11-17 15:48:07 ----RA---- C:\WINDOWS\SET3.tmp
2008-11-17 15:47:58 ----SD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
2008-11-17 15:47:43 ----A---- C:\WINDOWS\setuplog.txt
2008-11-16 21:49:44 ----D---- C:\Program Files\Winamp2
2008-11-12 21:17:53 ----D---- C:\Program Files\World of Warcraft
2008-10-21 20:51:43 ----D---- C:\fe57a21affbcd8492ec5308e5aa180
2008-10-21 20:48:44 ----D---- C:\Autodesk
======List of files/folders modified in the last 2 months======
2008-12-20 00:34:50 ----SD---- C:\WINDOWS\Tasks
2008-12-20 00:34:40 ----D---- C:\WINDOWS\Prefetch
2008-12-20 00:34:02 ----D---- C:\Program Files\Mozilla Firefox
2008-12-20 00:32:03 ----HD---- C:\WINDOWS\inf
2008-12-20 00:32:02 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-20 00:32:02 ----D---- C:\WINDOWS\Registration
2008-12-20 00:31:58 ----D---- C:\WINDOWS
2008-12-18 23:44:40 ----D---- C:\WINDOWS\system32
2008-12-18 03:00:19 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-18 03:00:14 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-16 12:12:11 ----SD---- C:\Program Files\Xfire
2008-12-16 09:34:10 ----D---- C:\WINDOWS\system32\config
2008-12-16 09:34:04 ----RD---- C:\Program Files
2008-12-16 09:32:01 ----RASH---- C:\boot.ini
2008-12-16 09:32:01 ----A---- C:\WINDOWS\win.ini
2008-12-16 09:32:01 ----A---- C:\WINDOWS\system.ini
2008-12-16 05:52:09 ----D---- C:\WINDOWS\system32\drivers
2008-12-16 03:00:27 ----SHD---- C:\WINDOWS\Installer
2008-12-16 03:00:27 ----SHD---- C:\Config.Msi
2008-12-16 03:00:26 ----D---- C:\WINDOWS\system32\DirectX
2008-12-15 23:22:05 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-14 19:35:19 ----D---- C:\WINDOWS\AppPatch
2008-12-14 19:35:19 ----D---- C:\Program Files\Common Files
2008-12-14 15:54:40 ----D---- C:\spm
2008-12-14 15:19:52 ----D---- C:\Reglide
2008-12-14 15:19:52 ----D---- C:\Program Files\Paladin
2008-12-14 15:19:52 ----D---- C:\Program Files\AIM
2008-12-14 15:19:52 ----D---- C:\Program Files\Againz
2008-12-14 15:19:51 ----D---- C:\Documents and Settings
2008-12-14 11:36:37 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-14 11:30:51 ----D---- C:\Program Files\Lavasoft
2008-12-14 11:30:31 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-13 21:39:40 ----A---- C:\WINDOWS\system32\svchost.exe
2008-12-13 20:17:53 ----D---- C:\WINDOWS\pss
2008-12-13 19:08:34 ----RSD---- C:\WINDOWS\assembly
2008-12-12 12:33:23 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-12 03:00:32 ----D---- C:\Program Files\Internet Explorer
2008-12-11 18:19:44 ----D---- C:\Program Files\Adobe
2008-12-10 13:51:04 ----D---- C:\Program Files\TeamViewer3
2008-11-26 02:49:39 ----HDC---- C:\WINDOWS\$NtUninstallKB909394$
2008-11-26 02:49:29 ----D---- C:\Program Files\Microsoft ActiveSync
2008-11-26 02:48:55 ----D---- C:\WINDOWS\Help
2008-11-25 23:43:18 ----D---- C:\Program Files\QuickTime
2008-11-25 23:42:50 ----D---- C:\Program Files\Apple Software Update
2008-11-24 19:41:27 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-24 19:40:54 ----RSD---- C:\WINDOWS\Fonts
2008-11-24 19:40:49 ----HD---- C:\WINDOWS\ShellNew
2008-11-24 19:39:40 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2008-11-24 00:54:55 ----D---- C:\Program Files\Winamp
2008-11-21 06:00:28 ----HDC---- C:\WINDOWS\$NtUninstallKB926251$
2008-11-21 06:00:28 ----D---- C:\Program Files\Windows Media Player
2008-11-20 21:06:58 ----D---- C:\Program Files\WinRAR
2008-11-20 10:12:51 ----D---- C:\WINDOWS\ehome
2008-11-20 06:03:34 ----D---- C:\Program Files\Messenger
2008-11-20 06:03:13 ----HDC---- C:\WINDOWS\$NtUninstallKB908250$
2008-11-20 06:02:41 ----HDC---- C:\WINDOWS\$NtUninstallKB913800$
2008-11-20 06:01:33 ----HDC---- C:\WINDOWS\$NtUninstallKB923689$
2008-11-20 06:01:09 ----HDC---- C:\WINDOWS\$NtUninstallKB930494$
2008-11-20 06:00:58 ----D---- C:\WINDOWS\WinSxS
2008-11-19 00:04:28 ----D---- C:\Program Files\Viewpoint
2008-11-19 00:04:19 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-19 00:04:06 ----D---- C:\Program Files\Common Files\AOL
2008-11-18 19:39:05 ----D---- C:\f578ee965fbd880c086535cc70bb
2008-11-18 08:49:46 ----D---- C:\WINDOWS\SoftwareDistribution
2008-11-18 01:35:18 ----D---- C:\WINDOWS\Microsoft.NET
2008-11-18 00:46:59 ----D---- C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor
2008-11-18 00:21:41 ----SHD---- C:\RECYCLER
2008-11-18 00:21:41 ----D---- C:\Program Files\Online Services
2008-11-18 00:15:07 ----D---- C:\WINDOWS\security
2008-11-18 00:14:14 ----D---- C:\WINDOWS\RegisteredPackages
2008-11-18 00:13:42 ----HDC---- C:\WINDOWS\$NtUninstallKB900325$
2008-11-18 00:13:17 ----HDC---- C:\WINDOWS\$NtUninstallKB888795$
2008-11-18 00:13:06 ----HDC---- C:\WINDOWS\$NtUninstallKB899337$
2008-11-18 00:13:01 ----HDC---- C:\WINDOWS\$NtUninstallKB895961$
2008-11-18 00:12:56 ----HDC---- C:\WINDOWS\$NtUninstallKB891593$
2008-11-18 00:11:23 ----D---- C:\WINDOWS\system32\URTTemp
2008-11-18 00:09:15 ----SHD---- C:\System Volume Information
2008-11-18 00:09:15 ----D---- C:\WINDOWS\system32\Restore
2008-11-18 00:04:03 ----RD---- C:\WINDOWS\Web
2008-11-18 00:03:40 ----D---- C:\WINDOWS\srchasst
2008-11-18 00:03:15 ----D---- C:\WINDOWS\system32\oobe
2008-11-18 00:02:57 ----D---- C:\Program Files\Movie Maker
2008-11-18 00:02:46 ----D---- C:\Program Files\NetMeeting
2008-11-18 00:02:44 ----D---- C:\Program Files\Outlook Express
2008-11-18 00:02:44 ----D---- C:\Program Files\Common Files\System
2008-11-18 00:01:40 ----D---- C:\WINDOWS\system32\Com
2008-11-18 00:01:35 ----D---- C:\WINDOWS\system32\MsDtc
2008-11-18 00:01:20 ----D---- C:\WINDOWS\Media
2008-11-18 00:01:18 ----D---- C:\WINDOWS\Cursors
2008-11-18 00:00:10 ----D---- C:\WINDOWS\system32\wbem
2008-11-18 00:00:04 ----D---- C:\Program Files\Windows NT
2008-11-17 22:06:47 ----D---- C:\WINDOWS\nview
2008-11-17 21:54:02 ----D---- C:\Program Files\Ventrilo
2008-11-17 15:48:20 ----D---- C:\WINDOWS\system
2008-11-17 15:47:43 ----D---- C:\WINDOWS\Debug
2008-11-17 15:47:29 ----D---- C:\WINDOWS\system32\usmt
2008-11-17 15:46:21 ----D---- C:\UPDATES
2008-11-17 15:43:48 ----D---- C:\WINDOWS\THEMES
2008-11-17 15:43:43 ----D---- C:\WINDOWS\system32\Setup
2008-11-17 15:43:25 ----D---- C:\WINDOWS\mui
2008-11-17 15:43:24 ----D---- C:\WINDOWS\ime
2008-11-17 15:43:14 ----D---- C:\WINDOWS\PeerNet
2008-11-17 15:43:05 ----D---- C:\WINDOWS\system32\npp
2008-11-17 15:43:00 ----D---- C:\WINDOWS\msagent
2008-11-17 15:40:20 ----D---- C:\WINDOWS\twain_32
2008-11-17 15:39:55 ----D---- C:\WINDOWS\system32\ras
2008-11-17 15:39:29 ----D---- C:\WINDOWS\system32\icsxml
2008-11-17 15:39:04 ----D---- C:\WINDOWS\system32\ias
2008-11-17 15:39:00 ----D---- C:\WINDOWS\system32\1033
2008-11-17 15:38:12 ----D---- C:\WINDOWS\vbSkinner
2008-11-17 15:38:12 ----D---- C:\WINDOWS\system32\XPSViewer
2008-11-17 15:38:08 ----D---- C:\WINDOWS\system32\scripting
2008-11-17 15:38:08 ----D---- C:\WINDOWS\system32\RTCOM
2008-11-17 15:38:08 ----D---- C:\WINDOWS\system32\RNBOSENT
2008-11-17 15:38:06 ----D---- C:\WINDOWS\system32\movektxt
2008-11-17 15:37:07 ----D---- C:\WINDOWS\system32\inetsrv
2008-11-17 15:37:06 ----D---- C:\WINDOWS\system32\en-us
2008-11-17 15:37:06 ----D---- C:\WINDOWS\system32\en
2008-11-17 15:36:59 ----D---- C:\WINDOWS\system32\bits
2008-11-17 15:36:49 ----D---- C:\WINDOWS\repair
2008-11-17 15:36:47 ----RD---- C:\WINDOWS\Offline Web Pages
2008-11-17 15:36:47 ----D---- C:\WINDOWS\nvidia icons
2008-11-17 15:36:47 ----D---- C:\WINDOWS\NV39881344.TMP
2008-11-17 15:36:47 ----D---- C:\WINDOWS\NV37723524.TMP
2008-11-17 15:36:47 ----D---- C:\WINDOWS\NV36241404.TMP
2008-11-17 15:36:47 ----D---- C:\WINDOWS\NV27564452.TMP
2008-11-17 15:36:47 ----D---- C:\WINDOWS\NV25322536.TMP
2008-11-17 15:36:47 ----D---- C:\WINDOWS\NV17963616.TMP
2008-11-17 15:36:47 ----D---- C:\WINDOWS\network diagnostic
2008-11-17 15:36:47 ----D---- C:\WINDOWS\mm.BOT
2008-11-17 15:36:47 ----D---- C:\WINDOWS\Minidump
2008-11-17 15:36:43 ----D---- C:\WINDOWS\l2schemas
2008-11-17 15:36:35 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2008-11-17 15:36:35 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2008-11-17 15:36:35 ----HDC---- C:\WINDOWS\$NtUninstallKB951698_0$
2008-11-17 15:36:35 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-11-17 15:36:35 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-11-17 15:36:35 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-11-17 15:36:35 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
2008-11-17 15:36:35 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-11-17 15:36:35 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2008-11-17 15:36:35 ----HDC---- C:\WINDOWS\$NtUninstallKB950759_0$
2008-11-17 15:36:35 ----HDC---- C:\WINDOWS\$NtUninstallKB950759$
2008-11-17 15:36:35 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
2008-11-17 15:36:35 ----HDC---- C:\WINDOWS\$NtUninstallKB948881$
2008-11-17 15:36:35 ----HDC---- C:\WINDOWS\$NtUninstallKB948590$
2008-11-17 15:36:35 ----HDC---- C:\WINDOWS\$NtUninstallKB947864$
2008-11-17 15:36:35 ----D---- C:\WINDOWS\.jagex_cache_32
2008-11-17 15:36:34 ----HDC---- C:\WINDOWS\$NtUninstallKB946026$
2008-11-17 15:36:34 ----HDC---- C:\WINDOWS\$NtUninstallKB945553$
2008-11-17 15:36:34 ----HDC---- C:\WINDOWS\$NtUninstallKB944653$
2008-11-17 15:36:34 ----HDC---- C:\WINDOWS\$NtUninstallKB944533$
2008-11-17 15:36:34 ----HDC---- C:\WINDOWS\$NtUninstallKB944338$
2008-11-17 15:36:34 ----HDC---- C:\WINDOWS\$NtUninstallKB943485$
2008-11-17 15:36:34 ----HDC---- C:\WINDOWS\$NtUninstallKB943460$
2008-11-17 15:36:34 ----HDC---- C:\WINDOWS\$NtUninstallKB943055$
2008-11-17 15:36:34 ----HDC---- C:\WINDOWS\$NtUninstallKB942840$
2008-11-17 15:36:34 ----HDC---- C:\WINDOWS\$NtUninstallKB942763$
2008-11-17 15:36:34 ----HDC---- C:\WINDOWS\$NtUninstallKB942615$
2008-11-17 15:36:34 ----HDC---- C:\WINDOWS\$NtUninstallKB941693$
2008-11-17 15:36:34 ----HDC---- C:\WINDOWS\$NtUninstallKB941644$
2008-11-17 15:36:34 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2008-11-17 15:36:34 ----HDC---- C:\WINDOWS\$NtUninstallKB941568$
2008-11-17 15:36:34 ----HDC---- C:\WINDOWS\$NtUninstallKB941202$
2008-11-17 15:36:34 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2008-11-17 15:36:34 ----HDC---- C:\WINDOWS\$NtUninstallKB939653$
2008-11-17 15:36:34 ----HDC---- C:\WINDOWS\$NtUninstallKB938829$
2008-11-17 15:36:34 ----HDC---- C:\WINDOWS\$NtUninstallKB938828$
2008-11-17 15:36:34 ----HDC---- C:\WINDOWS\$NtUninstallKB938127$
2008-11-17 15:36:34 ----HDC---- C:\WINDOWS\$NtUninstallKB937894$
2008-11-17 15:36:34 ----HDC---- C:\WINDOWS\$NtUninstallKB937143$
2008-11-17 15:36:34 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2008-11-17 15:36:34 ----HDC---- C:\WINDOWS\$NtUninstallKB936021$
2008-11-17 15:36:34 ----HDC---- C:\WINDOWS\$NtUninstallKB935840$
2008-11-17 15:36:34 ----HDC---- C:\WINDOWS\$NtUninstallKB935839$
2008-11-17 15:36:34 ----HDC---- C:\WINDOWS\$NtUninstallKB935448$
2008-11-17 15:36:34 ----HDC---- C:\WINDOWS\$NtUninstallKB933729$
2008-11-17 15:36:34 ----HDC---- C:\WINDOWS\$NtUninstallKB933566$
2008-11-17 15:36:34 ----HDC---- C:\WINDOWS\$NtUninstallKB933360$
2008-11-17 15:36:34 ----HDC---- C:\WINDOWS\$NtUninstallKB932168$
2008-11-17 15:36:34 ----HDC---- C:\WINDOWS\$NtUninstallKB931784$
2008-11-17 15:36:34 ----HDC---- C:\WINDOWS\$NtUninstallKB931768$
2008-11-17 15:36:34 ----HDC---- C:\WINDOWS\$NtUninstallKB931261$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB930916$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB930178$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB929969$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB929338$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB929123$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB928843$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB928255$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB928090$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB927891$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB927802$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB927779$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB926436$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB926255$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB926239$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB925902$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB925766$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB925486$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB925454$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB925398_WMP64$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB924667$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB924496$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB924270$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB924191$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB923980$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB923694$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB923414$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB923191$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB922819$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB922616$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB922582$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB921503$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB921398$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB920872$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB920685$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB920683$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB920670$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB920213$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB919007$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB918439$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB918118$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB917953$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB917734_WMP10$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB917422$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB917344$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB916595$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB914389$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB914388$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB913580$
2008-11-17 15:36:32 ----HDC---- C:\WINDOWS\$NtUninstallKB912919$
2008-11-17 15:36:32 ----HDC---- C:\WINDOWS\$NtUninstallKB911927$
2008-11-17 15:36:32 ----HDC---- C:\WINDOWS\$NtUninstallKB911562$
2008-11-17 15:36:32 ----HDC---- C:\WINDOWS\$NtUninstallKB911280$
2008-11-17 15:36:32 ----HDC---- C:\WINDOWS\$NtUninstallKB910437$
2008-11-17 15:36:32 ----HDC---- C:\WINDOWS\$NtUninstallKB908531$
2008-11-17 15:36:32 ----HDC---- C:\WINDOWS\$NtUninstallKB908519$
2008-11-17 15:36:32 ----HDC---- C:\WINDOWS\$NtUninstallKB905749$
2008-11-17 15:36:32 ----HDC---- C:\WINDOWS\$NtUninstallKB905414$
2008-11-17 15:36:32 ----HDC---- C:\WINDOWS\$NtUninstallKB904706$
2008-11-17 15:36:32 ----HDC---- C:\WINDOWS\$NtUninstallKB903157$
2008-11-17 15:36:32 ----HDC---- C:\WINDOWS\$NtUninstallKB902400$
2008-11-17 15:36:32 ----HDC---- C:\WINDOWS\$NtUninstallKB901214$
2008-11-17 15:36:32 ----HDC---- C:\WINDOWS\$NtUninstallKB901017$
2008-11-17 15:36:32 ----HDC---- C:\WINDOWS\$NtUninstallKB900725$
2008-11-17 15:36:32 ----HDC---- C:\WINDOWS\$NtUninstallKB900485$
2008-11-17 15:36:32 ----HDC---- C:\WINDOWS\$NtUninstallKB899591$
2008-11-17 15:36:32 ----HDC---- C:\WINDOWS\$NtUninstallKB899587$
2008-11-17 15:36:32 ----HDC---- C:\WINDOWS\$NtUninstallKB896428$
2008-11-17 15:36:32 ----HDC---- C:\WINDOWS\$NtUninstallKB896424$
2008-11-17 15:36:32 ----HDC---- C:\WINDOWS\$NtUninstallKB896423$
2008-11-17 15:36:32 ----HDC---- C:\WINDOWS\$NtUninstallKB896358$
2008-11-17 15:36:32 ----HDC---- C:\WINDOWS\$NtUninstallKB894391$
2008-11-17 15:36:32 ----HDC---- C:\WINDOWS\$NtUninstallKB893756$
2008-11-17 15:36:32 ----HDC---- C:\WINDOWS\$NtUninstallKB891781$
2008-11-17 15:36:32 ----HDC---- C:\WINDOWS\$NtUninstallKB890859$
2008-11-17 15:36:32 ----HDC---- C:\WINDOWS\$NtUninstallKB888302$
2008-11-17 15:36:32 ----HDC---- C:\WINDOWS\$NtUninstallKB887998$
2008-11-17 15:36:32 ----HDC---- C:\WINDOWS\$NtUninstallKB887472$
2008-11-17 15:36:32 ----HDC---- C:\WINDOWS\$NtUninstallKB886185$
2008-11-17 15:36:32 ----HDC---- C:\WINDOWS\$NtUninstallKB885836$
2008-11-17 15:36:31 ----HDC---- C:\WINDOWS\$NtUninstallKB873339$
2008-11-17 15:36:31 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-11-17 15:36:29 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803$
2008-11-12 21:17:54 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2008-11-12 20:23:29 ----D---- C:\Program Files\FlashGet
2008-11-12 20:15:11 ----D---- C:\RapidShare Downloads
2008-11-12 19:41:08 ----D---- C:\Program Files\Autodesk
2008-11-06 19:01:20 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-10-23 08:01:36 ----A---- C:\WINDOWS\system32\gdi32.dll
2008-10-22 04:47:07 ----N---- C:\WINDOWS\system32\tzchange.exe
2008-10-21 20:54:25 ----D---- C:\Program Files\Common Files\Autodesk Shared
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-26 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-26 111184]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-26 50864]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-10-08 14848]
R1 sasdifsv;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 saskutil;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-11-18 20747]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-26 94032]
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-03 87424]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-26 23152]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM); C:\WINDOWS\system32\DRIVERS\vrtaucbl.sys [2008-11-20 40576]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-10-08 9600]
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-10-08 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-06-28 6807328]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 RT73;Linksys Home Wireless-G USB Adapter Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [2005-11-03 245504]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-10-08 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-10-08 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-10-08 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-10-08 17024]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-10-08 26496]
S3 catchme;catchme; \??\C:\DOCUME~1\REIDQU~1.GAM\LOCALS~1\Temp\catchme.sys []
S3 gjdcvnxhhv;gjdcvnxhhv; \??\C:\Documents and Settings\Reid Quisenberry.GAMINGPC\My Documents\EpickGlider\gjdcvnxhhv.sys []
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-12-15 85969]
S3 gqwtnvd;gqwtnvd; \??\C:\Documents and Settings\Reid Quisenberry.GAMINGPC\Desktop\Glider for Matt\gqwtnvd.sys []
S3 gtndis5;GTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\GTNDIS5.SYS []
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 PciCon;PciCon; \??\H:\PciCon.sys []
S3 sasenum;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 thanks;thanks; \??\C:\Documents and Settings\Reid Quisenberry.GAMINGPC\My Documents\EpickGlider\thanks.sys []
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2005-10-20 12800]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-26 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-26 155160]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-10-11 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2008-12-13 14336]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-06-28 155716]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-02-24 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-26 254040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-26 352920]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-12-13 14336]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-08-03 38912]
S4 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S4 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S4 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 WUSB54GCSVC;WUSB54GCSVC; C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe [2005-07-04 53307]
-----------------EOF-----------------
HayJayJay
2008-12-20, 18:41
Thanks for your help katana! I do greatly appreciate it!
First here is my LOG:
Logfile of random's system information tool 1.05 (written by random/random)
Run by Reid Quisenberry at 2008-12-20 00:35:02
Microsoft Windows XP Professional Service Pack 2
System drive C: has 89 GB (37%) free of 238 GB
Total RAM: 3071 MB (84% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:35, on 2008-12-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Reid Quisenberry.GAMINGPC\Desktop\RSIT.exe
C:\Program Files\HJT\Reid Quisenberry.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{28BA37C4-78D2-422A-8127-C93DFEFE4B33}: NameServer = 205.152.37.23,205.152.132.23
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC9942B2-ECD2-48A0-B798-E29E07865002}: NameServer = 205.152.37.23,205.152.132.23
O17 - HKLM\System\CS1\Services\Tcpip\..\{28BA37C4-78D2-422A-8127-C93DFEFE4B33}: NameServer = 205.152.37.23,205.152.132.23
O17 - HKLM\System\CS2\Services\Tcpip\..\{28BA37C4-78D2-422A-8127-C93DFEFE4B33}: NameServer = 205.152.37.23,205.152.132.23
O20 - Winlogon Notify: !saswinlogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: qoMgfGwT - qoMgfGwT.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 3915 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\MP Scheduled Scan.job
======Registry dump======
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-06-28 8466432]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]
"MSConfig"=C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE [2004-10-08 158208]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Aim6"=C:\Program Files\AIM6\aim6.exe [2008-10-21 50472]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\30f0e3c1]
C:\WINDOWS\system32\riquxycl.dll []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\aim6]
C:\Program Files\AIM6\aim6.exe [2008-10-21 50472]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diamondback]
C:\Program Files\Razer\Diamondback 3G\razerhid.exe [2007-06-29 147456]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehtray]
C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\h/pc connection agent]
C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jnskdfmf9eldfd]
C:\DOCUME~1\REIDQU~1.GAM\LOCALS~1\Temp\csrssc.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jsg8jfgfdfhfhf]
C:\WINDOWS\TEMP\winlogun.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nvcpldaemon]
C:\WINDOWS\system32\NvCpl.dll [2007-06-28 8466432]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nvmediacenter]
C:\WINDOWS\system32\NvMcTray.dll [2007-06-28 81920]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\quicktime task]
C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rs32net]
C:\WINDOWS\System32\rs32net.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-07-07 2156368]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\0118cc35-d08f-4356-95c3-2b6094db82d3.exe [2008-12-04 1809648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xsjfn83jkemfofght]
C:\WINDOWS\TEMP\winlogin.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^reid quisenberry.gamingpc^start menu^programs^startup^adobe gamma.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2005-03-16 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^reid quisenberry.gamingpc^start menu^programs^startup^adobe media player.lnk]
C:\PROGRA~1\ADOBEM~1\ADOBEM~1.EXE [2008-11-17 261120]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WUSB54GCSVC"=2
"WLSetupSvc"=3
"Viewpoint Manager Service"=2
"usnjsvc"=3
"RemoteRegistry"=2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!saswinlogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-03 352256]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\qoMgfGwT]
qoMgfGwT.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati3yfxx.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati3yfxx.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Ventrilo\Ventrilo.exe"="C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"
"C:\Program Files\Xfire\xfire.exe"="C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\BitLord\BitLord.exe"="C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord"
"C:\Documents and Settings\Reid Quisenberry.GAMINGPC\My Documents\Glider\lbwfwenspv.exe"="C:\Documents and Settings\Reid Quisenberry.GAMINGPC\My Documents\Glider\lbwfwenspv.exe:*:Enabled: "
"C:\Documents and Settings\Reid Quisenberry.GAMINGPC\Local Settings\Application Data\Dyyno Receiver\DPPM.exe"="C:\Documents and Settings\Reid Quisenberry.GAMINGPC\Local Settings\Application Data\Dyyno Receiver\DPPM.exe:*:Enabled:dppmmain Application"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
======List of files/folders created in the last 2 months======
2085-12-25 23:35:53 ----D---- C:\Program Files\MSI
2008-12-18 03:00:17 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
2008-12-16 05:51:58 ----A---- C:\WINDOWS\system32\aswBoot.exe
2008-12-16 05:51:57 ----D---- C:\Program Files\Alwil Software
2008-12-15 09:34:57 ----A---- C:\WINDOWS\gmer.ini
2008-12-15 09:34:56 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2008-12-15 09:34:56 ----A---- C:\WINDOWS\gmer.exe
2008-12-15 09:34:56 ----A---- C:\WINDOWS\gmer.dll
2008-12-15 09:21:30 ----AD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-12-15 06:39:48 ----D---- C:\ComboFix
2008-12-15 06:39:48 ----A---- C:\WINDOWS\system32\CF5090.exe
2008-12-15 06:32:37 ----D---- C:\rsit
2008-12-14 19:46:15 ----D---- C:\Documents and Settings\Reid Quisenberry.GAMINGPC\Application Data\Malwarebytes
2008-12-14 19:46:10 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-14 19:46:10 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-12-14 19:36:52 ----D---- C:\WINDOWS\temp
2008-12-14 19:34:10 ----A---- C:\WINDOWS\system32\CF5744.exe
2008-12-14 19:30:38 ----A---- C:\WINDOWS\system32\muweb.dll
2008-12-14 19:30:38 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-12-14 19:30:38 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-12-14 19:27:11 ----A---- C:\WINDOWS\PSEXESVC.EXE
2008-12-14 19:20:22 ----A---- C:\Boot.bak
2008-12-14 19:20:02 ----D---- C:\cmdcons
2008-12-14 19:18:39 ----A---- C:\WINDOWS\zip.exe
2008-12-14 19:18:39 ----A---- C:\WINDOWS\VFIND.exe
2008-12-14 19:18:39 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-14 19:18:39 ----A---- C:\WINDOWS\SWSC.exe
2008-12-14 19:18:39 ----A---- C:\WINDOWS\SWREG.exe
2008-12-14 19:18:39 ----A---- C:\WINDOWS\sed.exe
2008-12-14 19:18:39 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-14 19:18:39 ----A---- C:\WINDOWS\grep.exe
2008-12-14 19:18:39 ----A---- C:\WINDOWS\fdsv.exe
2008-12-14 19:18:35 ----D---- C:\WINDOWS\ERDNT
2008-12-14 19:18:35 ----D---- C:\Qoobox
2008-12-14 15:44:28 ----D---- C:\Program Files\Windows Defender
2008-12-14 15:43:19 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Windows Genuine Advantage
2008-12-14 15:24:49 ----D---- C:\Program Files\HJT
2008-12-14 11:36:28 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-12-14 11:30:51 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2008-12-14 11:21:42 ----D---- C:\Program Files\Trend Micro
2008-12-14 09:24:58 ----D---- C:\WINDOWS\ERUNT
2008-12-14 09:23:57 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-14 09:13:06 ----D---- C:\SDFix
2008-12-14 09:02:09 ----A---- C:\VundoFix.txt
2008-12-13 22:14:17 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2008-12-13 22:13:57 ----D---- C:\Program Files\SUPERAntiSpyware
2008-12-13 22:13:57 ----D---- C:\Documents and Settings\Reid Quisenberry.GAMINGPC\Application Data\SUPERAntiSpyware.com
2008-12-13 20:31:38 ----A---- C:\WINDOWS\system32\3bd327bf-.txt
2008-12-13 20:08:52 ----A---- C:\fqqqea.exe
2008-12-13 20:08:21 ----A---- C:\WINDOWS\system32\nokye.exe
2008-12-13 20:08:09 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab Setup Files
2008-12-13 19:09:32 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2008-12-13 19:08:30 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2008-12-13 18:59:06 ----SHDC---- C:\Program Files\Common Files\WindowsLiveInstaller
2008-12-13 18:59:02 ----D---- C:\Program Files\Windows Live
2008-12-13 18:58:54 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
2008-12-13 18:54:59 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Google
2008-12-12 03:00:42 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-12 03:00:39 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-12 03:00:29 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2008-12-12 03:00:23 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-12 03:00:17 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-11 18:20:48 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe Systems
2008-12-11 15:37:44 ----A---- C:\WINDOWS\system32\xfcodec.dll
2008-12-10 19:13:02 ----D---- C:\Documents and Settings\Reid Quisenberry.GAMINGPC\Application Data\Thunderbird
2008-12-10 19:12:57 ----D---- C:\Program Files\Mozilla Thunderbird
2008-12-10 13:51:07 ----D---- C:\Program Files\TeamViewer
2008-12-08 21:48:16 ----D---- C:\Documents and Settings\Reid Quisenberry.GAMINGPC\Application Data\TeamViewer
2008-12-01 17:01:48 ----D---- C:\Program Files\Algebrator
2008-12-01 15:19:59 ----D---- C:\Program Files\Fogware
2008-11-26 02:49:22 ----HDC---- C:\WINDOWS\$NtUninstallKB894476$
2008-11-25 23:43:04 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
2008-11-25 23:42:50 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple
2008-11-24 22:45:03 ----D---- C:\Documents and Settings\Reid Quisenberry.GAMINGPC\Application Data\Corel
2008-11-24 19:41:28 ----A---- C:\WINDOWS\system32\XLLDFRequest2.dll
2008-11-24 19:41:28 ----A---- C:\WINDOWS\system32\LLInstances2.dll
2008-11-24 19:41:28 ----A---- C:\WINDOWS\system32\LLClientMiddleWare2.dll
2008-11-24 19:41:28 ----A---- C:\WINDOWS\system32\LLClasses2.dll
2008-11-24 19:41:27 ----D---- C:\Program Files\WordPerfect OfficeReady 1.5
2008-11-24 19:41:27 ----A---- C:\WINDOWS\system32\regobj.dll
2008-11-24 19:41:27 ----A---- C:\WINDOWS\system32\MSSTKPRP.DLL
2008-11-24 19:40:01 ----D---- C:\Program Files\WordPerfect Office X3 - Home Edition
2008-11-24 19:40:01 ----D---- C:\Program Files\Common Files\Corel
2008-11-24 19:40:01 ----D---- C:\Program Files\Common Files\Borland Shared
2008-11-24 19:40:01 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Corel
2008-11-24 19:40:01 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Borland
2008-11-24 19:36:39 ----D---- C:\Documents and Settings\Reid Quisenberry.GAMINGPC\Application Data\InstallShield
2008-11-22 14:35:03 ----D---- C:\Documents and Settings\Reid Quisenberry.GAMINGPC\Application Data\dyyno-vlc
2008-11-22 14:34:47 ----D---- C:\Program Files\Dyyno
2008-11-20 21:09:03 ----D---- C:\Program Files\Virtual Audio Cable
2008-11-20 21:07:52 ----D---- C:\Documents and Settings\Reid Quisenberry.GAMINGPC\Application Data\WinRAR
2008-11-20 21:00:53 ----N---- C:\WINDOWS\system32\vxblock.dll
2008-11-20 21:00:53 ----N---- C:\WINDOWS\system32\pxwave.dll
2008-11-20 21:00:53 ----N---- C:\WINDOWS\system32\pxsfs.dll
2008-11-20 21:00:53 ----N---- C:\WINDOWS\system32\pxmas.dll
2008-11-20 21:00:53 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2008-11-20 21:00:53 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2008-11-20 21:00:53 ----N---- C:\WINDOWS\system32\pxdrv.dll
2008-11-20 21:00:53 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2008-11-20 21:00:53 ----N---- C:\WINDOWS\system32\pxafs.dll
2008-11-20 21:00:53 ----N---- C:\WINDOWS\system32\px.dll
2008-11-20 06:00:34 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2008-11-20 06:00:27 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP10$
2008-11-19 06:05:09 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-11-19 06:03:13 ----N---- C:\WINDOWS\kb913800.exe
2008-11-19 06:00:17 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-11-19 00:04:59 ----D---- C:\Documents and Settings\Reid Quisenberry.GAMINGPC\Application Data\acccore
2008-11-19 00:04:27 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint
2008-11-19 00:04:26 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\acccore
2008-11-19 00:04:19 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL OCP
2008-11-19 00:04:19 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL
2008-11-19 00:03:49 ----D---- C:\Program Files\AIM6
2008-11-18 01:26:05 ----A---- C:\WINDOWS\system32\wpa.bak
2008-11-18 01:23:59 ----D---- C:\Documents and Settings\Reid Quisenberry.GAMINGPC\Application Data\Xfire
2008-11-18 01:18:57 ----D---- C:\Documents and Settings\Reid Quisenberry.GAMINGPC\Application Data\Mozilla
2008-11-18 00:50:50 ----D---- C:\Documents and Settings\Reid Quisenberry.GAMINGPC\Application Data\Macromedia
2008-11-18 00:45:52 ----A---- C:\WINDOWS\system32\WLAN.INI
2008-11-18 00:40:14 ----A---- C:\WINDOWS\system32\results.txt
2008-11-18 00:40:09 ----A---- C:\WINDOWS\system32\GTW32N50.dll
2008-11-18 00:40:08 ----A---- C:\WINDOWS\system32\GTGina.dll
2008-11-18 00:27:45 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Motive
2008-11-18 00:27:45 ----A---- C:\WINDOWS\system32\WebFlowIDPersist.dll
2008-11-18 00:27:45 ----A---- C:\WINDOWS\system32\ReportReader.dll
2008-11-18 00:27:45 ----A---- C:\WINDOWS\system32\BJAXSecurityManager.dll
2008-11-18 00:27:42 ----D---- C:\Program Files\Common Files\Motive
2008-11-18 00:27:42 ----A---- C:\WINDOWS\system32\snmpaxctrl.dll
2008-11-18 00:27:42 ----A---- C:\WINDOWS\system32\ActiveUtils.dll
2008-11-18 00:27:41 ----A---- C:\WINDOWS\system32\BJInstaller.dll
2008-11-18 00:27:40 ----A---- C:\WINDOWS\system32\BinaryAggregator1.dll
2008-11-18 00:17:36 ----D---- C:\Documents and Settings\Reid Quisenberry.GAMINGPC\Application Data\Identities
2008-11-18 00:13:04 ----A---- C:\WINDOWS\system32\xpsp3res.dll
2008-11-18 00:12:42 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2008-11-18 00:10:56 ----A---- C:\WINDOWS\system32\jit.dll
2008-11-18 00:10:56 ----A---- C:\WINDOWS\system32\javaee.dll
2008-11-18 00:10:56 ----A---- C:\WINDOWS\system32\dx3j.dll
2008-11-18 00:10:56 ----A---- C:\WINDOWS\setdebug.exe
2008-11-18 00:10:54 ----A---- C:\WINDOWS\system32\wjview.exe
2008-11-18 00:10:54 ----A---- C:\WINDOWS\system32\vmhelper.dll
2008-11-18 00:10:54 ----A---- C:\WINDOWS\system32\msjdbc10.dll
2008-11-18 00:10:53 ----A---- C:\WINDOWS\system32\msjava.dll
2008-11-18 00:10:53 ----A---- C:\WINDOWS\system32\msawt.dll
2008-11-18 00:10:53 ----A---- C:\WINDOWS\system32\jview.exe
2008-11-18 00:10:53 ----A---- C:\WINDOWS\system32\jdbgmgr.exe
2008-11-18 00:10:53 ----A---- C:\WINDOWS\system32\javart.dll
2008-11-18 00:10:53 ----A---- C:\WINDOWS\system32\javaprxy.dll
2008-11-18 00:10:53 ----A---- C:\WINDOWS\system32\javacypt.dll
2008-11-18 00:10:53 ----A---- C:\WINDOWS\system32\clspack.exe
2008-11-18 00:10:48 ----SD---- C:\Documents and Settings\Reid Quisenberry.GAMINGPC\Application Data\Microsoft
2008-11-18 00:10:48 ----ASH---- C:\Documents and Settings\Reid Quisenberry.GAMINGPC\Application Data\desktop.ini
2008-11-18 00:09:12 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-18 00:05:20 ----A---- C:\WINDOWS\control.ini
2008-11-18 00:05:09 ----A---- C:\WINDOWS\OEWABLog.txt
2008-11-18 00:05:07 ----A---- C:\WINDOWS\system32\mapi32.dll
2008-11-18 00:04:00 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2008-11-18 00:03:54 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2008-11-18 00:03:13 ----A---- C:\WINDOWS\system32\atrace.dll
2008-11-18 00:03:11 ----A---- C:\WINDOWS\system32\desktop.ini
2008-11-18 00:03:11 ----A---- C:\WINDOWS\desktop.ini
2008-11-18 00:03:05 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2008-11-18 00:03:04 ----A---- C:\WINDOWS\system32\acctres.dll
2008-11-18 00:03:03 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2008-11-18 00:02:58 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-11-18 00:02:58 ----A---- C:\WINDOWS\system32\wups.dll
2008-11-18 00:02:58 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-11-18 00:02:58 ----A---- C:\WINDOWS\system32\wuauserv.dll
2008-11-18 00:02:58 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2008-11-18 00:02:58 ----A---- C:\WINDOWS\system32\wuaueng.dll.wusetup.110312500.bak
2008-11-18 00:02:58 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-11-18 00:02:58 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2008-11-18 00:02:58 ----A---- C:\WINDOWS\system32\wuauclt.exe.wusetup.110312343.bak
2008-11-18 00:02:58 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-11-18 00:02:58 ----A---- C:\WINDOWS\system32\wuapi.dll.wusetup.110312296.bak
2008-11-18 00:02:58 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-11-18 00:02:57 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2008-11-18 00:02:57 ----A---- C:\WINDOWS\system32\qmgr.dll
2008-11-18 00:02:57 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2008-11-18 00:02:57 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2008-11-18 00:02:51 ----A---- C:\WINDOWS\system32\safrslv.dll
2008-11-18 00:02:51 ----A---- C:\WINDOWS\system32\safrdm.dll
2008-11-18 00:02:51 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2008-11-18 00:02:51 ----A---- C:\WINDOWS\system32\racpldlg.dll
2008-11-18 00:02:49 ----A---- C:\WINDOWS\system32\fltlib.dll
2008-11-18 00:02:48 ----A---- C:\WINDOWS\system32\srsvc.dll
2008-11-18 00:02:48 ----A---- C:\WINDOWS\system32\srrstr.dll
2008-11-18 00:02:48 ----A---- C:\WINDOWS\system32\srclient.dll
2008-11-18 00:02:48 ----A---- C:\WINDOWS\system32\fltMc.exe
2008-11-18 00:02:47 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2008-11-18 00:02:47 ----A---- C:\WINDOWS\system32\msconf.dll
2008-11-18 00:02:47 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2008-11-18 00:02:47 ----A---- C:\WINDOWS\system32\mnmdd.dll
2008-11-18 00:02:47 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2008-11-18 00:02:47 ----A---- C:\WINDOWS\system32\ils.dll
2008-11-18 00:02:44 ----A---- C:\WINDOWS\system32\msoert2.dll
2008-11-18 00:02:44 ----A---- C:\WINDOWS\system32\msoeacct.dll
2008-11-18 00:02:43 ----A---- C:\WINDOWS\system32\inetres.dll
2008-11-18 00:02:43 ----A---- C:\WINDOWS\system32\inetcomm.dll
2008-11-18 00:02:41 ----A---- C:\WINDOWS\system32\schedsvc.dll
2008-11-18 00:02:41 ----A---- C:\WINDOWS\system32\mstinit.exe
2008-11-18 00:02:41 ----A---- C:\WINDOWS\system32\mstask.dll
2008-11-18 00:02:40 ----A---- C:\WINDOWS\system32\isign32.dll
2008-11-18 00:02:40 ----A---- C:\WINDOWS\system32\inetcfg.dll
2008-11-18 00:02:40 ----A---- C:\WINDOWS\system32\icwphbk.dll
2008-11-18 00:02:40 ----A---- C:\WINDOWS\system32\icwdial.dll
2008-11-18 00:01:37 ----A---- C:\WINDOWS\vbaddin.ini
2008-11-18 00:01:37 ----A---- C:\WINDOWS\vb.ini
2008-11-18 00:01:05 ----A---- C:\WINDOWS\system32\mhn.dll
2008-11-18 00:01:05 ----A---- C:\WINDOWS\system32\igdetect.dll
2008-11-18 00:00:28 ----A---- C:\WINDOWS\system32\write.exe
2008-11-18 00:00:22 ----A---- C:\WINDOWS\system32\sndvol32.exe
2008-11-18 00:00:22 ----A---- C:\WINDOWS\system32\hticons.dll
2008-11-18 00:00:22 ----A---- C:\WINDOWS\system32\avwav.dll
2008-11-18 00:00:22 ----A---- C:\WINDOWS\system32\avtapi.dll
2008-11-18 00:00:22 ----A---- C:\WINDOWS\system32\avmeter.dll
2008-11-18 00:00:21 ----A---- C:\WINDOWS\system32\winchat.exe
2008-11-18 00:00:15 ----A---- C:\WINDOWS\system32\getuname.dll
2008-11-18 00:00:15 ----A---- C:\WINDOWS\system32\charmap.exe
2008-11-18 00:00:15 ----A---- C:\WINDOWS\system32\calc.exe
2008-11-18 00:00:14 ----A---- C:\WINDOWS\system32\winmine.exe
2008-11-18 00:00:14 ----A---- C:\WINDOWS\system32\sol.exe
2008-11-18 00:00:14 ----A---- C:\WINDOWS\system32\mshearts.exe
2008-11-18 00:00:13 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2008-11-18 00:00:13 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2008-11-18 00:00:13 ----A---- C:\WINDOWS\system32\tslabels.ini
2008-11-18 00:00:13 ----A---- C:\WINDOWS\system32\tskill.exe
2008-11-18 00:00:13 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2008-11-18 00:00:13 ----A---- C:\WINDOWS\system32\tscon.exe
2008-11-18 00:00:13 ----A---- C:\WINDOWS\system32\shadow.exe
2008-11-18 00:00:13 ----A---- C:\WINDOWS\system32\rwinsta.exe
2008-11-18 00:00:13 ----A---- C:\WINDOWS\system32\reset.exe
2008-11-18 00:00:13 ----A---- C:\WINDOWS\system32\regini.exe
2008-11-18 00:00:13 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2008-11-18 00:00:13 ----A---- C:\WINDOWS\system32\qwinsta.exe
2008-11-18 00:00:13 ----A---- C:\WINDOWS\system32\freecell.exe
2008-11-18 00:00:12 ----A---- C:\WINDOWS\system32\qappsrv.exe
2008-11-18 00:00:12 ----A---- C:\WINDOWS\system32\msg.exe
2008-11-18 00:00:12 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2008-11-18 00:00:12 ----A---- C:\WINDOWS\system32\logoff.exe
2008-11-18 00:00:12 ----A---- C:\WINDOWS\system32\cdmodem.dll
2008-11-18 00:00:11 ----A---- C:\WINDOWS\system32\stclient.dll
2008-11-18 00:00:11 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2008-11-18 00:00:11 ----A---- C:\WINDOWS\system32\mtxex.dll
2008-11-18 00:00:11 ----A---- C:\WINDOWS\system32\mtxdm.dll
2008-11-18 00:00:11 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2008-11-18 00:00:11 ----A---- C:\WINDOWS\system32\comrepl.dll
2008-11-18 00:00:11 ----A---- C:\WINDOWS\system32\comaddin.dll
2008-11-18 00:00:10 ----A---- C:\WINDOWS\system32\comsnap.dll
2008-11-18 00:00:06 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2008-11-18 00:00:05 ----A---- C:\WINDOWS\system32\sndrec32.exe
2008-11-18 00:00:05 ----A---- C:\WINDOWS\system32\accwiz.exe
2008-11-18 00:00:04 ----A---- C:\WINDOWS\system32\mspaint.exe
2008-11-18 00:00:04 ----A---- C:\WINDOWS\system32\mplay32.exe
2008-11-18 00:00:04 ----A---- C:\WINDOWS\system32\hypertrm.dll
2008-11-18 00:00:03 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2008-11-18 00:00:03 ----A---- C:\WINDOWS\system32\spider.exe
2008-11-18 00:00:03 ----A---- C:\WINDOWS\system32\clipbrd.exe
2008-11-18 00:00:02 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2008-11-18 00:00:02 ----A---- C:\WINDOWS\system32\sessmgr.exe
2008-11-18 00:00:02 ----A---- C:\WINDOWS\system32\remotepg.dll
2008-11-18 00:00:02 ----A---- C:\WINDOWS\system32\rdshost.exe
2008-11-18 00:00:02 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2008-11-18 00:00:02 ----A---- C:\WINDOWS\system32\rdchost.dll
2008-11-18 00:00:02 ----A---- C:\WINDOWS\system32\mstscax.dll
2008-11-18 00:00:02 ----A---- C:\WINDOWS\system32\mstsc.exe
2008-11-18 00:00:01 ----A---- C:\WINDOWS\system32\termsrv.dll
2008-11-18 00:00:01 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2008-11-18 00:00:01 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2008-11-18 00:00:01 ----A---- C:\WINDOWS\system32\rdpclip.exe
2008-11-18 00:00:01 ----A---- C:\WINDOWS\system32\qprocess.exe
2008-11-18 00:00:01 ----A---- C:\WINDOWS\system32\mtxoci.dll
2008-11-18 00:00:01 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2008-11-18 00:00:01 ----A---- C:\WINDOWS\system32\icaapi.dll
2008-11-18 00:00:01 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2008-11-18 00:00:00 ----A---- C:\WINDOWS\system32\xolehlp.dll
2008-11-18 00:00:00 ----A---- C:\WINDOWS\system32\msdtctm.dll
2008-11-18 00:00:00 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2008-11-18 00:00:00 ----A---- C:\WINDOWS\system32\msdtclog.dll
2008-11-18 00:00:00 ----A---- C:\WINDOWS\system32\msdtc.exe
2008-11-17 23:59:59 ----A---- C:\WINDOWS\system32\colbact.dll
2008-11-17 23:59:59 ----A---- C:\WINDOWS\system32\clbcatex.dll
2008-11-17 23:59:59 ----A---- C:\WINDOWS\system32\catsrvut.dll
2008-11-17 23:59:59 ----A---- C:\WINDOWS\system32\catsrvps.dll
2008-11-17 23:59:58 ----A---- C:\WINDOWS\system32\comuid.dll
2008-11-17 23:59:58 ----A---- C:\WINDOWS\system32\comsvcs.dll
2008-11-17 23:59:58 ----A---- C:\WINDOWS\system32\clbcatq.dll
2008-11-17 23:59:58 ----A---- C:\WINDOWS\system32\catsrv.dll
2008-11-17 23:59:53 ----A---- C:\WINDOWS\system32\servdeps.dll
2008-11-17 23:59:53 ----A---- C:\WINDOWS\system32\mmfutil.dll
2008-11-17 23:59:53 ----A---- C:\WINDOWS\system32\licwmi.dll
2008-11-17 23:59:52 ----A---- C:\WINDOWS\system32\cmprops.dll
2008-11-17 22:12:07 ----A---- C:\WINDOWS\system32\ksuser.dll
2008-11-17 22:06:13 ----A---- C:\WINDOWS\system32\nvudisp.exe
2008-11-17 22:01:51 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe
2008-11-17 22:01:49 ----D---- C:\Program Files\Adobe Media Player
2008-11-17 21:58:04 ----D---- C:\Documents and Settings\Reid Quisenberry.GAMINGPC\Application Data\Adobe
2008-11-17 21:54:21 ----D---- C:\Documents and Settings\Reid Quisenberry.GAMINGPC\Application Data\Ventrilo
2008-11-17 21:54:01 ----A---- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2008-11-17 21:52:47 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2008-11-17 18:25:48 ----D---- C:\Program Files\IObit
2008-11-17 18:09:50 ----HD---- C:\$AVG8.VAULT$
2008-11-17 18:09:29 ----D---- C:\Program Files\AVG
2008-11-17 17:55:14 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-11-17 17:55:10 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-11-17 17:55:06 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-11-17 17:55:02 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-11-17 17:54:58 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-11-17 17:54:49 ----DC---- C:\WINDOWS\$NtUninstallKB951978$
2008-11-17 17:54:45 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-11-17 17:54:40 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-11-17 17:52:58 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-11-17 17:52:54 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-17 17:52:50 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-11-17 17:52:45 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-11-17 17:52:41 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-11-17 17:52:37 ----DC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-17 17:52:34 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-11-17 17:52:30 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-17 17:52:21 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-11-17 17:26:38 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-11-17 17:26:19 ----DC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-11-17 16:51:11 ----D---- C:\gakdokz
2008-11-17 15:59:29 ----A---- C:\WINDOWS\system32\h323log.txt
2008-11-17 15:55:26 ----A---- C:\WINDOWS\system32\hidserv.dll
2008-11-17 15:54:48 ----A---- C:\WINDOWS\system32\wshirda.dll
2008-11-17 15:54:48 ----A---- C:\WINDOWS\system32\irmon.dll
2008-11-17 15:54:48 ----A---- C:\WINDOWS\system32\irftp.exe
2008-11-17 15:54:20 ----A---- C:\WINDOWS\system32\usbui.dll
2008-11-17 15:48:38 ----A---- C:\WINDOWS\imsins.BAK
2008-11-17 15:48:35 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-17 15:48:35 ----A---- C:\WINDOWS\ODBCINST.INI
2008-11-17 15:48:30 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2008-11-17 15:48:30 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2008-11-17 15:48:30 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2008-11-17 15:48:29 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2008-11-17 15:48:29 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2008-11-17 15:48:28 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2008-11-17 15:48:28 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2008-11-17 15:48:28 ----RA---- C:\WINDOWS\system32\kbdur.dll
2008-11-17 15:48:28 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2008-11-17 15:48:28 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2008-11-17 15:48:28 ----RA---- C:\WINDOWS\system32\kbdru.dll
2008-11-17 15:48:28 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2008-11-17 15:48:28 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2008-11-17 15:48:28 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2008-11-17 15:48:28 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2008-11-17 15:48:27 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2008-11-17 15:48:26 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2008-11-17 15:48:26 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2008-11-17 15:48:26 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2008-11-17 15:48:26 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2008-11-17 15:48:26 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2008-11-17 15:48:26 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2008-11-17 15:48:25 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2008-11-17 15:48:25 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2008-11-17 15:48:25 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2008-11-17 15:48:25 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2008-11-17 15:48:25 ----RA---- C:\WINDOWS\system32\kbdest.dll
2008-11-17 15:48:23 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2008-11-17 15:48:23 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2008-11-17 15:48:23 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2008-11-17 15:48:23 ----RA---- C:\WINDOWS\system32\kbdro.dll
2008-11-17 15:48:23 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2008-11-17 15:48:23 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2008-11-17 15:48:23 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2008-11-17 15:48:23 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2008-11-17 15:48:23 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2008-11-17 15:48:23 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2008-11-17 15:48:23 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2008-11-17 15:48:23 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2008-11-17 15:48:23 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2008-11-17 15:48:21 ----A---- C:\WINDOWS\system32\irclass.dll
2008-11-17 15:48:21 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2008-11-17 15:48:20 ----A---- C:\WINDOWS\system32\spxcoins.dll
2008-11-17 15:48:20 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2008-11-17 15:48:20 ----A---- C:\WINDOWS\system32\dgsetup.dll
2008-11-17 15:48:18 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2008-11-17 15:48:18 ----A---- C:\WINDOWS\TASKMAN.EXE
2008-11-17 15:48:18 ----A---- C:\WINDOWS\system32\batt.dll
2008-11-17 15:48:17 ----A---- C:\WINDOWS\system32\storprop.dll
2008-11-17 15:48:17 ----A---- C:\WINDOWS\NOTEPAD.EXE
2008-11-17 15:48:13 ----ASH---- C:\Documents and Settings\All Users.WINDOWS\Application Data\desktop.ini
2008-11-17 15:48:10 ----RA---- C:\WINDOWS\SET8.tmp
2008-11-17 15:48:08 ----RA---- C:\WINDOWS\SET4.tmp
2008-11-17 15:48:07 ----RA---- C:\WINDOWS\SET3.tmp
2008-11-17 15:47:58 ----SD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
2008-11-17 15:47:43 ----A---- C:\WINDOWS\setuplog.txt
2008-11-16 21:49:44 ----D---- C:\Program Files\Winamp2
2008-11-12 21:17:53 ----D---- C:\Program Files\World of Warcraft
2008-10-21 20:51:43 ----D---- C:\fe57a21affbcd8492ec5308e5aa180
2008-10-21 20:48:44 ----D---- C:\Autodesk
======List of files/folders modified in the last 2 months======
2008-12-20 00:34:50 ----SD---- C:\WINDOWS\Tasks
2008-12-20 00:34:40 ----D---- C:\WINDOWS\Prefetch
2008-12-20 00:34:02 ----D---- C:\Program Files\Mozilla Firefox
2008-12-20 00:32:03 ----HD---- C:\WINDOWS\inf
2008-12-20 00:32:02 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-20 00:32:02 ----D---- C:\WINDOWS\Registration
2008-12-20 00:31:58 ----D---- C:\WINDOWS
2008-12-18 23:44:40 ----D---- C:\WINDOWS\system32
2008-12-18 03:00:19 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-18 03:00:14 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-16 12:12:11 ----SD---- C:\Program Files\Xfire
2008-12-16 09:34:10 ----D---- C:\WINDOWS\system32\config
2008-12-16 09:34:04 ----RD---- C:\Program Files
2008-12-16 09:32:01 ----RASH---- C:\boot.ini
2008-12-16 09:32:01 ----A---- C:\WINDOWS\win.ini
2008-12-16 09:32:01 ----A---- C:\WINDOWS\system.ini
2008-12-16 05:52:09 ----D---- C:\WINDOWS\system32\drivers
2008-12-16 03:00:27 ----SHD---- C:\WINDOWS\Installer
2008-12-16 03:00:27 ----SHD---- C:\Config.Msi
2008-12-16 03:00:26 ----D---- C:\WINDOWS\system32\DirectX
2008-12-15 23:22:05 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-14 19:35:19 ----D---- C:\WINDOWS\AppPatch
2008-12-14 19:35:19 ----D---- C:\Program Files\Common Files
2008-12-14 15:54:40 ----D---- C:\spm
2008-12-14 15:19:52 ----D---- C:\Reglide
2008-12-14 15:19:52 ----D---- C:\Program Files\Paladin
2008-12-14 15:19:52 ----D---- C:\Program Files\AIM
2008-12-14 15:19:52 ----D---- C:\Program Files\Againz
2008-12-14 15:19:51 ----D---- C:\Documents and Settings
2008-12-14 11:36:37 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-14 11:30:51 ----D---- C:\Program Files\Lavasoft
2008-12-14 11:30:31 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-13 21:39:40 ----A---- C:\WINDOWS\system32\svchost.exe
2008-12-13 20:17:53 ----D---- C:\WINDOWS\pss
2008-12-13 19:08:34 ----RSD---- C:\WINDOWS\assembly
2008-12-12 12:33:23 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-12 03:00:32 ----D---- C:\Program Files\Internet Explorer
2008-12-11 18:19:44 ----D---- C:\Program Files\Adobe
2008-12-10 13:51:04 ----D---- C:\Program Files\TeamViewer3
2008-11-26 02:49:39 ----HDC---- C:\WINDOWS\$NtUninstallKB909394$
2008-11-26 02:49:29 ----D---- C:\Program Files\Microsoft ActiveSync
2008-11-26 02:48:55 ----D---- C:\WINDOWS\Help
2008-11-25 23:43:18 ----D---- C:\Program Files\QuickTime
2008-11-25 23:42:50 ----D---- C:\Program Files\Apple Software Update
2008-11-24 19:41:27 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-24 19:40:54 ----RSD---- C:\WINDOWS\Fonts
2008-11-24 19:40:49 ----HD---- C:\WINDOWS\ShellNew
2008-11-24 19:39:40 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2008-11-24 00:54:55 ----D---- C:\Program Files\Winamp
2008-11-21 06:00:28 ----HDC---- C:\WINDOWS\$NtUninstallKB926251$
2008-11-21 06:00:28 ----D---- C:\Program Files\Windows Media Player
2008-11-20 21:06:58 ----D---- C:\Program Files\WinRAR
2008-11-20 10:12:51 ----D---- C:\WINDOWS\ehome
2008-11-20 06:03:34 ----D---- C:\Program Files\Messenger
2008-11-20 06:03:13 ----HDC---- C:\WINDOWS\$NtUninstallKB908250$
2008-11-20 06:02:41 ----HDC---- C:\WINDOWS\$NtUninstallKB913800$
2008-11-20 06:01:33 ----HDC---- C:\WINDOWS\$NtUninstallKB923689$
2008-11-20 06:01:09 ----HDC---- C:\WINDOWS\$NtUninstallKB930494$
2008-11-20 06:00:58 ----D---- C:\WINDOWS\WinSxS
2008-11-19 00:04:28 ----D---- C:\Program Files\Viewpoint
2008-11-19 00:04:19 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-19 00:04:06 ----D---- C:\Program Files\Common Files\AOL
2008-11-18 19:39:05 ----D---- C:\f578ee965fbd880c086535cc70bb
2008-11-18 08:49:46 ----D---- C:\WINDOWS\SoftwareDistribution
2008-11-18 01:35:18 ----D---- C:\WINDOWS\Microsoft.NET
2008-11-18 00:46:59 ----D---- C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor
2008-11-18 00:21:41 ----SHD---- C:\RECYCLER
2008-11-18 00:21:41 ----D---- C:\Program Files\Online Services
2008-11-18 00:15:07 ----D---- C:\WINDOWS\security
2008-11-18 00:14:14 ----D---- C:\WINDOWS\RegisteredPackages
2008-11-18 00:13:42 ----HDC---- C:\WINDOWS\$NtUninstallKB900325$
2008-11-18 00:13:17 ----HDC---- C:\WINDOWS\$NtUninstallKB888795$
2008-11-18 00:13:06 ----HDC---- C:\WINDOWS\$NtUninstallKB899337$
2008-11-18 00:13:01 ----HDC---- C:\WINDOWS\$NtUninstallKB895961$
2008-11-18 00:12:56 ----HDC---- C:\WINDOWS\$NtUninstallKB891593$
2008-11-18 00:11:23 ----D---- C:\WINDOWS\system32\URTTemp
2008-11-18 00:09:15 ----SHD---- C:\System Volume Information
2008-11-18 00:09:15 ----D---- C:\WINDOWS\system32\Restore
2008-11-18 00:04:03 ----RD---- C:\WINDOWS\Web
2008-11-18 00:03:40 ----D---- C:\WINDOWS\srchasst
2008-11-18 00:03:15 ----D---- C:\WINDOWS\system32\oobe
2008-11-18 00:02:57 ----D---- C:\Program Files\Movie Maker
2008-11-18 00:02:46 ----D---- C:\Program Files\NetMeeting
2008-11-18 00:02:44 ----D---- C:\Program Files\Outlook Express
2008-11-18 00:02:44 ----D---- C:\Program Files\Common Files\System
2008-11-18 00:01:40 ----D---- C:\WINDOWS\system32\Com
2008-11-18 00:01:35 ----D---- C:\WINDOWS\system32\MsDtc
2008-11-18 00:01:20 ----D---- C:\WINDOWS\Media
2008-11-18 00:01:18 ----D---- C:\WINDOWS\Cursors
2008-11-18 00:00:10 ----D---- C:\WINDOWS\system32\wbem
2008-11-18 00:00:04 ----D---- C:\Program Files\Windows NT
2008-11-17 22:06:47 ----D---- C:\WINDOWS\nview
2008-11-17 21:54:02 ----D---- C:\Program Files\Ventrilo
2008-11-17 15:48:20 ----D---- C:\WINDOWS\system
2008-11-17 15:47:43 ----D---- C:\WINDOWS\Debug
2008-11-17 15:47:29 ----D---- C:\WINDOWS\system32\usmt
2008-11-17 15:46:21 ----D---- C:\UPDATES
2008-11-17 15:43:48 ----D---- C:\WINDOWS\THEMES
2008-11-17 15:43:43 ----D---- C:\WINDOWS\system32\Setup
2008-11-17 15:43:25 ----D---- C:\WINDOWS\mui
2008-11-17 15:43:24 ----D---- C:\WINDOWS\ime
2008-11-17 15:43:14 ----D---- C:\WINDOWS\PeerNet
2008-11-17 15:43:05 ----D---- C:\WINDOWS\system32\npp
2008-11-17 15:43:00 ----D---- C:\WINDOWS\msagent
2008-11-17 15:40:20 ----D---- C:\WINDOWS\twain_32
2008-11-17 15:39:55 ----D---- C:\WINDOWS\system32\ras
2008-11-17 15:39:29 ----D---- C:\WINDOWS\system32\icsxml
2008-11-17 15:39:04 ----D---- C:\WINDOWS\system32\ias
2008-11-17 15:39:00 ----D---- C:\WINDOWS\system32\1033
2008-11-17 15:38:12 ----D---- C:\WINDOWS\vbSkinner
2008-11-17 15:38:12 ----D---- C:\WINDOWS\system32\XPSViewer
2008-11-17 15:38:08 ----D---- C:\WINDOWS\system32\scripting
2008-11-17 15:38:08 ----D---- C:\WINDOWS\system32\RTCOM
2008-11-17 15:38:08 ----D---- C:\WINDOWS\system32\RNBOSENT
2008-11-17 15:38:06 ----D---- C:\WINDOWS\system32\movektxt
2008-11-17 15:37:07 ----D---- C:\WINDOWS\system32\inetsrv
2008-11-17 15:37:06 ----D---- C:\WINDOWS\system32\en-us
2008-11-17 15:37:06 ----D---- C:\WINDOWS\system32\en
2008-11-17 15:36:59 ----D---- C:\WINDOWS\system32\bits
2008-11-17 15:36:49 ----D---- C:\WINDOWS\repair
2008-11-17 15:36:47 ----RD---- C:\WINDOWS\Offline Web Pages
2008-11-17 15:36:47 ----D---- C:\WINDOWS\nvidia icons
2008-11-17 15:36:47 ----D---- C:\WINDOWS\NV39881344.TMP
2008-11-17 15:36:47 ----D---- C:\WINDOWS\NV37723524.TMP
2008-11-17 15:36:47 ----D---- C:\WINDOWS\NV36241404.TMP
2008-11-17 15:36:47 ----D---- C:\WINDOWS\NV27564452.TMP
2008-11-17 15:36:47 ----D---- C:\WINDOWS\NV25322536.TMP
2008-11-17 15:36:47 ----D---- C:\WINDOWS\NV17963616.TMP
2008-11-17 15:36:47 ----D---- C:\WINDOWS\network diagnostic
2008-11-17 15:36:47 ----D---- C:\WINDOWS\mm.BOT
2008-11-17 15:36:47 ----D---- C:\WINDOWS\Minidump
2008-11-17 15:36:43 ----D---- C:\WINDOWS\l2schemas
2008-11-17 15:36:35 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2008-11-17 15:36:35 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2008-11-17 15:36:35 ----HDC---- C:\WINDOWS\$NtUninstallKB951698_0$
2008-11-17 15:36:35 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-11-17 15:36:35 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-11-17 15:36:35 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-11-17 15:36:35 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
2008-11-17 15:36:35 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-11-17 15:36:35 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2008-11-17 15:36:35 ----HDC---- C:\WINDOWS\$NtUninstallKB950759_0$
2008-11-17 15:36:35 ----HDC---- C:\WINDOWS\$NtUninstallKB950759$
2008-11-17 15:36:35 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
2008-11-17 15:36:35 ----HDC---- C:\WINDOWS\$NtUninstallKB948881$
2008-11-17 15:36:35 ----HDC---- C:\WINDOWS\$NtUninstallKB948590$
2008-11-17 15:36:35 ----HDC---- C:\WINDOWS\$NtUninstallKB947864$
2008-11-17 15:36:35 ----D---- C:\WINDOWS\.jagex_cache_32
2008-11-17 15:36:34 ----HDC---- C:\WINDOWS\$NtUninstallKB946026$
2008-11-17 15:36:34 ----HDC---- C:\WINDOWS\$NtUninstallKB945553$
2008-11-17 15:36:34 ----HDC---- C:\WINDOWS\$NtUninstallKB944653$
2008-11-17 15:36:34 ----HDC---- C:\WINDOWS\$NtUninstallKB944533$
2008-11-17 15:36:34 ----HDC---- C:\WINDOWS\$NtUninstallKB944338$
2008-11-17 15:36:34 ----HDC---- C:\WINDOWS\$NtUninstallKB943485$
2008-11-17 15:36:34 ----HDC---- C:\WINDOWS\$NtUninstallKB943460$
2008-11-17 15:36:34 ----HDC---- C:\WINDOWS\$NtUninstallKB943055$
2008-11-17 15:36:34 ----HDC---- C:\WINDOWS\$NtUninstallKB942840$
2008-11-17 15:36:34 ----HDC---- C:\WINDOWS\$NtUninstallKB942763$
2008-11-17 15:36:34 ----HDC---- C:\WINDOWS\$NtUninstallKB942615$
2008-11-17 15:36:34 ----HDC---- C:\WINDOWS\$NtUninstallKB941693$
2008-11-17 15:36:34 ----HDC---- C:\WINDOWS\$NtUninstallKB941644$
2008-11-17 15:36:34 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2008-11-17 15:36:34 ----HDC---- C:\WINDOWS\$NtUninstallKB941568$
2008-11-17 15:36:34 ----HDC---- C:\WINDOWS\$NtUninstallKB941202$
2008-11-17 15:36:34 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2008-11-17 15:36:34 ----HDC---- C:\WINDOWS\$NtUninstallKB939653$
2008-11-17 15:36:34 ----HDC---- C:\WINDOWS\$NtUninstallKB938829$
2008-11-17 15:36:34 ----HDC---- C:\WINDOWS\$NtUninstallKB938828$
2008-11-17 15:36:34 ----HDC---- C:\WINDOWS\$NtUninstallKB938127$
2008-11-17 15:36:34 ----HDC---- C:\WINDOWS\$NtUninstallKB937894$
2008-11-17 15:36:34 ----HDC---- C:\WINDOWS\$NtUninstallKB937143$
2008-11-17 15:36:34 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2008-11-17 15:36:34 ----HDC---- C:\WINDOWS\$NtUninstallKB936021$
2008-11-17 15:36:34 ----HDC---- C:\WINDOWS\$NtUninstallKB935840$
2008-11-17 15:36:34 ----HDC---- C:\WINDOWS\$NtUninstallKB935839$
2008-11-17 15:36:34 ----HDC---- C:\WINDOWS\$NtUninstallKB935448$
2008-11-17 15:36:34 ----HDC---- C:\WINDOWS\$NtUninstallKB933729$
2008-11-17 15:36:34 ----HDC---- C:\WINDOWS\$NtUninstallKB933566$
2008-11-17 15:36:34 ----HDC---- C:\WINDOWS\$NtUninstallKB933360$
2008-11-17 15:36:34 ----HDC---- C:\WINDOWS\$NtUninstallKB932168$
2008-11-17 15:36:34 ----HDC---- C:\WINDOWS\$NtUninstallKB931784$
2008-11-17 15:36:34 ----HDC---- C:\WINDOWS\$NtUninstallKB931768$
2008-11-17 15:36:34 ----HDC---- C:\WINDOWS\$NtUninstallKB931261$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB930916$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB930178$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB929969$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB929338$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB929123$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB928843$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB928255$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB928090$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB927891$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB927802$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB927779$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB926436$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB926255$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB926239$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB925902$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB925766$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB925486$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB925454$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB925398_WMP64$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB924667$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB924496$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB924270$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB924191$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB923980$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB923694$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB923414$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB923191$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB922819$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB922616$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB922582$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB921503$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB921398$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB920872$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB920685$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB920683$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB920670$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB920213$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB919007$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB918439$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB918118$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB917953$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB917734_WMP10$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB917422$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB917344$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB916595$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB914389$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB914388$
2008-11-17 15:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB913580$
2008-11-17 15:36:32 ----HDC---- C:\WINDOWS\$NtUninstallKB912919$
2008-11-17 15:36:32 ----HDC---- C:\WINDOWS\$NtUninstallKB911927$
2008-11-17 15:36:32 ----HDC---- C:\WINDOWS\$NtUninstallKB911562$
2008-11-17 15:36:32 ----HDC---- C:\WINDOWS\$NtUninstallKB911280$
2008-11-17 15:36:32 ----HDC---- C:\WINDOWS\$NtUninstallKB910437$
2008-11-17 15:36:32 ----HDC---- C:\WINDOWS\$NtUninstallKB908531$
2008-11-17 15:36:32 ----HDC---- C:\WINDOWS\$NtUninstallKB908519$
2008-11-17 15:36:32 ----HDC---- C:\WINDOWS\$NtUninstallKB905749$
2008-11-17 15:36:32 ----HDC---- C:\WINDOWS\$NtUninstallKB905414$
2008-11-17 15:36:32 ----HDC---- C:\WINDOWS\$NtUninstallKB904706$
2008-11-17 15:36:32 ----HDC---- C:\WINDOWS\$NtUninstallKB903157$
2008-11-17 15:36:32 ----HDC---- C:\WINDOWS\$NtUninstallKB902400$
2008-11-17 15:36:32 ----HDC---- C:\WINDOWS\$NtUninstallKB901214$
2008-11-17 15:36:32 ----HDC---- C:\WINDOWS\$NtUninstallKB901017$
2008-11-17 15:36:32 ----HDC---- C:\WINDOWS\$NtUninstallKB900725$
2008-11-17 15:36:32 ----HDC---- C:\WINDOWS\$NtUninstallKB900485$
2008-11-17 15:36:32 ----HDC---- C:\WINDOWS\$NtUninstallKB899591$
2008-11-17 15:36:32 ----HDC---- C:\WINDOWS\$NtUninstallKB899587$
2008-11-17 15:36:32 ----HDC---- C:\WINDOWS\$NtUninstallKB896428$
2008-11-17 15:36:32 ----HDC---- C:\WINDOWS\$NtUninstallKB896424$
2008-11-17 15:36:32 ----HDC---- C:\WINDOWS\$NtUninstallKB896423$
2008-11-17 15:36:32 ----HDC---- C:\WINDOWS\$NtUninstallKB896358$
2008-11-17 15:36:32 ----HDC---- C:\WINDOWS\$NtUninstallKB894391$
2008-11-17 15:36:32 ----HDC---- C:\WINDOWS\$NtUninstallKB893756$
2008-11-17 15:36:32 ----HDC---- C:\WINDOWS\$NtUninstallKB891781$
2008-11-17 15:36:32 ----HDC---- C:\WINDOWS\$NtUninstallKB890859$
2008-11-17 15:36:32 ----HDC---- C:\WINDOWS\$NtUninstallKB888302$
2008-11-17 15:36:32 ----HDC---- C:\WINDOWS\$NtUninstallKB887998$
2008-11-17 15:36:32 ----HDC---- C:\WINDOWS\$NtUninstallKB887472$
2008-11-17 15:36:32 ----HDC---- C:\WINDOWS\$NtUninstallKB886185$
2008-11-17 15:36:32 ----HDC---- C:\WINDOWS\$NtUninstallKB885836$
2008-11-17 15:36:31 ----HDC---- C:\WINDOWS\$NtUninstallKB873339$
2008-11-17 15:36:31 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-11-17 15:36:29 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803$
2008-11-12 21:17:54 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2008-11-12 20:23:29 ----D---- C:\Program Files\FlashGet
2008-11-12 20:15:11 ----D---- C:\RapidShare Downloads
2008-11-12 19:41:08 ----D---- C:\Program Files\Autodesk
2008-11-06 19:01:20 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-10-23 08:01:36 ----A---- C:\WINDOWS\system32\gdi32.dll
2008-10-22 04:47:07 ----N---- C:\WINDOWS\system32\tzchange.exe
2008-10-21 20:54:25 ----D---- C:\Program Files\Common Files\Autodesk Shared
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-26 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-26 111184]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-26 50864]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-10-08 14848]
R1 sasdifsv;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 saskutil;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-11-18 20747]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-26 94032]
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-03 87424]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-26 23152]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM); C:\WINDOWS\system32\DRIVERS\vrtaucbl.sys [2008-11-20 40576]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-10-08 9600]
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-10-08 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-06-28 6807328]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 RT73;Linksys Home Wireless-G USB Adapter Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [2005-11-03 245504]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-10-08 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-10-08 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-10-08 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-10-08 17024]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-10-08 26496]
S3 catchme;catchme; \??\C:\DOCUME~1\REIDQU~1.GAM\LOCALS~1\Temp\catchme.sys []
S3 gjdcvnxhhv;gjdcvnxhhv; \??\C:\Documents and Settings\Reid Quisenberry.GAMINGPC\My Documents\EpickGlider\gjdcvnxhhv.sys []
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-12-15 85969]
S3 gqwtnvd;gqwtnvd; \??\C:\Documents and Settings\Reid Quisenberry.GAMINGPC\Desktop\Glider for Matt\gqwtnvd.sys []
S3 gtndis5;GTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\GTNDIS5.SYS []
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 PciCon;PciCon; \??\H:\PciCon.sys []
S3 sasenum;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 thanks;thanks; \??\C:\Documents and Settings\Reid Quisenberry.GAMINGPC\My Documents\EpickGlider\thanks.sys []
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2005-10-20 12800]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-26 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-26 155160]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-10-11 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2008-12-13 14336]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-06-28 155716]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-02-24 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-26 254040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-26 352920]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-12-13 14336]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-08-03 38912]
S4 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S4 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S4 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 WUSB54GCSVC;WUSB54GCSVC; C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe [2005-07-04 53307]
-----------------EOF-----------------
HayJayJay
2008-12-20, 18:42
My apologies for the Double Post.
Here is the Info.Txt
info.txt logfile of random's system information tool 1.04 2008-12-15 06:32:40
======Uninstall list======
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Media Player-->MsiExec.exe /X{5C74694C-A687-E3EB-FF18-B018D4A76ECD}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
AIM 6-->C:\Program Files\AIM6\uninst.exe
Algebrator 4.0.1-->"C:\Program Files\Algebrator\unins000.exe"
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Compact Wireless-G USB Adapter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F855C3AE-992D-4B84-A09D-07103CDCDAC2}\setup.exe" -l0x9
DyynoPlayer 0.8.6f-->C:\Program Files\Dyyno\Dyyno Player\uninstall.exe
High School & SAT Math -->MsiExec.exe /I{468B437A-FEF0-4177-9165-CA78FA872EE3}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB888795)-->"C:\WINDOWS\$NtUninstallKB888795$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB891593)-->"C:\WINDOWS\$NtUninstallKB891593$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB895961)-->"C:\WINDOWS\$NtUninstallKB895961$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB899337)-->"C:\WINDOWS\$NtUninstallKB899337$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB899510)-->"C:\WINDOWS\$NtUninstallKB899510$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB902841)-->"C:\WINDOWS\$NtUninstallKB902841$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB909394)-->"C:\WINDOWS\$NtUninstallKB909394$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.0 Hotfix (KB930494)-->"C:\WINDOWS\$NtUninstallKB930494$\spuninst\spuninst.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft ActiveSync-->MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.18)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Razer Diamondback 3G-->C:\Program Files\InstallShield Installation Information\{7E659C5C-4DF1-499B-B802-77BAE9ABE4D4}\setup.exe -runfromtemp -l0x0009 -removeonly
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
SUPERAntiSpyware Professional-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
TeamViewer 3-->C:\Program Files\TeamViewer3\uninstall.exe
TeamViewer 4 Host-->C:\Program Files\TeamViewer\Version4\uninstall.exe
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Virtual Audio Cable 4.9-->C:\Program Files\Virtual Audio Cable\setup.exe -u
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Photo Gallery-->MsiExec.exe /X{257E440F-781F-459B-9A68-A0872B80C1D6}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10 Hotfix - KB894476-->"C:\WINDOWS\$NtUninstallKB894476$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB908250-->"C:\WINDOWS\$NtUninstallKB908250$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WordPerfect Office X3 - Home Edition Software Bundle-->C:\Program Files\InstallShield Installation Information\{700ADAF9-FC42-4E00-8BBD-1D1C9BD8E7B2}\Setup.exe -runfromtemp -l0x0009 -removeonly
WordPerfect Office X3 - Home Edition Task Manager-->MsiExec.exe /X{6A22C405-90DA-4C00-8C15-995FCF6E4D3C}
WordPerfect OfficeReady-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{737D7CA8-D05C-46C7-AFED-A76616E8CA3B}\setup.exe"
WordPerfect(R) Office X3 - Home Edition-->MsiExec.exe /I{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}
Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"
======Hosts File======
127.0.0.1 localhost
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Common Files\Adobe\AGL
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 75 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=4b02
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip
-----------------EOF-----------------
Step 1
Submit a File For Analysis
We need to have the files below Scanned by Uploading them/it to Virus Total
Please visit Virustotal (http://www.virustotal.com/en/indexf.html)
Copy/paste the the following file path into the window
C:\WINDOWS\system32\nokye.exe
Click Submit/Send File
Please post back, to let me know the results.
If Virustotal is too busy please try Jotti (http://virusscan.jotti.org/)
----------------------------------------------------------- -----------------------------------------------------------
Step 2
OTMoveIt
Please download OTMoveIt3 by OldTimer (http://oldtimer.geekstogo.com/OTMoveIt3.exe) and save it to your desktop
Double-click OTMoveIt3.exe to run it.
Copy the lines in the codebox below. ( Make sure you include :Processes )
:Processes
explorer.exe
:Services
:Reg
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\30f0e3c1]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jnskdfmf9eldfd]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jsg8jfgfdfhfhf]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rs32net]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xsjfn83jkemfofght]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\qoMgfGwT]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati3yfxx.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati3yfxx.sys]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\BitLord\BitLord.exe"=-
:Files
C:\WINDOWS\system32\3bd327bf-.txt
C:\fqqqea.exe
C:\WINDOWS\system32\nokye.exe
:Commands
[Purity]
[EmptyTemp]
[Start Explorer]
[Reboot]
Return to OTMoveIt3, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
- Close ALL open windows (especially Internet Explorer!)-
Click the red Moveit! button.
Copy everything in the Results window (under the green bar), and paste it in your next reply.
Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
----------------------------------------------------------- -----------------------------------------------------------
Step 3
Download and Run ComboFix
Please delete the copy of ComboFix that you have and download an updated copy from one of the links below
Please visit this webpage for instructions on using ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
ComboFix.exe 1 (http://subs.geekstogo.com/ComboFix.exe)
ComboFix.exe 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
ComboFix.exe 3 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
Re-enable all the programs that were disabled during the running of ComboFix..
Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
ComboFix SHOULD NOT be used unless requested by a forum helper
----------------------------------------------------------- -----------------------------------------------------------
Step 4
Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html
Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
**Note**
To optimize scanning time and produce a more sensible report for review: Close any open programs.
Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.
----------------------------------------------------------- -----------------------------------------------------------
Step 5
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Virus Total results
OTMI Log
Combofix Log
Kaspersky Log
How are things running now ?
HayJayJay
2008-12-21, 04:00
ComboFix Cleared the program found in VirusTotal.
The log for kaspersky didnt save correctly, so i cant present it.
Here is ComboFix log:
ComboFix 08-12-14.04 - Reid Quisenberry 2008-12-20 8:26:29.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3071.2623 [GMT -5:00]
Running from: C:\Documents and Settings\Reid Quisenberry.GAMINGPC\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Program Files\mm.BOT
C:\Program Files\mm.BOT\Logs\_STATS.ini
C:\WINDOWS\system32\gsvxryne.dll
C:\WINDOWS\system32\mdoqmd.dll
C:\WINDOWS\system32\ntos.exe
C:\WINDOWS\system32\riquxycl.dll
C:\WINDOWS\system32\TDSSitpe.dat
C:\WINDOWS\system32\urqOHBus.dll
C:\WINDOWS\Tasks\fgkqrodj.job
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_icf
-------\Legacy_tdssserv.sys
-------\Service_restore
((((((((((((((((((((((((( Files Created from 2008-11-20 to 2008-12-20 )))))))))))))))))))))))))))))))
.
2085-12-25 23:35 . 2085-12-25 23:35 <DIR> d-------- C:\Program Files\MSI
2008-12-20 08:21 . 2008-12-20 08:21 <DIR> d-------- C:\_OTMoveIt
2008-12-16 05:51 . 2008-12-16 05:51 <DIR> d-------- C:\Program Files\Alwil Software
2008-12-15 09:34 . 2008-12-15 10:03 250 --a------ C:\WINDOWS\gmer.ini
2008-12-15 09:26 . 2008-12-15 09:26 292 --a------ C:\WINDOWS\system32\ikhcore.cfg
2008-12-15 09:21 . 2008-12-15 09:28 <DIR> d-a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-12-15 06:32 . 2008-12-15 06:32 <DIR> d-------- C:\rsit
2008-12-14 19:46 . 2008-12-14 19:46 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-14 19:46 . 2008-12-14 19:46 <DIR> d-------- C:\Documents and Settings\Reid Quisenberry.GAMINGPC\Application Data\Malwarebytes
2008-12-14 19:46 . 2008-12-14 19:46 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-12-14 19:46 . 2008-12-03 19:54 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-12-14 19:46 . 2008-12-03 19:54 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-12-14 19:30 . 2008-10-16 14:06 268,648 --a------ C:\WINDOWS\system32\mucltui.dll
2008-12-14 19:30 . 2008-10-16 14:06 208,744 --a------ C:\WINDOWS\system32\muweb.dll
2008-12-14 19:30 . 2008-10-16 14:06 27,496 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-12-14 15:44 . 2008-12-14 15:44 <DIR> d-------- C:\Program Files\Windows Defender
2008-12-14 15:24 . 2008-12-20 00:35 <DIR> d-------- C:\Program Files\HJT
2008-12-14 15:19 . 2008-12-14 15:19 11,327,698 --a------ C:\Documents and Settings\All Users.aawqff
2008-12-14 11:36 . 2008-12-14 11:54 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-12-14 11:30 . 2008-12-14 11:30 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2008-12-14 11:21 . 2008-12-14 11:21 <DIR> d-------- C:\Program Files\Trend Micro
2008-12-14 09:24 . 2008-12-14 09:24 <DIR> d-------- C:\WINDOWS\ERUNT
2008-12-14 09:13 . 2008-12-15 06:58 <DIR> d-------- C:\SDFix
2008-12-13 22:14 . 2008-12-13 22:14 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2008-12-13 22:13 . 2008-12-13 22:14 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-12-13 22:13 . 2008-12-13 22:13 <DIR> d-------- C:\Documents and Settings\Reid Quisenberry.GAMINGPC\Application Data\SUPERAntiSpyware.com
2008-12-13 21:43 . 2008-12-13 21:43 <DIR> d---s---- C:\WINDOWS\system32\config\systemprofile\UserData
2008-12-13 20:08 . 2008-12-13 20:08 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab Setup Files
2008-12-13 19:09 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-12-13 19:08 . 2008-12-13 19:08 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-12-13 19:07 . 2008-12-13 19:07 <DIR> d-------- C:\Documents and Settings\Reid Quisenberry.GAMINGPC\Contacts
2008-12-13 18:59 . 2008-12-16 03:00 <DIR> d-------- C:\Program Files\Windows Live
2008-12-13 18:59 . 2008-12-13 19:07 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-12-13 18:58 . 2008-12-13 19:02 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
2008-12-11 18:20 . 2008-12-11 18:20 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe Systems
2008-12-11 15:37 . 2008-12-11 15:37 42,320 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-12-10 19:13 . 2008-12-10 19:13 <DIR> d-------- C:\Documents and Settings\Reid Quisenberry.GAMINGPC\Application Data\Thunderbird
2008-12-10 19:12 . 2008-12-14 09:59 <DIR> d-------- C:\Program Files\Mozilla Thunderbird
2008-12-10 13:51 . 2008-12-10 13:51 <DIR> d-------- C:\Program Files\TeamViewer
2008-12-08 21:48 . 2008-12-10 14:02 <DIR> d-------- C:\Documents and Settings\Reid Quisenberry.GAMINGPC\Application Data\TeamViewer
2008-12-08 21:47 . 2008-12-08 21:47 <DIR> d-------- C:\Documents and Settings\Reid Quisenberry.GAMINGPC\temp
2008-12-07 13:18 . 2008-12-07 13:18 38 --a------ C:\WINDOWS\System.Windows.Forms.pdb
2008-12-02 20:48 . 2007-06-29 16:44 73,728 --a------ C:\WINDOWS\system32\Diamondback.cpl
2008-12-01 17:01 . 2008-12-01 17:01 <DIR> d-------- C:\Program Files\Algebrator
2008-12-01 15:19 . 2008-12-01 15:19 <DIR> d-------- C:\Program Files\Fogware
2008-11-26 02:49 . 2005-10-20 20:47 30,592 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
2008-11-26 02:49 . 2005-10-20 20:47 12,800 --------- C:\WINDOWS\system32\drivers\usb8023x.sys
2008-11-25 23:43 . 2008-11-25 23:43 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
2008-11-25 23:42 . 2008-11-25 23:42 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple
2008-11-24 22:45 . 2008-12-08 16:43 <DIR> d-------- C:\Documents and Settings\Reid Quisenberry.GAMINGPC\Application Data\Corel
2008-11-24 21:54 . 2008-11-24 21:54 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-11-24 21:54 . 2008-11-24 21:54 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-11-24 19:43 . 2008-12-11 21:19 848 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-11-24 19:41 . 2008-11-24 19:41 <DIR> d-------- C:\Program Files\WordPerfect OfficeReady 1.5
2008-11-24 19:40 . 2008-11-24 19:40 <DIR> d-------- C:\Program Files\WordPerfect Office X3 - Home Edition
2008-11-24 19:40 . 2008-11-24 19:40 <DIR> d-------- C:\Program Files\Common Files\Corel
2008-11-24 19:40 . 2008-11-24 19:40 <DIR> d-------- C:\Program Files\Common Files\Borland Shared
2008-11-24 19:40 . 2008-12-08 16:43 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Corel
2008-11-24 19:40 . 2008-11-24 19:40 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Borland
2008-11-24 19:36 . 2008-11-24 19:36 <DIR> d-------- C:\Documents and Settings\Reid Quisenberry.GAMINGPC\Application Data\InstallShield
2008-11-22 14:35 . 2008-11-22 14:35 <DIR> d-------- C:\Documents and Settings\Reid Quisenberry.GAMINGPC\Application Data\dyyno-vlc
2008-11-22 14:34 . 2008-11-22 14:34 <DIR> d-------- C:\Program Files\Dyyno
2008-11-20 21:09 . 2008-11-20 21:09 <DIR> d-------- C:\Program Files\Virtual Audio Cable
2008-11-20 21:09 . 2008-11-20 21:09 40,576 --a------ C:\WINDOWS\system32\drivers\vrtaucbl.sys
2008-11-20 21:00 . 2007-03-07 18:51 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2008-11-20 21:00 . 2007-03-07 18:51 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-11-20 21:00 . 2007-03-07 18:51 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-20 09:13 --------- d-----w C:\Program Files\World of Warcraft
2008-12-16 17:12 --------- d-s---w C:\Program Files\Xfire
2008-12-16 15:48 --------- d-----w C:\Documents and Settings\Reid Quisenberry.GAMINGPC\Application Data\Xfire
2008-12-14 20:19 --------- d-----w C:\Program Files\Paladin
2008-12-14 20:19 --------- d-----w C:\Program Files\AIM
2008-12-14 20:19 --------- d-----w C:\Program Files\Againz
2008-12-14 16:36 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-12-14 16:30 --------- d-----w C:\Program Files\Lavasoft
2008-12-14 16:30 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-12-14 02:39 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
2008-12-10 18:51 --------- d-----w C:\Program Files\TeamViewer3
2008-11-26 07:49 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-11-26 04:43 --------- d-----w C:\Program Files\QuickTime
2008-11-26 04:42 --------- d-----w C:\Program Files\Apple Software Update
2008-11-25 00:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-11-24 05:54 --------- d-----w C:\Program Files\Winamp
2008-11-22 01:50 --------- d-----w C:\Documents and Settings\Reid Quisenberry.GAMINGPC\Application Data\Ventrilo
2008-11-19 05:05 --------- d-----w C:\Documents and Settings\Reid Quisenberry.GAMINGPC\Application Data\acccore
2008-11-19 05:04 --------- d-----w C:\Program Files\Viewpoint
2008-11-19 05:04 --------- d-----w C:\Program Files\Common Files\AOL
2008-11-19 05:04 --------- d-----w C:\Program Files\AIM6
2008-11-19 05:04 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint
2008-11-19 05:04 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL OCP
2008-11-19 05:04 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL
2008-11-19 05:04 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\acccore
2008-11-19 00:29 --------- d-----w C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Xfire
2008-11-18 05:46 20,747 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-11-18 05:46 --------- d-----w C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor
2008-11-18 05:29 --------- d-----w C:\Program Files\Common Files\Motive
2008-11-18 05:27 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Motive
2008-11-18 05:10 155,995 ----a-w C:\WINDOWS\java\Packages\4R7RVTB3.ZIP
2008-11-18 03:01 --------- d-----w C:\Program Files\Adobe Media Player
2008-11-18 02:54 --------- d-----w C:\Program Files\Ventrilo
2008-11-17 23:25 --------- d-----w C:\Program Files\IObit
2008-11-17 23:09 --------- d-----w C:\Program Files\Winamp2
2008-11-17 23:09 --------- d-----w C:\Program Files\AVG
2008-11-13 02:17 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-11-13 01:23 --------- d-----w C:\Program Files\FlashGet
2008-11-13 00:41 --------- d-----w C:\Program Files\Autodesk
2008-10-24 11:10 453,632 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-10-23 13:01 283,648 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-10-22 01:54 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-10-21 01:28 --------- d-----w C:\Program Files\Microsoft Games
2008-10-16 22:13 202,776 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-10-16 22:13 1,809,944 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-10-16 22:12 561,688 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-10-16 22:12 323,608 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-10-16 22:09 92,696 ----a-w C:\WINDOWS\system32\cdm.dll
2008-10-16 22:09 51,224 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-10-16 22:09 43,544 ----a-w C:\WINDOWS\system32\wups2.dll
2008-10-16 22:08 34,328 ----a-w C:\WINDOWS\system32\wups.dll
2008-10-16 10:37 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2008-10-03 10:15 247,326 ----a-w C:\WINDOWS\system32\strmdll.dll
2007-10-10 05:27 630,784 ----a-w C:\Program Files\FSRad.exe
.
And here is OT Log:
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\30f0e3c1\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jnskdfmf9eldfd\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jsg8jfgfdfhfhf\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rs32net\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xsjfn83jkemfofght\\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\qoMgfGwT\\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati3yfxx.sys\\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati3yfxx.sys\\ not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\BitLord\BitLord.exe not found.
========== FILES ==========
File/Folder C:\WINDOWS\system32\3bd327bf-.txt not found.
File/Folder C:\fqqqea.exe not found.
File/Folder C:\WINDOWS\system32\nokye.exe not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\REIDQU~1.GAM\LOCALS~1\Temp\etilqs_2NR2qaDjHQKoeSIClbwf scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_5f8.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
File delete failed. C:\Documents and Settings\Reid Quisenberry.GAMINGPC\Local Settings\Application Data\Mozilla\Firefox\Profiles\n0jgkdoo.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Reid Quisenberry.GAMINGPC\Local Settings\Application Data\Mozilla\Firefox\Profiles\n0jgkdoo.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Reid Quisenberry.GAMINGPC\Local Settings\Application Data\Mozilla\Firefox\Profiles\n0jgkdoo.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Reid Quisenberry.GAMINGPC\Local Settings\Application Data\Mozilla\Firefox\Profiles\n0jgkdoo.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Reid Quisenberry.GAMINGPC\Local Settings\Application Data\Mozilla\Firefox\Profiles\n0jgkdoo.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Reid Quisenberry.GAMINGPC\Local Settings\Application Data\Mozilla\Firefox\Profiles\n0jgkdoo.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully
OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12202008_082455
Please post the contents of C:\Combofix.txt along with the following
Active Scan
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Please go to this site Link >> ActiveScan (http://www.pandasecurity.com/activescan/index/) << LINK
Click the Scan Now button
Follow the prompts to install the Active X if necessary
Go and make a cup of tea/coffee/beverage of your choice and watch some TV :)
When the scan is finished, a report will be generated
Next to Scan Details click the small export to notepad button and save the report to your desktop.
Please post the report in your reply.
HayJayJay
2008-12-26, 01:40
Sorry for such a late reply Katana, ive been very busy with the holidays and work.
Thanks for assisting me once again.
ComboFix Log:
ComboFix 08-12-14.04 - Reid Quisenberry 2008-12-20 8:26:29.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3071.2623 [GMT -5:00]
Running from: C:\Documents and Settings\Reid Quisenberry.GAMINGPC\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Program Files\mm.BOT
C:\Program Files\mm.BOT\Logs\_STATS.ini
C:\WINDOWS\system32\gsvxryne.dll
C:\WINDOWS\system32\mdoqmd.dll
C:\WINDOWS\system32\ntos.exe
C:\WINDOWS\system32\riquxycl.dll
C:\WINDOWS\system32\TDSSitpe.dat
C:\WINDOWS\system32\urqOHBus.dll
C:\WINDOWS\Tasks\fgkqrodj.job
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_icf
-------\Legacy_tdssserv.sys
-------\Service_restore
((((((((((((((((((((((((( Files Created from 2008-11-20 to 2008-12-20 )))))))))))))))))))))))))))))))
.
2085-12-25 23:35 . 2085-12-25 23:35 <DIR> d-------- C:\Program Files\MSI
2008-12-20 08:21 . 2008-12-20 08:21 <DIR> d-------- C:\_OTMoveIt
2008-12-16 05:51 . 2008-12-16 05:51 <DIR> d-------- C:\Program Files\Alwil Software
2008-12-15 09:34 . 2008-12-15 10:03 250 --a------ C:\WINDOWS\gmer.ini
2008-12-15 09:26 . 2008-12-15 09:26 292 --a------ C:\WINDOWS\system32\ikhcore.cfg
2008-12-15 09:21 . 2008-12-15 09:28 <DIR> d-a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-12-15 06:32 . 2008-12-15 06:32 <DIR> d-------- C:\rsit
2008-12-14 19:46 . 2008-12-14 19:46 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-14 19:46 . 2008-12-14 19:46 <DIR> d-------- C:\Documents and Settings\Reid Quisenberry.GAMINGPC\Application Data\Malwarebytes
2008-12-14 19:46 . 2008-12-14 19:46 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-12-14 19:46 . 2008-12-03 19:54 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-12-14 19:46 . 2008-12-03 19:54 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-12-14 19:30 . 2008-10-16 14:06 268,648 --a------ C:\WINDOWS\system32\mucltui.dll
2008-12-14 19:30 . 2008-10-16 14:06 208,744 --a------ C:\WINDOWS\system32\muweb.dll
2008-12-14 19:30 . 2008-10-16 14:06 27,496 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-12-14 15:44 . 2008-12-14 15:44 <DIR> d-------- C:\Program Files\Windows Defender
2008-12-14 15:24 . 2008-12-20 00:35 <DIR> d-------- C:\Program Files\HJT
2008-12-14 15:19 . 2008-12-14 15:19 11,327,698 --a------ C:\Documents and Settings\All Users.aawqff
2008-12-14 11:36 . 2008-12-14 11:54 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-12-14 11:30 . 2008-12-14 11:30 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2008-12-14 11:21 . 2008-12-14 11:21 <DIR> d-------- C:\Program Files\Trend Micro
2008-12-14 09:24 . 2008-12-14 09:24 <DIR> d-------- C:\WINDOWS\ERUNT
2008-12-14 09:13 . 2008-12-15 06:58 <DIR> d-------- C:\SDFix
2008-12-13 22:14 . 2008-12-13 22:14 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2008-12-13 22:13 . 2008-12-13 22:14 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-12-13 22:13 . 2008-12-13 22:13 <DIR> d-------- C:\Documents and Settings\Reid Quisenberry.GAMINGPC\Application Data\SUPERAntiSpyware.com
2008-12-13 21:43 . 2008-12-13 21:43 <DIR> d---s---- C:\WINDOWS\system32\config\systemprofile\UserData
2008-12-13 20:08 . 2008-12-13 20:08 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab Setup Files
2008-12-13 19:09 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-12-13 19:08 . 2008-12-13 19:08 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-12-13 19:07 . 2008-12-13 19:07 <DIR> d-------- C:\Documents and Settings\Reid Quisenberry.GAMINGPC\Contacts
2008-12-13 18:59 . 2008-12-16 03:00 <DIR> d-------- C:\Program Files\Windows Live
2008-12-13 18:59 . 2008-12-13 19:07 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-12-13 18:58 . 2008-12-13 19:02 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
2008-12-11 18:20 . 2008-12-11 18:20 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe Systems
2008-12-11 15:37 . 2008-12-11 15:37 42,320 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-12-10 19:13 . 2008-12-10 19:13 <DIR> d-------- C:\Documents and Settings\Reid Quisenberry.GAMINGPC\Application Data\Thunderbird
2008-12-10 19:12 . 2008-12-14 09:59 <DIR> d-------- C:\Program Files\Mozilla Thunderbird
2008-12-10 13:51 . 2008-12-10 13:51 <DIR> d-------- C:\Program Files\TeamViewer
2008-12-08 21:48 . 2008-12-10 14:02 <DIR> d-------- C:\Documents and Settings\Reid Quisenberry.GAMINGPC\Application Data\TeamViewer
2008-12-08 21:47 . 2008-12-08 21:47 <DIR> d-------- C:\Documents and Settings\Reid Quisenberry.GAMINGPC\temp
2008-12-07 13:18 . 2008-12-07 13:18 38 --a------ C:\WINDOWS\System.Windows.Forms.pdb
2008-12-02 20:48 . 2007-06-29 16:44 73,728 --a------ C:\WINDOWS\system32\Diamondback.cpl
2008-12-01 17:01 . 2008-12-01 17:01 <DIR> d-------- C:\Program Files\Algebrator
2008-12-01 15:19 . 2008-12-01 15:19 <DIR> d-------- C:\Program Files\Fogware
2008-11-26 02:49 . 2005-10-20 20:47 30,592 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
2008-11-26 02:49 . 2005-10-20 20:47 12,800 --------- C:\WINDOWS\system32\drivers\usb8023x.sys
2008-11-25 23:43 . 2008-11-25 23:43 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
2008-11-25 23:42 . 2008-11-25 23:42 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple
2008-11-24 22:45 . 2008-12-08 16:43 <DIR> d-------- C:\Documents and Settings\Reid Quisenberry.GAMINGPC\Application Data\Corel
2008-11-24 21:54 . 2008-11-24 21:54 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-11-24 21:54 . 2008-11-24 21:54 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-11-24 19:43 . 2008-12-11 21:19 848 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-11-24 19:41 . 2008-11-24 19:41 <DIR> d-------- C:\Program Files\WordPerfect OfficeReady 1.5
2008-11-24 19:40 . 2008-11-24 19:40 <DIR> d-------- C:\Program Files\WordPerfect Office X3 - Home Edition
2008-11-24 19:40 . 2008-11-24 19:40 <DIR> d-------- C:\Program Files\Common Files\Corel
2008-11-24 19:40 . 2008-11-24 19:40 <DIR> d-------- C:\Program Files\Common Files\Borland Shared
2008-11-24 19:40 . 2008-12-08 16:43 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Corel
2008-11-24 19:40 . 2008-11-24 19:40 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Borland
2008-11-24 19:36 . 2008-11-24 19:36 <DIR> d-------- C:\Documents and Settings\Reid Quisenberry.GAMINGPC\Application Data\InstallShield
2008-11-22 14:35 . 2008-11-22 14:35 <DIR> d-------- C:\Documents and Settings\Reid Quisenberry.GAMINGPC\Application Data\dyyno-vlc
2008-11-22 14:34 . 2008-11-22 14:34 <DIR> d-------- C:\Program Files\Dyyno
2008-11-20 21:09 . 2008-11-20 21:09 <DIR> d-------- C:\Program Files\Virtual Audio Cable
2008-11-20 21:09 . 2008-11-20 21:09 40,576 --a------ C:\WINDOWS\system32\drivers\vrtaucbl.sys
2008-11-20 21:00 . 2007-03-07 18:51 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2008-11-20 21:00 . 2007-03-07 18:51 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-11-20 21:00 . 2007-03-07 18:51 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-20 09:13 --------- d-----w C:\Program Files\World of Warcraft
2008-12-16 17:12 --------- d-s---w C:\Program Files\Xfire
2008-12-16 15:48 --------- d-----w C:\Documents and Settings\Reid Quisenberry.GAMINGPC\Application Data\Xfire
2008-12-14 20:19 --------- d-----w C:\Program Files\Paladin
2008-12-14 20:19 --------- d-----w C:\Program Files\AIM
2008-12-14 20:19 --------- d-----w C:\Program Files\Againz
2008-12-14 16:36 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-12-14 16:30 --------- d-----w C:\Program Files\Lavasoft
2008-12-14 16:30 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-12-14 02:39 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
2008-12-10 18:51 --------- d-----w C:\Program Files\TeamViewer3
2008-11-26 07:49 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-11-26 04:43 --------- d-----w C:\Program Files\QuickTime
2008-11-26 04:42 --------- d-----w C:\Program Files\Apple Software Update
2008-11-25 00:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-11-24 05:54 --------- d-----w C:\Program Files\Winamp
2008-11-22 01:50 --------- d-----w C:\Documents and Settings\Reid Quisenberry.GAMINGPC\Application Data\Ventrilo
2008-11-19 05:05 --------- d-----w C:\Documents and Settings\Reid Quisenberry.GAMINGPC\Application Data\acccore
2008-11-19 05:04 --------- d-----w C:\Program Files\Viewpoint
2008-11-19 05:04 --------- d-----w C:\Program Files\Common Files\AOL
2008-11-19 05:04 --------- d-----w C:\Program Files\AIM6
2008-11-19 05:04 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint
2008-11-19 05:04 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL OCP
2008-11-19 05:04 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL
2008-11-19 05:04 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\acccore
2008-11-19 00:29 --------- d-----w C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Xfire
2008-11-18 05:46 20,747 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-11-18 05:46 --------- d-----w C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor
2008-11-18 05:29 --------- d-----w C:\Program Files\Common Files\Motive
2008-11-18 05:27 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Motive
2008-11-18 05:10 155,995 ----a-w C:\WINDOWS\java\Packages\4R7RVTB3.ZIP
2008-11-18 03:01 --------- d-----w C:\Program Files\Adobe Media Player
2008-11-18 02:54 --------- d-----w C:\Program Files\Ventrilo
2008-11-17 23:25 --------- d-----w C:\Program Files\IObit
2008-11-17 23:09 --------- d-----w C:\Program Files\Winamp2
2008-11-17 23:09 --------- d-----w C:\Program Files\AVG
2008-11-13 02:17 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-11-13 01:23 --------- d-----w C:\Program Files\FlashGet
2008-11-13 00:41 --------- d-----w C:\Program Files\Autodesk
2008-10-24 11:10 453,632 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-10-23 13:01 283,648 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-10-22 01:54 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-10-21 01:28 --------- d-----w C:\Program Files\Microsoft Games
2008-10-16 22:13 202,776 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-10-16 22:13 1,809,944 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-10-16 22:12 561,688 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-10-16 22:12 323,608 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-10-16 22:09 92,696 ----a-w C:\WINDOWS\system32\cdm.dll
2008-10-16 22:09 51,224 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-10-16 22:09 43,544 ----a-w C:\WINDOWS\system32\wups2.dll
2008-10-16 22:08 34,328 ----a-w C:\WINDOWS\system32\wups.dll
2008-10-16 10:37 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2008-10-03 10:15 247,326 ----a-w C:\WINDOWS\system32\strmdll.dll
2007-10-10 05:27 630,784 ----a-w C:\Program Files\FSRad.exe
.
Do you have the Active Scan log ?
HayJayJay
2008-12-27, 06:53
yes, my mistake, i thought i posted it >.>.
Here ya go:
;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-12-25 07:38:19
PROTECTIONS: 1
MALWARE: 21
SUSPECTS: 42
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Windows Defender 1.1.4205.0 No No
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00029434 spyware/virtumonde Spyware No 1 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}
00029434 spyware/virtumonde Spyware No 1 Yes No hkey_classes_root\clsid\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Reid Quisenberry.GAMINGPC\Cookies\reid quisenberry@trafficmp[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Reid Quisenberry.GAMINGPC\Cookies\reid quisenberry@atdmt[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\WINDOWS\system32\config\systemprofile\Cookies\system@apmebf[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Reid Quisenberry.GAMINGPC\Cookies\reid quisenberry@advertising[1].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\WINDOWS\system32\config\systemprofile\Cookies\system@overture[1].txt
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{AACE9ADF-B0AC-4BAF-A99D-E7A054ADCDC5}\RP50\A0005206.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No C:\WINDOWS\PSEXESVC.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{AACE9ADF-B0AC-4BAF-A99D-E7A054ADCDC5}\RP57\A0005937.EXE
02654416 Generic Trojan Virus/Trojan No 0 Yes No C:\Documents and Settings\Reid Quisenberry\My Documents\GunzP\MapHack.exe
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{AACE9ADF-B0AC-4BAF-A99D-E7A054ADCDC5}\RP50\A0005094.sys
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{AACE9ADF-B0AC-4BAF-A99D-E7A054ADCDC5}\RP50\A0005127.sys
02888262 Exploit/Gimsh.B HackTools No 0 Yes No C:\Documents and Settings\Reid Quisenberry\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-5efd1945-4ebc56d6.zip[vmain.class]
03738686 Generic Malware Virus/Trojan No 0 No No C:\Documents and Settings\Reid Quisenberry.GAMINGPC\Desktop\SDFix.exe[C:\Documents and Settings\Reid Quisenberry.GAMINGPC\Desktop\SDFix.exe][SDFix\catchme.exe]
03738686 Generic Malware Virus/Trojan No 0 Yes No C:\SDFix\apps\Cghtme.exe
03738686 Generic Malware Virus/Trojan No 0 No No C:\Documents and Settings\Reid Quisenberry.GAMINGPC\Desktop\SDFix.exe[C:\Documents and Settings\Reid Quisenberry.GAMINGPC\Desktop\SDFix.exe][SDFix\apps\Cghtme.exe]
03738686 Generic Malware Virus/Trojan No 0 Yes No C:\SDFix\catchme.exe
04105094 Bck/DService.TK Virus/Trojan No 1 No No C:\Documents and Settings\Reid Quisenberry\Application Data\Someplayer\RaGEZONE GunZ Launcher\0.9.0.0\cl.lgz[update20.mrs]
04180199 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{AACE9ADF-B0AC-4BAF-A99D-E7A054ADCDC5}\RP50\A0005107.exe:ext.exe
04335631 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{AACE9ADF-B0AC-4BAF-A99D-E7A054ADCDC5}\RP48\A0004985.exe
04357894 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{AACE9ADF-B0AC-4BAF-A99D-E7A054ADCDC5}\RP50\A0005109.dll
04357894 Generic Trojan Virus/Trojan No 0 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\gsvxryne.dll.vir
04357894 Generic Trojan Virus/Trojan No 0 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\mdoqmd.dll.vir
04357894 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{AACE9ADF-B0AC-4BAF-A99D-E7A054ADCDC5}\RP50\A0005110.dll
04357901 Generic Trojan Virus/Trojan No 0 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\riquxycl.dll.vir
04357901 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{AACE9ADF-B0AC-4BAF-A99D-E7A054ADCDC5}\RP50\A0005111.dll
04361702 Spyware/Virtumonde Spyware No 1 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\urqOHBus.dll.vir
04361702 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{AACE9ADF-B0AC-4BAF-A99D-E7A054ADCDC5}\RP50\A0005112.dll
04373460 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{AACE9ADF-B0AC-4BAF-A99D-E7A054ADCDC5}\RP48\A0004974.sys
04377937 Generic Trojan Virus/Trojan No 0 Yes No C:\Documents and Settings\Reid Quisenberry.GAMINGPC\Desktop\ComboFix.exe
04397097 Generic Rootkit HackTools No 0 Yes No C:\Program Files\Paladin\Shadow.sys
04397097 Generic Rootkit HackTools No 0 Yes No C:\Program Files\Glider Deploy PS\Paladin\Shadow.sys
04397097 Generic Rootkit HackTools No 0 Yes No C:\Program Files\Againz\Shadow.sys
04397097 Generic Rootkit HackTools No 0 Yes No C:\Program Files\Redocket\Glider for Reid\Shadow.sys
04397097 Generic Rootkit HackTools No 0 Yes No C:\Reglide\Shadow.sys
04397097 Generic Rootkit HackTools No 0 Yes No C:\Documents and Settings\Reid Quisenberry\My Documents\Againz\Shadow.sys
04443361 Spyware/Virtumonde Spyware No 1 Yes No C:\_OTMoveIt\MovedFiles\12202008_082141\fqqqea.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location Y�
;===================================================================================================================================================================================
No C:\Documents and Settings\Reid Quisenberry.GAMINGPC\My Documents\EpickGlider\ocxthgqlqz.exe Y�
No C:\Documents and Settings\Reid Quisenberry\My Documents\Autodesk Mudbox\Autodesk Mudbox 2009\autodesk.mudbox.v2009.x64-patch.exe
No C:\Documents and Settings\Reid Quisenberry\My Documents\Autodesk Mudbox\Autodesk Mudbox 2009\autodesk.mudbox.v2009.x86-patch.exe
No C:\Documents and Settings\Reid Quisenberry\My Documents\Autodesk Mudbox\Autodesk Mudbox 2009.part1.rar[Autodesk Mudbox 2009\autodesk.mudbox.v2009.x64-patch.exe]
No C:\Documents and Settings\Reid Quisenberry\My Documents\Autodesk Mudbox\Autodesk Mudbox 2009.part1.rar[Autodesk Mudbox 2009\autodesk.mudbox.v2009.x86-patch.exe]
No C:\Documents and Settings\Reid Quisenberry\My Documents\NewGlider\avxxzjoj.exe Y�
No C:\Documents and Settings\Reid Quisenberry\My Documents\NewGlider\GliderApp.ex_ Y�
No C:\Documents and Settings\Reid Quisenberry\My Documents\SPUD\GliderApp.ex_ Y�
No C:\Documents and Settings\Reid Quisenberry\My Documents\SPUD\iygtgg.exe Y�
No C:\Documents and Settings\Reid Quisenberry.GAMINGPC\Desktop\Glider for Matt\fhslvnsn.exe Y�
No C:\Documents and Settings\Reid Quisenberry.GAMINGPC\Desktop\Glider for Matt\GliderApp.ex_ Y�
No C:\Documents and Settings\Reid Quisenberry.GAMINGPC\My Documents\EpickGlider\GliderApp.ex_ Y�
No C:\Documents and Settings\Reid Quisenberry.GAMINGPC\My Documents\EpickGlider\ocxthgqlqz.exe Y�
No C:\Documents and Settings\Reid Quisenberry.GAMINGPC\My Documents\Glider\GliderApp.ex_ Y�
No C:\Documents and Settings\Reid Quisenberry.GAMINGPC\My Documents\Glider\zgqefkionn.exe Y�
No C:\Documents and Settings\Reid Quisenberry.GAMINGPC\My Documents\Glider Accessories\RARs\Glider for Reid.zip[Glider for Matt/GliderApp.ex_]
No C:\Documents and Settings\Reid Quisenberry.GAMINGPC\My Documents\Glider Accessories\RARs\Glider for Reid.zip[Glider for Matt/cfbtjvt.exe]
No C:\gakdokz\GliderApp.ex_ Y�
No C:\Program Files\Autodesk\Mudbox2009\autodesk.mudbox.v2009.x64-patch.exe Y�
No C:\Program Files\Mozilla Firefox\GliderApp.ex_ Y�
No C:\RECYCLER\S-1-5-21-343818398-1383384898-725345543-1004\Dc937\GliderApp.ex_ Y�
No C:\RECYCLER\S-1-5-21-343818398-1383384898-725345543-1004\Dc940\GliderApp.ex_ Y�
No C:\RECYCLER\S-1-5-21-343818398-1383384898-725345543-1004\Dc951.ex_ Y�
No C:\RECYCLER\S-1-5-21-343818398-1383384898-725345543-1004\Dc965\GliderApp.ex_ Y�
No C:\RECYCLER\S-1-5-21-343818398-1383384898-725345543-1004\Dc968\GliderApp.ex_ Y�
No C:\RECYCLER\S-1-5-21-343818398-1383384898-725345543-1004\Dc969\GliderApp.ex_ Y�
No C:\RECYCLER\S-1-5-21-343818398-1383384898-725345543-1004\Dc972\GliderApp.ex_ Y�
No C:\RECYCLER\S-1-5-21-343818398-1383384898-725345543-1004\Dc973\GliderApp.ex_ Y�
No C:\RECYCLER\S-1-5-21-343818398-1383384898-725345543-1004\Dc973\taawmh.exe Y�
No C:\RECYCLER\S-1-5-21-343818398-1383384898-725345543-1004\Dc974\GliderApp.ex_ Y�
No C:\System Volume Information\_restore{AA408F2F-4ACA-4ECD-9E96-5830BC7BEAB4}\RP796\A0177459.exe[install.exe]
No C:\System Volume Information\_restore{AA408F2F-4ACA-4ECD-9E96-5830BC7BEAB4}\RP816\A0178244.exe Y�
No C:\System Volume Information\_restore{AA408F2F-4ACA-4ECD-9E96-5830BC7BEAB4}\RP819\A0178682.exe Y�
No C:\System Volume Information\_restore{AA408F2F-4ACA-4ECD-9E96-5830BC7BEAB4}\RP819\A0178914.exe Y�
No C:\System Volume Information\_restore{AA408F2F-4ACA-4ECD-9E96-5830BC7BEAB4}\RP819\A0178951.exe Y�
No C:\System Volume Information\_restore{AA408F2F-4ACA-4ECD-9E96-5830BC7BEAB4}\RP819\A0178960.exe Y�
No C:\System Volume Information\_restore{AA408F2F-4ACA-4ECD-9E96-5830BC7BEAB4}\RP819\A0178965.exe Y�
No C:\System Volume Information\_restore{AA408F2F-4ACA-4ECD-9E96-5830BC7BEAB4}\RP819\A0178974.exe Y�
No C:\System Volume Information\_restore{AA408F2F-4ACA-4ECD-9E96-5830BC7BEAB4}\RP819\A0179029.exe Y�
No C:\System Volume Information\_restore{AA408F2F-4ACA-4ECD-9E96-5830BC7BEAB4}\RP819\A0179041.exe Y�
No C:\System Volume Information\_restore{AA408F2F-4ACA-4ECD-9E96-5830BC7BEAB4}\RP820\A0179770.exe Y�
No C:\System Volume Information\_restore{AA408F2F-4ACA-4ECD-9E96-5830BC7BEAB4}\RP820\A0179815.exe Y�
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description Y�
;===================================================================================================================================================================================
184380 MEDIUM MS08-002 Y�
184379 MEDIUM MS08-001 Y�
182048 HIGH MS07-069 Y�
182046 HIGH MS07-067 Y�
182043 HIGH MS07-064 Y�
179553 HIGH MS07-061 Y�
176382 HIGH MS07-057 Y�
176383 HIGH MS07-058 Y�
170911 HIGH MS07-050 Y�
170907 HIGH MS07-046 Y�
170906 HIGH MS07-045 Y�
170904 HIGH MS07-043 Y�
164915 HIGH MS07-035 Y�
164913 HIGH MS07-033 Y�
164911 HIGH MS07-031 Y�
160623 HIGH MS07-027 Y�
157262 HIGH MS07-022 Y�
157261 HIGH MS07-021 Y�
157260 HIGH MS07-020 Y�
157259 HIGH MS07-019 Y�
156477 HIGH MS07-017 Y�
150253 HIGH MS07-016 Y�
150249 HIGH MS07-013 Y�
150248 HIGH MS07-012 Y�
150247 HIGH MS07-011 Y�
150243 HIGH MS07-008 Y�
150242 HIGH MS07-007 Y�
150241 MEDIUM MS07-006 Y�
141034 HIGH MS06-076 Y�
141033 MEDIUM MS06-075 Y�
141030 HIGH MS06-072 Y�
137571 HIGH MS06-070 Y�
137568 HIGH MS06-067 Y�
133387 MEDIUM MS06-065 Y�
133386 MEDIUM MS06-064 Y�
133385 MEDIUM MS06-063 Y�
133379 HIGH MS06-057 Y�
131654 HIGH MS06-055 Y�
129977 MEDIUM MS06-053 Y�
129976 MEDIUM MS06-052 Y�
126093 HIGH MS06-051 Y�
126092 MEDIUM MS06-050 Y�
126087 HIGH MS06-046 Y�
126086 MEDIUM MS06-045 Y�
126083 HIGH MS06-042 Y�
126082 HIGH MS06-041 Y�
126081 HIGH MS06-040 Y�
123421 HIGH MS06-036 Y�
123420 HIGH MS06-035 Y�
120825 MEDIUM MS06-032 Y�
120823 MEDIUM MS06-030 Y�
120818 HIGH MS06-025 Y�
120815 HIGH MS06-022 Y�
120814 HIGH MS06-021 Y�
117384 MEDIUM MS06-018 Y�
114666 HIGH MS06-015 Y�
114664 HIGH MS06-013 Y�
108744 MEDIUM MS06-008 Y�
108743 MEDIUM MS06-007 Y�
108742 MEDIUM MS06-006 Y�
104567 HIGH MS06-002 Y�
104237 HIGH MS06-001 Y�
96574 HIGH MS05-053 Y�
93395 HIGH MS05-051 Y�
93394 HIGH MS05-050 Y�
93454 MEDIUM MS05-049 Y�
;===================================================================================================================================================================================
Do you know anything about the following files ?
C:\Documents and Settings\Reid Quisenberry.GAMINGPC\Desktop\Glider for Matt\fhslvnsn.exe
C:\Documents and Settings\Reid Quisenberry.GAMINGPC\My Documents\EpickGlider\ocxthgqlqz.exe
C:\Documents and Settings\Reid Quisenberry.GAMINGPC\My Documents\Glider\zgqefkionn.exe
C:\Documents and Settings\Reid Quisenberry\My Documents\NewGlider\avxxzjoj.exe
C:\Documents and Settings\Reid Quisenberry\My Documents\SPUD\iygtgg.exe
C:\Documents and Settings\Reid Quisenberry\Application Data\Someplayer\RaGEZONE GunZ Launcher\0.9.0.0\cl.lgz
OTMoveIt
Double-click OTMoveIt3.exe to run it.
Copy the lines in the codebox below. ( Make sure you include :Processes )
:Processes
:Reg
[-HKEY_LOCAL_MACHINE\software\classes\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
[-hkey_classes_root\clsid\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}]
:Files
C:\Documents and Settings\Reid Quisenberry.GAMINGPC\Desktop\SDFix.exe
C:\Documents and Settings\Reid Quisenberry\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\*.*
C:\SDFix
:Commands
[Purity]
[EmptyTemp]
Return to OTMoveIt3, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
- Close ALL open windows (especially Internet Explorer!)-
Click the red Moveit! button.
Copy everything in the Results window (under the green bar), and paste it in your next reply.
Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
Download and Run ComboFix
Please delete the copy of ComboFix that you have and download an updated copy from one of the links below
Please visit this webpage for instructions on using ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
ComboFix.exe 1 (http://subs.geekstogo.com/ComboFix.exe)
ComboFix.exe 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
ComboFix.exe 3 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
Re-enable all the programs that were disabled during the running of ComboFix..
Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
ComboFix SHOULD NOT be used unless requested by a forum helper
Due to inactivity, this thread will now be closed.
Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.