I recently had a spyware (and possibly virus as well) problem with my computer where my desktop was changed and it said something like “your computer is infected etc.” and a program opened up that asked to buy a spyware removal product. I started up the computer in safe mode and then ran spybot and it removed a bunch of problems. I also ran an online antivirus scan and it removed a few things. When I started up the computer in normal mode everything was absolutely fine except for 2 things.

I have 2 entries that keep on reappearing in my spybot scan every time I restart the computer. They are “Win32.TDSS.rtk” and “Microsoft.WindowsSecurityCenter_disabled”. Before I consider taking steps to permanently remove them, I just want to know if they can steal passwords. If they can’t, then it’s really not worth bothering with them because I can’t see any symptoms. Also, could there be other things on my computer that spybot and antiviruses can’t detect that could be causes problems even though there are no symptoms now, or did the spybot and virus scans removing everything that is problematic?

Thanks.

Please note that all instructions given are customised for this computer only,
the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
Please Read All Instructions Carefully
If you don't understand something, stop and ask! Don't keep going on.
Please do not run any other tools or scans whilst I am helping you
Failure to reply within 5 days will result in the topic being closed.
Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those few things, everything should go smoothly http://www.countingcows.de/laechel.gif

Some of the logs I request will be quite large, You may need to split them over a couple of replies.

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe
----------------------------------------------------------------------------------------




1) “Win32.TDSS.rtk”
2) “Microsoft.WindowsSecurityCenter_disabled”.
3) I just want to know if they can steal passwords.
4) If they can’t, then it’s really not worth bothering with them.
5) Also, could there be other things on my computer that spybot and antiviruses can’t detect that could be causes problems even though there are no symptoms now,
6) or did the spybot and virus scans removing everything that is problematic?

1) Needs removing.
2) Depending on your AntiVirus program, this may be normal.
3) Sometimes
4) Yes it is, if they are still active then they can download fresh infections
5) Yes
6) Without seeing any logs, I have no idea.


Download and Run RSIT

Please download Random's System Information Tool by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open:

log.txt will be opened maximized.
info.txt will be opened minimized.

Please post the contents of both log.txt and info.txt.


Please Download GMER to your desktop

Download GMER (http://www.gmer.net/gmer.zip) and extract it to your desktop.

***Please close any open programs ***

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst

If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click Yes.

Once the scan is complete, you may receive another notice about rootkit activity.
Click OK.

GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.
If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked. Click the Scan button and let the program do its work. GMER will produce a log.
Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.


DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

Please post the results from the GMER scan in your reply.

When you say "Please do not run any other tools or scans whilst I am helping you," do you mean I need to turn off automatic/live protection for norton antivirus, adaware and spybot (teatimer)? Also, do I have to disable my norton antivirus completely? What other programs would I have to close down or disable?

1) do you mean I need to turn off automatic/live protection for norton antivirus,
2) adaware and spybot (teatimer)?
3) Also, do I have to disable my norton antivirus completely?
4) What other programs would I have to close down or disable?

What I mean is that you shouldn't do anything to try and remove the problem yourself.
1) You can leave Norton running for the moment
2) a) You shouldn't have AdAware and Teatimer running at the same time anyway
b) yes, you should disable them both
3) No
4) I don't know, you haven't posted any logs yet.

RSIT info.txt:

info.txt logfile of random's system information tool 1.06 2009-07-22 19:46:25

======Uninstall list======

#7Z 0.7.2 - 7-Zip GUI-->C:\Program Files\Archiving\7Z\Bin\S7Z-UnInstall.EXE
-->"C:\Program Files\Creative\SBAudigy\Program\SETUP.EXE" /S /U /W
-->MsiExec /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34EBD418-B8E6-4E86-89C4-33B72CF5663F}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34EBD418-B8E6-4E86-89C4-33B72CF5663F}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4FF954AE-FE5E-438A-885D-19BE53F1501E}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52338F65-A1C3-4CDC-B733-50051682B297}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52338F65-A1C3-4CDC-B733-50051682B297}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{569A9538-86EC-44C3-8EE4-C68B165F2A75}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{569A9538-86EC-44C3-8EE4-C68B165F2A75}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5B17E626-7885-4FC3-A66A-73548A4F01FD}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9194237B-7B58-40B4-A739-184AD59531A2}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD6928A2-9F8F-4AA7-9A3A-FD4A271712EE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD6928A2-9F8F-4AA7-9A3A-FD4A271712EE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C64409FA-42A7-49C6-837A-D2E5D813BD57}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAAC5938-8026-4D0C-A476-D1954917B7F5}\SETUP.EXE" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAAC5938-8026-4D0C-A476-D1954917B7F5}\SETUP.EXE" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE4A4C48-2232-4CCB-AD61-490ACD29BA85}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE4A4C48-2232-4CCB-AD61-490ACD29BA85}\setup.exe" -l0x9 /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe"
ABC (remove only)-->C:\Program Files\ABC\Uninstall.exe
Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~2\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~2\INSTALL.LOG
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
AGEIA PhysX v7.09.13-->MsiExec.exe /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
AOL Instant Messenger-->C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
AppCore-->MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Mobile Device Support-->MsiExec.exe /I{8355F970-601D-442D-A79B-1D7DB4F24CAD}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Audacity 1.2.4-->"C:\Program Files\Audacity\unins000.exe"
Auto Gordian Knot 2.27-->C:\Program Files\AutoGK\uninst.exe
AV-->MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
AVI/MPEG/RM/WMV Splitter 4.28-->"C:\Program Files\AVI MPEG RM WMV Splitter\unins000.exe"
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
Battle.net-->C:\WINDOWS\bnetunin.exe
Battlefield 2(TM)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x9 -removeonly
Blood2 Demo-->C:\WINDOWS\uninst.exe -f"d:\blood 2\DeIsL1.isu"
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch-->C:\Program Files\InstallShield Installation Information\{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch-->C:\Program Files\InstallShield Installation Information\{3BD633E0-4BF8-4499-9149-88F0767D449C}\setup.exe -runfromtemp -l0x0409
Canon MP Navigator EX 1.0-->"C:\Program Files\Canon\MP Navigator EX 1.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator EX 1.0\uninst.ini
Canon MP210 series User Registration-->C:\Program Files\Canon\IJEREG\MP210 series\UNINST.EXE
Canon MP210 series-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series /L0x0009
Canon My Printer-->C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini
ccCommon-->MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
C-Media PCI Audio Driver-->C:\WINDOWS\system32\CMRMDRV3.exe
Concise Oxford English Dictionary (Eleventh Edition)-->C:\Program Files\Dictionary\Uninstal.exe
ControlMK 0.232-->C:\Program Files\ControlMK\uninst.exe
Creative Audio Console-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9 /remove
Creative Demo Player-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4FF954AE-FE5E-438A-885D-19BE53F1501E}\setup.exe" -l0x9 /remove
Creative EAX Console-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5B17E626-7885-4FC3-A66A-73548A4F01FD}\setup.exe" -l0x9 /remove
Creative EAX Settings-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C64409FA-42A7-49C6-837A-D2E5D813BD57}\setup.exe" -l0x9 /remove
Creative MediaSource-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}\SETUP.EXE" -l0x9 /remove
Creative Speaker Settings-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x9 /remove
Creative System Information-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Dark Reign 2-->C:\WINDOWS\IsUninst.exe -f"d:\Dark Reign 2\DR2.isu"
dBpowerAMP FLAC Codec-->"C:\WINDOWS\System32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP FLAC Codec.dat
dBpowerAMP Mp4 & AAC Decode Codec-->"C:\WINDOWS\System32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP Mp4 & AAC Decode Codec.dat
dBpowerAMP Music Converter-->"C:\WINDOWS\System32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP Music Converter.dat
dBpowerAMP Ogg Vorbis Codec-->"C:\WINDOWS\System32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP Ogg Vorbis Codec.dat
dBPowerAMP Real Audio Encoder R3-->"C:\WINDOWS\System32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\System32\SpoonUninstall-dBPowerAMP Real Audio Encoder R3.dat
dBpowerAMP WMA V9 Codec-->"C:\WINDOWS\System32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP WMA V9 Codec.dat
Desert Storm-->D:\RAVENSHIELD\Uninstal.exe
Device Control-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9194237B-7B58-40B4-A739-184AD59531A2}\setup.exe" -l0x9 /remove
Diablo II-->C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat
Duke Nukem 3D HRP 27-04-2007 (137)-->D:\Duke Nukem 3D\spill\duke3d\uninst.exe
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
EAX Unified-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\EAX Unified\Uninst.isu"
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
FlashFXP v3-->"C:\Program Files\FlashFXP\unins000.exe"
FLV Player 1.3.2-->"C:\Program Files\FLVPlayer\uninstall.exe"
Free Audio Recorder 1.0-->"C:\Program Files\Free Audio Recorder\unins000.exe"
FreeAgent Go Tools-->C:\Program Files\InstallShield Installation Information\{ECD43B7A-CB3B-4AF8-91F6-C460A575E411}\setup.exe -runfromtemp -l0x0409
Freedom Fighters Demo-->D:\FREEDO~1\UNWISE.EXE D:\FREEDO~1\INSTALL.LOG
GameSpy Arcade-->C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
GameTap-->C:\Program Files\InstallShield Installation Information\{67E158AF-8856-4337-B483-EA21930786AF}\setup.exe -runfromtemp -l0x0009 -removeonly
Ghost Recon-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D89EF3B3-6F17-4665-B7A9-A4235A6DC787}\Setup.exe"
GIF Movie Gear 4.0.2-->"C:\Program Files\GIF Movie Gear\unins000.exe"
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_9DE96A29E721D90A.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
GTAIII-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{92B94569-6683-4617-8C54-EB27A1B51B30}\Setup.exe" -l0x9
GuiltyGearX-->MsiExec.exe /I{11EAC7CB-9E4C-11D5-BC4E-0040053D9054}
Half-Life-->C:\WINDOWS\IsUninst.exe -fd:\Half-Life\Uninst.isu -c"d:\Half-Life\HLUNINST.DLL"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hitman 2: Silent Assassin-->D:\HITMAN~1\uninstall.exe
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Icewind Dale II-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{588C135F-0B15-4A02-8F2D-04697BE2904E}\setup.exe" -l0x9
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
Internet Worm Protection-->MsiExec.exe /I{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}
iPod for Windows User Guide-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{B9987754-9A14-4B61-ABB3-73A79503238D} /l1033
iPod System Software Updater 2.0.1-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{FA86DB6D-DD7B-46A2-8FB1-6B33460D03A4} /l1033
iTunes-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{59C4F14F-7590-45FC-BE9F-A67AB3590709} /l1033
J2SE Runtime Environment 5.0 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150010}
Java 2 Runtime Environment Standard Edition v1.3.1_04-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\JavaSoft\JRE\1.3.1_04\Uninst.isu"
K-Lite Mega Codec Pack 1.03-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
LimeWire PRO 4.8.1-->"C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 3.1 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Macromedia Flash Player 8-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
Macromedia Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Magic ISO Maker v5.4 (build 0256)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Medal of Honor Allied Assault-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DEA94ED-915A-4834-A87E-388D012C8E02}\Setup.exe" -l0x9
MediaMonkey 3.1-->"C:\Program Files\MediaMonkey\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft 3D Movie Maker 1.0-->C:\PROGRA~1\MI46C1~1\COMMON~1\Setup\setup.exe /L Ms3DMu.lst /W Ms3DMu.stf
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{D1B01DC9-CBAF-45F9-A387-7D00C11B630E}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office XP Professional-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0050048383C9}
Microsoft Virtual PC 2004-->MsiExec.exe /X{CCCAFDDE-ECEC-4AE4-BD97-047076BBD4A9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MIKSOFT Mobile 3GP converter-->"C:\Program Files\MIKSOFT\Mobile 3GP converter\unins000.exe"
MIKSOFT Mobile AMR converter-->"C:\Program Files\MIKSOFT\Mobile AMR converter\unins000.exe"
Motherboard Monitor 5-->"C:\Program Files\Motherboard Monitor 5\unins000.exe"
Mozilla Firefox (3.0.12)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mp3 Tag Tools v1.2-->"C:\Program Files\Mp3TagToolsv12\uninstall.exe"
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MUSICMATCH iPod Plug-in-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{146ED22B-BC11-4017-BBE8-E393848AA92A}\setup.exe" -l0x9 FromAddRemove
MUSICMATCH® Jukebox-->C:\PROGRA~1\MUSICM~1\MUSICM~1\unmatch.exe
Nero 9-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="9M03-01A1-PCX7-K31A-8A94-98PT-KT2E-522A"
No One Lives Forever 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "d:\NOLF 2\SETUP.EXE"
Norton AntiVirus (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\SymSetup\{830D8CBD-C668-49e2-A969-C2C2106332E0}_14_0_0_89\{830D8CBD-C668-49e2-A969-C2C2106332E0}.exe" /X
Norton AntiVirus Help-->MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}
Norton AntiVirus Parent MSI-->MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton AntiVirus SYMLT MSI-->MsiExec.exe /I{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8}
Norton AntiVirus-->MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}
Norton Protection Center-->MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
nullDC 1.0.0 Public Beta 1 Setup-->MsiExec.exe /I{C3FDA1E4-1E17-48D8-B4F0-C141E9FFB4BA}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
O&O Defrag Professional Edition-->MsiExec.exe /I{53480520-7555-470E-8C69-750B0472B4BB}
Oni-->C:\WINDOWS\unvise32.exe d:\Oni\uninstal.log
OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
Orbit Downloader-->"C:\Program Files\Orbitdownloader\unins000.exe"
Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PeerGuardian 2.0-->"C:\Program Files\PeerGuardian2\unins000.exe"
Plasma Pong v1.2-->"D:\Plasma Pong\unins000.exe"
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
Project Eden Demo-->C:\WINDOWS\IsUninst.exe -f"d:\Project Eden\Uninst.isu"
PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u
Quake III Arena-->C:\WINDOWS\IsUninst.exe -f"d:\Quake 3\QIII.isu"
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
Recover My Files-->"C:\Program Files\GetData\Recover My Files\unins000.exe"
Registry Mechanic-->"C:\Program Files\Registry Mechanic\unins000.exe"
RM to MP3 Converter 1.48-->"C:\Program Files\RM to MP3 Converter\unins000.exe"
RockMan X7-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B6F71FD8-AE15-4195-88D8-942A1AED4FE3}\Setup.exe" -l0x9 -removeonly
S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0004]-->"d:\Stalker\unins000.exe"
Saitek SD02.7 NT Drivers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A9E0E2F-B0D1-452B-B833-7A7300EA1231}\setup.exe" AddRem
SAMSUNG CDMA Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Mobile phone USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -l0x9 -removeonly
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Serious Sam: The Second Encounter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5BDAA2F7-8E48-4AFF-AA92-B559D0CDF1AD}\Setup.exe" -l0x9
Shogo Demo-->C:\WINDOWS\uninst.exe -fd:\Shogo\DeIsL1.isu
Sierra Utilities-->C:\Program Files\Sierra On-Line\sutil32.exe uninstall
SmartFTP Client 2.0 Setup Files (remove only)-->"C:\Program Files\SmartFTP Client 2.0 Setup Files\uninst-sftp.exe"
SmartFTP Client 2.0-->MsiExec.exe /I{C169D3BB-9A27-43F5-9979-09A0D65FE95C}
SmartFTP-->MsiExec.exe /I{11C762F9-95EA-486A-A8E7-683A50C231C1}
SoulSeek Client 156c-->"C:\Program Files\Soulseek\uninstall.exe"
Sound Blaster Audigy-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1B1DDAD2-C704-49F8-8FC2-18DAAD9A87C5}\SETUP.EXE" -l0x9 /remove
SPBBC 32bit-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
SpeechRedist-->MsiExec.exe /X{8795CBED-55E2-4693-9F14-84EC446935BE}
Spybot - Search & Destroy 1.4-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
SpywareBlaster 4.2-->"C:\Program Files\SpywareBlaster\unins000.exe"
SSC Service Utility v4.30-->"C:\Program Files\SSC Service Utility\unins000.exe"
Starcraft-->C:\WINDOWS\scunin.exe C:\WINDOWS\scunin.dat
Steam-->D:\Valve\Steam\UNWISE.EXE D:\Valve\Steam\INSTALL.LOG
Sven Co-op 3.0-->C:\WINDOWS\unvise32.exe d:\valve\steam\steamapps\psychomantis2144@yahoo.com\half-life\SvenCoop\uninstal.log
Symantec-->MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09}
SymNet-->MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Team Fortress 2-->"D:\Valve\Steam\steam.exe" steam://uninstall/440
Tetris Revolution 1.0-->d:\tetris1\unins000.exe
Tetris-->"d:\tetris2\unins000.exe"
Tom Clancy's Rainbow Six 3: Athena Sword 1.10.016-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{664FF9A8-7E44-4E17-AD40-D10E15504C49}\setup.exe" -l0x9
Tom Clancy's Rainbow Six 3: Iron Wrath 1.00.000-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{81521545-BE95-4869-92FA-CC2E276C790E}\Setup.exe" -l0x9
Tom Clancy's Rainbow Six 3: Raven Shield 1.60.412-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AF131494-F5D8-45C5-938C-D5F020CF1B0D}\setup.exe" -l0x9
Tony Hawks Pro Skater 4-->MsiExec.exe /X{E0F07676-2C60-4465-A727-20DE3BFCABAC}
Total Annihilation-->D:\CAVEDOG\TOTAL ANNIHILATION\setup.exe -u
TPP Storage Driver Installation-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E258A840-7E9A-443A-B156-67102C48BF17}\Setup.exe" NotFirstInstall
TreeSize Professional 3-->"C:\Program Files\JAM Software\TreeSize Professional\unins000.exe"
Tweak UI-->"C:\WINDOWS\System32\mshta.exe" "res://C:\WINDOWS\System32\TweakUI.exe/uninstall.hta"
ubi.com-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AEDDF5A3-29CE-11D5-A8C2-000102246AAE}\Setup.exe" UNINSTALL-L0x9 -uninst
Unreal Tournament 2004-->D:\UT2004\System\Setup.exe uninstall "UT2004"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB971930)-->"C:\WINDOWS\ie8updates\KB971930-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
USB Storage Adapter (TPP)-->tppun.exe TPP725
USB Storage Adapter V2 (TPP)-->tppun.exe TPP200
USB Storage Adapter V3 (TPP)-->tppun.exe TPP300
Video mp3 Extractor-->"C:\Program Files\Video mp3 Extractor\unins000.exe"
VideoLAN VLC media player 0.8.4a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
VobSub v2.23 (Remove Only)-->"C:\Program Files\Gabest\VobSub\uninstall.exe"
webcamXP (remove only)-->"C:\Program Files\webcamXP\wxp-uninst.exe"
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 9 Hotfix [See KB885492 for more information]-->C:\WINDOWS\$NtUninstallKB885492$\spuninst\spuninst.exe
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Wisdom-soft ScreenHunter 5.0 Free-->C:\PROGRA~1\WISDOM~1\UNWISE.EXE C:\PROGRA~1\WISDOM~1\INSTALL.LOG
Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"
XviD MPEG4 Video Codec (remove only)-->"C:\WINDOWS\system32\xvid-uninstall.exe"

======Hosts File======

127.0.0.1 q4master.idsoftware.com
127.0.0.1 idnet.ua-corp.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com

======Security center information======

AV: Norton AntiVirus (outdated)
FW: Norton AntiVirus

======System event log======

Computer Name: HP30
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 52609
Source Name: Tcpip
Time Written: 20090509200910.000000-420
Event Type: warning
User:

Computer Name: HP30
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 52559
Source Name: W32Time
Time Written: 20090507195355.000000-420
Event Type: warning
User:

Computer Name: HP30
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
d347bus

Record Number: 52511
Source Name: Service Control Manager
Time Written: 20090506190139.000000-420
Event Type: error
User:

Computer Name: HP30
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 52438
Source Name: Tcpip
Time Written: 20090503153152.000000-420
Event Type: warning
User:

Computer Name: HP30
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 52413
Source Name: Tcpip
Time Written: 20090502175218.000000-420
Event Type: warning
User:

=====Application event log=====

Computer Name: HP30
Event Code: 101
Message: Information Level: warning

Automatic LiveUpdate produced an unexpected exit code: -1073741502; advancing schedule...

Record Number: 40846
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20090514064201.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: HP30
Event Code: 1000
Message: Faulting application aim.exe, version 5.9.6089.0, faulting module unknown, version 0.0.0.0, fault address 0x1221254f.

Record Number: 40802
Source Name: Application Error
Time Written: 20090511230624.000000-420
Event Type: error
User:

Computer Name: HP30
Event Code: 1000
Message: Faulting application aim.exe, version 5.9.6089.0, faulting module unknown, version 0.0.0.0, fault address 0x1221254f.

Record Number: 40760
Source Name: Application Error
Time Written: 20090510132938.000000-420
Event Type: error
User:

Computer Name: HP30
Event Code: 1002
Message: Hanging application winamp.exe, version 5.5.4.2165, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 40752
Source Name: Application Hang
Time Written: 20090510025710.000000-420
Event Type: error
User:

Computer Name: HP30
Event Code: 1000
Message: Faulting application aim.exe, version 5.9.6089.0, faulting module unknown, version 0.0.0.0, fault address 0x1221254f.

Record Number: 40562
Source Name: Application Error
Time Written: 20090501020347.000000-420
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Samsung\Samsung PC Studio 3\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 3, GenuineIntel
"PROCESSOR_REVISION"=0303
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_01\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_01\lib\ext\QTJava.zip

-----------------EOF-----------------

RSIT log.txt:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Alex at 2009-07-22 19:46:03
Microsoft Windows XP Professional Service Pack 3
System drive C: has 615 MB (3%) free of 20 GB
Total RAM: 1535 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:46:20 PM, on 7/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Seagate\Sync\SeaSyncServices.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\UAService7.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\TPPALDR.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Alex\Desktop\RSIT.exe
C:\Program Files\trend micro\Alex.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.lib.ucdavis.edu/proxy/pacserve
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SaitekInstall] "F:\WinNT\InstallWizard.exe" 1
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [15331094] C:\Documents and Settings\All Users\Application Data\15331094\15331094.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1247623582656
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Seagate Sync Service - Seagate Technology LLC - C:\Program Files\Seagate\Sync\SeaSyncServices.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe

--
End of file - 12132 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Alex.job
C:\WINDOWS\tasks\Symantec NetDetect.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}]
Octh Class - C:\Program Files\Orbitdownloader\orbitcth.dll [2009-04-03 134344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-23 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll [2009-06-30 669168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-05-09 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-23 259696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"mmtask"=C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe [2004-01-26 53248]
"TPP Auto Loader"=C:\WINDOWS\TPPALDR.EXE [2001-10-05 118784]
"AlcxMonitor"=C:\WINDOWS\ALCXMNTR.EXE [2004-09-07 57344]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-10-04 90112]
"SaitekInstall"=F:\WinNT\InstallWizard.exe 1 []
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [2006-09-10 218032]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-09-10 86960]
"CmPCIaudio"=RunDll32 CMICNFG3.CPL,CMICtrlWnd []
"CTSysVol"=C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe [2005-02-15 57344]
"P17Helper"=Rundll32 P17.dll,P17Helper []
"UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]
"CTXFIREG"=CTxfiReg.exe []
"DAEMON Tools-1033"=C:\Program Files\D-Tools\daemon.exe [2004-08-22 81920]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-04-03 1603152]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2006-09-02 84640]
"osCheck"=C:\Program Files\Norton AntiVirus\osCheck.exe [2006-09-05 26248]
"StxTrayMenu"=C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe [2007-01-18 190008]
""= []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-16 86016]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2009-04-10 37888]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2006-02-23 278528]
"15331094"=C:\Documents and Settings\All Users\Application Data\15331094\15331094.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Creative Detector"=C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe [2004-12-02 102400]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-25 68856]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2006-09-10 218032]
"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2006-11-12 157592]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Emurayden PSX Emulator]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Alex^Start Menu^Programs^Startup^PalNetaware.lnk]
C:\PROGRA~1\Paltalk\PNETAW~1.EXE [2002-02-09 49152]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"AllowLegacyWebView"=
"AllowUnhashedWebView"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Soulseek\slsk.exe"="C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\ABC\abc.exe"="C:\Program Files\ABC\abc.exe:*:Enabled:abc"
"D:\RavenShield\system\RavenShield.exe"="D:\RavenShield\system\RavenShield.exe:*:Enabled:RavenShield"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer"
"C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe"="C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe:*:Enabled:Media Player Classic"
"C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe"="C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe:*:Enabled:LaunchPad"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Xfire\Xfire.exe"="C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire"
"D:\Ghost Recon 3\GRAW_demo.exe"="D:\Ghost Recon 3\GRAW_demo.exe:*:Enabled:GRAW_demo"
"D:\Battlefield 1942\BF1942.exe"="D:\Battlefield 1942\BF1942.exe:*:Disabled:BF1942"
"D:\Battlefield 2\BF21.exe.exe"="D:\Battlefield 2\BF21.exe.exe:*:Disabled:BF21.exe"
"D:\Half-Life 2\hl2.exe"="D:\Half-Life 2\hl2.exe:*:Disabled:hl2"
"D:\bf1942 multiplayer\BF1942Demo.exe"="D:\bf1942 multiplayer\BF1942Demo.exe:*:Disabled:BF1942Demo"
"D:\Condition Zero\czero.exe"="D:\Condition Zero\czero.exe:*:Disabled:Condition Zero Launcher"
"D:\Valve\Steam\SteamApps\psychomantis2144@yahoo.com\counter-strike\hl.exe"="D:\Valve\Steam\SteamApps\psychomantis2144@yahoo.com\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\GameSpy Arcade\Aphex.exe"="C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade"
"D:\UnrealTournament\System\UnrealTournament.exe"="D:\UnrealTournament\System\UnrealTournament.exe:*:Enabled:UnrealTournament"
"D:\quake 3 team arena\taquake3.exe"="D:\quake 3 team arena\taquake3.exe:*:Disabled:taquake3"
"D:\America's Army\System\ArmyOps.exe"="D:\America's Army\System\ArmyOps.exe:*:Disabled:ArmyOps"
"D:\Quake 3\quake3.exe"="D:\Quake 3\quake3.exe:*:Enabled:quake3"
"D:\Giants Citizen Kabuto\Giants.exe"="D:\Giants Citizen Kabuto\Giants.exe:*:Disabled:Giants"
"C:\Program Files\SmartFTP\SmartFTP.exe"="C:\Program Files\SmartFTP\SmartFTP.exe:*:Enabled:SmartFTP"
"C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe"="C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"D:\Battlefield Vietnam\BfVietnam.exe"="D:\Battlefield Vietnam\BfVietnam.exe:*:Disabled:BfVietnam"
"D:\Valve\Steam\SteamApps\psychomantis2144@yahoo.com\half-life\hl.exe"="D:\Valve\Steam\SteamApps\psychomantis2144@yahoo.com\half-life\hl.exe:*:Enabled:Half-Life Launcher"
"D:\SinEpisodes\SinEpisodes.exe"="D:\SinEpisodes\SinEpisodes.exe:*:Disabled:SinEpisodes"
"D:\Splinter Cell Pandora Tommorow\Splinter Cell Pandora Tomorrow\pandora.exe"="D:\Splinter Cell Pandora Tommorow\Splinter Cell Pandora Tomorrow\pandora.exe:*:Disabled:pandora"
"D:\Splinter Cell Pandora Tommorow\Splinter Cell Pandora Tomorrow\pandora_tommorow.exe"="D:\Splinter Cell Pandora Tommorow\Splinter Cell Pandora Tomorrow\pandora_tommorow.exe:*:Disabled:pandora_tommorow"
"D:\GRAW\GRAW_demo.exe"="D:\GRAW\GRAW_demo.exe:*:Disabled:GRAW_demo"
"D:\GRAW\GRAW.exe"="D:\GRAW\GRAW.exe:*:Enabled:GRAW"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"D:\brothersinarmsearnedinblood\System\EiB.exe"="D:\brothersinarmsearnedinblood\System\EiB.exe:*:Enabled:Brothers In Arms Earned In Blood"
"D:\Splinter Cell Double Agent\SCDA-Offline\System\SplinterCell4.exe"="D:\Splinter Cell Double Agent\SCDA-Offline\System\SplinterCell4.exe:*:Enabled:SplinterCell4"
"D:\medal of honor pacific assault\mohpa_demo.exe"="D:\medal of honor pacific assault\mohpa_demo.exe:*:Enabled:Medal of Honor Pacific Assault(tm)"
"D:\Red Faction\RedFaction.exe"="D:\Red Faction\RedFaction.exe:*:Enabled:Red Faction Launcher"
"D:\Red Faction\rf.exe"="D:\Red Faction\rf.exe:*:Enabled:Red Faction"
"D:\Rune\System\Rune.exe"="D:\Rune\System\Rune.exe:*:Enabled:Rune"
"D:\Quake 2\quake2.exe"="D:\Quake 2\quake2.exe:*:Enabled:quake2"
"D:\Lost Planet\LostPlanetDX9.exe"="D:\Lost Planet\LostPlanetDX9.exe:*:Disabled:LostPlanetDX9"
"D:\Colin McRae Dirt\DiRTDemo.exe"="D:\Colin McRae Dirt\DiRTDemo.exe:*:Disabled:DiRT Demo Executable"
"C:\Program Files\Orbitdownloader\orbitnet.exe"="C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit"
"D:\Duke Nukem 3D\spill\duke3d\eduke32.exe"="D:\Duke Nukem 3D\spill\duke3d\eduke32.exe:*:Enabled:eduke32"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"F:\Setup.exe"="F:\Setup.exe:*:Enabled:Setup Wizard of WRV54G"
"D:\GRAW 2\Ghost Recon Advanced Warfighter 2\graw2.exe"="D:\GRAW 2\Ghost Recon Advanced Warfighter 2\graw2.exe:*:Enabled:Ghost Recon Advanced Warfighter® 2"
"D:\UT2004\System\UT2004.exe"="D:\UT2004\System\UT2004.exe:*:Enabled:UT2004"
"D:\Valve\Steam\SteamApps\psychomantis2144@yahoo.com\team fortress 2\hl2.exe"="D:\Valve\Steam\SteamApps\psychomantis2144@yahoo.com\team fortress 2\hl2.exe:*:Enabled:hl2"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Orbitdownloader\orbitdm.exe"="C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{69d532c8-5537-11dd-8770-000ea63d15d4}]
shell\AutoRun\command - H:\Autorun.exe /run
shell\Shell00\command - H:\Autorun.exe /run
shell\Shell01\command - H:\Autorun.exe /action
shell\Shell02\command - H:\Autorun.exe /uninstall


======List of files/folders created in the last 1 months======

2009-07-22 19:46:03 ----D---- C:\rsit
2009-07-22 19:46:03 ----D---- C:\Program Files\trend micro
2009-07-14 21:50:19 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-07-14 21:12:18 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-07-14 21:03:49 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-07-14 20:23:59 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-14 20:21:01 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-07-14 20:20:49 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-14 20:16:13 ----D---- C:\WINDOWS\system32\XPSViewer
2009-07-14 20:16:10 ----D---- C:\Program Files\MSBuild
2009-07-14 20:16:03 ----D---- C:\Program Files\Reference Assemblies
2009-07-14 20:15:28 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-07-14 20:15:28 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-07-14 20:15:28 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-07-14 20:10:26 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-07-14 20:10:19 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-07-14 20:10:10 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-07-14 20:09:28 ----D---- C:\WINDOWS\ie8updates
2009-07-14 20:07:49 ----HDC---- C:\WINDOWS\ie8
2009-07-14 20:04:18 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$
2009-07-14 20:04:10 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-07-14 20:04:03 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-07-14 20:03:54 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-07-14 20:03:36 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-07-14 20:03:25 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-07-14 19:31:33 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-07-14 19:31:25 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-07-14 19:31:19 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-07-14 19:31:11 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-07-14 19:31:07 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-07-14 19:30:39 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-07-14 19:30:31 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-07-14 19:13:20 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-07-14 19:06:46 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2009-07-14 01:03:17 ----HDC---- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-07-13 19:57:36 ----D---- C:\WINDOWS\BDOSCAN8
2009-07-13 19:52:56 ----D---- C:\Program Files\Panda Security
2009-06-29 21:40:04 ----D---- C:\Program Files\MediaMonkey
2009-06-28 13:59:41 ----D---- C:\Program Files\iTunes
2009-06-28 13:59:15 ----D---- C:\Floola-win
2009-06-28 13:22:27 ----D---- C:\Program Files\Bonjour
2009-06-28 13:21:16 ----D---- C:\Program Files\Apple Software Update
2009-06-28 13:20:55 ----D---- C:\Program Files\Common Files\Apple

======List of files/folders modified in the last 1 months======

2009-07-22 19:46:03 ----AD---- C:\Program Files
2009-07-22 19:06:51 ----D---- C:\WINDOWS\system32
2009-07-22 18:13:46 ----D---- C:\Program Files\Mozilla Firefox
2009-07-22 17:03:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-22 11:06:45 ----D---- C:\WINDOWS\Temp
2009-07-21 19:04:49 ----D---- C:\WINDOWS\Prefetch
2009-07-18 00:28:23 ----D---- C:\Program Files\CinemaForge
2009-07-17 07:06:24 ----D---- C:\WINDOWS
2009-07-16 17:44:23 ----D---- C:\Program Files\PeerGuardian2
2009-07-15 17:54:36 ----A---- C:\WINDOWS\wininit.ini
2009-07-14 21:25:40 ----D---- C:\WINDOWS\Microsoft.NET
2009-07-14 21:16:16 ----SHD---- C:\WINDOWS\Installer
2009-07-14 21:14:11 ----D---- C:\WINDOWS\system32\CatRoot
2009-07-14 21:12:46 ----HD---- C:\WINDOWS\inf
2009-07-14 21:12:42 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-14 21:12:32 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-14 21:08:19 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-07-14 21:07:22 ----D---- C:\Program Files\SpywareBlaster
2009-07-14 21:06:34 ----SD---- C:\WINDOWS\Tasks
2009-07-14 21:06:23 ----D---- C:\WINDOWS\system32\drivers
2009-07-14 21:06:16 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-07-14 21:03:49 ----D---- C:\Program Files\Lavasoft
2009-07-14 21:03:41 ----D---- C:\WINDOWS\WinSxS
2009-07-14 20:35:09 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-07-14 20:30:33 ----D---- C:\WINDOWS\system32\wbem
2009-07-14 20:30:33 ----D---- C:\WINDOWS\system32\en-us
2009-07-14 20:30:33 ----D---- C:\WINDOWS\Media
2009-07-14 20:30:33 ----D---- C:\WINDOWS\Help
2009-07-14 20:30:33 ----D---- C:\WINDOWS\AppPatch
2009-07-14 20:30:33 ----D---- C:\Program Files\Internet Explorer
2009-07-14 20:27:28 ----RSD---- C:\WINDOWS\assembly
2009-07-14 20:24:04 ----A---- C:\WINDOWS\imsins.BAK
2009-07-14 20:23:58 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-14 20:16:08 ----RSD---- C:\WINDOWS\Fonts
2009-07-14 20:15:41 ----D---- C:\WINDOWS\system32\spool
2009-07-14 19:29:13 ----A---- C:\WINDOWS\win.ini
2009-07-14 19:27:54 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-07-14 19:06:56 ----D---- C:\WINDOWS\SoftwareDistribution
2009-07-14 19:06:27 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-07-14 06:17:26 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-14 01:08:12 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-07-14 00:55:06 ----A---- C:\WINDOWS\ntbtlog.txt
2009-07-12 20:55:33 ----D---- C:\klite
2009-07-07 08:10:58 ----A---- C:\WINDOWS\system32\MRT.exe
2009-07-01 23:54:04 ----D---- C:\Program Files\Soulseek
2009-06-30 21:25:19 ----D---- C:\Program Files\Winamp
2009-06-28 13:23:02 ----D---- C:\Program Files\iPod
2009-06-28 13:22:13 ----D---- C:\Program Files\QuickTime
2009-06-28 13:21:57 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-06-28 13:20:55 ----D---- C:\Program Files\Common Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 mbmiodrvr;mbmiodrvr; \??\C:\WINDOWS\system32\mbmiodrvr.sys []
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-08-09 53920]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2006-06-05 30556]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SRTSP;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [2007-11-30 279088]
R1 SRTSPX;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [2007-11-30 43696]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2007-04-28 5632]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2006-09-02 186048]
R1 vmm;Virtual Machine Monitor; \??\C:\WINDOWS\system32\Drivers\vmm.sys []
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2007-03-16 271360]
R2 enodpl;enodpl; C:\WINDOWS\System32\drivers\enodpl.sys [2003-03-02 7552]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2007-03-16 18048]
R2 tandpl;tandpl; C:\WINDOWS\System32\drivers\tandpl.sys [2003-04-19 4736]
R2 X4HSX32;X4HSX32; \??\d:\GameTap\bin\Release\X4HSX32.Sys []
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\drivers\ctsfm2k.sys [2005-01-10 138752]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2005-02-02 14408]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2004-07-21 28352]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090610.002\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090610.002\NAVEX15.SYS []
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-16 6557408]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2005-01-10 106496]
R3 P17;SB Live! 24-bit; C:\WINDOWS\system32\drivers\P17.sys [2007-06-15 1127936]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2006-09-02 11968]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2006-09-02 144832]
R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2006-09-02 39104]
R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20090604.001\SymIDSCo.sys []
R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2006-09-02 33216]
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2006-09-02 26432]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VPCNetS2;Virtual Machine Network Services Driver; C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys [2004-07-14 45568]
S3 aiuowktk;aiuowktk; C:\WINDOWS\system32\drivers\aiuowktk.sys []
S3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-12-11 391424]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-10-04 3797632]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 Bridge;MAC Bridge; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 cmuda3;C-Media PCI Audio UDAX Interface; C:\WINDOWS\system32\drivers\cmudax3.sys []
S3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\system32\drivers\ctac32k.sys []
S3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys []
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys [2006-08-17 340176]
S3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\system32\drivers\ctprxy2k.sys []
S3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\System32\DRIVERS\ENTECH.sys []
S3 giveio;giveio; \??\C:\WINDOWS\system32\giveio.sys []
S3 ha20x2k;Creative 20X HAL Driver; C:\WINDOWS\system32\drivers\ha20x2k.sys []
S3 ltmodem5;LT Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2004-08-03 606684]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 p17filt;p17filt; C:\WINDOWS\system32\drivers\p17filt.sys [2006-03-20 1452032]
S3 pgfilter;pgfilter; \??\C:\Program Files\PeerGuardian2\pgfilter.sys []
S3 pnicml;pnicml; \??\C:\DOCUME~1\Alex\LOCALS~1\Temp\pnicml.sys []
S3 QCDonner;Logitech QuickCam Express; C:\WINDOWS\System32\DRIVERS\OVCD.sys [2001-08-17 28032]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 sony_ssm.sys;sony_ssm.sys; \??\C:\DOCUME~1\Alex\LOCALS~1\Temp\sony_ssm.sys []
S3 SRTSPL;SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [2007-11-30 317616]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2005-12-22 80272]
S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2005-12-22 10864]
S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2005-12-22 137884]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 TPP200;USB Storage Adapter V2 (TPP); C:\WINDOWS\System32\DRIVERS\TPP200.SYS [2001-10-05 35541]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-10-11 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;System Restore Filter Driver; C:\WINDOWS\System32\DRIVERS\sr.sys [2008-04-13 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-09-02 198336]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2006-09-02 105632]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2006-09-02 105632]
R2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2006-09-02 105632]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [1999-12-12 44032]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-20 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-16 159812]
R2 O&O Defrag;O&O Defrag; C:\WINDOWS\System32\oodag.exe [2004-05-17 184320]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-07-17 66872]
R2 Seagate Sync Service;Seagate Sync Service; C:\Program Files\Seagate\Sync\SeaSyncServices.exe [2007-01-18 24120]
R2 SymAppCore;Symantec AppCore Service; C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe [2006-09-01 46736]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2004-10-11 38912]
R2 UserAccess7;SecuROM User Access Service (V7); C:\WINDOWS\System32\UAService7.exe [2005-04-16 122880]
R3 iPodService;iPodService; C:\Program Files\iPod\bin\iPodService.exe [2006-02-23 323584]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-07-03 1029456]
R3 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2008-06-11 1087680]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-09 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ISPwdSvc;Symantec IS Password Validation; C:\Program Files\Norton AntiVirus\isPwdSvc.exe [2006-09-05 79496]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-09-02 2528960]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

gmer.txt:

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-22 21:15:29
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

Code 8A389F40 ZwEnumerateKey
Code 8A432668 ZwFlushInstructionCache
Code 8A436A86 IofCallDriver
Code 8A66312E IofCompleteRequest
Code 809BA2B7 KeFindConfigurationNextEntry

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!IofCallDriver 804E13A7 5 Bytes JMP 8A436A8B
.text ntoskrnl.exe!IofCompleteRequest 804E17BD 5 Bytes JMP 8A663133
PAGE ntoskrnl.exe!ZwEnumerateKey 80578E14 5 Bytes JMP 8A389F44
PAGE ntoskrnl.exe!ZwFlushInstructionCache 80587BFB 5 Bytes JMP 8A43266C
? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
.text USBPORT.SYS!DllUnload B9DAD8AC 5 Bytes JMP 8A70C1C8
? System32\Drivers\aiuowktk.SYS The system cannot find the path specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[384] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 003B000A
.text C:\WINDOWS\System32\svchost.exe[392] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0066000A
.text C:\WINDOWS\System32\svchost.exe[424] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0066000A
.text C:\WINDOWS\System32\wdfmgr.exe[476] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 005C000A
.text C:\WINDOWS\system32\winlogon.exe[748] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0067000A
.text ...
.text C:\WINDOWS\Explorer.EXE[3936] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 13509964
.text C:\WINDOWS\Explorer.EXE[3936] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 13509B64
.text C:\WINDOWS\Explorer.EXE[3936] WININET.dll!InternetQueryDataAvailable 3D94C067 5 Bytes JMP 13509754
.text C:\WINDOWS\Explorer.EXE[3936] WININET.dll!HttpOpenRequestA 3D94D5E8 5 Bytes JMP 135083B4
.text C:\WINDOWS\Explorer.EXE[3936] WININET.dll!InternetConnectA 3D94DF8E 5 Bytes JMP 1350825C
.text C:\WINDOWS\Explorer.EXE[3936] WININET.dll!HttpSendRequestW 3D94FB9E 5 Bytes JMP 13509158
.text C:\WINDOWS\Explorer.EXE[3936] WININET.dll!InternetOpenA 3D95D6C0 5 Bytes JMP 1350820C
.text C:\WINDOWS\Explorer.EXE[3936] WININET.dll!HttpSendRequestA 3D95EEB9 5 Bytes JMP 13508D54
.text C:\WINDOWS\Explorer.EXE[3936] WININET.dll!InternetReadFileExW 3D9633A1 5 Bytes JMP 13509B14
.text C:\WINDOWS\Explorer.EXE[3936] WININET.dll!InternetReadFileExA 3D9633D9 5 Bytes JMP 13509AC4
.text C:\WINDOWS\System32\wbem\unsecapp.exe[4628] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00A9000A
.text C:\Documents and Settings\Alex\Desktop\gmer\gmer.exe[5480] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 003B000A

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!IoConnectInterrupt] [F751197E] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F751192A] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F752CB4E] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F751197E] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74FDAB4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74FDBFA] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74FDB7C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74FE728] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74FE5FE] sptd.sys
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F7510C5A] sptd.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A70B1E8
Device \FileSystem\Fastfat \FatCdrom 89AB21E8
Device \Driver\usbstor \Device\0000008e 8A4661E8

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip Lbd.sys (Boot Driver/Lavasoft AB)

Device \Driver\usbuhci \Device\USBPDO-0 8A69C1E8
Device \Driver\usbuhci \Device\USBPDO-1 8A69C1E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A70D1E8
Device \Driver\dmio \Device\DmControl\DmConfig 8A70D1E8
Device \Driver\dmio \Device\DmControl\DmPnP 8A70D1E8
Device \Driver\dmio \Device\DmControl\DmInfo 8A70D1E8
Device \Driver\usbuhci \Device\USBPDO-2 8A69C1E8
Device \Driver\usbuhci \Device\USBPDO-3 8A69C1E8
Device \Driver\usbehci \Device\USBPDO-4 8A4107C0

AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)

Device \Driver\prodrv06 \Device\ProDrv06 E1E16C30
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A69A1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{208F0037-C66E-4696-90CD-C62BFE8EB6CA} 8A492460
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A69A1E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 8A69A1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort2 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort3 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-1b prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-13 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\PCI_NTPNP2520 \Device\00000066 sptd.sys
Device \Driver\prohlp02 \Device\ProHlp02 E1A85690
Device \Driver\usbstor \Device\00000090 8A4661E8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A492460
Device \Driver\usbstor \Device\00000091 8A4661E8
Device \Driver\usbstor \Device\00000092 8A4661E8
Device \Driver\NetBT \Device\NetbiosSmb 8A492460
Device \Driver\usbstor \Device\00000093 8A4661E8

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\usbuhci \Device\USBFDO-0 8A69C1E8
Device \Driver\usbuhci \Device\USBFDO-1 8A69C1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A33E608
Device \Driver\usbuhci \Device\USBFDO-2 8A69C1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A33E608
Device \Driver\usbuhci \Device\USBFDO-3 8A69C1E8
Device \Driver\usbehci \Device\USBFDO-4 8A4107C0
Device \Driver\Ftdisk \Device\FtControl 8A69A1E8
Device \Driver\aiuowktk \Device\Scsi\aiuowktk1Port4Path0Target0Lun0 8A30E1E8
Device \Driver\aiuowktk \Device\Scsi\aiuowktk1 8A30E1E8
Device \FileSystem\Fastfat \Fat 89AB21E8

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 8A3E0800

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\SKYNETbaekvbln.sys (*** hidden *** ) [SYSTEM] SKYNETuaitsquo <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETuaitsquo
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETuaitsquo@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETuaitsquo@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETuaitsquo@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETuaitsquo@imagepath \systemroot\system32\drivers\SKYNETbaekvbln.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETuaitsquo\main
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETuaitsquo\main@aid 10096
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETuaitsquo\main@sid 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETuaitsquo\main@cmddelay 14400
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETuaitsquo\main\delete
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETuaitsquo\main\injector
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETuaitsquo\main\injector@* SKYNETwsp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETuaitsquo\main\tasks
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETuaitsquo\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETuaitsquo\modules@SKYNETrk.sys \systemroot\system32\drivers\SKYNETbaekvbln.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETuaitsquo\modules@SKYNETcmd.dll \systemroot\system32\SKYNETmbjsflgh.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETuaitsquo\modules@SKYNETlog.dat \systemroot\system32\SKYNETywuowndb.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETuaitsquo\modules@SKYNETwsp.dll \systemroot\system32\SKYNETxdgquslq.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETuaitsquo\modules@SKYNET.dat \systemroot\system32\SKYNETviqyfdfw.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x46 0x02 0xA8 0x1D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x6E 0x28 0xDD 0x29 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x60 0x20 0x84 0x90 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x46 0x02 0xA8 0x1D ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x6E 0x28 0xDD 0x29 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x3D 0xED 0xE2 0x1F ...
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETuaitsquo
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETuaitsquo@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETuaitsquo@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETuaitsquo@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETuaitsquo@imagepath \systemroot\system32\drivers\SKYNETbaekvbln.sys
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETuaitsquo\main
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETuaitsquo\main@aid 10096
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETuaitsquo\main@sid 0
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETuaitsquo\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETuaitsquo\main\delete
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETuaitsquo\main\injector
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETuaitsquo\main\injector@* SKYNETwsp.dll
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETuaitsquo\main\tasks
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETuaitsquo\modules
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETuaitsquo\modules@SKYNETrk.sys \systemroot\system32\drivers\SKYNETbaekvbln.sys
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETuaitsquo\modules@SKYNETcmd.dll \systemroot\system32\SKYNETmbjsflgh.dll
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETuaitsquo\modules@SKYNETlog.dat \systemroot\system32\SKYNETywuowndb.dat
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETuaitsquo\modules@SKYNETwsp.dll \systemroot\system32\SKYNETxdgquslq.dll
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETuaitsquo\modules@SKYNET.dat \systemroot\system32\SKYNETviqyfdfw.dat
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x46 0x02 0xA8 0x1D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x6E 0x28 0xDD 0x29 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x60 0x20 0x84 0x90 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG06.00.00.01WORKSTATION 60E51B6F03099E7254874EDCBE0E1E9E4DAC8C755B59E2BEE9F8F5BCADCD1A57879B16BF7959D8FE503731371AE6CFCB0FD75DA60CDC52FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C9DB7CE019D40AA5CA6171C11EC38DE3DC038D530D6EB3452FEBC9E127BECC74C3AD2A98E0D1DC67D4DA71AD9B4F0CCF5AA00D213CB18E93B78D5B9263B5295C99B730B0434042D01984C59B765B26B2C0CA688562F5C8052A41770BAEE92285C3FC2F793DD6FDF0D81FBD53D75CF1DBF912ACF70ED6AA3FD5303133CC6AD5EE9C0111DD464EED0EA4A0DAFB036EA9437C685D672731CE8A4775A83A7E651CD539E042C52C7A5371899A7874921BE494D1D07D2E2535EA6DD6D3125EF1B3FCEAAB914DA8BA9CA0DC6FB4C06B3D195F6F1E751FA3A41B1FAF2EFEE62FA50CE7F3BDA8E62F2D12B8FDBDF4AD30F86509BC5605B0A6396ADC5E4A2CFA5A318E9C001AA13816F2BA3427099C8A1EE26E3FAA0A27040C150F8A9678962E0B6A80FB72B371878DBC329E952E041A05D36D79B8B2FAEE1A90E520FE18D0C8976DBD0CD1FF4E40E09CF429183CE8087D4E348C9466A8836639589A46FFD831798AF542F75B8170B38A40A8739E4AA92457E6513449DC6082D4F86D6DF0B530548C5554E7B3D1F3F21BF31DCDC86B27D92F9744C2AF202A8B7C9BFDCB64
Reg HKLM\SOFTWARE\Classes\.application\bootstrap@ bootstrap.application.1
Reg HKLM\SOFTWARE\Classes\giffile\shell\Open\ddeexec@ "file:%1",,-1,,,,,
Reg HKLM\SOFTWARE\Classes\giffile\shell\Open\ddeexec\application
Reg HKLM\SOFTWARE\Classes\giffile\shell\Open\ddeexec\application@ IExplore
Reg HKLM\SOFTWARE\Classes\giffile\shell\Open\ddeexec\topic
Reg HKLM\SOFTWARE\Classes\giffile\shell\Open\ddeexec\topic@ WWW_OpenURL

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\SKYNETbaekvbln.sys 68096 bytes executable <-- ROOTKIT !!!
File C:\WINDOWS\system32\SKYNETmbjsflgh.dll 43520 bytes executable
File C:\WINDOWS\system32\SKYNETviqyfdfw.dat 91 bytes
File C:\WINDOWS\system32\SKYNETxdgquslq.dll 19456 bytes executable
File C:\WINDOWS\system32\SKYNETywuowndb.dat 438291 bytes
File C:\WINDOWS\Temp\SKYNETwncfimemyc.tmp 17920 bytes
File C:\WINDOWS\Temp\SKYNETwrsstrupcm.tmp 17408 bytes
File C:\WINDOWS\Temp\SKYNETwuqjpximge.tmp 18944 bytes executable
File C:\WINDOWS\Temp\SKYNETyhcuoarbuj.tmp 17920 bytes
File C:\WINDOWS\Temp\SKYNETyijjpeupvb.tmp 18432 bytes
File C:\WINDOWS\Temp\SKYNETykrjqplfej.tmp 18432 bytes
File C:\WINDOWS\Temp\SKYNETjqdtlmexgh.tmp 17920 bytes
File C:\WINDOWS\Temp\SKYNETjueakoxrta.tmp 18432 bytes
File C:\WINDOWS\Temp\SKYNETkpijbdwprx.tmp 17920 bytes
File C:\WINDOWS\Temp\SKYNETkqixtprdhi.tmp 17408 bytes
File C:\WINDOWS\Temp\SKYNETkssdaeywtm.tmp 17408 bytes
File C:\WINDOWS\Temp\SKYNETllctosahrp.tmp 17408 bytes
File C:\WINDOWS\Temp\SKYNETltecrkyedk.tmp 18432 bytes
File C:\WINDOWS\Temp\SKYNETlufvrmlfby.tmp 17408 bytes
File C:\WINDOWS\Temp\SKYNETpiqxjwwcvh.tmp 17408 bytes
File C:\WINDOWS\Temp\SKYNETpnwqelqifp.tmp 18944 bytes executable
File C:\WINDOWS\Temp\SKYNETpufhmtvspu.tmp 17920 bytes
File C:\WINDOWS\Temp\SKYNETqcqtsokscx.tmp 17408 bytes
File C:\WINDOWS\Temp\SKYNETqgstixbwbu.tmp 18944 bytes executable
File C:\WINDOWS\Temp\SKYNETrkyiytpuqm.tmp 18432 bytes
File C:\WINDOWS\Temp\SKYNETrrliuegdhi.tmp 17920 bytes
File C:\WINDOWS\Temp\SKYNETrtdsekfrqg.tmp 17408 bytes
File C:\WINDOWS\Temp\SKYNETrwiycusiwp.tmp 17408 bytes
File C:\WINDOWS\Temp\SKYNETsdrqvbqjer.tmp 18944 bytes executable
File C:\WINDOWS\Temp\SKYNETtgbptoopeo.tmp 17408 bytes
File C:\WINDOWS\Temp\SKYNETucuonswrcq.tmp 17920 bytes
File C:\WINDOWS\Temp\SKYNETueroucfbea.tmp 17920 bytes
File C:\WINDOWS\Temp\SKYNETuhkcsmtmit.tmp 18432 bytes
File C:\WINDOWS\Temp\SKYNETvgvmrpwaed.tmp 18432 bytes
File C:\WINDOWS\Temp\SKYNETvksvrkghql.tmp 18432 bytes
File C:\WINDOWS\Temp\SKYNETvpgfgkytxq.tmp 18944 bytes executable
File C:\WINDOWS\Temp\SKYNETfthhovxvwa.tmp 17920 bytes
File C:\WINDOWS\Temp\SKYNETwkxbfiufwt.tmp 17920 bytes
File C:\WINDOWS\Temp\SKYNETafjrssrjns.tmp 17920 bytes
File C:\WINDOWS\Temp\SKYNETauhtdtedlq.tmp 18432 bytes
File C:\WINDOWS\Temp\SKYNETbaqkygacxy.tmp 17920 bytes
File C:\WINDOWS\Temp\SKYNETbrbrprfcrf.tmp 18944 bytes executable
File C:\WINDOWS\Temp\SKYNETddmtstomvf.tmp 17408 bytes
File C:\WINDOWS\Temp\SKYNETdhmvotuiws.tmp 17920 bytes
File C:\WINDOWS\Temp\SKYNETdhqeastkew.tmp 18432 bytes
File C:\WINDOWS\Temp\SKYNETecyygjtash.tmp 17408 bytes
File C:\WINDOWS\Temp\SKYNETedjaktests.tmp 17920 bytes
File C:\WINDOWS\Temp\SKYNETetbjmmvxkf.tmp 17920 bytes
File C:\WINDOWS\Temp\SKYNETexxpagwrtn.tmp 17408 bytes
File C:\WINDOWS\Temp\SKYNETfhccofvrpv.tmp 17408 bytes
File C:\Documents and Settings\Alex\Local Settings\Temp\SKYNETqqsfuufprt.tmp 2732 bytes

---- EOF - GMER 1.0.15 ----

REMOVE P2P PROGRAMS

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.


ABC (remove only)
LimeWire PRO 4.8.1
SoulSeek Client 156c

Please read the Guidelines for P2P Programs (http://forums.spybot.info/showpost.php?p=218503&postcount=4) where we explain why it's not a good idea to have them.

Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected.
The bad guys use P2P filesharing as a major conduit to spread their wares.

Go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red) NOW.

Registry Cleaners

Re. Registry Mechanic

I don't personally recommend the use of ANY registry cleaners.
Here is an excerpt from a discussion on regcleaners

Most reg cleaners aren't "bad" as such, but they aren't perfect and even the best have been known to cause problems.
The point we are trying to make is that the risk of using one far outweighs any benefit.
If it does work perfectly you will not see any difference
If it doesn't work properly you may end up with an expensive doorstop.
http://forums.whatthetech.com/Regcleaner_t42862.html




Disable resident protections (Antivirus...); you'll re-enable them after the scan

Download Lop S&D < here (http://eric.71.mespages.googlepages.com/LopSD.exe)

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.00GHz )
BIOS : BIOS Date: 04/27/04 20:18:06 Ver: 08.00.09
USER : Alex ( Administrator )
BOOT : Normal boot
Antivirus : Norton AntiVirus 2007 (Not Activated)
Firewall : Norton AntiVirus 2007 (Not Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:19 Go (Free:0 Go)
D:\ (Local Disk) - NTFS - Total:68 Go (Free:1 Go)
E:\ (Local Disk) - NTFS - Total:61 Go (Free:1 Go)
F:\ (CD or DVD)
G:\ (CD or DVD)
I:\ (USB)
J:\ (USB)
K:\ (USB)
L:\ (USB)
M:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( Thu 07/23/2009|16:25 )

--------------------\\ Listing folders in APPLIC~1

[04/20/2007|01:34] C:\DOCUME~1\Alex\APPLIC~1\<DIR> .ABC
[04/03/2005|12:17] C:\DOCUME~1\Alex\APPLIC~1\<DIR> .ABC 3.0.0
[10/09/2004|05:06] C:\DOCUME~1\Alex\APPLIC~1\<DIR> .BitTornado
[02/25/2008|09:29] C:\DOCUME~1\Alex\APPLIC~1\<DIR> Adobe
[07/18/2004|01:31] C:\DOCUME~1\Alex\APPLIC~1\<DIR> AdobeUM
[08/28/2006|09:46] C:\DOCUME~1\Alex\APPLIC~1\<DIR> Aim
[04/15/2006|02:17] C:\DOCUME~1\Alex\APPLIC~1\<DIR> Apple Computer
[03/09/2009|06:16] C:\DOCUME~1\Alex\APPLIC~1\<DIR> Audio Recorder Titanium
[12/24/2007|10:58] C:\DOCUME~1\Alex\APPLIC~1\<DIR> Bioshock
[05/17/2008|07:53] C:\DOCUME~1\Alex\APPLIC~1\<DIR> Canon
[07/18/2008|07:08] C:\DOCUME~1\Alex\APPLIC~1\<DIR> Ceedo
[12/22/2007|10:13] C:\DOCUME~1\Alex\APPLIC~1\<DIR> Codemasters
[03/03/2007|05:47] C:\DOCUME~1\Alex\APPLIC~1\<DIR> Command & Conquer 3 Tiberium Wars Demo
[04/28/2007|09:32] C:\DOCUME~1\Alex\APPLIC~1\<DIR> ConvertTemp
[06/23/2006|09:17] C:\DOCUME~1\Alex\APPLIC~1\<DIR> Creative
[07/25/2004|12:08] C:\DOCUME~1\Alex\APPLIC~1\<DIR> CyberLink
[07/27/2004|09:43] C:\DOCUME~1\Alex\APPLIC~1\<DIR> fltk.org
[05/22/2007|06:01] C:\DOCUME~1\Alex\APPLIC~1\<DIR> GetRightToGo
[12/30/2005|10:51] C:\DOCUME~1\Alex\APPLIC~1\<DIR> Google
[09/23/2004|09:04] C:\DOCUME~1\Alex\APPLIC~1\<DIR> Help
[07/16/2004|03:31] C:\DOCUME~1\Alex\APPLIC~1\<DIR> Identities
[07/11/2008|01:34] C:\DOCUME~1\Alex\APPLIC~1\<DIR> InstallShield
[03/11/2006|08:31] C:\DOCUME~1\Alex\APPLIC~1\<DIR> Lavasoft
[07/17/2004|08:28] C:\DOCUME~1\Alex\APPLIC~1\<DIR> Macromedia
[03/29/2008|09:34] C:\DOCUME~1\Alex\APPLIC~1\<DIR> Microsoft
[03/19/2009|04:21] C:\DOCUME~1\Alex\APPLIC~1\<DIR> Mozilla
[04/25/2007|07:21] C:\DOCUME~1\Alex\APPLIC~1\<DIR> MusicIP
[12/18/2008|06:36] C:\DOCUME~1\Alex\APPLIC~1\<DIR> Nero
[06/05/2009|10:17] C:\DOCUME~1\Alex\APPLIC~1\<DIR> Orbit
[07/18/2004|01:25] C:\DOCUME~1\Alex\APPLIC~1\<DIR> Real
[12/19/2006|09:25] C:\DOCUME~1\Alex\APPLIC~1\<DIR> River Past G5
[04/28/2007|09:15] C:\DOCUME~1\Alex\APPLIC~1\<DIR> Samsung
[04/16/2005|07:58] C:\DOCUME~1\Alex\APPLIC~1\<DIR> SecuROM
[09/07/2006|06:37] C:\DOCUME~1\Alex\APPLIC~1\<DIR> SmartFTP
[05/07/2005|02:45] C:\DOCUME~1\Alex\APPLIC~1\<DIR> Sun
[07/17/2004|08:03] C:\DOCUME~1\Alex\APPLIC~1\<DIR> Symantec
[04/28/2007|09:32] C:\DOCUME~1\Alex\APPLIC~1\<DIR> Temporary
[09/02/2007|02:37] C:\DOCUME~1\Alex\APPLIC~1\<DIR> TransRender
[10/12/2007|09:37] C:\DOCUME~1\Alex\APPLIC~1\<DIR> U3
[08/29/2005|01:29] C:\DOCUME~1\Alex\APPLIC~1\<DIR> ubi.com
[01/25/2007|12:15] C:\DOCUME~1\Alex\APPLIC~1\<DIR> Viewpoint
[01/08/2006|06:21] C:\DOCUME~1\Alex\APPLIC~1\<DIR> vlc
[06/08/2009|12:51] C:\DOCUME~1\Alex\APPLIC~1\<DIR> Winamp
[09/14/2006|10:56] C:\DOCUME~1\Alex\APPLIC~1\<DIR> Xfire

[07/14/2009|09:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {EF63305C-BAD7-4144-9208-D65528260864}
[08/11/2008|08:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[01/21/2008|06:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[06/28/2009|01:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[05/17/2008|01:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> CanonBJ
[12/15/2006|09:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Creative
[08/31/2005|05:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> CyberLink
[05/06/2006|11:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> DVD Shrink
[03/06/2009|01:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google
[12/15/2006|01:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InstallShield
[07/14/2009|09:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Lavasoft
[03/21/2009|07:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[12/18/2008|04:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Nero
[04/07/2005|07:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> NFS Underground
[07/26/2004|11:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> NFS Underground Demo
[07/07/2006|10:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> NVIDIA
[08/14/2004|09:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> nView_Profiles
[07/25/2004|06:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> QuickTime
[12/19/2006|09:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> River Past G5
[07/14/2009|06:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy
[10/03/2007|08:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Support.com
[06/11/2008|01:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Symantec
[10/05/2006|08:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TechSmith
[07/14/2009|09:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP
[04/29/2007|07:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Trymedia
[12/24/2007|09:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Ubisoft
[01/26/2007|07:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Viewpoint
[09/18/2005|11:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[06/21/2008|09:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WLInstaller

[07/16/2004|03:21] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft

[07/16/2004|03:25] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft
[05/28/2006|08:04] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Symantec

[07/16/2004|03:25] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[07/21/2009 09:06 PM][--a------] C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[07/18/2008 08:04 PM][--a------] C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Alex.job
[07/23/2009 04:23 PM][--a------] C:\WINDOWS\tasks\Symantec NetDetect.job
[07/17/2009 07:04 AM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/23/2001 05:00 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[05/29/2009|07:52] C:\Program Files\<DIR> 7-Zip
[08/23/2004|12:26] C:\Program Files\<DIR> Accolade
[08/11/2008|08:41] C:\Program Files\<DIR> Adobe
[11/22/2007|09:02] C:\Program Files\<DIR> AGEIA Technologies
[12/18/2008|04:28] C:\Program Files\<DIR> Ahead
[09/13/2006|11:14] C:\Program Files\<DIR> AIM
[09/13/2006|11:14] C:\Program Files\<DIR> AOD
[06/28/2009|01:21] C:\Program Files\<DIR> Apple Software Update
[07/17/2004|08:56] C:\Program Files\<DIR> Application X
[08/22/2008|10:35] C:\Program Files\<DIR> Archiving
[10/05/2006|08:41] C:\Program Files\<DIR> Atlant Software
[08/16/2006|03:59] C:\Program Files\<DIR> Audacity
[05/06/2006|12:17] C:\Program Files\<DIR> AutoGK
[11/15/2006|11:53] C:\Program Files\<DIR> AVI MPEG RM WMV Splitter
[05/06/2006|12:17] C:\Program Files\<DIR> AviSynth 2.5
[07/18/2004|01:46] C:\Program Files\<DIR> AWS
[06/28/2009|01:22] C:\Program Files\<DIR> Bonjour
[05/17/2008|04:32] C:\Program Files\<DIR> Canon
[05/17/2008|01:06] C:\Program Files\<DIR> CanonBJ
[12/22/2006|08:13] C:\Program Files\<DIR> CDKnet
[07/18/2009|12:28] C:\Program Files\<DIR> CinemaForge
[06/28/2009|01:20] C:\Program Files\<DIR> Common Files
[03/11/2007|04:41] C:\Program Files\<DIR> ControlMK
[03/20/2009|07:52] C:\Program Files\<DIR> Creative
[08/31/2005|05:31] C:\Program Files\<DIR> CyberLink
[07/03/2008|11:36] C:\Program Files\<DIR> DAEMON Tools
[07/08/2007|11:44] C:\Program Files\<DIR> DAMN NFO Viewer
[07/07/2007|08:12] C:\Program Files\<DIR> Dictionary
[07/17/2004|11:36] C:\Program Files\<DIR> directx
[09/06/2007|12:35] C:\Program Files\<DIR> DOSBox-0.65
[10/01/2004|08:00] C:\Program Files\<DIR> D-Tools
[05/06/2006|12:15] C:\Program Files\<DIR> DVD Decrypter
[05/06/2006|10:44] C:\Program Files\<DIR> DVD Shrink
[09/25/2004|02:24] C:\Program Files\<DIR> Elaborate Bytes
[05/08/2008|08:37] C:\Program Files\<DIR> EPSON
[03/13/2009|05:26] C:\Program Files\<DIR> FlashFXP
[01/01/2006|01:04] C:\Program Files\<DIR> FLVPlayer
[03/09/2009|08:02] C:\Program Files\<DIR> Free Audio Recorder
[12/15/2006|05:45] C:\Program Files\<DIR> Futuremark
[05/06/2006|12:17] C:\Program Files\<DIR> Gabest
[08/03/2006|05:11] C:\Program Files\<DIR> GameSpy Arcade
[05/21/2006|01:56] C:\Program Files\<DIR> GetData
[08/07/2004|12:08] C:\Program Files\<DIR> GIF Movie Gear
[03/06/2009|01:11] C:\Program Files\<DIR> Google
[02/29/2008|11:38] C:\Program Files\<DIR> HOTLLAMA MEDIA
[08/12/2004|10:49] C:\Program Files\<DIR> Illustrate
[06/19/2009|10:53] C:\Program Files\<DIR> InstallShield Installation Information
[07/20/2004|12:13] C:\Program Files\<DIR> Intel
[07/24/2007|12:37] C:\Program Files\<DIR> InterActual
[07/14/2009|08:30] C:\Program Files\<DIR> Internet Explorer
[06/28/2009|01:23] C:\Program Files\<DIR> iPod
[06/28/2009|01:59] C:\Program Files\<DIR> iTunes
[09/23/2004|08:56] C:\Program Files\<DIR> JAM Software
[05/06/2005|02:45] C:\Program Files\<DIR> Java
[07/17/2004|09:01] C:\Program Files\<DIR> JavaSoft
[07/25/2004|06:32] C:\Program Files\<DIR> K-Lite Codec Pack
[07/14/2009|09:03] C:\Program Files\<DIR> Lavasoft
[07/23/2009|04:06] C:\Program Files\<DIR> LimeWire
[03/28/2008|11:57] C:\Program Files\<DIR> MagicISO
[06/29/2009|09:40] C:\Program Files\<DIR> MediaMonkey
[10/28/2008|03:02] C:\Program Files\<DIR> Messenger
[03/21/2009|07:07] C:\Program Files\<DIR> Microsoft
[07/17/2004|07:39] C:\Program Files\<DIR> Microsoft ActiveSync
[07/06/2008|03:00] C:\Program Files\<DIR> Microsoft CAPICOM 2.1.0.2
[07/16/2004|03:22] C:\Program Files\<DIR> microsoft frontpage
[03/30/2009|11:32] C:\Program Files\<DIR> Microsoft Kids
[07/17/2004|07:39] C:\Program Files\<DIR> Microsoft Office
[07/06/2008|03:00] C:\Program Files\<DIR> Microsoft Virtual PC
[07/17/2004|07:39] C:\Program Files\<DIR> Microsoft Visual Studio
[05/06/2007|11:39] C:\Program Files\<DIR> MIKSOFT
[06/23/2006|08:20] C:\Program Files\<DIR> Motherboard Monitor 5
[06/11/2008|02:30] C:\Program Files\<DIR> Movie Maker
[07/23/2009|04:23] C:\Program Files\<DIR> Mozilla Firefox
[11/23/2005|03:38] C:\Program Files\<DIR> Mp3tag
[11/13/2005|02:19] C:\Program Files\<DIR> Mp3TagToolsv12
[07/28/2006|04:39] C:\Program Files\<DIR> Mplayer
[07/14/2009|08:16] C:\Program Files\<DIR> MSBuild
[07/16/2004|03:19] C:\Program Files\<DIR> MSN
[07/16/2004|03:19] C:\Program Files\<DIR> MSN Gaming Zone
[07/19/2004|04:26] C:\Program Files\<DIR> MSXML 4.0
[07/21/2004|12:12] C:\Program Files\<DIR> MUSICMATCH
[12/18/2008|04:46] C:\Program Files\<DIR> Nero
[06/11/2008|02:26] C:\Program Files\<DIR> NetMeeting
[08/02/2008|10:25] C:\Program Files\<DIR> Norton AntiVirus
[07/17/2004|09:25] C:\Program Files\<DIR> OfficeUpdate11
[07/16/2004|03:21] C:\Program Files\<DIR> Online Services
[09/05/2004|11:12] C:\Program Files\<DIR> OO Software
[01/21/2008|03:31] C:\Program Files\<DIR> OpenAL
[04/09/2009|10:38] C:\Program Files\<DIR> Orbitdownloader
[06/11/2008|02:26] C:\Program Files\<DIR> Outlook Express
[02/24/2006|07:14] C:\Program Files\<DIR> Paltalk
[10/12/2008|11:26] C:\Program Files\<DIR> Paltalk Messenger
[07/13/2009|07:52] C:\Program Files\<DIR> Panda Security
[07/16/2009|05:44] C:\Program Files\<DIR> PeerGuardian2
[03/09/2009|06:34] C:\Program Files\<DIR> Perfect Sound Recorder
[07/28/2006|08:52] C:\Program Files\<DIR> PowerISO
[06/28/2009|01:22] C:\Program Files\<DIR> QuickTime
[10/22/2005|11:11] C:\Program Files\<DIR> Realtek AC97
[08/16/2005|05:34] C:\Program Files\<DIR> Red Storm Entertainment
[07/14/2009|08:16] C:\Program Files\<DIR> Reference Assemblies
[07/17/2004|08:52] C:\Program Files\<DIR> Registry Mechanic
[12/25/2005|06:28] C:\Program Files\<DIR> RM to MP3 Converter
[09/22/2006|04:24] C:\Program Files\<DIR> Saitek
[04/28/2007|09:12] C:\Program Files\<DIR> Samsung
[07/18/2008|07:14] C:\Program Files\<DIR> Seagate
[05/02/2008|05:47] C:\Program Files\<DIR> Sega Saturn
[12/28/2004|06:59] C:\Program Files\<DIR> Sierra On-Line
[06/26/2005|01:40] C:\Program Files\<DIR> SmartFTP
[02/18/2007|02:36] C:\Program Files\<DIR> SmartFTP Client 2.0
[02/18/2007|02:36] C:\Program Files\<DIR> SmartFTP Client 2.0 Setup Files
[04/16/2005|07:57] C:\Program Files\<DIR> SmartFTP Setup Files
[07/23/2009|04:06] C:\Program Files\<DIR> Soulseek
[07/14/2009|01:08] C:\Program Files\<DIR> Spybot - Search & Destroy
[07/14/2009|09:07] C:\Program Files\<DIR> SpywareBlaster
[04/08/2008|07:31] C:\Program Files\<DIR> SSC Service Utility
[10/03/2007|08:52] C:\Program Files\<DIR> support.com
[06/11/2008|01:32] C:\Program Files\<DIR> Symantec
[10/05/2006|08:07] C:\Program Files\<DIR> TechSmith
[07/22/2009|07:46] C:\Program Files\<DIR> trend micro
[07/19/2004|01:00] C:\Program Files\<DIR> Ubi Soft
[08/29/2005|01:30] C:\Program Files\<DIR> ubi.com
[07/16/2004|04:03] C:\Program Files\<DIR> Uninstall Information
[12/20/2006|12:18] C:\Program Files\<DIR> Video mp3 Extractor
[01/08/2006|06:20] C:\Program Files\<DIR> VideoLAN
[10/25/2004|11:25] C:\Program Files\<DIR> VisualRoute
[05/21/2008|08:09] C:\Program Files\<DIR> webcamXP
[06/30/2009|09:25] C:\Program Files\<DIR> Winamp
[03/21/2009|07:06] C:\Program Files\<DIR> Windows Live
[03/21/2009|07:07] C:\Program Files\<DIR> Windows Live SkyDrive
[06/11/2008|02:31] C:\Program Files\<DIR> Windows Media Player
[06/11/2008|02:26] C:\Program Files\<DIR> Windows NT
[12/18/2008|04:45] C:\Program Files\<DIR> Windows Sidebar
[06/11/2008|01:49] C:\Program Files\<DIR> WindowsUpdate
[02/27/2005|09:17] C:\Program Files\<DIR> WinMX
[01/04/2005|12:38] C:\Program Files\<DIR> WinRAR
[12/03/2006|03:34] C:\Program Files\<DIR> Wisdom-soft ScreenHunter 5 Free
[07/16/2004|03:22] C:\Program Files\<DIR> xerox
[09/14/2006|10:44] C:\Program Files\<DIR> Xfire

--------------------\\ Listing Folders in C:\Program Files\Common Files

[08/11/2008|08:41] C:\Program Files\Common Files\<DIR> Adobe
[06/28/2009|01:20] C:\Program Files\Common Files\<DIR> Apple
[05/17/2008|01:09] C:\Program Files\Common Files\<DIR> CANON
[07/17/2004|07:39] C:\Program Files\Common Files\<DIR> Designer
[07/26/2004|11:40] C:\Program Files\Common Files\<DIR> DirectX
[05/08/2008|08:36] C:\Program Files\Common Files\<DIR> EPSON
[01/20/2006|11:27] C:\Program Files\Common Files\<DIR> InstallShield
[05/06/2005|02:43] C:\Program Files\Common Files\<DIR> Java
[07/17/2004|07:38] C:\Program Files\Common Files\<DIR> L&H
[07/14/2009|07:27] C:\Program Files\Common Files\<DIR> Microsoft Shared
[07/16/2004|03:20] C:\Program Files\Common Files\<DIR> MSSoap
[12/18/2008|04:51] C:\Program Files\Common Files\<DIR> Nero
[07/16/2004|10:03] C:\Program Files\Common Files\<DIR> ODBC
[07/18/2004|12:20] C:\Program Files\Common Files\<DIR> PocketSoft
[07/16/2004|03:20] C:\Program Files\Common Files\<DIR> Services
[07/16/2004|10:03] C:\Program Files\Common Files\<DIR> SpeechEngines
[07/23/2009|04:23] C:\Program Files\Common Files\<DIR> Symantec Shared
[06/11/2008|02:26] C:\Program Files\Common Files\<DIR> System
[12/15/2006|01:17] C:\Program Files\Common Files\<DIR> Voyetra
[03/21/2009|07:05] C:\Program Files\Common Files\<DIR> Windows Live
[06/21/2008|09:45] C:\Program Files\Common Files\<DIR> WindowsLiveInstaller
[12/22/2007|10:11] C:\Program Files\Common Files\<DIR> Wise Installation Wizard

--------------------\\ Process

( 51 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

C:\Program Files\Orbitdownloader
C:\Program Files\Orbitdownloader\addons
C:\Program Files\Orbitdownloader\banurl.ini
C:\Program Files\Orbitdownloader\Cache
C:\Program Files\Orbitdownloader\changelog.txt
C:\Program Files\Orbitdownloader\download.dll
C:\Program Files\Orbitdownloader\Grab.exe
C:\Program Files\Orbitdownloader\GrabDll.dll
C:\Program Files\Orbitdownloader\GrabKernel.dll
C:\Program Files\Orbitdownloader\idht.dll
C:\Program Files\Orbitdownloader\Lang.ini
C:\Program Files\Orbitdownloader\language
C:\Program Files\Orbitdownloader\libeay32.dll
C:\Program Files\Orbitdownloader\orbitcth.dll
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitmxt.dll
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Orbitdownloader\saction.dll
C:\Program Files\Orbitdownloader\siteinfo.ini
C:\Program Files\Orbitdownloader\ssleay32.dll
C:\Program Files\Orbitdownloader\unins000.dat
C:\Program Files\Orbitdownloader\unins000.exe
C:\Program Files\Orbitdownloader\update
C:\Program Files\Orbitdownloader\winfile.dll
C:\DOCUME~1\Alex\Cookies\alex@adopt.euroclick[1].txt
C:\DOCUME~1\Alex\Cookies\alex@vegas[2].txt

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-23 16:35:40
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
disk error: C:\WINDOWS\System32\
please note that you need administrator rights to perform deep scan

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Alex\Application Data\.ABC\torrentinfo\Call_Of_Duty_4_Crackfix_And_Keygen-Razor1911.3876008.TPB.torrent.info
C:\DOCUME~1\Alex\Application Data\.ABC\torrentinfo\MagicISO_Maker_5.4_Build_256_[ENG]_[Crack].4081569.TPB.torrent.info
C:\DOCUME~1\Alex\Application Data\.ABC\torrentinfo\NORTON_ANTIVIRUS_2007__WORKING_KEYGENERATOR_.3640818.TPB.torrent.info
C:\DOCUME~1\Alex\Cookies\alex@cracks[1].txt
C:\DOCUME~1\Alex\Cookies\alex@www.cracks[1].txt


[F:19][D:154]-> C:\DOCUME~1\Alex\LOCALS~1\Temp
[F:811][D:0]-> C:\DOCUME~1\Alex\Cookies
[F:186][D:24]-> C:\DOCUME~1\Alex\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Thu 07/23/2009|16:21 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - Thu 07/23/2009|16:38 - Option : [1]

--------------------\\ Scan completed at 16:38:36

For some reason it has soulseek and limewire on the program files list, but I removed both of them from the control panel. Is this normal? Or are there still files leftover that I should delete?

C:\DOCUME~1\Alex\Application Data\.ABC\torrentinfo\Call_Of_Duty_4_Crackfix_And_Keygen-Razor1911.3876008.TPB.torrent.info
C:\DOCUME~1\Alex\Application Data\.ABC\torrentinfo\MagicISO_Maker_5.4_Build_256_[ENG]_[Crack].4081569.TPB.torrent.info
C:\DOCUME~1\Alex\Application Data\.ABC\torrentinfo\NORTON_ANTIVIRUS_2007__WORKING_KEYGENERATOR_.3640818.TPB.torrent.info

Do you know anything about these files ?
Are they safe to use ?

They just seem like old torrent files, but I don't know if they're safe or not. Should I just delete them (I don't need them)?

One thing I wanted to mention was that after I ran one of those programs you told me to run, there were entries for "skynet," and I've never downloaded anything like that or been to a site that had that name in it, so I'm guessing it could be spyware or a trojan.

Does anything else look suspicious?

Information

Cracks/Kegens/Warez etc.

In doing the crack, the 'cracker' has broken the 'End User Licence Agreement' (EULA) of the product.
The distribution and use of cracked copies is illegal in almost every developed country.
They are also one of the biggest causes of infection.

This applies to Cracks, Keygens and Warez

I will continue to help you at this time
BUT, if I see any evidence of other similar files/programs this topic will be locked

In the future I strongly suggest you stay away from using cracks and/or Keygens.

Re.
NORTON_ANTIVIRUS_2007__WORKING_KEYGENERATOR_
The entire concept of using a "Cracked" security program is beyond me.


----------------------------------------------------------------------------------------
Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
Update Malwarebytes' Anti-Malware
and Launch Malwarebytes' Anti-Malware
then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply
If requested, please reboot
If you accidently close it, the log file is saved here and will be named like this:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt



Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:

Bleeping Computer ComboFix Tutorial (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)

You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log to post in your next reply
Re-enable all the programs that were disabled during the running of ComboFix..


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

For instructions on how to disable your security programs, please see this topic
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs (http://www.bleepingcomputer.com/forums/topic114351.html)

From now I won't download any cracks or any similar types of files.

Did you mean that you would lock the thread if you found any new cracks or if I had cracks remaining on my computer? If you want, I can remove all the cracks from my PC. There might be some that I can't find, though.

I think my router has a firewall. Do I need to disable that (I don't know how)? Also, how do you disable the windows xp firewall?

From now I won't download any cracks or any similar types of files.
Wise move




1)Did you mean that you would lock the thread if you found any new cracks or if I had cracks remaining on my computer?
2) If you want, I can remove all the cracks from my PC.
3) There might be some that I can't find, though.
1) Any evidence of Cracks or similar files will result in the thread being locked
2) I insist.
3) I recommend you try very hard to find them.



I think my router has a firewall. Do I need to disable that (I don't know how)? Also, how do you disable the windows xp firewall?
You don't need to worry about either of those.

mbam-log-2009-07-26 (12-37-25):

Malwarebytes' Anti-Malware 1.39
Database version: 2506
Windows 5.1.2600 Service Pack 3

7/26/2009 12:37:25 PM
mbam-log-2009-07-26 (12-37-25).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 260375
Time elapsed: 36 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Userinit.exe (Security.Hijack) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\15331094 (Rogue.Multiple) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\mpgdec.ax (Backdoor.Bot) -> Quarantined and deleted successfully.

combofix log:

ComboFix 09-07-25.08 - Alex 07/26/2009 13:36.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.1070 [GMT -7:00]
Running from: c:\documents and settings\Alex\Desktop\ComboFix.exe
AV: Norton AntiVirus *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton AntiVirus *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Alex\Favorites\translator.url
c:\documents and settings\Alex\x.exe
c:\recycler\NPROTECT
c:\windows\Installer\103cd.msi
c:\windows\Installer\103df.msi
c:\windows\Installer\103e6.msi
c:\windows\Installer\10a32e.msi
c:\windows\Installer\177405d.msi
c:\windows\Installer\18fda508.msi
c:\windows\Installer\1c520acd.msi
c:\windows\Installer\214aade0.msi
c:\windows\Installer\2827990f.msi
c:\windows\Installer\293f2.msi
c:\windows\Installer\2a6822.msi
c:\windows\Installer\2b17d246.msi
c:\windows\Installer\2b567af4.msi
c:\windows\Installer\2b567afb.msi
c:\windows\Installer\2e88a.msi
c:\windows\Installer\48223e5.msi
c:\windows\Installer\7b26d0.msi
c:\windows\Installer\7f8bace.msi
c:\windows\Installer\a3846.msi
c:\windows\Installer\b49aaeb.msi
c:\windows\Installer\c5e9de.msi
c:\windows\Installer\cd791c.msi
c:\windows\Installer\dfbac75.msi
c:\windows\system32\Data
c:\windows\system32\disk.dll
c:\windows\system32\drivers\SKYNETbaekvbln.sys
c:\windows\system32\NX.exe
c:\windows\system32\SKYNETmbjsflgh.dll
c:\windows\system32\SKYNETviqyfdfw.dat
c:\windows\system32\SKYNETxdgquslq.dll
c:\windows\system32\SKYNETywuowndb.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SKYNETuaitsquo


((((((((((((((((((((((((( Files Created from 2009-06-26 to 2009-07-26 )))))))))))))))))))))))))))))))
.

2009-07-26 18:58 . 2009-07-26 18:58 -------- d-----w- c:\documents and settings\Alex\Application Data\Malwarebytes
2009-07-26 18:58 . 2009-07-13 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-26 18:58 . 2009-07-26 18:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-26 18:58 . 2009-07-26 18:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-26 18:58 . 2009-07-13 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-23 23:07 . 2009-07-23 23:38 -------- d-----w- C:\Lop SD
2009-07-23 22:59 . 2009-07-23 22:59 -------- d-----w- C:\songs 2 SS
2009-07-23 22:58 . 2009-07-23 22:59 -------- d-----w- C:\songs 1 L
2009-07-23 02:46 . 2009-07-23 02:46 -------- d-----w- C:\rsit
2009-07-23 02:46 . 2009-07-23 02:46 -------- d-----w- c:\program files\trend micro
2009-07-15 04:50 . 2009-07-03 14:49 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-07-15 04:06 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-07-15 04:04 . 2009-07-08 17:28 2920112 -c--a-w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe
2009-07-15 04:03 . 2009-07-15 04:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-07-15 03:36 . 2009-07-15 03:36 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-07-15 03:34 . 2009-07-15 03:34 -------- d-sh--w- c:\documents and settings\Alex\PrivacIE
2009-07-15 03:32 . 2009-07-15 03:32 -------- d-sh--w- c:\documents and settings\Alex\IETldCache
2009-07-15 03:31 . 2009-07-15 03:31 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-07-15 03:16 . 2009-07-15 03:16 -------- d-----w- c:\windows\system32\XPSViewer
2009-07-15 03:16 . 2009-07-15 03:16 -------- d-----w- c:\program files\MSBuild
2009-07-15 03:16 . 2009-07-15 03:16 -------- d-----w- c:\program files\Reference Assemblies
2009-07-15 03:15 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-07-15 03:15 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-07-15 03:15 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-07-15 03:15 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-07-15 03:15 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-07-15 03:15 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-07-15 03:15 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-07-15 03:09 . 2009-06-02 10:12 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-07-15 03:09 . 2009-07-15 03:09 -------- d-----w- c:\windows\ie8updates
2009-07-15 03:09 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-07-15 03:09 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-15 03:07 . 2009-07-15 03:08 -------- dc-h--w- c:\windows\ie8
2009-07-15 02:13 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-07-15 02:13 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-07-15 02:13 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-07-15 02:13 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-07-15 02:13 . 2009-02-09 12:10 729088 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2009-07-15 02:13 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-07-15 02:13 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-07-15 02:13 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-07-15 02:13 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-07-15 02:13 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-07-15 02:13 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-07-14 08:03 . 2009-07-15 04:04 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-07-14 02:57 . 2009-07-14 05:09 -------- d-----w- c:\windows\BDOSCAN8
2009-07-14 02:53 . 2008-06-20 00:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-07-14 02:52 . 2009-07-14 02:52 -------- d-----w- c:\program files\Panda Security
2009-07-14 02:49 . 2009-07-14 02:51 -------- d-----w- c:\documents and settings\Alex\.housecall6.6
2009-06-30 04:40 . 2009-07-13 04:47 -------- d-----w- c:\documents and settings\Alex\Local Settings\Application Data\MediaMonkey
2009-06-30 04:40 . 2009-06-30 04:40 -------- d-----w- c:\program files\MediaMonkey
2009-06-28 20:59 . 2009-06-28 20:59 -------- d-----w- c:\program files\iTunes
2009-06-28 20:59 . 2009-06-28 20:59 -------- d-----w- C:\Floola-win
2009-06-28 20:22 . 2009-06-28 20:22 -------- d-----w- c:\program files\Bonjour
2009-06-28 20:21 . 2009-06-28 20:21 -------- d-----w- c:\program files\Apple Software Update
2009-06-28 20:20 . 2009-06-28 20:20 -------- d-----w- c:\program files\Common Files\Apple

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-26 20:35 . 2004-07-18 03:03 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-26 19:49 . 2006-11-23 03:44 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-24 03:40 . 2006-08-28 00:00 20912 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-07-23 23:06 . 2004-08-08 02:43 -------- d-----w- c:\program files\Soulseek
2009-07-23 23:06 . 2005-05-06 21:43 -------- d-----w- c:\program files\LimeWire
2009-07-18 07:28 . 2006-07-09 15:55 -------- d-----w- c:\program files\CinemaForge
2009-07-17 00:44 . 2008-08-06 06:51 -------- d-----w- c:\program files\PeerGuardian2
2009-07-15 04:07 . 2004-07-18 02:48 -------- d-----w- c:\program files\SpywareBlaster
2009-07-15 04:03 . 2004-07-18 02:46 -------- d-----w- c:\program files\Lavasoft
2009-07-15 03:23 . 2004-10-01 22:47 145408 ----a-w- c:\windows\system32\drivers\VMM.sys
2009-07-14 13:17 . 2004-07-18 02:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-14 08:08 . 2004-08-26 22:58 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-01 04:25 . 2004-07-18 02:52 -------- d-----w- c:\program files\Winamp
2009-06-28 20:23 . 2004-07-21 07:07 -------- d-----w- c:\program files\iPod
2009-06-28 20:22 . 2006-04-15 09:13 -------- d-----w- c:\program files\QuickTime
2009-06-28 20:21 . 2004-07-21 07:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-06-20 05:53 . 2004-07-17 00:54 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-16 14:36 . 2001-08-23 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2001-08-23 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-08 07:51 . 2009-06-08 07:50 -------- d-----w- c:\documents and settings\Alex\Application Data\Winamp
2009-06-06 05:17 . 2007-08-26 18:32 -------- d-----w- c:\documents and settings\Alex\Application Data\Orbit
2009-06-03 19:09 . 2005-08-30 16:14 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-30 02:52 . 2009-05-30 02:52 -------- d-----w- c:\program files\7-Zip
2009-05-13 05:15 . 2005-06-18 06:49 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2001-08-23 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:55 . 2009-04-29 04:55 78336 ------w- c:\windows\system32\ieencode.dll
2001-10-05 19:53 . 2004-10-03 02:09 21866 ----a-w- c:\program files\Common Files\tppupd2k.dll
2009-07-22 02:04 . 2009-03-19 23:21 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-03 102400]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-25 68856]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mmtask"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2004-01-26 53248]
"TPP Auto Loader"="c:\windows\TPPALDR.EXE" [2001-10-05 118784]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-09-11 218032]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-02-16 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-23 81920]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-09-03 84640]
"osCheck"="c:\program files\Norton AntiVirus\osCheck.exe" [2006-09-05 26248]
"StxTrayMenu"="c:\program files\Seagate\SystemTray\StxMenuMgr.exe" [2007-01-18 190008]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-04-10 37888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-02-23 278528]
"AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\Alcxmntr.exe [2004-09-07 57344]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2005-10-04 90112]
"P17Helper"="P17.dll" - c:\windows\system32\P17.dll [2005-05-04 64512]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-16 1630208]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-7-18 113664]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Alex^Start Menu^Programs^Startup^PalNetaware.lnk]
backup=c:\windows\pss\PalNetaware.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\RavenShield\\system\\RavenShield.exe"=
"c:\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"d:\\Condition Zero\\czero.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"d:\\UnrealTournament\\System\\UnrealTournament.exe"=
"d:\\Quake 3\\quake3.exe"=
"c:\\Program Files\\SmartFTP\\SmartFTP.exe"=
"c:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"d:\\Duke Nukem 3D\\spill\\duke3d\\eduke32.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\UT2004\\System\\UT2004.exe"=
"d:\\Valve\\Steam\\SteamApps\\psychomantis2144@yahoo.com\\team fortress 2\\hl2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16567:UDP"= 16567:UDP:bf21

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [7/14/2009 9:06 PM 64160]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [7/13/2009 7:53 PM 28544]
R2 Seagate Sync Service;Seagate Sync Service;c:\program files\Seagate\Sync\SeaSyncServices.exe [1/18/2007 2:20 PM 24120]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [3/1/2009 11:22 AM 101936]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 7:49 AM 1029456]
S3 p17filt;p17filt;c:\windows\system32\drivers\p17filt.sys [3/20/2006 7:34 PM 1452032]
S3 pnicml;pnicml;\??\c:\docume~1\Alex\LOCALS~1\Temp\pnicml.sys --> c:\docume~1\Alex\LOCALS~1\Temp\pnicml.sys [?]
S3 TPP200;USB Storage Adapter V2 (TPP);c:\windows\system32\drivers\tpp200.sys [10/2/2004 7:09 PM 35541]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-22 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]

2008-07-19 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - Alex.job
- c:\progra~1\NORTON~1\Navw32.exe [2006-09-07 00:38]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{F3DF2532-A2CC-48D8-8643-A033AE4FC313} - (no file)
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKLM-Run-SaitekInstall - f:\winnt\InstallWizard.exe
HKLM-Run-CmPCIaudio - CMICNFG3.CPL
HKLM-Run-CTXFIREG - CTxfiReg.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: aol.com\free
FF - ProfilePath - c:\documents and settings\Alex\Application Data\Mozilla\Firefox\Profiles\default.y19\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJPI150_01.dll
FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPOJI610.dll
FF - plugin: d:\gametap\bin\Release\npgametaptool.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-26 13:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-796845957-2111687655-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"????????????????????????"=hex:bd,50,9f,4d,61,ff,02,14,7e,90,d7,39,62,28,83,1d,
63,63,70,63,56,56,05,f7,63,63,56,be,05,f4,c2,c2,00,00,00,00,00,00,00,00,00,\
"???n"=hex:d5,05,9b,37,3b,d5,c7,01,66,ed,b8,96,2c,41,bc,83,ef,9f,ec,61,8a,a4,
59,6c,c7,81,bd,e4,99,4c,54,d0,7f,83,16,cd,84,49,03,f6,91,5e,0e,15,2d,65,f5,\
"?????"=hex:00,be,22,14,12,08,03,6a,63,5e,6b,3d,09,4c,3a,3a
"???n"=hex:8c,68,39,e9,6d,02,64,7f,10,77,37,16,17,26,10,7c,04,3e,d1,de,29,16,
2c,8f,1c,c4,64,82,96,e2,ba,c7,51,37,8c,96,dc,96,af,3a,81,dc,8b,38,a2,0b,09,\
"???n"=hex:e4,81,0b,f0,54,71,93,c9,94,c2,8e,9c,77,e2,d2,2d,1a,62,42,17,cf,a9,
d2,8d,ec,c1,70,32,47,bd,1a,4b,70,b3,da,f1,04,ea,dd,6a,bd,fb,9b,86,95,a8,10,\
"???n"=hex:de,d9,df,d6,79,04,96,56,e7,c4,91,73,6d,0b,a2,5b,b2,85,07,d1,a9,f9,
33,73,b7,ba,d3,ee,9f,52,86,dc,6a,6f,50,78,39,20,25,c5,ed,f7,7b,c4,5e,49,fc,\
"???n"=hex:d0,02,e8,15,d3,75,fd,51,0c,09,15,63,8a,b9,48,28,f8,a2,1f,be,cd,4a,
d7,7f,90,61,4f,49,16,94,e8,b3,c3,21,29,72,98,9f,13,71,9d,59,ea,58,8a,d1,c9,\
"???n"=hex:e7,6c,4f,f5,b5,16,c1,4d,d0,75,c1,1b,83,05,e5,eb,c7,a0,8d,bf,f5,d5,
25,0f,e4,58,97,f6,bf,f5,9d,01,ee,f7,46,a9,a2,e4,d0,1a,3e,85,bd,07,aa,59,ab,\
"???n"=hex:e5,6f,86,ed,96,2f,d4,12,e3,a2,c8,81,70,b2,81,b9,61,1b,b0,82,a4,28,
a6,f9,b6,3e,49,5d,68,1f,59,56,a6,32,8d,c4,c8,0e,16,d9,e8,0f,26,a8,9f,f2,ac,\
"???n"=hex:a1,78,a7,19,3e,a0,bc,11,d1,2f,37,6c,2d,5a,87,b6,53,09,09,9e,94,73,
b4,4a,34,b5,6f,8a,22,07,e9,cc,f6,20,9a,30,c1,74,fd,d6,6b,c3,2c,b2,27,dc,b4,\
"???n"=hex:6e,08,a2,0f,93,f4,57,fe,b5,34,06,73,97,34,2f,85,56,0a,4b,e6,d8,db,
07,b8,fd,e3,7b,19,0a,d7,42,12,73,ca,21,28,40,d3,7a,b6,8b,a9,fd,e9,a5,48,eb,\
"??"=hex:41,4c,c9,d4,ec,9f,6b,cc,aa,5f,78,e4,55,6e,48,46,3f,ab,54,91,3c,30,18,
72,4c,af,f5,1f,9d,0a,17,94,99,51,6f,25,72,63,18,3f,e8,b3,79,a1,a7,38,20,66,\
"??"=hex:98,57,df,2a,12,b1,c4,e8,d1,ce,9f,04,bc,8c,27,63

[HKEY_LOCAL_MACHINE\software\Classes\.application\bootstrap]
@DACL=(02 0000)
@="bootstrap.application.1"

[HKEY_LOCAL_MACHINE\software\Classes\giffile\shell\Open\ddeexec]
@DACL=(02 0000)
@="\"file:%1\",,-1,,,,,"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG06.00.00.01WORKSTATION"="60E51B6F03099E7254874EDCBE0E1E9E4DAC8C755B59E2BEE9F8F5BCADCD1A57879B16BF7959D8FE503731371AE6CFCB0FD75DA60CDC52FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C9DB7CE019D40AA5CA6171C11EC38DE3DC038D530D6EB3452FEBC9E127BECC74C3AD2A98E0D1DC67D4DA71AD9B4F0CCF5AA00D213CB18E93B78D5B9263B5295C99B730B0434042D01984C59B765B26B2C0CA688562F5C8052A41770BAEE92285C3FC2F793DD6FDF0D81FBD53D75CF1DBF912ACF70ED6AA3FD5303133CC6AD5EE9C0111DD464EED0EA4A0DAFB036EA9437C685D672731CE8A4775A83A7E651CD539E042C52C7A5371899A7874921BE494D1D07D2E2535EA6DD6D3125EF1B3FCEAAB914DA8BA9CA0DC6FB4C06B3D195F6F1E751FA3A41B1FAF2EFEE62FA50CE7F3BDA8E62F2D12B8FDBDF4AD30F86509BC5605B0A6396ADC5E4A2CFA5A318E9C001AA13816F2BA3427099C8A1EE26E3FAA0A27040C150F8A9678962E0B6A80FB72B371878DBC329E952E041A05D36D79B8B2FAEE1A90E520FE18D0C8976DBD0CD1FF4E40E09CF429183CE8087D4E348C9466A8836639589A46FFD831798AF542F75B8170B38A40A8739E4AA92457E6513449DC6082D4F86D6DF0B530548C5554E7B3D1F3F21BF31DCDC86B27D92F9744C2AF202A8B7C9BFDCB64A5E57A264A05F30A0C0F8ED3D79E78CF9648D96EDCC8CD27D2AEA27B345ADAA35D68FBA75195C48E59710BEE1BA4419EBDC881B185B2DCCAE812516E336842929C3371586B4012DF28DDDA69260CE08E98DB961D5204EDB621F351051C7E2CF6781DCAC4AFE50FA9264BF2BDCE92B1469BCEE9DABAED47452ECF9171BC40D7315408DEE95158D82F2B19749EC6A3C294184F9F6433064C31FAAD6207F8A0A9A3D04E1BE6229C34827DD4B6F980830692BD1330B66E0EB25CEEAB213660826014B23EE7150823F832424C37F547F722BC866F4678691172EC894FA4ED6C47397114B54511FFA11A245186ED13C1FB5761D581D91B5255CA359E29DA2FD59C30045FAB09C36808EC5491C3E300F4B700A8E128F812E947080B0E38F54ACF1AF12FE0629059E15CFBF51E9A8DB2FF95D56695031244AECCE73E379C71DD75294DA3E94E6B0864FB31BE50DA5852438F9025CA6EDD789CCB8DEEADB4229194D1198E22296B83F5A5A946E6935D418A38866FAF8B37191E9AD58A2957E9A2C4D8ABEB17F682DBF73291ABC30D665DAEF8E113E807639290CF82C4A850006F250A875D5CE118E216DC9D2016D12C5DE6557C1FE4D2C6ABC8EA1D7885E4FF371665797DB8849D322ADA816D17BEF79BADDF0707D40CEB55BE27A8D63A576E252B5C73535F84E66A33077712A0B7DF6AAC8ACC6DE8EDD3EB98E9435C7B7864260F56C1137"
.
Completion time: 2009-07-26 13:45
ComboFix-quarantined-files.txt 2009-07-26 20:45

Pre-Run: 1,096,638,464 bytes free
Post-Run: 1,002,106,880 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

320 --- E O F --- 2008-11-12 11:01

The combofix log has limewire and soulseek on it, but I deleted those a while ago.

The combofix log has limewire and soulseek on it, but I deleted those a while ago.

They always leave folders behind, don't worry :)
How are things running now ?

Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html

Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.


**Note**

To optimize scanning time and produce a more sensible report for review: Close any open programs.
Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

My computer restarted halfway through the scan for no reason. Is this possibly due to some spyware? I remember a while back, it was common for my computer to restart while I was sleeping at night (I always left the computer on); when I got on my computer the next morning, it was on the login screen for windows xp. I just want to know if it is spyware since I don't want to waste another 1.5 hours just to see it restart again.

Aside from that, after i did the combofix and restarted, clicking on google links doesn't redirect me to random advertising sites anymore.

A few more things that I want to mention:

Before my computer restarted, I think there about were 4 named threats (or whatever it is called) and 8 infections detected.

Also, I ran spybot and there is no more "Win32.TDSS.rtk" but there is still “Microsoft.WindowsSecurityCenter_disabled” (but everything in the windows security center is disabled, like the firewall etc.). Also, there was something called "doubleclick," which I might have gotten because I was browsing the internet (it was a cookie entry).

Do you think it's safe to log into email accounts and other accounts now? Or is there still a chance that something will steal my passwords?

Sorry, just one more thing. When my computer restarted, the virus scan was scanning a drive other than the C drive (I think it was D). It actually detected an infection on my D drive. I've never had any viruses detected on my D and E drive in the past and I deleted all cracks etc. from those drives.

The computer rebooting could be caused by many things, I doubt it was spyware though.

The security center disabled isn't automatically a bad thing,
if you know about it, and/or disabled it yourself, then there is no problem.

Kaspersky lets you choose which drive to scan, so scan the drives separately and post each log individually.

There is no sign of active infection now, I am just checking for leftovers.
You should be safe to use the computer normally.

I attached the html file (it is zipped) for the scan on my C drive. My D and E drive had no infections. I ran Kaspersky with my norton antivirus on, though. What problems could this have caused?

I ran Kaspersky with my norton antivirus on, though. What problems could this have caused?

No problems as such, it can slow the scan down though.



OTMoveIt
Please download OTM by OldTimer (http://oldtimer.geekstogo.com/OTM.exe) and save it to your desktop

Double-click OTM.exe to run it.
Copy the lines in the codebox below. ( Make sure you include :Processes )



:Processes
:Files
C:\Documents and Settings\Alex\Application Data\Sun\Java\Deployment\cache\6.0\44\*.* /s
C:\Documents and Settings\Alex\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-51fad18-57cc5087.zip
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\K5IN8TEN\Macromedia_Flash[1].exe
:Commands
[Purity]
[EmptyTemp]


Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.


- Close ALL open windows (especially Internet Explorer!)-
Click the red Moveit! button.
Copy everything in the Results window (under the green bar), and paste it in your next reply.
Close OTM


If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

All processes killed
========== PROCESSES ==========
========== FILES ==========
C:\Documents and Settings\Alex\Application Data\Sun\Java\Deployment\cache\6.0\44\1500b6ac-2f60fe3d moved successfully.
C:\Documents and Settings\Alex\Application Data\Sun\Java\Deployment\cache\6.0\44\1500b6ac-2f60fe3d.idx moved successfully.
C:\Documents and Settings\Alex\Application Data\Sun\Java\Deployment\cache\6.0\44\1500b6ac-481992ff moved successfully.
C:\Documents and Settings\Alex\Application Data\Sun\Java\Deployment\cache\6.0\44\1500b6ac-481992ff.idx moved successfully.
C:\Documents and Settings\Alex\Application Data\Sun\Java\Deployment\cache\6.0\44\1500b6ac-67d61c14 moved successfully.
C:\Documents and Settings\Alex\Application Data\Sun\Java\Deployment\cache\6.0\44\1500b6ac-67d61c14.idx moved successfully.
C:\Documents and Settings\Alex\Application Data\Sun\Java\Deployment\cache\6.0\44\1500b6ac-781cfae0 moved successfully.
C:\Documents and Settings\Alex\Application Data\Sun\Java\Deployment\cache\6.0\44\1500b6ac-781cfae0.idx moved successfully.
C:\Documents and Settings\Alex\Application Data\Sun\Java\Deployment\cache\6.0\44\232f2a6c-44175c49 moved successfully.
C:\Documents and Settings\Alex\Application Data\Sun\Java\Deployment\cache\6.0\44\232f2a6c-44175c49.idx moved successfully.
C:\Documents and Settings\Alex\Application Data\Sun\Java\Deployment\cache\6.0\44\232f2a6c-64e88299 moved successfully.
C:\Documents and Settings\Alex\Application Data\Sun\Java\Deployment\cache\6.0\44\232f2a6c-64e88299.idx moved successfully.
C:\Documents and Settings\Alex\Application Data\Sun\Java\Deployment\cache\6.0\44\232f2a6c-6718f3bf moved successfully.
C:\Documents and Settings\Alex\Application Data\Sun\Java\Deployment\cache\6.0\44\232f2a6c-6718f3bf.idx moved successfully.
C:\Documents and Settings\Alex\Application Data\Sun\Java\Deployment\cache\6.0\44\232f2a6c-7d1fb929 moved successfully.
C:\Documents and Settings\Alex\Application Data\Sun\Java\Deployment\cache\6.0\44\232f2a6c-7d1fb929.idx moved successfully.
C:\Documents and Settings\Alex\Application Data\Sun\Java\Deployment\cache\6.0\44\34935bac-2a055d10 moved successfully.
C:\Documents and Settings\Alex\Application Data\Sun\Java\Deployment\cache\6.0\44\34935bac-2a055d10.idx moved successfully.
C:\Documents and Settings\Alex\Application Data\Sun\Java\Deployment\cache\6.0\44\34935bac-4013a67b moved successfully.
C:\Documents and Settings\Alex\Application Data\Sun\Java\Deployment\cache\6.0\44\34935bac-4013a67b.idx moved successfully.
C:\Documents and Settings\Alex\Application Data\Sun\Java\Deployment\cache\6.0\44\50f3f12c-1696c731 moved successfully.
C:\Documents and Settings\Alex\Application Data\Sun\Java\Deployment\cache\6.0\44\50f3f12c-1696c731.idx moved successfully.
C:\Documents and Settings\Alex\Application Data\Sun\Java\Deployment\cache\6.0\44\56a96bec-2bf0186d moved successfully.
C:\Documents and Settings\Alex\Application Data\Sun\Java\Deployment\cache\6.0\44\56a96bec-2bf0186d.idx moved successfully.
C:\Documents and Settings\Alex\Application Data\Sun\Java\Deployment\cache\6.0\44\56a96bec-39e2cbf3 moved successfully.
C:\Documents and Settings\Alex\Application Data\Sun\Java\Deployment\cache\6.0\44\56a96bec-39e2cbf3.idx moved successfully.
C:\Documents and Settings\Alex\Application Data\Sun\Java\Deployment\cache\6.0\44\64d2ecec-6bf29abd moved successfully.
C:\Documents and Settings\Alex\Application Data\Sun\Java\Deployment\cache\6.0\44\64d2ecec-6bf29abd.idx moved successfully.
C:\Documents and Settings\Alex\Application Data\Sun\Java\Deployment\cache\6.0\44\64d2ecec-6d4e685e moved successfully.
C:\Documents and Settings\Alex\Application Data\Sun\Java\Deployment\cache\6.0\44\64d2ecec-6d4e685e.idx moved successfully.
C:\Documents and Settings\Alex\Application Data\Sun\Java\Deployment\cache\6.0\44\6a59012c-3ba0ffcc moved successfully.
C:\Documents and Settings\Alex\Application Data\Sun\Java\Deployment\cache\6.0\44\6a59012c-3ba0ffcc.idx moved successfully.
C:\Documents and Settings\Alex\Application Data\Sun\Java\Deployment\cache\6.0\44\6a59012c-4851f9a8 moved successfully.
C:\Documents and Settings\Alex\Application Data\Sun\Java\Deployment\cache\6.0\44\6a59012c-4851f9a8.idx moved successfully.
C:\Documents and Settings\Alex\Application Data\Sun\Java\Deployment\cache\6.0\44\772676c-317ef9c2 moved successfully.
C:\Documents and Settings\Alex\Application Data\Sun\Java\Deployment\cache\6.0\44\772676c-317ef9c2.idx moved successfully.
C:\Documents and Settings\Alex\Application Data\Sun\Java\Deployment\cache\6.0\44\772676c-33ba802c.idx moved successfully.
C:\Documents and Settings\Alex\Application Data\Sun\Java\Deployment\cache\6.0\44\772676c-374ec35b moved successfully.
C:\Documents and Settings\Alex\Application Data\Sun\Java\Deployment\cache\6.0\44\772676c-374ec35b.idx moved successfully.
C:\Documents and Settings\Alex\Application Data\Sun\Java\Deployment\cache\6.0\44\772676c-48f860ed moved successfully.
C:\Documents and Settings\Alex\Application Data\Sun\Java\Deployment\cache\6.0\44\772676c-48f860ed.idx moved successfully.
C:\Documents and Settings\Alex\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-51fad18-57cc5087.zip moved successfully.
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\K5IN8TEN\Macromedia_Flash[1].exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Alex
->Temp folder emptied: 74700225 bytes
->Temporary Internet Files folder emptied: 3610341 bytes
->Java cache emptied: 93163437 bytes
->FireFox cache emptied: 97236614 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 81647 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
C:\WINDOWS\85EBB28365AF4C539EBE7C0A232762F7.TMP folder deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
%systemroot% .tmp files removed: 1420036 bytes
%systemroot%\System32 .tmp files removed: 688657 bytes
Windows Temp folder emptied: 32167 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 258.41 mb


OTM by OldTimer - Version 3.0.0.5 log created on 07282009_133046

Files moved on Reboot...

Registry entries deleted on Reboot...

Can you recommend me a good free antivirus program? I'm looking for features such as autoprotect/live protection, email protection, live updates etc.

I read about avast, and it seems to be better than AVG and avira. What do you think of it?

I read about avast, and it seems to be better than AVG and avira. What do you think of it?

I use Avast, ..... that should tell you enough about it :)


Congratulations your logs look clean :)

Let's see if I can help you keep it that way

First lets tidy up



Uninstall Combofix
This will clear your System Volume Information restore points and remove all the infected files that were quarantined
Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
http://i189.photobucket.com/albums/z176/EPL47/CF_Cleanup.png




Uninstall OTMoveIt (OTM.exe)
Open OTMoveIt Click Cleanup,
When a box pops up click YES.


You can also delete any logs we have produced, and empty your Recycle bin.

----------------------------------------------------------- -----------------------------------------------------------

The following is some info to help you stay safe and clean.


You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.
( Vista users must ensure that any programs are Vista compatible BEFORE installing )

Online Scanners
I would recommend a scan at one or more of the following sites at least once a month.

http://www.pandasecurity.com/activescan
http://www.kaspersky.com/kos/eng/partner/71706/kavwebscan.html

!!! Make sure that all your programs are updated !!!
Secunia Software Inspector does all the work for you, .... see HERE (http://secunia.com/software_inspector/) for details

AntiSpyware
AntiSpyware is not the same thing as Antivirus.
Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
Most of the programs in this list have a free (for Home Users ) and paid versions,
it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
Spybot - Search & Destroy (http://www.safer-networking.org/) <<< A must have program It includes host protection and registry protection A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
MalwareBytes Anti-malware (http://www.malwarebytes.org/mbam.php) <<< A New and effective program
a-squared Free (http://www.emsisoft.com/en/software/free/) <<< A good "realtime" or "on demand" scanner
superantispyware (http://www.superantispyware.com/) <<< A good "realtime" or "on demand" scanner

Prevention
These programs don't detect malware, they help stop it getting on your machine in the first place.
Each does a different job, so you can have more than one
Winpatrol (http://www.winpatrol.com) An excellent startup manager and then some !! Notifies you if programs are added to startup Allows delayed startup A must have addition
SpywareBlaster 4.0 (http://www.javacoolsoftware.com/spywareblaster.html) SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
SpywareGuard 2.2 (http://www.javacoolsoftware.com/spywareguard.html) SpywareGuard provides real-time protection against spyware. Not required if you have other "realtime" antispyware or Winpatrol
ZonedOut (http://www.funkytoad.com/index.php?option=com_content&view=article&id=15&Itemid=33) Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
MVPS HOSTS (http://www.mvps.org/winhelp2002/hosts.zip) This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial (http://www.mvps.org/winhelp2002/hosts.htm) by WinHelp2002. Not required if you are using other host file protections

Internet Browsers
Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.
Using a different web browser can help stop malware getting on your machine.

Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.

Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialise and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.

Next press the Apply button and then the OK to exit the Internet Properties page.

If you are still using IE6 then either update, or get one of the following.
FireFox (http://www.mozilla.com/en-US/firefox/) With many addons available that make customization easy this is a very popular choice NoScript and AdBlockPlus addons are essential
Opera (http://www.opera.com/) Another popular alternative
Netscape (http://browser.netscape.com/addons) Another popular alternative Also has Addons available

Cleaning Temporary Internet Files and Tracking Cookies
Temporary Internet Files are mainly the files that are downloaded when you open a web page.
Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.
It is a good idea to empty the Temporary Internet Files folder on a regular basis.

Tracking Cookies are files that websites use to monitor which sites you visit and how often.
A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.
CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords

Both of these can be cleaned manually, but a quicker option is to use a program
ATF Cleaner (http://www.atribune.org/index.php?option=com_content&task=view&id=25&Itemid=25) Free and very simple to use
CCleaner (http://www.ccleaner.com/) Free and very flexible, you can chose which cookies to keep

Also PLEASE read this article.....So How Did I Get Infected In The First Place (http://forum.malwareremoval.com/viewtopic.php?t=4959)

The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.

If you follow this advice then (with a bit of luck) you will never have to hear from me again :D


If you could post back one more time to let me know everything is OK, then I can have this thread archived.

Happy surfing K'

As far as I can tell, there are no more problems.

Thank you so much for your help!

I have some questions, though.

Do you recommend that I turn windows firewall on? Does it actually matter?

Should I use spybot’s teatimer as my realtime spyware scanner (I have spyware blaster, but I’m guessing that works differently)? Is it actually good (it’s extremely resource intensive)? What would be better for realtime scanning? If I use teatimer, should I put a check next to “use source whitelists” and “use entry black and white lists”?

One more thing- for avast, should I put he sensitivity for everything (resident protection, instant messenging etc.) on the highest setting? What problems could this cause?

Thanks again for all the help.

1) Do you recommend that I turn windows firewall on? Does it actually matter?
~
It depends, if you have a router then it won't make much difference.
A third party firewall is better than Windows firewall

2) Should I use spybot’s teatimer as my realtime spyware scanner (I have spyware blaster, but I’m guessing that works differently)? Is it actually good (it’s extremely resource intensive)? If I use teatimer, should I put a check next to “use source whitelists” and “use entry black and white lists”?
~
Teatimer isn't a spyware scanner as such, it just monitors the registry for changes.
It is good yes.
I don't know of any free realtime scanners.
Yes, you should use those lists.

3) One more thing- for avast, should I put he sensitivity for everything (resident protection, instant messenging etc.) on the highest setting? What problems could this cause?
~
the highest setting should be "High", you should leave it set at that.

I have a router, and I think it has a firewall (do most routers have firewalls?). Does that mean I don't need to use the windows firewall? Would it do anything if I turned it on?

1) do most routers have firewalls?
2) Does that mean I don't need to use the windows firewall?
3) Would it do anything if I turned it on?

1) Yes
2) Correct
3) Slow your machine down for no benefit.

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.