disapearing Task bar, Rookkit, computer getting attacked [Solved]

(Update)** Ok just updated Malware bytes and ran another scan, it found some crazy unwanted crap:

Malwarebytes' Anti-Malware 1.39
Database version: 2421
Windows 5.1.2600 Service Pack 3

7/15/2009 10:39:53 AM
mbam-log-2009-07-15 (10-39-53).txt

Scan type: Full Scan (C:\|)
Objects scanned: 155333
Time elapsed: 1 hour(s), 25 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)




It seems my registry keys are also infected and keep on producing the same unwanted programs somehow? I am not sure but i keep on getting the same results and now its affecting my voip line, not sure if malware fixed the problem but im running another scan now! I keep on getting "TROJAN.VUNDO.H" and an occasional rootkit, someone is definitely trying to crack my machine.


I ran hijackthis again, here is my new file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:47:23 AM, on 7/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
D:\SketchBook Pro\AliasSketchSnap.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Cold\Application Data\mjusbsp\st00000\mjsetup.exe
C:\Documents and Settings\Cold\Application Data\mjusbsp\magicJack.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R3 - URLSearchHook: (no name) - CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: X1IEHook Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll (file missing)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB001" /M "Stylus CX4800"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Cold\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKUS\S-1-5-19\..\Run: [zohilotote] Rundll32.exe "C:\WINDOWS\system32\hokabotu.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [zohilotote] Rundll32.exe "C:\WINDOWS\system32\hokabotu.dll",s (User 'NETWORK SERVICE')
O4 - Global Startup: Alias SketchBook Snapshot.lnk = D:\SketchBook Pro\AliasSketchSnap.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....es/MSNPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by138fd.bay13...ex/HMAtchmt.ocx
O20 - AppInit_DLLs:
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - D:\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: SupportSoft Listener Service (sprtlisten) - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9960 bytes


Id appreciate help soon, thank you. =-]

Hello, JMonsterDesign, and welcome to GeeksToGo!

• Download OTL to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Hi Handhfan, I appreciate your help in this matter I ran a scan for you and here are the 2 files:

OTL:

OTL logfile created on: 7/16/2009 10:18:20 PM - Run 1
OTL by OldTimer - Version 3.0.8.0 Folder = C:\Documents and Settings\Cold\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

765.98 Mb Total Physical Memory | 230.84 Mb Available Physical Memory | 30.14% Memory free
1.83 Gb Paging File | 1.31 Gb Available in Paging File | 71.52% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.21 Gb Total Space | 13.65 Gb Free Space | 39.89% Space Free | Partition Type: NTFS
Drive D: | 76.69 Gb Total Space | 26.50 Gb Free Space | 34.55% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 1.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
Drive H: | 17.59 Mb Total Space | 17.24 Mb Free Space | 98.00% Space Free | Partition Type: FAT
I: Drive not present or media not loaded

Computer Name: VELOZITY
Current User Name: Cold
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Computer, Inc.)
PRC - C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\PnkBstrA.exe ()
PRC - C:\WINDOWS\System32\PSIService.exe ()
PRC - C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Windows OneCare Live\winss.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe (Microsoft Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
PRC - C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
PRC - C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Program Files\Spyware Doctor\swdoctor.exe (PCTools)
PRC - D:\SketchBook Pro\AliasSketchSnap.exe (Alias Systems)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Documents and Settings\Cold\Application Data\mjusbsp\magicJack.exe (magicJack L.P.)
PRC - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Cold\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Adobe LM Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Computer, Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (msfwsvc [Auto | Running]) -- C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe (Microsoft Corporation)
SRV - (NBService [On_Demand | Stopped]) -- D:\Nero\Nero 7\Nero BackItUp\NBService.exe (Nero AG)
SRV - (NetSvc [On_Demand | Stopped]) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe (Intel® Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NMIndexingService [On_Demand | Running]) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
SRV - (OcHealthMon [Auto | Running]) -- C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe (Microsoft Corporation)
SRV - (OneCareMP [Auto | Running]) -- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe (Microsoft Corporation)
SRV - (PnkBstrA [Auto | Running]) -- C:\WINDOWS\System32\PnkBstrA.exe ()
SRV - (ProtexisLicensing [Auto | Running]) -- C:\WINDOWS\System32\PSIService.exe ()
SRV - (sprtlisten [Auto | Running]) -- C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe (SupportSoft, Inc.)
SRV - (StarWindServiceAE [Auto | Running]) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
SRV - (SupportSoft RemoteAssist [Auto | Stopped]) -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe (SupportSoft, Inc.)
SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (winss [Auto | Running]) -- C:\Program Files\Microsoft Windows OneCare Live\winss.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AliIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (asc [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (bvrp_pci [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\bvrp_pci.sys ()
DRV - (CmdIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (dac2w2k [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (E100B [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (ElbyCDFL [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV - (ElbyCDIO [System | Running]) -- C:\WINDOWS\System32\Drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (HSFHWBS2 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (HSF_DP [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (MODEMCSA [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (MpFilter [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\MpFilter.sys (Microsoft Corporation)
DRV - (mraid35x [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (MSFWDrv [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\msfwdrv.sys (Microsoft Corporation)
DRV - (MSFWHLPR [System | Running]) -- C:\WINDOWS\System32\DRIVERS\msfwhlpr.sys (Microsoft Corporation)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql1080 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (rtl8139 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (senfilt [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\senfilt.sys (Creative Technology Ltd.)
DRV - (sisagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (smwdm [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (Sparrow [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sptd [Boot | Running]) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (symc810 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_hi [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (ultra [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (usbaudio [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (wanatw [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys (America Online, Inc.)
DRV - (winachsf [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - URLSearchHook: CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....r=ytff-msgr&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-msgr"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-msgr"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.4.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11
FF - prefs.js..extensions.enabledItems: {c1dffba0-628e-11d9-9669-0800200c9a66}:3.0.4
FF - prefs.js..keyword.URL: "http://search.sweeti...h.asp?src=2&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.yahoo....r=ytff-msgr&p="


FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/02 03:00:50 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/06/27 21:08:45 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/06/13 05:02:55 | 00,000,000 | ---D | M]

[2009/01/24 15:14:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cold\Application Data\mozilla\Extensions
[2009/01/24 15:14:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cold\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/07/16 08:53:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cold\Application Data\mozilla\Firefox\Profiles\bhqnq7vj.default\extensions
[2009/07/02 16:39:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cold\Application Data\mozilla\Firefox\Profiles\bhqnq7vj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/06/13 22:55:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cold\Application Data\mozilla\Firefox\Profiles\bhqnq7vj.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/01/24 15:14:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cold\Application Data\mozilla\Firefox\Profiles\bhqnq7vj.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}
[2009/04/15 05:17:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cold\Application Data\mozilla\Firefox\Profiles\bhqnq7vj.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2009/06/13 22:55:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cold\Application Data\mozilla\Firefox\Profiles\bhqnq7vj.default\extensions\[email protected]
[2009/04/15 05:17:11 | 00,003,915 | ---- | M] () -- C:\Documents and Settings\Cold\Application Data\Mozilla\FireFox\Profiles\bhqnq7vj.default\searchplugins\sweetim.xml
[2009/07/16 08:53:48 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/06/13 05:02:55 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/08/19 16:28:42 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2009/06/13 05:02:43 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/06/13 05:02:43 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2007/04/30 16:29:22 | 00,049,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2007/08/15 16:30:54 | 00,717,312 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2007/09/05 17:03:36 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2007/10/11 14:17:50 | 01,435,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2009/06/13 05:02:48 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/05/10 22:52:34 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008/05/29 23:05:47 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2008/05/29 23:05:47 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2008/05/29 23:05:47 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2008/05/29 23:05:48 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2008/05/29 23:05:48 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2008/05/29 23:05:48 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2008/05/29 23:05:48 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2005/08/09 12:42:53 | 00,057,344 | ---- | M] (America Online, Inc.) -- C:\Program Files\mozilla firefox\plugins\npunagi2.dll
[2007/04/16 11:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2009/02/19 13:33:08 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/02/19 13:33:08 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/07/14 06:17:38 | 00,001,489 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml
[2009/02/19 13:33:08 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/02/19 13:33:08 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/02/19 13:33:08 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/02/19 13:33:08 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (X1IEHook Class) - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll File not found
O2 - BHO: (PCTools Site Guard) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\Program Files\Spyware Doctor\tools\iesdsg.dll (PC Tools)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (PCTools Browser Monitor) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\Program Files\Spyware Doctor\tools\iesdpb.dll (GuideWorks Pty. Ltd.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll (Google)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {ECDEE021-0D17-467F-A1FF-C7A115230949} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll File not found
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [OneCareUI] C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe ()
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [cdloader] C:\Documents and Settings\Cold\Application Data\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKCU..\Run: [Spyware Doctor] C:\Program Files\Spyware Doctor\swdoctor.exe (PCTools)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Alias SketchBook Snapshot.lnk = D:\SketchBook Pro\AliasSketchSnap.exe (Alias Systems)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\Program Files\Spyware Doctor\tools\iesdpb.dll (GuideWorks Pty. Ltd.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} http://messenger.zon...kr.cab31267.cab (Checkers Class)
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} http://messenger.zon...nt.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zon...nt.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zon...ro.cab32846.cab (ZoneIntro Class)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} http://by138fd.bay13...ex/HMAtchmt.ocx (Hotmail Attachments Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O29 - HKLM SecurityProviders - (digeste.dll) - File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/07/21 07:20:07 | 00,027,992 | R--- | M] (magicJack L.P.) - F:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/07/21 07:20:07 | 00,016,158 | R--- | M] () - F:\autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2008/07/21 07:20:07 | 00,000,308 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2008/07/21 07:20:07 | 00,706,144 | R--- | M] (magicJack L.P.) - F:\autorunu.exe -- [ CDFS ]
O32 - AutoRun File - [2008/06/10 15:12:12 | 00,000,270 | ---- | M] () - H:\autorun.inf -- [ FAT ]
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\INSTALL.EXE id=10000017000012000002 ver=1.0.0.0 -- File not found
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\autorun.exe -- [2008/07/21 07:20:07 | 00,027,992 | R--- | M] (magicJack L.P.)
O33 - MountPoints2\F\Shell\phone\command - "" = F:\autorun.exe -- [2008/07/21 07:20:07 | 00,027,992 | R--- | M] (magicJack L.P.)

========== Files/Folders - Created Within 30 Days ==========

[12 C:\WINDOWS\*.tmp files]
[2099/01/01 12:00:00 | 00,011,168 | -H-- | C] () -- C:\WINDOWS\System32\tefihupu
[2009/07/16 21:28:59 | 00,514,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Cold\Desktop\OTL.exe
[2009/07/15 09:12:20 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/14 21:56:34 | 24,539,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/07/14 09:03:37 | 00,000,768 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2009/07/14 06:39:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/07/14 06:39:24 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2009/07/14 06:33:37 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/07/14 03:03:37 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/07/05 20:11:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Cold\My Documents\DivX Movies
[2009/07/05 16:31:58 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/07/05 16:30:16 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
[2009/07/05 16:30:12 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieproxy.dll
[2009/07/05 16:30:12 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpshims.dll
[2009/07/05 16:30:11 | 01,985,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2009/07/05 16:30:06 | 11,064,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2009/06/24 10:31:04 | 00,091,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msfwdrv.sys
[2009/06/24 10:30:58 | 00,116,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msfwhlpr.sys
[2009/06/24 10:29:55 | 00,053,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MpFilter.sys
[2009/06/24 10:27:18 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows OneCare Live
[2009/06/24 10:22:08 | 00,000,000 | ---D | C] -- C:\WINSSLog
[2009/06/24 10:19:21 | 00,000,000 | ---D | C] -- C:\Program Files\sys
[2009/06/20 02:37:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Cold\My Documents\HTML
[2009/03/20 09:44:17 | 01,800,315 | -HS- | C] () -- C:\WINDOWS\System32\idagebup.ini
[2009/03/19 21:44:09 | 01,800,315 | -HS- | C] () -- C:\WINDOWS\System32\otaragip.ini
[2009/01/11 09:07:21 | 00,000,035 | ---- | C] () -- C:\WINDOWS\WorldBuilder.INI
[2008/12/31 18:10:46 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/08/01 22:20:00 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/08/01 22:20:00 | 01,499,136 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/08/01 22:20:00 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/08/01 22:20:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/07/17 16:07:16 | 00,000,131 | ---- | C] () -- C:\WINDOWS\kaillera.ini
[2008/06/11 10:02:34 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/06/11 10:02:34 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/06/11 10:02:34 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/06/11 10:02:34 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/06/11 10:02:34 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/06/11 10:02:34 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/06/11 10:02:32 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/06/11 10:02:32 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/06/11 10:02:32 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/06/05 09:58:26 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/05/13 13:40:51 | 00,716,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/03/20 13:32:15 | 00,000,820 | ---- | C] () -- C:\WINDOWS\vampire.ini
[2008/02/28 21:52:39 | 00,000,143 | ---- | C] () -- C:\WINDOWS\APOapp.INI
[2008/02/09 00:21:20 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2008/02/09 00:21:19 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2008/02/09 00:21:17 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2007/10/21 01:54:01 | 00,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/08/20 18:26:52 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2007/08/20 18:26:52 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2007/08/15 16:30:26 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/08/03 21:31:35 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/08/02 22:29:38 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/07/18 22:51:15 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/05/28 16:28:04 | 00,000,056 | RHS- | C] () -- C:\WINDOWS\System32\A89FCFE01D.sys
[2007/05/20 16:42:22 | 00,000,008 | RHS- | C] () -- C:\WINDOWS\System32\1DE0CF9FA8.sys
[2007/05/05 03:24:42 | 00,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2007/04/22 18:15:29 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/01/24 17:57:58 | 00,270,336 | ---- | C] () -- C:\WINDOWS\System32\ARThumb.dll
[2006/08/20 17:36:47 | 00,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2006/08/20 17:35:27 | 00,000,025 | ---- | C] () -- C:\WINDOWS\EPCX4800.ini
[2006/06/29 22:02:10 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/03/23 15:38:49 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/02/27 20:45:16 | 00,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/02/27 19:29:40 | 00,005,798 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/02/27 19:29:40 | 00,000,056 | RHS- | C] () -- C:\WINDOWS\System32\56D8D645B9.sys
[2006/01/18 09:41:17 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/01/18 09:20:19 | 00,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/01/18 08:58:02 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2006/01/18 08:58:00 | 00,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/10 13:12:05 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:01:18 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 12:51:28 | 00,000,897 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/10 12:51:26 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2002/10/15 16:54:04 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2002/03/13 17:46:46 | 00,053,248 | R--- | C] () -- C:\WINDOWS\System32\zlib.dll

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[12 C:\WINDOWS\*.tmp files]
[2009/07/16 21:28:59 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cold\Desktop\OTL.exe
[2009/07/16 02:10:21 | 00,000,979 | ---- | M] () -- C:\Documents and Settings\Cold\Desktop\magicJack.lnk
[2009/07/16 02:09:17 | 00,193,504 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/07/16 02:08:56 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/07/16 02:06:44 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/07/16 02:06:39 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/07/15 21:49:11 | 03,791,154 | -H-- | M] () -- C:\Documents and Settings\Cold\Local Settings\Application Data\IconCache.db
[2009/07/15 09:12:20 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/14 21:58:03 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/07/14 10:11:36 | 00,000,924 | ---- | M] () -- C:\Documents and Settings\Cold\Desktop\DVD Movies.rtf
[2009/07/14 09:03:37 | 00,000,768 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2009/07/14 05:46:49 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/07/14 04:40:35 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\tefihupu
[2009/07/13 13:36:34 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/13 13:36:12 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/08 21:02:03 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/07/07 08:10:58 | 24,539,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/07/05 21:00:57 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/07/05 21:00:45 | 00,045,568 | ---- | M] () -- C:\Documents and Settings\Cold\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/20 02:37:09 | 00,005,798 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 852 bytes -> C:\WINDOWS\System32\drivers\eprrlnyq.sys:changelist
@Alternate Data Stream - 752 bytes -> C:\WINDOWS\System32\drivers\iaqhponh.sys:changelist
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >










Extras:

OTL Extras logfile created on: 7/16/2009 10:18:20 PM - Run 1
OTL by OldTimer - Version 3.0.8.0 Folder = C:\Documents and Settings\Cold\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

765.98 Mb Total Physical Memory | 230.84 Mb Available Physical Memory | 30.14% Memory free
1.83 Gb Paging File | 1.31 Gb Available in Paging File | 71.52% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.21 Gb Total Space | 13.65 Gb Free Space | 39.89% Space Free | Partition Type: NTFS
Drive D: | 76.69 Gb Total Space | 26.50 Gb Free Space | 34.55% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 1.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
Drive H: | 17.59 Mb Total Space | 17.24 Mb Free Space | 98.00% Space Free | Partition Type: FAT
I: Drive not present or media not loaded

Computer Name: VELOZITY
Current User Name: Cold
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"8085:TCP" = 8085:TCP:*:Enabled:sys

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL File not found
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL File not found
C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL File not found
C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) File not found
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) File not found
C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)
C:\Program Files\Qwest\QuickConnect\QuickConnect.exe:*:Enabled:QuickConnect (Qwest Communications International Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\backburner 2\monitor.exe:*:Enabled:backburner 2.3 monitor (Discreet, a division of Autodesk, Inc.)
C:\Program Files\backburner 2\manager.exe:*:Enabled:backburner 2.3 manager (Discreet, a division of Autodesk, Inc.)
C:\Program Files\backburner 2\server.exe:*:Enabled:backburner 2.3 server (Discreet, a division of Autodesk, Inc.)
C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger File not found
C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server File not found
C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) File not found
C:\Documents and Settings\Cold\Desktop\utorrent.exe:*:Enabled:µTorrent File not found
C:\Program Files\BitTorrent_DNA\dna.exe:*:Enabled:DNA File not found
D:\BitTornado\btdownloadgui.exe:*:Enabled:BitTornado ()
D:\Program Files\Adobe\Adobe Photoshop CS3\Photoshop.exe:*:Enabled:Adobe Photoshop CS3 (Adobe Systems, Incorporated)
D:\ArtRage 2\ArtRage.exe:*:Enabled:ArtRage (Ambient Design Ltd.)
D:\ArtRage 2\ArtRageUpdater.exe:*:Enabled:ArtRage Updater File not found
D:\Corel Painter X\Painter X.exe:*:Enabled:Painter X (Corel Corporation)
C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent (BitTorrent, Inc.)
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger (Yahoo! Inc.)
C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup (Nero AG)
C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox (Mozilla Corporation)
C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe File not found
C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe File not found
C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe File not found
C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader File not found
D:\monitor.exe:*:Enabled:backburner 2.3 monitor File not found
D:\manager.exe:*:Enabled:backburner 2.3 manager File not found
D:\server.exe:*:Enabled:backburner 2.3 server File not found
D:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade (IGN Entertainment, Inc.)
D:\UT2004Demo\System\UT2004.exe:*:Enabled:UT2004 File not found
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) File not found
C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)
C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger (Microsoft Corporation)
C:\WINDOWS\explorer.exe:*:Enabled:Explorer (Microsoft Corporation)
C:\WINDOWS\system32\logon.scr:*:Enabled:logon (Microsoft Corporation)
C:\Program Files\Windows Live\Contacts\wlcomm.exe:*:Enabled:wlcomm (Microsoft Corporation)
C:\Program Files\Qwest\QuickConnect\QuickConnect.exe:*:Enabled:QuickConnect (Qwest Communications International Inc.)
C:\Documents and Settings\All Users\Application Data\19750314\19750314.exe:*:Enabled:19750314 File not found
C:\Documents and Settings\Cold\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack (magicJack L.P.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Spyware Doctor_is1" = Spyware Doctor 3.2

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"IMVU Avatar chat client software BETA" = IMVU Avatar Chat Software
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/25/2009 9:32:20 PM | Computer Name = VELOZITY | Source = Application Hang | ID = 1002
Description = Hanging application wpwin12.exe, version 12.0.0.389, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/26/2009 4:32:18 AM | Computer Name = VELOZITY | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 1/26/2009 3:06:45 PM | Computer Name = VELOZITY | Source = MPSampleSubmission | ID = 5000
Description = EventType avsubmit, P1 microsoft onecare protection, P2 1.1.4205.0,
P3 1.49.2527.0, P4 1.49.2527.0, P5 virtool_win32_obfuscator.dz, P6 NIL, P7 NIL,
P8 NIL, P9 NIL, P10 NIL.

Error - 1/31/2009 9:27:42 PM | Computer Name = VELOZITY | Source = Application Hang | ID = 1002
Description = Hanging application Comrade.exe, version 1.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 7/14/2009 9:19:44 AM | Computer Name = VELOZITY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 7/14/2009 9:20:22 AM | Computer Name = VELOZITY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 7/14/2009 9:23:01 AM | Computer Name = VELOZITY | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PC Tools Security Service
service to connect.

Error - 7/14/2009 9:23:01 AM | Computer Name = VELOZITY | Source = Service Control Manager | ID = 7000
Description = The PC Tools Security Service service failed to start due to the following
error: %%1053

Error - 7/14/2009 9:24:13 AM | Computer Name = VELOZITY | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 7/14/2009 9:24:14 AM | Computer Name = VELOZITY | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 7/14/2009 9:28:07 AM | Computer Name = VELOZITY | Source = System Error | ID = 1003
Description = Error code 000000f4, parameter1 00000003, parameter2 83637c08, parameter3
83637d7c, parameter4 805fb046.

Error - 7/14/2009 10:57:26 AM | Computer Name = VELOZITY | Source = Service Control Manager | ID = 7034
Description = The PC Tools Security Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 7/15/2009 12:41:48 PM | Computer Name = VELOZITY | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring
the volume.

Error - 7/15/2009 12:42:37 PM | Computer Name = VELOZITY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde

[ Windows OneCare Events ]
Error - 6/24/2009 12:36:27 PM | Computer Name = VELOZITY | Source = WinSS | ID = 7001
Description = Failed executing wireless security check process. Error Code = 0x8a180109.

Error - 7/6/2009 5:16:37 PM | Computer Name = VELOZITY | Source = WinSS | ID = 7001
Description = Failed executing wireless security check process. Error Code = 0x8a190107.

Error - 7/14/2009 9:26:05 AM | Computer Name = VELOZITY | Source = WinSS | ID = 7001
Description = Failed executing wireless security check process. Error Code = 0x8a190107.


< End of report >


Hope this helps thanks, im looking forward tog etting my desktop back to normal!

Edited by JMonsterDesign, 16 July 2009 - 10:30 PM.

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

• Click NO
• In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
• Now click the Scan button.
  Once the scan is complete, you may receive another notice about rootkit activity.
• Click OK.
• GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
• Save it where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.

Hi here is the file your requested.


GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-17 08:34:23
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT spkg.sys ZwCreateKey [0xF74B90E0]
SSDT spkg.sys ZwEnumerateKey [0xF74D6CA2]
SSDT spkg.sys ZwEnumerateValueKey [0xF74D7030]
SSDT spkg.sys ZwOpenKey [0xF74B90C0]
SSDT spkg.sys ZwQueryKey [0xF74D7108]
SSDT spkg.sys ZwQueryValueKey [0xF74D6F88]
SSDT spkg.sys ZwSetValueKey [0xF74D719A]

INT 0x62 ? 83B6FBF8
INT 0x73 ? 839F7BF8
INT 0x73 ? 839F7BF8
INT 0x82 ? 83B6FBF8
INT 0xA4 ? 839F7BF8
INT 0xB4 ? 839F7BF8

---- Kernel code sections - GMER 1.0.15 ----

? spkg.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload F71C98AC 5 Bytes JMP 839F71D8
.text aqghfrsx.SYS F6A01384 1 Byte [20]
.text aqghfrsx.SYS F6A01384 37 Bytes [20, 00, 00, 68, 00, 00, 00, ...]
.text aqghfrsx.SYS F6A013AA 24 Bytes [00, 00, 20, 00, 00, E0, 00, ...]
.text aqghfrsx.SYS F6A013C4 3 Bytes [00, 00, 00]
.text aqghfrsx.SYS F6A013C9 1 Byte [00]
.text ...
? C:\DOCUME~1\Cold\LOCALS~1\Temp\mc23.tmp The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[184] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[184] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F110F5A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[184] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[184] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[184] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\hkcmd.exe[204] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\hkcmd.exe[204] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\system32\hkcmd.exe[204] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\hkcmd.exe[204] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\hkcmd.exe[204] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe[312] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe[312] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F110F5A
.text C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe[312] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe[312] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe[312] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\Explorer.EXE[336] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\Explorer.EXE[336] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\Explorer.EXE[336] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\Explorer.EXE[336] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\Explorer.EXE[336] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[392] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[392] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F110F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[392] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[392] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[392] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\nvsvc32.exe[476] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\nvsvc32.exe[476] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\system32\nvsvc32.exe[476] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\nvsvc32.exe[476] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\nvsvc32.exe[476] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe[516] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe[516] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F110F5A
.text C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe[516] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe[516] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe[516] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe[588] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe[588] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F110F5A
.text C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe[588] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe[588] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe[588] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\csrss.exe[612] KERNEL32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\csrss.exe[612] KERNEL32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\system32\csrss.exe[612] KERNEL32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\csrss.exe[612] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\csrss.exe[612] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\winlogon.exe[636] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\winlogon.exe[636] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\system32\winlogon.exe[636] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\winlogon.exe[636] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\winlogon.exe[636] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\services.exe[680] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\services.exe[680] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\system32\services.exe[680] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\services.exe[680] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\services.exe[680] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\lsass.exe[692] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\lsass.exe[692] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\system32\lsass.exe[692] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\lsass.exe[692] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\lsass.exe[692] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[816] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[816] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F110F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[816] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[816] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[816] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\svchost.exe[848] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[848] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\svchost.exe[928] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[928] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\ctfmon.exe[976] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\ctfmon.exe[976] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\system32\ctfmon.exe[976] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\ctfmon.exe[976] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\ctfmon.exe[976] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[1012] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[1012] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F110F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[1012] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[1012] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D
.text C:\Program Files\Mozilla Firefox\firefox.exe[1012] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[1012] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe[1020] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe[1020] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F110F5A
.text C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe[1020] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe[1020] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe[1020] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\svchost.exe[1068] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\svchost.exe[1068] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\System32\svchost.exe[1068] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\System32\svchost.exe[1068] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\svchost.exe[1068] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\system32\svchost.exe[1152] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\svchost.exe[1152] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[1152] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\svchost.exe[1180] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[1180] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\Program Files\Microsoft Windows OneCare Live\winss.exe[1240] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Microsoft Windows OneCare Live\winss.exe[1240] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F110F5A
.text C:\Program Files\Microsoft Windows OneCare Live\winss.exe[1240] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Microsoft Windows OneCare Live\winss.exe[1240] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Microsoft Windows OneCare Live\winss.exe[1240] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\PnkBstrA.exe[1276] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\PnkBstrA.exe[1276] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\system32\PnkBstrA.exe[1276] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\PnkBstrA.exe[1276] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\PnkBstrA.exe[1276] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\Program Files\Spyware Doctor\swdoctor.exe[1320] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Spyware Doctor\swdoctor.exe[1320] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F110F5A
.text C:\Program Files\Spyware Doctor\swdoctor.exe[1320] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Spyware Doctor\swdoctor.exe[1320] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Spyware Doctor\swdoctor.exe[1320] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\PSIService.exe[1380] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\PSIService.exe[1380] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\system32\PSIService.exe[1380] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\PSIService.exe[1380] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\PSIService.exe[1380] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\spoolsv.exe[1476] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\spoolsv.exe[1476] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\system32\spoolsv.exe[1476] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1476] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1476] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe[1552] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe[1552] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F110F5A
.text C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe[1552] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe[1552] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe[1552] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\Documents and Settings\Cold\Application Data\mjusbsp\magicJack.exe[1592] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Documents and Settings\Cold\Application Data\mjusbsp\magicJack.exe[1592] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F110F5A
.text C:\Documents and Settings\Cold\Application Data\mjusbsp\magicJack.exe[1592] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0D0F5A
.text C:\Documents and Settings\Cold\Application Data\mjusbsp\magicJack.exe[1592] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D
.text C:\Documents and Settings\Cold\Application Data\mjusbsp\magicJack.exe[1592] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\Documents and Settings\Cold\Application Data\mjusbsp\magicJack.exe[1592] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[1608] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[1608] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F110F5A
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[1608] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[1608] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[1608] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\svchost.exe[1628] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[1628] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text D:\SketchBook Pro\AliasSketchSnap.exe[1672] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text D:\SketchBook Pro\AliasSketchSnap.exe[1672] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F110F5A
.text D:\SketchBook Pro\AliasSketchSnap.exe[1672] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0D0F5A
.text D:\SketchBook Pro\AliasSketchSnap.exe[1672] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text D:\SketchBook Pro\AliasSketchSnap.exe[1672] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1720] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1720] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F110F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1720] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1720] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1720] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\Documents and Settings\Cold\Desktop\gmer.exe[1724] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Documents and Settings\Cold\Desktop\gmer.exe[1724] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F110F5A
.text C:\Documents and Settings\Cold\Desktop\gmer.exe[1724] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0D0F5A
.text C:\Documents and Settings\Cold\Desktop\gmer.exe[1724] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D
.text C:\Documents and Settings\Cold\Desktop\gmer.exe[1724] user32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\Documents and Settings\Cold\Desktop\gmer.exe[1724] user32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1884] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1884] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F110F5A
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1884] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1884] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1884] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe[1908] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe[1908] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F110F5A
.text C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe[1908] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe[1908] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe[1908] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[1948] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[1948] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F110F5A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[1948] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[1948] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[1948] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[1996] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[1996] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\system32\svchost.exe[1996] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\svchost.exe[1996] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[1996] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\igfxpers.exe[2044] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\igfxpers.exe[2044] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\system32\igfxpers.exe[2044] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\igfxpers.exe[2044] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\igfxpers.exe[2044] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2940] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2940] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2940] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2940] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2940] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2940] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3048] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3048] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F110F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3048] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3048] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3048] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3048] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\alg.exe[3180] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\alg.exe[3180] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\System32\alg.exe[3180] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\System32\alg.exe[3180] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D
.text C:\WINDOWS\System32\alg.exe[3180] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\alg.exe[3180] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[3416] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[3416] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F110F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[3416] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[3416] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[3416] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[3416] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\svchost.exe[3844] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\svchost.exe[3844] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\System32\svchost.exe[3844] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\System32\svchost.exe[3844] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D
.text C:\WINDOWS\System32\svchost.exe[3844] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\svchost.exe[3844] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 83B712D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F74E993C] spkg.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F74E9990] spkg.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74BA040] spkg.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74BA13C] spkg.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74BA0BE] spkg.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74BA7FC] spkg.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74BA6D2] spkg.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 839F72D8
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!RtlInitUnicodeString] 000000A5
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!swprintf] 000000E5
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!KeSetEvent] 000000F1
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 00000071
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!IoGetConfigurationInformation] 000000D8
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 00000031
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!MmFreeMappingAddress] 00000015
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 00000004
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 000000C7
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!MmUnmapIoSpace] 00000023
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 000000C3
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!IofCompleteRequest] 00000018
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!RtlCompareUnicodeString] 00000096
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!IofCallDriver] 00000005
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 0000009A
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] 00000007
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!IoConnectInterrupt] 00000012
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!IoDetachDevice] 00000080
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!KeWaitForSingleObject] 000000E2
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!KeInitializeEvent] 000000EB
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!KeCancelTimer] 00000027
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] 000000B2
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!RtlInitAnsiString] 00000075
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] 00000009
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!IoQueueWorkItem] 00000083
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!MmMapIoSpace] 0000002C
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 0000001A
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!IoReportDetectedDevice] 0000001B
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!IoReportResourceForDetection] 0000006E
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 0000005A
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!NlsMbCodePageTag] 000000A0
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!PoRequestPowerIrp] 00000052
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 0000003B
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 000000D6
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!sprintf] 000000B3
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 00000029
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!ObfDereferenceObject] 000000E3
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 0000002F
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 00000084
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!ZwClose] 00000053
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] 000000D1
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 00000000
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 000000ED
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 00000020
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!IoCreateDevice] 000000FC
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 000000B1
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 0000005B
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 0000006A
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!ZwOpenKey] 000000CB
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!RtlFreeUnicodeString] 000000BE
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!IoStartTimer] 00000039
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!KeInitializeTimer] 0000004A
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!IoInitializeTimer] 0000004C
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!KeInitializeDpc] 00000058
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!KeInitializeSpinLock] 000000CF
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!IoInitializeIrp] 000000D0
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!ZwCreateKey] 000000EF
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 000000AA
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 000000FB
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!ZwSetValueKey] 00000043
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!KeInsertQueueDpc] 0000004D
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 00000033
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!IoStartPacket] 00000085
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 00000045
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 000000F9
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!IoFreeMdl] 00000002
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!MmUnlockPages] 0000007F
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 00000050
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 0000003C
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 0000009F
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 000000A8
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!KeSynchronizeExecution] 00000051
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!IoStartNextPacket] 000000A3
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!KeBugCheckEx] 00000040
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] 0000008F
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!KeSetTimer] 00000092
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!_allmul] 0000009D
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!MmProbeAndLockPages] 00000038
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!_except_handler3] 000000F5
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!PoSetPowerState] 000000BC
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 000000B6
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 000000DA
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!RtlDeleteRegistryValue] 00000021
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!_aulldiv] 00000010
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!strstr] 000000FF
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!_strupr] 000000F3
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!KeQuerySystemTime] 000000D2
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 000000CD
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!KeTickCount] 0000000C
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 00000013
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!IoDeleteDevice] 000000EC
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 0000005F
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!IoAllocateWorkItem] 00000097
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!IoAllocateIrp] 00000044
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!IoAllocateMdl] 00000017
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 000000C4
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!MmLockPagableDataSection] 000000A7
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] 0000007E
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 0000003D
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!ExFreePoolWithTag] 00000064
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!IoFreeIrp] 0000005D
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!IoFreeWorkItem] 00000019
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!InitSafeBootMode] 00000073
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!RtlCompareMemory] 00000060
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!PoCallDriver] 00000081
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!memmove] 0000004F
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[ntoskrnl.exe!MmHighestUserAddress] 000000DC
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[HAL.dll!KfAcquireSpinLock] 000000AD
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[HAL.dll!READ_PORT_UCHAR] 000000D4
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[HAL.dll!KeGetCurrentIrql] 000000A2
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[HAL.dll!KfRaiseIrql] 000000AF
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[HAL.dll!KfLowerIrql] 0000009C
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[HAL.dll!HalGetInterruptVector] 000000A4
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[HAL.dll!HalTranslateBusAddress] 00000072
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[HAL.dll!KeStallExecutionProcessor] 000000C0
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[HAL.dll!KfReleaseSpinLock] 000000B7
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 000000FD
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[HAL.dll!READ_PORT_USHORT] 00000093
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 00000026
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[HAL.dll!WRITE_PORT_UCHAR] 00000036
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[WMILIB.SYS!WmiSystemControl] 000000F7
IAT \SystemRoot\System32\Drivers\aqghfrsx.SYS[WMILIB.SYS!WmiCompleteRequest] 000000CC

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 83B6E1F8
Device \FileSystem\Fastfat \FatCdrom 83614500

AttachedDevice \Driver\Tcpip \Device\Ip msfwhlpr.sys (OneCare Firewall Helper Driver/Microsoft Corporation)

Device \Driver\usbuhci \Device\USBPDO-0 839F61F8
Device \Driver\usbuhci \Device\USBPDO-1 839F61F8
Device \Driver\PCI_PNP3006 \Device\00000045 spkg.sys
Device \Driver\usbuhci \Device\USBPDO-2 839F61F8
Device \Driver\usbehci \Device\USBPDO-3 839D41F8
Device \Driver\USBSTOR \Device\00000061 835EB500

AttachedDevice \Driver\Tcpip \Device\Tcp msfwhlpr.sys (OneCare Firewall Helper Driver/Microsoft Corporation)

Device \Driver\USBSTOR \Device\00000062 835EB500
Device \Driver\USBSTOR \Device\00000063 835EB500
Device \Driver\Ftdisk \Device\HarddiskVolume1 83BDE1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 83BDE1F8
Device \Driver\Cdrom \Device\CdRom0 839BD1F8
Device \Driver\Cdrom \Device\CdRom1 839BD1F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 83BDE1F8
Device \Driver\Ftdisk \Device\HarddiskVolume4 83BDE1F8
Device \Driver\Cdrom \Device\CdRom2 839BD1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 835F5500
Device \Driver\NetBT \Device\NetbiosSmb 835F5500

AttachedDevice \Driver\Tcpip \Device\Udp msfwhlpr.sys (OneCare Firewall Helper Driver/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp msfwhlpr.sys (OneCare Firewall Helper Driver/Microsoft Corporation)

Device \Driver\sptd \Device\3923471756 spkg.sys
Device \Driver\usbuhci \Device\USBFDO-0 839F61F8
Device \Driver\usbuhci \Device\USBFDO-1 839F61F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 835FB500
Device \Driver\usbuhci \Device\USBFDO-2 839F61F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 835FB500
Device \Driver\usbehci \Device\USBFDO-3 839D41F8
Device \Driver\Ftdisk \Device\FtControl 83BDE1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{13DA4EF4-98D7-4BE1-B5D2-13DA8AE835DD} 835F5500
Device \Driver\aqghfrsx \Device\Scsi\aqghfrsx1Port2Path0Target0Lun0 837F11F8
Device \Driver\aqghfrsx \Device\Scsi\aqghfrsx1 837F11F8
Device \FileSystem\Fastfat \Fat 83614500

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 83A421F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x99 0xC8 0x2F 0xEB ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x12 0x36 0x28 0x32 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x28 0x79 0xDB 0x4D ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCF 0x12 0x82 0xA0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 1207647279
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -866142270
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x99 0xC8 0x2F 0xEB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x12 0x36 0x28 0x32 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x28 0x79 0xDB 0x4D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCF 0x12 0x82 0xA0 ...
Reg HKLM\SYSTEM\ControlSet003\Control\Session Manager@PendingFileRenameOperations ????????????????????? ??????? ???????? ??????????? ?B????????b??{36FC9E60-C465-11CF-8056-444553540000}\0022??c??5.1.2600.0?c?c?????????????????s????? ???????,??????e ?????????????????? ????????????????????? ?????????????????f??.NT?ol???????????_?????r??????????????1??????????????s???c?????????n????????????????????????????????? ?????????????r??????? ??"???&?????????????????? *?????????????s???USB Composite Device?7???????????????E?????????net??USB Device?*?????????????????????????????????4??????? l?????????????? ??USB\Vid_054c&Pid_0282&Rev_0100?USB\Vid_054c&Pid_0282????? ??????????????? ??USB\DevClass_00&SubClass_00&Prot_00?USB\DevClass_00&SubClass_00?USB\DevClass_00?USB\COMPOSITE??RA~????X???????????????N???????????D?????{36FC9E60-C465-11CF-8056-444553540000}?gra???????]???s??s\???????m???????e??????{36FC9E60-C465-11CF-8056-444553540000}\0019???????>?????????????(Standard USB Host Controller)???????????????????????????????????????c?????st???????????????????????????????? ???????????????????s?C??????(????????
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x8E 0x3D 0xB4 0x26 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x12 0x36 0x28 0x32 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xF4 0x9A 0xE2 0x5D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCF 0x12 0x82 0xA0 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x95 0xDB 0xBE 0xD2 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x12 0x36 0x28 0x32 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x84 0x08 0xC7 0xC4 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCF 0x12 0x82 0xA0 ...

---- EOF - GMER 1.0.15 ----

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
• Double click on ComboFix.exe & follow the prompts.
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

(EDIT) Hey, my windows live one care always finds and removes this: TROJAN:Win/Vundo.gen!BE I was wondering if their is any way i can block that? It constanty finds those types of trojans and removes them and their becoming a nuisance! Thanks. =-]

Hi, here is the log you requested:

ComboFix 09-07-14.08 - Cold 07/18/2009 10:12.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.766.319 [GMT -6:00]
Running from: c:\documents and settings\Cold\Desktop\ComboFix.exe
AV: Windows Live OneCare *On-access scanning disabled* (Updated) {427ADFC3-B354-4A51-BE34-A9D4218E45C4}
FW: Windows Live OneCare Firewall *enabled* {A3899D22-27E6-4A7E-AE4E-2C106646DAAB}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\sys
c:\windows\Installer\12e41e.msi
c:\windows\system32\idagebup.ini
c:\windows\system32\otaragip.ini
c:\windows\wiaserviv.log

c:\windows\system32\proquota.exe . . . is missing!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SYSDRV


((((((((((((((((((((((((( Files Created from 2009-06-18 to 2009-07-18 )))))))))))))))))))))))))))))))
.

2009-07-18 16:00 . 2009-04-10 13:58 6327408 ---ha-w- c:\documents and settings\Cold\Application Data\mjusbsp\in00000\setup.exe
2009-07-18 16:00 . 2009-04-10 13:55 725296 ---ha-w- c:\documents and settings\Cold\Application Data\mjusbsp\ar00000\install.exe
2009-07-15 15:12 . 2009-07-15 15:12 3775175 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-14 12:39 . 2009-07-14 14:58 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-14 12:39 . 2009-07-15 08:08 -------- d-----w- c:\program files\Spyware Doctor
2009-07-14 09:03 . 2009-07-14 11:46 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-13 01:33 . 2009-07-13 08:37 -------- d-----w- c:\documents and settings\Cold\.housecall6.6
2009-07-06 02:10 . 2009-07-06 02:10 -------- d-sh--w- c:\documents and settings\Cold\IECompatCache
2009-07-05 22:50 . 2009-07-05 22:50 -------- d-sh--w- c:\documents and settings\Cold\IETldCache
2009-07-05 22:43 . 2009-07-05 22:43 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-07-05 22:31 . 2009-07-05 22:32 -------- dc-h--w- c:\windows\ie8
2009-07-05 22:30 . 2009-06-02 10:12 102912 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-07-05 22:30 . 2009-04-30 21:22 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-07-05 22:30 . 2009-04-30 21:22 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-05 22:30 . 2009-04-30 21:22 1985024 ------w- c:\windows\system32\dllcache\iertutil.dll
2009-07-05 22:30 . 2009-04-30 21:22 11064832 ------w- c:\windows\system32\dllcache\ieframe.dll
2009-06-24 16:43 . 2009-06-24 16:43 209960 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\OC\Channels\ch4\dplugins\2.0.1.600\OneCareDiagPlugin.dll
2009-06-24 16:37 . 2009-06-24 16:37 23720 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\OC\Channels\ch2\HTML\item_templ\common\fixes\HelpAndSupport_TestContent.dll
2009-06-24 16:37 . 2009-06-24 16:37 110248 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\OC\Channels\ch2\HTML\item_templ\common\fixes\HelpAndSupportInterface.dll
2009-06-24 16:37 . 2009-06-24 16:37 29352 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\OC\Channels\ch2\HTML\item_templ\common\fixes\HASFix058456.dll
2009-06-24 16:37 . 2009-06-24 16:37 23056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\OC\Channels\ch2\HTML\item_templ\common\fixes\HASFix101001.dll
2009-06-24 16:37 . 2009-06-24 16:37 221208 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\OC\Channels\ch2\HTML\item_templ\common\fixes\HelpAndSupportCommon.dll
2009-06-24 16:37 . 2009-06-24 16:37 21160 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\OC\Channels\ch2\HTML\item_templ\common\fixes\HASFix056479.dll
2009-06-24 16:31 . 2007-11-28 04:56 91328 ----a-w- c:\windows\system32\drivers\msfwdrv.sys
2009-06-24 16:30 . 2007-11-28 04:56 116416 ----a-w- c:\windows\system32\drivers\msfwhlpr.sys
2009-06-24 16:29 . 2008-05-15 22:15 53168 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2009-06-24 16:27 . 2009-07-17 23:19 -------- d-----w- c:\program files\Microsoft Windows OneCare Live
2009-06-24 16:22 . 2009-06-24 16:22 -------- d-----w- C:\WINSSLog

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-18 16:01 . 2009-02-20 22:17 -------- d-----w- c:\documents and settings\Cold\Application Data\mjusbsp
2009-07-15 15:12 . 2009-03-24 08:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-15 08:08 . 2007-10-05 19:49 -------- d-----w- c:\program files\Comodo
2009-07-14 15:18 . 2007-05-23 06:15 -------- d-----w- c:\documents and settings\Cold\Application Data\uTorrent
2009-07-14 11:06 . 2006-01-18 15:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-13 19:36 . 2009-03-24 08:48 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 19:36 . 2009-03-24 08:48 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-29 20:32 . 2008-02-04 04:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk
2009-06-29 20:16 . 2009-02-01 07:58 -------- d-----w- c:\documents and settings\Cold\Application Data\Yahoo!
2009-06-29 20:16 . 2007-05-11 03:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-06-24 16:43 . 2009-06-24 16:43 2923248 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\OC\Channels\ch4\HTML\item_templ\common\MSHotFix\WindowsXP-KB914882-x86.exe
2009-06-20 08:37 . 2006-02-28 01:29 5798 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-06-20 08:37 . 2006-02-28 01:45 -------- d-----w- c:\documents and settings\Cold\Application Data\Corel
2009-06-16 14:36 . 2004-08-10 18:51 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2004-08-10 18:51 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-07 10:06 . 2009-06-07 10:06 201728 ----a-w- c:\windows\system32\Terminator Salvation Skull.scr
2009-06-03 19:09 . 2004-08-10 18:51 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-28 23:28 . 2009-05-28 23:28 -------- d-----w- c:\program files\Gabest
2009-05-13 05:15 . 2004-08-10 18:51 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2004-08-10 18:51 345600 ----a-w- c:\windows\system32\localspl.dll
2009-06-13 11:02 . 2009-01-26 19:12 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2008-05-14 00:00 . 2008-05-13 23:56 24 --sh--w- c:\windows\SCE29DFD9.tmp
2007-05-20 22:42 . 2007-05-20 22:42 8 --sha-r- c:\windows\system32\1DE0CF9FA8.sys
2006-02-28 01:30 . 2006-02-28 01:29 56 --sh--r- c:\windows\system32\56D8D645B9.sys
2007-05-28 22:28 . 2007-05-28 22:28 56 --sh--r- c:\windows\system32\A89FCFE01D.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-28 152872]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-05-14 4608]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"cdloader"="c:\documents and settings\Cold\Application Data\mjusbsp\cdloader2.exe" [2009-04-10 50520]
"Spyware Doctor"="c:\program files\Spyware Doctor\swdoctor.exe" [2005-05-26 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"EPSON Stylus CX4800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE" [2005-02-02 98304]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2006-04-06 49152]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-06 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-06 114688]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-02 13570048]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-02 86016]
"OneCareUI"="c:\program files\Microsoft Windows OneCare Live\winssnotify.exe" [2009-03-22 63864]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-08-02 1657376]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Alias SketchBook Snapshot.lnk - d:\sketchbook pro\AliasSketchSnap.exe [2005-6-3 233472]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0p

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\backburner 2\\monitor.exe"=
"c:\\Program Files\\backburner 2\\manager.exe"=
"c:\\Program Files\\backburner 2\\server.exe"=
"d:\\BitTornado\\btdownloadgui.exe"=
"d:\\Program Files\\Adobe\\Adobe Photoshop CS3\\Photoshop.exe"=
"d:\\ArtRage 2\\ArtRage.exe"=
"d:\\Corel Painter X\\Painter X.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"d:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\logon.scr"=
"c:\\Program Files\\Windows Live\\Contacts\\wlcomm.exe"=
"c:\\Program Files\\Qwest\\QuickConnect\\QuickConnect.exe"=
"c:\\Documents and Settings\\Cold\\Application Data\\mjusbsp\\magicJack.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"8085:TCP"= 8085:TCP:sys

R2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\Microsoft Windows OneCare Live\OcHealthMon.exe [3/22/2009 10:59 AM 24936]
R2 sprtlisten;SupportSoft Listener Service;c:\program files\Common Files\SupportSoft\bin\sprtlisten.exe [3/19/2009 2:07 PM 1213728]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/12/2008 6:25 PM 24652]
S1 20c255b9;20c255b9;c:\windows\system32\drivers\20c255b9.sys --> c:\windows\system32\drivers\20c255b9.sys [?]
S3 cdiskdun;cdiskdun;\??\c:\docume~1\Cold\LOCALS~1\Temp\cdiskdun.sys --> c:\docume~1\Cold\LOCALS~1\Temp\cdiskdun.sys [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{ECDEE021-0D17-467F-A1FF-C7A115230949} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)


.
------- Supplementary Scan -------
.
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
FF - ProfilePath - c:\documents and settings\Cold\Application Data\Mozilla\Firefox\Profiles\bhqnq7vj.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: d:\divx\DivX Content Uploader\npUpload.dll
FF - plugin: d:\divx\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: d:\divx\DivX Web Player\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-18 10:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\Cold\LOCALS~1\Temp\mc26.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3501398406-439712288-3185586445-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:f0,1e,90,56,4a,4a,a4,fd,df,33,b5,28,ff,ae,45,c8,8e,78,69,3d,0f,ee,0d,
65,e9,2d,9c,5e,34,56,8c,e8,08,92,3c,18,37,1d,d6,4e,70,1b,65,b6,85,eb,4e,b0,\
"??"=hex:98,92,76,c1,aa,88,4f,41,49,86,ff,73,28,c6,e6,0d

[HKEY_USERS\S-1-5-21-3501398406-439712288-3185586445-1006\Software\SecuROM\License information*]
"datasecu"=hex:53,65,64,a1,55,7d,0f,22,2c,2b,c0,ca,21,03,7e,7b,f4,92,a2,7d,34,
7c,6a,ee,a8,57,a1,ff,fd,71,9d,0f,7e,6b,64,05,51,8c,1d,6e,3e,57,d7,c1,ea,c7,\
"rkeysecu"=hex:56,c6,0d,e0,20,27,f2,5f,5e,7a,0c,15,6c,01,a7,f3
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(636)
c:\program files\Spyware Doctor\Tools\swpg.dat

- - - - - - - > 'lsass.exe'(692)
c:\program files\Spyware Doctor\Tools\swpg.dat

- - - - - - - > 'explorer.exe'(2600)
c:\windows\system32\WININET.dll
c:\program files\Spyware Doctor\Tools\swpg.dat
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll

- - - - - - - > 'csrss.exe'(608)
c:\program files\Spyware Doctor\Tools\swpg.dat
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PSIService.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
c:\program files\Microsoft Windows OneCare Live\winss.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Completion time: 2009-07-18 10:28 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-18 16:28

Pre-Run: 14,503,268,352 bytes free
Post-Run: 14,944,190,464 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

Current=2 Default=2 Failed=3 LastKnownGood=1 Sets=1,2,3,4
233 --- E O F --- 2009-07-15 03:58

Edited by JMonsterDesign, 18 July 2009 - 04:23 PM.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Upgrading Java:

• Download the latest version of Java SE Runtime Environment (JRE) JRE 6 Update 14.
• Click the "Download" button to the right.
• Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
• Click on Continue.
• Click on the link to download Windows Offline Installation (jre-6u14-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java version.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u14-windows-i586-p.exe and select "Run as an Administrator.")

1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

Driver::
20c255b9
cdiskdun

File::
c:\windows\SCE29DFD9.tmp
c:\windows\system32\1DE0CF9FA8.sys
c:\windows\system32\56D8D645B9.sys
c:\windows\system32\A89FCFE01D.sys
c:\windows\system32\drivers\20c255b9.sys
c:\Documents and Settings\Cold\Local Settings\Temp\cdiskdun.sys

Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mchInjDrv]

Reboot::

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




5. After reboot, (in case it asks to reboot), please post the new ComboFix log in your next reply.

Please do an online scan with Kaspersky WebScanner

• Read through the requirements and privacy statement and click on Accept button.
• It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
• When the downloads have finished, click on Settings.
• Make sure the following is checked.
  
  • Spyware, Adware, Dialers, and other potentially dangerous programs
    Archives
    Mail databases
• Click on My Computer under Scan.
• Once the scan is complete, it will display the results. Click on View Scan Report.
• You will see a list of infected items there. Click on Save Report As....
• Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
• Please post this log in your next reply, along with the new ComboFix log, and a new OTL log.

Edited by handhfan, 18 July 2009 - 08:56 PM.

Hi, before i run that scan you should be aware that combofix and the txt file you gave me messed up my internet/network connection after It rebooted my pc, I had limited or no connectivity and it made my pc slow and kept getting errors through my temp files, could not get a screen shot due to my pc being so slow after combofixe's initial reboot, luckily I had a restore point done after I installed the java update..

Which brings me to another potential problem, there was no option to uninstall/remove later versions of java so i just installed on top of those using the downloaded file and windows had an update so I used that as well, how can I make sure or show you that I have the right version installed? As I cannot find it.

Edited by JMonsterDesign, 18 July 2009 - 11:56 PM.

There is a restore feature, but since you seem to have already done a system restore, I assume it's working better at the moment.

If so, feel free to skip the ComboFix section for the moment, and move straight to Kaspersky instead.

there was no option to uninstall/remove later versions of java so i just installed on top of those using the downloaded file

This is the first time you installed Java, so you had no previous versions. That is normal.

Hey handyman, Kaspersky found nothing and so there is no file to show. Here is the OTL file your requested:

OTL logfile created on: 7/19/2009 2:05:03 PM - Run 2
OTL by OldTimer - Version 3.0.9.2 Folder = C:\Documents and Settings\Cold\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

765.98 Mb Total Physical Memory | 410.70 Mb Available Physical Memory | 53.62% Memory free
1.83 Gb Paging File | 1.22 Gb Available in Paging File | 66.69% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.21 Gb Total Space | 13.94 Gb Free Space | 40.76% Space Free | Partition Type: NTFS
Drive D: | 76.69 Gb Total Space | 26.57 Gb Free Space | 34.65% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 1.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
Drive H: | 17.59 Mb Total Space | 17.24 Mb Free Space | 98.00% Space Free | Partition Type: FAT
I: Drive not present or media not loaded

Computer Name: VELOZITY
Current User Name: Cold
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Computer, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\PnkBstrA.exe ()
PRC - C:\WINDOWS\System32\PSIService.exe ()
PRC - C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Windows OneCare Live\winss.exe (Microsoft Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\System32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
PRC - C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
PRC - C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
PRC - C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Program Files\Spyware Doctor\swdoctor.exe (PCTools)
PRC - D:\SketchBook Pro\AliasSketchSnap.exe (Alias Systems)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Documents and Settings\Cold\Application Data\mjusbsp\magicJack.exe (magicJack L.P.)
PRC - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Live\Messenger\wlcsdk.exe (Microsoft Corporation)
PRC - c:\program files\common files\installshield\updateservice\isuspm.exe (InstallShield Software Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\Cold\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Adobe LM Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Computer, Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (msfwsvc [Auto | Running]) -- C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe (Microsoft Corporation)
SRV - (NBService [On_Demand | Stopped]) -- D:\Nero\Nero 7\Nero BackItUp\NBService.exe (Nero AG)
SRV - (NetSvc [On_Demand | Stopped]) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe (Intel® Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NMIndexingService [On_Demand | Running]) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
SRV - (OcHealthMon [Auto | Running]) -- C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe (Microsoft Corporation)
SRV - (OneCareMP [Auto | Running]) -- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe (Microsoft Corporation)
SRV - (PnkBstrA [Auto | Running]) -- C:\WINDOWS\System32\PnkBstrA.exe ()
SRV - (ProtexisLicensing [Auto | Running]) -- C:\WINDOWS\System32\PSIService.exe ()
SRV - (sprtlisten [Auto | Running]) -- C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe (SupportSoft, Inc.)
SRV - (StarWindServiceAE [Auto | Running]) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
SRV - (SupportSoft RemoteAssist [Auto | Stopped]) -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe (SupportSoft, Inc.)
SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (winss [Auto | Running]) -- C:\Program Files\Microsoft Windows OneCare Live\winss.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AliIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (asc [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (bvrp_pci [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\bvrp_pci.sys ()
DRV - (CmdIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (dac2w2k [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (E100B [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (ElbyCDFL [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV - (ElbyCDIO [System | Running]) -- C:\WINDOWS\System32\Drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (HSFHWBS2 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (HSF_DP [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (MODEMCSA [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (MpFilter [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\MpFilter.sys (Microsoft Corporation)
DRV - (mraid35x [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (MSFWDrv [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\msfwdrv.sys (Microsoft Corporation)
DRV - (MSFWHLPR [System | Running]) -- C:\WINDOWS\System32\DRIVERS\msfwhlpr.sys (Microsoft Corporation)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql1080 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (rtl8139 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (senfilt [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\senfilt.sys (Creative Technology Ltd.)
DRV - (sisagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (smwdm [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (Sparrow [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sptd [Boot | Running]) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (symc810 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_hi [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (ultra [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (usbaudio [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (wanatw [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys (America Online, Inc.)
DRV - (winachsf [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11
FF - prefs.js..extensions.enabledItems: {c1dffba0-628e-11d9-9669-0800200c9a66}:3.5.0


FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/02 03:00:50 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/07/18 23:52:54 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/06/27 21:08:45 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/07/18 23:53:10 | 00,000,000 | ---D | M]

[2009/01/24 15:14:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cold\Application Data\mozilla\Extensions
[2009/01/24 15:14:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cold\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/07/19 10:13:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cold\Application Data\mozilla\Firefox\Profiles\bhqnq7vj.default\extensions
[2009/07/02 16:39:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cold\Application Data\mozilla\Firefox\Profiles\bhqnq7vj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/07/19 00:02:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cold\Application Data\mozilla\Firefox\Profiles\bhqnq7vj.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/07/19 00:02:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cold\Application Data\mozilla\Firefox\Profiles\bhqnq7vj.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}
[2009/07/18 23:43:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cold\Application Data\mozilla\Firefox\Profiles\bhqnq7vj.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2009/07/19 00:02:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cold\Application Data\mozilla\Firefox\Profiles\bhqnq7vj.default\extensions\[email protected]
[2009/04/15 05:17:11 | 00,003,915 | ---- | M] () -- C:\Documents and Settings\Cold\Application Data\Mozilla\FireFox\Profiles\bhqnq7vj.default\searchplugins\sweetim.xml
[2009/07/19 10:13:38 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/06/13 05:02:55 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/08/19 16:28:42 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2009/07/18 23:53:14 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/07/18 23:47:06 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/06/13 05:02:43 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/06/13 05:02:43 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2007/04/30 16:29:22 | 00,049,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2009/07/18 23:52:53 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2007/08/15 16:30:54 | 00,717,312 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2007/09/05 17:03:36 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2007/10/11 14:17:50 | 01,435,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2009/06/13 05:02:48 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/05/10 22:52:34 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008/05/29 23:05:47 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2008/05/29 23:05:47 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2008/05/29 23:05:47 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2008/05/29 23:05:48 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2008/05/29 23:05:48 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2008/05/29 23:05:48 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2008/05/29 23:05:48 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2005/08/09 12:42:53 | 00,057,344 | ---- | M] (America Online, Inc.) -- C:\Program Files\mozilla firefox\plugins\npunagi2.dll
[2007/04/16 11:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2009/02/19 13:33:08 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/02/19 13:33:08 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/07/14 06:17:38 | 00,001,489 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml
[2009/02/19 13:33:08 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/02/19 13:33:08 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/02/19 13:33:08 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/02/19 13:33:08 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (X1IEHook Class) - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll File not found
O2 - BHO: (PCTools Site Guard) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\Program Files\Spyware Doctor\tools\iesdsg.dll (PC Tools)
O2 - BHO: (PCTools Browser Monitor) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\Program Files\Spyware Doctor\tools\iesdpb.dll (GuideWorks Pty. Ltd.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll (Google)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll File not found
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [OneCareUI] C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe ()
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [cdloader] C:\Documents and Settings\Cold\Application Data\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKCU..\Run: [Spyware Doctor] C:\Program Files\Spyware Doctor\swdoctor.exe (PCTools)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Alias SketchBook Snapshot.lnk = D:\SketchBook Pro\AliasSketchSnap.exe (Alias Systems)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\Program Files\Spyware Doctor\tools\iesdpb.dll (GuideWorks Pty. Ltd.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} http://messenger.zon...kr.cab31267.cab (Checkers Class)
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} http://messenger.zon...nt.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zon...nt.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zon...ro.cab32846.cab (ZoneIntro Class)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} http://by138fd.bay13...ex/HMAtchmt.ocx (Hotmail Attachments Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/07/21 07:20:07 | 00,027,992 | R--- | M] (magicJack L.P.) - F:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/07/21 07:20:07 | 00,016,158 | R--- | M] () - F:\autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2008/07/21 07:20:07 | 00,000,308 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2008/07/21 07:20:07 | 00,706,144 | R--- | M] (magicJack L.P.) - F:\autorunu.exe -- [ CDFS ]
O32 - AutoRun File - [2008/06/10 15:12:12 | 00,000,270 | ---- | M] () - H:\autorun.inf -- [ FAT ]
O33 - MountPoints2\{3616f27c-ff9c-11dd-a216-001320dd33f9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3616f27c-ff9c-11dd-a216-001320dd33f9}\Shell\AutoRun\command - "" = F:\autorun.exe -- [2008/07/21 07:20:07 | 00,027,992 | R--- | M] (magicJack L.P.)
O33 - MountPoints2\{3616f27c-ff9c-11dd-a216-001320dd33f9}\Shell\phone\command - "" = F:\autorun.exe -- [2008/07/21 07:20:07 | 00,027,992 | R--- | M] (magicJack L.P.)

========== Files/Folders - Created Within 30 Days ==========

[12 C:\WINDOWS\*.tmp files]
[2099/01/01 12:00:00 | 00,011,168 | -H-- | C] () -- C:\WINDOWS\System32\tefihupu
[2009/07/19 04:55:06 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Cold\Desktop\OTL.exe
[2009/07/18 23:53:10 | 00,410,984 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/07/18 23:53:10 | 00,148,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/07/18 23:53:10 | 00,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/07/18 23:53:10 | 00,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/07/18 22:40:36 | 00,001,224 | ---- | C] () -- C:\CF-Submit.htm
[2009/07/18 13:32:04 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/07/18 10:25:36 | 02,189,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntoskrnl.exe
[2009/07/18 10:25:36 | 02,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntkrnlpa.exe
[2009/07/18 10:25:36 | 01,614,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfcfiles.dll
[2009/07/18 10:25:36 | 01,033,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\explorer.exe
[2009/07/18 10:25:36 | 00,989,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kernel32.dll
[2009/07/18 10:25:36 | 00,927,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mfc40u.dll
[2009/07/18 10:25:36 | 00,915,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wininet.dll
[2009/07/18 10:25:36 | 00,792,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comres.dll
[2009/07/18 10:25:36 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comctl32.dll
[2009/07/18 10:25:36 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\user32.dll
[2009/07/18 10:25:36 | 00,507,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\winlogon.exe
[2009/07/18 10:25:36 | 00,435,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntmssvc.dll
[2009/07/18 10:25:36 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rpcss.dll
[2009/07/18 10:25:36 | 00,361,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\tcpip.sys
[2009/07/18 10:25:36 | 00,295,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\termsrv.dll
[2009/07/18 10:25:36 | 00,182,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ndis.sys
[2009/07/18 10:25:36 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\services.exe
[2009/07/18 10:25:36 | 00,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\imm32.dll
[2009/07/18 10:25:36 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rasauto.dll
[2009/07/18 10:25:36 | 00,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ws2_32.dll
[2009/07/18 10:25:36 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\spoolsv.exe
[2009/07/18 10:25:36 | 00,051,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wuauclt.exe
[2009/07/18 10:25:36 | 00,036,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ip6fw.sys
[2009/07/18 10:25:36 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\msgsvc.dll
[2009/07/18 10:25:36 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\userinit.exe
[2009/07/18 10:25:36 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kbdclass.sys
[2009/07/18 10:25:36 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lpk.dll
[2009/07/18 10:25:36 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\powrprof.dll
[2009/07/18 10:25:36 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ctfmon.exe
[2009/07/18 10:25:36 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\svchost.exe
[2009/07/18 10:25:36 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lsass.exe
[2009/07/18 10:25:36 | 00,011,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\acpiec.sys
[2009/07/18 10:25:36 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfc.dll
[2009/07/18 10:25:36 | 00,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\beep.sys
[2009/07/18 10:25:36 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\null.sys
[2009/07/18 10:25:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache\cache
[2009/07/18 10:09:41 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/07/18 10:09:26 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/07/18 10:09:22 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/07/18 10:07:42 | 00,219,648 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/07/18 10:07:42 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/07/18 10:07:42 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/07/18 10:07:42 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/07/18 10:07:42 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/07/18 10:07:42 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/07/18 10:07:42 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/07/18 10:07:42 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/07/18 10:07:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/07/18 10:06:08 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/07/18 10:05:11 | 03,137,363 | R--- | C] () -- C:\Documents and Settings\Cold\Desktop\ComboFix.exe
[2009/07/15 09:12:20 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/14 21:56:34 | 24,539,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/07/14 09:03:37 | 00,000,768 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2009/07/14 06:39:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/07/14 06:39:24 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2009/07/14 06:33:37 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/07/14 03:03:37 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/07/05 20:11:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Cold\My Documents\DivX Movies
[2009/07/05 16:31:58 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/07/05 16:30:16 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
[2009/07/05 16:30:12 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieproxy.dll
[2009/07/05 16:30:12 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpshims.dll
[2009/07/05 16:30:11 | 01,985,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2009/07/05 16:30:06 | 11,064,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2009/06/24 10:31:04 | 00,091,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msfwdrv.sys
[2009/06/24 10:30:58 | 00,116,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msfwhlpr.sys
[2009/06/24 10:29:55 | 00,053,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MpFilter.sys
[2009/06/24 10:27:18 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows OneCare Live
[2009/06/24 10:22:08 | 00,000,000 | ---D | C] -- C:\WINSSLog
[2009/06/20 02:37:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Cold\My Documents\HTML
[2009/01/11 09:07:21 | 00,000,035 | ---- | C] () -- C:\WINDOWS\WorldBuilder.INI
[2008/12/31 18:10:46 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/08/01 22:20:00 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/08/01 22:20:00 | 01,499,136 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/08/01 22:20:00 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/08/01 22:20:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/07/17 16:07:16 | 00,000,131 | ---- | C] () -- C:\WINDOWS\kaillera.ini
[2008/06/11 10:02:34 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/06/11 10:02:34 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/06/11 10:02:34 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/06/11 10:02:34 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/06/11 10:02:34 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/06/11 10:02:34 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/06/11 10:02:32 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/06/11 10:02:32 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/06/11 10:02:32 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/06/05 09:58:26 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/05/13 13:40:51 | 00,716,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/03/20 13:32:15 | 00,000,820 | ---- | C] () -- C:\WINDOWS\vampire.ini
[2008/02/28 21:52:39 | 00,000,143 | ---- | C] () -- C:\WINDOWS\APOapp.INI
[2008/02/09 00:21:20 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2008/02/09 00:21:19 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2008/02/09 00:21:17 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2007/10/21 01:54:01 | 00,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/08/20 18:26:52 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2007/08/20 18:26:52 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2007/08/15 16:30:26 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/08/03 21:31:35 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/08/02 22:29:38 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/07/18 22:51:15 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/05/28 16:28:04 | 00,000,056 | RHS- | C] () -- C:\WINDOWS\System32\A89FCFE01D.sys
[2007/05/20 16:42:22 | 00,000,008 | RHS- | C] () -- C:\WINDOWS\System32\1DE0CF9FA8.sys
[2007/05/05 03:24:42 | 00,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2007/04/22 18:15:29 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/01/24 17:57:58 | 00,270,336 | ---- | C] () -- C:\WINDOWS\System32\ARThumb.dll
[2006/08/20 17:36:47 | 00,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2006/08/20 17:35:27 | 00,000,025 | ---- | C] () -- C:\WINDOWS\EPCX4800.ini
[2006/06/29 22:02:10 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/03/23 15:38:49 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/02/27 20:45:16 | 00,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/02/27 19:29:40 | 00,005,798 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/02/27 19:29:40 | 00,000,056 | RHS- | C] () -- C:\WINDOWS\System32\56D8D645B9.sys
[2006/01/18 09:41:17 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/01/18 09:20:19 | 00,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/01/18 08:58:02 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2006/01/18 08:58:00 | 00,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/10 13:12:05 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:01:18 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 12:51:28 | 00,000,897 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/10 12:51:26 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2002/10/15 16:54:04 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2002/03/13 17:46:46 | 00,053,248 | R--- | C] () -- C:\WINDOWS\System32\zlib.dll

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[12 C:\WINDOWS\*.tmp files]
[2009/07/19 04:55:07 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cold\Desktop\OTL.exe
[2009/07/19 00:08:34 | 00,000,979 | ---- | M] () -- C:\Documents and Settings\Cold\Desktop\magicJack.lnk
[2009/07/19 00:00:27 | 00,193,504 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/07/18 23:59:56 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/07/18 23:58:52 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/07/18 23:58:47 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/07/18 23:52:52 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/07/18 23:52:52 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/07/18 23:52:52 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/07/18 23:52:52 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/07/18 23:52:51 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/07/18 23:38:43 | 00,000,375 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2009/07/18 22:57:52 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/07/18 22:50:07 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/07/18 22:40:36 | 00,001,224 | ---- | M] () -- C:\CF-Submit.htm
[2009/07/18 10:09:41 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/07/18 10:05:14 | 03,137,363 | R--- | M] () -- C:\Documents and Settings\Cold\Desktop\ComboFix.exe
[2009/07/17 00:03:07 | 04,320,192 | -H-- | M] () -- C:\Documents and Settings\Cold\Local Settings\Application Data\IconCache.db
[2009/07/15 09:12:20 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/14 21:58:18 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/07/14 09:03:37 | 00,000,768 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2009/07/14 05:46:49 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/07/14 04:40:35 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\tefihupu
[2009/07/13 13:36:34 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/13 13:36:12 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/13 05:48:54 | 00,219,648 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/07/08 21:02:03 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/07/07 08:10:58 | 24,539,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/07/05 21:00:57 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/07/05 21:00:45 | 00,045,568 | ---- | M] () -- C:\Documents and Settings\Cold\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/20 02:37:09 | 00,005,798 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 852 bytes -> C:\WINDOWS\System32\drivers\eprrlnyq.sys:changelist
@Alternate Data Stream - 752 bytes -> C:\WINDOWS\System32\drivers\iaqhponh.sys:changelist
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >


My task bar is back and my computer is running better than ever, thank you, not sure what else to do?

Edited by JMonsterDesign, 19 July 2009 - 02:11 PM.

• Please double-click OTL.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  :OTL
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
  [2099/01/01 12:00:00 | 00,011,168 | -H-- | C] () -- C:\WINDOWS\System32\tefihupu
  [2009/07/14 04:40:35 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\tefihupu
  @Alternate Data Stream - 852 bytes -> C:\WINDOWS\System32\drivers\eprrlnyq.sys:changelist
  @Alternate Data Stream - 752 bytes -> C:\WINDOWS\System32\drivers\iaqhponh.sys:changelist
  
  :Files
  C:\WINDOWS\System32\drivers\eprrlnyq.sys
  C:\WINDOWS\System32\drivers\iaqhponh.sys
  
  :Commands
  [emptytemp]
  [start explorer]
  [Reboot]

• Return to OTL, right click in the "Custom Scans/Fixes" window (under the light blue bar) and choose Paste.
• Click the red Run Fix button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply. Please post a new full OTL log as well.

Edited by handhfan, 19 July 2009 - 03:02 PM.

After OTL rebooted my desktop it never produced a log, but here is the new OTL Log file:

OTL logfile created on: 7/19/2009 3:30:42 PM - Run 3
OTL by OldTimer - Version 3.0.9.2 Folder = C:\Documents and Settings\Cold\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

765.98 Mb Total Physical Memory | 279.22 Mb Available Physical Memory | 36.45% Memory free
1.83 Gb Paging File | 1.36 Gb Available in Paging File | 74.22% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.21 Gb Total Space | 14.17 Gb Free Space | 41.43% Space Free | Partition Type: NTFS
Drive D: | 76.69 Gb Total Space | 26.57 Gb Free Space | 34.65% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 1.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
Drive H: | 17.59 Mb Total Space | 17.24 Mb Free Space | 98.00% Space Free | Partition Type: FAT
I: Drive not present or media not loaded

Computer Name: VELOZITY
Current User Name: Cold
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Computer, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\PnkBstrA.exe ()
PRC - C:\WINDOWS\System32\PSIService.exe ()
PRC - C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Windows OneCare Live\winss.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe (Microsoft Corporation)
PRC - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
PRC - C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
PRC - C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Program Files\Spyware Doctor\swdoctor.exe (PCTools)
PRC - D:\SketchBook Pro\AliasSketchSnap.exe (Alias Systems)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Documents and Settings\Cold\Application Data\mjusbsp\st00000\mjsetup.exe (magicJack L.P.)
PRC - C:\Documents and Settings\Cold\Application Data\mjusbsp\magicJack.exe (magicJack L.P.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\Cold\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Adobe LM Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Computer, Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (msfwsvc [Auto | Running]) -- C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe (Microsoft Corporation)
SRV - (NBService [On_Demand | Stopped]) -- D:\Nero\Nero 7\Nero BackItUp\NBService.exe (Nero AG)
SRV - (NetSvc [On_Demand | Stopped]) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe (Intel® Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NMIndexingService [On_Demand | Running]) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
SRV - (OcHealthMon [Auto | Running]) -- C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe (Microsoft Corporation)
SRV - (OneCareMP [Auto | Running]) -- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe (Microsoft Corporation)
SRV - (PnkBstrA [Auto | Running]) -- C:\WINDOWS\System32\PnkBstrA.exe ()
SRV - (ProtexisLicensing [Auto | Running]) -- C:\WINDOWS\System32\PSIService.exe ()
SRV - (sprtlisten [Auto | Running]) -- C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe (SupportSoft, Inc.)
SRV - (StarWindServiceAE [Auto | Running]) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
SRV - (SupportSoft RemoteAssist [Auto | Stopped]) -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe (SupportSoft, Inc.)
SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (winss [Auto | Running]) -- C:\Program Files\Microsoft Windows OneCare Live\winss.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AliIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (asc [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (bvrp_pci [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\bvrp_pci.sys ()
DRV - (CmdIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (dac2w2k [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (E100B [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (ElbyCDFL [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV - (ElbyCDIO [System | Running]) -- C:\WINDOWS\System32\Drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (HSFHWBS2 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (HSF_DP [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (MODEMCSA [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (MpFilter [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\MpFilter.sys (Microsoft Corporation)
DRV - (mraid35x [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (MSFWDrv [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\msfwdrv.sys (Microsoft Corporation)
DRV - (MSFWHLPR [System | Running]) -- C:\WINDOWS\System32\DRIVERS\msfwhlpr.sys (Microsoft Corporation)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql1080 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (rtl8139 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (senfilt [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\senfilt.sys (Creative Technology Ltd.)
DRV - (sisagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (smwdm [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (Sparrow [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sptd [Boot | Running]) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (symc810 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_hi [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (ultra [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (usbaudio [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (wanatw [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys (America Online, Inc.)
DRV - (winachsf [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11
FF - prefs.js..extensions.enabledItems: {c1dffba0-628e-11d9-9669-0800200c9a66}:3.5.0


FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/02 03:00:50 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/07/18 23:52:54 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/06/27 21:08:45 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/07/18 23:53:10 | 00,000,000 | ---D | M]

[2009/01/24 15:14:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cold\Application Data\mozilla\Extensions
[2009/01/24 15:14:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cold\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/07/19 10:13:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cold\Application Data\mozilla\Firefox\Profiles\bhqnq7vj.default\extensions
[2009/07/02 16:39:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cold\Application Data\mozilla\Firefox\Profiles\bhqnq7vj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/07/19 00:02:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cold\Application Data\mozilla\Firefox\Profiles\bhqnq7vj.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/07/19 00:02:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cold\Application Data\mozilla\Firefox\Profiles\bhqnq7vj.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}
[2009/07/18 23:43:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cold\Application Data\mozilla\Firefox\Profiles\bhqnq7vj.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2009/07/19 00:02:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cold\Application Data\mozilla\Firefox\Profiles\bhqnq7vj.default\extensions\[email protected]
[2009/04/15 05:17:11 | 00,003,915 | ---- | M] () -- C:\Documents and Settings\Cold\Application Data\Mozilla\FireFox\Profiles\bhqnq7vj.default\searchplugins\sweetim.xml
[2009/07/19 10:13:38 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/06/13 05:02:55 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/08/19 16:28:42 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2009/07/18 23:53:14 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/07/18 23:47:06 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/06/13 05:02:43 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/06/13 05:02:43 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2007/04/30 16:29:22 | 00,049,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2009/07/18 23:52:53 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2007/08/15 16:30:54 | 00,717,312 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2007/09/05 17:03:36 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2007/10/11 14:17:50 | 01,435,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2009/06/13 05:02:48 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/05/10 22:52:34 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008/05/29 23:05:47 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2008/05/29 23:05:47 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2008/05/29 23:05:47 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2008/05/29 23:05:48 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2008/05/29 23:05:48 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2008/05/29 23:05:48 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2008/05/29 23:05:48 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2005/08/09 12:42:53 | 00,057,344 | ---- | M] (America Online, Inc.) -- C:\Program Files\mozilla firefox\plugins\npunagi2.dll
[2007/04/16 11:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2009/02/19 13:33:08 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/02/19 13:33:08 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/07/14 06:17:38 | 00,001,489 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml
[2009/02/19 13:33:08 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/02/19 13:33:08 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/02/19 13:33:08 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/02/19 13:33:08 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (X1IEHook Class) - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll File not found
O2 - BHO: (PCTools Site Guard) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\Program Files\Spyware Doctor\tools\iesdsg.dll (PC Tools)
O2 - BHO: (PCTools Browser Monitor) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\Program Files\Spyware Doctor\tools\iesdpb.dll (GuideWorks Pty. Ltd.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll (Google)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll File not found
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [OneCareUI] C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe ()
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [cdloader] C:\Documents and Settings\Cold\Application Data\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKCU..\Run: [Spyware Doctor] C:\Program Files\Spyware Doctor\swdoctor.exe (PCTools)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Alias SketchBook Snapshot.lnk = D:\SketchBook Pro\AliasSketchSnap.exe (Alias Systems)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\Program Files\Spyware Doctor\tools\iesdpb.dll (GuideWorks Pty. Ltd.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} http://messenger.zon...kr.cab31267.cab (Checkers Class)
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} http://messenger.zon...nt.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zon...nt.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zon...ro.cab32846.cab (ZoneIntro Class)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} http://by138fd.bay13...ex/HMAtchmt.ocx (Hotmail Attachments Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/07/21 07:20:07 | 00,027,992 | R--- | M] (magicJack L.P.) - F:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/07/21 07:20:07 | 00,016,158 | R--- | M] () - F:\autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2008/07/21 07:20:07 | 00,000,308 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2008/07/21 07:20:07 | 00,706,144 | R--- | M] (magicJack L.P.) - F:\autorunu.exe -- [ CDFS ]
O32 - AutoRun File - [2008/06/10 15:12:12 | 00,000,270 | ---- | M] () - H:\autorun.inf -- [ FAT ]

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2009/07/19 15:22:32 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/07/19 04:55:06 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Cold\Desktop\OTL.exe
[2009/07/18 23:53:10 | 00,410,984 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/07/18 23:53:10 | 00,148,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/07/18 23:53:10 | 00,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/07/18 23:53:10 | 00,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/07/18 22:40:36 | 00,001,224 | ---- | C] () -- C:\CF-Submit.htm
[2009/07/18 13:32:04 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/07/18 10:25:36 | 02,189,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntoskrnl.exe
[2009/07/18 10:25:36 | 02,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntkrnlpa.exe
[2009/07/18 10:25:36 | 01,614,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfcfiles.dll
[2009/07/18 10:25:36 | 01,033,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\explorer.exe
[2009/07/18 10:25:36 | 00,989,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kernel32.dll
[2009/07/18 10:25:36 | 00,927,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mfc40u.dll
[2009/07/18 10:25:36 | 00,915,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wininet.dll
[2009/07/18 10:25:36 | 00,792,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comres.dll
[2009/07/18 10:25:36 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comctl32.dll
[2009/07/18 10:25:36 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\user32.dll
[2009/07/18 10:25:36 | 00,507,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\winlogon.exe
[2009/07/18 10:25:36 | 00,435,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntmssvc.dll
[2009/07/18 10:25:36 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rpcss.dll
[2009/07/18 10:25:36 | 00,361,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\tcpip.sys
[2009/07/18 10:25:36 | 00,295,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\termsrv.dll
[2009/07/18 10:25:36 | 00,182,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ndis.sys
[2009/07/18 10:25:36 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\services.exe
[2009/07/18 10:25:36 | 00,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\imm32.dll
[2009/07/18 10:25:36 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rasauto.dll
[2009/07/18 10:25:36 | 00,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ws2_32.dll
[2009/07/18 10:25:36 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\spoolsv.exe
[2009/07/18 10:25:36 | 00,051,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wuauclt.exe
[2009/07/18 10:25:36 | 00,036,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ip6fw.sys
[2009/07/18 10:25:36 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\msgsvc.dll
[2009/07/18 10:25:36 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\userinit.exe
[2009/07/18 10:25:36 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kbdclass.sys
[2009/07/18 10:25:36 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lpk.dll
[2009/07/18 10:25:36 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\powrprof.dll
[2009/07/18 10:25:36 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ctfmon.exe
[2009/07/18 10:25:36 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\svchost.exe
[2009/07/18 10:25:36 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lsass.exe
[2009/07/18 10:25:36 | 00,011,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\acpiec.sys
[2009/07/18 10:25:36 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfc.dll
[2009/07/18 10:25:36 | 00,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\beep.sys
[2009/07/18 10:25:36 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\null.sys
[2009/07/18 10:25:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache\cache
[2009/07/18 10:09:41 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/07/18 10:09:26 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/07/18 10:09:22 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/07/18 10:07:42 | 00,219,648 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/07/18 10:07:42 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/07/18 10:07:42 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/07/18 10:07:42 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/07/18 10:07:42 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/07/18 10:07:42 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/07/18 10:07:42 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/07/18 10:07:42 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/07/18 10:07:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/07/18 10:06:08 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/07/18 10:05:11 | 03,137,363 | R--- | C] () -- C:\Documents and Settings\Cold\Desktop\ComboFix.exe
[2009/07/15 09:12:20 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/14 21:56:34 | 24,539,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/07/14 09:03:37 | 00,000,768 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2009/07/14 06:39:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/07/14 06:39:24 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2009/07/14 06:33:37 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/07/14 03:03:37 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/07/05 20:11:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Cold\My Documents\DivX Movies
[2009/07/05 16:31:58 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/07/05 16:30:16 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
[2009/07/05 16:30:12 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieproxy.dll
[2009/07/05 16:30:12 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpshims.dll
[2009/07/05 16:30:11 | 01,985,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2009/07/05 16:30:06 | 11,064,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2009/06/24 10:31:04 | 00,091,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msfwdrv.sys
[2009/06/24 10:30:58 | 00,116,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msfwhlpr.sys
[2009/06/24 10:29:55 | 00,053,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MpFilter.sys
[2009/06/24 10:27:18 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows OneCare Live
[2009/06/24 10:22:08 | 00,000,000 | ---D | C] -- C:\WINSSLog
[2009/06/20 02:37:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Cold\My Documents\HTML
[2009/01/11 09:07:21 | 00,000,035 | ---- | C] () -- C:\WINDOWS\WorldBuilder.INI
[2008/12/31 18:10:46 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/08/01 22:20:00 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/08/01 22:20:00 | 01,499,136 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/08/01 22:20:00 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/08/01 22:20:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/07/17 16:07:16 | 00,000,131 | ---- | C] () -- C:\WINDOWS\kaillera.ini
[2008/06/11 10:02:34 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/06/11 10:02:34 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/06/11 10:02:34 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/06/11 10:02:34 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/06/11 10:02:34 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/06/11 10:02:34 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/06/11 10:02:32 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/06/11 10:02:32 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/06/11 10:02:32 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/06/05 09:58:26 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/05/13 13:40:51 | 00,716,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/03/20 13:32:15 | 00,000,820 | ---- | C] () -- C:\WINDOWS\vampire.ini
[2008/02/28 21:52:39 | 00,000,143 | ---- | C] () -- C:\WINDOWS\APOapp.INI
[2008/02/09 00:21:20 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2008/02/09 00:21:19 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2008/02/09 00:21:17 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2007/10/21 01:54:01 | 00,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/08/20 18:26:52 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2007/08/20 18:26:52 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2007/08/15 16:30:26 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/08/03 21:31:35 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/08/02 22:29:38 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/07/18 22:51:15 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/05/28 16:28:04 | 00,000,056 | RHS- | C] () -- C:\WINDOWS\System32\A89FCFE01D.sys
[2007/05/20 16:42:22 | 00,000,008 | RHS- | C] () -- C:\WINDOWS\System32\1DE0CF9FA8.sys
[2007/05/05 03:24:42 | 00,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2007/04/22 18:15:29 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/01/24 17:57:58 | 00,270,336 | ---- | C] () -- C:\WINDOWS\System32\ARThumb.dll
[2006/08/20 17:36:47 | 00,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2006/08/20 17:35:27 | 00,000,025 | ---- | C] () -- C:\WINDOWS\EPCX4800.ini
[2006/06/29 22:02:10 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/03/23 15:38:49 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/02/27 20:45:16 | 00,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/02/27 19:29:40 | 00,005,798 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/02/27 19:29:40 | 00,000,056 | RHS- | C] () -- C:\WINDOWS\System32\56D8D645B9.sys
[2006/01/18 09:41:17 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/01/18 09:20:19 | 00,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/01/18 08:58:02 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2006/01/18 08:58:00 | 00,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/10 13:12:05 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:01:18 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 12:51:28 | 00,000,897 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/10 12:51:26 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2002/10/15 16:54:04 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2002/03/13 17:46:46 | 00,053,248 | R--- | C] () -- C:\WINDOWS\System32\zlib.dll

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2009/07/19 15:28:25 | 00,000,979 | ---- | M] () -- C:\Documents and Settings\Cold\Desktop\magicJack.lnk
[2009/07/19 15:27:09 | 00,193,504 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/07/19 15:26:09 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/07/19 15:24:54 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/07/19 15:24:51 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/07/19 04:55:07 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cold\Desktop\OTL.exe
[2009/07/18 23:52:52 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/07/18 23:52:52 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/07/18 23:52:52 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/07/18 23:52:52 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/07/18 23:52:51 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/07/18 23:38:43 | 00,000,375 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2009/07/18 22:57:52 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/07/18 22:50:07 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/07/18 22:40:36 | 00,001,224 | ---- | M] () -- C:\CF-Submit.htm
[2009/07/18 10:09:41 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/07/18 10:05:14 | 03,137,363 | R--- | M] () -- C:\Documents and Settings\Cold\Desktop\ComboFix.exe
[2009/07/17 00:03:07 | 04,320,192 | -H-- | M] () -- C:\Documents and Settings\Cold\Local Settings\Application Data\IconCache.db
[2009/07/15 09:12:20 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/14 21:58:18 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/07/14 09:03:37 | 00,000,768 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2009/07/14 05:46:49 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/07/13 13:36:34 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/13 13:36:12 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/13 05:48:54 | 00,219,648 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/07/08 21:02:03 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/07/07 08:10:58 | 24,539,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/07/05 21:00:57 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/07/05 21:00:45 | 00,045,568 | ---- | M] () -- C:\Documents and Settings\Cold\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/20 02:37:09 | 00,005,798 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

Your logs look clean. There is only a bit of cleanup that we will deal with in this post, as well as prevention from future infections. If you have any questions or other problems, please let me know. Other than that, and the steps below, you should be all set.

Follow these steps to uninstall Combofix and tools used in the removal of malware

• Click START then RUN
• Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  

• Make sure you have an Internet Connection.
• Download OTC to your desktop and run it
• A list of tool components used in the Cleanup of malware will be downloaded.
• If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
• Click Yes to beging the Cleanup process and remove these components, including this application.
• You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

Please update Adobe Reader, by downloading and installing Adobe Reader 9.1.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:

• SpywareBlaster to help prevent spyware from installing in the first place.
• SpywareGuard gives you realtime protection from spyware.
• Super Antispyware OR Malwarebytes' Anti-Malware to help remove any spyware that may have gotten on your computer.
• MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites.
• ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed.
• Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see this article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.

To keep your operating system up to date visit Microsoft Windows Update monthly. Remember to be aware of what emails you open and websites you visit.

Have a safe and happy computing day!