[Kenzik]

I recently got a copy of kaspersky from a roommate because i saw that i've been connecting to "ad.yieldmanager.com" while i was browsing the web. I am still not sure whether i'm completely clean or not. I've also had a problem with spysweeper. I installed it and ran it but it froze on me. My cpu usage was constantly at 50% (dual core) and i was unable to run ANYTHING except windows explorer. I wasnt even able to ctrl + alt + del. The only way to get rid of spysweeper was to delete the .exe, but now im afraid i cant get the rest of the program off my computer because its "still in use."

and heres the HJT, Thanks for your time



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:21:53 PM, on 8/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Globe Software\StatBar\StatBar.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [JMB36X Configure] "C:\WINDOWS\System32\JMRaidTool.exe" boot
O4 - HKLM\..\Run: [Logitech Utility] "C:\WINDOWS\Logi_MwX.Exe"
O4 - HKLM\..\Run: [DeadAIM] "C:\WINDOWS\system32\rundll32.exe" "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [StatBar] "C:\Program Files\Globe Software\StatBar\StatBar.exe"
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /Minimized
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NCProTray.lnk = ?
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.6.0_01) -
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{04A8EC2B-40B8-42CF-8AB5-1E4E1EF575CA}: NameServer = 66.75.164.90,66.75.164.89
O17 - HKLM\System\CS1\Services\Tcpip\..\{04A8EC2B-40B8-42CF-8AB5-1E4E1EF575CA}: NameServer = 66.75.164.90,66.75.164.89
O17 - HKLM\System\CS2\Services\Tcpip\..\{04A8EC2B-40B8-42CF-8AB5-1E4E1EF575CA}: NameServer = 66.75.164.90,66.75.164.89
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - (no file)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 8507 bytes

[Advertisements]

Hey Kenzik,

Welcome to GeekstoGo! I'm Ltangelic and I'll be helping you fix your computer problem.

Take note that I'm still in training, and my posts will have to be checked by an expert. This may cause delays in between my responses, I ask for your patience. Please stick with me until we get your computer cleaned up or it will be a wasted effort on both sides.

I'm looking at your log now, and I'll post back with a fix when I'm ready. Thanks for your patience.

PS. If I've not been responding, and you wonder why, feel free to PM me and I'll give an explanation.

LT

[Ltangelic]

Hey Kenzik,

Welcome to GeekstoGo! I'm Ltangelic and I'll be helping you fix your computer problem.

Take note that I'm still in training, and my posts will have to be checked by an expert. This may cause delays in between my responses, I ask for your patience. Please stick with me until we get your computer cleaned up or it will be a wasted effort on both sides.

I'm looking at your log now, and I'll post back with a fix when I'm ready. Thanks for your patience.

PS. If I've not been responding, and you wonder why, feel free to PM me and I'll give an explanation.

LT

[Kenzik]

No problem, thanks.

[Ltangelic]

Hey Kenzik,

Your logs don't show much, please do the following:

• Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

[Kenzik]

Hey, thanks for the reply. I wasn't able to get the info.txt (the minimized one apparently) to pop up for some reason. I tried turning off Kaspersky, and I also tried to reboot. Neither of which did anything. But here is the Log.txt.

Logfile of random's system information tool (written by random/random)
Run by Patrick at 2008-08-29 23:15:50
Microsoft Windows XP Professional Service Pack 2
System drive C: has 2 GB (2%) free of 131 GB
Total RAM: 2047 MB (76% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:15:52 PM, on 8/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Globe Software\StatBar\StatBar.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Patrick\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Patrick.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [JMB36X Configure] "C:\WINDOWS\System32\JMRaidTool.exe" boot
O4 - HKLM\..\Run: [Logitech Utility] "C:\WINDOWS\Logi_MwX.Exe"
O4 - HKLM\..\Run: [DeadAIM] "C:\WINDOWS\system32\rundll32.exe" "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKCU\..\Run: [StatBar] "C:\Program Files\Globe Software\StatBar\StatBar.exe"
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /Minimized
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NCProTray.lnk = ?
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.6.0_01) -
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{04A8EC2B-40B8-42CF-8AB5-1E4E1EF575CA}: NameServer = 66.75.164.90,66.75.164.89
O17 - HKLM\System\CS1\Services\Tcpip\..\{04A8EC2B-40B8-42CF-8AB5-1E4E1EF575CA}: NameServer = 66.75.164.90,66.75.164.89
O17 - HKLM\System\CS2\Services\Tcpip\..\{04A8EC2B-40B8-42CF-8AB5-1E4E1EF575CA}: NameServer = 66.75.164.90,66.75.164.89
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - (no file)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 9025 bytes

Scheduled tasks folder

C:\WINDOWS\tasks\At26.job
C:\WINDOWS\tasks\At27.job
C:\WINDOWS\tasks\At28.job
C:\WINDOWS\tasks\At29.job
C:\WINDOWS\tasks\At30.job
C:\WINDOWS\tasks\At31.job
C:\WINDOWS\tasks\At32.job
C:\WINDOWS\tasks\At33.job
C:\WINDOWS\tasks\At34.job
C:\WINDOWS\tasks\At35.job
C:\WINDOWS\tasks\At36.job
C:\WINDOWS\tasks\At37.job
C:\WINDOWS\tasks\At38.job
C:\WINDOWS\tasks\At39.job
C:\WINDOWS\tasks\At40.job
C:\WINDOWS\tasks\At41.job
C:\WINDOWS\tasks\At42.job
C:\WINDOWS\tasks\At43.job
C:\WINDOWS\tasks\At44.job
C:\WINDOWS\tasks\At45.job
C:\WINDOWS\tasks\At46.job
C:\WINDOWS\tasks\At47.job
C:\WINDOWS\tasks\At48.job
C:\WINDOWS\tasks\jucheck.job
C:\WINDOWS\tasks\XoftSpy.job

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-03-20 803864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-08-01 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll [2008-07-29 62728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
FDMIECookiesBHO Class - C:\Program Files\Free Download Manager\iefdm2.dll [2007-11-26 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-03-20 803864]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"JMB36X Configure"=C:\WINDOWS\System32\JMRaidTool.exe [2006-06-02 385024]
"Logitech Utility"=C:\WINDOWS\Logi_MwX.Exe [2003-12-11 20992]
"DeadAIM"=C:\PROGRA~1\AIM\\DeadAIM.ocm [2004-02-28 144896]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2006-10-05 868352]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2006-07-13 729088]
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2007-12-05 8523776]
"nwiz"=C:\WINDOWS\system32\nwiz.exe [2007-12-05 1626112]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-12-05 81920]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-10-19 286720]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2008-07-29 206088]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-03 208952]
"IMEKRMIG6.1"=C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE [2001-08-23 44032]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2002-08-28 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2002-08-28 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2002-08-28 455168]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"StatBar"=C:\Program Files\Globe Software\StatBar\StatBar.exe [2003-07-25 335872]
""= []
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2005-08-09 155648]
"NVIDIA nTune"=C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe [2007-09-04 81920]
"igndlm.exe"=C:\Program Files\Download Manager\DLM.exe [2008-08-01 1103216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2007-10-19 286720]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
NCProTray.lnk - C:\Program Files\SEC\Natural Color Pro\NCProTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2008-07-29 218376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [2008-06-02 79408]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Documents and Settings\Patrick\My Documents\Limewire\LimeWire.exe"="C:\Documents and Settings\Patrick\My Documents\Limewire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Documents and Settings\Patrick\My Documents\Kazaa Lite K++\klrun.exe"="C:\Documents and Settings\Patrick\My Documents\Kazaa Lite K++\klrun.exe:*:Enabled:klrun"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\Azureus Vuze\Azureus.exe"="C:\Program Files\Azureus Vuze\Azureus.exe:*:Enabled:Azureus Vuze"
"C:\Documents and Settings\Patrick\My Documents\Games\Battlefield 2\BF2.exe"="C:\Documents and Settings\Patrick\My Documents\Games\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2"
"C:\Documents and Settings\Patrick\My Documents\Games\Steam\steamapps\688bc66bc31dd3b27ea26b2cc8d5d251\counter-strike source\hl2.exe"="C:\Documents and Settings\Patrick\My Documents\Games\Steam\steamapps\688bc66bc31dd3b27ea26b2cc8d5d251\counter-strike source\hl2.exe:*:Enabled:hl2"
"C:\Documents and Settings\Patrick\My Documents\Games\Steam\steamapps\688bc66bc31dd3b27ea26b2cc8d5d251\half-life\hl.exe"="C:\Documents and Settings\Patrick\My Documents\Games\Steam\steamapps\688bc66bc31dd3b27ea26b2cc8d5d251\half-life\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Documents and Settings\Patrick\My Documents\Games\Steam\steamapps\tbgnb11\half-life\hl.exe"="C:\Documents and Settings\Patrick\My Documents\Games\Steam\steamapps\tbgnb11\half-life\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Documents and Settings\Patrick\My Documents\Games\Steam\steamapps\688bc66bc31dd3b27ea26b2cc8d5d251\half-life blue shift\hl.exe"="C:\Documents and Settings\Patrick\My Documents\Games\Steam\steamapps\688bc66bc31dd3b27ea26b2cc8d5d251\half-life blue shift\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Documents and Settings\Patrick\My Documents\Games\Grand Theft Auto - Vice City\gta-vc.exe"="C:\Documents and Settings\Patrick\My Documents\Games\Grand Theft Auto - Vice City\gta-vc.exe:*:Enabled:Play GTA Vice City"
"C:\Documents and Settings\Patrick\My Documents\Kazaa\Kazaa Lite K++\KazaaLite.kpp"="C:\Documents and Settings\Patrick\My Documents\Kazaa\Kazaa Lite K++\KazaaLite.kpp:*:Enabled:KazaaLite"
"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe:*:Enabled:Kaspersky Anti-Virus"
"C:\Documents and Settings\Patrick\My Documents\Games\Tom Clancy's Splinter Cell Double Agent\SCDA-Offline\System\SplinterCell4.exe"="C:\Documents and Settings\Patrick\My Documents\Games\Tom Clancy's Splinter Cell Double Agent\SCDA-Offline\System\SplinterCell4.exe:*:Enabled:SplinterCell4"
"C:\Documents and Settings\Patrick\My Documents\Games\Steam\steamapps\688bc66bc31dd3b27ea26b2cc8d5d251\half-life 2 deathmatch\hl2.exe"="C:\Documents and Settings\Patrick\My Documents\Games\Steam\steamapps\688bc66bc31dd3b27ea26b2cc8d5d251\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Documents and Settings\Patrick\Desktop\utorrent 1.2.exe"="C:\Documents and Settings\Patrick\Desktop\utorrent 1.2.exe:*:Enabled:utorrent 1.2"
"C:\Documents and Settings\Patrick\My Documents\Games\F.E.A.R\fpupdate.exe"="C:\Documents and Settings\Patrick\My Documents\Games\F.E.A.R\fpupdate.exe:*:Enabled:fpupdate"
"C:\Documents and Settings\Patrick\My Documents\Games\World of Warcraft\World of Warcraft\BackgroundDownloader.exe"="C:\Documents and Settings\Patrick\My Documents\Games\World of Warcraft\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\Documents and Settings\Patrick\My Documents\Games\Steam\steam.exe"="C:\Documents and Settings\Patrick\My Documents\Games\Steam\steam.exe:*:Enabled:Steam"
"C:\Documents and Settings\Patrick\My Documents\Games\Steam\steamapps\688bc66bc31dd3b27ea26b2cc8d5d251\team fortress 2\hl2.exe"="C:\Documents and Settings\Patrick\My Documents\Games\Steam\steamapps\688bc66bc31dd3b27ea26b2cc8d5d251\team fortress 2\hl2.exe:*:Enabled:hl2"
"C:\Documents and Settings\Patrick\My Documents\Games\World of Warcraft\World of Warcraft\Launcher.exe"="C:\Documents and Settings\Patrick\My Documents\Games\World of Warcraft\World of Warcraft\Launcher.exe:*:Enabled:World of Warcraft"
"C:\Documents and Settings\Patrick\My Documents\Games\Steam\steamapps\688bc66bc31dd3b27ea26b2cc8d5d251\counter-strike\hl.exe"="C:\Documents and Settings\Patrick\My Documents\Games\Steam\steamapps\688bc66bc31dd3b27ea26b2cc8d5d251\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Xfire\xfire.exe"="C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Documents and Settings\Patrick\My Documents\Games\Call of Duty 4\iw3mp.exe"="C:\Documents and Settings\Patrick\My Documents\Games\Call of Duty 4\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™ "
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Documents and Settings\Patrick\My Documents\Games\Steam\steamapps\688bc66bc31dd3b27ea26b2cc8d5d251\ricochet\hl.exe"="C:\Documents and Settings\Patrick\My Documents\Games\Steam\steamapps\688bc66bc31dd3b27ea26b2cc8d5d251\ricochet\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Documents and Settings\Patrick\My Documents\Games\Steam\steamapps\688bc66bc31dd3b27ea26b2cc8d5d251\deathmatch classic\hl.exe"="C:\Documents and Settings\Patrick\My Documents\Games\Steam\steamapps\688bc66bc31dd3b27ea26b2cc8d5d251\deathmatch classic\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Documents and Settings\Patrick\My Documents\My Downloads\AoC-US-EarlyAccess.exe"="C:\Documents and Settings\Patrick\My Documents\My Downloads\AoC-US-EarlyAccess.exe:*:Enabled:Age of Conan Downloader"
"C:\Documents and Settings\Patrick\My Documents\Games\Steam\steamapps\common\unreal tournament 2004\System\UT2004.exe"="C:\Documents and Settings\Patrick\My Documents\Games\Steam\steamapps\common\unreal tournament 2004\System\UT2004.exe:*:Enabled:UT2004"
"C:\Program Files\Octoshape Streaming Services\Patrick\OctoshapeClient.exe"="C:\Program Files\Octoshape Streaming Services\Patrick\OctoshapeClient.exe:*:Enabled:Main program for Octoshape client"
"C:\Documents and Settings\Patrick\Desktop\Age 2 + exp\empires2.exe"="C:\Documents and Settings\Patrick\Desktop\Age 2 + exp\empires2.exe:*:Enabled:Age of Empires II"
"C:\Documents and Settings\Patrick\Desktop\Age 2 + exp\age2_x1.exe"="C:\Documents and Settings\Patrick\Desktop\Age 2 + exp\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"C:\Documents and Settings\Patrick\My Documents\Games\Starcraft\Starcraft\StarCraft.exe"="C:\Documents and Settings\Patrick\My Documents\Games\Starcraft\Starcraft\StarCraft.exe:*:Enabled:Starcraft"
"C:\Documents and Settings\Patrick\My Documents\Games\exteel\System\Exteel.exe"="C:\Documents and Settings\Patrick\My Documents\Games\exteel\System\Exteel.exe:*:Enabled:Exteel"
"C:\Documents and Settings\Patrick\My Documents\Games\Halo\halo.exe"="C:\Documents and Settings\Patrick\My Documents\Games\Halo\halo.exe:*:Enabled:Halo"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Documents and Settings\Patrick\My Documents\Games\S.T.A.L.K.E.R\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe"="C:\Documents and Settings\Patrick\My Documents\Games\S.T.A.L.K.E.R\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)"
"C:\Documents and Settings\Patrick\My Documents\Games\S.T.A.L.K.E.R\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe"="C:\Documents and Settings\Patrick\My Documents\Games\S.T.A.L.K.E.R\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)"
"C:\Documents and Settings\Patrick\Desktop\utorrent.exe"="C:\Documents and Settings\Patrick\Desktop\utorrent.exe:*:Enabled:µTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Documents and Settings\Patrick\My Documents\Games\exteel\System\Exteel.exe"="C:\Documents and Settings\Patrick\My Documents\Games\exteel\System\Exteel.exe:*:Enabled:Exteel"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
shell\AutoRun\command - I:\PSETUP.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
shell\AutoRun\command - J:\Setup.exe


List of files/folders created in the last three months

2008-08-29 22:52:19 ----D---- C:\rsit
2008-08-27 14:21:40 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-08-24 00:17:57 ----A---- C:\AlphaDiscLog.txt
2008-08-24 00:13:22 ----A---- C:\WINDOWS\system32\korwbrkr.dll
2008-08-24 00:13:22 ----A---- C:\WINDOWS\system32\chtbrkr.dll
2008-08-24 00:13:22 ----A---- C:\WINDOWS\system32\chsbrkr.dll
2008-08-24 00:13:21 ----A---- C:\WINDOWS\system32\msir3jp.dll
2008-08-24 00:13:10 ----A---- C:\WINDOWS\system32\c_g18030.dll
2008-08-24 00:13:09 ----A---- C:\WINDOWS\system32\kbd101a.dll
2008-08-24 00:12:53 ----A---- C:\WINDOWS\system32\kbdnecNT.dll
2008-08-24 00:12:53 ----A---- C:\WINDOWS\system32\kbdnecAT.dll
2008-08-24 00:12:53 ----A---- C:\WINDOWS\system32\kbdnec95.dll
2008-08-24 00:12:53 ----A---- C:\WINDOWS\system32\kbdlk41j.dll
2008-08-24 00:12:53 ----A---- C:\WINDOWS\system32\kbdlk41a.dll
2008-08-24 00:12:53 ----A---- C:\WINDOWS\system32\kbdibm02.dll
2008-08-24 00:12:53 ----A---- C:\WINDOWS\system32\kbd106n.dll
2008-08-24 00:12:53 ----A---- C:\WINDOWS\system32\f3ahvoas.dll
2008-08-24 00:12:52 ----A---- C:\WINDOWS\system32\kbdax2.dll
2008-08-24 00:12:49 ----A---- C:\WINDOWS\system32\kbd101.dll
2008-08-24 00:12:29 ----A---- C:\WINDOWS\system32\c_is2022.dll
2008-08-24 00:07:18 ----A---- C:\WINDOWS\system32\kbdkor.dll
2008-08-24 00:07:18 ----A---- C:\WINDOWS\system32\kbdjpn.dll
2008-08-24 00:07:18 ----A---- C:\WINDOWS\system32\kbd106.dll
2008-08-24 00:07:18 ----A---- C:\WINDOWS\system32\kbd103.dll
2008-08-24 00:07:18 ----A---- C:\WINDOWS\system32\kbd101c.dll
2008-08-24 00:07:18 ----A---- C:\WINDOWS\system32\kbd101b.dll
2008-08-19 19:17:03 ----D---- C:\Documents and Settings\Patrick\Application Data\IGN_DLM
2008-08-19 19:16:53 ----D---- C:\Program Files\Download Manager
2008-08-19 14:49:42 ----D---- C:\Program Files\Kaspersky Lab
2008-08-19 14:49:42 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-08-19 14:39:59 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-08-18 20:23:35 ----D---- C:\Program Files\Trend Micro
2008-08-18 18:03:55 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-18 07:28:33 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-08-18 07:28:27 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-08-18 07:28:21 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-18 07:28:14 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-08-18 07:27:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-18 07:26:53 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-08-18 07:26:47 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-08-18 07:26:30 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$
2008-08-17 19:07:26 ----D---- C:\Program Files\Webroot
2008-08-17 19:07:26 ----D---- C:\Documents and Settings\Patrick\Application Data\Webroot
2008-08-17 19:07:26 ----D---- C:\Documents and Settings\All Users\Application Data\Webroot
2008-08-17 19:07:26 ----A---- C:\WINDOWS\WRSetup.dll
2008-08-17 16:32:38 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2008-08-17 16:32:19 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-08-17 04:05:42 ----A---- C:\WINDOWS\system32\4yDjFUBO.exe.a_a
2008-08-17 01:50:45 ----A---- C:\WINDOWS\system32\GlL7L24W.exe.a_a
2008-08-10 22:57:21 ----D---- C:\Program Files\7-Zip
2008-08-10 22:25:44 ----D---- C:\Program Files\uTorrent
2008-08-01 23:13:14 ----A---- C:\WINDOWS\system32\javaws.exe
2008-08-01 23:13:14 ----A---- C:\WINDOWS\system32\javaw.exe
2008-08-01 23:13:14 ----A---- C:\WINDOWS\system32\java.exe
2008-08-01 14:10:25 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-08-01 02:40:36 ----D---- C:\Program Files\Common Files\xing shared
2008-07-29 20:21:42 ----A---- C:\WINDOWS\system32\klogon.dll
2008-07-28 16:43:56 ----A---- C:\WINDOWS\system32\wrLZMA.dll
2008-07-28 16:43:48 ----A---- C:\WINDOWS\system32\SsiEfr.exe
2008-07-26 00:30:10 ----A---- C:\WINDOWS\ModemLog_Sony Ericsson W600 USB WMC Modem.txt
2008-07-26 00:30:01 ----A---- C:\WINDOWS\ModemLog_Sony Ericsson W600 USB WMC Data Modem.txt
2008-07-18 23:13:00 ----D---- C:\Documents and Settings\Patrick\Application Data\Media Player Classic
2008-07-18 22:57:03 ----D---- C:\Program Files\Combined Community Codec Pack
2008-07-14 17:24:41 ----A---- C:\WINDOWS\ST6UNST.EXE
2008-07-14 16:42:58 ----A---- C:\WINDOWS\DIIUnin.exe
2008-07-12 17:34:32 ----D---- C:\Program Files\NCSoft
2008-07-12 17:31:55 ----D---- C:\Documents and Settings\Patrick\Application Data\GetRightToGo
2008-07-10 18:09:12 ----A---- C:\tracert.txt
2008-07-06 16:29:49 ----A---- C:\WINDOWS\ScUnin.exe
2008-06-29 23:48:28 ----D---- C:\Documents and Settings\Patrick\Application Data\Ubisoft
2008-06-28 21:21:54 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-06-27 20:54:20 ----D---- C:\Program Files\Octoshape Streaming Services
2008-06-17 00:17:52 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-06-17 00:17:47 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-06-17 00:17:36 ----HDC---- C:\WINDOWS\$NtUninstallKB950759$
2008-06-17 00:17:32 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2008-06-17 00:17:28 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-06-17 00:17:20 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
2008-06-16 03:33:00 ----D---- C:\Program Files\PeerGuardian2
2008-06-15 21:46:19 ----A---- C:\WINDOWS\BlendSettings.ini
2008-06-14 20:13:47 ----D---- C:\Downloads
2008-06-14 18:41:00 ----D---- C:\Program Files\Software Informer
2008-06-14 18:40:59 ----D---- C:\Documents and Settings\Patrick\Application Data\Free Download Manager
2008-06-14 18:40:56 ----D---- C:\Program Files\Free Download Manager
2008-06-14 18:40:56 ----D---- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
2008-06-10 17:04:26 ----A---- C:\WINDOWS\system32\ssldivx.dll
2008-06-10 17:04:26 ----A---- C:\WINDOWS\system32\libdivx.dll
2008-06-04 20:47:14 ----A---- C:\WINDOWS\entpack.ini
2008-06-02 20:01:15 ----D---- C:\Documents and Settings\All Users\Application Data\Grisoft

List of drivers

R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver; \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys []
R1 AvgAsCln;AVG Anti-Spyware Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys [2006-09-05 3968]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2008-08-19 213008]
R1 NCPro;NCPro; C:\WINDOWS\system32\system32\drivers\MTictwl.sys []
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-03-13 46652]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-04-12 278984]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-04-12 25416]
R3 ADIDTSFiltService;ADI DTS Filter Service; C:\WINDOWS\system32\drivers\adidts.sys [2006-09-01 139776]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-09-08 247296]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-29 94080]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2004-10-27 138240]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2007-11-29 35088]
R3 LHidFlt2;Logitech HID/USB Mouse Filter Driver; C:\WINDOWS\System32\DRIVERS\LHidFlt2.Sys [2003-12-11 25630]
R3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\System32\DRIVERS\LMouFlt2.Sys [2003-12-11 70894]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2007-11-29 28432]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [2004-08-12 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-12-05 7435392]
R3 NVR0Dev;NVR0Dev; \??\C:\WINDOWS\nvoclock.sys []
R3 SSKBFD;Webroot Spy Sweeper Keylogger Shield Keyboard Filter; C:\WINDOWS\System32\Drivers\sskbfd.sys [2008-01-04 23920]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [2006-05-23 245248]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2004-08-03 48128]
S3 a6wdrb42;a6wdrb42; C:\WINDOWS\system32\drivers\a6wdrb42.sys []
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter; \??\C:\WINDOWS\system32\drivers\NSDriver.sys []
S3 Ad-Watch Real-Time Scanner;AW Real-Time Scanner; \??\C:\WINDOWS\system32\drivers\AWRTPD.sys []
S3 Ad-Watch Registry Filter;Ad-Watch Registry Kernel Filter; \??\C:\WINDOWS\system32\drivers\AWRTRD.sys []
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2004-08-03 38912]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.SYS []
S3 LHidUsb;Logitech USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsb.Sys [2003-12-11 37916]
S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2007-11-29 36368]
S3 MagicTune;MagicTune; C:\WINDOWS\system32\drivers\MTiCtwl.sys [2005-10-21 13396]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2004-08-03 51328]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 nm;Network Monitor Driver; C:\WINDOWS\System32\DRIVERS\NMnt.sys [2004-08-03 40320]
S3 npkcrypt;npkcrypt; \??\C:\Documents and Settings\Patrick\My Documents\Games\Lineage 2\system\npkcrypt.sys []
S3 pgfilter;pgfilter; \??\C:\Program Files\PeerGuardian2\pgfilter.sys []
S3 RivaTuner32;RivaTuner32; \??\C:\Program Files\RivaTuner v2.08\RivaTuner32.sys []
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter; C:\WINDOWS\System32\DRIVERS\RTL8187.sys [2007-01-11 194304]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 w600bus;Sony Ericsson W600 driver (WDM); C:\WINDOWS\system32\DRIVERS\w600bus.sys [2005-08-15 60928]
S3 w600mdfl;Sony Ericsson W600 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w600mdfl.sys [2005-08-15 8336]
S3 w600mdm;Sony Ericsson W600 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\w600mdm.sys [2005-08-15 96672]
S3 w600mgmt;Sony Ericsson W600 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\w600mgmt.sys [2005-08-15 88080]
S3 w600obex;Sony Ericsson W600 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\w600obex.sys [2005-08-15 85952]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\system32\System32\drivers\ws2ifsl.sys []

List of services

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-08-18 611664]
R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard; C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe [2008-06-02 312880]
R2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2008-07-29 206088]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 nTuneService;nTune Service; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [2007-09-04 131072]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-12-05 155716]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-03-04 66872]
S2 WebrootSpySweeperService;Webroot Spy Sweeper Engine; C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe [2008-07-28 3577192]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-02-20 68096]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-04-20 654848]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

-----------------EOF-----------------

Edited by Kenzik, 30 August 2008 - 12:20 AM.

[Ltangelic]

No worries, I'll be getting a fix for you by tonight.

[Ltangelic]

Hey Kenzik,

From your log, you seem to have multiple anti-spyware running on your computer. This is not recommended as multiple protection of the same kind can cause conflicts and reduce the efficiency of the softwares. Please disable one of the following:

Webroot Spysweeper
AVG Anti-Spyware 7.5

Please follow my instructions in the order they were given, and print out a copy of it as you may not have access to the forums during the fix.

1) Get Uninstall List from HijackThis

To get an Uninstall List from HijackThis:

• Open HijackThis, click Config, click Misc Tools
• Click "Open Uninstall Manager"
• Click "Save List" (generates uninstall_list.txt)
• Click Save, copy and paste the results in your next post.

2) Run OTMoveIt2

Please download the OTMoveIt2 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  [kill explorer]
  C:\WINDOWS\tasks\At26.job
  C:\WINDOWS\tasks\At27.job
  C:\WINDOWS\tasks\At28.job
  C:\WINDOWS\tasks\At29.job
  C:\WINDOWS\tasks\At30.job
  C:\WINDOWS\tasks\At31.job
  C:\WINDOWS\tasks\At32.job
  C:\WINDOWS\tasks\At33.job
  C:\WINDOWS\tasks\At34.job
  C:\WINDOWS\tasks\At35.job
  C:\WINDOWS\tasks\At36.job
  C:\WINDOWS\tasks\At37.job
  C:\WINDOWS\tasks\At38.job
  C:\WINDOWS\tasks\At39.job
  C:\WINDOWS\tasks\At40.job
  C:\WINDOWS\tasks\At41.job
  C:\WINDOWS\tasks\At42.job
  C:\WINDOWS\tasks\At43.job
  C:\WINDOWS\tasks\At44.job
  C:\WINDOWS\tasks\At45.job
  C:\WINDOWS\tasks\At46.job
  C:\WINDOWS\tasks\At47.job
  C:\WINDOWS\tasks\At48.job
  C:\WINDOWS\system32\4yDjFUBO.exe.a_a
  C:\WINDOWS\system32\GlL7L24W.exe.a_a
  C:\WINDOWS\system32\drivers\a6wdrb42.sys
  I:\PSETUP.exe
  J:\Setup.exe
  a6wdrb42 <delete service>
  HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I
  HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J
  purity
  emptytemp
  [start explorer]

• Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
• Click the red Moveit! button.
• A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

3) Scan with Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Next reply (please include):
HijackThis logs (uninstall log and normal log)
OTMoveIt2 log
MBAM scan log

[Kenzik]

Thank you for the reply again. I wasn't able to remove Spysweeper (it froze my computer so I was forced to delete the .exe at least temporarily) so I just removed AVG for now.


HiJackThis Normal log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:09:32 PM, on 8/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\notepad.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Globe Software\StatBar\StatBar.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [JMB36X Configure] "C:\WINDOWS\System32\JMRaidTool.exe" boot
O4 - HKLM\..\Run: [Logitech Utility] "C:\WINDOWS\Logi_MwX.Exe"
O4 - HKLM\..\Run: [DeadAIM] "C:\WINDOWS\system32\rundll32.exe" "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKCU\..\Run: [StatBar] "C:\Program Files\Globe Software\StatBar\StatBar.exe"
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /Minimized
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NCProTray.lnk = ?
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.6.0_01) -
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{04A8EC2B-40B8-42CF-8AB5-1E4E1EF575CA}: NameServer = 66.75.164.90,66.75.164.89
O17 - HKLM\System\CS1\Services\Tcpip\..\{04A8EC2B-40B8-42CF-8AB5-1E4E1EF575CA}: NameServer = 66.75.164.90,66.75.164.89
O17 - HKLM\System\CS2\Services\Tcpip\..\{04A8EC2B-40B8-42CF-8AB5-1E4E1EF575CA}: NameServer = 66.75.164.90,66.75.164.89
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dllC:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dllC:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dllC:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - (no file)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Unknown owner - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (file missing)

--
End of file - 8838 bytes


HiJackThis Uninstall log:


7-Zip 4.57
Ad-Aware
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit 2
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Reader 7.1.0
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Shockwave Player
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AGEIA PhysX v7.09.13
AOL Instant Messenger
AsusUpdate
Audiosurf
AVI Codec Pack
Battlefield 2: Deluxe Edition
Call of Duty® 4 - Modern Warfare™
Call of Duty® 4 - Modern Warfare™ 1.4 Patch
Call of Duty® 4 - Modern Warfare™ 1.5 Multiplayer Patch
Call of Duty® 4 - Modern Warfare™ 1.5 Singleplayer Patch
CleanUp!
Combined Community Codec Pack 2008-01-24
DeadAIM
DFX 8 for Windows Media Player
Diablo II
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Download Manager 2.3.7
EAX4 Unified Redist
EPSON Copy Utility
EPSON Scanner Reference Guide
EPSON Smart Panel
EPSON TWAIN 5
Fraps (remove only)
Free Download Manager 2.5
Futuremark SystemInfo
GameSpot Download Manager
Google Earth
Google Toolbar for Firefox
GPL MPEG-1/2 DirectShow Decoder Filter
Grand Theft Auto Vice City
Guild Wars
Half-Life 2: Episode Two
High Definition Audio Driver Package - KB888111
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hitman 2 Silent Assassin
Hitman Blood Money
Hitman: Contracts
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Jasc Paint Shop Pro 9
Java™ 6 Update 7
JRAID
Kaspersky Internet Security 2009
Kaspersky Internet Security 2009
LimeWire PRO 4.12.3
Logitech Desktop Messenger
Logitech MouseWare 9.80
Marvell Miniport Driver
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft AppLocale
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office XP Professional with FrontPage
Microsoft Publisher 2002
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
mIRC
Mozilla Firefox (2.0.0.16)
MP3 WAV Converter 3.30
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
Natural Color Pro
NVIDIA Drivers
NVIDIA nTune
Oblivion
Oblivion - Knights of the Nine
PDF Settings
PeerGuardian 2.0
Peggle Extreme
PictureGear 4.1Lite
Poker Superstars II
Portal
PowerISO
QuickTime
RealPlayer
RivaTuner v2.08
S.T.A.L.K.E.R. - Shadow of Chernobyl
ScanToWeb
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 8 (KB917734)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Software Informer 1.0 BETA
Sony Ericsson PC Suite 1.10.21
SoundMAX
Spy Sweeper Core
Starcraft
StatBar 2.406
Steam
System Requirements Lab
Team Fortress 2
The Chronicles of Riddick - Escape From Butcher Bay
The Witcher
Unreal Tournament 2004
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Ventrilo Client
VideoLAN VLC media player 0.8.6a
Winamp
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver
WinZip
World of Warcraft
Xfire (remove only)
Yahoo! Toolbar


OTMoveIt2 log:


Explorer killed successfully
C:\WINDOWS\tasks\At26.job moved successfully.
C:\WINDOWS\tasks\At27.job moved successfully.
C:\WINDOWS\tasks\At28.job moved successfully.
C:\WINDOWS\tasks\At29.job moved successfully.
C:\WINDOWS\tasks\At30.job moved successfully.
C:\WINDOWS\tasks\At31.job moved successfully.
C:\WINDOWS\tasks\At32.job moved successfully.
C:\WINDOWS\tasks\At33.job moved successfully.
C:\WINDOWS\tasks\At34.job moved successfully.
C:\WINDOWS\tasks\At35.job moved successfully.
C:\WINDOWS\tasks\At36.job moved successfully.
C:\WINDOWS\tasks\At37.job moved successfully.
C:\WINDOWS\tasks\At38.job moved successfully.
C:\WINDOWS\tasks\At39.job moved successfully.
C:\WINDOWS\tasks\At40.job moved successfully.
C:\WINDOWS\tasks\At41.job moved successfully.
C:\WINDOWS\tasks\At42.job moved successfully.
C:\WINDOWS\tasks\At43.job moved successfully.
C:\WINDOWS\tasks\At44.job moved successfully.
C:\WINDOWS\tasks\At45.job moved successfully.
C:\WINDOWS\tasks\At46.job moved successfully.
C:\WINDOWS\tasks\At47.job moved successfully.
C:\WINDOWS\tasks\At48.job moved successfully.
C:\WINDOWS\system32\4yDjFUBO.exe.a_a moved successfully.
C:\WINDOWS\system32\GlL7L24W.exe.a_a moved successfully.
File/Folder C:\WINDOWS\system32\drivers\a6wdrb42.sys not found.
File/Folder I:\PSETUP.exe not found.
File/Folder J:\Setup.exe not found.
Service not present: a6wdrb42.
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I\\ deleted successfully.
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J\\ deleted successfully.
< purity >
< emptytemp >
File delete failed. C:\DOCUME~1\Patrick\LOCALS~1\Temp\Perflib_Perfdata_3cc.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Patrick\LOCALS~1\Temp\~DF1E79.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~241e0768c8.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~241e10b390.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~250d9af548.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~250da50ab8.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_210.dat scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08312008_143454

Files moved on Reboot...
File C:\DOCUME~1\Patrick\LOCALS~1\Temp\Perflib_Perfdata_3cc.dat not found!
File C:\DOCUME~1\Patrick\LOCALS~1\Temp\~DF1E79.tmp not found!
File C:\WINDOWS\temp\cch~241e0768c8.htp not found!
File C:\WINDOWS\temp\cch~241e10b390.htp not found!
File C:\WINDOWS\temp\cch~250d9af548.htp not found!
File C:\WINDOWS\temp\cch~250da50ab8.htp not found!
File C:\WINDOWS\temp\Perflib_Perfdata_210.dat not found!


MBAM scan log:


Malwarebytes' Anti-Malware 1.25
Database version: 1102
Windows 5.1.2600 Service Pack 2

3:06:45 PM 8/31/2008
mbam-log-08-31-2008 (15-06-45).txt

Scan type: Quick Scan
Objects scanned: 48233
Time elapsed: 2 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\HOSTS (Trojan.Agent) -> Quarantined and deleted successfully.

Edited by Kenzik, 31 August 2008 - 04:15 PM.

[Ltangelic]

Hey Kenzik,

Thank you for the reply again. I wasn't able to remove Spysweeper (it froze my computer so I was forced to delete the .exe at least temporarily) so I just removed AVG for now

No, I'm not asking you to remove Spysweeper my friend. It's a good program that you should keep, but you cannot use more than one anti-spyware shield at one time. Please disable it, not remove it.

Instructions for disabling Spy Sweeper

Your log looks better, still got work to do though. Don't worry, we're close.

1) Remove Programs using Control Panel

Please go to Add or Remove Programs and remove the following (if present):

PeerGuardian 2.0
LimeWire PRO 4.12.3

Reboot your computer.

2) Rerun OTMoveIt2

• Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  [kill explorer]
  C:\Documents and Settings\Patrick\My Documents\Limewire
  C:\Documents and Settings\Patrick\My Documents\Kazaa Lite K++
  C:\Documents and Settings\Patrick\Desktop\utorrent 1.2.exe
  C:\Program Files\uTorrent
  C:\Program Files\PeerGuardian2
  C:\Program Files\LimeWire PRO 4.12.3
  purity
  emptytemp
  [start explorer]

• Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
• Click the red Moveit! button.
• A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

3) Run Kaspersky

Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  Extended (if available otherwise Standard)
  
  • Scan Options:
  Scan Archives
  Scan Mail Bases
• Click OK
• Now under select a target to scan:Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  
  • Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that information in your next post.

4) Rerun RSIT

• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Next reply (please include):
Fresh HijackThis log
OTMoveit2 log
Kaspersky scan log
RSIT logs

Edited by Ltangelic, 01 September 2008 - 09:17 AM.

[Kenzik]

While trying to update the online Kaspersky thing, my computer kept rebooting itself at the same time durring the second part of the update. I tried to disable/exit out of the Kaspersky version that I already have installed, and it didn't work. But anyways, here are the other 3 logs.

HijackThis log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:41:28 AM, on 9/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Globe Software\StatBar\StatBar.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [JMB36X Configure] "C:\WINDOWS\System32\JMRaidTool.exe" boot
O4 - HKLM\..\Run: [Logitech Utility] "C:\WINDOWS\Logi_MwX.Exe"
O4 - HKLM\..\Run: [DeadAIM] "C:\WINDOWS\system32\rundll32.exe" "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKCU\..\Run: [StatBar] "C:\Program Files\Globe Software\StatBar\StatBar.exe"
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /Minimized
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NCProTray.lnk = ?
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.6.0_01) -
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{04A8EC2B-40B8-42CF-8AB5-1E4E1EF575CA}: NameServer = 66.75.164.90,66.75.164.89
O17 - HKLM\System\CS1\Services\Tcpip\..\{04A8EC2B-40B8-42CF-8AB5-1E4E1EF575CA}: NameServer = 66.75.164.90,66.75.164.89
O17 - HKLM\System\CS2\Services\Tcpip\..\{04A8EC2B-40B8-42CF-8AB5-1E4E1EF575CA}: NameServer = 66.75.164.90,66.75.164.89
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dllC:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dllC:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dllC:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - (no file)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Unknown owner - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (file missing)

--
End of file - 8967 bytes


OTMoveit2 log


Explorer killed successfully
C:\Documents and Settings\Patrick\My Documents\Limewire moved successfully.
File/Folder C:\Documents and Settings\Patrick\My Documents\Kazaa Lite K++ not found.
File/Folder C:\Documents and Settings\Patrick\Desktop\utorrent 1.2.exe not found.
C:\Program Files\uTorrent moved successfully.
C:\Program Files\PeerGuardian2\lists moved successfully.
C:\Program Files\PeerGuardian2 moved successfully.
File/Folder C:\Program Files\LimeWire PRO 4.12.3 not found.
< purity >
< emptytemp >
File delete failed. C:\DOCUME~1\Patrick\LOCALS~1\Temp\Perflib_Perfdata_b94.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Patrick\LOCALS~1\Temp\~DFF7C0.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~2aa5697af0.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~2aa573a280.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~62fd35c5d0.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~62fd3fa298.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_2c8.dat scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09012008_085558

Files moved on Reboot...
File C:\DOCUME~1\Patrick\LOCALS~1\Temp\Perflib_Perfdata_b94.dat not found!
C:\DOCUME~1\Patrick\LOCALS~1\Temp\~DFF7C0.tmp moved successfully.
File C:\WINDOWS\temp\cch~2aa5697af0.htp not found!
File C:\WINDOWS\temp\cch~2aa573a280.htp not found!
File C:\WINDOWS\temp\cch~62fd35c5d0.htp not found!
File C:\WINDOWS\temp\cch~62fd3fa298.htp not found!
File C:\WINDOWS\temp\Perflib_Perfdata_2c8.dat not found!


RSIT logs


Logfile of random's system information tool (written by random/random)
Run by Patrick at 2008-09-02 01:37:33
Microsoft Windows XP Professional Service Pack 2
System drive C: has 2 GB (1%) free of 131 GB
Total RAM: 2047 MB (80% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:37:35 AM, on 9/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Globe Software\StatBar\StatBar.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Patrick\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Patrick.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [JMB36X Configure] "C:\WINDOWS\System32\JMRaidTool.exe" boot
O4 - HKLM\..\Run: [Logitech Utility] "C:\WINDOWS\Logi_MwX.Exe"
O4 - HKLM\..\Run: [DeadAIM] "C:\WINDOWS\system32\rundll32.exe" "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKCU\..\Run: [StatBar] "C:\Program Files\Globe Software\StatBar\StatBar.exe"
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /Minimized
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NCProTray.lnk = ?
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.6.0_01) -
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{04A8EC2B-40B8-42CF-8AB5-1E4E1EF575CA}: NameServer = 66.75.164.90,66.75.164.89
O17 - HKLM\System\CS1\Services\Tcpip\..\{04A8EC2B-40B8-42CF-8AB5-1E4E1EF575CA}: NameServer = 66.75.164.90,66.75.164.89
O17 - HKLM\System\CS2\Services\Tcpip\..\{04A8EC2B-40B8-42CF-8AB5-1E4E1EF575CA}: NameServer = 66.75.164.90,66.75.164.89
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dllC:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dllC:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dllC:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - (no file)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Unknown owner - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (file missing)

--
End of file - 8938 bytes

Scheduled tasks folder

C:\WINDOWS\tasks\jucheck.job
C:\WINDOWS\tasks\XoftSpy.job

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-03-20 803864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-08-01 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll [2008-07-29 62728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
FDMIECookiesBHO Class - C:\Program Files\Free Download Manager\iefdm2.dll [2007-11-26 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-03-20 803864]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"JMB36X Configure"=C:\WINDOWS\System32\JMRaidTool.exe [2006-06-02 385024]
"Logitech Utility"=C:\WINDOWS\Logi_MwX.Exe [2003-12-11 20992]
"DeadAIM"=C:\PROGRA~1\AIM\\DeadAIM.ocm [2004-02-28 144896]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2006-10-05 868352]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2006-07-13 729088]
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2007-12-05 8523776]
"nwiz"=C:\WINDOWS\system32\nwiz.exe [2007-12-05 1626112]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-12-05 81920]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-10-19 286720]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2008-07-29 206088]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-03 208952]
"IMEKRMIG6.1"=C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE [2001-08-23 44032]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2002-08-28 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2002-08-28 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2002-08-28 455168]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"StatBar"=C:\Program Files\Globe Software\StatBar\StatBar.exe [2003-07-25 335872]
""= []
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2005-08-09 155648]
"NVIDIA nTune"=C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe [2007-09-04 81920]
"igndlm.exe"=C:\Program Files\Download Manager\DLM.exe [2008-08-01 1103216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2007-10-19 286720]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
NCProTray.lnk - C:\Program Files\SEC\Natural Color Pro\NCProTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dllC:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dllC:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dllC:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2008-07-29 218376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll schannel.dll digest.dll msnsspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Documents and Settings\Patrick\My Documents\Limewire\LimeWire.exe"="C:\Documents and Settings\Patrick\My Documents\Limewire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Documents and Settings\Patrick\My Documents\Kazaa Lite K++\klrun.exe"="C:\Documents and Settings\Patrick\My Documents\Kazaa Lite K++\klrun.exe:*:Enabled:klrun"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\Azureus Vuze\Azureus.exe"="C:\Program Files\Azureus Vuze\Azureus.exe:*:Enabled:Azureus Vuze"
"C:\Documents and Settings\Patrick\My Documents\Games\Battlefield 2\BF2.exe"="C:\Documents and Settings\Patrick\My Documents\Games\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2"
"C:\Documents and Settings\Patrick\My Documents\Games\Steam\steamapps\688bc66bc31dd3b27ea26b2cc8d5d251\counter-strike source\hl2.exe"="C:\Documents and Settings\Patrick\My Documents\Games\Steam\steamapps\688bc66bc31dd3b27ea26b2cc8d5d251\counter-strike source\hl2.exe:*:Enabled:hl2"
"C:\Documents and Settings\Patrick\My Documents\Games\Steam\steamapps\688bc66bc31dd3b27ea26b2cc8d5d251\half-life\hl.exe"="C:\Documents and Settings\Patrick\My Documents\Games\Steam\steamapps\688bc66bc31dd3b27ea26b2cc8d5d251\half-life\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Documents and Settings\Patrick\My Documents\Games\Steam\steamapps\tbgnb11\half-life\hl.exe"="C:\Documents and Settings\Patrick\My Documents\Games\Steam\steamapps\tbgnb11\half-life\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Documents and Settings\Patrick\My Documents\Games\Steam\steamapps\688bc66bc31dd3b27ea26b2cc8d5d251\half-life blue shift\hl.exe"="C:\Documents and Settings\Patrick\My Documents\Games\Steam\steamapps\688bc66bc31dd3b27ea26b2cc8d5d251\half-life blue shift\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Documents and Settings\Patrick\My Documents\Games\Grand Theft Auto - Vice City\gta-vc.exe"="C:\Documents and Settings\Patrick\My Documents\Games\Grand Theft Auto - Vice City\gta-vc.exe:*:Enabled:Play GTA Vice City"
"C:\Documents and Settings\Patrick\My Documents\Kazaa\Kazaa Lite K++\KazaaLite.kpp"="C:\Documents and Settings\Patrick\My Documents\Kazaa\Kazaa Lite K++\KazaaLite.kpp:*:Enabled:KazaaLite"
"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe:*:Enabled:Kaspersky Anti-Virus"
"C:\Documents and Settings\Patrick\My Documents\Games\Tom Clancy's Splinter Cell Double Agent\SCDA-Offline\System\SplinterCell4.exe"="C:\Documents and Settings\Patrick\My Documents\Games\Tom Clancy's Splinter Cell Double Agent\SCDA-Offline\System\SplinterCell4.exe:*:Enabled:SplinterCell4"
"C:\Documents and Settings\Patrick\My Documents\Games\Steam\steamapps\688bc66bc31dd3b27ea26b2cc8d5d251\half-life 2 deathmatch\hl2.exe"="C:\Documents and Settings\Patrick\My Documents\Games\Steam\steamapps\688bc66bc31dd3b27ea26b2cc8d5d251\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Documents and Settings\Patrick\Desktop\utorrent 1.2.exe"="C:\Documents and Settings\Patrick\Desktop\utorrent 1.2.exe:*:Enabled:utorrent 1.2"
"C:\Documents and Settings\Patrick\My Documents\Games\F.E.A.R\fpupdate.exe"="C:\Documents and Settings\Patrick\My Documents\Games\F.E.A.R\fpupdate.exe:*:Enabled:fpupdate"
"C:\Documents and Settings\Patrick\My Documents\Games\World of Warcraft\World of Warcraft\BackgroundDownloader.exe"="C:\Documents and Settings\Patrick\My Documents\Games\World of Warcraft\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\Documents and Settings\Patrick\My Documents\Games\Steam\steam.exe"="C:\Documents and Settings\Patrick\My Documents\Games\Steam\steam.exe:*:Enabled:Steam"
"C:\Documents and Settings\Patrick\My Documents\Games\Steam\steamapps\688bc66bc31dd3b27ea26b2cc8d5d251\team fortress 2\hl2.exe"="C:\Documents and Settings\Patrick\My Documents\Games\Steam\steamapps\688bc66bc31dd3b27ea26b2cc8d5d251\team fortress 2\hl2.exe:*:Enabled:hl2"
"C:\Documents and Settings\Patrick\My Documents\Games\World of Warcraft\World of Warcraft\Launcher.exe"="C:\Documents and Settings\Patrick\My Documents\Games\World of Warcraft\World of Warcraft\Launcher.exe:*:Enabled:World of Warcraft"
"C:\Documents and Settings\Patrick\My Documents\Games\Steam\steamapps\688bc66bc31dd3b27ea26b2cc8d5d251\counter-strike\hl.exe"="C:\Documents and Settings\Patrick\My Documents\Games\Steam\steamapps\688bc66bc31dd3b27ea26b2cc8d5d251\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Xfire\xfire.exe"="C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Documents and Settings\Patrick\My Documents\Games\Call of Duty 4\iw3mp.exe"="C:\Documents and Settings\Patrick\My Documents\Games\Call of Duty 4\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™ "
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Documents and Settings\Patrick\My Documents\Games\Steam\steamapps\688bc66bc31dd3b27ea26b2cc8d5d251\ricochet\hl.exe"="C:\Documents and Settings\Patrick\My Documents\Games\Steam\steamapps\688bc66bc31dd3b27ea26b2cc8d5d251\ricochet\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Documents and Settings\Patrick\My Documents\Games\Steam\steamapps\688bc66bc31dd3b27ea26b2cc8d5d251\deathmatch classic\hl.exe"="C:\Documents and Settings\Patrick\My Documents\Games\Steam\steamapps\688bc66bc31dd3b27ea26b2cc8d5d251\deathmatch classic\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Documents and Settings\Patrick\My Documents\My Downloads\AoC-US-EarlyAccess.exe"="C:\Documents and Settings\Patrick\My Documents\My Downloads\AoC-US-EarlyAccess.exe:*:Enabled:Age of Conan Downloader"
"C:\Documents and Settings\Patrick\My Documents\Games\Steam\steamapps\common\unreal tournament 2004\System\UT2004.exe"="C:\Documents and Settings\Patrick\My Documents\Games\Steam\steamapps\common\unreal tournament 2004\System\UT2004.exe:*:Enabled:UT2004"
"C:\Program Files\Octoshape Streaming Services\Patrick\OctoshapeClient.exe"="C:\Program Files\Octoshape Streaming Services\Patrick\OctoshapeClient.exe:*:Enabled:Main program for Octoshape client"
"C:\Documents and Settings\Patrick\Desktop\Age 2 + exp\empires2.exe"="C:\Documents and Settings\Patrick\Desktop\Age 2 + exp\empires2.exe:*:Enabled:Age of Empires II"
"C:\Documents and Settings\Patrick\Desktop\Age 2 + exp\age2_x1.exe"="C:\Documents and Settings\Patrick\Desktop\Age 2 + exp\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"C:\Documents and Settings\Patrick\My Documents\Games\Starcraft\Starcraft\StarCraft.exe"="C:\Documents and Settings\Patrick\My Documents\Games\Starcraft\Starcraft\StarCraft.exe:*:Enabled:Starcraft"
"C:\Documents and Settings\Patrick\My Documents\Games\exteel\System\Exteel.exe"="C:\Documents and Settings\Patrick\My Documents\Games\exteel\System\Exteel.exe:*:Enabled:Exteel"
"C:\Documents and Settings\Patrick\My Documents\Games\Halo\halo.exe"="C:\Documents and Settings\Patrick\My Documents\Games\Halo\halo.exe:*:Enabled:Halo"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Documents and Settings\Patrick\My Documents\Games\S.T.A.L.K.E.R\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe"="C:\Documents and Settings\Patrick\My Documents\Games\S.T.A.L.K.E.R\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)"
"C:\Documents and Settings\Patrick\My Documents\Games\S.T.A.L.K.E.R\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe"="C:\Documents and Settings\Patrick\My Documents\Games\S.T.A.L.K.E.R\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)"
"C:\Documents and Settings\Patrick\Desktop\utorrent.exe"="C:\Documents and Settings\Patrick\Desktop\utorrent.exe:*:Enabled:µTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Documents and Settings\Patrick\My Documents\Games\exteel\System\Exteel.exe"="C:\Documents and Settings\Patrick\My Documents\Games\exteel\System\Exteel.exe:*:Enabled:Exteel"

File associations

.reg - open - regedit.exe "%1" %*
.scr - open - "%1" %*

List of files/folders created in the last three months

2008-08-31 15:01:11 ----D---- C:\Documents and Settings\Patrick\Application Data\Malwarebytes
2008-08-31 15:01:08 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-31 15:01:08 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-31 14:34:54 ----D---- C:\_OTMoveIt
2008-08-30 02:53:56 ----HDC---- C:\WINDOWS\$NtUninstallKB901190$
2008-08-29 22:52:19 ----D---- C:\rsit
2008-08-27 14:21:40 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-08-24 00:17:57 ----A---- C:\AlphaDiscLog.txt
2008-08-24 00:13:22 ----A---- C:\WINDOWS\system32\korwbrkr.dll
2008-08-24 00:13:22 ----A---- C:\WINDOWS\system32\chtbrkr.dll
2008-08-24 00:13:22 ----A---- C:\WINDOWS\system32\chsbrkr.dll
2008-08-24 00:13:21 ----A---- C:\WINDOWS\system32\msir3jp.dll
2008-08-24 00:13:10 ----A---- C:\WINDOWS\system32\c_g18030.dll
2008-08-24 00:13:09 ----A---- C:\WINDOWS\system32\kbd101a.dll
2008-08-24 00:12:53 ----A---- C:\WINDOWS\system32\kbdnecNT.dll
2008-08-24 00:12:53 ----A---- C:\WINDOWS\system32\kbdnecAT.dll
2008-08-24 00:12:53 ----A---- C:\WINDOWS\system32\kbdnec95.dll
2008-08-24 00:12:53 ----A---- C:\WINDOWS\system32\kbdlk41j.dll
2008-08-24 00:12:53 ----A---- C:\WINDOWS\system32\kbdlk41a.dll
2008-08-24 00:12:53 ----A---- C:\WINDOWS\system32\kbdibm02.dll
2008-08-24 00:12:53 ----A---- C:\WINDOWS\system32\kbd106n.dll
2008-08-24 00:12:53 ----A---- C:\WINDOWS\system32\f3ahvoas.dll
2008-08-24 00:12:52 ----A---- C:\WINDOWS\system32\kbdax2.dll
2008-08-24 00:12:49 ----A---- C:\WINDOWS\system32\kbd101.dll
2008-08-24 00:12:29 ----A---- C:\WINDOWS\system32\c_is2022.dll
2008-08-24 00:07:18 ----A---- C:\WINDOWS\system32\kbdkor.dll
2008-08-24 00:07:18 ----A---- C:\WINDOWS\system32\kbdjpn.dll
2008-08-24 00:07:18 ----A---- C:\WINDOWS\system32\kbd106.dll
2008-08-24 00:07:18 ----A---- C:\WINDOWS\system32\kbd103.dll
2008-08-24 00:07:18 ----A---- C:\WINDOWS\system32\kbd101c.dll
2008-08-24 00:07:18 ----A---- C:\WINDOWS\system32\kbd101b.dll
2008-08-19 19:17:03 ----D---- C:\Documents and Settings\Patrick\Application Data\IGN_DLM
2008-08-19 19:16:53 ----D---- C:\Program Files\Download Manager
2008-08-19 14:49:42 ----D---- C:\Program Files\Kaspersky Lab
2008-08-19 14:49:42 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-08-19 14:39:59 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-08-18 20:23:35 ----D---- C:\Program Files\Trend Micro
2008-08-18 18:03:55 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-18 07:28:33 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-08-18 07:28:27 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-08-18 07:28:21 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-18 07:28:14 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-08-18 07:27:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-18 07:26:53 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-08-18 07:26:47 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-08-18 07:26:30 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$
2008-08-17 19:07:26 ----D---- C:\Documents and Settings\Patrick\Application Data\Webroot
2008-08-17 19:07:26 ----D---- C:\Documents and Settings\All Users\Application Data\Webroot
2008-08-17 19:07:26 ----A---- C:\WINDOWS\WRSetup.dll
2008-08-17 16:32:38 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2008-08-17 16:32:19 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-08-10 22:57:21 ----D---- C:\Program Files\7-Zip
2008-08-01 23:13:14 ----A---- C:\WINDOWS\system32\javaws.exe
2008-08-01 23:13:14 ----A---- C:\WINDOWS\system32\javaw.exe
2008-08-01 23:13:14 ----A---- C:\WINDOWS\system32\java.exe
2008-08-01 14:10:25 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-08-01 02:40:36 ----D---- C:\Program Files\Common Files\xing shared
2008-07-29 20:21:42 ----A---- C:\WINDOWS\system32\klogon.dll
2008-07-28 16:43:56 ----A---- C:\WINDOWS\system32\wrLZMA.dll
2008-07-28 16:43:48 ----A---- C:\WINDOWS\system32\SsiEfr.exe
2008-07-26 00:30:10 ----A---- C:\WINDOWS\ModemLog_Sony Ericsson W600 USB WMC Modem.txt
2008-07-26 00:30:01 ----A---- C:\WINDOWS\ModemLog_Sony Ericsson W600 USB WMC Data Modem.txt
2008-07-18 23:13:00 ----D---- C:\Documents and Settings\Patrick\Application Data\Media Player Classic
2008-07-18 22:57:03 ----D---- C:\Program Files\Combined Community Codec Pack
2008-07-14 17:24:41 ----A---- C:\WINDOWS\ST6UNST.EXE
2008-07-14 16:42:58 ----A---- C:\WINDOWS\DIIUnin.exe
2008-07-12 17:34:32 ----D---- C:\Program Files\NCSoft
2008-07-12 17:31:55 ----D---- C:\Documents and Settings\Patrick\Application Data\GetRightToGo
2008-07-10 18:09:12 ----A---- C:\tracert.txt
2008-07-06 16:29:49 ----A---- C:\WINDOWS\ScUnin.exe
2008-06-29 23:48:28 ----D---- C:\Documents and Settings\Patrick\Application Data\Ubisoft
2008-06-28 21:21:54 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-06-27 20:54:20 ----D---- C:\Program Files\Octoshape Streaming Services
2008-06-17 00:17:52 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-06-17 00:17:47 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-06-17 00:17:36 ----HDC---- C:\WINDOWS\$NtUninstallKB950759$
2008-06-17 00:17:32 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2008-06-17 00:17:28 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-06-17 00:17:20 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
2008-06-15 21:46:19 ----A---- C:\WINDOWS\BlendSettings.ini
2008-06-14 20:13:47 ----D---- C:\Downloads
2008-06-14 18:41:00 ----D---- C:\Program Files\Software Informer
2008-06-14 18:40:59 ----D---- C:\Documents and Settings\Patrick\Application Data\Free Download Manager
2008-06-14 18:40:56 ----D---- C:\Program Files\Free Download Manager
2008-06-14 18:40:56 ----D---- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
2008-06-10 17:04:26 ----A---- C:\WINDOWS\system32\ssldivx.dll
2008-06-10 17:04:26 ----A---- C:\WINDOWS\system32\libdivx.dll
2008-06-04 20:47:14 ----A---- C:\WINDOWS\entpack.ini

List of drivers

R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2008-08-19 213008]
R1 NCPro;NCPro; C:\WINDOWS\system32\system32\drivers\MTictwl.sys []
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-03-13 46652]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-04-12 278984]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-04-12 25416]
R3 ADIDTSFiltService;ADI DTS Filter Service; C:\WINDOWS\system32\drivers\adidts.sys [2006-09-01 139776]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-09-08 247296]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-29 94080]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2004-10-27 138240]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2007-11-29 35088]
R3 LHidFlt2;Logitech HID/USB Mouse Filter Driver; C:\WINDOWS\System32\DRIVERS\LHidFlt2.Sys [2003-12-11 25630]
R3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\System32\DRIVERS\LMouFlt2.Sys [2003-12-11 70894]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2007-11-29 28432]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [2004-08-12 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-12-05 7435392]
R3 NVR0Dev;NVR0Dev; \??\C:\WINDOWS\nvoclock.sys []
R3 SSKBFD;Webroot Spy Sweeper Keylogger Shield Keyboard Filter; C:\WINDOWS\System32\Drivers\sskbfd.sys [2008-01-04 23920]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [2006-05-23 245248]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2004-08-03 48128]
S3 adb9yriu;adb9yriu; C:\WINDOWS\system32\drivers\adb9yriu.sys []
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter; \??\C:\WINDOWS\system32\drivers\NSDriver.sys []
S3 Ad-Watch Real-Time Scanner;AW Real-Time Scanner; \??\C:\WINDOWS\system32\drivers\AWRTPD.sys []
S3 Ad-Watch Registry Filter;Ad-Watch Registry Kernel Filter; \??\C:\WINDOWS\system32\drivers\AWRTRD.sys []
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2004-08-03 38912]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.SYS []
S3 LHidUsb;Logitech USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsb.Sys [2003-12-11 37916]
S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2007-11-29 36368]
S3 MagicTune;MagicTune; C:\WINDOWS\system32\drivers\MTiCtwl.sys [2005-10-21 13396]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2004-08-03 51328]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 nm;Network Monitor Driver; C:\WINDOWS\System32\DRIVERS\NMnt.sys [2004-08-03 40320]
S3 npkcrypt;npkcrypt; \??\C:\Documents and Settings\Patrick\My Documents\Games\Lineage 2\system\npkcrypt.sys []
S3 pgfilter;pgfilter; \??\C:\Program Files\PeerGuardian2\pgfilter.sys []
S3 RivaTuner32;RivaTuner32; \??\C:\Program Files\RivaTuner v2.08\RivaTuner32.sys []
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter; C:\WINDOWS\System32\DRIVERS\RTL8187.sys [2007-01-11 194304]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 TSP;TSP; \??\C:\WINDOWS\system32\drivers\klif.sys []
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 w600bus;Sony Ericsson W600 driver (WDM); C:\WINDOWS\system32\DRIVERS\w600bus.sys [2005-08-15 60928]
S3 w600mdfl;Sony Ericsson W600 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w600mdfl.sys [2005-08-15 8336]
S3 w600mdm;Sony Ericsson W600 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\w600mdm.sys [2005-08-15 96672]
S3 w600mgmt;Sony Ericsson W600 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\w600mgmt.sys [2005-08-15 88080]
S3 w600obex;Sony Ericsson W600 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\w600obex.sys [2005-08-15 85952]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\system32\System32\drivers\ws2ifsl.sys []

List of services

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-08-18 611664]
R2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2008-07-29 206088]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 nTuneService;nTune Service; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [2007-09-04 131072]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-12-05 155716]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-03-04 66872]
S2 WebrootSpySweeperService;Webroot Spy Sweeper Engine; C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files

[Ltangelic]

How is your computer doing?

[Kenzik]

I haven't been getting any pop ups or anything lately, and the ad.yieldmanager thing has completely disappeared! Thank you very much for your hard work and time.

[Ltangelic]

Nice to hear that things are going well. Oops, I guess your RSIT logs got cut off here:

S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files

Could you repost the RSIT logs ONLY? Thanks, and by the way, the rest of your logs are looking good.

[Kenzik]

Woops... Sorry about that, here it is. At least it looks like I got capped only around 7 lines to early.

Logfile of random's system information tool (written by random/random)
Run by Patrick at 2008-09-02 01:37:33
Microsoft Windows XP Professional Service Pack 2
System drive C: has 2 GB (1%) free of 131 GB
Total RAM: 2047 MB (80% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:37:35 AM, on 9/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Globe Software\StatBar\StatBar.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Patrick\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Patrick.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [JMB36X Configure] "C:\WINDOWS\System32\JMRaidTool.exe" boot
O4 - HKLM\..\Run: [Logitech Utility] "C:\WINDOWS\Logi_MwX.Exe"
O4 - HKLM\..\Run: [DeadAIM] "C:\WINDOWS\system32\rundll32.exe" "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKCU\..\Run: [StatBar] "C:\Program Files\Globe Software\StatBar\StatBar.exe"
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /Minimized
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NCProTray.lnk = ?
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.6.0_01) -
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{04A8EC2B-40B8-42CF-8AB5-1E4E1EF575CA}: NameServer = 66.75.164.90,66.75.164.89
O17 - HKLM\System\CS1\Services\Tcpip\..\{04A8EC2B-40B8-42CF-8AB5-1E4E1EF575CA}: NameServer = 66.75.164.90,66.75.164.89
O17 - HKLM\System\CS2\Services\Tcpip\..\{04A8EC2B-40B8-42CF-8AB5-1E4E1EF575CA}: NameServer = 66.75.164.90,66.75.164.89
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dllC:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dllC:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dllC:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - (no file)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Unknown owner - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (file missing)

--
End of file - 8938 bytes

Scheduled tasks folder

C:\WINDOWS\tasks\jucheck.job
C:\WINDOWS\tasks\XoftSpy.job

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-03-20 803864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-08-01 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll [2008-07-29 62728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
FDMIECookiesBHO Class - C:\Program Files\Free Download Manager\iefdm2.dll [2007-11-26 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-03-20 803864]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"JMB36X Configure"=C:\WINDOWS\System32\JMRaidTool.exe [2006-06-02 385024]
"Logitech Utility"=C:\WINDOWS\Logi_MwX.Exe [2003-12-11 20992]
"DeadAIM"=C:\PROGRA~1\AIM\\DeadAIM.ocm [2004-02-28 144896]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2006-10-05 868352]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2006-07-13 729088]
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2007-12-05 8523776]
"nwiz"=C:\WINDOWS\system32\nwiz.exe [2007-12-05 1626112]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-12-05 81920]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-10-19 286720]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2008-07-29 206088]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-03 208952]
"IMEKRMIG6.1"=C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE [2001-08-23 44032]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2002-08-28 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2002-08-28 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2002-08-28 455168]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"StatBar"=C:\Program Files\Globe Software\StatBar\StatBar.exe [2003-07-25 335872]
""= []
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2005-08-09 155648]
"NVIDIA nTune"=C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe [2007-09-04 81920]
"igndlm.exe"=C:\Program Files\Download Manager\DLM.exe [2008-08-01 1103216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2007-10-19 286720]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
NCProTray.lnk - C:\Program Files\SEC\Natural Color Pro\NCProTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dllC:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dllC:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dllC:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2008-07-29 218376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll schannel.dll digest.dll msnsspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Documents and Settings\Patrick\My Documents\Limewire\LimeWire.exe"="C:\Documents and Settings\Patrick\My Documents\Limewire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Documents and Settings\Patrick\My Documents\Kazaa Lite K++\klrun.exe"="C:\Documents and Settings\Patrick\My Documents\Kazaa Lite K++\klrun.exe:*:Enabled:klrun"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\Azureus Vuze\Azureus.exe"="C:\Program Files\Azureus Vuze\Azureus.exe:*:Enabled:Azureus Vuze"
"C:\Documents and Settings\Patrick\My Documents\Games\Battlefield 2\BF2.exe"="C:\Documents and Settings\Patrick\My Documents\Games\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2"
"C:\Documents and Settings\Patrick\My Documents\Games\Steam\steamapps\688bc66bc31dd3b27ea26b2cc8d5d251\counter-strike source\hl2.exe"="C:\Documents and Settings\Patrick\My Documents\Games\Steam\steamapps\688bc66bc31dd3b27ea26b2cc8d5d251\counter-strike source\hl2.exe:*:Enabled:hl2"
"C:\Documents and Settings\Patrick\My Documents\Games\Steam\steamapps\688bc66bc31dd3b27ea26b2cc8d5d251\half-life\hl.exe"="C:\Documents and Settings\Patrick\My Documents\Games\Steam\steamapps\688bc66bc31dd3b27ea26b2cc8d5d251\half-life\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Documents and Settings\Patrick\My Documents\Games\Steam\steamapps\tbgnb11\half-life\hl.exe"="C:\Documents and Settings\Patrick\My Documents\Games\Steam\steamapps\tbgnb11\half-life\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Documents and Settings\Patrick\My Documents\Games\Steam\steamapps\688bc66bc31dd3b27ea26b2cc8d5d251\half-life blue shift\hl.exe"="C:\Documents and Settings\Patrick\My Documents\Games\Steam\steamapps\688bc66bc31dd3b27ea26b2cc8d5d251\half-life blue shift\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Documents and Settings\Patrick\My Documents\Games\Grand Theft Auto - Vice City\gta-vc.exe"="C:\Documents and Settings\Patrick\My Documents\Games\Grand Theft Auto - Vice City\gta-vc.exe:*:Enabled:Play GTA Vice City"
"C:\Documents and Settings\Patrick\My Documents\Kazaa\Kazaa Lite K++\KazaaLite.kpp"="C:\Documents and Settings\Patrick\My Documents\Kazaa\Kazaa Lite K++\KazaaLite.kpp:*:Enabled:KazaaLite"
"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe:*:Enabled:Kaspersky Anti-Virus"
"C:\Documents and Settings\Patrick\My Documents\Games\Tom Clancy's Splinter Cell Double Agent\SCDA-Offline\System\SplinterCell4.exe"="C:\Documents and Settings\Patrick\My Documents\Games\Tom Clancy's Splinter Cell Double Agent\SCDA-Offline\System\SplinterCell4.exe:*:Enabled:SplinterCell4"
"C:\Documents and Settings\Patrick\My Documents\Games\Steam\steamapps\688bc66bc31dd3b27ea26b2cc8d5d251\half-life 2 deathmatch\hl2.exe"="C:\Documents and Settings\Patrick\My Documents\Games\Steam\steamapps\688bc66bc31dd3b27ea26b2cc8d5d251\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Documents and Settings\Patrick\Desktop\utorrent 1.2.exe"="C:\Documents and Settings\Patrick\Desktop\utorrent 1.2.exe:*:Enabled:utorrent 1.2"
"C:\Documents and Settings\Patrick\My Documents\Games\F.E.A.R\fpupdate.exe"="C:\Documents and Settings\Patrick\My Documents\Games\F.E.A.R\fpupdate.exe:*:Enabled:fpupdate"
"C:\Documents and Settings\Patrick\My Documents\Games\World of Warcraft\World of Warcraft\BackgroundDownloader.exe"="C:\Documents and Settings\Patrick\My Documents\Games\World of Warcraft\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\Documents and Settings\Patrick\My Documents\Games\Steam\steam.exe"="C:\Documents and Settings\Patrick\My Documents\Games\Steam\steam.exe:*:Enabled:Steam"
"C:\Documents and Settings\Patrick\My Documents\Games\Steam\steamapps\688bc66bc31dd3b27ea26b2cc8d5d251\team fortress 2\hl2.exe"="C:\Documents and Settings\Patrick\My Documents\Games\Steam\steamapps\688bc66bc31dd3b27ea26b2cc8d5d251\team fortress 2\hl2.exe:*:Enabled:hl2"
"C:\Documents and Settings\Patrick\My Documents\Games\World of Warcraft\World of Warcraft\Launcher.exe"="C:\Documents and Settings\Patrick\My Documents\Games\World of Warcraft\World of Warcraft\Launcher.exe:*:Enabled:World of Warcraft"
"C:\Documents and Settings\Patrick\My Documents\Games\Steam\steamapps\688bc66bc31dd3b27ea26b2cc8d5d251\counter-strike\hl.exe"="C:\Documents and Settings\Patrick\My Documents\Games\Steam\steamapps\688bc66bc31dd3b27ea26b2cc8d5d251\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Xfire\xfire.exe"="C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Documents and Settings\Patrick\My Documents\Games\Call of Duty 4\iw3mp.exe"="C:\Documents and Settings\Patrick\My Documents\Games\Call of Duty 4\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™ "
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Documents and Settings\Patrick\My Documents\Games\Steam\steamapps\688bc66bc31dd3b27ea26b2cc8d5d251\ricochet\hl.exe"="C:\Documents and Settings\Patrick\My Documents\Games\Steam\steamapps\688bc66bc31dd3b27ea26b2cc8d5d251\ricochet\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Documents and Settings\Patrick\My Documents\Games\Steam\steamapps\688bc66bc31dd3b27ea26b2cc8d5d251\deathmatch classic\hl.exe"="C:\Documents and Settings\Patrick\My Documents\Games\Steam\steamapps\688bc66bc31dd3b27ea26b2cc8d5d251\deathmatch classic\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Documents and Settings\Patrick\My Documents\My Downloads\AoC-US-EarlyAccess.exe"="C:\Documents and Settings\Patrick\My Documents\My Downloads\AoC-US-EarlyAccess.exe:*:Enabled:Age of Conan Downloader"
"C:\Documents and Settings\Patrick\My Documents\Games\Steam\steamapps\common\unreal tournament 2004\System\UT2004.exe"="C:\Documents and Settings\Patrick\My Documents\Games\Steam\steamapps\common\unreal tournament 2004\System\UT2004.exe:*:Enabled:UT2004"
"C:\Program Files\Octoshape Streaming Services\Patrick\OctoshapeClient.exe"="C:\Program Files\Octoshape Streaming Services\Patrick\OctoshapeClient.exe:*:Enabled:Main program for Octoshape client"
"C:\Documents and Settings\Patrick\Desktop\Age 2 + exp\empires2.exe"="C:\Documents and Settings\Patrick\Desktop\Age 2 + exp\empires2.exe:*:Enabled:Age of Empires II"
"C:\Documents and Settings\Patrick\Desktop\Age 2 + exp\age2_x1.exe"="C:\Documents and Settings\Patrick\Desktop\Age 2 + exp\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"C:\Documents and Settings\Patrick\My Documents\Games\Starcraft\Starcraft\StarCraft.exe"="C:\Documents and Settings\Patrick\My Documents\Games\Starcraft\Starcraft\StarCraft.exe:*:Enabled:Starcraft"
"C:\Documents and Settings\Patrick\My Documents\Games\exteel\System\Exteel.exe"="C:\Documents and Settings\Patrick\My Documents\Games\exteel\System\Exteel.exe:*:Enabled:Exteel"
"C:\Documents and Settings\Patrick\My Documents\Games\Halo\halo.exe"="C:\Documents and Settings\Patrick\My Documents\Games\Halo\halo.exe:*:Enabled:Halo"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Documents and Settings\Patrick\My Documents\Games\S.T.A.L.K.E.R\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe"="C:\Documents and Settings\Patrick\My Documents\Games\S.T.A.L.K.E.R\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)"
"C:\Documents and Settings\Patrick\My Documents\Games\S.T.A.L.K.E.R\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe"="C:\Documents and Settings\Patrick\My Documents\Games\S.T.A.L.K.E.R\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)"
"C:\Documents and Settings\Patrick\Desktop\utorrent.exe"="C:\Documents and Settings\Patrick\Desktop\utorrent.exe:*:Enabled:µTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Documents and Settings\Patrick\My Documents\Games\exteel\System\Exteel.exe"="C:\Documents and Settings\Patrick\My Documents\Games\exteel\System\Exteel.exe:*:Enabled:Exteel"

File associations

.reg - open - regedit.exe "%1" %*
.scr - open - "%1" %*

List of files/folders created in the last three months

2008-08-31 15:01:11 ----D---- C:\Documents and Settings\Patrick\Application Data\Malwarebytes
2008-08-31 15:01:08 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-31 15:01:08 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-31 14:34:54 ----D---- C:\_OTMoveIt
2008-08-30 02:53:56 ----HDC---- C:\WINDOWS\$NtUninstallKB901190$
2008-08-29 22:52:19 ----D---- C:\rsit
2008-08-27 14:21:40 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-08-24 00:17:57 ----A---- C:\AlphaDiscLog.txt
2008-08-24 00:13:22 ----A---- C:\WINDOWS\system32\korwbrkr.dll
2008-08-24 00:13:22 ----A---- C:\WINDOWS\system32\chtbrkr.dll
2008-08-24 00:13:22 ----A---- C:\WINDOWS\system32\chsbrkr.dll
2008-08-24 00:13:21 ----A---- C:\WINDOWS\system32\msir3jp.dll
2008-08-24 00:13:10 ----A---- C:\WINDOWS\system32\c_g18030.dll
2008-08-24 00:13:09 ----A---- C:\WINDOWS\system32\kbd101a.dll
2008-08-24 00:12:53 ----A---- C:\WINDOWS\system32\kbdnecNT.dll
2008-08-24 00:12:53 ----A---- C:\WINDOWS\system32\kbdnecAT.dll
2008-08-24 00:12:53 ----A---- C:\WINDOWS\system32\kbdnec95.dll
2008-08-24 00:12:53 ----A---- C:\WINDOWS\system32\kbdlk41j.dll
2008-08-24 00:12:53 ----A---- C:\WINDOWS\system32\kbdlk41a.dll
2008-08-24 00:12:53 ----A---- C:\WINDOWS\system32\kbdibm02.dll
2008-08-24 00:12:53 ----A---- C:\WINDOWS\system32\kbd106n.dll
2008-08-24 00:12:53 ----A---- C:\WINDOWS\system32\f3ahvoas.dll
2008-08-24 00:12:52 ----A---- C:\WINDOWS\system32\kbdax2.dll
2008-08-24 00:12:49 ----A---- C:\WINDOWS\system32\kbd101.dll
2008-08-24 00:12:29 ----A---- C:\WINDOWS\system32\c_is2022.dll
2008-08-24 00:07:18 ----A---- C:\WINDOWS\system32\kbdkor.dll
2008-08-24 00:07:18 ----A---- C:\WINDOWS\system32\kbdjpn.dll
2008-08-24 00:07:18 ----A---- C:\WINDOWS\system32\kbd106.dll
2008-08-24 00:07:18 ----A---- C:\WINDOWS\system32\kbd103.dll
2008-08-24 00:07:18 ----A---- C:\WINDOWS\system32\kbd101c.dll
2008-08-24 00:07:18 ----A---- C:\WINDOWS\system32\kbd101b.dll
2008-08-19 19:17:03 ----D---- C:\Documents and Settings\Patrick\Application Data\IGN_DLM
2008-08-19 19:16:53 ----D---- C:\Program Files\Download Manager
2008-08-19 14:49:42 ----D---- C:\Program Files\Kaspersky Lab
2008-08-19 14:49:42 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-08-19 14:39:59 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-08-18 20:23:35 ----D---- C:\Program Files\Trend Micro
2008-08-18 18:03:55 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-18 07:28:33 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-08-18 07:28:27 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-08-18 07:28:21 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-18 07:28:14 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-08-18 07:27:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-18 07:26:53 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-08-18 07:26:47 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-08-18 07:26:30 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$
2008-08-17 19:07:26 ----D---- C:\Documents and Settings\Patrick\Application Data\Webroot
2008-08-17 19:07:26 ----D---- C:\Documents and Settings\All Users\Application Data\Webroot
2008-08-17 19:07:26 ----A---- C:\WINDOWS\WRSetup.dll
2008-08-17 16:32:38 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2008-08-17 16:32:19 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-08-10 22:57:21 ----D---- C:\Program Files\7-Zip
2008-08-01 23:13:14 ----A---- C:\WINDOWS\system32\javaws.exe
2008-08-01 23:13:14 ----A---- C:\WINDOWS\system32\javaw.exe
2008-08-01 23:13:14 ----A---- C:\WINDOWS\system32\java.exe
2008-08-01 14:10:25 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-08-01 02:40:36 ----D---- C:\Program Files\Common Files\xing shared
2008-07-29 20:21:42 ----A---- C:\WINDOWS\system32\klogon.dll
2008-07-28 16:43:56 ----A---- C:\WINDOWS\system32\wrLZMA.dll
2008-07-28 16:43:48 ----A---- C:\WINDOWS\system32\SsiEfr.exe
2008-07-26 00:30:10 ----A---- C:\WINDOWS\ModemLog_Sony Ericsson W600 USB WMC Modem.txt
2008-07-26 00:30:01 ----A---- C:\WINDOWS\ModemLog_Sony Ericsson W600 USB WMC Data Modem.txt
2008-07-18 23:13:00 ----D---- C:\Documents and Settings\Patrick\Application Data\Media Player Classic
2008-07-18 22:57:03 ----D---- C:\Program Files\Combined Community Codec Pack
2008-07-14 17:24:41 ----A---- C:\WINDOWS\ST6UNST.EXE
2008-07-14 16:42:58 ----A---- C:\WINDOWS\DIIUnin.exe
2008-07-12 17:34:32 ----D---- C:\Program Files\NCSoft
2008-07-12 17:31:55 ----D---- C:\Documents and Settings\Patrick\Application Data\GetRightToGo
2008-07-10 18:09:12 ----A---- C:\tracert.txt
2008-07-06 16:29:49 ----A---- C:\WINDOWS\ScUnin.exe
2008-06-29 23:48:28 ----D---- C:\Documents and Settings\Patrick\Application Data\Ubisoft
2008-06-28 21:21:54 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-06-27 20:54:20 ----D---- C:\Program Files\Octoshape Streaming Services
2008-06-17 00:17:52 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-06-17 00:17:47 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-06-17 00:17:36 ----HDC---- C:\WINDOWS\$NtUninstallKB950759$
2008-06-17 00:17:32 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2008-06-17 00:17:28 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-06-17 00:17:20 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
2008-06-15 21:46:19 ----A---- C:\WINDOWS\BlendSettings.ini
2008-06-14 20:13:47 ----D---- C:\Downloads
2008-06-14 18:41:00 ----D---- C:\Program Files\Software Informer
2008-06-14 18:40:59 ----D---- C:\Documents and Settings\Patrick\Application Data\Free Download Manager
2008-06-14 18:40:56 ----D---- C:\Program Files\Free Download Manager
2008-06-14 18:40:56 ----D---- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
2008-06-10 17:04:26 ----A---- C:\WINDOWS\system32\ssldivx.dll
2008-06-10 17:04:26 ----A---- C:\WINDOWS\system32\libdivx.dll
2008-06-04 20:47:14 ----A---- C:\WINDOWS\entpack.ini

List of drivers

R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2008-08-19 213008]
R1 NCPro;NCPro; C:\WINDOWS\system32\system32\drivers\MTictwl.sys []
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-03-13 46652]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-04-12 278984]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-04-12 25416]
R3 ADIDTSFiltService;ADI DTS Filter Service; C:\WINDOWS\system32\drivers\adidts.sys [2006-09-01 139776]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-09-08 247296]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-29 94080]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2004-10-27 138240]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2007-11-29 35088]
R3 LHidFlt2;Logitech HID/USB Mouse Filter Driver; C:\WINDOWS\System32\DRIVERS\LHidFlt2.Sys [2003-12-11 25630]
R3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\System32\DRIVERS\LMouFlt2.Sys [2003-12-11 70894]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2007-11-29 28432]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [2004-08-12 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-12-05 7435392]
R3 NVR0Dev;NVR0Dev; \??\C:\WINDOWS\nvoclock.sys []
R3 SSKBFD;Webroot Spy Sweeper Keylogger Shield Keyboard Filter; C:\WINDOWS\System32\Drivers\sskbfd.sys [2008-01-04 23920]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [2006-05-23 245248]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2004-08-03 48128]
S3 adb9yriu;adb9yriu; C:\WINDOWS\system32\drivers\adb9yriu.sys []
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter; \??\C:\WINDOWS\system32\drivers\NSDriver.sys []
S3 Ad-Watch Real-Time Scanner;AW Real-Time Scanner; \??\C:\WINDOWS\system32\drivers\AWRTPD.sys []
S3 Ad-Watch Registry Filter;Ad-Watch Registry Kernel Filter; \??\C:\WINDOWS\system32\drivers\AWRTRD.sys []
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2004-08-03 38912]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.SYS []
S3 LHidUsb;Logitech USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsb.Sys [2003-12-11 37916]
S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2007-11-29 36368]
S3 MagicTune;MagicTune; C:\WINDOWS\system32\drivers\MTiCtwl.sys [2005-10-21 13396]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2004-08-03 51328]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 nm;Network Monitor Driver; C:\WINDOWS\System32\DRIVERS\NMnt.sys [2004-08-03 40320]
S3 npkcrypt;npkcrypt; \??\C:\Documents and Settings\Patrick\My Documents\Games\Lineage 2\system\npkcrypt.sys []
S3 pgfilter;pgfilter; \??\C:\Program Files\PeerGuardian2\pgfilter.sys []
S3 RivaTuner32;RivaTuner32; \??\C:\Program Files\RivaTuner v2.08\RivaTuner32.sys []
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter; C:\WINDOWS\System32\DRIVERS\RTL8187.sys [2007-01-11 194304]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 TSP;TSP; \??\C:\WINDOWS\system32\drivers\klif.sys []
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 w600bus;Sony Ericsson W600 driver (WDM); C:\WINDOWS\system32\DRIVERS\w600bus.sys [2005-08-15 60928]
S3 w600mdfl;Sony Ericsson W600 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w600mdfl.sys [2005-08-15 8336]
S3 w600mdm;Sony Ericsson W600 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\w600mdm.sys [2005-08-15 96672]
S3 w600mgmt;Sony Ericsson W600 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\w600mgmt.sys [2005-08-15 88080]
S3 w600obex;Sony Ericsson W600 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\w600obex.sys [2005-08-15 85952]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\system32\System32\drivers\ws2ifsl.sys []

List of services

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-08-18 611664]
R2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2008-07-29 206088]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 nTuneService;nTune Service; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [2007-09-04 131072]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-12-05 155716]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-03-04 66872]
S2 WebrootSpySweeperService;Webroot Spy Sweeper Engine; C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-02-20 68096]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-04-20 654848]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

-----------------EOF-----------------

[Ltangelic]

Thanks, I'll have a look at it now and come back with a fix asap.