Problem with Goodle REDIRECT and maybe CONFICKER

HELP! My computer is infected with the Google Redirect Virus and something else. My google searches are begin redirected. Plus, I can't run windows update or Malwarebytes without it crashing, and none of my antivirus will update.

Also, I have CCCLEANER, KILLBOX, ADAWARE, SPYBOT SEARCH & DESTROY, AVAST ANTI VIRUS
HERE"S MY HIJACK THIS LOG:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:54:41 AM, on 4/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Java\jre6\bin\jusched.exe
H:\Program Files\Razer\Copperhead\razerhid.exe
H:\Program Files\RivaTuner v2.08\RivaTuner.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
H:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Razer\Copperhead\razertra.exe
H:\Program Files\Razer\Copperhead\razerofa.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\explorer.exe
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Yahoo!\Companion\Installs\cpn\ytbb.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cd1059.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Copperhead] h:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [RivaTuner] "H:\Program Files\RivaTuner v2.08\RivaTuner.exe" /T
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [SpybotSD TeaTimer] h:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)" -"http://www.cartoonne...rth/index.html"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.runaware.com
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.co.../sysreqlab3.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-48.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.h...nosticsxp2k.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com...ageUploader.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase5483.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1183667872593
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemreq.../sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1183667856280
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Installer) - http://t1.battlefiel.../BFHUpdater.cab
O16 - DPF: {B030900C-746A-47BF-8B1D-EA3FB3395563} (CoxFastConnect20 Control) - https://fastconnect....stConnect20.ocx
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer....r_installer.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 9802 bytes

HERE'S MY OTLISTIT2 SCAN

OTListIt logfile created on: 4/4/2009 11:16:47 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.10.0 Folder = C:\Documents and Settings\STEVE KING\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 73.22% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 4000 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.37 Gb Total Space | 1.78 Gb Free Space | 9.70% Space Free | Partition Type: NTFS
Drive D: | 6.95 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 19.53 Gb Total Space | 9.66 Gb Free Space | 49.43% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 92.25 Gb Total Space | 31.33 Gb Free Space | 33.96% Space Free | Partition Type: NTFS
Drive H: | 121.36 Gb Total Space | 42.22 Gb Free Space | 34.79% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: THE-1PESJXOVY78
Current User Name: STEVE KING
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2009/02/05 16:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/02/05 16:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/12/24 11:57:45 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008/10/07 14:33:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2009/02/28 00:50:22 | 00,075,064 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
PRC - [2009/04/04 01:26:20 | 00,189,496 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe
PRC - [2009/02/05 16:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/02/05 16:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/02/05 16:08:45 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2003/06/07 06:32:32 | 00,050,688 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
PRC - [2008/12/24 11:57:45 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2005/11/25 11:53:40 | 00,155,648 | ---- | M] () -- H:\Program Files\Razer\Copperhead\razerhid.exe
PRC - [2008/03/10 03:10:00 | 02,691,072 | ---- | M] () -- H:\Program Files\RivaTuner v2.08\RivaTuner.exe
PRC - [2002/07/02 17:56:00 | 00,024,576 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTHELPER.EXE
PRC - [2009/01/05 16:18:48 | 00,413,696 | ---- | M] (Apple Inc.) -- H:\Program Files\QuickTime\QTTask.exe
PRC - [2009/03/12 20:56:58 | 00,342,312 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2005/11/25 11:54:32 | 00,147,456 | ---- | M] () -- H:\Program Files\Razer\Copperhead\razertra.exe
PRC - [2007/01/09 10:48:58 | 00,147,456 | ---- | M] (Razer Inc.) -- H:\Program Files\Razer\Copperhead\razerofa.exe
PRC - [2009/03/12 20:56:52 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/12/19 00:25:25 | 00,634,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE
PRC - [2009/04/04 11:09:52 | 00,499,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\STEVE KING\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/10/22 19:35:46 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/02/05 16:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2009/02/05 16:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2009/02/05 16:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
SRV - [2009/02/05 16:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2006/10/20 21:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2006/10/30 03:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/03/12 20:56:52 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2008/04/13 19:11:55 | 00,028,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\irmon.dll -- (Irmon [Auto | Running])
SRV - [2008/12/24 11:57:45 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2009/03/09 14:06:55 | 00,951,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Stopped])
SRV - [2006/10/30 03:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/10/07 14:33:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2003/07/28 07:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2009/02/28 00:50:22 | 00,075,064 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
SRV - [2009/04/04 01:26:20 | 00,189,496 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe -- (PnkBstrB [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2008/04/13 13:46:20 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\61883.sys -- (61883 [On_Demand | Stopped])
DRV - [2009/02/05 16:05:11 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running])
DRV - [2009/02/05 16:07:12 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
DRV - [2009/02/05 16:08:10 | 00,094,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])
DRV - [2009/02/05 16:06:10 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])
DRV - [2009/02/05 16:07:23 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Running])
DRV - [2009/02/05 16:06:20 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
DRV - [2008/04/13 13:46:20 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\avc.sys -- (Avc [On_Demand | Stopped])
DRV - [2002/07/19 10:46:28 | 00,127,948 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctac32k.sys -- (ctac32k [On_Demand | Running])
DRV - [2002/07/19 10:47:52 | 00,837,548 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k [On_Demand | Running])
DRV - [2001/08/17 12:19:20 | 00,003,712 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\DRIVERS\ctljystk.sys -- (ctljystk [On_Demand | Stopped])
DRV - [2002/07/19 10:48:08 | 00,011,068 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctprxy2k.sys -- (ctprxy2k [On_Demand | Running])
DRV - [2002/07/19 10:48:22 | 00,213,860 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running])
DRV - [2001/08/17 12:19:26 | 00,283,904 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k [On_Demand | Stopped])
DRV - [2001/08/17 12:19:28 | 00,006,912 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1 [On_Demand | Stopped])
DRV - [2002/07/19 10:48:32 | 00,156,604 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\emupia2k.sys -- (emupia [On_Demand | Running])
DRV - [2001/08/17 07:13:08 | 00,027,165 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\System32\DRIVERS\fetnd5.sys -- (FETNDIS [On_Demand | Stopped])
DRV - [2003/11/11 05:41:08 | 00,041,984 | R--- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\DRIVERS\fetnd5b.sys -- (FETNDISB [On_Demand | Running])
DRV - [2008/04/13 13:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running])
DRV - [2009/01/15 12:19:36 | 00,023,848 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [1996/04/03 14:33:26 | 00,005,248 | ---- | M] () -- C:\WINDOWS\system32\giveio.sys -- (giveio [Boot | Running])
DRV - [2002/07/24 13:52:26 | 00,998,004 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k [On_Demand | Running])
DRV - [2008/04/13 11:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Stopped])
DRV - [2001/08/17 08:51:32 | 00,018,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\irsir.sys -- (irsir [On_Demand | Running])
DRV - [2009/03/09 14:06:56 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd [Boot | Running])
DRV - [2008/04/13 13:46:09 | 00,051,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\msdv.sys -- (MSDV [On_Demand | Stopped])
DRV - [2001/08/17 09:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401 [On_Demand | Running])
DRV - [2003/07/17 03:10:06 | 00,007,040 | R--- | M] (VIA Networking Technologies, Inc. ) -- C:\WINDOWS\system32\ntsim.sys -- (NTSIM [On_Demand | Stopped])
DRV - [2008/10/07 14:33:00 | 06,133,856 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2002/07/19 10:48:04 | 00,195,432 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv [On_Demand | Running])
DRV - [2004/04/01 16:30:46 | 00,010,368 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Running])
DRV - [2002/06/14 13:49:56 | 00,010,194 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\PfModNT.sys -- (PfModNT [Auto | Running])
DRV - [2001/08/23 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007/07/02 14:41:12 | 00,036,624 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2008/03/10 03:10:00 | 00,009,088 | ---- | M] () -- h:\Program Files\RivaTuner v2.08\RivaTuner32.sys -- (RivaTuner32 [On_Demand | Running])
DRV - [2008/04/04 15:49:04 | 00,136,832 | ---- | M] (Saitek) -- C:\WINDOWS\system32\DRIVERS\SaiH8000.sys -- (SaiH8000 [On_Demand | Running])
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2001/08/17 12:19:34 | 00,036,480 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman [On_Demand | Stopped])
DRV - [2006/09/24 08:28:46 | 00,005,248 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\speedfan.sys -- (speedfan [Boot | Running])
DRV - [2008/04/13 13:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2005/11/02 11:54:44 | 00,011,596 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) -- C:\WINDOWS\system32\drivers\copperhd.sys -- (UsbFltr [On_Demand | Running])

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cd1059.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.cd1059.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2008/12/24 11:57:46 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/03/31 16:51:14 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/03/31 16:51:14 | 00,000,000 | ---D | M]

[2008/09/14 15:21:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\STEVE KING\Application Data\mozilla\Extensions
[2008/09/14 15:21:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\STEVE KING\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2007/07/06 15:25:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\STEVE KING\Application Data\mozilla\Firefox\Profiles\zifa39v4.default\extensions
[2009/04/04 10:26:33 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/31 16:51:14 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/08/06 13:06:19 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2007/10/19 22:10:31 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/03/18 20:30:01 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/07/27 02:17:24 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2008/12/24 11:57:54 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/03/31 16:51:12 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/31 16:51:12 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/10/31 13:58:14 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/10/31 13:58:14 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/10/31 13:58:14 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/24 13:12:28 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/10/31 13:58:14 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/10/31 13:58:14 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/10/31 13:58:14 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (304968 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 10505 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - Reg Error: Key error. File not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - H:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Copperhead] h:\Program Files\Razer\Copperhead\razerhid.exe ()
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install ()
O4 - HKLM..\Run: [QuickTime Task] "H:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [RivaTuner] "H:\Program Files\RivaTuner v2.08\RivaTuner.exe" /T ()
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide (Microsoft Corporation)
O4 - HKLM..\Run: [WINDVDPatch] CTHELPER.EXE (Creative Technology Ltd)
O4 - HKCU..\Run: [SpybotSD TeaTimer] h:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)" -"http://www.cartoonne...rth/index.html" (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\STEVE KING\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = H:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: runaware.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: 59 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.co.../sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg...l_v1-0-3-48.cab (EPUImageControl Class)
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} http://h20264.www2.h...nosticsxp2k.cab (DeviceEnum Class)
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} http://www.slide.com...ageUploader.cab (Slide Image Uploader Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1183667872593 (WUWebControl Class)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.systemreq.../sysreqlab2.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1183667856280 (MUWebControl Class)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} http://t1.battlefiel.../BFHUpdater.cab (Battlefield Heroes Installer)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B030900C-746A-47BF-8B1D-EA3FB3395563} https://fastconnect....stConnect20.ocx (CoxFastConnect20 Control)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://3dlifeplayer....r_installer.exe (Virtools WebPlayer Class)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/07/05 14:38:14 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/07/15 19:53:55 | 00,000,142 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2006/02/12 02:13:29 | 00,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{7022b242-2b12-11dc-9855-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{7022b242-2b12-11dc-9855-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7022b242-2b12-11dc-9855-806d6172696f}\Shell\AutoRun\command - "" = D:\setup\rsrc\Autorun.exe -- [2007/08/15 20:55:00 | 00,051,048 | R--- | M] (Activision)
O33 - MountPoints2\{7022b242-2b12-11dc-9855-806d6172696f}\Shell\dinstall\command - "" = D:\Directx\dxsetup.exe -- [2008/05/30 17:34:50 | 00,528,392 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[9 C:\WINDOWS\*.tmp files]
[2009/04/04 11:13:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/04/04 11:12:57 | 00,000,655 | ---- | C] () -- C:\Documents and Settings\STEVE KING\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/04/04 11:12:36 | 00,000,511 | ---- | C] () -- C:\Documents and Settings\STEVE KING\Desktop\NTREGOPT.lnk
[2009/04/04 11:12:36 | 00,000,498 | ---- | C] () -- C:\Documents and Settings\STEVE KING\Desktop\ERUNT.lnk
[2009/04/04 11:12:16 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\STEVE KING\Desktop\erunt_setup.exe
[2009/04/04 11:09:51 | 00,499,712 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\STEVE KING\Desktop\OTListIt2.exe
[2009/04/04 11:09:39 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/04 11:09:36 | 00,267,612 | ---- | C] () -- C:\Documents and Settings\STEVE KING\Desktop\Rooter.exe
[2009/04/04 11:08:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\STEVE KING\Desktop\SysRestorePoint_v13
[2009/04/04 11:07:22 | 00,009,334 | ---- | C] () -- C:\Documents and Settings\STEVE KING\Desktop\SysRestorePoint_v13.zip
[2009/04/04 10:42:48 | 00,906,914 | ---- | C] () -- C:\Documents and Settings\STEVE KING\My Documents\cc_20090404_104241.reg
[2009/04/04 10:39:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\STEVE KING\Application Data\Yahoo!
[2009/04/04 10:39:41 | 00,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2009/04/04 10:39:39 | 00,000,654 | ---- | C] () -- C:\Documents and Settings\STEVE KING\Desktop\CCleaner.lnk
[2009/04/04 10:31:38 | 00,000,808 | ---- | C] () -- C:\Documents and Settings\STEVE KING\Desktop\HijackThis.lnk
[2009/04/04 10:29:52 | 00,000,000 | ---D | C] -- C:\!KillBox
[2009/04/04 10:27:07 | 03,171,208 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\STEVE KING\Desktop\ccsetup216.exe
[2009/04/04 10:26:12 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\STEVE KING\Desktop\HJTInstall.exe
[2009/04/04 10:24:17 | 00,092,672 | ---- | C] (Option^Explicit Software [email protected]) -- C:\Documents and Settings\STEVE KING\Desktop\KillBox.exe
[2009/04/04 10:08:33 | 00,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/04/04 10:07:32 | 13,480,872 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\STEVE KING\Desktop\mpas-fe.exe
[2009/04/04 10:05:30 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2009/04/04 08:24:38 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\STEVE KING\My Documents\The Guide to Computer Skills Tests in the Hiring Process.doc
[2009/04/03 16:58:51 | 00,035,840 | ---- | C] () -- C:\Documents and Settings\STEVE KING\My Documents\The Guide to Psychologist Licensure Tests.doc
[2009/04/03 14:45:08 | 00,034,304 | ---- | C] () -- C:\Documents and Settings\STEVE KING\My Documents\The Guide to Psychiatry Exams.doc
[2009/04/03 11:28:55 | 00,034,304 | ---- | C] () -- C:\Documents and Settings\STEVE KING\My Documents\The Guide to Psychiatry Certification Exams.doc
[2009/04/02 17:14:29 | 00,001,749 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 7.0.lnk
[2009/04/02 17:14:28 | 00,001,766 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2009/04/02 14:35:10 | 00,041,984 | ---- | C] () -- C:\Documents and Settings\STEVE KING\My Documents\The Guide to the National Physical Therapy Examination.doc
[2009/04/02 11:07:32 | 00,038,912 | ---- | C] () -- C:\Documents and Settings\STEVE KING\My Documents\GuidetoCarbonMonoxideTests.doc
[2009/04/01 18:39:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\STEVE KING\My Documents\WDC
[2009/03/30 14:07:23 | 00,038,912 | ---- | C] () -- C:\Documents and Settings\STEVE KING\My Documents\Carbon Monoxide.doc
[2009/03/27 18:45:13 | 00,001,815 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ben 10 Bounty Hunters.lnk
[2009/03/27 18:45:12 | 00,000,000 | ---D | C] -- C:\Program Files\Cartoon Network
[2009/03/26 19:03:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\STEVE KING\My Documents\Crayon Physics Deluxe
[2009/03/23 20:17:30 | 00,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/03/23 20:17:20 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/03/23 20:17:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/03/23 20:17:17 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/03/23 20:16:24 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/03/22 11:40:41 | 00,001,749 | ---- | C] () -- C:\Documents and Settings\STEVE KING\Desktop\JS World 2nd Grade.lnk
[2009/03/22 01:47:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/03/22 01:42:59 | 00,000,560 | ---- | C] () -- C:\Documents and Settings\STEVE KING\Desktop\SpywareBlaster.lnk
[2009/03/22 01:15:40 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2009/03/22 00:58:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\STEVE KING\Application Data\Malwarebytes
[2009/03/22 00:57:59 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/22 00:57:59 | 00,000,562 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/22 00:57:57 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/22 00:57:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/03/21 23:53:45 | 00,000,721 | ---- | C] () -- C:\Documents and Settings\STEVE KING\Desktop\Call of Duty® - World at War™ Multiplayer.lnk
[2009/03/21 20:35:09 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/03/21 20:27:32 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/03/21 20:25:49 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/03/21 20:23:53 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/03/21 20:23:51 | 00,000,876 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/03/21 12:52:01 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kgbdwh
[2009/03/15 12:47:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\STEVE KING\Application Data\Crayon Physics Deluxe
[2009/03/15 12:46:58 | 00,000,641 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Crayon Physics Deluxe.lnk
[2009/03/15 11:36:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\STEVE KING\Application Data\Share-to-Web Upload Folder
[2009/03/15 11:26:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\STEVE KING\Desktop\Unused Desktop Shortcuts
[2009/03/13 10:36:49 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\STEVE KING\Desktop\setup-spybotsd162.exe
[2009/03/12 15:28:21 | 00,106,496 | ---- | C] () -- C:\Documents and Settings\STEVE KING\Desktop\Special Payroll Request Form 3-17-09.doc
[2009/03/12 15:22:59 | 00,111,616 | ---- | C] () -- C:\Documents and Settings\STEVE KING\Desktop\Special Payroll Request Form.doc
[2009/03/09 18:20:29 | 00,004,916 | ---- | C] () -- C:\Documents and Settings\STEVE KING\Desktop\jeep6oq.jpg
[2009/03/07 15:57:14 | 01,709,453 | ---- | C] () -- C:\Documents and Settings\STEVE KING\Desktop\hamster dance.mp3
[2009/03/05 18:37:04 | 00,241,664 | ---- | C] () -- C:\Documents and Settings\STEVE KING\Desktop\Steve King Bio.ppt
[2009/01/10 10:51:57 | 00,000,061 | ---- | C] () -- C:\WINDOWS\ka.ini
[2008/10/31 13:49:16 | 00,000,067 | ---- | C] () -- C:\WINDOWS\Easy DVD Creator.INI
[2008/07/26 19:43:42 | 00,323,584 | ---- | C] () -- C:\WINDOWS\System32\FoxImager.dll
[2008/04/04 15:49:04 | 01,282,048 | ---- | C] () -- C:\WINDOWS\System32\SaiC8000.Dll
[2008/04/04 15:49:04 | 00,008,704 | ---- | C] () -- C:\WINDOWS\System32\SaiC8000_0C.dll
[2008/04/04 15:49:04 | 00,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiC8000_10.dll
[2008/04/04 15:49:04 | 00,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiC8000_0A.dll
[2008/04/04 15:49:04 | 00,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiC8000_07.dll
[2008/04/04 15:49:04 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\SaiC8000_09.dll
[2008/04/04 15:49:04 | 00,007,168 | ---- | C] () -- C:\WINDOWS\System32\SaiC8000_0402.dll
[2008/04/04 15:49:04 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\SaiC8000_11.dll
[2008/03/19 22:53:37 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2008/03/19 22:53:35 | 00,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2008/03/19 22:52:50 | 00,037,727 | ---- | C] () -- C:\WINDOWS\System32\Emu10kx.ini
[2008/03/19 22:52:50 | 00,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2008/03/19 22:52:47 | 00,000,180 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2008/03/19 22:52:46 | 00,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2008/03/18 16:00:54 | 00,215,144 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2008/03/04 12:02:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/03/04 12:02:00 | 01,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/03/04 12:02:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/03/04 12:02:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/03/04 12:02:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/10/03 19:07:06 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2007/09/24 14:47:12 | 00,000,031 | -H-- | C] () -- C:\WINDOWS\uccspecc.sys
[2007/08/08 19:26:45 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/08/02 13:13:44 | 00,000,277 | ---- | C] () -- C:\WINDOWS\DcmLtbox.ini
[2007/07/07 00:40:40 | 00,139,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/07/06 18:16:43 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/07/06 18:07:55 | 00,000,020 | ---- | C] () -- C:\WINDOWS\Hposcv07.INI
[2007/07/06 16:41:51 | 00,004,870 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2007/07/06 16:41:50 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007/07/06 15:53:05 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/07/06 15:53:05 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/07/05 14:38:13 | 00,000,000 | ---- | C] () -- C:\WINDOWS\control.ini
[2007/07/05 14:33:37 | 00,000,002 | ---- | C] () -- C:\WINDOWS\System32\desktop.ini
[2007/07/05 14:33:37 | 00,000,002 | ---- | C] () -- C:\WINDOWS\desktop.ini
[2007/07/05 14:31:12 | 00,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini
[2007/07/05 14:31:12 | 00,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini
[2007/07/05 14:29:24 | 00,013,223 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini
[2007/07/05 14:29:20 | 00,001,931 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini
[2007/07/05 11:14:13 | 00,522,706 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2007/07/05 11:14:11 | 00,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/07/02 14:41:13 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/07/02 14:36:50 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/04/20 07:57:30 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007/04/20 07:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007/04/20 07:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007/04/20 07:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007/04/20 07:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007/04/20 07:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007/04/20 07:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007/04/20 07:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007/04/20 07:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007/03/05 13:34:28 | 00,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2004/08/04 02:56:44 | 00,270,848 | ---- | C] () -- C:\WINDOWS\System32\sbe.dll
[2004/08/04 02:56:42 | 00,186,880 | ---- | C] () -- C:\WINDOWS\System32\encdec.dll
[2001/08/23 07:00:00 | 01,288,192 | ---- | C] () -- C:\WINDOWS\System32\quartz.dll
[2001/08/23 07:00:00 | 01,015,477 | ---- | C] () -- C:\WINDOWS\System32\esentprf.ini
[2001/08/23 07:00:00 | 00,733,696 | ---- | C] () -- C:\WINDOWS\System32\qedwipes.dll
[2001/08/23 07:00:00 | 00,562,176 | ---- | C] () -- C:\WINDOWS\System32\qedit.dll
[2001/08/23 07:00:00 | 00,498,742 | ---- | C] () -- C:\WINDOWS\System32\dxmasf.dll
[2001/08/23 07:00:00 | 00,386,048 | ---- | C] () -- C:\WINDOWS\System32\qdvd.dll
[2001/08/23 07:00:00 | 00,355,112 | ---- | C] () -- C:\WINDOWS\System32\msjetoledb40.dll
[2001/08/23 07:00:00 | 00,279,040 | ---- | C] () -- C:\WINDOWS\System32\qdv.dll
[2001/08/23 07:00:00 | 00,252,928 | ---- | C] () -- C:\WINDOWS\System32\compatui.dll
[2001/08/23 07:00:00 | 00,199,168 | ---- | C] () -- C:\WINDOWS\System32\ir32_32.dll
[2001/08/23 07:00:00 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\qcap.dll
[2001/08/23 07:00:00 | 00,094,282 | ---- | C] () -- C:\WINDOWS\System32\msencode.dll
[2001/08/23 07:00:00 | 00,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream.dll
[2001/08/23 07:00:00 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\devenum.dll
[2001/08/23 07:00:00 | 00,053,478 | ---- | C] () -- C:\WINDOWS\System32\tcpmon.ini
[2001/08/23 07:00:00 | 00,042,809 | ---- | C] () -- C:\WINDOWS\System32\key01.sys
[2001/08/23 07:00:00 | 00,042,537 | ---- | C] () -- C:\WINDOWS\System32\keyboard.sys
[2001/08/23 07:00:00 | 00,035,648 | ---- | C] () -- C:\WINDOWS\System32\ntio411.sys
[2001/08/23 07:00:00 | 00,035,424 | ---- | C] () -- C:\WINDOWS\System32\ntio412.sys
[2001/08/23 07:00:00 | 00,035,328 | ---- | C] () -- C:\WINDOWS\System32\mciqtz32.dll
[2001/08/23 07:00:00 | 00,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio804.sys
[2001/08/23 07:00:00 | 00,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio404.sys
[2001/08/23 07:00:00 | 00,033,840 | ---- | C] () -- C:\WINDOWS\System32\ntio.sys
[2001/08/23 07:00:00 | 00,029,370 | ---- | C] () -- C:\WINDOWS\System32\ntdos411.sys
[2001/08/23 07:00:00 | 00,029,274 | ---- | C] () -- C:\WINDOWS\System32\ntdos412.sys
[2001/08/23 07:00:00 | 00,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos804.sys
[2001/08/23 07:00:00 | 00,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos404.sys
[2001/08/23 07:00:00 | 00,027,866 | ---- | C] () -- C:\WINDOWS\System32\ntdos.sys
[2001/08/23 07:00:00 | 00,027,097 | ---- | C] () -- C:\WINDOWS\System32\country.sys
[2001/08/23 07:00:00 | 00,015,360 | ---- | C] () -- C:\WINDOWS\System32\tsd32.dll
[2001/08/23 07:00:00 | 00,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo.dll
[2001/08/23 07:00:00 | 00,013,312 | ---- | C] () -- C:\WINDOWS\System32\win87em.dll
[2001/08/23 07:00:00 | 00,012,082 | ---- | C] () -- C:\WINDOWS\System32\rsvp.ini
[2001/08/23 07:00:00 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\scriptpw.dll
[2001/08/23 07:00:00 | 00,010,110 | ---- | C] () -- C:\WINDOWS\System32\mqperf.ini
[2001/08/23 07:00:00 | 00,009,029 | ---- | C] () -- C:\WINDOWS\System32\ansi.sys
[2001/08/23 07:00:00 | 00,006,877 | ---- | C] () -- C:\WINDOWS\System32\pschdprf.ini
[2001/08/23 07:00:00 | 00,004,768 | ---- | C] () -- C:\WINDOWS\System32\himem.sys
[2001/08/23 07:00:00 | 00,004,126 | ---- | C] () -- C:\WINDOWS\System32\msdxmlc.dll
[2001/08/23 07:00:00 | 00,003,458 | ---- | C] () -- C:\WINDOWS\System32\rasctrs.ini
[2001/08/23 07:00:00 | 00,002,891 | ---- | C] () -- C:\WINDOWS\System32\perfci.ini
[2001/08/23 07:00:00 | 00,002,732 | ---- | C] () -- C:\WINDOWS\System32\perfwci.ini
[2001/08/23 07:00:00 | 00,002,656 | ---- | C] () -- C:\WINDOWS\System32\netware.drv
[2001/08/23 07:00:00 | 00,001,405 | ---- | C] () -- C:\WINDOWS\msdfmap.ini
[2001/08/23 07:00:00 | 00,001,152 | ---- | C] () -- C:\WINDOWS\System32\perffilt.ini
[2001/08/23 07:00:00 | 00,000,793 | ---- | C] () -- C:\WINDOWS\win.ini
[2001/08/23 07:00:00 | 00,000,343 | ---- | C] () -- C:\WINDOWS\System32\prodspec.ini
[2001/08/23 07:00:00 | 00,000,243 | ---- | C] () -- C:\WINDOWS\system.ini
[2001/08/17 17:36:28 | 00,157,696 | ---- | C] () -- C:\WINDOWS\System32\paqsp.dll
[1996/04/03 14:33:26 | 00,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[9 C:\WINDOWS\*.tmp files]
[2009/04/04 11:12:57 | 00,000,655 | ---- | M] () -- C:\Documents and Settings\STEVE KING\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/04/04 11:12:36 | 00,000,511 | ---- | M] () -- C:\Documents and Settings\STEVE KING\Desktop\NTREGOPT.lnk
[2009/04/04 11:12:36 | 00,000,498 | ---- | M] () -- C:\Documents and Settings\STEVE KING\Desktop\ERUNT.lnk
[2009/04/04 11:12:21 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\STEVE KING\Desktop\erunt_setup.exe
[2009/04/04 11:09:52 | 00,499,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\STEVE KING\Desktop\OTListIt2.exe
[2009/04/04 11:09:39 | 00,267,612 | ---- | M] () -- C:\Documents and Settings\STEVE KING\Desktop\Rooter.exe
[2009/04/04 11:07:25 | 00,009,334 | ---- | M] () -- C:\Documents and Settings\STEVE KING\Desktop\SysRestorePoint_v13.zip
[2009/04/04 10:43:19 | 00,906,914 | ---- | M] () -- C:\Documents and Settings\STEVE KING\My Documents\cc_20090404_104241.reg
[2009/04/04 10:39:39 | 00,000,654 | ---- | M] () -- C:\Documents and Settings\STEVE KING\Desktop\CCleaner.lnk
[2009/04/04 10:31:38 | 00,000,808 | ---- | M] () -- C:\Documents and Settings\STEVE KING\Desktop\HijackThis.lnk
[2009/04/04 10:27:47 | 03,171,208 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\STEVE KING\Desktop\ccsetup216.exe
[2009/04/04 10:26:13 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\STEVE KING\Desktop\HJTInstall.exe
[2009/04/04 10:24:19 | 00,092,672 | ---- | M] (Option^Explicit Software [email protected]) -- C:\Documents and Settings\STEVE KING\Desktop\KillBox.exe
[2009/04/04 10:23:22 | 00,000,432 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D8980406-B752-4EEF-B43E-537F29507D3C}.job
[2009/04/04 10:08:33 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/04/04 10:07:37 | 13,480,872 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\STEVE KING\Desktop\mpas-fe.exe
[2009/04/04 10:05:10 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/04 09:59:19 | 00,304,968 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/04/04 09:00:47 | 00,044,440 | ---- | M] () -- C:\Documents and Settings\STEVE KING\Application Data\wklnhst.dat
[2009/04/04 08:24:38 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\STEVE KING\My Documents\The Guide to Computer Skills Tests in the Hiring Process.doc
[2009/04/04 07:57:25 | 03,373,917 | ---- | M] () -- C:\WINDOWS\{00000000-00000000-0000000C-00001102-00000002-80271102}.CDF
[2009/04/04 07:57:21 | 00,195,534 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/04/04 07:56:38 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/04 07:56:35 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/04 02:51:13 | 00,024,264 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000000-00000000-0000000C-00001102-00000002-80271102}.rfx
[2009/04/04 02:51:13 | 00,024,264 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000000-00000000-0000000C-00001102-00000002-80271102}.rfx
[2009/04/04 02:51:13 | 00,016,324 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000000-00000000-0000000C-00001102-00000002-80271102}.rfx
[2009/04/04 02:51:13 | 00,016,324 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000000-00000000-0000000C-00001102-00000002-80271102}.rfx
[2009/04/04 02:51:13 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2009/04/04 02:51:13 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2009/04/04 02:51:13 | 00,000,024 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000000-00000000-0000000C-00001102-00000002-80271102}.dat
[2009/04/04 02:51:13 | 00,000,024 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000000-00000000-0000000C-00001102-00000002-80271102}.dat
[2009/04/04 01:26:20 | 00,189,496 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2009/04/04 01:26:20 | 00,189,496 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2009/04/03 23:43:46 | 00,139,984 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/04/03 20:29:33 | 00,035,840 | ---- | M] () -- C:\Documents and Settings\STEVE KING\My Documents\The Guide to Psychologist Licensure Tests.doc
[2009/04/03 14:45:08 | 00,034,304 | ---- | M] () -- C:\Documents and Settings\STEVE KING\My Documents\The Guide to Psychiatry Exams.doc
[2009/04/03 14:43:45 | 00,034,304 | ---- | M] () -- C:\Documents and Settings\STEVE KING\My Documents\The Guide to Psychiatry Certification Exams.doc
[2009/04/03 11:10:42 | 00,041,984 | ---- | M] () -- C:\Documents and Settings\STEVE KING\My Documents\The Guide to the National Physical Therapy Examination.doc
[2009/04/02 17:14:29 | 00,001,766 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2009/04/02 17:14:29 | 00,001,749 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 7.0.lnk
[2009/04/02 11:07:32 | 00,038,912 | ---- | M] () -- C:\Documents and Settings\STEVE KING\My Documents\GuidetoCarbonMonoxideTests.doc
[2009/04/02 11:06:09 | 00,038,912 | ---- | M] () -- C:\Documents and Settings\STEVE KING\My Documents\Carbon Monoxide.doc
[2009/03/30 20:26:10 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/03/30 19:42:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/03/27 18:45:13 | 00,001,815 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ben 10 Bounty Hunters.lnk
[2009/03/26 19:01:54 | 00,000,641 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play Crayon Physics Deluxe.lnk
[2009/03/23 20:17:31 | 00,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/03/22 11:40:41 | 00,001,749 | ---- | M] () -- C:\Documents and Settings\STEVE KING\Desktop\JS World 2nd Grade.lnk
[2009/03/22 01:42:59 | 00,000,560 | ---- | M] () -- C:\Documents and Settings\STEVE KING\Desktop\SpywareBlaster.lnk
[2009/03/22 00:57:59 | 00,000,562 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/21 23:53:45 | 00,000,721 | ---- | M] () -- C:\Documents and Settings\STEVE KING\Desktop\Call of Duty® - World at War™ Multiplayer.lnk
[2009/03/21 23:50:59 | 00,000,793 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/03/21 23:50:59 | 00,000,243 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/03/21 23:50:59 | 00,000,222 | RHS- | M] () -- C:\boot.ini
[2009/03/21 23:19:34 | 00,303,778 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090404-095919.backup
[2009/03/21 20:23:51 | 00,000,876 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/03/21 12:58:17 | 00,303,778 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090321-231934.backup
[2009/03/13 10:42:40 | 00,303,526 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090321-125817.backup
[2009/03/13 10:37:30 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\STEVE KING\Desktop\setup-spybotsd162.exe
[2009/03/12 15:28:21 | 00,106,496 | ---- | M] () -- C:\Documents and Settings\STEVE KING\Desktop\Special Payroll Request Form 3-17-09.doc
[2009/03/12 15:23:01 | 00,111,616 | ---- | M] () -- C:\Documents and Settings\STEVE KING\Desktop\Special Payroll Request Form.doc
[2009/03/11 03:06:57 | 00,239,144 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/10 22:18:20 | 01,482,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\LegitCheckControl.dll
[2009/03/10 22:18:14 | 00,934,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WgaTray.exe
[2009/03/10 22:18:14 | 00,934,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\WgaTray.exe
[2009/03/10 22:18:00 | 00,239,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WgaLogon.dll
[2009/03/10 22:18:00 | 00,239,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wgaLogon.dll
[2009/03/09 18:20:38 | 00,061,440 | -HS- | M] () -- C:\Documents and Settings\STEVE KING\Desktop\Thumbs.db
[2009/03/09 18:20:29 | 00,004,916 | ---- | M] () -- C:\Documents and Settings\STEVE KING\Desktop\jeep6oq.jpg
[2009/03/09 14:06:57 | 00,015,688 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/03/09 14:06:56 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/03/08 08:45:04 | 00,522,706 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/08 08:45:04 | 00,441,624 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/08 08:45:04 | 00,071,308 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/07 15:57:27 | 01,709,453 | ---- | M] () -- C:\Documents and Settings\STEVE KING\Desktop\hamster dance.mp3
[2009/03/05 18:37:04 | 00,241,664 | ---- | M] () -- C:\Documents and Settings\STEVE KING\Desktop\Steve King Bio.ppt

========== Alternate Data Streams ==========

@Alternate Data Stream - 304 bytes -> C:\Documents and Settings\STEVE KING\Desktop\jeepavatar.jpg:SummaryInformation
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >
Microsoft Windows XP Professional (5.1.2600) Service Pack 3

A:\ [Removable] (Total:0 Mo/Free:0 Mo)
C:\ [Fixed] - NTFS - (Total:18810 Mo/Free:1576 Mo)
D:\ [CD-Rom] (Total:7120 Mo/Free:0 Mo)
E:\ [Fixed] - NTFS - (Total:20002 Mo/Free:1695 Mo)
F:\ [Fixed] - FAT32 - (Total:305160 Mo/Free:3968 Mo)
G:\ [Fixed] - NTFS - (Total:94468 Mo/Free:3406 Mo)
H:\ [Fixed] - NTFS - (Total:124276 Mo/Free:2266 Mo)

Sat 04/04/2009|15:20

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Windows Defender\MsMpEng.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
---------- C:\Program Files\Alwil Software\Avast4\ashServ.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
---------- C:\Program Files\Bonjour\mDNSResponder.exe
---------- C:\Program Files\Java\jre6\bin\jqs.exe
---------- C:\WINDOWS\system32\nvsvc32.exe
---------- C:\WINDOWS\system32\PnkBstrA.exe
---------- C:\WINDOWS\system32\PnkBstrB.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
---------- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
---------- C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
---------- C:\Program Files\Java\jre6\bin\jusched.exe
---------- H:\Program Files\Razer\Copperhead\razerhid.exe
---------- H:\Program Files\RivaTuner v2.08\RivaTuner.exe
---------- C:\WINDOWS\system32\CTHELPER.EXE
---------- C:\WINDOWS\system32\RUNDLL32.EXE
---------- H:\Program Files\QuickTime\QTTask.exe
---------- C:\Program Files\iTunes\iTunesHelper.exe
---------- C:\Program Files\Windows Defender\MSASCui.exe
---------- H:\Program Files\Razer\Copperhead\razertra.exe
---------- H:\Program Files\Razer\Copperhead\razerofa.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\Program Files\iPod\bin\iPodService.exe
---------- C:\Program Files\Internet Explorer\IEXPLORE.EXE
---------- C:\WINDOWS\explorer.exe
---------- C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!

1 - "C:\Rooter$\Rooter_1.txt" - Sat 04/04/2009|15:20

----------------------\\ Scan completed at 15:20

ComboFix 09-04-04.01 - STEVE KING 2009-04-04 15:27:05.1 - NTFSx86
Running from: c:\documents and settings\STEVE KING\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090401-0] *On-access scanning disabled* (Updated)
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\h288.exe
c:\windows\hhoiuo.wil

.
((((((((((((((((((((((((( Files Created from 2009-03-04 to 2009-04-04 )))))))))))))))))))))))))))))))
.

2009-04-04 15:11 . 2008-06-19 16:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2009-04-04 15:10 . 2009-04-04 15:10 <DIR> d-------- c:\program files\Panda Security
2009-04-04 14:31 . 2009-03-26 16:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-04 14:31 . 2009-03-26 16:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-04-04 14:22 . 2009-04-04 15:31 3,373,917 --a------ c:\windows\{00000000-00000000-0000000C-00001102-00000002-80271102}.BAK
2009-04-04 11:09 . 2009-04-04 15:20 <DIR> d-------- C:\Rooter$
2009-04-04 10:39 . 2009-04-04 14:19 <DIR> d-------- c:\program files\Yahoo!
2009-04-04 10:39 . 2009-04-04 10:39 <DIR> d-------- c:\documents and settings\STEVE KING\Application Data\Yahoo!
2009-04-04 10:05 . 2009-04-04 10:05 <DIR> d-------- c:\program files\Windows Defender
2009-03-27 18:45 . 2009-03-27 18:45 <DIR> d-------- c:\program files\Cartoon Network
2009-03-23 20:17 . 2009-03-23 20:17 <DIR> d-------- c:\program files\iTunes
2009-03-23 20:17 . 2009-03-23 20:17 <DIR> d-------- c:\program files\iPod
2009-03-23 20:17 . 2009-03-23 20:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-23 20:16 . 2009-03-23 20:16 <DIR> d-------- c:\program files\Bonjour
2009-03-22 10:33 . 2009-03-22 10:33 <DIR> d-------- c:\documents and settings\NetworkService\Application Data\Share-to-Web Upload Folder
2009-03-22 01:47 . 2009-04-04 10:16 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-03-22 01:15 . 2009-03-22 01:18 <DIR> d-------- c:\program files\Windows Live Safety Center
2009-03-22 00:58 . 2009-03-22 00:58 <DIR> d-------- c:\documents and settings\STEVE KING\Application Data\Malwarebytes
2009-03-22 00:57 . 2009-03-22 00:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-21 23:16 . 2009-03-21 23:16 <DIR> d-------- c:\documents and settings\Administrator
2009-03-21 20:35 . 2009-03-09 14:06 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-03-21 20:32 . 2009-03-21 20:32 <DIR> d-------- c:\documents and settings\LocalService\Application Data\Share-to-Web Upload Folder
2009-03-21 20:25 . 2009-03-09 14:06 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-03-21 20:23 . 2009-03-21 20:23 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-03-21 12:52 . 2008-04-13 19:12 578,560 --a------ c:\windows\system32\kgbdwh
2009-03-15 12:47 . 2009-03-26 20:35 <DIR> d-------- c:\documents and settings\STEVE KING\Application Data\Crayon Physics Deluxe
2009-03-15 11:36 . 2009-03-15 11:36 <DIR> d-------- c:\documents and settings\STEVE KING\Application Data\Share-to-Web Upload Folder

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-04 15:41 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-04 14:00 44,440 ----a-w c:\documents and settings\STEVE KING\Application Data\wklnhst.dat
2009-04-04 04:43 139,984 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-04-01 23:40 --------- d-----w c:\program files\Western Digital
2009-03-24 01:17 --------- d-----w c:\program files\Common Files\Apple
2009-03-22 15:20 --------- d-----w c:\program files\Google
2009-03-22 15:01 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-03-22 14:56 --------- d-----w c:\program files\Common Files\Real
2009-03-22 01:23 --------- d-----w c:\program files\Lavasoft
2009-03-21 17:55 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-07 06:11 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-26 12:57 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-26 00:19 --------- d-----w c:\documents and settings\STEVE KING\Application Data\gtk-2.0
2009-02-19 23:29 --------- d-----w c:\program files\SystemRequirementsLab
2008-12-10 14:51 64,128 -c--a-w c:\documents and settings\STEVE KING\Application Data\GDIPFONTCACHEV1.DAT
2008-11-11 21:57 22,328 -c--a-w c:\documents and settings\STEVE KING\Application Data\PnkBstrK.sys
2007-08-08 00:53 774,144 -c----w c:\program files\RngInterstitial.dll
2001-08-23 12:00 94,784 -csha-w c:\windows\twain.dll
2008-04-14 00:12 50,688 -csha-w c:\windows\twain_32.dll
2008-04-14 00:11 1,028,096 --sha-w c:\windows\system32\mfc42.dll
2008-04-14 00:12 57,344 --sha-w c:\windows\system32\msvcirt.dll
2008-04-14 00:12 413,696 --sha-w c:\windows\system32\msvcp60.dll
2008-04-14 00:12 343,040 --sha-w c:\windows\system32\msvcrt.dll
2008-04-14 00:12 551,936 --sha-w c:\windows\system32\oleaut32.dll
2008-04-14 00:12 84,992 --sha-w c:\windows\system32\olepro32.dll
2008-04-14 00:12 11,776 --sha-w c:\windows\system32\regsvr32.exe
2008-08-24 04:17 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082320080824\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="h:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-07 50688]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-24 136600]
"Copperhead"="h:\program files\Razer\Copperhead\razerhid.exe" [2005-11-25 155648]
"RivaTuner"="h:\program files\RivaTuner v2.08\RivaTuner.exe" [2008-03-10 2691072]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-09 515416]
"QuickTime Task"="h:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 c:\windows\system32\CTHELPER.EXE]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]

c:\documents and settings\STEVE KING\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - h:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2009-03-12 20:56 342312 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2009-01-05 16:18 413696 h:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
-----c--- 2001-07-03 09:11 57344 c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
--------- 2009-03-05 16:07 2260480 h:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mnmsrvc"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"aawservice"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Jet Detection"="h:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe"
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"QuickTime Task"="h:\program files\QuickTime\QTTask.exe" -atboottime
"UpdReg"=c:\windows\UpdReg.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"h:\\Program Files\\itunes\\iTunes.exe"=
"h:\\Program Files\\Exe\\Loco.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"h:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"h:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"h:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"h:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Cartoon Network\\Ben 10 Bounty Hunters\\RT_Multiplayer.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-03-21 64160]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-04-04 28544]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-05 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-04-05 20560]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 SaiH8000;SaiH8000;c:\windows\system32\drivers\SaiH8000.sys [2004-07-30 136832]
R3 UsbFltr;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [2005-11-02 11596]
S2 ati64si;ati64si;\??\c:\windows\system32\drivers\ati64si.sys --> c:\windows\system32\drivers\ati64si.sys [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 951632]
S2 ws2_32sik;ws2_32sik;\??\c:\windows\system32\drivers\ws2_32sik.sys --> c:\windows\system32\drivers\ws2_32sik.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - PAVBOOT
.
Contents of the 'Scheduled Tasks' folder

2009-03-31 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 14:06]

2009-03-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-04-04 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

2009-04-04 c:\windows\Tasks\User_Feed_Synchronization-{D8980406-B752-4EEF-B43E-537F29507D3C}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:58]
.
- - - - ORPHANS REMOVED - - - -

HKCU-RunOnce-Shockwave Updater - c:\windows\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)
MSConfigStartUp-SkyTel - SkyTel.EXE

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.cd1059.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
Trusted Zone: runaware.com\www
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxp://t1.battlefield-heroes.com/patcher/BFHUpdater.cab
DPF: {B030900C-746A-47BF-8B1D-EA3FB3395563} - hxxps://fastconnect.cox.net/cd20/CoxFastConnect20.ocx
FF - ProfilePath - c:\documents and settings\STEVE KING\Application Data\Mozilla\Firefox\Profiles\zifa39v4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.cd1059.com
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Virtools\3D Life Player\npvirtools.dll
FF - plugin: h:\program files\QuickTime\Plugins\npqtplugin.dll
FF - plugin: h:\program files\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: h:\program files\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: h:\program files\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: h:\program files\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: h:\program files\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: h:\program files\QuickTime\Plugins\npqtplugin7.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-04 15:31:59
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1844237615-1993962763-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:a3,d2,5d,2a,d7,13,a8,05,1b,34,b6,e8,c6,47,e4,b6,68,a6,7b,5d,2f,92,df,
d1,01,c8,88,b8,df,c9,fa,2b,4e,7f,82,02,0e,cc,cd,6a,02,94,55,31,12,39,9f,62,\
"??"=hex:9d,6d,62,c7,7e,94,d3,01,62,72,da,46,cb,d1,2f,38

[HKEY_USERS\S-1-5-21-1844237615-1993962763-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:42,2f,d0,fc,9e,eb,02,73,84,9e,3e,d7,b7,b4,3c,c4,9f,cf,71,f0,88,
88,8b,73,1e,be,05,6a,4e,63,92,75,4b,37,a6,bd,4a,61,30,96,6a,01,32,aa,62,2c,\
"rkeysecu"=hex:25,d8,56,88,a3,31,16,28,62,57,bd,2c,aa,c4,eb,85
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\rundll32.exe
h:\program files\razer\Copperhead\razertra.exe
h:\program files\razer\Copperhead\razerofa.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-04-04 15:33:57 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-04 20:33:54

Pre-Run: 1,574,244,352 bytes free
Post-Run: 1,517,404,160 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn /noguiboot

233 --- E O F --- 2009-03-26 08:00:28

Edited by Mr. King, 04 April 2009 - 02:35 PM.

#1
Mr. King

Posted 04 April 2009 - 09:57 AM

Advertisements

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us