[AtomicSG]

whatever has it claws into my system seems to be hiding itself fairly well. I have taken the precaution to disconnect it from the net until it is fixed and am posting this with a laptop. I've spent at least 3 days running every scan I can think of with Windows Defender, Microsoft Security Essentials, Avast Anti-virus, Spybot S&D, and MalwareBytes and have yet to find and clean it apparently.

Noticed it while running a google search. It will redirect me when I click a link to one of several fake search engines. Examples include "allthebrands.com" and "asklots.com". It doesn't do it every time but if I click, say, a link to go to wikipedia, 20 times, it will redirect me to one of these bogus sites 2 or 3 out of the 20.

Can anyone help please? I really dont want to go through the hassle of a format but if I cant fix it soon I don't see another choice. I'm not going to keep running a system that I know is infected.

[Advertisements]

My name is SweetTech. I would be glad to take a look at your log and help you with solving any malware problems. I'd be grateful if you would note the following:

• Logs from malware removal programs (DDS is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
• Please make sure to carefully read any instruction that I give you.
  Reading too lightly will cause you to miss important steps, which could have destructive effects.
• If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
• These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issues are fairly similar.
• Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
• If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
• Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
• I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together
  Because of this, you must reply within three days failure to reply will result in the topic being closed!
• Please do not PM me directly for help. If you have any questions, post them in this topic. The only time you can and should PM me is when I have not been replying to you for several days (usually around 4 days) and you need an explanation. If that's the case, just send me a message on here.
• Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
  Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________


OTL Custom Scan

• Download OTL to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Check the boxes beside LOP Check and Purity Check.
• Under Custom Scan paste this in
  

  
  netsvcs
  %SYSTEMDRIVE%\*.*
  %systemroot%\*. /mp /s
  CREATERESTOREPOINT
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\System32\config\*.sav
  %systemroot%\system32\drivers\*.sys /180
  

• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
• You may need two posts to fit them both in.

NEXT:



Scanning with GMER

Please download GMER from one of the following locations and save it to your desktop:

• Main Mirror
  This version will download a randomly named file (Recommended)
• Zipped Mirror
  This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

• Disconnect from the Internet and close all running programs.
• Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
• Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
• Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
  
  
  
• GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
• If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
• Now click the Scan button. If you see a rootkit warning window, click OK.
• When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
• Click the Copy button and paste the results into your next reply.
• Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning.



NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. The logs that were produced after running the OTL scans. (OTL.txt & Extras.txt)
3. The log that was produced after running GMER
4. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

[SweetTech]

My name is SweetTech. I would be glad to take a look at your log and help you with solving any malware problems. I'd be grateful if you would note the following:

• Logs from malware removal programs (DDS is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
• Please make sure to carefully read any instruction that I give you.
  Reading too lightly will cause you to miss important steps, which could have destructive effects.
• If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
• These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issues are fairly similar.
• Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
• If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
• Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
• I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together
  Because of this, you must reply within three days failure to reply will result in the topic being closed!
• Please do not PM me directly for help. If you have any questions, post them in this topic. The only time you can and should PM me is when I have not been replying to you for several days (usually around 4 days) and you need an explanation. If that's the case, just send me a message on here.
• Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
  Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________


OTL Custom Scan

• Download OTL to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Check the boxes beside LOP Check and Purity Check.
• Under Custom Scan paste this in
  

  
  netsvcs
  %SYSTEMDRIVE%\*.*
  %systemroot%\*. /mp /s
  CREATERESTOREPOINT
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\System32\config\*.sav
  %systemroot%\system32\drivers\*.sys /180
  

• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
• You may need two posts to fit them both in.

NEXT:



Scanning with GMER

Please download GMER from one of the following locations and save it to your desktop:

• Main Mirror
  This version will download a randomly named file (Recommended)
• Zipped Mirror
  This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

• Disconnect from the Internet and close all running programs.
• Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
• Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
• Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
  
  
  
• GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
• If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
• Now click the Scan button. If you see a rootkit warning window, click OK.
• When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
• Click the Copy button and paste the results into your next reply.
• Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning.



NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. The logs that were produced after running the OTL scans. (OTL.txt & Extras.txt)
3. The log that was produced after running GMER
4. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

[AtomicSG]

I had to run gmer twice as when I did it the first time with devices checked, the scan completed but locked my system up completely, even my clock was frozen, so I couldnt save the results anywhere. Ran again with devices unchecked and after the scan it was acting strange again but I was able to save the results and reboot and everything appeared to be working. Is this normal?

OTL logfile created on: 5/16/2010 10:18:54 PM - Run 5
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Mike\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 78.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 31.49 Gb Free Space | 28.17% Space Free | Partition Type: NTFS
Drive D: | 372.61 Gb Total Space | 110.35 Gb Free Space | 29.62% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: EMERALD
Current User Name: Mike
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Mike\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
PRC - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\EVGA Precision\EVGAPrecision.exe ()
PRC - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe (StarWind Software)
PRC - C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Essentials\MpCmdRun.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe (Linksys)
PRC - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe (GEMTEKS)
PRC - C:\WINDOWS\CNYHKey.exe (Chicony)
PRC - C:\WINDOWS\mHotkey.exe (Chicony)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Mike\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (WUSB54GCSVC) -- File not found
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (StarWindServiceAE) -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe (StarWind Software)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV - (npggsvc) -- C:\WINDOWS\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (Adobe Version Cue CS3) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)


========== Driver Services (SafeList) ==========

DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswMon2) -- C:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (PnkBstrK) -- C:\WINDOWS\system32\drivers\PnkBstrK.sys ()
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (MpFilter) -- C:\WINDOWS\system32\drivers\MpFilter.sys (Microsoft Corporation)
DRV - (NVHDA) -- C:\WINDOWS\system32\drivers\nvhda32.sys (NVIDIA Corporation)
DRV - (SCREAMINGBDRIVER) -- C:\WINDOWS\system32\drivers\ScreamingBAudio.sys (Screaming Bee LLC)
DRV - (WmXlCore) -- C:\WINDOWS\system32\drivers\WmXlCore.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\WINDOWS\system32\drivers\WmVirHid.sys (Logitech Inc.)
DRV - (WmFilter) -- C:\WINDOWS\system32\drivers\WmFilter.sys (Logitech Inc.)
DRV - (WmBEnum) -- C:\WINDOWS\system32\drivers\WmBEnum.sys (Logitech Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (nvsmu) -- C:\WINDOWS\system32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (NetBT) -- C:\WINDOWS\system32\drivers\netbt.sys ()
DRV - (MPE) -- C:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation)
DRV - (61883) -- C:\WINDOWS\system32\drivers\61883.sys (Microsoft Corporation)
DRV - (Avc) -- C:\WINDOWS\system32\drivers\avc.sys (Microsoft Corporation)
DRV - (MSDV) -- C:\WINDOWS\system32\drivers\msdv.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (AsIO) -- C:\WINDOWS\system32\drivers\AsIO.sys ()
DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices)
DRV - (RT73) -- C:\WINDOWS\system32\drivers\rt73.sys (Ralink Technology, Corp.)
DRV - (nvnforce) Service for NVIDIA® nForce™ -- C:\WINDOWS\system32\drivers\nvapu.sys (NVIDIA Corporation)
DRV - (nvax) Service for NVIDIA® nForce™ -- C:\WINDOWS\system32\drivers\nvax.sys (NVIDIA Corporation)
DRV - (RTCore32) -- C:\Program Files\EVGA Precision\RTCore32.sys ()
DRV - (713xTVCard) -- C:\WINDOWS\system32\drivers\SAA713x.sys (Philips Semiconductors)
DRV - (nvatabus) -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys (NVIDIA Corporation)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (FsVga) -- C:\WINDOWS\system32\drivers\fsvga.sys (Microsoft Corporation)
DRV - (FlyPCI) -- C:\WINDOWS\system32\drivers\FlyPCI.sys ()
DRV - (PhilTune) -- C:\WINDOWS\system32\drivers\PhilTune.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....ch?fr=ffsp1&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://192.168.1.1/"
FF - prefs.js..extensions.enabledItems: [email protected]:0.4.1.1
FF - prefs.js..keyword.URL: "http://search.yahoo....ch?fr=ffds1&p="


FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/03/30 04:48:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/02 19:17:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/13 16:20:01 | 000,000,000 | ---D | M]

[2008/09/02 01:50:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Mozilla\Extensions
[2010/05/16 18:26:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\tvi2y6li.default\extensions
[2010/04/27 23:12:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\tvi2y6li.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/09/15 21:41:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\tvi2y6li.default\extensions\[email protected]
[2010/05/16 18:26:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/08/30 06:28:59 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll

O1 HOSTS File: ([2010/05/16 04:01:39 | 000,395,194 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 13648 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - File not found
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ai Nap] C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe ()
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [CHotkey] C:\WINDOWS\mHotkey.exe (Chicony)
O4 - HKLM..\Run: [Cpu Level Up help] C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe ()
O4 - HKLM..\Run: [EVGAPrecision] C:\Program Files\EVGA Precision\EVGAPrecision.exe ()
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [ledpointer] C:\WINDOWS\CNYHKey.exe (Chicony)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [QFan Help] C:\Program Files\ASUS\AI Suite\QFan3\QFanHelp.exe ()
O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/22 22:35:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{c89c1ae1-e171-11dc-98e1-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{c89c1ae1-e171-11dc-98e1-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c89c1ae1-e171-11dc-98e1-806d6172696f}\Shell\AutoRun\command - "" = E:\SOLTEK.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/02/22 14:20:17 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (69256455022182400)

========== Files/Folders - Created Within 30 Days ==========

[2010/05/16 22:09:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Desktop\New Folder (2)
[2010/05/16 21:29:49 | 000,571,392 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
[2010/05/16 18:34:00 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/16 18:33:57 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/16 18:33:56 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/16 18:32:38 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Mike\IECompatCache
[2010/05/16 18:28:37 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Mike\IETldCache
[2010/05/16 18:22:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/05/16 18:19:48 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/05/15 19:42:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\Sun
[2010/05/15 16:06:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/05/05 21:04:17 | 000,000,000 | ---D | C] -- C:\Program Files\StarCraft II Beta
[2010/05/05 21:04:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\My Documents\StarCraft II Beta
[2010/05/05 21:04:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Local Settings\Application Data\Blizzard Entertainment
[2010/05/05 21:04:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment
[2010/05/05 10:51:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/05/05 10:05:34 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/05/04 18:36:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/05/04 18:02:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2010/05/04 15:30:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/05/04 15:30:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/05/03 00:15:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Blizzard
[2010/05/02 23:14:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment
[2010/04/18 16:24:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\NeroDCTemplates
[2010/04/18 16:17:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\My Documents\Nero
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/16 22:21:31 | 000,521,942 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/16 22:21:31 | 000,441,454 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/16 22:21:31 | 000,071,264 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/16 22:17:46 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/16 22:16:45 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/16 22:16:36 | 000,271,490 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/05/16 22:16:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/16 22:15:12 | 015,204,352 | ---- | M] () -- C:\Documents and Settings\Mike\NTUSER.DAT
[2010/05/16 22:14:44 | 003,172,094 | -H-- | M] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\IconCache.db
[2010/05/16 21:27:28 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/05/16 20:55:52 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
[2010/05/16 18:22:13 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/16 17:32:59 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/05/16 04:01:39 | 000,395,194 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/05/16 03:47:25 | 000,232,960 | ---- | M] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/15 16:07:32 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/05/14 18:49:00 | 000,378,487 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100516-040139.backup
[2010/05/14 17:44:24 | 000,000,163 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\this.html
[2010/05/07 22:04:01 | 000,070,144 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\New Microsoft Word Document (2).doc
[2010/05/06 16:59:57 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/05/06 16:59:36 | 000,165,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/05/06 16:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/05/06 16:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/05/06 16:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/05/06 16:33:59 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/05/06 16:33:55 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/05/06 16:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/05/06 16:33:29 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/05/06 10:36:38 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/05/06 00:09:02 | 000,000,233 | ---- | M] () -- C:\WINDOWS\ACTIVEJP.INI
[2010/05/05 16:56:54 | 000,281,797 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\fw9.pdf
[2010/05/04 17:24:48 | 000,000,223 | RHS- | M] () -- C:\boot.ini
[2010/05/04 17:24:47 | 000,000,507 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/04 17:24:47 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/24 12:55:04 | 000,000,964 | ---- | M] () -- C:\Documents and Settings\Mike\Adobe Encore_AME.pref
[2010/04/18 16:10:30 | 000,003,677 | ---- | M] () -- C:\Documents and Settings\Mike\My Documents\ax_files.xml
[2010/04/18 15:39:43 | 000,691,696 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/04/18 14:27:59 | 000,000,219 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.tgz
[2010/04/18 14:27:59 | 000,000,205 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.dll
[2010/04/18 14:27:59 | 000,000,087 | ---- | M] () -- C:\WINDOWS\System32\ssprs.tgz
[2010/04/18 14:27:59 | 000,000,073 | ---- | M] () -- C:\WINDOWS\System32\ssprs.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/14 17:38:58 | 000,000,163 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\this.html
[2010/05/06 21:20:53 | 000,281,797 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\fw9.pdf
[2010/05/06 21:20:53 | 000,070,144 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\New Microsoft Word Document (2).doc
[2010/05/05 10:57:04 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/04/18 15:59:39 | 000,003,677 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\ax_files.xml
[2010/03/19 01:46:21 | 000,004,134 | ---- | C] () -- C:\WINDOWS\System32\drivers\FlyPCI.sys
[2010/02/25 00:37:04 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/01/26 21:46:46 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/09/09 16:02:38 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2009/09/09 16:02:38 | 000,012,400 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2009/09/09 16:02:35 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2009/09/09 16:02:35 | 000,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2009/09/04 05:28:17 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009/09/04 05:27:50 | 000,029,681 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/09/04 05:27:49 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/10/02 04:14:25 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2008/08/24 15:26:45 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2008/08/24 15:26:45 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2008/08/24 15:26:45 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2008/08/24 15:26:45 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2008/08/24 15:26:45 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2008/06/01 00:19:53 | 000,138,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/04/14 04:11:08 | 000,000,233 | ---- | C] () -- C:\WINDOWS\ACTIVEJP.INI
[2008/02/26 05:19:01 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/02/26 05:19:01 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/02/24 06:18:04 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/02/23 17:39:06 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/02/23 12:18:23 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/02/23 04:56:53 | 000,000,360 | ---- | C] () -- C:\WINDOWS\CNYHKey.ini
[2008/02/23 04:56:52 | 000,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2008/02/23 04:56:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\CNYUSB.dll
[2008/02/23 04:56:52 | 000,011,776 | ---- | C] () -- C:\WINDOWS\HIDMNT.dll
[2008/02/23 04:56:52 | 000,005,120 | ---- | C] () -- C:\WINDOWS\HKCYDLL.dll
[2008/02/23 04:13:01 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2008/02/23 01:20:23 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2008/02/23 01:20:08 | 000,001,361 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2008/02/22 22:54:14 | 000,000,017 | ---- | C] () -- C:\WINDOWS\System32\auto.ini
[2003/11/08 08:00:00 | 000,162,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\netbt.sys
[2003/11/08 08:00:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\NSREG.DLL

========== LOP Check ==========

[2010/05/15 16:06:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/02/24 23:54:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2008/08/24 15:26:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Minnetonka Audio Software
[2008/10/21 16:19:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\ameCache
[2008/02/26 05:20:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\AVSMedia
[2009/09/15 21:41:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\GarageGames
[2009/10/28 14:13:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\GARMIN
[2009/06/17 04:59:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\GetRightToGo
[2010/04/01 14:48:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\RadLight Company
[2009/11/28 21:19:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Screaming Bee
[2009/07/25 11:07:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\SystemRequirementsLab
[2010/04/01 14:27:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\uTorrent
[2010/05/16 21:27:28 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/02/22 22:35:13 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/05/04 17:24:48 | 000,000,223 | RHS- | M] () -- C:\boot.ini
[2010/01/22 16:11:29 | 000,004,456 | R--- | M] () -- C:\CLDMA.LOG
[2008/02/22 22:35:13 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/02/01 22:20:47 | 000,000,000 | ---- | M] () -- C:\fftoutput.txt
[2008/10/02 04:14:28 | 000,001,090 | ---- | M] () -- C:\INSTALL.LOG
[2008/02/22 22:35:13 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/06/18 03:35:28 | 000,004,245 | ---- | M] () -- C:\LGSInst.Log
[2008/02/22 22:35:13 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/02/22 22:44:15 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/07/16 02:15:29 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/05/16 22:16:11 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
[2010/02/08 00:30:54 | 000,071,108 | ---- | M] () -- C:\s184
[2010/02/08 00:31:34 | 000,021,614 | ---- | M] () -- C:\s184.4p
[2009/03/13 02:50:02 | 000,071,108 | ---- | M] () -- C:\s1h8
[2010/02/21 03:49:03 | 000,071,108 | ---- | M] () -- C:\s1i0
[2009/02/13 00:25:28 | 000,071,108 | ---- | M] () -- C:\s1ok
[2009/06/25 23:46:02 | 000,071,108 | ---- | M] () -- C:\s1rg
[2009/06/25 23:27:22 | 000,071,108 | ---- | M] () -- C:\s22c
[2009/11/17 16:52:25 | 000,071,108 | ---- | M] () -- C:\s2p8
[2009/06/25 23:35:40 | 000,071,108 | ---- | M] () -- C:\s35k
[2010/01/08 22:11:21 | 000,071,108 | ---- | M] () -- C:\s36g
[2010/01/08 22:11:35 | 000,000,000 | ---- | M] () -- C:\s36g.c
[2010/02/21 03:51:02 | 000,071,108 | ---- | M] () -- C:\s39s
[2010/02/08 00:31:37 | 000,071,108 | ---- | M] () -- C:\s3e8
[2009/07/28 08:57:26 | 000,071,108 | ---- | M] () -- C:\s3nk
[2009/06/25 23:16:17 | 000,071,108 | ---- | M] () -- C:\s3rs
[2009/06/25 23:17:39 | 000,071,108 | ---- | M] () -- C:\s3u8
[2009/11/17 16:48:33 | 000,071,108 | ---- | M] () -- C:\s3vc
[2010/01/08 22:11:42 | 000,071,108 | ---- | M] () -- C:\s6g
[2010/01/08 22:11:57 | 000,000,000 | ---- | M] () -- C:\s6g.4
[2009/02/13 00:18:46 | 000,071,108 | ---- | M] () -- C:\sdc
[2009/02/17 21:03:06 | 000,000,000 | ---- | M] () -- C:\SFDebug.txt
[2009/10/11 16:21:10 | 000,071,108 | ---- | M] () -- C:\sps
[2001/05/24 12:59:30 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE
[2008/02/23 04:44:02 | 000,000,146 | ---- | M] () -- C:\YServer.txt

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/02/22 14:22:32 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/02/22 14:22:32 | 000,626,688 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/02/22 14:22:32 | 000,442,368 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /180 >
[2010/05/06 16:33:29 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aavmker4.sys
[2010/05/06 16:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys
[2010/05/06 16:33:55 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswmon.sys
[2010/05/06 16:33:59 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswmon2.sys
[2010/05/06 16:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswRdr.sys
[2010/05/06 16:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswSP.sys
[2010/05/06 16:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswTdi.sys
[2010/05/05 11:04:48 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\system32\drivers\DMIO.SYS
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2009/12/02 15:23:40 | 000,149,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MpFilter.sys
[2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2010/01/12 00:03:33 | 010,276,768 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys
[2010/04/11 17:50:47 | 000,138,664 | ---- | M] () -- C:\WINDOWS\system32\drivers\PnkBstrK.sys
[2010/04/18 15:39:43 | 000,691,696 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys
[2009/12/31 12:50:03 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\srv.sys
[2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys
< End of report >


OTL Extras logfile created on: 5/16/2010 10:18:54 PM - Run 5
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Mike\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 78.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 31.49 Gb Free Space | 28.17% Space Free | Partition Type: NTFS
Drive D: | 372.61 Gb Total Space | 110.35 Gb Free Space | 29.62% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: EMERALD
Current User Name: Mike
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS3 Server
"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50900:TCP" = 50900:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50901:TCP" = 50901:TCP:*:Enabled:Adobe Version Cue CS3 Server
"6113:TCP" = 6113:TCP:*:Enabled:6113tcp
"6113:UDP" = 6113:UDP:*:Enabled:6113udp
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\NCsoft\Exteel\System\Exteel.exe" = C:\Program Files\NCSoft\Exteel\System\Exteel.exe:*:Enabled:Exteel -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\Starcraft\StarCraft.exe" = C:\Program Files\Starcraft\StarCraft.exe:*:Enabled:Starcraft -- (Blizzard Entertainment)
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" = C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server -- (Adobe Systems Incorporated)
"C:\Program Files\Warcraft III\Warcraft III.exe" = C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment)
"C:\Program Files\Warcraft III\Frozen Throne.exe" = C:\Program Files\Warcraft III\Frozen Throne.exe:*:Enabled:Warcraft III - The Frozen Throne -- (Blizzard Entertainment)
"C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe" = C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe:*:Enabled:Adobe Dreamweaver CS3 -- (Adobe Systems, Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\Program Files\Black Isle\Icewind Dale\IDMain.exe" = C:\Program Files\Black Isle\Icewind Dale\IDMain.exe:*:Enabled:Icewind Dale -- File not found
"C:\Program Files\GameSpy\Comrade\Comrade.exe" = C:\Program Files\GameSpy\Comrade\Comrade.exe:*:Enabled:Comrade -- (IGN Entertainment Inc.)
"C:\Program Files\GameSpy Arcade\Aphex.exe" = C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade -- File not found
"C:\Program Files\ZSNES\zsnesw.exe" = C:\Program Files\ZSNES\zsnesw.exe:*:Enabled:zsnesw -- ()
"C:\Documents and Settings\Mike\Desktop\stuff\epsxe\ePSXe.exe" = C:\Documents and Settings\Mike\Desktop\stuff\epsxe\ePSXe.exe:*:Disabled:ePSXe -- ()
"C:\Program Files\Electronic Arts\Battlefield 2142\FirstStrike.exe" = C:\Program Files\Electronic Arts\Battlefield 2142\FirstStrike.exe:*:Disabled:FirstStrike -- File not found
"C:\Program Files\NCsoft\Exteel\System\Exteel.exe" = C:\Program Files\NCSoft\Exteel\System\Exteel.exe:*:Enabled:Exteel -- File not found
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\iCall\iCall.exe" = C:\Program Files\iCall\iCall.exe:*:Enabled:iCall -- ()
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\Steam\steamapps\atomicsg\half-life\hl.exe" = C:\Program Files\Steam\steamapps\atomicsg\half-life\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Program Files\Steam\steamapps\atomicsg\counter-strike beta\hl.exe" = C:\Program Files\Steam\steamapps\atomicsg\counter-strike beta\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Program Files\Steam\steamapps\atomicsg\counter-strike\hl.exe" = C:\Program Files\Steam\steamapps\atomicsg\counter-strike\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Program Files\BaldursGateTutu\BGMain.exe" = C:\Program Files\BaldursGateTutu\BGMain.exe:*:Enabled:Baldur's Gate II - Shadows of Amn - Throne of Bhaal -- File not found
"C:\WINDOWS\system32\dxdiag.exe" = C:\WINDOWS\system32\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
"C:\Program Files\Black Isle\BGII - SoA\BGMain.exe" = C:\Program Files\Black Isle\BGII - SoA\BGMain.exe:*:Enabled:Baldur's Gate II - Shadows of Amn - Throne of Bhaal -- File not found
"C:\Program Files\RadLight Company\RadLight 4.0\rlkernel.exe" = C:\Program Files\RadLight Company\RadLight 4.0\rlkernel.exe:*:Disabled:Kernel Executable -- File not found
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main -- (Obsidian Entertainment, Inc.)
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD -- (Obsidian Entertainment, Inc.)
"C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater -- (Obsidian Entertainment, Inc.)
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server -- (Obsidian Entertainment, Inc.)
"C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe" = C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:*:Enabled:Battlefield 2 -- ()
"C:\Program Files\StarCraft II Beta\StarCraft II.exe" = C:\Program Files\StarCraft II Beta\StarCraft II.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{0327FA9D-975C-448C-A086-577D57BB25B8}" = Adobe Soundbooth CS3 Codecs
"{03737893-5BEE-4C78-9C58-3AE7F172BBBE}" = Garmin Communicator Plugin
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0DD2BDF7-EAC8-41F7-83ED-61A2D05C6235}" = Adobe Setup
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}" = Cool & Quiet
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server {ko_KR}
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 18
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite
"{31492759-0E89-46B5-9770-F6E5808E3017}" = xImage
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{402ED8C0-824E-48A2-AB07-C8820E9CD8E9}" = MorphVOX Junior
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}" = Adobe Encore CS3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{6054F774-FEF0-46C6-9311-EC97FC576FC5}" = USB Wireless Keyboard Driver
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7148F0A8-6813-11D6-A77B-00B0D0142160}" = Java 2 Runtime Environment, SE v1.4.2_16
"{73E81E9B-7319-43AD-B7CC-1C61405E5089}" = Adobe After Effects CS3 Template Projects & Footage
"{768F22DC-2D20-4F52-A9A1-5E231FB7F752}" = Logitech Gaming Software 5.04
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3
"{7ECEF10B-F1C2-4FD5-861F-A3FCB4653304}" = Adobe After Effects CS3 Third Party Content
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86EF9FC4-F209-4520-B7E1-C7FF0EEBDFFF}" = Adobe Audition 1.5
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{92A300C0-E97B-48CC-9702-AB1AAED167E1}" = Adobe Soundbooth CS3 Scores
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{96ABF4E1-1489-4B84-B3CB-82E010247D73}" = Adobe Creative Suite 3 Master Collection
"{995237D9-6E24-45D9-9B06-C13AA62F518B}" = Adobe Ultra CS3 - MSL Legacy Support
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}" = Adobe Soundbooth CS3
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B70CDBAC-638A-4E67-916A-DB4C6F571033}" = Nero 8 Essentials
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}" = Adobe Encore CS3 Codecs
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater
"{E590FD1C-E8C6-4D2E-8CA9-77B403F7EE01}" = Microsoft Antimalware
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E7391464-6939-413C-B427-32F33FE13484}" = GameSpy Comrade
"{E907A385-B00D-4D03-8B16-B64F10938CE6}" = Adobe Ultra CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}" = Battlefield 2142
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1D93F5B-881F-49E3-BA56-B4B8FA991059}" = Adobe Encore CS3 Library
"{F20C1251-1D0A-4944-B2AE-678581B33B19}" = Neverwinter Nights 2
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{F855C3AE-992D-4B84-A09D-07103CDCDAC2}" = Compact Wireless-G USB Adapter
"{F87A8E11-02A4-4875-A3A5-5961081B0E4E}" = OpenOffice.org 2.4
"{F9831B39-277F-4F53-BFB0-12DC90C4CB40}" = Requiem
"{FA8BFB25-BF48-4F8B-8859-B30810745190}" = LightScribe System Software
"{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}" = Adobe Contribute CS3
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFB278E6-2945-4FF0-8F3F-268CDD09FCF6}" = Adobe OnLocation CS3
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.2.2 Professional
"Adobe Acrobat 8 Professional_822" = Adobe Acrobat 8.2.2 - CPSID_53952
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_e7e6bb3ae60aaa1c5b11aa97d8f15b0" = Add or Remove Adobe Creative Suite 3 Master Collection
"avast5" = avast! Free Antivirus
"DivXCodec" = DivX 4.0 Final Codec
"HaaliMkx" = Haali Media Splitter
"Hamachi" = Hamachi 1.0.3.0
"iCall_is1" = iCall
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IEEP" = Infinty Engine Editor Pro (remove only)
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"InstallShield_{995237D9-6E24-45D9-9B06-C13AA62F518B}" = Adobe Ultra CS3 - MSL Legacy Support
"InstallShield_{E907A385-B00D-4D03-8B16-B64F10938CE6}" = Adobe Ultra CS3
"InstallShield_{FFB278E6-2945-4FF0-8F3F-268CDD09FCF6}" = Adobe OnLocation CS3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Matroska Pack" = Matroska Pack
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Natural Selection_is1" = Natural Selection 3.2
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OpenAL" = OpenAL
"Precision" = EVGA Precision 1.9.1
"Prism" = Prism Video Converter
"PVK" = PVK
"RealPlayer 6.0" = RealPlayer
"Starcraft" = Starcraft
"StarCraft II Beta" = StarCraft II Beta
"StealthBot v2.6 Revision 3" = StealthBot v2.6 Revision 3 (remove only)
"Steam App 10" = Counter-Strike
"Steam App 1290" = Darkest Hour Server
"Steam App 70" = Half-Life
"SystemRequirementsLab" = System Requirements Lab
"Vampire Slayer : Chapter VI_is1" = VS v6.0
"WE Unlimited_is1" = WE Unlimited 1.20
"WIC" = Windows Imaging Component
"WinBiff" = WinBiff
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"xHamster Video Downloader_is1" = xHamster Video Downloader 3.13
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
"StarCraft X-tra Editor" = StarCraft X-tra Editor
"uTorrent" = µTorrent
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 11/23/2009 9:51:19 PM | Computer Name = EMERALD | Source = avast! | ID = 33554522
Description =

Error - 11/23/2009 9:51:19 PM | Computer Name = EMERALD | Source = avast! | ID = 33554522
Description =

Error - 11/23/2009 9:51:19 PM | Computer Name = EMERALD | Source = avast! | ID = 33554522
Description =

Error - 11/23/2009 9:51:19 PM | Computer Name = EMERALD | Source = avast! | ID = 33554522
Description =

Error - 12/31/2009 4:55:16 AM | Computer Name = EMERALD | Source = avast! | ID = 33554522
Description =

Error - 12/31/2009 4:55:16 AM | Computer Name = EMERALD | Source = avast! | ID = 33554522
Description =

Error - 12/31/2009 4:55:16 AM | Computer Name = EMERALD | Source = avast! | ID = 33554522
Description =

Error - 12/31/2009 4:55:16 AM | Computer Name = EMERALD | Source = avast! | ID = 33554522
Description =

Error - 12/31/2009 4:55:16 AM | Computer Name = EMERALD | Source = avast! | ID = 33554522
Description =

Error - 1/12/2010 11:27:47 PM | Computer Name = EMERALD | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 5/15/2010 7:36:58 PM | Computer Name = EMERALD | Source = WinDefendRtp | ID = 3002
Description = %%827 Real-Time Protection agent has encountered an error and failed
to start. User: EMERALD\Mike Agent: IEDownloadsAndOutlookAttachmentsAgent Error Code:
0x8007139f Error description: The group or resource is not in the correct state
to perform the requested operation.

Error - 5/16/2010 2:04:49 AM | Computer Name = EMERALD | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 2.1.6519.0,
P5 mpsigdwn.dll, P6 2.1.6519.0, P7 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P8 NIL, P9 NIL, P10 NIL.

Error - 5/16/2010 2:04:50 AM | Computer Name = EMERALD | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 5/16/2010 4:20:37 PM | Computer Name = EMERALD | Source = WinDefendRtp | ID = 3002
Description = %%827 Real-Time Protection agent has encountered an error and failed
to start. User: EMERALD\Mike Agent: AutoStartAgent Error Code: 0x8007139f Error description:
The group or resource is not in the correct state to perform the requested operation.


Error - 5/16/2010 4:20:37 PM | Computer Name = EMERALD | Source = WinDefendRtp | ID = 3002
Description = %%827 Real-Time Protection agent has encountered an error and failed
to start. User: EMERALD\Mike Agent: IEConfigurationAgent Error Code: 0x8007139f Error
description: The group or resource is not in the correct state to perform the requested
operation.

Error - 5/16/2010 4:20:37 PM | Computer Name = EMERALD | Source = WinDefendRtp | ID = 3002
Description = %%827 Real-Time Protection agent has encountered an error and failed
to start. User: EMERALD\Mike Agent: IEAddInsAgent Error Code: 0x8007139f Error description:
The group or resource is not in the correct state to perform the requested operation.


Error - 5/16/2010 4:20:37 PM | Computer Name = EMERALD | Source = WinDefendRtp | ID = 3002
Description = %%827 Real-Time Protection agent has encountered an error and failed
to start. User: EMERALD\Mike Agent: IEDownloadsAndOutlookAttachmentsAgent Error Code:
0x8007139f Error description: The group or resource is not in the correct state
to perform the requested operation.

Error - 5/16/2010 6:18:49 PM | Computer Name = EMERALD | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 5/16/2010 6:18:49 PM | Computer Name = EMERALD | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 5/16/2010 6:18:49 PM | Computer Name = EMERALD | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

[ System Events ]
Error - 5/16/2010 4:22:02 PM | Computer Name = EMERALD | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 5/16/2010 6:28:52 PM | Computer Name = EMERALD | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 5/16/2010 6:28:52 PM | Computer Name = EMERALD | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 5/16/2010 6:30:30 PM | Computer Name = EMERALD | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 5/16/2010 9:22:12 PM | Computer Name = EMERALD | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 5/16/2010 9:22:12 PM | Computer Name = EMERALD | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 5/16/2010 9:23:10 PM | Computer Name = EMERALD | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 5/16/2010 10:16:42 PM | Computer Name = EMERALD | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 5/16/2010 10:16:42 PM | Computer Name = EMERALD | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 5/16/2010 10:17:25 PM | Computer Name = EMERALD | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058


< End of report >


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-17 21:48:32
Windows 5.1.2600 Service Pack 3
Running: di86vtoj.exe; Driver: C:\DOCUME~1\Mike\LOCALS~1\Temp\uwrdapog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB3D4EC7A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB3D4EB36]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xB3D4F0EA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB3D4F014]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB3D4E70C]
SSDT spsq.sys ZwEnumerateKey [0xB7ECDDA4]
SSDT spsq.sys ZwEnumerateValueKey [0xB7ECE132]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB3D4EC10]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB3D4E64C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB3D4E6B0]
SSDT spsq.sys ZwQueryKey [0xB7ECE20A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB3D4ED30]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xB3D4F1B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB3D4ECF0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB3D4EE70]

INT 0x62 ? 8B23FBF8
INT 0x63 ? 8B23FBF8
INT 0x63 ? 8B23FBF8
INT 0x63 ? 8B23FBF8
INT 0x94 ? 8B014F00
INT 0xA4 ? 8B014F00

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xB3D5BAC6]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xB3D5B8EA]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xB3D5BA24]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2CCC 80504568 4 Bytes JMP 54B3D4F0
PAGE ntkrnlpa.exe!ZwLoadDriver 8058413A 7 Bytes JMP B3D5BA28 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!NtCreateSection 805AB38E 7 Bytes JMP B3D5B8EE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC502 5 Bytes JMP B3D57536 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2F86 5 Bytes JMP B3D58EC2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1134 7 Bytes JMP B3D5BACA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
? spsq.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload B74D18AC 5 Bytes JMP 8B0144E0
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6973380, 0x550AF5, 0xE8000020]
.text anw5ywtw.SYS B6928386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text anw5ywtw.SYS B69283AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text anw5ywtw.SYS B69283C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text anw5ywtw.SYS B69283C9 1 Byte [2E]
.text anw5ywtw.SYS B69283C9 11 Bytes [2E, 00, 00, 00, 5C, 02, 00, ...] {ADD CS:[EAX], AL; ADD [EDX+EAX+0x0], BL; ADD [EAX], AL; ADD [EAX], AL}
.text ...
.rsrc C:\WINDOWS\System32\DRIVERS\netbt.sys entry point in ".rsrc" section [0xB3E4FA14]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[172] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B7000A
.text C:\WINDOWS\Explorer.EXE[172] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C1000A
.text C:\WINDOWS\Explorer.EXE[172] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B6000C
.text C:\WINDOWS\System32\svchost.exe[1532] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 006D000A
.text C:\WINDOWS\System32\svchost.exe[1532] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 006E000A
.text C:\WINDOWS\System32\svchost.exe[1532] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 006C000C
.text C:\WINDOWS\System32\svchost.exe[1532] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 0315000A

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B7EB6042] spsq.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B7EB613E] spsq.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B7EB60C0] spsq.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B7EB6800] spsq.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B7EB66D6] spsq.sys
IAT \SystemRoot\System32\Drivers\anw5ywtw.SYS[HAL.dll!KfAcquireSpinLock] CCCCCCC3
IAT \SystemRoot\System32\Drivers\anw5ywtw.SYS[HAL.dll!READ_PORT_UCHAR] CCCCCCCC
IAT \SystemRoot\System32\Drivers\anw5ywtw.SYS[HAL.dll!KeGetCurrentIrql] CCCCCCCC
IAT \SystemRoot\System32\Drivers\anw5ywtw.SYS[HAL.dll!KfRaiseIrql] CCCCCCCC
IAT \SystemRoot\System32\Drivers\anw5ywtw.SYS[HAL.dll!KfLowerIrql] 8BEC8B55
IAT \SystemRoot\System32\Drivers\anw5ywtw.SYS[HAL.dll!HalGetInterruptVector] 00C73445
IAT \SystemRoot\System32\Drivers\anw5ywtw.SYS[HAL.dll!HalTranslateBusAddress] 00000000
IAT \SystemRoot\System32\Drivers\anw5ywtw.SYS[HAL.dll!KeStallExecutionProcessor] 830C458B
IAT \SystemRoot\System32\Drivers\anw5ywtw.SYS[HAL.dll!KfReleaseSpinLock] C0840CEC
IAT \SystemRoot\System32\Drivers\anw5ywtw.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 053C0D74
IAT \SystemRoot\System32\Drivers\anw5ywtw.SYS[HAL.dll!READ_PORT_USHORT] 57B80974
IAT \SystemRoot\System32\Drivers\anw5ywtw.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 8B000000
IAT \SystemRoot\System32\Drivers\anw5ywtw.SYS[HAL.dll!WRITE_PORT_UCHAR] 56C35DE5
IAT \SystemRoot\System32\Drivers\anw5ywtw.SYS[WMILIB.SYS!WmiSystemControl] 8D51FC4D
IAT \SystemRoot\System32\Drivers\anw5ywtw.SYS[WMILIB.SYS!WmiCompleteRequest] 8D52FD55

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[948] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003B0002
IAT C:\WINDOWS\system32\services.exe[948] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003B0000

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version
Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version@Version 0xBD 0x42 0x69 0x85 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B06B29BD-0E13-9D8D-2E89-44431FA54D6B}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B06B29BD-0E13-9D8D-2E89-44431FA54D6B}@abjlcnpcoonmgfoebegokbpnjbenknimeb 0x61 0x61 0x00 0x00
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B06B29BD-0E13-9D8D-2E89-44431FA54D6B}@bbjlcnpcoonmgfoebennlaoodcldllhkagoh 0x61 0x61 0x00 0x00

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\System32\DRIVERS\netbt.sys suspicious modification

---- EOF - GMER 1.0.15 ----

[SweetTech]

Hello,

While I'm looking through your logs, I'd like to point out that you currently have Avast and Microsoft Security Essentials installed. It's never a good idea to be running 2 AV's at the same time. It can cause conflicts between the two of them and slow down our computer. Please choose one that you'd like to keep and uninstall the other.

I'll be back shortly with a fix for you.

Cheers,
SweetTech.

[SweetTech]

Hello again,

Please make sure you see my previous post to you about removing one of your Anti-Virus programs.


NEXT:


One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.

I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?



NEXT:

• Download TDSSKiller and save it to your Desktop.

Extract the file and run it.

Once completed it will create a log in your C:\ drive called TDSSKiller_* (* denotes version & date)

Please post the content of that log TDSSKiller


NEXT:



Running ComboFix
Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

• Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

• Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

• Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. The log that was produced after running the TDSSKiller tool.
3. The log that was produced after running the ComboFix scan.
4. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

[AtomicSG]

I have seen your reply and downloaded the programs, and I thank you for the heads up. Fortunatly as soon as I started having the problems I immediatly assumed the worst and accessed my accounts on another computer to change the passwords. Hopefully this preventative measure will have worked to my benefit. As the computer I am trying to fix is physicly disconnected from the internet, is there another way for me to get the windows recovery console? I would rather not reconnect it to the internet and further expose myself to risks of reinfection and data theft if it can be avoided.

As far as the 2 antivirus programs, I have only had Microsoft Security Essentials for a very short period. While going crazy trying to find and remove malware from my system within the past week I ran across the page for it. After downloading and installing MSE, it found and removed about 5 things that Avast had passed over which were all marked as either high or severe threat level. That being said, which would you recommend keeping?

[SweetTech]

Hello,

As the computer I am trying to fix is physicly disconnected from the internet, is there another way for me to get the windows recovery console? I would rather not reconnect it to the internet and further expose myself to risks of reinfection and data theft if it can be avoided.

It would be easier if you re-connected back tot he internet for the time it takes to install the Recovery Console and then run a scan with ComboFix.

As far as the 2 antivirus programs, I have only had Microsoft Security Essentials for a very short period. While going crazy trying to find and remove malware from my system within the past week I ran across the page for it. After downloading and installing MSE, it found and removed about 5 things that Avast had passed over which were all marked as either high or severe threat level. That being said, which would you recommend keeping?

I have heard good things about both. I don't really have a personal opinion one whether one is better than the other.


Cheers,
SweetTech.

[AtomicSG]

While running ComboFix the following occured

pev.cfxxe has encountered a problem

pev.cfxxe offset:00082899

[AtomicSG]

1. Should I be concerned about the problem encountered?

2.
15:59:56:484 2640 TDSS rootkit removing tool 2.3.0.0 May 12 2010 18:11:17
15:59:56:484 2640 ================================================================================
15:59:56:484 2640 SystemInfo:

15:59:56:484 2640 OS Version: 5.1.2600 ServicePack: 3.0
15:59:56:484 2640 Product type: Workstation
15:59:56:484 2640 ComputerName: EMERALD
15:59:56:484 2640 UserName: Mike
15:59:56:484 2640 Windows directory: C:\WINDOWS
15:59:56:484 2640 Processor architecture: Intel x86
15:59:56:484 2640 Number of processors: 4
15:59:56:484 2640 Page size: 0x1000
15:59:56:484 2640 Boot type: Normal boot
15:59:56:484 2640 ================================================================================
15:59:56:484 2640 UnloadDriverW: NtUnloadDriver error 2
15:59:56:484 2640 ForceUnloadDriverW: UnloadDriverW(klmd23) error 2
15:59:56:562 2640 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
15:59:56:562 2640 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
15:59:56:562 2640 wfopen_ex: Trying to KLMD file open
15:59:56:562 2640 wfopen_ex: File opened ok (Flags 2)
15:59:56:562 2640 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
15:59:56:562 2640 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
15:59:56:562 2640 wfopen_ex: Trying to KLMD file open
15:59:56:562 2640 wfopen_ex: File opened ok (Flags 2)
15:59:56:562 2640 KLAVA engine initialized
15:59:57:515 2640 Initialize success
15:59:57:515 2640
15:59:57:515 2640 Scanning Services ...
15:59:58:078 2640 Raw services enum returned 386 services
15:59:58:093 2640
15:59:58:093 2640 Scanning Drivers ...
15:59:58:343 2640 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
15:59:58:390 2640 713xTVCard (e9de5148c0a9829e9e3bcf8a93d035c1) C:\WINDOWS\system32\DRIVERS\SAA713x.sys
15:59:58:437 2640 Aavmker4 (a5246ed2586aa807af0bcf63165a71cc) C:\WINDOWS\system32\drivers\Aavmker4.sys
15:59:58:500 2640 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:59:58:546 2640 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
15:59:58:578 2640 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
15:59:58:625 2640 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
15:59:58:687 2640 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
15:59:58:734 2640 AmdK8 (a2d5f093f9cb160c183c77015704f156) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
15:59:58:781 2640 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
15:59:58:812 2640 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
15:59:58:843 2640 AsIO (2b4e66fac6503494a2c6f32bb6ab3826) C:\WINDOWS\system32\drivers\AsIO.sys
15:59:58:890 2640 aswFsBlk (1b6ed99291ddf5d2501554cc5757aab6) C:\WINDOWS\system32\drivers\aswFsBlk.sys
15:59:58:906 2640 aswMon2 (81432b1a4b31036c822eb967decf613c) C:\WINDOWS\system32\drivers\aswMon2.sys
15:59:58:937 2640 aswRdr (3e2b6112d2766f87eda8466fde86a986) C:\WINDOWS\system32\drivers\aswRdr.sys
15:59:58:968 2640 aswSP (d78b644816db540e103d0b0766fd9967) C:\WINDOWS\system32\drivers\aswSP.sys
15:59:58:984 2640 aswTdi (606d731008d98b6ef946730c597c1642) C:\WINDOWS\system32\drivers\aswTdi.sys
15:59:59:015 2640 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:59:59:031 2640 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:59:59:062 2640 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:59:59:109 2640 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:59:59:140 2640 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
15:59:59:171 2640 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:59:59:187 2640 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:59:59:203 2640 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
15:59:59:234 2640 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:59:59:250 2640 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:59:59:265 2640 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:59:59:312 2640 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
15:59:59:359 2640 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
15:59:59:390 2640 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\DMIO.SYS
15:59:59:437 2640 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:59:59:453 2640 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
15:59:59:500 2640 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
15:59:59:546 2640 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:59:59:578 2640 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
15:59:59:609 2640 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
15:59:59:625 2640 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
15:59:59:656 2640 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
15:59:59:703 2640 FlyPCI (93f7e288350460e4bae8807283dd4e6e) C:\WINDOWS\system32\drivers\FlyPCI.sys
15:59:59:750 2640 FsVga (455f778ee14368468560bd7cb8c854d0) C:\WINDOWS\system32\DRIVERS\fsvga.sys
15:59:59:750 2640 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:59:59:781 2640 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:59:59:812 2640 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:59:59:859 2640 grmnusb (6003bc70f1a8307262bd3c941bda0b7e) C:\WINDOWS\system32\drivers\grmnusb.sys
15:59:59:875 2640 hamachi (7929a161f9951d173ca9900fe7067391) C:\WINDOWS\system32\DRIVERS\hamachi.sys
15:59:59:906 2640 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:59:59:953 2640 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:00:00:015 2640 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
16:00:00:078 2640 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:00:00:093 2640 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:00:00:281 2640 IntcAzAudAddService (fb4293b1eab313c28d4a1b8db61aca72) C:\WINDOWS\system32\drivers\RtkHDAud.sys
16:00:00:328 2640 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
16:00:00:359 2640 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:00:00:390 2640 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:00:00:421 2640 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:00:00:437 2640 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:00:00:453 2640 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:00:00:484 2640 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:00:00:515 2640 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:00:00:531 2640 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:00:00:562 2640 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:00:00:593 2640 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
16:00:00:625 2640 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:00:00:640 2640 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
16:00:00:656 2640 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:00:00:671 2640 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:00:00:687 2640 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:00:00:703 2640 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
16:00:00:734 2640 MpFilter (dfa1cd670ea50a21c87c92c727c50950) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
16:00:00:828 2640 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:00:00:875 2640 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:00:00:953 2640 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
16:00:00:953 2640 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:00:00:968 2640 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:00:00:984 2640 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:00:01:000 2640 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:00:01:031 2640 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:00:01:046 2640 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
16:00:01:062 2640 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
16:00:01:093 2640 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
16:00:01:109 2640 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
16:00:01:156 2640 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:00:01:171 2640 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
16:00:01:203 2640 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:00:01:218 2640 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:00:01:234 2640 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:00:01:250 2640 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
16:00:01:265 2640 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:00:01:281 2640 NetBT (549af88d081d054fb89b43c9f825a167) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:00:01:296 2640 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\netbt.sys. Real md5: 549af88d081d054fb89b43c9f825a167, Fake md5: db7df439b4f5a6a8075cd68bc78e7844
16:00:01:296 2640 File "C:\WINDOWS\system32\DRIVERS\netbt.sys" infected by TDSS rootkit ... 16:00:08:812 2640 Backup copy found, using it..
16:00:08:875 2640 will be cured on next reboot
16:00:08:984 2640 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
16:00:09:015 2640 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:00:09:031 2640 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:00:09:109 2640 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:00:11:718 2640 nv (cb0ce8de9f66a297cd86eb98921b8e58) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
16:00:13:265 2640 nvatabus (a1f88223528aadbb6374132becbbdcc1) C:\WINDOWS\system32\DRIVERS\nvatabus.sys
16:00:13:296 2640 nvax (f3d3015e52f2732042197d4edcaac2cb) C:\WINDOWS\system32\drivers\nvax.sys
16:00:13:328 2640 NVENETFD (7d275ecda4628318912f6c945d5cf963) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
16:00:13:375 2640 NVHDA (cf68bcac297b4c98c1d25b81e4011de4) C:\WINDOWS\system32\drivers\nvhda32.sys
16:00:13:406 2640 nvnetbus (b64aacefad2be5bff5353fe681253c67) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
16:00:13:437 2640 nvnforce (6d6fd2b7035d415621acaf1e555c8b90) C:\WINDOWS\system32\drivers\nvapu.sys
16:00:13:484 2640 nvsmu (2a085aec3ab2b1211611d2a7b9e22456) C:\WINDOWS\system32\DRIVERS\nvsmu.sys
16:00:13:593 2640 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:00:13:609 2640 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:00:13:640 2640 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
16:00:13:656 2640 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
16:00:13:671 2640 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:00:13:828 2640 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
16:00:13:828 2640 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
16:00:13:875 2640 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
16:00:13:890 2640 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
16:00:14:234 2640 pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
16:00:14:281 2640 PhilTune (9dadfaf5dac3c793640180cbf136828b) C:\WINDOWS\system32\Drivers\PhilTune.sys
16:00:14:328 2640 PnkBstrK (a32ef1b47f239fc91dbf5c02feaf573d) C:\WINDOWS\system32\drivers\PnkBstrK.sys
16:00:14:375 2640 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:00:14:390 2640 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
16:00:14:406 2640 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
16:00:14:453 2640 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:00:14:500 2640 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\Drivers\PxHelp20.sys
16:00:14:546 2640 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:00:14:546 2640 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:00:14:562 2640 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:00:14:578 2640 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:00:14:593 2640 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:00:14:609 2640 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:00:14:625 2640 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:00:14:656 2640 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
16:00:14:671 2640 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:00:14:718 2640 RT73 (7436bfd3a542cf6ff55097200031b293) C:\WINDOWS\system32\DRIVERS\rt73.sys
16:00:14:812 2640 RTCore32 (2c293f0f3295a599fb50d8fcf1fa6ded) C:\Program Files\EVGA Precision\RTCore32.sys
16:00:14:843 2640 SCREAMINGBDRIVER (d3fa9fb502ad62001101f495bbbac42e) C:\WINDOWS\system32\drivers\ScreamingBAudio.sys
16:00:14:875 2640 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:00:14:906 2640 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
16:00:14:921 2640 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
16:00:14:937 2640 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:00:14:984 2640 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
16:00:15:015 2640 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:00:15:046 2640 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
16:00:15:046 2640 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
16:00:15:062 2640 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
16:00:15:109 2640 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
16:00:15:156 2640 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
16:00:15:171 2640 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:00:15:187 2640 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:00:15:234 2640 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:00:15:343 2640 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:00:15:359 2640 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:00:15:390 2640 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:00:15:421 2640 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:00:15:437 2640 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:00:15:500 2640 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:00:15:515 2640 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
16:00:15:546 2640 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:00:15:578 2640 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:00:15:609 2640 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:00:15:640 2640 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
16:00:15:687 2640 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:00:15:734 2640 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:00:15:765 2640 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:00:15:796 2640 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
16:00:15:812 2640 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:00:15:828 2640 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:00:15:875 2640 WmBEnum (59c90bc8317bd3f6e5559a4deaf35090) C:\WINDOWS\system32\drivers\WmBEnum.sys
16:00:15:890 2640 WmFilter (999a4539ad634a741afd357e290bd461) C:\WINDOWS\system32\drivers\WmFilter.sys
16:00:15:921 2640 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
16:00:15:937 2640 WmVirHid (0b8c64b13776f17537f0705fe62799c6) C:\WINDOWS\system32\drivers\WmVirHid.sys
16:00:15:953 2640 WmXlCore (8d388aeb1a12c1192aa9b4ebceabcba6) C:\WINDOWS\system32\drivers\WmXlCore.sys
16:00:16:000 2640 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
16:00:16:046 2640 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
16:00:16:078 2640 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:00:16:109 2640 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:00:16:156 2640 Reboot required for cure complete..
16:00:16:171 2640 Cure on reboot scheduled successfully
16:00:16:171 2640
16:00:16:171 2640 Completed
16:00:16:171 2640
16:00:16:171 2640 Results:
16:00:16:171 2640 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
16:00:16:171 2640 File objects infected / cured / cured on reboot: 1 / 0 / 1
16:00:16:171 2640
16:00:16:171 2640 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
16:00:16:171 2640 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
16:00:16:171 2640 UnloadDriverW: NtUnloadDriver error 1
16:00:16:171 2640 KLMD(ARK) unloaded successfully

3.
ComboFix 10-05-17.01 - Mike 05/19/2010 20:19:48.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.3045 [GMT -4:00]
Running from: c:\documents and settings\Mike\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\lsprst7.dll
c:\windows\system32\ssprs.dll
D:\install.exe

.
((((((((((((((((((((((((( Files Created from 2010-04-20 to 2010-05-20 )))))))))))))))))))))))))))))))
.

2010-05-16 22:34 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-16 22:33 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-16 22:33 . 2010-05-16 22:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-16 22:33 . 2010-05-16 22:33 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-05-16 22:32 . 2010-05-16 22:32 -------- d-sh--w- c:\documents and settings\Mike\IECompatCache
2010-05-16 22:30 . 2010-05-16 22:30 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-05-16 22:28 . 2010-05-16 22:28 -------- d-sh--w- c:\documents and settings\Mike\IETldCache
2010-05-16 22:22 . 2010-02-25 06:24 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-05-16 22:22 . 2010-02-25 06:24 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-05-16 22:22 . 2010-05-16 22:22 -------- d-----w- c:\windows\ie8updates
2010-05-16 22:21 . 2010-02-16 04:50 64000 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-05-16 22:19 . 2010-05-16 22:21 -------- dc-h--w- c:\windows\ie8
2010-05-15 20:06 . 2010-05-15 20:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-05-06 01:04 . 2010-05-13 18:29 -------- d-----w- c:\program files\StarCraft II Beta
2010-05-06 01:04 . 2010-05-06 01:08 -------- d-----w- c:\documents and settings\Mike\Local Settings\Application Data\Blizzard Entertainment
2010-05-06 01:04 . 2010-05-06 01:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2010-05-05 15:04 . 2010-05-05 15:04 153344 ----a-w- c:\windows\system32\drivers\DMIO.SYS
2010-05-05 14:51 . 2010-05-05 14:52 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-05-05 14:19 . 2010-05-05 14:19 -------- d-----w- c:\windows\system32\wbem\Repository
2010-05-04 22:36 . 2010-05-04 22:36 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-05-04 22:02 . 2010-05-05 14:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-05-04 21:58 . 2009-12-14 21:52 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
2010-05-03 04:15 . 2010-05-03 04:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard
2010-05-03 03:14 . 2010-05-06 16:14 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-19 23:33 . 2010-02-03 00:31 -------- d-----w- c:\program files\Steam
2010-05-19 20:02 . 2003-11-08 12:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2010-05-18 01:57 . 2010-03-30 07:21 -------- d-----w- c:\program files\EVGA Precision
2010-05-16 07:46 . 2009-12-07 05:05 -------- d-----w- c:\documents and settings\Mike\Application Data\MSN6
2010-05-15 20:09 . 2008-02-23 02:41 -------- d-----w- c:\program files\Alwil Software
2010-05-14 18:15 . 2008-02-24 21:15 -------- d-----w- c:\program files\Warcraft III
2010-05-14 06:32 . 2008-02-23 21:32 -------- d-----w- c:\program files\Starcraft
2010-05-11 20:45 . 2008-03-11 00:40 -------- d-----w- c:\documents and settings\Mike\Application Data\OpenOffice.org2
2010-05-11 18:52 . 2008-04-04 22:53 1 ----a-w- c:\documents and settings\Mike\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2010-05-06 20:59 . 2008-02-23 02:41 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-06 20:59 . 2008-02-23 02:41 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-06 20:39 . 2008-02-23 02:41 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-06 20:39 . 2008-04-01 03:31 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-06 20:34 . 2008-02-23 02:41 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-06 20:33 . 2008-02-23 02:41 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-06 20:33 . 2008-02-23 02:41 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-06 20:33 . 2008-04-01 03:31 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-06 20:33 . 2008-02-23 02:41 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-06 14:36 . 2009-10-02 23:51 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-05 14:18 . 2008-02-23 08:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-05-05 14:18 . 2008-02-23 08:43 -------- d-----w- c:\program files\Yahoo!
2010-05-04 22:03 . 2009-06-02 04:07 -------- d-----w- c:\documents and settings\Mike\Application Data\Yahoo!
2010-05-03 03:58 . 2008-02-23 02:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-03 03:58 . 2010-02-10 05:24 -------- d-----w- c:\program files\BaldursGateTutu
2010-04-25 20:25 . 2010-01-12 06:02 -------- d-----w- c:\program files\iCall
2010-04-18 20:24 . 2010-04-18 20:24 -------- d-----w- c:\documents and settings\Mike\Application Data\NeroDCTemplates
2010-04-18 19:39 . 2008-02-23 21:39 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-04-11 21:50 . 2008-06-01 04:19 138664 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-04-11 21:49 . 2008-06-01 04:19 214864 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-04-08 00:22 . 2008-02-23 02:56 -------- d-----w- c:\program files\NVIDIA Corporation
2010-04-08 00:21 . 2010-01-27 01:46 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-08 00:21 . 2009-07-25 15:15 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-04-06 07:34 . 2008-02-24 09:50 -------- d-----w- c:\program files\Electronic Arts
2010-04-06 07:24 . 2009-03-25 08:51 -------- d-----w- c:\program files\Common Files\EasyInfo
2010-04-01 19:02 . 2010-04-01 19:02 -------- d-----w- c:\documents and settings\Mike\Application Data\NeroDigital™
2010-04-01 18:48 . 2010-04-01 18:48 -------- d-----w- c:\documents and settings\Mike\Application Data\RadLight Company
2010-04-01 18:48 . 2010-04-01 18:48 -------- d-----w- c:\program files\RadLight Company
2010-04-01 18:41 . 2010-04-01 18:41 -------- d-----w- c:\program files\DivXCodec
2010-04-01 18:27 . 2008-10-03 23:40 -------- d-----w- c:\documents and settings\Mike\Application Data\uTorrent
2010-03-31 20:55 . 2010-03-31 20:55 200 ----a-w- c:\windows\QCPC80UI.dat
2010-03-24 22:17 . 2010-03-24 22:17 -------- d-----w- c:\program files\Atari
2010-03-24 20:43 . 2010-03-24 19:30 -------- d-----w- c:\program files\NCH Software
2010-03-24 20:42 . 2010-03-24 20:42 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software
2010-03-24 20:30 . 2008-02-23 03:54 -------- d-----w- c:\program files\Windows Media Connect 2
2010-03-22 00:38 . 2008-07-16 23:30 -------- d-----w- c:\program files\Black Isle
2010-03-19 06:24 . 2008-02-23 02:51 31952 ----a-w- c:\documents and settings\Mike\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-16 06:51 . 2008-02-23 03:17 600680 ----a-w- c:\windows\system32\nvudisp.exe
2010-03-12 15:26 . 2008-02-23 02:55 600680 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-03-11 04:24 . 2008-02-24 21:16 80053 ----a-w- c:\windows\War3Unin.dat
2010-03-01 08:37 . 2010-03-01 08:37 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-03-01 08:37 . 2008-02-23 02:56 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-02-25 06:24 . 2003-11-08 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2003-11-08 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\Steam.exe" [2010-05-07 1238352]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-01-22 2363392]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" [2009-11-15 33120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CHotkey"="mHotkey.exe" [2003-07-30 526848]
"ledpointer"="CNYHKey.exe" [2004-03-03 5576704]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2010-04-02 624056]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-01-21 92168]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"RTHDCPL"="RTHDCPL.EXE" [2008-11-17 17676288]
"Ai Nap"="c:\program files\ASUS\AI Suite\AiNap\AiNap.exe" [2008-05-26 1423360]
"QFan Help"="c:\program files\ASUS\AI Suite\QFan3\QFanHelp.exe" [2008-05-06 594432]
"Cpu Level Up help"="c:\program files\ASUS\AI Suite\CpuLevelUpHelp.exe" [2007-12-01 881152]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-30 198160]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-07-09 570664]
"EVGAPrecision"="c:\program files\EVGA Precision\EVGAPrecision.exe" [2010-01-21 293928]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-12 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-12 13666408]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iCall Internet Phone]
2008-12-18 20:44 1587576 ----a-w- c:\program files\iCall\iCall.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-03-30 08:48 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NMIndexingService"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"c:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\GameSpy\\Comrade\\Comrade.exe"=
"c:\\Program Files\\ZSNES\\zsnesw.exe"=
"c:\\Documents and Settings\\Mike\\Desktop\\stuff\\epsxe\\ePSXe.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\iCall\\iCall.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\atomicsg\\half-life\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\atomicsg\\counter-strike beta\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\atomicsg\\counter-strike\\hl.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"c:\\Program Files\\StarCraft II Beta\\StarCraft II.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"6113:TCP"= 6113:TCP:6113tcp
"6113:UDP"= 6113:UDP:6113udp
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/31/2008 11:31 PM 164048]
R2 713xTVCard;SAA7130 TV Card;c:\windows\system32\drivers\SAA713x.sys [3/15/2005 4:00 PM 277504]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/31/2008 11:31 PM 19024]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [9/4/2009 5:35 AM 57248]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [4/6/2009 2:19 PM 23064]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/23/2008 5:39 PM 691696]
S1 MpKsldef4850f;MpKsldef4850f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A2E31AB9-0B6B-4EDA-955C-433ABD38D1C7}\MpKsldef4850f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A2E31AB9-0B6B-4EDA-955C-433ABD38D1C7}\MpKsldef4850f.sys [?]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 FlyPCI;FlyPCI;c:\windows\system32\drivers\FlyPCI.sys [3/19/2010 1:46 AM 4134]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PhilTune;Philips TV Tuner;c:\windows\system32\drivers\PhilTune.sys [2/23/2008 12:18 PM 19840]
S3 RTCore32;RTCore32;c:\program files\EVGA Precision\RTCore32.sys [5/25/2005 3:39 PM 4608]
S3 XDva037;XDva037;\??\c:\windows\system32\XDva037.sys --> c:\windows\system32\XDva037.sys [?]
S3 XDva121;XDva121;\??\c:\windows\system32\XDva121.sys --> c:\windows\system32\XDva121.sys [?]
S3 XDva134;XDva134;\??\c:\windows\system32\XDva134.sys --> c:\windows\system32\XDva134.sys [?]
S3 XDva177;XDva177;\??\c:\windows\system32\XDva177.sys --> c:\windows\system32\XDva177.sys [?]
S3 XDva275;XDva275;\??\c:\windows\system32\XDva275.sys --> c:\windows\system32\XDva275.sys [?]
S3 XDva279;XDva279;\??\c:\windows\system32\XDva279.sys --> c:\windows\system32\XDva279.sys [?]
S3 XDva288;XDva288;\??\c:\windows\system32\XDva288.sys --> c:\windows\system32\XDva288.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-01-22 16:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-05-20 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 22:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
TCP: {131F5CA6-FA2A-4508-A0E1-D786E43DCC06} = 64.233.217.2,64.233.17.3
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Mike\Application Data\Mozilla\Firefox\Profiles\tvi2y6li.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://192.168.1.1/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - plugin: c:\documents and settings\Mike\Application Data\Move Networks\plugins\npqmp071502000008.dll
FF - plugin: c:\documents and settings\Mike\Application Data\Mozilla\Firefox\Profiles\tvi2y6li.default\extensions\[email protected]\plugins\npiaplayer.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-klmdb.sys
AddRemove-Matroska Pack - c:\program files\Matroska Pack\uninstall.exe
AddRemove-Natural Selection_is1 - c:\program files\Steam\steamapps\atomicsg\half-life\NS\unins000.exe
AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe
AddRemove-xHamster Video Downloader_is1 - c:\documents and settings\Mike\Desktop\New Folder\xHamster Video Downloader\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-19 20:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1960408961-1326574676-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1960408961-1326574676-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B06B29BD-0E13-9D8D-2E89-44431FA54D6B}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abjlcnpcoonmgfoebegokbpnjbenknimeb"=hex:61,61,00,00
"bbjlcnpcoonmgfoebennlaoodcldllhkagoh"=hex:61,61,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:bd,42,69,85,3b,5f,98,07,9b,d8,9f,aa,20,c7,4e,ab,aa,4f,6f,2e,80,
85,5f,74,36,30,d4,11,c7,99,5f,57,8b,c7,2e,b2,e1,ae,bd,47,7f,b9,7f,26,02,de,\

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:bd,42,69,85,3b,5f,98,07,9b,d8,9f,aa,20,c7,4e,ab,aa,4f,6f,2e,80,
85,5f,74,36,30,d4,11,c7,99,5f,57,8b,c7,2e,b2,e1,ae,bd,47,7f,b9,7f,26,02,de,\
.
Completion time: 2010-05-19 20:30:38
ComboFix-quarantined-files.txt 2010-05-20 00:30

Pre-Run: 33,654,263,808 bytes free
Post-Run: 34,360,393,728 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /usepmtimer /NoExecute=OptIn

- - End Of File - - 1865144E982E1CDE99D8A2AC7C4D84AC

4. Have only had it up to do what you asked me to do so I couldnt really tell you if its running any better yet. Trying to avoid using it til its clean.

[SweetTech]

Hello,

ComboFix Script

• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
• They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::
Driver::
MpKsldef4850f

File::
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A2E31AB9-0B6B-4EDA-955C-433ABD38D1C7}\MpKsldef4850f.sys

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:5555

RegLockDel::
[HKEY_USERS\S-1-5-21-1960408961-1326574676-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B06B29BD-0E13-9D8D-2E89-44431FA54D6B}*]

RegNull::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

• Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
• ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
• When finished, it shall produce a log for you.
• Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



NEXT:



Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

• Open Malwarebytes' Anti-Malware
  
• Select the Update tab
  
• Click Check for Updates
  
• After the update have been completed, Select the Scanner tab.
  
• Select Perform quick scan, then click on Scan
  
• Leave the default options as it is and click on Start Scan
  
• When done, you will be prompted. Click OK, then click on Show Results
  
• Checked (ticked) all items and click on Remove Selected
  
• After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESET OnlineScan
• Click the button.
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.
• Check
• Click the button.
• Accept any security warnings from your browser.
• Check
• Make sure that the option "Remove found threats" is Unchecked
• Push the Start button.
• ESET will then download updates for itself, install itself, and begin
  scanning your computer. Please be patient as this can take some time.
• When the scan completes, push
• Push , and save the file to your desktop using a unique name, such as
  ESETScan. Include the contents of this report in your next reply.
• Push the button.
• Push

NEXT:



OTL Custom Scan

We need to run an OTL Custom Scan

• Please reopen on your desktop.
• Copy and Paste the following bolded text into the textbox.
  
  

  
  netsvcs
  %SYSTEMDRIVE%\*.*
  %systemroot%\*. /mp /s
  CREATERESTOREPOINT
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\System32\config\*.sav
  %systemroot%\system32\drivers\*.sys /180
  

• Push
• A report will open. Copy and Paste that report in your next reply.

NEXT:


Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. The log that was produced after running the ComboFix scan.
3. The log that was produced after running the updated MalwareBytes' Anti-Malware scan.
4. The log that was produced after running the ESET Online Virus Scanner.
5. The logs that were produced after running the OTL scan.
6. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

[AtomicSG]

1. The same module encountered a problem with combofix as the first time.

"pev.cfxxe has encountered a problem"

around scan process 2

2.
ComboFix 10-05-17.01 - Mike 05/19/2010 23:23:44.2.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.3075 [GMT -4:00]
Running from: c:\documents and settings\Mike\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Mike\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

FILE ::
"c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A2E31AB9-0B6B-4EDA-955C-433ABD38D1C7}\MpKsldef4850f.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MPKSLDEF4850F
-------\Service_MpKsldef4850f


((((((((((((((((((((((((( Files Created from 2010-04-20 to 2010-05-20 )))))))))))))))))))))))))))))))
.

2010-05-16 22:34 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-16 22:33 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-16 22:33 . 2010-05-16 22:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-16 22:33 . 2010-05-16 22:33 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-05-16 22:32 . 2010-05-16 22:32 -------- d-sh--w- c:\documents and settings\Mike\IECompatCache
2010-05-16 22:30 . 2010-05-16 22:30 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-05-16 22:28 . 2010-05-16 22:28 -------- d-sh--w- c:\documents and settings\Mike\IETldCache
2010-05-16 22:22 . 2010-02-25 06:24 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-05-16 22:22 . 2010-02-25 06:24 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-05-16 22:22 . 2010-05-16 22:22 -------- d-----w- c:\windows\ie8updates
2010-05-16 22:21 . 2010-02-16 04:50 64000 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-05-16 22:19 . 2010-05-16 22:21 -------- dc-h--w- c:\windows\ie8
2010-05-15 20:06 . 2010-05-15 20:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-05-06 01:04 . 2010-05-13 18:29 -------- d-----w- c:\program files\StarCraft II Beta
2010-05-06 01:04 . 2010-05-06 01:08 -------- d-----w- c:\documents and settings\Mike\Local Settings\Application Data\Blizzard Entertainment
2010-05-06 01:04 . 2010-05-06 01:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2010-05-05 15:04 . 2010-05-05 15:04 153344 ----a-w- c:\windows\system32\drivers\DMIO.SYS
2010-05-05 14:51 . 2010-05-05 14:52 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-05-05 14:19 . 2010-05-05 14:19 -------- d-----w- c:\windows\system32\wbem\Repository
2010-05-04 22:36 . 2010-05-04 22:36 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-05-04 22:02 . 2010-05-05 14:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-05-03 04:15 . 2010-05-03 04:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard
2010-05-03 03:14 . 2010-05-06 16:14 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-20 03:34 . 2010-03-30 07:21 -------- d-----w- c:\program files\EVGA Precision
2010-05-20 03:33 . 2010-02-03 00:31 -------- d-----w- c:\program files\Steam
2010-05-19 20:02 . 2003-11-08 12:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2010-05-16 07:46 . 2009-12-07 05:05 -------- d-----w- c:\documents and settings\Mike\Application Data\MSN6
2010-05-15 20:09 . 2008-02-23 02:41 -------- d-----w- c:\program files\Alwil Software
2010-05-14 18:15 . 2008-02-24 21:15 -------- d-----w- c:\program files\Warcraft III
2010-05-14 06:32 . 2008-02-23 21:32 -------- d-----w- c:\program files\Starcraft
2010-05-11 20:45 . 2008-03-11 00:40 -------- d-----w- c:\documents and settings\Mike\Application Data\OpenOffice.org2
2010-05-11 18:52 . 2008-04-04 22:53 1 ----a-w- c:\documents and settings\Mike\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2010-05-06 20:59 . 2008-02-23 02:41 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-06 20:59 . 2008-02-23 02:41 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-06 20:39 . 2008-02-23 02:41 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-06 20:39 . 2008-04-01 03:31 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-06 20:34 . 2008-02-23 02:41 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-06 20:33 . 2008-02-23 02:41 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-06 20:33 . 2008-02-23 02:41 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-06 20:33 . 2008-04-01 03:31 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-06 20:33 . 2008-02-23 02:41 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-06 14:36 . 2009-10-02 23:51 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-05 14:18 . 2008-02-23 08:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-05-05 14:18 . 2008-02-23 08:43 -------- d-----w- c:\program files\Yahoo!
2010-05-04 22:03 . 2009-06-02 04:07 -------- d-----w- c:\documents and settings\Mike\Application Data\Yahoo!
2010-05-03 03:58 . 2008-02-23 02:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-03 03:58 . 2010-02-10 05:24 -------- d-----w- c:\program files\BaldursGateTutu
2010-04-25 20:25 . 2010-01-12 06:02 -------- d-----w- c:\program files\iCall
2010-04-18 20:24 . 2010-04-18 20:24 -------- d-----w- c:\documents and settings\Mike\Application Data\NeroDCTemplates
2010-04-18 19:39 . 2008-02-23 21:39 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-04-11 21:50 . 2008-06-01 04:19 138664 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-04-11 21:49 . 2008-06-01 04:19 214864 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-04-08 00:22 . 2008-02-23 02:56 -------- d-----w- c:\program files\NVIDIA Corporation
2010-04-08 00:21 . 2010-01-27 01:46 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-08 00:21 . 2009-07-25 15:15 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-04-06 07:34 . 2008-02-24 09:50 -------- d-----w- c:\program files\Electronic Arts
2010-04-06 07:24 . 2009-03-25 08:51 -------- d-----w- c:\program files\Common Files\EasyInfo
2010-04-01 19:02 . 2010-04-01 19:02 -------- d-----w- c:\documents and settings\Mike\Application Data\NeroDigital™
2010-04-01 18:48 . 2010-04-01 18:48 -------- d-----w- c:\documents and settings\Mike\Application Data\RadLight Company
2010-04-01 18:48 . 2010-04-01 18:48 -------- d-----w- c:\program files\RadLight Company
2010-04-01 18:41 . 2010-04-01 18:41 -------- d-----w- c:\program files\DivXCodec
2010-04-01 18:27 . 2008-10-03 23:40 -------- d-----w- c:\documents and settings\Mike\Application Data\uTorrent
2010-03-31 20:55 . 2010-03-31 20:55 200 ----a-w- c:\windows\QCPC80UI.dat
2010-03-24 22:17 . 2010-03-24 22:17 -------- d-----w- c:\program files\Atari
2010-03-24 20:43 . 2010-03-24 19:30 -------- d-----w- c:\program files\NCH Software
2010-03-24 20:42 . 2010-03-24 20:42 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software
2010-03-24 20:30 . 2008-02-23 03:54 -------- d-----w- c:\program files\Windows Media Connect 2
2010-03-22 00:38 . 2008-07-16 23:30 -------- d-----w- c:\program files\Black Isle
2010-03-19 06:24 . 2008-02-23 02:51 31952 ----a-w- c:\documents and settings\Mike\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-16 06:51 . 2008-02-23 03:17 600680 ----a-w- c:\windows\system32\nvudisp.exe
2010-03-12 15:26 . 2008-02-23 02:55 600680 ----a-w- c:\windowsÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"c:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\GameSpy\\Comrade\\Comrade.exe"=
"c:\\Program Files\\ZSNES\\zsnesw.exe"=
"c:\\Documents and Settings\\Mike\\Desktop\\stuff\\epsxe\\ePSXe.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\iCall\\iCall.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\atomicsg\\half-life\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\atomicsg\\counter-strike beta\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\atomicsg\\counter-strike\\hl.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"c:\\Program Files\\StarCraft II Beta\\StarCraft II.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"6113:TCP"= 6113:TCP:6113tcp
"6113:UDP"= 6113:UDP:6113udp
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/23/2008 5:39 PM 691696]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/31/2008 11:31 PM 164048]
R2 713xTVCard;SAA7130 TV Card;c:\windows\system32\drivers\SAA713x.sys [3/15/2005 4:00 PM 277504]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/31/2008 11:31 PM 19024]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [9/4/2009 5:35 AM 57248]
R3 RTCore32;RTCore32;c:\program files\EVGA Precision\RTCore32.sys [5/25/2005 3:39 PM 4608]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [4/6/2009 2:19 PM 23064]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 FlyPCI;FlyPCI;c:\windows\system32\drivers\FlyPCI.sys [3/19/2010 1:46 AM 4134]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PhilTune;Philips TV Tuner;c:\windows\system32\drivers\PhilTune.sys [2/23/2008 12:18 PM 19840]
S3 XDva037;XDva037;\??\c:\windows\system32\XDva037.sys --> c:\windows\system32\XDva037.sys [?]
S3 XDva121;XDva121;\??\c:\windows\system32\XDva121.sys --> c:\windows\system32\XDva121.sys [?]
S3 XDva134;XDva134;\??\c:\windows\system32\XDva134.sys --> c:\windows\system32\XDva134.sys [?]
S3 XDva177;XDva177;\??\c:\windows\system32\XDva177.sys --> c:\windows\system32\XDva177.sys [?]
S3 XDva275;XDva275;\??\c:\windows\system32\XDva275.sys --> c:\windows\system32\XDva275.sys [?]
S3 XDva279;XDva279;\??\c:\windows\system32\XDva279.sys --> c:\windows\system32\XDva279.sys [?]
S3 XDva288;XDva288;\??\c:\windows\system32\XDva288.sys --> c:\windows\system32\XDva288.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - RTCORE32

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-01-22 16:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-05-20 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 22:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
TCP: {131F5CA6-FA2A-4508-A0E1-D786E43DCC06} = 64.233.217.2,64.233.17.3
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Mike\Application Data\Mozilla\Firefox\Profiles\tvi2y6li.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://192.168.1.1/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - plugin: c:\documents and settings\Mike\Application Data\Move Networks\plugins\npqmp071502000008.dll
FF - plugin: c:\documents and settings\Mike\Application Data\Mozilla\Firefox\Profiles\tvi2y6li.default\extensions\[email protected]\plugins\npiaplayer.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-19 23:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sper.sys >>UNKNOWN [0x8B1EB938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xb810cf28
\Driver\ACPI -> ACPI.sys @ 0xb7e74cb8
\Driver\atapi -> atapi.sys @ 0xb7e09b40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: NVIDIA nForce 10/100/1000 Mbps Ethernet #2 -> SendCompleteHandler -> NDIS.sys @ 0xb7cfcbb0
PacketIndicateHandler -> NDIS.sys @ 0xb7ceba0d
SendHandler -> NDIS.sys @ 0xb7cffb40
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1960408961-1326574676-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1960408961-1326574676-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B06B29BD-0E13-9D8D-2E89-44431FA54D6B}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abjlcnpcoonmgfoebegokbpnjbenknimeb"=hex:61,61,00,00
"bbjlcnpcoonmgfoebennlaoodcldllhkagoh"=hex:61,61,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2568)
c:\windows\system32\WININET.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\mHotkey.exe
c:\windows\CNYHKey.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
c:\program files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
c:\program files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2010-05-19 23:40:24 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-20 03:40
ComboFix2.txt 2010-05-20 00:30

Pre-Run: 34,430,025,728 bytes free
Post-Run: 34,270,728,192 bytes free

- - End Of File - - A1819DB4A8F81617A5FCEA080F809314

3.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4119

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/20/2010 12:11:06 AM
mbam-log-2010-05-20 (00-11-06).txt

Scan type: Quick scan
Objects scanned: 118714
Time elapsed: 4 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

4.
C:\System Volume Information\_restore{18E6C57A-D1C4-4620-8F9E-E508CBF04F86}\RP692\A0107591.exe probably a variant of Win32/Agent trojan

5.
OTL logfile created on: 5/20/2010 4:00:42 AM - Run 6
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Mike\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 83.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 31.79 Gb Free Space | 28.44% Space Free | Partition Type: NTFS
Drive D: | 372.61 Gb Total Space | 110.35 Gb Free Space | 29.62% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: EMERALD
Current User Name: Mike
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Mike\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
PRC - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\EVGA Precision\EVGAPrecision.exe ()
PRC - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe (StarWind Software)
PRC - C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe (Linksys)
PRC - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe (GEMTEKS)
PRC - C:\WINDOWS\CNYHKey.exe (Chicony)
PRC - C:\WINDOWS\mHotkey.exe (Chicony)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Mike\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (WUSB54GCSVC) -- File not found
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (StarWindServiceAE) -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe (StarWind Software)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV - (npggsvc) -- C:\WINDOWS\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (Adobe Version Cue CS3) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\b?????????????????????????????
????????????????????????????????????????????????????????????????????????????????????????????????
??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
??????????????????????????????????????????????hi.sys (LogMeIn, Inc.)
DRV - (MPE) -- C:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation)
DRV - (61883) -- C:\WINDOWS\system32\drivers\61883.sys (Microsoft Corporation)
DRV - (Avc) -- C:\WINDOWS\system32\drivers\avc.sys (Microsoft Corporation)
DRV - (MSDV) -- C:\WINDOWS\system32\drivers\msdv.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (AsIO) -- C:\WINDOWS\system32\drivers\AsIO.sys ()
DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices)
DRV - (RT73) -- C:\WINDOWS\system32\drivers\rt73.sys (Ralink Technology, Corp.)
DRV - (nvnforce) Service for NVIDIA® nForce™ -- C:\WINDOWS\system32\drivers\nvapu.sys (NVIDIA Corporation)
DRV - (nvax) Service for NVIDIA® nForce™ -- C:\WINDOWS\system32\drivers\nvax.sys (NVIDIA Corporation)
DRV - (RTCore32) -- C:\Program Files\EVGA Precision\RTCore32.sys ()
DRV - (713xTVCard) -- C:\WINDOWS\system32\drivers\SAA713x.sys (Philips Semiconductors)
DRV - (nvatabus) -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys (NVIDIA Corporation)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (FsVga) -- C:\WINDOWS\system32\drivers\fsvga.sys (Microsoft Corporation)
DRV - (FlyPCI) -- C:\WINDOWS\system32\drivers\FlyPCI.sys ()
DRV - (PhilTune) -- C:\WINDOWS\system32\drivers\PhilTune.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....ch?fr=ffsp1&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://192.168.1.1/"
FF - prefs.js..extensions.enabledItems: [email protected]:0.4.1.1
FF - prefs.js..keyword.URL: "http://search.yahoo....ch?fr=ffds1&p="


FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/03/30 04:48:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/02 19:17:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/13 16:20:01 | 000,000,000 | ---D | M]

[2008/09/02 01:50:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Mozilla\Extensions
[2010/05/20 00:24:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\tvi2y6li.default\extensions
[2010/04/27 23:12:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\tvi2y6li.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/09/15 21:41:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\tvi2y6li.default\extensions\[email protected]
[2010/05/20 00:24:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/08/30 06:28:59 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll

O1 HOSTS File: ([2010/05/19 23:33:26 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - File not found
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ai Nap] C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe ()
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [CHotkey] C:\WINDOWS\mHotkey.exe (Chicony)
O4 - HKLM..\Run: [Cpu Level Up help] C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe ()
O4 - HKLM..\Run: [EVGAPrecision] C:\Program Files\EVGA Precision\EVGAPrecision.exe ()
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [ledpointer] C:\WINDOWS\CNYHKey.exe (Chicony)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [QFan Help] C:\Program Files\ASUS\AI Suite\QFan3\QFanHelp.exe ()
O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/22 22:35:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/02/22 14:20:17 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 30 Days ==========

[2010/05/20 03:00:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/05/20 00:15:37 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/05/19 23:31:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/05/19 20:17:23 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/05/19 20:14:02 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/05/19 20:14:02 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/05/19 20:14:02 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/05/19 20:14:02 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/05/19 20:13:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/05/19 20:10:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/19 15:59:43 | 000,979,792 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Mike\Desktop\TDSSKiller.exe
[2010/05/16 22:09:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Desktop\New Folder (2)
[2010/05/16 21:29:49 | 000,571,392 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
[2010/05/16 18:34:00 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/16 18:33:57 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/16 18:33:56 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/16 18:32:38 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Mike\IECompatCache
[2010/05/16 18:28:37 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Mike\IETldCache
[2010/05/16 18:22:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/05/16 18:19:48 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/05/15 19:42:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\Sun
[2010/05/15 16:06:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/05/05 21:04:17 | 000,000,000 | ---D | C] -- C:\Program Files\StarCraft II Beta
[2010/05/05 21:04:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\My Documents\StarCraft II Beta
[2010/05/05 21:04:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Local Settings\Application Data\Blizzard Entertainment
[2010/05/05 21:04:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment
[2010/05/05 10:51:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/05/05 10:05:34 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/05/04 18:36:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/05/04 18:02:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2010/05/04 15:30:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/05/04 15:30:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/05/03 00:15:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Blizzard
[2010/05/02 23:14:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/20 03:01:20 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/20 00:15:25 | 002,672,312 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\esetsmartinstaller_enu.exe
[2010/05/19 23:38:37 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/05/19 23:38:10 | 000,521,942 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/19 23:38:10 | 000,441,454 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/19 23:38:10 | 000,071,264 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/19 23:34:37 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/19 23:33:56 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/19 23:33:39 | 000,271,490 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/05/19 23:33:30 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/19 23:33:26 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/05/19 23:32:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/19 23:31:41 | 015,204,352 | ---- | M] () -- C:\Documents and Settings\Mike\NTUSER.DAT
[2010/05/19 20:40:59 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/05/19 20:40:51 | 000,015,360 | ---- | M] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/19 20:17:27 | 000,000,293 | RHS- | M] () -- C:\boot.ini
[2010/05/18 17:02:52 | 003,690,854 | R--- | M] () -- C:\Documents and Settings\Mike\Desktop\ComboFix.exe
[2010/05/18 17:02:18 | 000,949,152 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\tdsskiller.zip
[2010/05/16 22:14:44 | 003,172,094 | -H-- | M] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\IconCache.db
[2010/05/16 20:56:44 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\di86vtoj.exe
[2010/05/16 20:55:52 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
[2010/05/15 16:07:32 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/05/14 18:49:00 | 000,378,487 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100516-040139.backup
[2010/05/14 17:44:24 | 000,000,163 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\this.html
[2010/05/12 18:12:00 | 000,979,792 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Mike\Desktop\TDSSKiller.exe
[2010/05/07 22:04:01 | 000,070,144 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\New Microsoft Word Document (2).doc
[2010/05/06 16:59:57 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/05/06 16:59:36 | 000,165,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/05/06 16:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/05/06 16:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/05/06 16:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/05/06 16:33:59 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/05/06 16:33:55 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/05/06 16:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/05/06 16:33:29 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/05/06 10:36:38 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/05/06 00:09:02 | 000,000,233 | ---- | M] () -- C:\WINDOWS\ACTIVEJP.INI
[2010/05/05 16:56:54 | 000,281,797 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\fw9.pdf
[2010/05/04 17:24:48 | 000,000,223 | ---- | M] () -- C:\Boot.bak
[2010/05/04 17:24:47 | 000,000,507 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/24 12:55:04 | 000,000,964 | ---- | M] () -- C:\Documents and Settings\Mike\Adobe Encore_AME.pref
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/20 00:15:20 | 002,672,312 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\esetsmartinstaller_enu.exe
[2010/05/19 20:17:27 | 000,000,223 | ---- | C] () -- C:\Boot.bak
[2010/05/19 20:17:24 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/05/19 20:14:02 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/05/19 20:14:02 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/05/19 20:14:02 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/05/19 20:14:02 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/05/19 20:14:02 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/05/19 15:57:35 | 000,949,152 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\tdsskiller.zip
[2010/05/19 15:57:30 | 003,690,854 | R--- | C] () -- C:\Documents and Settings\Mike\Desktop\ComboFix.exe
[2010/05/16 22:33:16 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\di86vtoj.exe
[2010/05/14 17:38:58 | 000,000,163 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\this.html
[2010/05/06 21:20:53 | 000,281,797 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\fw9.pdf
[2010/05/06 21:20:53 | 000,070,144 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\New Microsoft Word Document (2).doc
[2010/05/05 10:57:04 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/03/19 01:46:21 | 000,004,134 | ---- | C] () -- C:\WINDOWS\System32\drivers\FlyPCI.sys
[2010/02/25 00:37:04 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/01/26 21:46:46 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/09/09 16:02:38 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2009/09/09 16:02:38 | 000,012,400 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2009/09/09 16:02:35 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2009/09/09 16:02:35 | 000,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2009/09/04 05:28:17 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009/09/04 05:27:50 | 000,029,681 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/09/04 05:27:49 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/10/02 04:14:25 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2008/08/24 15:26:45 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2008/08/24 15:26:45 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2008/08/24 15:26:45 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2008/06/01 00:19:53 | 000,138,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/04/14 04:11:08 | 000,000,233 | ---- | C] () -- C:\WINDOWS\ACTIVEJP.INI
[2008/02/26 05:19:01 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/02/26 05:19:01 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/02/24 06:18:04 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/02/23 17:39:06 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/02/23 12:18:23 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/02/23 04:56:53 | 000,000,360 | ---- | C] () -- C:\WINDOWS\CNYHKey.ini
[2008/02/23 04:56:52 | 000,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2008/02/23 04:56:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\CNYUSB.dll
[2008/02/23 04:56:52 | 000,011,776 | ---- | C] () -- C:\WINDOWS\HIDMNT.dll
[2008/02/23 04:56:52 | 000,005,120 | ---- | C] () -- C:\WINDOWS\HKCYDLL.dll
[2008/02/23 04:13:01 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2008/02/23 01:20:23 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2008/02/23 01:20:08 | 000,001,361 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2008/02/22 22:54:14 | 000,000,017 | ---- | C] () -- C:\WINDOWS\System32\auto.ini
[2003/11/08 08:00:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\NSREG.DLL

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/02/22 22:35:13 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/05/04 17:24:48 | 000,000,223 | ---- | M] () -- C:\Boot.bak
[2010/05/19 20:17:27 | 000,000,293 | RHS- | M] () -- C:\boot.ini
[2010/01/22 16:11:29 | 000,004,456 | R--- | M] () -- C:\CLDMA.LOG
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/05/19 23:40:24 | 000,024,376 | ---- | M] () -- C:\ComboFix.txt
[2008/02/22 22:35:13 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/02/01 22:20:47 | 000,000,000 | ---- | M] () -- C:\fftoutput.txt
[2008/10/02 04:14:28 | 000,001,090 | ---- | M] () -- C:\INSTALL.LOG
[2008/02/22 22:35:13 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/06/18 03:35:28 | 000,004,245 | ---- | M] () -- C:\LGSInst.Log
[2008/02/22 22:35:13 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/02/22 22:44:15 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/07/16 02:15:29 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/05/19 23:32:47 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
[2010/02/08 00:30:54 | 000,071,108 | ---- | M] () -- C:\s184
[2010/02/08 00:31:34 | 000,021,614 | ---- | M] () -- C:\s184.4p
[2009/03/13 02:50:02 | 000,071,108 | ---- | M] () -- C:\s1h8
[2010/02/21 03:49:03 | 000,071,108 | ---- | M] () -- C:\s1i0
[2009/02/13 00:25:28 | 000,071,108 | ---- | M] () -- C:\s1ok
[2009/06/25 23:46:02 | 000,071,108 | ---- | M] () -- C:\s1rg
[2009/06/25 23:27:22 | 000,071,108 | ---- | M] () -- C:\s22c
[2009/11/17 16:52:25 | 000,071,108 | ---- | M] () -- C:\s2p8
[2009/06/25 23:35:40 | 000,071,108 | ---- | M] () -- C:\s35k
[2010/01/08 22:11:21 | 000,071,108 | ---- | M] () -- C:\s36g
[2010/01/08 22:11:35 | 000,000,000 | ---- | M] () -- C:\s36g.c
[2010/02/21 03:51:02 | 000,071,108 | ---- | M] () -- C:\s39s
[2010/02/08 00:31:37 | 000,071,108 | ---- | M] () -- C:\s3e8
[2009/07/28 08:57:26 | 000,071,108 | ---- | M] () -- C:\s3nk
[2009/06/25 23:16:17 | 000,071,108 | ---- | M] () -- C:\s3rs
[2009/06/25 23:17:39 | 000,071,108 | ---- | M] () -- C:\s3u8
[2009/11/17 16:48:33 | 000,071,108 | ---- | M] () -- C:\s3vc
[2010/01/08 22:11:42 | 000,071,108 | ---- | M] () -- C:\s6g
[2010/01/08 22:11:57 | 000,000,000 | ---- | M] () -- C:\s6g.4
[2009/02/13 00:18:46 | 000,071,108 | ---- | M] () -- C:\sdc
[2009/02/17 21:03:06 | 000,000,000 | ---- | M] () -- C:\SFDebug.txt
[2009/10/11 16:21:10 | 000,071,108 | ---- | M] () -- C:\sps
[2010/05/19 16:00:16 | 000,042,672 | ---- | M] () -- C:\TDSSKiller.2.3.0.0_19.05.2010_15.59.56_log.txt
[2001/05/24 12:59:30 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE
[2008/02/23 04:44:02 | 000,000,146 | ---- | M] () -- C:\YServer.txt

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/02/22 14:22:32 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/02/22 14:22:32 | 000,626,688 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/02/22 14:22:32 | 000,442,368 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /180 >
[2010/05/06 16:33:29 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aavmker4.sys
[2010/05/06 16:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys
[2010/05/06 16:33:55 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswmon.sys
[2010/05/06 16:33:59 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswmon2.sys
[2010/05/06 16:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswRdr.sys
[2010/05/06 16:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswSP.sys
[2010/05/06 16:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswTdi.sys
[2010/05/05 11:04:48 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\system32\drivers\DMIO.SYS
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2009/12/02 15:23:40 | 000,149,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MpFilter.sys
[2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2010/05/19 16:02:43 | 000,162,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\netbt.sys
[2010/01/12 00:03:33 | 010,276,768 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys
[2010/04/11 17:50:47 | 000,138,664 | ---- | M] () -- C:\WINDOWS\system32\drivers\PnkBstrK.sys
[2010/04/18 15:39:43 | 000,691,696 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys
[2009/12/31 12:50:03 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\srv.sys
[2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys
< End of report >

6.
When I ran OTL this time no Extra log was created

Edited by SweetTech, 22 May 2010 - 03:45 PM.
edited the log to insert line breaks.

[SweetTech]

Hello,

ComboFix Script

• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
• They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::
RegLockDel::
[HKEY_USERS\S-1-5-21-1960408961-1326574676-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B06B29BD-0E13-9D8D-2E89-44431FA54D6B}*]

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

• Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
• ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
• When finished, it shall produce a log for you.
• Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT:



OTL Custom Scan

• Double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Check the boxes beside LOP Check and Purity Check.
• Under Extra Registry select Use Safe List
• Under Custom Scan paste this in
  

  
  netsvcs
  %SYSTEMDRIVE%\*.*
  %systemroot%\*. /mp /s
  CREATERESTOREPOINT
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\System32\config\*.sav
  %systemroot%\system32\drivers\*.sys 180
  

• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
• You may need two posts to fit them both in.

NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. The log that was produced after running the ComboFix script.
3. The logs that are produced after running the OTL scans.
4. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

[AtomicSG]

2.
ComboFix 10-05-17.01 - Mike 05/20/2010 15:47:10.3.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.3068 [GMT -4:00]
Running from: c:\documents and settings\Mike\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Mike\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((( Files Created from 2010-04-20 to 2010-05-20 )))))))))))))))))))))))))))))))
.

2010-05-20 04:15 . 2010-05-20 04:15 -------- d-----w- c:\program files\ESET
2010-05-16 22:34 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-16 22:33 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-16 22:33 . 2010-05-16 22:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-16 22:33 . 2010-05-16 22:33 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-05-16 22:32 . 2010-05-16 22:32 -------- d-sh--w- c:\documents and settings\Mike\IECompatCache
2010-05-16 22:30 . 2010-05-16 22:30 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-05-16 22:28 . 2010-05-16 22:28 -------- d-sh--w- c:\documents and settings\Mike\IETldCache
2010-05-16 22:22 . 2010-02-25 06:24 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-05-16 22:22 . 2010-02-25 06:24 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-05-16 22:22 . 2010-05-20 07:01 -------- d-----w- c:\windows\ie8updates
2010-05-16 22:21 . 2010-02-16 04:50 64000 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-05-16 22:19 . 2010-05-16 22:21 -------- dc-h--w- c:\windows\ie8
2010-05-15 20:06 . 2010-05-15 20:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-05-06 01:04 . 2010-05-13 18:29 -------- d-----w- c:\program files\StarCraft II Beta
2010-05-06 01:04 . 2010-05-06 01:08 -------- d-----w- c:\documents and settings\Mike\Local Settings\Application Data\Blizzard Entertainment
2010-05-06 01:04 . 2010-05-06 01:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2010-05-05 15:04 . 2010-05-05 15:04 153344 ----a-w- c:\windows\system32\drivers\DMIO.SYS
2010-05-05 14:51 . 2010-05-05 14:52 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-05-05 14:19 . 2010-05-05 14:19 -------- d-----w- c:\windows\system32\wbem\Repository
2010-05-04 22:36 . 2010-05-04 22:36 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-05-04 22:02 . 2010-05-05 14:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-05-04 21:58 . 2009-12-14 21:52 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
2010-05-03 04:15 . 2010-05-03 04:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard
2010-05-03 03:14 . 2010-05-06 16:14 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-20 19:56 . 2010-02-03 00:31 -------- d-----w- c:\program files\Steam
2010-05-20 03:34 . 2010-03-30 07:21 -------- d-----w- c:\program files\EVGA Precision
2010-05-19 20:02 . 2003-11-08 12:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2010-05-16 07:46 . 2009-12-07 05:05 -------- d-----w- c:\documents and settings\Mike\Application Data\MSN6
2010-05-15 20:09 . 2008-02-23 02:41 -------- d-----w- c:\program files\Alwil Software
2010-05-14 18:15 . 2008-02-24 21:15 -------- d-----w- c:\program files\Warcraft III
2010-05-14 06:32 . 2008-02-23 21:32 -------- d-----w- c:\program files\Starcraft
2010-05-11 20:45 . 2008-03-11 00:40 -------- d-----w- c:\documents and settings\Mike\Application Data\OpenOffice.org2
2010-05-11 18:52 . 2008-04-04 22:53 1 ----a-w- c:\documents and settings\Mike\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2010-05-06 20:59 . 2008-02-23 02:41 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-06 20:59 . 2008-02-23 02:41 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-06 20:39 . 2008-02-23 02:41 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-06 20:39 . 2008-04-01 03:31 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-06 20:34 . 2008-02-23 02:41 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-06 20:33 . 2008-02-23 02:41 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-06 20:33 . 2008-02-23 02:41 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-06 20:33 . 2008-04-01 03:31 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-06 20:33 . 2008-02-23 02:41 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-06 14:36 . 2009-10-02 23:51 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-05 14:18 . 2008-02-23 08:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-05-05 14:18 . 2008-02-23 08:43 -------- d-----w- c:\program files\Yahoo!
2010-05-04 22:03 . 2009-06-02 04:07 -------- d-----w- c:\documents and settings\Mike\Application Data\Yahoo!
2010-05-03 03:58 . 2008-02-23 02:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-03 03:58 . 2010-02-10 05:24 -------- d-----w- c:\program files\BaldursGateTutu
2010-04-25 20:25 . 2010-01-12 06:02 -------- d-----w- c:\program files\iCall
2010-04-18 20:24 . 2010-04-18 20:24 -------- d-----w- c:\documents and settings\Mike\Application Data\NeroDCTemplates
2010-04-18 19:39 . 2008-02-23 21:39 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-04-11 21:50 . 2008-06-01 04:19 138664 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-04-11 21:49 . 2008-06-01 04:19 214864 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-04-08 00:22 . 2008-02-23 02:56 -------- d-----w- c:\program files\NVIDIA Corporation
2010-04-08 00:21 . 2010-01-27 01:46 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-08 00:21 . 2009-07-25 15:15 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-04-06 07:34 . 2008-02-24 09:50 -------- d-----w- c:\program files\Electronic Arts
2010-04-06 07:24 . 2009-03-25 08:51 -------- d-----w- c:\program files\Common Files\EasyInfo
2010-04-01 19:02 . 2010-04-01 19:02 -------- d-----w- c:\documents and settings\Mike\Application Data\NeroDigital™
2010-04-01 18:48 . 2010-04-01 18:48 -------- d-----w- c:\documents and settings\Mike\Application Data\RadLight Company
2010-04-01 18:48 . 2010-04-01 18:48 -------- d-----w- c:\program files\RadLight Company
2010-04-01 18:41 . 2010-04-01 18:41 -------- d-----w- c:\program files\DivXCodec
2010-04-01 18:27 . 2008-10-03 23:40 -------- d-----w- c:\documents and settings\Mike\Application Data\uTorrent
2010-03-31 20:55 . 2010-03-31 20:55 200 ----a-w- c:\windows\QCPC80UI.dat
2010-03-24 22:17 . 2010-03-24 22:17 -------- d-----w- c:\program files\Atari
2010-03-24 20:43 . 2010-03-24 19:30 -------- d-----w- c:\program files\NCH Software
2010-03-24 20:42 . 2010-03-24 20:42 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software
2010-03-24 20:30 . 2008-02-23 03:54 -------- d-----w- c:\program files\Windows Media Connect 2
2010-03-22 00:38 . 2008-07-16 23:30 -------- d-----w- c:\program files\Black Isle
2010-03-19 06:24 . 2008-02-23 02:51 31952 ----a-w- c:\documents and settings\Mike\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-16 06:51 . 2008-02-23 03:17 600680 ----a-w- c:\windows\system32\nvudisp.exe
2010-03-12 15:26 . 2008-02-23 02:55 600680 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-03-11 04:24 . 2008-02-24 21:16 80053 ----a-w- c:\windows\War3Unin.dat
2010-03-10 06:15 . 2003-11-08 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-01 08:37 . 2010-03-01 08:37 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-03-01 08:37 . 2008-02-23 02:56 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-02-25 06:24 . 2003-11-08 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2003-11-08 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\Steam.exe" [2010-05-07 1238352]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-01-22 2363392]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" [2009-11-15 33120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CHotkey"="mHotkey.exe" [2003-07-30 526848]
"ledpointer"="CNYHKey.exe" [2004-03-03 5576704]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2010-04-02 624056]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-01-21 92168]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"RTHDCPL"="RTHDCPL.EXE" [2008-11-17 17676288]
"Ai Nap"="c:\program files\ASUS\AI Suite\AiNap\AiNap.exe" [2008-05-26 1423360]
"QFan Help"="c:\program files\ASUS\AI Suite\QFan3\QFanHelp.exe" [2008-05-06 594432]
"Cpu Level Up help"="c:\program files\ASUS\AI Suite\CpuLevelUpHelp.exe" [2007-12-01 881152]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-30 198160]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-07-09 570664]
"EVGAPrecision"="c:\program files\EVGA Precision\EVGAPrecision.exe" [2010-01-21 293928]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-12 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-12 13666408]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\klmdb.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iCall Internet Phone]
2008-12-18 20:44 1587576 ----a-w- c:\program files\iCall\iCall.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-03-30 08:48 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NMIndexingService"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\Verÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿoft Security Essentials\MpCmdRun.exe [2009-12-09 22:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
TCP: {131F5CA6-FA2A-4508-A0E1-D786E43DCC06} = 64.233.217.2,64.233.17.3
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Mike\Application Data\Mozilla\Firefox\Profiles\tvi2y6li.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://192.168.1.1/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - plugin: c:\documents and settings\Mike\Application Data\Move Networks\plugins\npqmp071502000008.dll
FF - plugin: c:\documents and settings\Mike\Application Data\Mozilla\Firefox\Profiles\tvi2y6li.default\extensions\[email protected]\plugins\npiaplayer.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-20 15:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spcr.sys >>UNKNOWN [0x8B1F7938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xb810cf28
\Driver\ACPI -> ACPI.sys @ 0xb7e74cb8
\Driver\atapi -> atapi.sys @ 0xb7e09b40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: NVIDIA nForce 10/100/1000 Mbps Ethernet #2 -> SendCompleteHandler -> NDIS.sys @ 0xb7cfcbb0
PacketIndicateHandler -> NDIS.sys @ 0xb7ceba0d
SendHandler -> NDIS.sys @ 0xb7cffb40
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1960408961-1326574676-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1960408961-1326574676-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B06B29BD-0E13-9D8D-2E89-44431FA54D6B}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abjlcnpcoonmgfoebegokbpnjbenknimeb"=hex:61,61,00,00
"bbjlcnpcoonmgfoebennlaoodcldllhkagoh"=hex:61,61,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2936)
c:\windows\system32\WININET.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
c:\program files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
c:\program files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\mHotkey.exe
c:\windows\CNYHKey.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2010-05-20 16:03:18 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-20 20:03
ComboFix2.txt 2010-05-20 03:40
ComboFix3.txt 2010-05-20 00:30

Pre-Run: 34,077,622,272 bytes free
Post-Run: 34,044,825,600 bytes free

- - End Of File - - 1B1AEBE85F68D923A87C95C0E5128187

3.
OTL logfile created on: 5/20/2010 4:06:19 PM - Run 7
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Mike\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 83.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 31.72 Gb Free Space | 28.38% Space Free | Partition Type: NTFS
Drive D: | 372.61 Gb Total Space | 110.35 Gb Free Space | 29.62% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: EMERALD
Current User Name: Mike
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Mike\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
PRC - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\EVGA Precision\EVGAPrecision.exe ()
PRC - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe (StarWind Software)
PRC - C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe (Linksys)
PRC - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe (GEMTEKS)
PRC - C:\WINDOWS\CNYHKey.exe (Chicony)
PRC - C:\WINDOWS\mHotkey.exe (Chicony)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Mike\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (WUSB54GCSVC) -- File not found
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (StarWindServiceAE) -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe (StarWind Software)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV - (npggsvc) -- C:\WINDOWS\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (Adobe Version Cue CS3) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\b??????????????????????????????????????????????????????????????????????????
????????????????????????????????????????????????????????????????????????????????????
????????????????????????????????????????????????????????????????????????????????????
????????????????????????????????????????????????????????????????????????????????????
????????????????????????????????????????????????????????????????????????????????????
????????????????????????????????????????????????????????????????????????????????????
????????????????????????????????????????????????????????????????????????????????????
????????????????????????????????????????????????????????????????????????????????????
????????????????????????????????????????????????????????????????????????????????????
????????????????????????????????????????????????????????????????????????????????????
????????????????????????????????????????????????????????????????????????????????????
????????????????????????????????????????????????????????????????????????????????????
????????????????????????????????????????????????????????????????????????????????????
????????????????????????????????????????????????????????????????????????????????????
????????????????????????????????????????????????????????????????????????????????????
????????????????????????????????????????????????????????????????????????????????????
????????????????????????????????????????????????????????????????????????????????????
????????????????????????????????????????????????????????????????????????????????????
????????????????????????????????????????????????????????????????????????????????????
????????????????????????????????????????????????????????????????????????????????????
????????????????????????????????????????????????????????????????????????????????????
????????????????????????????????????????????????????????????????????????????????????
????????????????????????????????????????????????????????????????????????????????????
????????????????????????????????????????????????????????????????????????????????????
??????????????????????????????????????????hi.sys (LogMeIn, Inc.)
DRV - (MPE) -- C:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation)
DRV - (61883) -- C:\WINDOWS\system32\drivers\61883.sys (Microsoft Corporation)
DRV - (Avc) -- C:\WINDOWS\system32\drivers\avc.sys (Microsoft Corporation)
DRV - (MSDV) -- C:\WINDOWS\system32\drivers\msdv.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (AsIO) -- C:\WINDOWS\system32\drivers\AsIO.sys ()
DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices)
DRV - (RT73) -- C:\WINDOWS\system32\drivers\rt73.sys (Ralink Technology, Corp.)
DRV - (nvnforce) Service for NVIDIA® nForce™ -- C:\WINDOWS\system32\drivers\nvapu.sys (NVIDIA Corporation)
DRV - (nvax) Service for NVIDIA® nForce™ -- C:\WINDOWS\system32\drivers\nvax.sys (NVIDIA Corporation)
DRV - (RTCore32) -- C:\Program Files\EVGA Precision\RTCore32.sys ()
DRV - (713xTVCard) -- C:\WINDOWS\system32\drivers\SAA713x.sys (Philips Semiconductors)
DRV - (nvatabus) -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys (NVIDIA Corporation)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (FsVga) -- C:\WINDOWS\system32\drivers\fsvga.sys (Microsoft Corporation)
DRV - (FlyPCI) -- C:\WINDOWS\system32\drivers\FlyPCI.sys ()
DRV - (PhilTune) -- C:\WINDOWS\system32\drivers\PhilTune.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....ch?fr=ffsp1&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://192.168.1.1/"
FF - prefs.js..extensions.enabledItems: [email protected]:0.4.1.1
FF - prefs.js..keyword.URL: "http://search.yahoo....ch?fr=ffds1&p="


FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/03/30 04:48:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/02 19:17:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/13 16:20:01 | 000,000,000 | ---D | M]

[2008/09/02 01:50:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Mozilla\Extensions
[2010/05/20 00:24:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\tvi2y6li.default\extensions
[2010/04/27 23:12:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\tvi2y6li.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/09/15 21:41:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\tvi2y6li.default\extensions\[email protected]
[2010/05/20 00:24:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/08/30 06:28:59 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll

O1 HOSTS File: ([2010/05/20 15:56:08 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - File not found
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ai Nap] C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe ()
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [CHotkey] C:\WINDOWS\mHotkey.exe (Chicony)
O4 - HKLM..\Run: [Cpu Level Up help] C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe ()
O4 - HKLM..\Run: [EVGAPrecision] C:\Program Files\EVGA Precision\EVGAPrecision.exe ()
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [ledpointer] C:\WINDOWS\CNYHKey.exe (Chicony)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [QFan Help] C:\Program Files\ASUS\AI Suite\QFan3\QFanHelp.exe ()
O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/22 22:35:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/02/22 14:20:17 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 30 Days ==========

[2010/05/20 15:54:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/05/20 00:15:37 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/05/19 20:17:23 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/05/19 20:14:02 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/05/19 20:14:02 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/05/19 20:14:02 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/05/19 20:14:02 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/05/19 20:13:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/05/19 20:10:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/19 15:59:43 | 000,979,792 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Mike\Desktop\TDSSKiller.exe
[2010/05/16 22:09:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Desktop\New Folder (2)
[2010/05/16 21:29:49 | 000,571,392 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
[2010/05/16 18:34:00 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/16 18:33:57 | 000,020,952 | ---- | C] (Malwa???????????????????????????????????????????????????????????????????????????????????????????????????????
??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????S\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/20 16:01:19 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/05/20 16:00:29 | 000,441,454 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/20 16:00:28 | 000,521,942 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/20 16:00:28 | 000,071,264 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/20 15:56:39 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/20 15:56:33 | 000,271,490 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/05/20 15:56:29 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/20 15:56:08 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/05/20 15:56:02 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/20 15:55:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/20 15:54:50 | 015,204,352 | ---- | M] () -- C:\Documents and Settings\Mike\NTUSER.DAT
[2010/05/20 03:01:20 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/20 00:15:25 | 002,672,312 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\esetsmartinstaller_enu.exe
[2010/05/19 20:40:59 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/05/19 20:40:51 | 000,015,360 | ---- | M] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/19 20:17:27 | 000,000,293 | RHS- | M] () -- C:\boot.ini
[2010/05/18 17:02:52 | 003,690,854 | R--- | M] () -- C:\Documents and Settings\Mike\Desktop\ComboFix.exe
[2010/05/18 17:02:18 | 000,949,152 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\tdsskiller.zip
[2010/05/16 22:14:44 | 003,172,094 | -H-- | M] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\IconCache.db
[2010/05/16 20:56:44 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\di86vtoj.exe
[2010/05/16 20:55:52 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
[2010/05/15 16:07:32 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/05/14 18:49:00 | 000,378,487 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100516-040139.backup
[2010/05/14 17:44:24 | 000,000,163 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\this.html
[2010/05/12 18:12:00 | 000,979,792 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Mike\Desktop\TDSSKiller.exe
[2010/05/07 22:04:01 | 000,070,144 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\New Microsoft Word Document (2).doc
[2010/05/06 16:59:57 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/05/06 16:59:36 | 000,165,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/05/06 16:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/05/06 16:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/05/06 16:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/05/06 16:33:59 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/05/06 16:33:55 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/05/06 16:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/05/06 16:33:29 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/05/06 10:36:38 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/05/06 00:09:02 | 000,000,233 | ---- | M] () -- C:\WINDOWS\ACTIVEJP.INI
[2010/05/05 16:56:54 | 000,281,797 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\fw9.pdf
[2010/05/04 17:24:48 | 000,000,223 | ---- | M] () -- C:\Boot.bak
[2010/05/04 17:24:47 | 000,000,507 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/24 12:55:04 | 000,000,964 | ---- | M] () -- C:\Documents and Settings\Mike\Adobe Encore_AME.pref
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/20 00:15:20 | 002,672,312 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\esetsmartinstaller_enu.exe
[2010/05/19 20:17:27 | 000,000,223 | ---- | C] () -- C:\Boot.bak
[2010/05/19 20:17:24 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/05/19 20:14:02 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/05/19 20:14:02 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/05/19 20:14:02 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/05/19 20:14:02 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/05/19 20:14:02 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/05/19 15:57:35 | 000,949,152 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\tdsskiller.zip
[2010/05/19 15:57:30 | 003,690,854 | R--- | C] () -- C:\Documents and Settings\Mike\Desktop\ComboFix.exe
[2010/05/16 22:33:16 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\di86vtoj.exe
[2010/05/14 17:38:58 | 000,000,163 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\this.html
[2010/05/06 21:20:53 | 000,281,797 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\fw9.pdf
[2010/05/06 21:20:53 | 000,070,144 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\New Microsoft Word Document (2).doc
[2010/05/05 10:57:04 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/03/19 01:46:21 | 000,004,134 | ---- | C] () -- C:\WINDOWS\System32\drivers\FlyPCI.sys
[2010/02/25 00:37:04 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/01/26 21:46:46 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/09/09 16:02:38 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2009/09/09 16:02:38 | 000,012,400 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2009/09/09 16:02:35 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2009/09/09 16:02:35 | 000,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2009/09/04 05:28:17 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009/09/04 05:27:50 | 000,029,681 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/09/04 05:27:49 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/10/02 04:14:25 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2008/08/24 15:26:45 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2008/08/24 15:26:45 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2008/08/24 15:26:45 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2008/06/01 00:19:53 | 000,138,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/04/14 04:11:08 | 000,000,233 | ---- | C] () -- C:\WINDOWS\ACTIVEJP.INI
[2008/02/26 05:19:01 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/02/26 05:19:01 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/02/24 06:18:04 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/02/23 17:39:06 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/02/23 12:18:23 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/02/23 04:56:53 | 000,000,360 | ---- | C] () -- C:\WINDOWS\CNYHKey.ini
[2008/02/23 04:56:52 | 000,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2008/02/23 04:56:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\CNYUSB.dll
[2008/02/23 04:56:52 | 000,011,776 | ---- | C] () -- C:\WINDOWS\HIDMNT.dll
[2008/02/23 04:56:52 | 000,005,120 | ---- | C] () -- C:\WINDOWS\HKCYDLL.dll
[2008/02/23 04:13:01 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2008/02/23 01:20:23 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2008/02/23 01:20:08 | 000,001,361 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2008/02/22 22:54:14 | 000,000,017 | ---- | C] () -- C:\WINDOWS\System32\auto.ini
[2003/11/08 08:00:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\NSREG.DLL

========== LOP Check ==========

[2010/05/15 16:06:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/02/24 23:54:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2008/08/24 15:26:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Minnetonka Audio Software
[2008/10/21 16:19:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\ameCache
[2008/02/26 05:20:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\AVSMedia
[2009/09/15 21:41:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\GarageGames
[2009/10/28 14:13:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\GARMIN
[2009/06/17 04:59:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\GetRightToGo
[2010/04/01 14:48:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\RadLight Company
[2009/11/28 21:19:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Screaming Bee
[2009/07/25 11:07:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\SystemRequirementsLab
[2010/04/01 14:27:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\uTorrent
[2010/05/20 16:01:19 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/02/22 22:35:13 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/05/04 17:24:48 | 000,000,223 | ---- | M] () -- C:\Boot.bak
[2010/05/19 20:17:27 | 000,000,293 | RHS- | M] () -- C:\boot.ini
[2010/01/22 16:11:29 | 000,004,456 | R--- | M] () -- C:\CLDMA.LOG
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/05/20 16:03:19 | 000,024,158 | ---- | M] () -- C:\ComboFix.txt
[2008/02/22 22:35:13 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/02/01 22:20:47 | 000,000,000 | ---- | M] () -- C:\fftoutput.txt
[2008/10/02 04:14:28 | 000,001,090 | ---- | M] () -- C:\INSTALL.LOG
[2008/02/22 22:35:13 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/06/18 03:35:28 | 000,004,245 | ---- | M] () -- C:\LGSInst.Log
[2008/02/22 22:35:13 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/02/22 22:44:15 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/07/16 02:15:29 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/05/20 15:55:51 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
[2010/02/08 00:30:54 | 000,071,108 | ---- | M] () -- C:\s184
[2010/02/08 00:31:34 | 000,021,614 | ---- | M] () -- C:\s184.4p
[2009/03/13 02:50:02 | 000,071,108 | ---- | M] () -- C:\s1h8
[2010/02/21 03:49:03 | 000,071,108 | ---- | M] () -- C:\s1i0
[2009/02/13 00:25:28 | 000,071,108 | ---- | M] () -- C:\s1ok
[2009/06/25 23:46:02 | 000,071,108 | ---- | M] () -- C:\s1rg
[2009/06/25 23:27:22 | 000,071,108 | ---- | M] () -- C:\s22c
[2009/11/17 16:52:25 | 000,071,108 | ---- | M] () -- C:\s2p8
[2009/06/25 23:35:40 | 000,071,108 | ---- | M] () -- C:\s35k
[2010/01/08 22:11:21 | 000,071,108 | ---- | M] () -- C:\s36g
[2010/01/08 22:11:35 | 000,000,000 | ---- | M] () -- C:\s36g.c
[2010/02/21 03:51:02 | 000,071,108 | ---- | M] () -- C:\s39s
[2010/02/08 00:31:37 | 000,071,108 | ---- | M] () -- C:\s3e8
[2009/07/28 08:57:26 | 000,071,108 | ---- | M] () -- C:\s3nk
[2009/06/25 23:16:17 | 000,071,108 | ---- | M] () -- C:\s3rs
[2009/06/25 23:17:39 | 000,071,108 | ---- | M] () -- C:\s3u8
[2009/11/17 16:48:33 | 000,071,108 | ---- | M] () -- C:\s3vc
[2010/01/08 22:11:42 | 000,071,108 | ---- | M] () -- C:\s6g
[2010/01/08 22:11:57 | 000,000,000 | ---- | M] () -- C:\s6g.4
[2009/02/13 00:18:46 | 000,071,108 | ---- | M] () -- C:\sdc
[2009/02/17 21:03:06 | 000,000,000 | ---- | M] () -- C:\SFDebug.txt
[2009/10/11 16:21:10 | 000,071,108 | ---- | M] () -- C:\sps
[2010/05/19 16:00:16 | 000,042,672 | ---- | M] () -- C:\TDSSKiller.2.3.0.0_19.05.2010_15.59.56_log.txt
[2001/05/24 12:59:30 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE
[2008/02/23 04:44:02 | 000,000,146 | ---- | M] () -- C:\YServer.txt

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/02/22 14:22:32 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/02/22 14:22:32 | 000,626,688 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/02/22 14:22:32 | 000,442,368 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /180 >
[2010/05/06 16:33:29 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aavmker4.sys
[2010/05/06 16:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys
[2010/05/06 16:33:55 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswmon.sys
[2010/05/06 16:33:59 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswmon2.sys
[2010/05/06 16:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswRdr.sys
[2010/05/06 16:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswSP.sys
[2010/05/06 16:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswTdi.sys
[2010/05/05 11:04:48 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\system32\drivers\DMIO.SYS
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2009/12/02 15:23:40 | 000,149,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MpFilter.sys
[2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2010/05/19 16:02:43 | 000,162,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\netbt.sys
[2010/01/12 00:03:33 | 010,276,768 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys
[2010/04/11 17:50:47 | 000,138,664 | ---- | M] () -- C:\WINDOWS\system32\drivers\PnkBstrK.sys
[2010/04/18 15:39:43 | 000,691,696 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys
[2009/12/31 12:50:03 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\srv.sys
[2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys
< End of report >

OTL Extras logfile created on: 5/20/2010 4:06:19 PM - Run 7
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Mike\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 83.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 31.72 Gb Free Space | 28.38% Space Free | Partition Type: NTFS
Drive D: | 372.61 Gb Total Space | 110.35 Gb Free Space | 29.62% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: EMERALD
Current User Name: Mike
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS3 Server
"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50900:TCP" = 50900:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50901:TCP" = 50901:TCP:*:Enabled:Adobe Version Cue CS3 Server
"6113:TCP" = 6113:TCP:*:Enabled:6113tcp
"6113:UDP" = 6113:UDP:*:Enabled:6113udp
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\NCsoft\Exteel\System\Exteel.exe" = C:\Program Files\NCSoft\Exteel\System\Exteel.exe:*:Enabled:Exteel -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Starcraft\StarCraft.exe" = C:\Program Files\Starcraft\StarCraft.exe:*:Enabled:Starcraft -- (Blizzard Entertainment)
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" = C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server -- (Adobe Systems Incorporated)
"C:\Program Files\Warcraft III\Warcraft III.exe" = C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment)
"C:\Program Files\Warcraft III\Frozen Throne.exe" = C:\Program Files\Warcraft III\Frozen Throne.exe:*:Enabled:Warcraft III - The Frozen Throne -- (Blizzard Entertainment)
"C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe" = C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe:*:Enabled:Adobe Dreamweaver CS3 -- (Adobe Systems, Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\Program Files\GameSpy\Comrade\Comrade.exe" = C:\Program Files\GameSpy\Comrade\Comrade.exe:*:Enabled:Comrade -- (IGN Entertainment Inc.)
"C:\Program Files\ZSNES\zsnesw.exe" = C:\Program Files\ZSNES\zsnesw.exe:*:Enabled:zsnesw -- ()
"C:\Documents and Settings\Mike\Desktop\stuff\epsxe\ePSXe.exe" = C:\Documents and Settings\Mike\Desktop\stuff\epsxe\ePSXe.exe:*:Disabled:ePSXe -- ()
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\iCall\iCall.exe" = C:\Program Files\iCall\iCall.exe:*:Enabled:iCall -- ()
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\Steam\steamapps\atomicsg\half-life\hl.exe" = C:\Program Files\Steam\steamapps\atomicsg\half-life\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Program Files\Steam\steamapps\atomicsg\counter-strike beta\hl.exe" = C:\Program Files\Steam\steamapps\atomicsg\counter-strike beta\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Program Files\Steam\steamapps\atomicsg\counter-strike\hl.exe" = C:\Program Files\Steam\steamapps\atomicsg\counter-strike\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\WINDOWS\system32\dxdiag.exe" = C:\WINDOWS\system32\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main -- (Obsidian Entertainment, Inc.)
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD -- (Obsidian Entertainment, Inc.)
"C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater -- (Obsidian Entertainment, Inc.)
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server -- (Obsidian Entertainment, Inc.)
"C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe" = C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:*:Enabled:Battlefield 2 -- ()
"C:\Program Files\StarCraft II Beta\StarCraft II.exe" = C:\Program Files\StarCraft II Beta\StarCraft II.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{0327FA9D-975C-448C-A086-577D57BB25B8}" = Adobe Soundbooth CS3 Codecs
"{03737893-5BEE-4C78-9C58-3AE7F172BBBE}" = Garmin Communicator Plugin
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0DD2BDF7-EAC8-41F7-83ED-61A2D05C6235}" = Adobe Setup
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}" = Cool & Quiet
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server {ko_KR}
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 18
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite
"{31492759-0E89-46B5-9770-F6E5808E3017}" = xImage
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{402ED8C0-824E-48A2-AB07-C8820E9CD8E9}" = MorphVOX Junior
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}" = Adobe Encore CS3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{6054F774-FEF0-46C6-9311-EC97FC576FC5}" = USB Wireless Keyboard Driver
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7148F0A8-6813-11D6-A77B-00B0D0142160}" = Java 2 Runtime Environment, SE v1.4.2_16
"{73E81E9B-7319-43AD-B7CC-1C61405E5089}" = Adobe After Effects CS3 Template Projects & Footage
"{768F22DC-2D20-4F52-A9A1-5E231FB7F752}" = Logitech Gaming Software 5.04
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3
"{7ECEF10B-F1C2-4FD5-861F-A3FCB4653304}" = Adobe After Effects CS3 Third Party Content
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86EF9FC4-F209-4520-B7E1-C7FF0EEBDFFF}" = Adobe Audition 1.5
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{92A300C0-E97B-48CC-9702-AB1AAED167E1}" = Adobe Soundbooth CS3 Scores
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{96ABF4E1-1489-4B84-B3CB-82E010247D73}" = Adobe Creative Suite 3 Master Collection
"{995237D9-6E24-45D9-9B06-C13AA62F518B}" = Adobe Ultra CS3 - MSL Legacy Support
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}" = Adobe Soundbooth CS3
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B70CDBAC-638A-4E67-916A-DB4C6F571033}" = Nero 8 Essentials
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}" = Adobe Encore CS3 Codecs
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB3F837??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
???????????????????????????????
????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????B-8859-B30810745190}" = LightScribe System Software
"{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}" = Adobe Contribute CS3
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFB278E6-2945-4FF0-8F3F-268CDD09FCF6}" = Adobe OnLocation CS3
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.2.2 Professional
"Adobe Acrobat 8 Professional_822" = Adobe Acrobat 8.2.2 - CPSID_53952
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_e7e6bb3ae60aaa1c5b11aa97d8f15b0" = Add or Remove Adobe Creative Suite 3 Master Collection
"avast5" = avast! Free Antivirus
"DivXCodec" = DivX 4.0 Final Codec
"ESET Online Scanner" = ESET Online Scanner v3
"HaaliMkx" = Haali Media Splitter
"Hamachi" = Hamachi 1.0.3.0
"iCall_is1" = iCall
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IEEP" = Infinty Engine Editor Pro (remove only)
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"InstallShield_{995237D9-6E24-45D9-9B06-C13AA62F518B}" = Adobe Ultra CS3 - MSL Legacy Support
"InstallShield_{E907A385-B00D-4D03-8B16-B64F10938CE6}" = Adobe Ultra CS3
"InstallShield_{FFB278E6-2945-4FF0-8F3F-268CDD09FCF6}" = Adobe OnLocation CS3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OpenAL" = OpenAL
"Precision" = EVGA Precision 1.9.1
"Prism" = Prism Video Converter
"PVK" = PVK
"RealPlayer 6.0" = RealPlayer
"Starcraft" = Starcraft
"StarCraft II Beta" = StarCraft II Beta
"StealthBot v2.6 Revision 3" = StealthBot v2.6 Revision 3 (remove only)
"Steam App 10" = Counter-Strike
"Steam App 1290" = Darkest Hour Server
"Steam App 70" = Half-Life
"SystemRequirementsLab" = System Requirements Lab
"Vampire Slayer : Chapter VI_is1" = VS v6.0
"WE Unlimited_is1" = WE Unlimited 1.20
"WIC" = Windows Imaging Component
"WinBiff" = WinBiff
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
"StarCraft X-tra Editor" = StarCraft X-tra Editor
"uTorrent" = µTorrent
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 11/23/2009 9:51:19 PM | Computer Name = EMERALD | Source = avast! | ID = 33554522
Description =

Error - 11/23/2009 9:51:19 PM | Computer Name = EMERALD | Source = avast! | ID = 33554522
Description =

Error - 11/23/2009 9:51:19 PM | Computer Name = EMERALD | Source = avast! | ID = 33554522
Description =

Error - 11/23/2009 9:51:19 PM | Computer Name = EMERALD | Source = avast! | ID = 33554522
Description =

Error - 12/31/2009 4:55:16 AM | Computer Name = EMERALD | Source = avast! | ID = 33554522
Description =

Error - 12/31/2009 4:55:16 AM | Computer Name = EMERALD | Source = avast! | ID = 33554522
Description =

Error - 12/31/2009 4:55:16 AM | Computer Name = EMERALD | Source = avast! | ID = 33554522
Description =

Error - 12/31/2009 4:55:16 AM | Computer Name = EMERALD | Source = avast! | ID = 33554522
Description =

Error - 12/31/2009 4:55:16 AM | Computer Name = EMERALD | Source = avast! | ID = 33554522
Description =

Error - 1/12/2010 11:27:47 PM | Computer Name = EMERALD | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 5/17/2010 9:51:20 PM | Computer Name = EMERALD | Source = Application Hang | ID = 1002
Description = Hanging application realplay.exe, version 11.0.0.614, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/17/2010 9:51:43 PM | Computer Name = EMERALD | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 11.0.5721.5145, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/17/2010 9:52:47 PM | Computer Name = EMERALD | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 11.0.5721.5145, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/19/2010 3:37:51 PM | Computer Name = EMERALD | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 2.1.6519.0,
P5 mpsigdwn.dll, P6 2.1.6519.0, P7 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P8 NIL, P9 NIL, P10 NIL.

Error - 5/19/2010 3:37:51 PM | Computer Name = EMERALD | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 5/19/2010 8:19:53 PM | Computer Name = EMERALD | Source = Application Error | ID = 1000
Description = Faulting application pev.cfxxe, version 0.0.0.0, faulting module pev.cfxxe,
version 0.0.0.0, fault address 0x00082899.

Error - 5/19/2010 11:23:50 PM | Computer Name = EMERALD | Source = Application Error | ID = 1000
Description = Faulting application pev.cfxxe, version 0.0.0.0, faulting module pev.cfxxe,
version 0.0.0.0, fault address 0x00082899.

Error - 5/20/2010 3:47:16 PM | Computer Name = EMERALD | Source = Application Error | ID = 1000
Description = Faulting application pev.cfxxe, version 0.0.0.0, faulting module pev.cfxxe,
version 0.0.0.0, fault address 0x00082899.

Error - 5/20/2010 4:07:10 PM | Computer Name = EMERALD | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 2.1.6519.0,
P5 mpsigdwn.dll, P6 2.1.6519.0, P7 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P8 NIL, P9 NIL, P10 NIL.

Error - 5/20/2010 4:07:11 PM | Computer Name = EMERALD | Source = MSSecurityEssentials | ID = 5000
Description =

[ System Events ]
Error - 5/20/2010 3:47:07 PM | Computer Name = EMERALD | Source = Service Control Manager | ID = 7034
Description = The PnkBstrB service terminated unexpectedly. It has done this 1
time(s).

Error - 5/20/2010 3:47:07 PM | Computer Name = EMERALD | Source = Service Control Manager | ID = 7031
Description = The WUSB54GCSVC service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 0 milliseconds: Restart
the service.

Error - 5/20/2010 3:47:07 PM | Computer Name = EMERALD | Source = Service Control Manager | ID = 7034
Description = The Yahoo! Updater service terminated unexpectedly. It has done this
1 time(s).

Error - 5/20/2010 3:47:07 PM | Computer Name = EMERALD | Source = Service Control Manager | ID = 7034
Description = The Application Layer Gateway Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 5/20/2010 3:47:07 PM | Computer Name = EMERALD | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 5/20/2010 3:47:07 PM | Computer Name = EMERALD | Source = Service Control Manager | ID = 7034
Description = The Print Spooler service terminated unexpectedly. It has done this
1 time(s).

Error - 5/20/2010 3:47:07 PM | Computer Name = EMERALD | Source = Service Control Manager | ID = 7034
Description = The StarWind AE Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 5/20/2010 3:47:07 PM | Computer Name = EMERALD | Source = Service Control Manager | ID = 7031
Description = The Microsoft Antimalware Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
15000 milliseconds: Restart the service.

Error - 5/20/2010 3:56:28 PM | Computer Name = EMERALD | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 5/20/2010 4:07:10 PM | Computer Name = EMERALD | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.81.1861.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5703.0 Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.


< End of report >

Edited by SweetTech, 22 May 2010 - 03:47 PM.

[SweetTech]

Hello,


ComboFix Script

• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
• They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::
RegNull::
[HKEY_USERS\S-1-5-21-1960408961-1326574676-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B06B29BD-0E13-9D8D-2E89-44431FA54D6B}*]

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

• Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
• ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
• When finished, it shall produce a log for you.
• Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



NEXT:



You must first verify that you can logon to the Windows Recovery Console.
To do so, you must have the Recovery Console installed or use the Windows XP installation cd.

How to install and use the Windows XP Recovery Console


Next, please download maxlook, saving the file to your desktop.
Double click maxlook.exe to run it. Note - you must run it only once!
As instructed when the tool runs, restart the computer and logon to the Recovery Console.
Execute the following bolded command at the x:\windows> prompt <--- the red x represents your operating system drive letter, usually C

batch look.bat




You will see 1 file copied many times then return to the x:\windows> prompt.
Type Exit to restart your computer then logon in normal mode.
Please run maxlook.exe again now. Note - you must run it only once!
It will produce looklog.txt on the desktop and open it.
Please post the results here.




NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. The log that was produced after running the ComboFix script.
3. The results from the MaxLook scan.
4. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

[AtomicSG]

2.
ComboFix 10-05-17.01 - Mike 05/20/2010 21:56:47.4.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.3067 [GMT -4:00]
Running from: c:\documents and settings\Mike\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Mike\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((( Files Created from 2010-04-21 to 2010-05-21 )))))))))))))))))))))))))))))))
.

2010-05-20 04:15 . 2010-05-20 04:15 -------- d-----w- c:\program files\ESET
2010-05-16 22:34 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-16 22:33 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-16 22:33 . 2010-05-16 22:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-16 22:33 . 2010-05-16 22:33 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-05-16 22:32 . 2010-05-16 22:32 -------- d-sh--w- c:\documents and settings\Mike\IECompatCache
2010-05-16 22:30 . 2010-05-16 22:30 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-05-16 22:28 . 2010-05-16 22:28 -------- d-sh--w- c:\documents and settings\Mike\IETldCache
2010-05-16 22:22 . 2010-02-25 06:24 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-05-16 22:22 . 2010-02-25 06:24 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-05-16 22:22 . 2010-05-20 07:01 -------- d-----w- c:\windows\ie8updates
2010-05-16 22:21 . 2010-02-16 04:50 64000 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-05-16 22:19 . 2010-05-16 22:21 -------- dc-h--w- c:\windows\ie8
2010-05-15 20:06 . 2010-05-15 20:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-05-06 01:04 . 2010-05-13 18:29 -------- d-----w- c:\program files\StarCraft II Beta
2010-05-06 01:04 . 2010-05-06 01:08 -------- d-----w- c:\documents and settings\Mike\Local Settings\Application Data\Blizzard Entertainment
2010-05-06 01:04 . 2010-05-06 01:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2010-05-05 15:04 . 2010-05-05 15:04 153344 ----a-w- c:\windows\system32\drivers\DMIO.SYS
2010-05-05 14:51 . 2010-05-05 14:52 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-05-05 14:19 . 2010-05-05 14:19 -------- d-----w- c:\windows\system32\wbem\Repository
2010-05-04 22:36 . 2010-05-04 22:36 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-05-04 22:02 . 2010-05-05 14:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-05-04 21:58 . 2009-12-14 21:52 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
2010-05-03 04:15 . 2010-05-03 04:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard
2010-05-03 03:14 . 2010-05-06 16:14 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-21 02:05 . 2010-02-03 00:31 -------- d-----w- c:\program files\Steam
2010-05-20 03:34 . 2010-03-30 07:21 -------- d-----w- c:\program files\EVGA Precision
2010-05-19 20:02 . 2003-11-08 12:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2010-05-16 07:46 . 2009-12-07 05:05 -------- d-----w- c:\documents and settings\Mike\Application Data\MSN6
2010-05-15 20:09 . 2008-02-23 02:41 -------- d-----w- c:\program files\Alwil Software
2010-05-14 18:15 . 2008-02-24 21:15 -------- d-----w- c:\program files\Warcraft III
2010-05-14 06:32 . 2008-02-23 21:32 -------- d-----w- c:\program files\Starcraft
2010-05-11 20:45 . 2008-03-11 00:40 -------- d-----w- c:\documents and settings\Mike\Application Data\OpenOffice.org2
2010-05-11 18:52 . 2008-04-04 22:53 1 ----a-w- c:\documents and settings\Mike\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2010-05-06 20:59 . 2008-02-23 02:41 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-06 20:59 . 2008-02-23 02:41 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-06 20:39 . 2008-02-23 02:41 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-06 20:39 . 2008-04-01 03:31 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-06 20:34 . 2008-02-23 02:41 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-06 20:33 . 2008-02-23 02:41 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-06 20:33 . 2008-02-23 02:41 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-06 20:33 . 2008-04-01 03:31 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-06 20:33 . 2008-02-23 02:41 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-06 14:36 . 2009-10-02 23:51 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-05 14:18 . 2008-02-23 08:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-05-05 14:18 . 2008-02-23 08:43 -------- d-----w- c:\program files\Yahoo!
2010-05-04 22:03 . 2009-06-02 04:07 -------- d-----w- c:\documents and settings\Mike\Application Data\Yahoo!
2010-05-03 03:58 . 2008-02-23 02:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-03 03:58 . 2010-02-10 05:24 -------- d-----w- c:\program files\BaldursGateTutu
2010-04-25 20:25 . 2010-01-12 06:02 -------- d-----w- c:\program files\iCall
2010-04-18 20:24 . 2010-04-18 20:24 -------- d-----w- c:\documents and settings\Mike\Application Data\NeroDCTemplates
2010-04-18 19:39 . 2008-02-23 21:39 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-04-11 21:50 . 2008-06-01 04:19 138664 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-04-11 21:49 . 2008-06-01 04:19 214864 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-04-08 00:22 . 2008-02-23 02:56 -------- d-----w- c:\program files\NVIDIA Corporation
2010-04-08 00:21 . 2010-01-27 01:46 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-08 00:21 . 2009-07-25 15:15 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-04-06 07:34 . 2008-02-24 09:50 -------- d-----w- c:\program files\Electronic Arts
2010-04-06 07:24 . 2009-03-25 08:51 -------- d-----w- c:\program files\Common Files\EasyInfo
2010-04-01 19:02 . 2010-04-01 19:02 -------- d-----w- c:\documents and settings\Mike\Application Data\NeroDigital™
2010-04-01 18:48 . 2010-04-01 18:48 -------- d-----w- c:\documents and settings\Mike\Application Data\RadLight Company
2010-04-01 18:48 . 2010-04-01 18:48 -------- d-----w- c:\program files\RadLight Company
2010-04-01 18:41 . 2010-04-01 18:41 -------- d-----w- c:\program files\DivXCodec
2010-04-01 18:27 . 2008-10-03 23:40 -------- d-----w- c:\documents and settings\Mike\Application Data\uTorrent
2010-03-31 20:55 . 2010-03-31 20:55 200 ----a-w- c:\windows\QCPC80UI.dat
2010-03-24 22:17 . 2010-03-24 22:17 -------- d-----w- c:\program files\Atari
2010-03-24 20:43 . 2010-03-24 19:30 -------- d-----w- c:\program files\NCH Software
2010-03-24 20:42 . 2010-03-24 20:42 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software
2010-03-24 20:30 . 2008-02-23 03:54 -------- d-----w- c:\program files\Windows Media Connect 2
2010-03-19 06:24 . 2008-02-23 02:51 31952 ----a-w- c:\documents and settings\Mike\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-16 06:51 . 2008-02-23 03:17 600680 ----a-w- c:\windows\system32\nvudisp.exe
2010-03-12 15:26 . 2008-02-23 02:55 600680 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-03-11 04:24 . 2008-02-24 21:16 80053 ----a-w- c:\windows\War3Unin.dat
2010-03-10 06:15 . 2003-11-08 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-01 08:37 . 2010-03-01 08:37 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-03-01 08:37 . 2008-02-23 02:56 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-02-25 06:24 . 2003-11-08 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2003-11-08 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\Steam.exe" [2010-05-07 1238352]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-01-22 2363392]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" [2009-11-15 33120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CHotkey"="mHotkey.exe" [2003-07-30 526848]
"ledpointer"="CNYHKey.exe" [2004-03-03 5576704]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2010-04-02 624056]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-01-21 92168]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"RTHDCPL"="RTHDCPL.EXE" [2008-11-17 17676288]
"Ai Nap"="c:\program files\ASUS\AI Suite\AiNap\AiNap.exe" [2008-05-26 1423360]
"QFan Help"="c:\program files\ASUS\AI Suite\QFan3\QFanHelp.exe" [2008-05-06 594432]
"Cpu Level Up help"="c:\program files\ASUS\AI Suite\CpuLevelUpHelp.exe" [2007-12-01 881152]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-30 198160]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-07-09 570664]
"EVGAPrecision"="c:\program files\EVGA Precision\EVGAPrecision.exe" [2010-01-21 293928]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-12 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-12 13666408]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\klmdb.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iCall Internet Phone]
2008-12-18 20:44 1587576 ----a-w- c:\program files\iCall\iCall.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-03-30 08:48 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NMIndexingService"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"c:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\GameSpy\\Comrade\\Comrade.exe"=
"c:\\Program Files\\ZSNES\\zsnesw.exe"=
"c:\\Documents and Settings\\Mike\\Desktop\\stuff\\epsxe\\ePSXe.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\iCall\\iCall.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\atomicsg\\half-life\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\atomicsg\\counter-strike beta\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\atomicsg\\counter-strike\\hl.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"c:\\Program Files\\StarCraft II Beta\\StarCraft II.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"6113:TCP"= 6113:TCP:6113tcp
"6113:UDP"= 6113:UDP:6113udp
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/23/2008 5:39 PM 691696]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/31/2008 11:31 PM 164048]
R2 713xTVCard;SAA7130 TV Card;c:\windows\system32\drivers\SAA713x.sys [3/15/2005 4:00 PM 277504]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/31/2008 11:31 PM 19024]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [9/4/2009 5:35 AM 57248]
R3 RTCore32;RTCore32;c:\program files\EVGA Precision\RTCore32.sys [5/25/2005 3:39 PM 4608]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [4/6/2009 2:19 PM 23064]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 FlyPCI;FlyPCI;c:\windows\system32\drivers\FlyPCI.sys [3/19/2010 1:46 AM 4134]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PhilTune;Philips TV Tuner;c:\windows\system32\drivers\PhilTune.sys [2/23/2008 12:18 PM 19840]
S3 XDva037;XDva037;\??\c:\windows\system32\XDva037.sys --> c:\windows\system32\XDva037.sys [?]
S3 XDva121;XDva121;\??\c:\windows\system32\XDva121.sys --> c:\windows\system32\XDva121.sys [?]
S3 XDva134;XDva134;\??\c:\windows\system32\XDva134.sys --> c:\windows\system32\XDva134.sys [?]
S3 XDva177;XDva177;\??\c:\windows\system32\XDva177.sys --> c:\windows\system32\XDva177.sys [?]
S3 XDva275;XDva275;\??\c:\windows\system32\XDva275.sys --> c:\windows\system32\XDva275.sys [?]
S3 XDva279;XDva279;\??\c:\windows\system32\XDva279.sys --> c:\windows\system32\XDva279.sys [?]
S3 XDva288;XDva288;\??\c:\windows\system32\XDva288.sys --> c:\windows\system32\XDva288.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-01-22 16:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-05-21 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 22:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
TCP: {131F5CA6-FA2A-4508-A0E1-D786E43DCC06} = 64.233.217.2,64.233.17.3
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Mike\Application Data\Mozilla\Firefox\Profiles\tvi2y6li.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://192.168.1.1/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - plugin: c:\documents and settings\Mike\Application Data\Move Networks\plugins\npqmp071502000008.dll
FF - plugin: c:\documents and settings\Mike\Application Data\Mozilla\Firefox\Profiles\tvi2y6li.default\extensions\[email protected]\plugins\npiaplayer.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-20 22:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spxa.sys >>UNKNOWN [0x8B1EB938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xb810cf28
\Driver\ACPI -> ACPI.sys @ 0xb7e74cb8
\Driver\atapi -> atapi.sys @ 0xb7e09b40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: NVIDIA nForce 10/100/1000 Mbps Ethernet #2 -> SendCompleteHandler -> NDIS.sys @ 0xb7cfcbb0
PacketIndicateHandler -> NDIS.sys @ 0xb7ceba0d
SendHandler -> NDIS.sys @ 0xb7cffb40
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1960408961-1326574676-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2920)
c:\windows\system32\WININET.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
c:\program files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
c:\program files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\mHotkey.exe
c:\windows\CNYHKey.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2010-05-20 22:12:51 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-21 02:12
ComboFix2.txt 2010-05-20 20:03
ComboFix3.txt 2010-05-20 03:40
ComboFix4.txt 2010-05-20 00:30

Pre-Run: 35,494,862,848 bytes free
Post-Run: 35,462,909,952 bytes free

- - End Of File - - E122DD2CF1051EB108F341B49A45C8AE

3.
Run from C:\Documents and Settings\Mike\Desktop\maxlook.exe on Thu 05/20/2010 at 22:26:31.18

No infected file found