Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Browser Link Redirects [Solved]


  • This topic is locked This topic is locked

#16
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

Could you please do me a favor and run another GMER scan and post the log that is produced after running the scan.

Cheers,
ST>
  • 0

Advertisements


#17
AtomicSG

AtomicSG

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Running GMER scan now but with devices unchecked simply because when I attempted it before it froze my system except for the scan. When the scan was complete it wouldnt even let me save the log.
  • 0

#18
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Okay. Thanks for letting me know.
  • 0

#19
AtomicSG

AtomicSG

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
My system became unstable after running gmer but I was able to save the log before forcably restarting.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-21 23:44:52
Windows 5.1.2600 Service Pack 3
Running: di86vtoj.exe; Driver: C:\DOCUME~1\Mike\LOCALS~1\Temp\uwrdapog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB3DEEC7A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB3DEEB36]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xB3DEF0EA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB3DEF014]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB3DEE70C]
SSDT spqs.sys ZwEnumerateKey [0xB7ECDDA4]
SSDT spqs.sys ZwEnumerateValueKey [0xB7ECE132]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB3DEEC10]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB3DEE64C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB3DEE6B0]
SSDT spqs.sys ZwQueryKey [0xB7ECE20A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB3DEED30]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xB3DEF1B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB3DEECF0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB3DEEE70]

INT 0x62 ? 8B233BF8
INT 0x63 ? 8B233BF8
INT 0x63 ? 8B233BF8
INT 0x63 ? 8B233BF8
INT 0x94 ? 8B0F0BF8
INT 0xA4 ? 8B0F0BF8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2CCC 80504568 4 Bytes JMP 54B3DEF0
? spqs.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload B76118AC 5 Bytes JMP 8B0F01D8
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6AB3380, 0x550AF5, 0xE8000020]
.text aa0zjsff.SYS B6A68386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text aa0zjsff.SYS B6A683AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text aa0zjsff.SYS B6A683C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text aa0zjsff.SYS B6A683C9 1 Byte [2E]
.text aa0zjsff.SYS B6A683C9 11 Bytes [2E, 00, 00, 00, 5C, 02, 00, ...] {ADD CS:[EAX], AL; ADD [EDX+EAX+0x0], BL; ADD [EAX], AL; ADD [EAX], AL}
.text ...

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B7EB6042] spqs.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B7EB613E] spqs.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B7EB60C0] spqs.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B7EB6800] spqs.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B7EB66D6] spqs.sys
IAT \SystemRoot\System32\Drivers\aa0zjsff.SYS[HAL.dll!KfAcquireSpinLock] CCCCCCC3
IAT \SystemRoot\System32\Drivers\aa0zjsff.SYS[HAL.dll!READ_PORT_UCHAR] CCCCCCCC
IAT \SystemRoot\System32\Drivers\aa0zjsff.SYS[HAL.dll!KeGetCurrentIrql] CCCCCCCC
IAT \SystemRoot\System32\Drivers\aa0zjsff.SYS[HAL.dll!KfRaiseIrql] CCCCCCCC
IAT \SystemRoot\System32\Drivers\aa0zjsff.SYS[HAL.dll!KfLowerIrql] 8BEC8B55
IAT \SystemRoot\System32\Drivers\aa0zjsff.SYS[HAL.dll!HalGetInterruptVector] 00C73445
IAT \SystemRoot\System32\Drivers\aa0zjsff.SYS[HAL.dll!HalTranslateBusAddress] 00000000
IAT \SystemRoot\System32\Drivers\aa0zjsff.SYS[HAL.dll!KeStallExecutionProcessor] 830C458B
IAT \SystemRoot\System32\Drivers\aa0zjsff.SYS[HAL.dll!KfReleaseSpinLock] C0840CEC
IAT \SystemRoot\System32\Drivers\aa0zjsff.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 053C0D74
IAT \SystemRoot\System32\Drivers\aa0zjsff.SYS[HAL.dll!READ_PORT_USHORT] 57B80974
IAT \SystemRoot\System32\Drivers\aa0zjsff.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 8B000000
IAT \SystemRoot\System32\Drivers\aa0zjsff.SYS[HAL.dll!WRITE_PORT_UCHAR] 56C35DE5
IAT \SystemRoot\System32\Drivers\aa0zjsff.SYS[WMILIB.SYS!WmiSystemControl] 8D51FC4D
IAT \SystemRoot\System32\Drivers\aa0zjsff.SYS[WMILIB.SYS!WmiCompleteRequest] 8D52FD55

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[936] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00390002
IAT C:\WINDOWS\system32\services.exe[936] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00390000

---- EOF - GMER 1.0.15 ----
  • 0

#20
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

Please do me a favor and run another ComboFix scan. If it prompts you to update it please allow it too do so. Please also provide me with a new OTL log.

Cheers,
ST.

Edited by SweetTech, 22 May 2010 - 07:35 AM.

  • 0

#21
AtomicSG

AtomicSG

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Any special instructions for the scans you want done?
  • 0

#22
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

I should have included that in my last post to you. For ComboFix I'd like for you to run a regular scan as for OTL please follow the instructions below:

OTL Custom Scan
  • Double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under Extra Registry select Use Safe List
  • Under Custom Scan paste this in


    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys 180

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
  • You may need two posts to fit them both in.

  • 0

#23
AtomicSG

AtomicSG

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
ComboFix 10-05-17.01 - Mike 05/22/2010 16:32:08.5.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2962 [GMT -4:00]
Running from: c:\documents and settings\Mike\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((( Files Created from 2010-04-22 to 2010-05-22 )))))))))))))))))))))))))))))))
.

2010-05-21 02:18 . 2010-05-21 02:26 -------- d-----w- c:\windows\maxdriver
2010-05-20 04:15 . 2010-05-20 04:15 -------- d-----w- c:\program files\ESET
2010-05-16 22:34 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-16 22:33 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-16 22:33 . 2010-05-16 22:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-16 22:33 . 2010-05-16 22:33 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-05-16 22:32 . 2010-05-16 22:32 -------- d-sh--w- c:\documents and settings\Mike\IECompatCache
2010-05-16 22:30 . 2010-05-16 22:30 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-05-16 22:28 . 2010-05-16 22:28 -------- d-sh--w- c:\documents and settings\Mike\IETldCache
2010-05-16 22:22 . 2010-02-25 06:24 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-05-16 22:22 . 2010-02-25 06:24 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-05-16 22:22 . 2010-05-20 07:01 -------- d-----w- c:\windows\ie8updates
2010-05-16 22:21 . 2010-02-16 04:50 64000 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-05-16 22:19 . 2010-05-16 22:21 -------- dc-h--w- c:\windows\ie8
2010-05-15 20:06 . 2010-05-15 20:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-05-06 01:04 . 2010-05-13 18:29 -------- d-----w- c:\program files\StarCraft II Beta
2010-05-06 01:04 . 2010-05-06 01:08 -------- d-----w- c:\documents and settings\Mike\Local Settings\Application Data\Blizzard Entertainment
2010-05-06 01:04 . 2010-05-06 01:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2010-05-05 15:04 . 2010-05-05 15:04 153344 ----a-w- c:\windows\system32\drivers\DMIO.SYS
2010-05-05 14:51 . 2010-05-05 14:52 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-05-05 14:19 . 2010-05-05 14:19 -------- d-----w- c:\windows\system32\wbem\Repository
2010-05-04 22:36 . 2010-05-04 22:36 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-05-04 22:02 . 2010-05-05 14:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-05-04 21:58 . 2009-12-14 21:52 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
2010-05-03 04:15 . 2010-05-03 04:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard
2010-05-03 03:14 . 2010-05-06 16:14 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-22 20:16 . 2010-02-03 00:31 -------- d-----w- c:\program files\Steam
2010-05-20 03:34 . 2010-03-30 07:21 -------- d-----w- c:\program files\EVGA Precision
2010-05-19 20:02 . 2003-11-08 12:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2010-05-16 07:46 . 2009-12-07 05:05 -------- d-----w- c:\documents and settings\Mike\Application Data\MSN6
2010-05-15 20:09 . 2008-02-23 02:41 -------- d-----w- c:\program files\Alwil Software
2010-05-14 18:15 . 2008-02-24 21:15 -------- d-----w- c:\program files\Warcraft III
2010-05-14 06:32 . 2008-02-23 21:32 -------- d-----w- c:\program files\Starcraft
2010-05-11 20:45 . 2008-03-11 00:40 -------- d-----w- c:\documents and settings\Mike\Application Data\OpenOffice.org2
2010-05-11 18:52 . 2008-04-04 22:53 1 ----a-w- c:\documents and settings\Mike\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2010-05-06 20:59 . 2008-02-23 02:41 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-06 20:59 . 2008-02-23 02:41 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-06 20:39 . 2008-02-23 02:41 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-06 20:39 . 2008-04-01 03:31 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-06 20:34 . 2008-02-23 02:41 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-06 20:33 . 2008-02-23 02:41 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-06 20:33 . 2008-02-23 02:41 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-06 20:33 . 2008-04-01 03:31 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-06 20:33 . 2008-02-23 02:41 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-06 14:36 . 2009-10-02 23:51 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-05 14:18 . 2008-02-23 08:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-05-05 14:18 . 2008-02-23 08:43 -------- d-----w- c:\program files\Yahoo!
2010-05-04 22:03 . 2009-06-02 04:07 -------- d-----w- c:\documents and settings\Mike\Application Data\Yahoo!
2010-05-03 03:58 . 2008-02-23 02:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-03 03:58 . 2010-02-10 05:24 -------- d-----w- c:\program files\BaldursGateTutu
2010-04-25 20:25 . 2010-01-12 06:02 -------- d-----w- c:\program files\iCall
2010-04-18 20:24 . 2010-04-18 20:24 -------- d-----w- c:\documents and settings\Mike\Application Data\NeroDCTemplates
2010-04-18 19:39 . 2008-02-23 21:39 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-04-11 21:50 . 2008-06-01 04:19 138664 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-04-11 21:49 . 2008-06-01 04:19 214864 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-04-08 00:22 . 2008-02-23 02:56 -------- d-----w- c:\program files\NVIDIA Corporation
2010-04-08 00:21 . 2010-01-27 01:46 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-08 00:21 . 2009-07-25 15:15 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-04-06 07:34 . 2008-02-24 09:50 -------- d-----w- c:\program files\Electronic Arts
2010-04-06 07:24 . 2009-03-25 08:51 -------- d-----w- c:\program files\Common Files\EasyInfo
2010-04-01 19:02 . 2010-04-01 19:02 -------- d-----w- c:\documents and settings\Mike\Application Data\NeroDigital™
2010-04-01 18:48 . 2010-04-01 18:48 -------- d-----w- c:\documents and settings\Mike\Application Data\RadLight Company
2010-04-01 18:48 . 2010-04-01 18:48 -------- d-----w- c:\program files\RadLight Company
2010-04-01 18:41 . 2010-04-01 18:41 -------- d-----w- c:\program files\DivXCodec
2010-04-01 18:27 . 2008-10-03 23:40 -------- d-----w- c:\documents and settings\Mike\Application Data\uTorrent
2010-03-31 20:55 . 2010-03-31 20:55 200 ----a-w- c:\windows\QCPC80UI.dat
2010-03-24 22:17 . 2010-03-24 22:17 -------- d-----w- c:\program files\Atari
2010-03-24 20:43 . 2010-03-24 19:30 -------- d-----w- c:\program files\NCH Software
2010-03-24 20:42 . 2010-03-24 20:42 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software
2010-03-24 20:30 . 2008-02-23 03:54 -------- d-----w- c:\program files\Windows Media Connect 2
2010-03-19 06:24 . 2008-02-23 02:51 31952 ----a-w- c:\documents and settings\Mike\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-16 06:51 . 2008-02-23 03:17 600680 ----a-w- c:\windows\system32\nvudisp.exe
2010-03-12 15:26 . 2008-02-23 02:55 600680 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-03-11 04:24 . 2008-02-24 21:16 80053 ----a-w- c:\windows\War3Unin.dat
2010-03-10 06:15 . 2003-11-08 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-01 08:37 . 2010-03-01 08:37 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-03-01 08:37 . 2008-02-23 02:56 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-02-25 06:24 . 2003-11-08 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2003-11-08 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.

((((((((((((((((((((((((((((( [email protected]_00.28.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-22 20:30 . 2010-05-22 20:30 16384 c:\windows\temp\Perflib_Perfdata_264.dat
+ 2003-11-08 12:00 . 2010-05-22 20:35 71264 c:\windows\system32\perfc009.dat
- 2003-11-08 12:00 . 2010-05-20 00:17 71264 c:\windows\system32\perfc009.dat
+ 2006-09-29 03:00 . 2006-09-29 03:00 82944 c:\windows\maxdriver\WudfRd.sys
+ 2006-09-29 02:55 . 2006-09-29 02:55 77568 c:\windows\maxdriver\WudfPf.sys
+ 2008-02-23 03:53 . 2008-04-13 18:46 19200 c:\windows\maxdriver\wstcodec.sys
+ 2003-11-08 12:00 . 2003-11-08 12:00 12032 c:\windows\maxdriver\ws2ifsl.sys
+ 2006-10-19 04:00 . 2006-10-19 04:00 38528 c:\windows\maxdriver\wpdusb.sys
+ 2008-02-23 08:52 . 2009-01-13 23:13 49160 c:\windows\maxdriver\WmXlCore.sys
+ 2008-02-23 08:52 . 2009-01-13 23:13 14728 c:\windows\maxdriver\WmVirHid.sys
+ 2008-02-23 08:52 . 2009-01-13 23:13 29192 c:\windows\maxdriver\WmFilter.sys
+ 2008-02-23 08:52 . 2009-01-13 23:13 19336 c:\windows\maxdriver\WmBEnum.sys
+ 2008-02-23 02:56 . 2008-04-13 19:17 83072 c:\windows\maxdriver\wdmaud.sys
+ 2008-02-23 02:46 . 2004-08-04 06:29 25471 c:\windows\maxdriver\watv10nt.sys
+ 2008-02-23 02:46 . 2004-08-04 06:29 22271 c:\windows\maxdriver\watv06nt.sys
+ 2003-11-08 12:00 . 2008-04-13 18:57 34560 c:\windows\maxdriver\wanarp.sys
+ 2008-02-23 02:46 . 2004-08-04 06:29 11935 c:\windows\maxdriver\wadv11nt.sys
+ 2008-02-23 02:46 . 2004-08-04 06:29 11871 c:\windows\maxdriver\wadv09nt.sys
+ 2008-02-23 02:46 . 2004-08-04 06:29 11295 c:\windows\maxdriver\wadv08nt.sys
+ 2008-02-23 02:46 . 2004-08-04 06:29 11807 c:\windows\maxdriver\wadv07nt.sys
+ 2008-02-23 02:46 . 2008-04-13 18:43 14208 c:\windows\maxdriver\wacompen.sys
+ 2003-11-08 12:00 . 2008-04-13 18:41 52352 c:\windows\maxdriver\volsnap.sys
+ 2003-11-08 12:00 . 2008-04-13 18:44 81664 c:\windows\maxdriver\videoprt.sys
+ 2008-02-23 02:46 . 2008-04-13 18:36 42240 c:\windows\maxdriver\viaagp.sys
+ 2003-11-08 12:00 . 2008-04-13 18:44 20992 c:\windows\maxdriver\vga.sys
+ 2001-08-17 14:02 . 2003-11-08 12:00 58112 c:\windows\maxdriver\vdmindvd.sys
+ 2008-02-23 02:40 . 2008-04-13 18:45 26368 c:\windows\maxdriver\usbstor.sys
+ 2009-04-17 03:03 . 2008-04-13 18:45 15104 c:\windows\maxdriver\usbscan.sys
+ 2003-11-08 12:00 . 2008-04-13 18:45 17152 c:\windows\maxdriver\usbohci.sys
+ 2002-08-29 01:32 . 2008-04-13 18:45 15872 c:\windows\maxdriver\usbintel.sys
+ 2003-11-08 12:00 . 2008-04-13 18:45 59520 c:\windows\maxdriver\usbhub.sys
+ 2003-11-08 12:00 . 2008-04-13 18:45 30208 c:\windows\maxdriver\usbehci.sys
+ 2003-11-08 12:00 . 2008-04-13 18:45 32128 c:\windows\maxdriver\usbccgp.sys
+ 2001-08-17 14:03 . 2008-04-13 18:45 25728 c:\windows\maxdriver\usbcamd2.sys
+ 2001-08-17 14:03 . 2008-04-13 18:45 25600 c:\windows\maxdriver\usbcamd.sys
+ 2008-06-03 22:02 . 2008-04-13 18:45 60032 c:\windows\maxdriver\usbaudio.sys
+ 2008-02-23 02:46 . 2008-04-13 18:56 12800 c:\windows\maxdriver\usb8023x.sys
+ 2003-11-08 12:00 . 2008-04-13 18:56 12800 c:\windows\maxdriver\usb8023.sys
+ 2003-11-08 12:00 . 2008-04-13 18:32 66048 c:\windows\maxdriver\udfs.sys
+ 2008-02-23 02:46 . 2008-04-13 18:36 44672 c:\windows\maxdriver\uagp35.sys
+ 2002-08-29 01:35 . 2008-04-13 18:56 12288 c:\windows\maxdriver\tunmp.sys
+ 2001-08-17 14:06 . 2003-11-08 12:00 21376 c:\windows\maxdriver\tsbvcap.sys
+ 2001-08-17 14:01 . 2003-11-08 12:00 51712 c:\windows\maxdriver\tosdvd.sys
+ 2008-02-23 02:31 . 2008-04-14 00:13 40840 c:\windows\maxdriver\termdd.sys
+ 2008-02-23 02:32 . 2008-04-14 00:13 21896 c:\windows\maxdriver\tdtcp.sys
+ 2008-02-23 02:32 . 2008-04-14 00:13 12040 c:\windows\maxdriver\tdpipe.sys
+ 2003-11-08 12:00 . 2008-04-13 19:00 19072 c:\windows\maxdriver\tdi.sys
+ 2003-11-08 12:00 . 2008-04-13 18:40 14976 c:\windows\maxdriver\tape.sys
+ 2008-02-23 02:56 . 2008-04-13 19:15 60800 c:\windows\maxdriver\sysaudio.sys
+ 2008-02-23 02:56 . 2008-04-13 18:45 56576 c:\windows\maxdriver\swmidi.sys
+ 2008-02-23 03:53 . 2008-04-13 18:46 15232 c:\windows\maxdriver\streamip.sys
+ 2002-08-29 01:32 . 2008-04-13 19:45 49408 c:\windows\maxdriver\stream.sys
+ 2008-02-23 02:33 . 2008-04-13 18:36 73472 c:\windows\maxdriver\sr.sys
+ 2008-02-23 08:13 . 2006-10-30 21:46 38739 c:\windows\maxdriver\sonyhcc.sys
+ 2002-08-29 01:33 . 2008-04-13 18:46 25344 c:\windows\maxdriver\sonydcam.sys
+ 2003-11-08 12:00 . 2003-11-08 12:00 14592 c:\windows\maxdriver\smclib.sys
+ 2008-02-23 02:46 . 2004-08-04 06:41 13240 c:\windows\maxdriver\slwdmsup.sys
+ 2008-02-23 02:46 . 2004-08-04 06:41 95424 c:\windows\maxdriver\slnthal.sys
+ 2008-02-23 03:53 . 2008-04-13 18:46 11136 c:\windows\maxdriver\slip.sys
+ 2008-02-23 02:46 . 2008-04-13 18:36 40960 c:\windows\maxdriver\sisagp.sys
+ 2003-11-08 12:00 . 2008-04-13 18:40 11392 c:\windows\maxdriver\sfloppy.sys
+ 2008-02-23 02:46 . 2008-04-13 18:40 11008 c:\windows\maxdriver\sffp_sd.sys
+ 2008-07-16 06:07 . 2008-04-13 18:40 10240 c:\windows\maxdriver\sffp_mmc.sys
+ 2008-02-23 02:46 . 2008-04-13 18:40 11904 c:\windows\maxdriver\sffdisk.sys
+ 2003-11-08 12:00 . 2008-04-13 19:15 64512 c:\windows\maxdriver\serial.sys
+ 2003-11-08 12:00 . 2008-04-13 18:40 15744 c:\windows\maxdriver\serenum.sys
+ 2010-05-21 02:26 . 2002-09-18 10:38 82944 c:\windows\maxdriver\sed.exe
+ 2003-11-08 12:00 . 2007-11-13 10:25 20480 c:\windows\maxdriver\secdrv.sys
+ 2008-02-23 02:46 . 2008-04-13 18:36 79232 c:\windows\maxdriver\sdbus.sys
+ 2003-11-08 12:00 . 2008-04-13 18:40 96384 c:\windows\maxdriver\scsiport.sys
+ 2009-04-06 18:19 . 2009-04-06 18:19 23064 c:\windows\maxdriver\ScreamingBAudio.sys
+ 2008-02-23 02:46 . 2008-04-13 18:56 30592 c:\windows\maxdriver\rndismpx.sys
+ 2003-11-08 12:00 . 2008-04-13 18:56 30592 c:\windows\maxdriver\rndismp.sys
+ 2001-08-17 13:24 . 2003-11-08 12:00 12032 c:\windows\maxdriver\riodrv.sys
+ 2001-08-17 13:24 . 2003-11-08 12:00 12032 c:\windows\maxdriver\rio8drv.sys
+ 2008-02-23 02:46 . 2008-04-13 18:46 59136 c:\windows\maxdriver\rfcomm.sys
+ 2008-02-22 18:26 . 2008-04-13 18:40 57600 c:\windows\maxdriver\redbook.sys
+ 2008-02-23 02:46 . 2004-08-04 06:41 13776 c:\windows\maxdriver\recagent.sys
+ 2003-11-08 12:00 . 2003-11-08 12:00 34432 c:\windows\maxdriver\rawwan.sys
+ 2003-11-08 12:00 . 2003-11-08 12:00 16512 c:\windows\maxdriver\raspti.sys
+ 2003-11-08 12:00 . 2008-04-13 19:19 48384 c:\windows\maxdriver\raspptp.sys
+ 2003-11-08 12:00 . 2008-04-13 18:57 41472 c:\windows\maxdriver\raspppoe.sys
+ 2003-11-08 12:00 . 2008-04-13 19:19 51328 c:\windows\maxdriver\rasl2tp.sys
+ 2008-02-23 08:12 . 2006-11-03 00:57 36624 c:\windows\maxdriver\pxhelp20.sys
+ 2003-11-08 12:00 . 2003-11-08 12:00 17792 c:\windows\maxdriver\ptilink.sys
+ 2003-11-08 12:00 . 2008-04-13 18:56 69120 c:\windows\maxdriver\psched.sys
+ 2002-08-29 01:05 . 2008-04-13 18:31 35840 c:\windows\maxdriver\processr.sys
+ 2008-02-23 16:18 . 2001-08-17 22:07 19840 c:\windows\maxdriver\PhilTune.sys
+ 2004-04-02 00:30 . 2004-04-02 00:30 10368 c:\windows\maxdriver\pfc.sys
+ 2003-11-08 12:00 . 2008-04-13 18:40 24960 c:\windows\maxdriver\pciidex.sys
+ 2003-11-08 12:00 . 2008-04-13 18:36 68224 c:\windows\maxdriver\pci.sys
+ 2003-11-08 12:00 . 2008-04-13 18:40 19712 c:\windows\maxdriver\partmgr.sys
+ 2002-08-29 01:27 . 2008-04-13 18:40 80128 c:\windows\maxdriver\parport.sys
+ 2002-08-29 01:05 . 2008-04-13 18:31 42752 c:\windows\maxdriver\p3.sys
+ 2003-11-08 12:00 . 2008-04-13 18:46 61696 c:\windows\maxdriver\ohci1394.sys
+ 2003-11-08 12:00 . 2003-11-08 12:00 55936 c:\windows\maxdriver\nwlnkspx.sys
+ 2003-11-08 12:00 . 2003-11-08 12:00 63232 c:\windows\maxdriver\nwlnknb.sys
+ 2003-11-08 12:00 . 2008-04-13 18:56 88320 c:\windows\maxdriver\nwlnkipx.sys
+ 2003-11-08 12:00 . 2003-11-08 12:00 32512 c:\windows\maxdriver\nwlnkfwd.sys
+ 2003-11-08 12:00 . 2003-11-08 12:00 12416 c:\windows\maxdriver\nwlnkflt.sys
+ 2009-09-04 09:42 . 2008-08-24 19:22 14208 c:\windows\maxdriver\nvsmu.sys
+ 2009-09-09 20:35 . 2008-08-01 03:36 22016 c:\windows\maxdriver\nvnetbus.sys
+ 2009-09-04 09:35 . 2009-08-22 00:24 57248 c:\windows\maxdriver\nvhda32.sys
+ 2009-09-09 20:35 . 2008-08-01 03:36 54784 c:\windows\maxdriver\NVENETFD.sys
+ 2008-02-23 02:56 . 2005-07-26 10:58 53376 c:\windows\maxdriver\nvax.sys
+ 2008-02-23 02:56 . 2005-01-20 00:45 88960 c:\windows\maxdriver\nvatabus.sys
+ 2008-02-23 02:56 . 2005-07-26 11:02 66688 c:\windows\maxdriver\nvarm.sys
+ 2003-11-08 12:00 . 2008-04-13 18:32 30848 c:\windows\maxdriver\npfs.sys
+ 2003-11-08 12:00 . 2008-04-13 18:53 40320 c:\windows\maxdriver\nmnt.sys
+ 2001-08-17 13:24 . 2003-11-08 12:00 12032 c:\windows\maxdriver\nikedrv.sys
+ 2002-08-29 01:33 . 2008-04-13 18:51 61824 c:\windows\maxdriver\nic1394.sys
+ 2003-11-08 12:00 . 2008-04-13 18:56 34688 c:\windows\maxdriver\netbios.sys
+ 2003-11-08 12:00 . 2008-04-13 18:57 40576 c:\windows\maxdriver\ndproxy.sys
+ 2003-11-08 12:00 . 2008-04-13 19:20 91520 c:\windows\maxdriver\ndiswan.sys
+ 2002-08-29 01:35 . 2008-04-13 18:55 14592 c:\windows\maxdriver\ndisuio.sys
+ 2003-11-08 12:00 . 2008-04-13 18:57 10112 c:\windows\maxdriver\ndistapi.sys
+ 2008-02-23 03:53 . 2008-04-13 18:46 10880 c:\windows\maxdriver\ndisip.sys
+ 2008-02-23 03:53 . 2008-04-13 18:46 85248 c:\windows\maxdriver\nabtsfec.sys
+ 2008-02-23 02:46 . 2008-04-13 18:43 12672 c:\windows\maxdriver\mutohpen.sys
+ 2008-02-23 02:46 . 2008-04-13 18:36 15488 c:\windows\maxdriver\mssmbios.sys
+ 2003-11-08 12:00 . 2008-04-13 18:56 35072 c:\windows\maxdriver\msgpc.sys
+ 2003-11-08 12:00 . 2008-04-13 18:32 19072 c:\windows\maxdriver\msfs.sys
+ 2009-05-08 03:06 . 2008-04-13 18:46 51200 c:\windows\maxdriver\msdv.sys
+ 2003-11-08 12:00 . 2008-04-13 18:39 92544 c:\windows\maxdriver\mqac.sys
+ 2008-02-23 16:18 . 2008-04-13 18:46 15232 c:\windows\maxdriver\mpe.sys
+ 2003-11-08 12:00 . 2008-04-13 18:39 42368 c:\windows\maxdriver\mountmgr.sys
+ 2001-08-17 13:48 . 2003-11-08 12:00 12160 c:\windows\maxdriver\mouhid.sys
+ 2002-08-29 01:27 . 2008-04-13 18:39 23040 c:\windows\maxdriver\mouclass.sys
+ 2001-08-17 13:57 . 2008-04-13 19:00 30080 c:\windows\maxdriver\modem.sys
+ 2001-08-17 13:58 . 2008-04-13 18:36 63744 c:\windows\maxdriver\mf.sys
+ 2008-02-23 02:46 . 2004-08-04 06:41 11868 c:\windows\maxdriver\mdmxsdk.sys
+ 2010-05-16 22:34 . 2010-04-29 19:39 38224 c:\windows\maxdriver\mbamswissarmy.sys
+ 2010-05-16 22:33 . 2010-04-29 19:39 20952 c:\windows\maxdriver\mbam.sys
+ 2003-11-08 12:00 . 2009-06-24 11:18 92928 c:\windows\maxdriver\ksecdd.sys
+ 2003-11-08 12:00 . 2008-04-13 18:39 14592 c:\windows\maxdriver\kbdhid.sys
+ 2003-11-08 12:00 . 2008-04-13 18:39 24576 c:\windows\maxdriver\kbdclass.sys
+ 2003-11-08 12:00 . 2008-04-13 18:36 37248 c:\windows\maxdriver\isapnp.sys
+ 2008-02-22 18:24 . 2008-04-13 18:54 11264 c:\windows\maxdriver\irenum.sys
+ 2008-02-23 02:46 . 2008-04-13 18:45 46592 c:\windows\maxdriver\irbus.sys
+ 2003-11-08 12:00 . 2008-04-13 19:19 75264 c:\windows\maxdriver\ipsec.sys
+ 2003-11-08 12:00 . 2008-04-13 18:57 20864 c:\windows\maxdriver\ipinip.sys
+ 2003-11-08 12:00 . 2003-11-08 12:00 32896 c:\windows\maxdriver\ipfltdrv.sys
+ 2008-02-23 02:46 . 2008-04-13 18:53 36608 c:\windows\maxdriver\ip6fw.sys
+ 2008-02-23 02:46 . 2008-04-13 18:31 36352 c:\windows\maxdriver\intelppm.sys
+ 2003-11-08 12:00 . 2008-04-13 18:40 42112 c:\windows\maxdriver\imapi.sys
+ 2008-02-22 18:26 . 2008-04-13 19:18 52480 c:\windows\maxdriver\i8042prt.sys
+ 2003-11-08 12:00 . 2008-04-13 18:45 10368 c:\windows\maxdriver\hidusb.sys
+ 2003-11-08 12:00 . 2008-04-13 18:45 24960 c:\windows\maxdriver\hidparse.sys
+ 2008-02-23 02:46 . 2008-04-13 18:45 19200 c:\windows\maxdriver\hidir.sys
+ 2003-11-08 12:00 . 2008-04-13 18:45 36864 c:\windows\maxdriver\hidclass.sys
+ 2008-02-23 02:46 . 2008-04-13 18:46 25600 c:\windows\maxdriver\hidbth.sys
+ 2008-07-18 03:27 . 2008-07-18 03:27 25280 c:\windows\maxdriver\hamachi.sys
+ 2008-02-23 08:02 . 2009-04-18 00:48 18304 c:\windows\maxdriver\grmngen.sys
+ 2008-02-23 08:02 . 2006-07-11 19:50 11776 c:\windows\maxdriver\grmn1200.sys
+ 2008-02-23 08:02 . 2006-07-14 22:12 16512 c:\windows\maxdriver\grmn0400.sys
+ 2008-02-23 08:02 . 2006-07-14 22:10 17536 c:\windows\maxdriver\grmn0200.sys
+ 2008-02-23 02:46 . 2008-04-13 18:36 46464 c:\windows\maxdriver\gagp30kx.sys
+ 2001-08-17 13:57 . 2003-11-08 12:00 12160 c:\windows\maxdriver\fsvga.sys
+ 2003-11-08 12:00 . 2008-04-13 18:40 20480 c:\windows\maxdriver\flpydisk.sys
+ 2003-11-08 12:00 . 2008-04-13 18:33 44544 c:\windows\maxdriver\fips.sys
+ 2003-11-08 12:00 . 2008-04-13 18:40 27392 c:\windows\maxdriver\fdc.sys
+ 2003-11-08 12:00 . 2008-04-13 18:38 71168 c:\windows\maxdriver\dxg.sys
+ 2003-11-08 12:00 . 2003-11-08 12:00 10496 c:\windows\maxdriver\dxapi.sys
+ 2008-02-23 02:56 . 2008-04-13 19:45 60160 c:\windows\maxdriver\drmk.sys
+ 2008-02-23 02:56 . 2008-04-13 18:45 52864 c:\windows\maxdriver\dmusic.sys
+ 2003-11-08 12:00 . 2008-04-13 18:40 14208 c:\windows\maxdriver\diskdump.sys
+ 2003-11-08 12:00 . 2008-04-13 18:40 36352 c:\windows\maxdriver\disk.sys
+ 2002-08-29 01:05 . 2008-04-13 18:31 36736 c:\windows\maxdriver\crusoe.sys
+ 2001-08-17 13:24 . 2003-11-08 12:00 11776 c:\windows\maxdriver\cpqdap01.sys
+ 2003-11-08 12:00 . 2008-04-13 19:16 49536 c:\windows\maxdriver\classpnp.sys
+ 2003-11-08 12:00 . 2008-04-13 18:40 62976 c:\windows\maxdriver\cdrom.sys
+ 2003-11-08 12:00 . 2008-04-13 19:14 63744 c:\windows\maxdriver\cdfs.sys
+ 2001-08-17 13:52 . 2003-11-08 12:00 18688 c:\windows\maxdriver\cdaudio.sys
+ 2008-02-23 03:53 . 2008-04-13 18:46 17024 c:\windows\maxdriver\ccdecode.sys
+ 2003-11-08 12:00 . 2003-11-08 12:00 13952 c:\windows\maxdriver\cbidf2k.sys
+ 2008-02-23 02:46 . 2008-04-13 18:46 18944 c:\windows\maxdriver\bthusb.sys
+ 2008-02-23 02:46 . 2008-04-13 18:46 36480 c:\windows\maxdriver\bthprint.sys
+ 2008-02-23 02:46 . 2008-04-13 18:46 37888 c:\windows\maxdriver\bthmodem.sys
+ 2008-02-23 02:46 . 2008-04-13 18:46 17024 c:\windows\maxdriver\bthenum.sys
+ 2003-11-08 12:00 . 2008-04-13 18:53 71552 c:\windows\maxdriver\bridge.sys
+ 2008-02-23 16:18 . 2008-04-13 18:46 11776 c:\windows\maxdriver\bdasup.sys
+ 2008-02-23 05:20 . 2005-02-02 02:18 17992 c:\windows\maxdriver\bcm42rly.sys
+ 2009-05-08 03:06 . 2008-04-13 18:46 38912 c:\windows\maxdriver\avc.sys
+ 2003-11-08 12:00 . 2008-04-13 18:51 55808 c:\windows\maxdriver\atmlane.sys
+ 2003-11-08 12:00 . 2003-11-08 12:00 31360 c:\windows\maxdriver\atmepvc.sys
+ 2003-11-08 12:00 . 2008-04-13 18:51 59904 c:\windows\maxdriver\atmarpc.sys
+ 2008-02-23 02:46 . 2004-08-04 06:29 63488 c:\windows\maxdriver\atinxsxx.sys
+ 2008-02-23 02:46 . 2004-08-04 06:29 31744 c:\windows\maxdriver\atinxbxx.sys
+ 2008-02-23 02:46 . 2004-08-04 06:29 73216 c:\windows\maxdriver\atintuxx.sys
+ 2008-02-23 02:46 . 2004-08-04 06:29 13824 c:\windows\maxdriver\atinttxx.sys
+ 2008-02-23 02:46 . 2004-08-04 06:29 28672 c:\windows\maxdriver\atinsnxx.sys
+ 2008-02-23 02:46 . 2004-08-04 06:29 52224 c:\windows\maxdriver\atinraxx.sys
+ 2008-02-23 02:46 . 2004-08-04 06:29 14336 c:\windows\maxdriver\atinpdxx.sys
+ 2008-02-23 02:46 . 2004-08-04 06:29 13824 c:\windows\maxdriver\atinmdxx.sys
+ 2008-02-23 02:46 . 2004-08-04 06:29 57856 c:\windows\maxdriver\atinbtxx.sys
+ 2008-02-23 02:46 . 2004-08-04 06:29 34735 c:\windows\maxdriver\ati1xsxx.sys
+ 2008-02-23 02:46 . 2004-08-04 06:29 29455 c:\windows\maxdriver\ati1xbxx.sys
+ 2008-02-23 02:46 . 2004-08-04 06:29 36463 c:\windows\maxdriver\ati1tuxx.sys
+ 2008-02-23 02:46 . 2004-08-04 06:29 21343 c:\windows\maxdriver\ati1ttxx.sys
+ 2008-02-23 02:46 . 2004-08-04 06:29 26367 c:\windows\maxdriver\ati1snxx.sys
+ 2008-02-23 02:46 . 2004-08-04 06:29 63663 c:\windows\maxdriver\ati1rvxx.sys
+ 2008-02-23 02:46 . 2004-08-04 06:29 30671 c:\windows\maxdriver\ati1raxx.sys
+ 2008-02-23 02:46 . 2004-08-04 06:29 12047 c:\windows\maxdriver\ati1pdxx.sys
+ 2008-02-23 02:46 . 2004-08-04 06:29 11615 c:\windows\maxdriver\ati1mdxx.sys
+ 2008-02-23 02:46 . 2004-08-04 06:29 56623 c:\windows\maxdriver\ati1btxx.sys
+ 2003-11-08 12:00 . 2008-04-13 18:40 96512 c:\windows\maxdriver\atapi.sys
+ 2003-11-08 12:00 . 2008-04-13 18:57 14336 c:\windows\maxdriver\asyncmac.sys
+ 2008-02-23 02:41 . 2010-05-06 20:39 46672 c:\windows\maxdriver\aswTdi.sys
+ 2008-02-23 02:41 . 2010-05-06 20:34 23376 c:\windows\maxdriver\aswRdr.sys
+ 2008-02-23 02:41 . 2010-05-06 20:33 94800 c:\windows\maxdriver\aswmon.sys
+ 2008-04-01 03:31 . 2010-05-06 20:33 19024 c:\windows\maxdriver\aswFsBlk.sys
+ 2009-09-04 09:27 . 2007-12-28 07:22 10296 c:\windows\maxdriver\ASUSHWIO.SYS
+ 2009-09-09 20:02 . 2007-12-17 09:14 12400 c:\windows\maxdriver\AsIO.sys
+ 2009-09-09 20:02 . 2008-01-04 17:34 11832 c:\windows\maxdriver\AsInsHelp64.sys
+ 2009-09-09 20:02 . 2008-01-04 17:34 10216 c:\windows\maxdriver\AsInsHelp32.sys
+ 2002-08-29 01:33 . 2008-04-13 18:51 60800 c:\windows\maxdriver\arp1394.sys
+ 2009-09-09 20:00 . 2007-04-16 20:46 33792 c:\windows\maxdriver\AmdPPM.sys
+ 2008-02-23 03:00 . 2004-08-12 00:30 39424 c:\windows\maxdriver\AmdK8.sys
+ 2002-08-29 01:05 . 2008-04-13 18:31 37760 c:\windows\maxdriver\amdk7.sys
+ 2002-08-29 01:05 . 2008-04-13 18:31 37376 c:\windows\maxdriver\amdk6.sys
+ 2008-02-23 02:46 . 2008-04-13 18:36 43008 c:\windows\maxdriver\amdagp.sys
+ 2008-02-23 02:46 . 2008-04-13 18:36 42752 c:\windows\maxdriver\alim1541.sys
+ 2008-02-23 02:46 . 2008-04-13 18:36 44928 c:\windows\maxdriver\agpcpq.sys
+ 2008-02-23 02:46 . 2008-04-13 18:36 42368 c:\windows\maxdriver\agp440.sys
+ 2008-02-23 05:20 . 2008-02-23 05:20 20747 c:\windows\maxdriver\AegisP.sys
+ 2003-11-08 12:00 . 2003-11-08 12:00 11648 c:\windows\maxdriver\acpiec.sys
+ 2008-02-23 02:41 . 2010-05-06 20:33 28880 c:\windows\maxdriver\aavmker4.sys
+ 2009-05-08 03:06 . 2008-04-13 18:46 48128 c:\windows\maxdriver\61883.sys
+ 2003-11-08 12:00 . 2008-04-13 18:46 53376 c:\windows\maxdriver\1394bus.sys
+ 2010-05-17 06:42 . 2010-05-20 08:09 4766 c:\windows\SoftwareDistribution\EventCache\{E0D132E5-6600-4BED-BA2C-00C73FF7430B}.bin
+ 2003-11-08 12:00 . 2003-11-08 12:00 4352 c:\windows\maxdriver\wmilib.sys
+ 2009-09-04 09:17 . 2008-04-13 18:36 8832 c:\windows\maxdriver\wmiacpi.sys
+ 2003-11-08 12:00 . 2003-11-08 12:00 4736 c:\windows\maxdriver\usbd.sys
+ 2001-08-17 13:48 . 2008-04-13 18:39 4352 c:\windows\maxdriver\swenum.sys
+ 2008-02-23 02:56 . 2008-04-13 18:45 6272 c:\windows\maxdriver\splitter.sys
+ 2008-02-23 08:13 . 2006-10-30 21:46 6097 c:\windows\maxdriver\sonyhcb.sys
+ 2008-02-23 02:46 . 2008-04-13 18:36 5888 c:\windows\maxdriver\smbali.sys
+ 2003-11-08 12:00 . 2003-11-08 12:00 5888 c:\windows\maxdriver\rootmdm.sys
+ 2003-11-08 12:00 . 2003-11-08 12:00 4224 c:\windows\maxdriver\rdpcdd.sys
+ 2003-11-08 12:00 . 2003-11-08 12:00 8832 c:\windows\maxdriver\rasacd.sys
+ 2003-11-08 12:00 . 2003-11-08 12:00 3328 c:\windows\maxdriver\pciide.sys
+ 2003-11-08 12:00 . 2003-11-08 12:00 6784 c:\windows\maxdriver\parvdm.sys
+ 2003-11-08 12:00 . 2003-11-08 12:00 3456 c:\windows\maxdriver\oprghdlr.sys
+ 2003-11-08 12:00 . 2003-11-08 12:00 2944 c:\windows\maxdriver\null.sys
+ 2008-02-23 03:53 . 2008-04-13 18:39 5504 c:\windows\maxdriver\mstee.sys
+ 2008-02-23 02:56 . 2008-04-13 18:39 4992 c:\windows\maxdriver\mspqm.sys
+ 2008-02-23 02:56 . 2008-04-13 18:39 5376 c:\windows\maxdriver\mspclock.sys
+ 2008-02-23 02:56 . 2008-04-13 18:39 7552 c:\windows\maxdriver\mskssrv.sys
+ 2003-11-08 12:00 . 2003-11-08 12:00 4224 c:\windows\maxdriver\mnmdd.sys
+ 2003-11-08 12:00 . 2003-11-08 12:00 7680 c:\windows\maxdriver\mcd.sys
+ 2008-02-23 08:02 . 2009-04-18 00:48 9344 c:\windows\maxdriver\grmnusb.sys
+ 2003-11-08 12:00 . 2003-11-08 12:00 7936 c:\windows\maxdriver\fs_rec.sys
+ 2010-03-19 05:46 . 2003-10-10 10:06 4134 c:\windows\maxdriver\FlyPCI.sys
+ 2008-02-22 18:26 . 2001-08-17 13:46 6400 c:\windows\maxdriver\enum1394.sys
+ 2003-11-08 12:00 . 2003-11-08 12:00 3328 c:\windows\maxdriver\dxgthk.sys
+ 2008-02-23 02:56 . 2008-04-13 18:45 2944 c:\windows\maxdriver\drmkaud.sys
+ 2003-11-08 12:00 . 2003-11-08 12:00 5888 c:\windows\maxdriver\dmload.sys
+ 2008-02-23 08:12 . 2006-08-29 05:48 2560 c:\windows\maxdriver\cdralw2k.sys
+ 2008-02-23 08:12 . 2006-08-29 05:48 2432 c:\windows\maxdriver\cdr4_xp.sys
+ 2003-11-08 12:00 . 2003-11-08 12:00 4224 c:\windows\maxdriver\beep.sys
+ 2008-02-22 18:27 . 2001-08-17 13:59 3072 c:\windows\maxdriver\audstub.sys
+ 2009-09-04 09:28 . 2004-08-12 10:56 5810 c:\windows\maxdriver\ASACPI.sys
+ 2003-11-08 12:00 . 2010-05-22 20:35 441454 c:\windows\system32\perfh009.dat
- 2003-11-08 12:00 . 2010-05-20 00:17 441454 c:\windows\system32\perfh009.dat
+ 2003-11-08 12:00 . 2009-12-09 05:53 726528 c:\windows\system32\jscript.dll
- 2003-11-08 12:00 . 2009-03-08 08:33 726528 c:\windows\system32\jscript.dll
+ 2008-05-09 10:53 . 2010-03-10 06:15 420352 c:\windows\system32\dllcache\vbscript.dll
- 2008-05-09 10:53 . 2009-03-08 08:33 420352 c:\windows\system32\dllcache\vbscript.dll
+ 2008-05-09 10:53 . 2009-12-09 05:53 726528 c:\windows\system32\dllcache\jscript.dll
- 2008-05-09 10:53 . 2009-03-08 08:33 726528 c:\windows\system32\dllcache\jscript.dll
+ 2008-02-23 02:46 . 2008-04-13 18:46 121984 c:\windows\maxdriver\usbvideo.sys
+ 2003-11-08 12:00 . 2008-04-13 18:45 143872 c:\windows\maxdriver\usbport.sys
+ 2003-11-08 12:00 . 2008-04-13 18:39 384768 c:\windows\maxdriver\update.sys
+ 2003-11-08 12:00 . 2010-02-11 12:02 226880 c:\windows\maxdriver\tcpip6.sys
+ 2003-11-08 12:00 . 2008-06-20 11:51 361600 c:\windows\maxdriver\tcpip.sys
+ 2003-11-08 12:00 . 2009-12-31 16:50 353792 c:\windows\maxdriver\srv.sys
+ 2008-02-23 21:39 . 2010-04-18 19:39 691696 c:\windows\maxdriver\sptd.sys
+ 2008-02-23 08:13 . 2006-10-30 21:46 102220 c:\windows\maxdriver\sonypvs1.sys
+ 2008-02-23 08:13 . 2006-10-30 21:46 299923 c:\windows\maxdriver\sonyhcs.sys
+ 2008-02-23 02:46 . 2004-08-04 06:41 404990 c:\windows\maxdriver\slntamr.sys
+ 2008-02-23 02:46 . 2004-08-04 06:41 129535 c:\windows\maxdriver\slnt7554.sys
+ 2005-03-15 20:00 . 2005-03-15 20:00 277504 c:\windows\maxdriver\SAA713x.sys
+ 2008-02-23 02:46 . 2004-08-04 06:29 166912 c:\windows\maxdriver\s3gnbm.sys
+ 2008-02-23 05:20 . 2005-11-25 03:51 245248 c:\windows\maxdriver\rt73.sys
+ 2003-11-08 12:00 . 2008-05-08 14:02 203136 c:\windows\maxdriver\rmcast.sys
+ 2008-02-23 02:31 . 2008-04-14 00:13 139656 c:\windows\maxdriver\rdpwd.sys
+ 2008-02-23 02:31 . 2008-04-13 18:32 196224 c:\windows\maxdriver\rdpdr.sys
+ 2003-11-08 12:00 . 2008-04-13 19:28 175744 c:\windows\maxdriver\rdbss.sys
+ 2008-02-23 02:56 . 2008-04-13 20:19 146048 c:\windows\maxdriver\portcls.sys
+ 2008-06-01 04:19 . 2010-04-11 21:50 138664 c:\windows\maxdriver\PnkBstrK.sys
+ 2003-11-08 12:00 . 2008-04-13 18:36 120192 c:\windows\maxdriver\pcmcia.sys
+ 2003-11-08 12:00 . 2008-04-13 18:34 163584 c:\windows\maxdriver\nwrdr.sys
+ 2009-09-09 20:35 . 2008-08-01 03:35 955520 c:\windows\maxdriver\nvnrm.sys
+ 2008-02-23 02:56 . 2005-07-26 11:02 923520 c:\windows\maxdriver\nvmcp.sys
+ 2008-02-23 02:56 . 2005-07-26 11:01 415360 c:\windows\maxdriver\nvapu.sys
+ 2008-02-23 02:46 . 2004-08-04 06:41 180360 c:\windows\maxdriver\ntmtlfax.sys
+ 2003-11-08 12:00 . 2008-04-13 19:15 574976 c:\windows\maxdriver\ntfs.sys
+ 2003-11-08 12:00 . 2010-05-19 20:02 162816 c:\windows\maxdriver\netbt.sys
+ 2003-11-08 12:00 . 2008-04-13 19:20 182656 c:\windows\maxdriver\ndis.sys
+ 2003-11-08 12:00 . 2008-04-13 19:17 105344 c:\windows\maxdriver\mup.sys
+ 2008-02-23 02:46 . 2004-08-04 06:29 452736 c:\windows\maxdriver\mtxparhm.sys
+ 2008-02-23 02:46 . 2004-08-04 06:41 126686 c:\windows\maxdriver\mtlmnt5.sys
+ 2003-11-08 12:00 . 2010-02-24 13:11 455680 c:\windows\maxdriver\mrxsmb.sys
+ 2003-11-08 12:00 . 2008-04-13 18:32 180608 c:\windows\maxdriver\mrxdav.sys
+ 2009-12-02 19:23 . 2009-12-02 19:23 149040 c:\windows\maxdriver\MpFilter.sys
+ 2002-08-29 02:13 . 2008-04-13 20:16 141056 c:\windows\maxdriver\ks.sys
+ 2008-02-23 02:56 . 2008-04-13 18:45 172416 c:\windows\maxdriver\kmixer.sys
+ 2003-11-08 12:00 . 2008-04-13 18:57 152832 c:\windows\maxdriver\ipnat.sys
+ 2008-02-23 02:46 . 2009-10-20 16:20 265728 c:\windows\maxdriver\http.sys
+ 2008-02-23 02:46 . 2004-08-04 06:41 685056 c:\windows\maxdriver\hsfcxts2.sys
+ 2008-02-23 02:46 . 2004-08-04 06:41 220032 c:\windows\maxdriver\hsfbs2s2.sys
+ 2008-07-16 06:06 . 2008-04-13 16:36 144384 c:\windows\maxdriver\hdaudbus.sys
+ 2003-11-08 12:00 . 2003-11-08 12:00 125056 c:\windows\maxdriver\ftdisk.sys
+ 2008-02-23 02:46 . 2008-04-13 18:32 129792 c:\windows\maxdriver\fltmgr.sys
+ 2003-11-08 12:00 . 2008-04-13 19:14 143744 c:\windows\maxdriver\fastfat.sys
+ 2010-05-05 15:04 . 2010-05-05 15:04 153344 c:\windows\maxdriver\DMIO.SYS
+ 2003-11-08 12:00 . 2008-04-13 18:44 799744 c:\windows\maxdriver\dmboot.sys
+ 2001-08-17 14:02 . 2003-11-08 12:00 262528 c:\windows\maxdriver\cinemst2.sys
+ 2008-02-23 02:46 . 2008-06-13 11:05 272128 c:\windows\maxdriver\bthport.sys
+ 2008-02-23 02:46 . 2008-04-13 18:51 101120 c:\windows\maxdriver\bthpan.sys
+ 2003-11-08 12:00 . 2003-11-08 12:00 352256 c:\windows\maxdriver\atmuni.sys
+ 2008-02-23 02:46 . 2004-08-04 06:29 104960 c:\windows\maxdriver\atinrvxx.sys
+ 2008-02-23 02:46 . 2004-08-04 06:29 701440 c:\windows\maxdriver\ati2mtag.sys
+ 2008-02-23 02:46 . 2004-08-04 06:29 327040 c:\windows\maxdriver\ati2mtaa.sys
+ 2008-04-01 03:31 . 2010-05-06 20:39 164048 c:\windows\maxdriver\aswSP.sys
+ 2008-02-23 02:41 . 2010-05-06 20:33 100432 c:\windows\maxdriver\aswmon2.sys
+ 2003-11-08 12:00 . 2008-08-14 10:04 138496 c:\windows\maxdriver\afd.sys
+ 2008-02-23 02:56 . 2008-04-13 16:39 142592 c:\windows\maxdriver\aec.sys
+ 2003-11-08 12:00 . 2008-04-13 18:36 187776 c:\windows\maxdriver\acpi.sys
+ 2010-05-20 07:01 . 2009-03-08 08:33 420352 c:\windows\ie8updates\KB981332-IE8\vbscript.dll
+ 2010-05-20 07:01 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB981332-IE8\spuninst\updspapi.dll
+ 2010-05-20 07:01 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB981332-IE8\spuninst\spuninst.exe
+ 2010-05-20 07:01 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB976662-IE8\spuninst\updspapi.dll
+ 2010-05-20 07:01 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB976662-IE8\spuninst\spuninst.exe
+ 2010-05-20 07:01 . 2009-06-22 06:44 726528 c:\windows\ie8updates\KB976662-IE8\jscript.dll
+ 2010-05-20 07:01 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB971961-IE8\spuninst\updspapi.dll
+ 2010-05-20 07:01 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB971961-IE8\spuninst\spuninst.exe
+ 2010-05-20 07:01 . 2009-03-08 08:33 726528 c:\windows\ie8updates\KB971961-IE8\jscript.dll
+ 2009-09-04 09:36 . 2008-11-25 08:37 4952576 c:\windows\maxdriver\RtkHDAud.sys
+ 2010-05-21 02:26 . 2009-12-12 01:48 1041920 c:\windows\maxdriver\pevFind.exe
+ 2008-02-23 02:46 . 2004-08-04 06:41 1309184 c:\windows\maxdriver\mtlstrm.sys
+ 2009-09-04 09:36 . 2006-01-04 07:41 1389056 c:\windows\maxdriver\Monfilt.sys
+ 2008-02-23 02:46 . 2004-08-04 06:41 1041536 c:\windows\maxdriver\hsfdpsp2.sys
+ 2009-09-04 09:36 . 2008-08-05 12:10 1684736 c:\windows\maxdriver\Ambfilt.sys
+ 2008-02-23 02:46 . 2010-01-12 04:03 10276768 c:\windows\maxdriver\nv4_mini.sys
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\Steam.exe" [2010-05-07 1238352]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-01-22 2363392]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" [2009-11-15 33120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CHotkey"="mHotkey.exe" [2003-07-30 526848]
"ledpointer"="CNYHKey.exe" [2004-03-03 5576704]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2010-04-02 624056]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-01-21 92168]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"RTHDCPL"="RTHDCPL.EXE" [2008-11-17 17676288]
"Ai Nap"="c:\program files\ASUS\AI Suite\AiNap\AiNap.exe" [2008-05-26 1423360]
"QFan Help"="c:\program files\ASUS\AI Suite\QFan3\QFanHelp.exe" [2008-05-06 594432]
"Cpu Level Up help"="c:\program files\ASUS\AI Suite\CpuLevelUpHelp.exe" [2007-12-01 881152]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-30 198160]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-07-09 570664]
"EVGAPrecision"="c:\program files\EVGA Precision\EVGAPrecision.exe" [2010-01-21 293928]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-12 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-12 13666408]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\klmdb.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iCall Internet Phone]
2008-12-18 20:44 1587576 ----a-w- c:\program files\iCall\iCall.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-03-30 08:48 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NMIndexingService"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"c:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\GameSpy\\Comrade\\Comrade.exe"=
"c:\\Program Files\\ZSNES\\zsnesw.exe"=
"c:\\Documents and Settings\\Mike\\Desktop\\stuff\\epsxe\\ePSXe.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\iCall\\iCall.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\atomicsg\\half-life\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\atomicsg\\counter-strike beta\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\atomicsg\\counter-strike\\hl.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"c:\\Program Files\\StarCraft II Beta\\StarCraft II.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"6113:TCP"= 6113:TCP:6113tcp
"6113:UDP"= 6113:UDP:6113udp
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/31/2008 11:31 PM 164048]
R2 713xTVCard;SAA7130 TV Card;c:\windows\system32\drivers\SAA713x.sys [3/15/2005 4:00 PM 277504]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/31/2008 11:31 PM 19024]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [9/4/2009 5:35 AM 57248]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [4/6/2009 2:19 PM 23064]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/23/2008 5:39 PM 691696]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 FlyPCI;FlyPCI;c:\windows\system32\drivers\FlyPCI.sys [3/19/2010 1:46 AM 4134]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PhilTune;Philips TV Tuner;c:\windows\system32\drivers\PhilTune.sys [2/23/2008 12:18 PM 19840]
S3 RTCore32;RTCore32;c:\program files\EVGA Precision\RTCore32.sys [5/25/2005 3:39 PM 4608]
S3 XDva037;XDva037;\??\c:\windows\system32\XDva037.sys --> c:\windows\system32\XDva037.sys [?]
S3 XDva121;XDva121;\??\c:\windows\system32\XDva121.sys --> c:\windows\system32\XDva121.sys [?]
S3 XDva134;XDva134;\??\c:\windows\system32\XDva134.sys --> c:\windows\system32\XDva134.sys [?]
S3 XDva177;XDva177;\??\c:\windows\system32\XDva177.sys --> c:\windows\system32\XDva177.sys [?]
S3 XDva275;XDva275;\??\c:\windows\system32\XDva275.sys --> c:\windows\system32\XDva275.sys [?]
S3 XDva279;XDva279;\??\c:\windows\system32\XDva279.sys --> c:\windows\system32\XDva279.sys [?]
S3 XDva288;XDva288;\??\c:\windows\system32\XDva288.sys --> c:\windows\system32\XDva288.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-01-22 16:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-05-22 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 22:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
TCP: {131F5CA6-FA2A-4508-A0E1-D786E43DCC06} = 64.233.217.2,64.233.17.3
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Mike\Application Data\Mozilla\Firefox\Profiles\tvi2y6li.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://192.168.1.1/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - plugin: c:\documents and settings\Mike\Application Data\Move Networks\plugins\npqmp071502000008.dll
FF - plugin: c:\documents and settings\Mike\Application Data\Mozilla\Firefox\Profiles\tvi2y6li.default\extensions\[email protected]\plugins\npiaplayer.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-22 16:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1960408961-1326574676-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Completion time: 2010-05-22 16:42:13
ComboFix-quarantined-files.txt 2010-05-22 20:42
ComboFix2.txt 2010-05-21 02:12
ComboFix3.txt 2010-05-20 20:03
ComboFix4.txt 2010-05-20 03:40
ComboFix5.txt 2010-05-22 20:31

Pre-Run: 35,398,778,880 bytes free
Post-Run: 35,363,700,736 bytes free

- - End Of File - - 0D80A330C31D789D979F05710263290D


OTL logfile created on: 5/22/2010 4:53:51 PM - Run 8
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Mike\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 84.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 32.95 Gb Free Space | 29.48% Space Free | Partition Type: NTFS
Drive D: | 372.61 Gb Total Space | 110.36 Gb Free Space | 29.62% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: EMERALD
Current User Name: Mike
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Mike\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
PRC - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe (StarWind Software)
PRC - C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe (Linksys)
PRC - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe (GEMTEKS)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Mike\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (WUSB54GCSVC) -- File not found
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (StarWindServiceAE) -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe (StarWind Software)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV - (npggsvc) -- C:\WINDOWS\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (Adobe Version Cue CS3) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)


========== Driver Services (SafeList) ==========

DRV - (catchme) -- File not found
DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswMon2) -- C:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (PnkBstrK) -- C:\WINDOWS\system32\drivers\PnkBstrK.sys ()
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (MpFilter) -- C:\WINDOWS\system32\drivers\MpFilter.sys (Microsoft Corporation)
DRV - (NVHDA) -- C:\WINDOWS\system32\drivers\nvhda32.sys (NVIDIA Corporation)
DRV - (SCREAMINGBDRIVER) -- C:\WINDOWS\system32\drivers\ScreamingBAudio.sys (Screaming Bee LLC)
DRV - (WmXlCore) -- C:\WINDOWS\system32\drivers\WmXlCore.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\WINDOWS\system32\drivers\WmVirHid.sys (Logitech Inc.)
DRV - (WmFilter) -- C:\WINDOWS\system32\drivers\WmFilter.sys (Logitech Inc.)
DRV - (WmBEnum) -- C:\WINDOWS\system32\drivers\WmBEnum.sys (Logitech Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (nvsmu) -- C:\WINDOWS\system32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (MPE) -- C:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation)
DRV - (61883) -- C:\WINDOWS\system32\drivers\61883.sys (Microsoft Corporation)
DRV - (Avc) -- C:\WINDOWS\system32\drivers\avc.sys (Microsoft Corporation)
DRV - (MSDV) -- C:\WINDOWS\system32\drivers\msdv.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (AsIO) -- C:\WINDOWS\system32\drivers\AsIO.sys ()
DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices)
DRV - (RT73) -- C:\WINDOWS\system32\drivers\rt73.sys (Ralink Technology, Corp.)
DRV - (nvnforce) Service for NVIDIA® nForce™ -- C:\WINDOWS\system32\drivers\nvapu.sys (NVIDIA Corporation)
DRV - (nvax) Service for NVIDIA® nForce™ -- C:\WINDOWS\system32\drivers\nvax.sys (NVIDIA Corporation)
DRV - (RTCore32) -- C:\Program Files\EVGA Precision\RTCore32.sys ()
DRV - (713xTVCard) -- C:\WINDOWS\system32\drivers\SAA713x.sys (Philips Semiconductors)
DRV - (nvatabus) -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys (NVIDIA Corporation)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (FsVga) -- C:\WINDOWS\system32\drivers\fsvga.sys (Microsoft Corporation)
DRV - (FlyPCI) -- C:\WINDOWS\system32\drivers\FlyPCI.sys ()
DRV - (PhilTune) -- C:\WINDOWS\system32\drivers\PhilTune.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....ch?fr=ffsp1&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://192.168.1.1/"
FF - prefs.js..extensions.enabledItems: [email protected]:0.4.1.1
FF - prefs.js..keyword.URL: "http://search.yahoo....ch?fr=ffds1&p="


FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/03/30 04:48:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/02 19:17:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/13 16:20:01 | 000,000,000 | ---D | M]

[2008/09/02 01:50:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Mozilla\Extensions
[2010/05/20 00:24:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\tvi2y6li.default\extensions
[2010/04/27 23:12:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\tvi2y6li.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/09/15 21:41:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\tvi2y6li.default\extensions\[email protected]
[2010/05/20 00:24:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/08/30 06:28:59 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll

O1 HOSTS File: ([2010/05/20 22:05:41 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - File not found
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ai Nap] C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe ()
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [CHotkey] C:\WINDOWS\mHotkey.exe (Chicony)
O4 - HKLM..\Run: [Cpu Level Up help] C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe ()
O4 - HKLM..\Run: [EVGAPrecision] C:\Program Files\EVGA Precision\EVGAPrecision.exe ()
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [ledpointer] C:\WINDOWS\CNYHKey.exe (Chicony)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [QFan Help] C:\Program Files\ASUS\AI Suite\QFan3\QFanHelp.exe ()
O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/22 22:35:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/02/22 14:20:17 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 30 Days ==========

[2010/05/20 22:18:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\maxdriver
[2010/05/20 22:04:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/05/20 00:15:37 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/05/19 20:17:23 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/05/19 20:14:02 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/05/19 20:14:02 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/05/19 20:14:02 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/05/19 20:14:02 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/05/19 20:13:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/05/19 20:10:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/19 15:59:43 | 000,979,792 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Mike\Desktop\TDSSKiller.exe
[2010/05/16 22:09:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Desktop\New Folder (2)
[2010/05/16 21:29:49 | 000,571,392 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
[2010/05/16 18:34:00 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/16 18:33:57 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/16 18:33:56 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/16 18:32:38 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Mike\IECompatCache
[2010/05/16 18:28:37 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Mike\IETldCache
[2010/05/16 18:22:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/05/16 18:19:48 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/05/15 19:42:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\Sun
[2010/05/15 16:06:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/05/05 21:04:17 | 000,000,000 | ---D | C] -- C:\Program Files\StarCraft II Beta
[2010/05/05 21:04:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\My Documents\StarCraft II Beta
[2010/05/05 21:04:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Local Settings\Application Data\Blizzard Entertainment
[2010/05/05 21:04:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment
[2010/05/05 10:51:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/05/05 10:05:34 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/05/04 18:36:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/05/04 18:02:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2010/05/04 15:30:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/05/04 15:30:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/05/03 00:15:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Blizzard
[2010/05/02 23:14:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/22 16:43:17 | 000,521,942 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/22 16:43:17 | 000,441,454 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/22 16:43:17 | 000,071,264 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/22 16:42:13 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/05/22 16:42:13 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/22 16:40:12 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/22 16:31:10 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/22 16:30:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/22 16:29:46 | 015,204,352 | ---- | M] () -- C:\Documents and Settings\Mike\NTUSER.DAT
[2010/05/22 16:15:29 | 000,271,490 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/05/20 22:05:41 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/05/20 19:04:32 | 001,138,992 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\maxlook.exe
[2010/05/20 03:01:20 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/20 00:15:25 | 002,672,312 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\esetsmartinstaller_enu.exe
[2010/05/19 20:40:59 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/05/19 20:40:51 | 000,015,360 | ---- | M] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/19 20:17:27 | 000,000,293 | RHS- | M] () -- C:\boot.ini
[2010/05/18 17:02:52 | 003,690,854 | R--- | M] () -- C:\Documents and Settings\Mike\Desktop\ComboFix.exe
[2010/05/18 17:02:18 | 000,949,152 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\tdsskiller.zip
[2010/05/16 22:14:44 | 003,172,094 | -H-- | M] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\IconCache.db
[2010/05/16 20:56:44 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\di86vtoj.exe
[2010/05/16 20:55:52 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
[2010/05/15 16:07:32 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/05/14 18:49:00 | 000,378,487 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100516-040139.backup
[2010/05/14 17:44:24 | 000,000,163 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\this.html
[2010/05/12 18:12:00 | 000,979,792 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Mike\Desktop\TDSSKiller.exe
[2010/05/07 22:04:01 | 000,070,144 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\New Microsoft Word Document (2).doc
[2010/05/06 16:59:57 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/05/06 16:59:36 | 000,165,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/05/06 16:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/05/06 16:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/05/06 16:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/05/06 16:33:59 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/05/06 16:33:55 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/05/06 16:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/05/06 16:33:29 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/05/06 10:36:38 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/05/06 00:09:02 | 000,000,233 | ---- | M] () -- C:\WINDOWS\ACTIVEJP.INI
[2010/05/05 16:56:54 | 000,281,797 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\fw9.pdf
[2010/05/04 17:24:48 | 000,000,223 | ---- | M] () -- C:\Boot.bak
[2010/05/04 17:24:47 | 000,000,507 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/24 12:55:04 | 000,000,964 | ---- | M] () -- C:\Documents and Settings\Mike\Adobe Encore_AME.pref
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/20 21:50:17 | 001,138,992 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\maxlook.exe
[2010/05/20 00:15:20 | 002,672,312 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\esetsmartinstaller_enu.exe
[2010/05/19 20:17:27 | 000,000,223 | ---- | C] () -- C:\Boot.bak
[2010/05/19 20:17:24 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/05/19 20:14:02 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/05/19 20:14:02 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/05/19 20:14:02 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/05/19 20:14:02 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/05/19 20:14:02 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/05/19 15:57:35 | 000,949,152 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\tdsskiller.zip
[2010/05/19 15:57:30 | 003,690,854 | R--- | C] () -- C:\Documents and Settings\Mike\Desktop\ComboFix.exe
[2010/05/16 22:33:16 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\di86vtoj.exe
[2010/05/14 17:38:58 | 000,000,163 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\this.html
[2010/05/06 21:20:53 | 000,281,797 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\fw9.pdf
[2010/05/06 21:20:53 | 000,070,144 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\New Microsoft Word Document (2).doc
[2010/05/05 10:57:04 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/03/19 01:46:21 | 000,004,134 | ---- | C] () -- C:\WINDOWS\System32\drivers\FlyPCI.sys
[2010/02/25 00:37:04 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/01/26 21:46:46 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/09/09 16:02:38 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2009/09/09 16:02:38 | 000,012,400 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2009/09/09 16:02:35 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2009/09/09 16:02:35 | 000,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2009/09/04 05:28:17 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009/09/04 05:27:50 | 000,029,681 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/09/04 05:27:49 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/10/02 04:14:25 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2008/08/24 15:26:45 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2008/08/24 15:26:45 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2008/08/24 15:26:45 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2008/06/01 00:19:53 | 000,138,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/04/14 04:11:08 | 000,000,233 | ---- | C] () -- C:\WINDOWS\ACTIVEJP.INI
[2008/02/26 05:19:01 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/02/26 05:19:01 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/02/24 06:18:04 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/02/23 12:18:23 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/02/23 04:56:53 | 000,000,360 | ---- | C] () -- C:\WINDOWS\CNYHKey.ini
[2008/02/23 04:56:52 | 000,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2008/02/23 04:56:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\CNYUSB.dll
[2008/02/23 04:56:52 | 000,011,776 | ---- | C] () -- C:\WINDOWS\HIDMNT.dll
[2008/02/23 04:56:52 | 000,005,120 | ---- | C] () -- C:\WINDOWS\HKCYDLL.dll
[2008/02/23 04:13:01 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2008/02/23 01:20:23 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2008/02/23 01:20:08 | 000,001,361 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2008/02/22 22:54:14 | 000,000,017 | ---- | C] () -- C:\WINDOWS\System32\auto.ini
[2003/11/08 08:00:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\NSREG.DLL

========== LOP Check ==========

[2010/05/15 16:06:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/02/24 23:54:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2008/08/24 15:26:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Minnetonka Audio Software
[2008/10/21 16:19:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\ameCache
[2008/02/26 05:20:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\AVSMedia
[2009/09/15 21:41:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\GarageGames
[2009/10/28 14:13:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\GARMIN
[2009/06/17 04:59:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\GetRightToGo
[2010/04/01 14:48:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\RadLight Company
[2009/11/28 21:19:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Screaming Bee
[2009/07/25 11:07:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\SystemRequirementsLab
[2010/04/01 14:27:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\uTorrent
[2010/05/22 16:42:13 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/02/22 22:35:13 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/05/04 17:24:48 | 000,000,223 | ---- | M] () -- C:\Boot.bak
[2010/05/19 20:17:27 | 000,000,293 | RHS- | M] () -- C:\boot.ini
[2010/01/22 16:11:29 | 000,004,456 | R--- | M] () -- C:\CLDMA.LOG
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/05/22 16:42:13 | 000,053,036 | ---- | M] () -- C:\ComboFix.txt
[2008/02/22 22:35:13 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/02/01 22:20:47 | 000,000,000 | ---- | M] () -- C:\fftoutput.txt
[2008/10/02 04:14:28 | 000,001,090 | ---- | M] () -- C:\INSTALL.LOG
[2008/02/22 22:35:13 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/06/18 03:35:28 | 000,004,245 | ---- | M] () -- C:\LGSInst.Log
[2010/05/20 22:26:31 | 000,000,122 | ---- | M] () -- C:\looklog.txt
[2008/02/22 22:35:13 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/02/22 22:44:15 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/07/16 02:15:29 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/05/22 16:30:43 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
[2010/02/08 00:30:54 | 000,071,108 | ---- | M] () -- C:\s184
[2010/02/08 00:31:34 | 000,021,614 | ---- | M] () -- C:\s184.4p
[2009/03/13 02:50:02 | 000,071,108 | ---- | M] () -- C:\s1h8
[2010/02/21 03:49:03 | 000,071,108 | ---- | M] () -- C:\s1i0
[2009/02/13 00:25:28 | 000,071,108 | ---- | M] () -- C:\s1ok
[2009/06/25 23:46:02 | 000,071,108 | ---- | M] () -- C:\s1rg
[2009/06/25 23:27:22 | 000,071,108 | ---- | M] () -- C:\s22c
[2009/11/17 16:52:25 | 000,071,108 | ---- | M] () -- C:\s2p8
[2009/06/25 23:35:40 | 000,071,108 | ---- | M] () -- C:\s35k
[2010/01/08 22:11:21 | 000,071,108 | ---- | M] () -- C:\s36g
[2010/01/08 22:11:35 | 000,000,000 | ---- | M] () -- C:\s36g.c
[2010/02/21 03:51:02 | 000,071,108 | ---- | M] () -- C:\s39s
[2010/02/08 00:31:37 | 000,071,108 | ---- | M] () -- C:\s3e8
[2009/07/28 08:57:26 | 000,071,108 | ---- | M] () -- C:\s3nk
[2009/06/25 23:16:17 | 000,071,108 | ---- | M] () -- C:\s3rs
[2009/06/25 23:17:39 | 000,071,108 | ---- | M] () -- C:\s3u8
[2009/11/17 16:48:33 | 000,071,108 | ---- | M] () -- C:\s3vc
[2010/01/08 22:11:42 | 000,071,108 | ---- | M] () -- C:\s6g
[2010/01/08 22:11:57 | 000,000,000 | ---- | M] () -- C:\s6g.4
[2009/02/13 00:18:46 | 000,071,108 | ---- | M] () -- C:\sdc
[2009/02/17 21:03:06 | 000,000,000 | ---- | M] () -- C:\SFDebug.txt
[2009/10/11 16:21:10 | 000,071,108 | ---- | M] () -- C:\sps
[2010/05/19 16:00:16 | 000,042,672 | ---- | M] () -- C:\TDSSKiller.2.3.0.0_19.05.2010_15.59.56_log.txt
[2001/05/24 12:59:30 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE
[2008/02/23 04:44:02 | 000,000,146 | ---- | M] () -- C:\YServer.txt

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/02/22 14:22:32 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/02/22 14:22:32 | 000,626,688 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/02/22 14:22:32 | 000,442,368 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys 180 >
< End of report >


OTL Extras logfile created on: 5/22/2010 4:53:51 PM - Run 8
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Mike\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 84.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 32.95 Gb Free Space | 29.48% Space Free | Partition Type: NTFS
Drive D: | 372.61 Gb Total Space | 110.36 Gb Free Space | 29.62% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: EMERALD
Current User Name: Mike
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS3 Server
"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50900:TCP" = 50900:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50901:TCP" = 50901:TCP:*:Enabled:Adobe Version Cue CS3 Server
"6113:TCP" = 6113:TCP:*:Enabled:6113tcp
"6113:UDP" = 6113:UDP:*:Enabled:6113udp
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\NCsoft\Exteel\System\Exteel.exe" = C:\Program Files\NCSoft\Exteel\System\Exteel.exe:*:Enabled:Exteel -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Starcraft\StarCraft.exe" = C:\Program Files\Starcraft\StarCraft.exe:*:Enabled:Starcraft -- (Blizzard Entertainment)
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" = C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server -- (Adobe Systems Incorporated)
"C:\Program Files\Warcraft III\Warcraft III.exe" = C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment)
"C:\Program Files\Warcraft III\Frozen Throne.exe" = C:\Program Files\Warcraft III\Frozen Throne.exe:*:Enabled:Warcraft III - The Frozen Throne -- (Blizzard Entertainment)
"C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe" = C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe:*:Enabled:Adobe Dreamweaver CS3 -- (Adobe Systems, Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\Program Files\GameSpy\Comrade\Comrade.exe" = C:\Program Files\GameSpy\Comrade\Comrade.exe:*:Enabled:Comrade -- (IGN Entertainment Inc.)
"C:\Program Files\ZSNES\zsnesw.exe" = C:\Program Files\ZSNES\zsnesw.exe:*:Enabled:zsnesw -- ()
"C:\Documents and Settings\Mike\Desktop\stuff\epsxe\ePSXe.exe" = C:\Documents and Settings\Mike\Desktop\stuff\epsxe\ePSXe.exe:*:Disabled:ePSXe -- ()
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\iCall\iCall.exe" = C:\Program Files\iCall\iCall.exe:*:Enabled:iCall -- ()
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\Steam\steamapps\atomicsg\half-life\hl.exe" = C:\Program Files\Steam\steamapps\atomicsg\half-life\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Program Files\Steam\steamapps\atomicsg\counter-strike beta\hl.exe" = C:\Program Files\Steam\steamapps\atomicsg\counter-strike beta\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Program Files\Steam\steamapps\atomicsg\counter-strike\hl.exe" = C:\Program Files\Steam\steamapps\atomicsg\counter-strike\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\WINDOWS\system32\dxdiag.exe" = C:\WINDOWS\system32\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main -- (Obsidian Entertainment, Inc.)
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD -- (Obsidian Entertainment, Inc.)
"C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater -- (Obsidian Entertainment, Inc.)
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server -- (Obsidian Entertainment, Inc.)
"C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe" = C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:*:Enabled:Battlefield 2 -- ()
"C:\Program Files\StarCraft II Beta\StarCraft II.exe" = C:\Program Files\StarCraft II Beta\StarCraft II.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{0327FA9D-975C-448C-A086-577D57BB25B8}" = Adobe Soundbooth CS3 Codecs
"{03737893-5BEE-4C78-9C58-3AE7F172BBBE}" = Garmin Communicator Plugin
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0DD2BDF7-EAC8-41F7-83ED-61A2D05C6235}" = Adobe Setup
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}" = Cool & Quiet
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server {ko_KR}
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 18
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite
"{31492759-0E89-46B5-9770-F6E5808E3017}" = xImage
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{402ED8C0-824E-48A2-AB07-C8820E9CD8E9}" = MorphVOX Junior
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}" = Adobe Encore CS3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{6054F774-FEF0-46C6-9311-EC97FC576FC5}" = USB Wireless Keyboard Driver
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7148F0A8-6813-11D6-A77B-00B0D0142160}" = Java 2 Runtime Environment, SE v1.4.2_16
"{73E81E9B-7319-43AD-B7CC-1C61405E5089}" = Adobe After Effects CS3 Template Projects & Footage
"{768F22DC-2D20-4F52-A9A1-5E231FB7F752}" = Logitech Gaming Software 5.04
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3
"{7ECEF10B-F1C2-4FD5-861F-A3FCB4653304}" = Adobe After Effects CS3 Third Party Content
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86EF9FC4-F209-4520-B7E1-C7FF0EEBDFFF}" = Adobe Audition 1.5
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{92A300C0-E97B-48CC-9702-AB1AAED167E1}" = Adobe Soundbooth CS3 Scores
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{96ABF4E1-1489-4B84-B3CB-82E010247D73}" = Adobe Creative Suite 3 Master Collection
"{995237D9-6E24-45D9-9B06-C13AA62F518B}" = Adobe Ultra CS3 - MSL Legacy Support
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}" = Adobe Soundbooth CS3
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B70CDBAC-638A-4E67-916A-DB4C6F571033}" = Nero 8 Essentials
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}" = Adobe Encore CS3 Codecs
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater
"{E590FD1C-E8C6-4D2E-8CA9-77B403F7EE01}" = Microsoft Antimalware
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E7391464-6939-413C-B427-32F33FE13484}" = GameSpy Comrade
"{E907A385-B00D-4D03-8B16-B64F10938CE6}" = Adobe Ultra CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}" = Battlefield 2142
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1D93F5B-881F-49E3-BA56-B4B8FA991059}" = Adobe Encore CS3 Library
"{F20C1251-1D0A-4944-B2AE-678581B33B19}" = Neverwinter Nights 2
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{F855C3AE-992D-4B84-A09D-07103CDCDAC2}" = Compact Wireless-G USB Adapter
"{F87A8E11-02A4-4875-A3A5-5961081B0E4E}" = OpenOffice.org 2.4
"{F9831B39-277F-4F53-BFB0-12DC90C4CB40}" = Requiem
"{FA8BFB25-BF48-4F8B-8859-B30810745190}" = LightScribe System Software
"{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}" = Adobe Contribute CS3
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFB278E6-2945-4FF0-8F3F-268CDD09FCF6}" = Adobe OnLocation CS3
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.2.2 Professional
"Adobe Acrobat 8 Professional_822" = Adobe Acrobat 8.2.2 - CPSID_53952
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_e7e6bb3ae60aaa1c5b11aa97d8f15b0" = Add or Remove Adobe Creative Suite 3 Master Collection
"avast5" = avast! Free Antivirus
"DivXCodec" = DivX 4.0 Final Codec
"ESET Online Scanner" = ESET Online Scanner v3
"HaaliMkx" = Haali Media Splitter
"Hamachi" = Hamachi 1.0.3.0
"iCall_is1" = iCall
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IEEP" = Infinty Engine Editor Pro (remove only)
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"InstallShield_{995237D9-6E24-45D9-9B06-C13AA62F518B}" = Adobe Ultra CS3 - MSL Legacy Support
"InstallShield_{E907A385-B00D-4D03-8B16-B64F10938CE6}" = Adobe Ultra CS3
"InstallShield_{FFB278E6-2945-4FF0-8F3F-268CDD09FCF6}" = Adobe OnLocation CS3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OpenAL" = OpenAL
"Precision" = EVGA Precision 1.9.1
"Prism" = Prism Video Converter
"PVK" = PVK
"RealPlayer 6.0" = RealPlayer
"Starcraft" = Starcraft
"StarCraft II Beta" = StarCraft II Beta
"StealthBot v2.6 Revision 3" = StealthBot v2.6 Revision 3 (remove only)
"Steam App 10" = Counter-Strike
"Steam App 1290" = Darkest Hour Server
"Steam App 70" = Half-Life
"SystemRequirementsLab" = System Requirements Lab
"Vampire Slayer : Chapter VI_is1" = VS v6.0
"WE Unlimited_is1" = WE Unlimited 1.20
"WIC" = Windows Imaging Component
"WinBiff" = WinBiff
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
"StarCraft X-tra Editor" = StarCraft X-tra Editor
"uTorrent" = µTorrent
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 11/23/2009 9:51:19 PM | Computer Name = EMERALD | Source = avast! | ID = 33554522
Description =

Error - 11/23/2009 9:51:19 PM | Computer Name = EMERALD | Source = avast! | ID = 33554522
Description =

Error - 11/23/2009 9:51:19 PM | Computer Name = EMERALD | Source = avast! | ID = 33554522
Description =

Error - 11/23/2009 9:51:19 PM | Computer Name = EMERALD | Source = avast! | ID = 33554522
Description =

Error - 12/31/2009 4:55:16 AM | Computer Name = EMERALD | Source = avast! | ID = 33554522
Description =

Error - 12/31/2009 4:55:16 AM | Computer Name = EMERALD | Source = avast! | ID = 33554522
Description =

Error - 12/31/2009 4:55:16 AM | Computer Name = EMERALD | Source = avast! | ID = 33554522
Description =

Error - 12/31/2009 4:55:16 AM | Computer Name = EMERALD | Source = avast! | ID = 33554522
Description =

Error - 12/31/2009 4:55:16 AM | Computer Name = EMERALD | Source = avast! | ID = 33554522
Description =

Error - 1/12/2010 11:27:47 PM | Computer Name = EMERALD | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 5/20/2010 4:16:51 PM | Computer Name = EMERALD | Source = Application Hang | ID = 1002
Description = Hanging application FlashPlayer.exe, version 9.0.115.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/20/2010 4:20:38 PM | Computer Name = EMERALD | Source = Application Hang | ID = 1002
Description = Hanging application FlashPlayer.exe, version 9.0.115.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/20/2010 4:21:30 PM | Computer Name = EMERALD | Source = Application Hang | ID = 1002
Description = Hanging application FlashPlayer.exe, version 9.0.115.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/20/2010 4:22:21 PM | Computer Name = EMERALD | Source = Application Hang | ID = 1002
Description = Hanging application FlashPlayer.exe, version 9.0.115.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/20/2010 7:01:09 PM | Computer Name = EMERALD | Source = Application Error | ID = 1000
Description = Faulting application untitled-3.exe, version 9.0.115.0, faulting module
untitled-3.exe, version 9.0.115.0, fault address 0x00107940.

Error - 5/20/2010 7:01:14 PM | Computer Name = EMERALD | Source = Application Error | ID = 1000
Description = Faulting application untitled-3.exe, version 9.0.115.0, faulting module
untitled-3.exe, version 9.0.115.0, fault address 0x00107940.

Error - 5/20/2010 9:56:53 PM | Computer Name = EMERALD | Source = Application Error | ID = 1000
Description = Faulting application pev.cfxxe, version 0.0.0.0, faulting module pev.cfxxe,
version 0.0.0.0, fault address 0x00082899.

Error - 5/21/2010 7:58:22 PM | Computer Name = EMERALD | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 2.1.6519.0,
P5 mpsigdwn.dll, P6 2.1.6519.0, P7 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P8 NIL, P9 NIL, P10 NIL.

Error - 5/21/2010 7:58:22 PM | Computer Name = EMERALD | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 5/22/2010 4:32:14 PM | Computer Name = EMERALD | Source = Application Error | ID = 1000
Description = Faulting application pev.cfxxe, version 0.0.0.0, faulting module pev.cfxxe,
version 0.0.0.0, fault address 0x00082899.

[ System Events ]
Error - 5/20/2010 9:56:44 PM | Computer Name = EMERALD | Source = Service Control Manager | ID = 7034
Description = The StarWind AE Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 5/20/2010 9:56:44 PM | Computer Name = EMERALD | Source = Service Control Manager | ID = 7034
Description = The Application Layer Gateway Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 5/20/2010 9:56:44 PM | Computer Name = EMERALD | Source = Service Control Manager | ID = 7031
Description = The Microsoft Antimalware Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
15000 milliseconds: Restart the service.

Error - 5/20/2010 10:06:29 PM | Computer Name = EMERALD | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 5/20/2010 10:24:26 PM | Computer Name = EMERALD | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 5/21/2010 7:48:01 PM | Computer Name = EMERALD | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 5/21/2010 7:58:21 PM | Computer Name = EMERALD | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.81.1861.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5703.0 Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 5/21/2010 11:59:42 PM | Computer Name = EMERALD | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 5/22/2010 4:16:09 PM | Computer Name = EMERALD | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 5/22/2010 4:31:05 PM | Computer Name = EMERALD | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058


< End of report >


Note about untitled-3.exe and flash player. They are related, I tried to mess around with flash a little the other night while waiting for your reply to see if I could notice any differance in how the computer was running. Untitled-3.exe was just a flash application I tried (and failed because im amateurish at it) to generate
  • 0

#24
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
How are things running? Are you experiencing any outstanding issues?
  • 0

#25
AtomicSG

AtomicSG

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
dont know if its still redirecting or not. Havent brought it back on the net to see yet. Im curious as to wether the thing eset scan found was adressed at all though. Or was it nothing? Because you had me uncheck the option on it to fix what it found if I remember right. Just a heads up, if I suddenly stop posting for a while I apologize, the monitor for my desktop is starting to turn pink when I first turn it on and then develop a flicker, which if what im reading is true, means the CCFL backlamp is getting ready to reach its lifetime expectancy and soon ill need to replace either the lamp or the monitor. And if my desktop monitor goes I wont be able to see what im doing.

(I know I could still post with my laptop like I am now, but I occasionally get forgetful so im giving you a heads up now just incase)

As for any other issues, you may not believe me but I wasnt noticing a whole lot of them even before except for the redirect thing which brought me here so... if there are any maybe im just oblivious to them? I dont know..
  • 0

Advertisements


#26
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

The item that was found by ESET is currently in your System Restore. Once we are done we will flush all of your system restore points.

Your logs are looking pretty good and from what I can see they look clean. Lets go ahead and start on the clean-up process. This is going to be a two step process. We will deal with some issues in this post, and my next post to you will be the final clean-up procedures.

OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"

    :Services
    :OTL
    SRV - (WUSB54GCSVC) -- File not found
    DRV - (catchme) -- File not found
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - File not found
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    [2010/05/18 17:02:18 | 000,949,152 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\tdsskiller.zip
    [2010/05/12 18:12:00 | 000,979,792 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Mike\Desktop\TDSSKiller.exe
    [2010/05/20 00:15:20 | 002,672,312 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\esetsmartinstaller_enu.exe
    [2010/05/19 16:00:16 | 000,042,672 | ---- | M] () -- C:\TDSSKiller.2.3.0.0_19.05.2010_15.59.56_log.txt
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [start explorer]
    [Reboot]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Java Outdated
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 20 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u20-windows-i586.exe to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note:
The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications.
To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
Click Ok and reboot your computer.


NEXT



Clean Java Cache & Temporary Files
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH CheckedApplications and AppletsTrace and Log Files
  • Click OK on Delete Temporary Files Window

    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.


NEXT



Go to Start > Run > Type in: maxlook -cleanup

Hit Enter.

A black window should appear and will disappear on it's own.


Please include the OTL fix log in your next reply. :)

Cheers,
ST.
  • 0

#27
AtomicSG

AtomicSG

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
When I tried to run the OTL fix my computer restarted (wasnt watching so I dont know any details) when it came back up there was a screen stating the following: "Windows has just recovered from a serious error"

(Im keeping the screen up until further instructed)
  • 0

#28
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

Please reboot the computer manually and find and locate the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Please post that in your next reply.

Cheers.
  • 0

#29
AtomicSG

AtomicSG

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
there is a folder with that name but no file(s)
  • 0

#30
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Please carry on with the Java Update and the maxlook cleanup.

Cheers.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP