when you say you restored twice, did you do a factory reset or a windows restore?

Your HJT log has some problems. I'd post in the security forum and/or expect this thread to be moved there.

I did a windows restore. For the oddest reason the company that made my computer made it without a way to factory reset it so I am screwed in that department unless I decide to do a complete system wipe. What problems do you see....I am not very program or windows savy. I just know the basics...you know ctrl-alt-delete, msconfig, ipconfig and regedit...and even then I only know how to mess with a few things in each one.

You have a bit of a mess.

Follow the steps in the link below and post the requested logs. I - or one of the other volunteers - will be happy to assist you as time permits.

Read me before posting a request for assistance

Best Luck
PP

Well I followed all instuctions to the "T" and was amazed to find so many infected files. Some of my buddies are having the same issue so we think its on one of their gigsticks from when they went home on leave from the deployment. So far the only thing I have not been able to do is disable the System Restore Points due to the same error from above. Also I cannot go into System in the Control Panel as I get a RUNDLL error.
Here are all the logs you requested. None of the programs had any issues running.

Malwarebytes' Anti-Malware 1.22
Database version: 977
Windows 5.1.2600 Service Pack 2

11:45:41 AM 7/22/2008
mbam-log-7-22-2008 (11-45-41).txt

Scan type: Full Scan (C:\|E:\|)
Objects scanned: 143747
Time elapsed: 54 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 27
Registry Values Infected: 18
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 131

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{17dfd111-bf3a-4cb4-adb0-88fcbfe69821} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{35671234-7890-abcd-cdef-567801237653} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35671234-7890-abcd-cdef-567801237653} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{45aadfaa-dd36-42ab-83ad-0521bbf58c24} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{50940f85-f015-14f1-a05f-f69858ac6d05} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{50940f85-f015-14f1-a05f-f69858ac6d05} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{55694105-5108-9405-3695-954187462155} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{55694105-5108-9405-3695-954187462155} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{80af1289-f140-a140-d012-c1458759fc08} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7914e0aa-eccb-4311-b584-c49538227824} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7c8d1401-a58d-a81c-cd24-a5915c4517c7} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7c8d1401-a58d-a81c-cd24-a5915c4517c7} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84143967-b645-4bff-b873-da1dc886e9a7} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{841529cb-7f77-4b99-a895-b5441e0d302f} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8c41b7f7-3168-400d-a702-0e7efe0ba304} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{aa59145f-315d-bc23-ac1f-145df81a34aa} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{aa59145f-315d-bc23-ac1f-145df81a34aa} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{14698742-2059-3025-9058-954023874141} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6b1aef69-ddae-fdad-dcab-698f026abdb6} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6b1aef69-ddae-fdad-dcab-698f026abdb6} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6c648541-1025-9650-9057-6541258720c6} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6c648541-1025-9650-9057-6541258720c6} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{528df602-9541-a985-210a-984a698c6f25} (Spyware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{528df602-9541-a985-210a-984a698c6f25} (Spyware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{470165f1-9f65-569f-f895-f14f58f41074} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4a698102-5904-afd0-20df-cd1a65829ca4} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4a698102-5904-afd0-20df-cd1a65829ca4} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{17dfd111-bf3a-4cb4-adb0-88fcbfe69821} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{35671234-7890-abcd-cdef-567801237653} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{45aadfaa-dd36-42ab-83ad-0521bbf58c24} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{50940f85-f015-14f1-a05f-f69858ac6d05} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{55694105-5108-9405-3695-954187462155} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{80af1289-f140-a140-d012-c1458759fc08} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{7914e0aa-eccb-4311-b584-c49538227824} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{7c8d1401-a58d-a81c-cd24-a5915c4517c7} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{84143967-b645-4bff-b873-da1dc886e9a7} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{841529cb-7f77-4b99-a895-b5441e0d302f} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{8c41b7f7-3168-400d-a702-0e7efe0ba304} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{aa59145f-315d-bc23-ac1f-145df81a34aa} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{14698742-2059-3025-9058-954023874141} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6b1aef69-ddae-fdad-dcab-698f026abdb6} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6c648541-1025-9650-9057-6541258720c6} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{528df602-9541-a985-210a-984a698c6f25} (Spyware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{470165f1-9f65-569f-f895-f14f58f41074} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{4a698102-5904-afd0-20df-cd1a65829ca4} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\WINDOWS\system32\modtrux18 (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP120\A0061317.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP120\A0061319.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP120\A0061339.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP122\A0061370.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP122\A0061371.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP128\snapshot\MFEX-1.DAT (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP129\A0063370.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP129\snapshot\MFEX-1.DAT (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP130\snapshot\MFEX-1.DAT (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP131\A0064375.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP131\snapshot\MFEX-1.DAT (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP132\A0064376.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP132\snapshot\MFEX-1.DAT (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP111\A0049416.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP114\A0050590.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP114\A0050591.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP114\A0050592.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP114\A0050593.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP114\A0050594.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP114\A0050595.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP114\A0050596.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP114\A0050597.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP114\A0050598.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP114\A0050599.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP114\A0050600.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP114\A0050601.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP114\A0050603.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP114\A0050604.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP114\A0050605.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP114\A0050606.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP114\A0050607.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP114\A0050608.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP114\A0050609.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP114\A0050610.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP114\A0050602.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP115\A0051755.sys (Trojan.Alman) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP115\A0052753.sys (Trojan.Alman) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP115\A0053753.sys (Trojan.Alman) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP115\A0055009.sys (Trojan.Alman) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP115\A0058013.sys (Trojan.Alman) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP116\A0059416.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP116\A0059419.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP116\A0059446.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP116\A0059447.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP116\A0059449.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP116\A0059451.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP116\A0059452.sys (Trojan.Alman) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP116\A0059453.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP116\A0059454.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP117\A0059471.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP117\A0059472.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP117\A0059506.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP117\A0061008.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP117\A0061009.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP117\A0061010.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP117\A0061011.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP117\A0061012.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP117\A0061013.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP117\A0061014.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP117\A0061015.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP118\A0061239.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP118\A0061230.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP118\A0061232.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP118\A0061241.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP118\A0061242.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP118\A0061243.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP118\A0061244.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP118\A0061245.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP118\A0061246.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP119\A0061285.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP119\A0061286.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP119\A0061287.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP119\A0061288.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP119\A0061289.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP119\A0061290.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\explore.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\iexplorer.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\x.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\y.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\xxxvideo.hta (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\default.htm (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\svchost32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\loader.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\internet.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\accesss.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\astctl32.ocx (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\avpcc.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\clrssn.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\cpan.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\ctfmon32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\ctrlpan.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\directx32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\dnsrelay.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\editpad.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\Explorer32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\funniest.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\funny.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\gfmnaaa.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\helpcvs.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\iedll.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\inetinf.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\msconfd.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\msspi.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mssys.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\msupdate.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mswsc10.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mswsc20.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mtwirl32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\notepad32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\olehelp.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\qttasks.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\quicken.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\rundll16.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\rundll32.vbe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\searchword.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\sistem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\svcinit.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\systeem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\systemcritical.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\time.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\users32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\waol.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\win32e.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\win64.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winajbm.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\window.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winmgnt.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\xplugin.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtsRKAt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan Gartner\services.exe (Trojan.Agent) -> Quarantined and deleted successfully.


ESET ONLINE SCANNER LOG

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3287 (20080722)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=8f30540818cdf9479341632a012abd64
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2008-07-22 10:20:49
# local_time=2008-07-22 12:20:49 (+0100, W. Europe Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=234734
# found=29
# scan_time=1760
C:\Documents and Settings\Ryan Gartner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.16272 Win32/PSW.OnLineGames.OAF trojan C0C47673F779B83D257D9F62218A81D5
C:\Documents and Settings\Ryan Gartner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.16290 probably a variant of Win32/PSW.OnLineGames.OAF trojan F8AEDCF99356D56656821E0B6D903FBD
C:\Documents and Settings\Ryan Gartner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.19581 probably a variant of Win32/PSW.OnLineGames.OAF trojan 96D3006068C958EFE92F772545694D7A
C:\Documents and Settings\Ryan Gartner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.23942 probably a variant of Win32/PSW.OnLineGames.OAF trojan B4728DA4BD8A508D4B1D35FCF8C30987
C:\Documents and Settings\Ryan Gartner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.24084 probably a variant of Win32/PSW.OnLineGames.OAF trojan 72076372CE3DC9F8D4FB057C819AFE58
C:\Documents and Settings\Ryan Gartner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.24375 probably a variant of Win32/PSW.OnLineGames.OAF trojan 5A5DDACAC26A71CFF80749E93182020F
C:\Documents and Settings\Ryan Gartner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.25660 probably a variant of Win32/PSW.OnLineGames.OAF trojan 0544B576C9EB86795101FDB3214B4597
C:\Documents and Settings\Ryan Gartner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.31558 probably a variant of Win32/PSW.OnLineGames.OAF trojan E978288FE86D7AB549B297148033A321
C:\Documents and Settings\Ryan Gartner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.35560 probably a variant of Win32/PSW.OnLineGames.OAF trojan CCA79EF0259F6D9705CE6D68CB13F959
C:\Documents and Settings\Ryan Gartner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.37307 Win32/PSW.OnLineGames.OAF trojan 6159C2B79BFBFED466A72C250FDD1068
C:\Documents and Settings\Ryan Gartner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.38667 probably a variant of Win32/PSW.OnLineGames.OAF trojan 347D284C61F82BBF5A18C1FEA52BBCE6
C:\Documents and Settings\Ryan Gartner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.44127 probably a variant of Win32/PSW.OnLineGames.OAF trojan A46809747EB3FDB0FF076A92D6FD49A0
C:\Documents and Settings\Ryan Gartner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.45057 probably a variant of Win32/PSW.OnLineGames.OAF trojan 33A84B725A3506E44FAFBFEDC30D1ECD
C:\Documents and Settings\Ryan Gartner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.51189 Win32/PSW.OnLineGames.OAF trojan 35FA2AFC23A5FA3A051C4C069963650B
C:\Documents and Settings\Ryan Gartner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.51639 probably a variant of Win32/PSW.OnLineGames.OAF trojan 1A28264E0F163F038B78B672CAABA542
C:\Documents and Settings\Ryan Gartner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.70904 probably a variant of Win32/PSW.OnLineGames.OAF trojan 21DA88980F2BEC72581094AD750B247F
C:\Documents and Settings\Ryan Gartner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.73858 probably a variant of Win32/PSW.OnLineGames.OAF trojan CB0DD85CE5A67F3443D8657BD52F5D54
C:\Documents and Settings\Ryan Gartner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.75872 probably a variant of Win32/PSW.OnLineGames.OAF trojan 57FCF55C08BD637AF0407C885BCBCDB5
C:\Documents and Settings\Ryan Gartner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.76054 probably a variant of Win32/PSW.OnLineGames.OAF trojan 27C01563013D159F0402C43EA79EF0C7
C:\Documents and Settings\Ryan Gartner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.78972 probably a variant of Win32/PSW.OnLineGames.OAF trojan 0F4C04044A49875B98C0FFBB1EC4CCF1
C:\Documents and Settings\Ryan Gartner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.79169 probably a variant of Win32/PSW.OnLineGames.OAF trojan 3D9E1210D990186D8E3FE0C052350B2E
C:\Documents and Settings\Ryan Gartner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.80674 Win32/PSW.OnLineGames.OAF trojan A0CED4B0270A86CB6B2BBD04DFA97416
C:\Documents and Settings\Ryan Gartner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.83041 probably a variant of Win32/PSW.OnLineGames.OAF trojan 692AB6779A0F03151375DF28844563CA
C:\Documents and Settings\Ryan Gartner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.84542 probably a variant of Win32/PSW.OnLineGames.OAF trojan 870725597F5C4B02C5150F091EAA5EA2
C:\Documents and Settings\Ryan Gartner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.86007 probably a variant of Win32/PSW.OnLineGames.OAF trojan E4671392E3E4A06DF7DD8CF1A4C83DA1
C:\Documents and Settings\Ryan Gartner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.86308 probably a variant of Win32/PSW.OnLineGames.OAF trojan 4EFBAC1EE340422AC079984A69BC6DE0
C:\Documents and Settings\Ryan Gartner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.87023 probably a variant of Win32/PSW.OnLineGames.OAF trojan 991B8D9F910ABF6A6F1B68F90EEF48A8
C:\Documents and Settings\Ryan Gartner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.89256 probably a variant of Win32/PSW.OnLineGames.OAF trojan D86A783DA352B33CD7DA13D73FEB4FBC
C:\Documents and Settings\Ryan Gartner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.98146 probably a variant of Win32/PSW.OnLineGames.OAF trojan 24AB5653386DB224AE6A51E260CC2675

Deckard's System Scanner v20071014.68
Run by Ryan Gartner on 2008-07-22 13:18:11
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Failed to create restore point; System Restore is disabled (service is not running).


-- Last 5 Restore Point(s) --
42: 2008-07-22 00:41:00 UTC - RP132 - Restore Operation
41: 2008-07-22 00:20:03 UTC - RP131 - Restore Operation
40: 2008-07-22 00:18:03 UTC - RP130 - In case of sound
39: 2008-07-22 00:11:23 UTC - RP129 - Restore Operation
38: 2008-07-21 16:13:25 UTC - RP128 - Installed DirectX 9.0


-- First Restore Point --
1: 2008-07-01 21:01:02 UTC - RP91 - Removed Age of Empires III


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 25.5 GiB (less than 15%) free.


-- HijackThis (run as Ryan Gartner.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:18:40 PM, on 7/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\MHotkey.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\CleGameKey\driver\ZClevoGKY.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\StkCSrv.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Documents and Settings\Ryan Gartner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Ryan Gartner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: 202.165.102.205 972.aksjd11.com
O1 - Hosts: 202.165.102.205 w3og.cn
O1 - Hosts: 203.208.35.100 qazc.fourtw.cn
O1 - Hosts: 203.208.35.100 www.aujoy.cn
O1 - Hosts: 203.208.35.101 www.hao601.cn
O1 - Hosts: 203.208.35.101 www.psp476.cn
O1 - Hosts: 72.14.235.99 222.1212l112.net
O1 - Hosts: 72.14.235.99 444.1212l112.netn
O1 - Hosts: 72.14.235.99 555.1212l112.net
O1 - Hosts: 72.14.235.99 111.1212l112.net
O1 - Hosts: 65.55.21.250 111.3243l24.com
O1 - Hosts: 65.55.21.250 222.3243l24.com
O1 - Hosts: 65.55.21.250 333.3243l24.com
O1 - Hosts: 125.64.8.112 kao2.gmwo03.com
O1 - Hosts: 125.64.8.112 kao.gmwo06.com
O1 - Hosts: 125.64.8.112 444.gmwo07.com
O1 - Hosts: 116.252.185.15 ru.update365.us
O1 - Hosts: 116.252.185.15 ad.update365.us
O1 - Hosts: 207.46.232.182 popmails.net
O1 - Hosts: 203.208.37.99 3.goodhh.com
O1 - Hosts: 220.181.37.55 down.rwixr.com
O1 - Hosts: 160.79.42.52 www.xdj2008.com
O1 - Hosts: 63.175.76.152 www.revtr.cn
O1 - Hosts: 219.133.40.91 qq.ljsll.com
O1 - Hosts: 203.208.35.102 www.aassccwe.cn
O1 - Hosts: 209.132.177.50 973.aksjd11.com
O1 - Hosts: 209.132.177.50 974.aksjd11.com
O1 - Hosts: 209.132.177.50 971.aksjd11.com
O1 - Hosts: 209.132.177.50 975.aksjd11.com
O1 - Hosts: 72.14.235.104 user1.12-39.net
O1 - Hosts: 72.14.235.147 www.infomt.net
O1 - Hosts: 192.150.18.101 ata1.sysions.net
O1 - Hosts: 192.150.18.101 ata2.sysions.net
O1 - Hosts: 192.150.18.101 ata3.sysions.net
O1 - Hosts: 192.150.18.101 ata4.sysions.net
O1 - Hosts: 193.120.42.226 8nnnnn99.cn
O1 - Hosts: 24.39.54.34 www.haoaoao.cn
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: detxbiua.dll - {20618412-C528-C784-C056-C164D1F7C502} - C:\WINDOWS\system32\detxbiua.dll (file missing)
O2 - BHO: ijdybpaw.dll - {2A698452-C5D8-C584-C256-C264C987C5A2} - C:\WINDOWS\system32\ijdybpaw.dll (file missing)
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: zywlcime.dll - {37A924AF-1A5F-CF21-AB1D-1D5CF82A8A73} - C:\WINDOWS\system32\zywlcime.dll (file missing)
O2 - BHO: tisqctyu.dll - {38093456-9012-4568-9076-908765467183} - C:\WINDOWS\system32\tisqctyu.dll (file missing)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: apzhctde.dll - {3D698451-2015-6358-9871-2015987452D3} - C:\WINDOWS\system32\apzhctde.dll (file missing)
O2 - BHO: pqzfajke.dll - {60A345CD-ABCD-EFAB-CDEF-ABCD01020306} - C:\WINDOWS\system32\pqzfajke.dll (file missing)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: apsggjba.dll - {7FD45A54-9875-698F-E56E-65102358FDF7} - C:\WINDOWS\system32\apsggjba.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll (file missing)
O2 - BHO: hdf453d.dll - {B629FF4F-ACDB-5C90-A098-FACB3456A26B} - C:\WINDOWS\system32\hdf453d.dll (file missing)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LchGKey] C:\WINDOWS\LchGKey.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Hook] C:\Program Files\VideoView\StkHK.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1196826068891
O17 - HKLM\System\CCS\Services\Tcpip\..\{797AB5AC-E12D-48D0-A954-55EE70D653F0}: NameServer = 217.237.148.102 217.237.151.115
O20 - AppInit_DLLs: NTNJXSJTVC.dll caotxb.dll jsnoer.dll joliom.dll
O21 - SSODL: DesktopWin - {DA191DE0-AA86-4ED0-4B87-292A3D48BE99} - C:\WINDOWS\AppPatch\DesktopWin.dll (file missing)
O21 - SSODL: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkCSrv.exe

--
End of file - 12324 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

All drivers whitelisted.


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-07-22 07:28:47 354 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2008-07-22 07:28:45 346 --a------ C:\WINDOWS\Tasks\McQcTask.job


-- Files created between 2008-06-22 and 2008-07-22 -----------------------------

2008-07-22 11:46:57 0 d-------- C:\Program Files\EsetOnlineScanner
2008-07-22 10:44:43 0 d-------- C:\Documents and Settings\Ryan Gartner\Application Data\Malwarebytes
2008-07-22 10:44:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-22 10:44:41 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-22 07:37:10 0 dr------- C:\Documents and Settings\LocalService\Favorites <FAVORI~1>
2008-07-22 07:30:33 0 d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-07-22 07:30:29 0 d-------- C:\Program Files\SiteAdvisor
2008-07-22 07:30:29 0 d-------- C:\Documents and Settings\Ryan Gartner\Application Data\SiteAdvisor
2008-07-22 07:30:05 143360 --a------ C:\WINDOWS\system32\dunzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading UnZIP DLL>
2008-07-22 07:28:37 0 d-------- C:\Program Files\McAfee.com
2008-07-22 07:28:36 0 d-------- C:\Program Files\Common Files\McAfee
2008-07-22 07:28:29 0 d-------- C:\Program Files\McAfee
2008-07-22 07:16:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-07-22 03:11:18 0 d-------- C:\WINDOWS\system32\appmgmt
2008-07-22 03:02:57 0 d-------- C:\Program Files\Trend Micro
2008-07-22 02:30:24 0 d-------- C:\WINDOWS\pss
2008-07-22 01:46:14 0 d-------- C:\Program Files\Common Files\INCA Shared
2008-07-21 19:50:03 38048 --a------ C:\WINDOWS\system32\drivers\HBKernel.sys
2008-07-21 18:03:36 0 d-------- C:\Program Files\Codemasters
2008-07-20 13:55:02 0 d-------- C:\Program Files\Zune
2008-07-16 16:58:13 0 d-------- C:\Program Files\Sierra On-Line
2008-07-16 16:42:01 0 d-------- C:\Program Files\Sierra
2008-07-11 23:06:17 8 --a------ C:\WINDOWS\system32\Update.dat
2008-07-08 00:27:41 36 --a------ C:\WINDOWS\system32\qbhxaklo.sys
2008-07-08 00:27:30 24 --a------ C:\WINDOWS\system32\ngjxakin.sys
2008-07-08 00:23:47 24 --a------ C:\WINDOWS\system32\wymxajkl.sys
2008-07-08 00:21:02 20 --a------ C:\WINDOWS\system32\ladyapaw.sys
2008-07-06 17:00:12 0 d-------- C:\Program Files\Stardock Games
2008-07-06 12:52:26 0 d-------- C:\Documents and Settings\LocalService\Desktop
2008-07-06 12:52:19 0 d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-07-06 12:45:14 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-06 12:45:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-07-06 12:44:02 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-07-06 01:01:45 0 d-------- C:\Program Files\EGOSOFT
2008-07-05 01:29:09 36 --a------ C:\WINDOWS\system32\ijzhatde.sys
2008-07-05 01:28:58 24 --a------ C:\WINDOWS\system32\sqjsakaq.sys
2008-07-04 15:08:27 0 d-------- C:\WINDOWS\system32\NtmsData
2008-07-03 20:48:31 0 d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2008-07-03 20:47:18 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-07-03 20:47:18 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-07-03 20:47:18 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-07-03 20:47:18 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-07-03 20:47:18 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-07-03 20:47:18 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-07-03 20:47:18 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-07-03 20:47:18 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-07-03 20:47:18 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-07-03 20:47:18 0 d-------- C:\Documents and Settings\Administrator\Favorites <FAVORI~1>
2008-07-03 20:47:18 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-07-03 20:47:18 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-07-03 20:47:18 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-07-03 20:47:18 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-07-03 20:47:18 0 d-------- C:\Documents and Settings\Administrator\Application Data\Intel
2008-07-03 20:47:18 0 d-------- C:\Documents and Settings\Administrator\Application Data\Gtek
2008-07-03 20:18:42 4 --a------ C:\WINDOWS\system32\hljwugsf.bin
2008-07-03 20:18:40 0 d-------- C:\WINDOWS\system32\vi
2008-07-03 20:18:40 0 d-------- C:\WINDOWS\system32\gI5
2008-07-03 20:09:26 24 --a------ C:\WINDOWS\system32\pzwmaime.sys
2008-07-03 01:44:30 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-07-03 01:40:56 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-03 01:40:37 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-07-02 21:21:56 0 d-------- C:\Documents and Settings\NetworkService\Desktop
2008-07-02 21:16:58 0 d--h----- C:\WINDOWS\PIF
2008-07-02 20:10:59 0 d-------- C:\Temp
2008-07-01 23:04:18 5767168 --a------ C:\Documents and Settings\Ryan Gartner\ntuser.dat
2008-07-01 23:04:18 229376 --a------ C:\Documents and Settings\LocalService\ntuser.dat
2008-06-30 17:48:00 24 --a------ C:\WINDOWS\system32\ciwdaapi.sys
2008-06-30 17:47:21 36 --a------ C:\WINDOWS\system32\ijsgajba.sys
2008-06-30 17:46:44 24 --a------ C:\WINDOWS\system32\pzwlaime.sys
2008-06-22 11:18:53 0 d-------- C:\Documents and Settings\Ryan Gartner\Application Data\Help
2008-06-22 11:15:35 0 d-------- C:\Program Files\TRABULANCE


-- Find3M Report ---------------------------------------------------------------

2008-07-22 07:28:36 0 d-------- C:\Program Files\Common Files
2008-07-21 04:08:22 0 d-------- C:\Program Files\Steam
2008-07-17 06:21:05 0 d-------- C:\Program Files\DAP
2008-07-09 01:58:51 0 d-------- C:\Documents and Settings\Ryan Gartner\Application Data\Adobe
2008-07-07 21:20:35 0 d-------- C:\Program Files\Linksys EasyLink Advisor
2008-07-02 14:00:00 0 d-------- C:\Program Files\Starcraft
2008-07-02 11:54:12 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-01 23:04:29 0 d-------- C:\Program Files\Sierra Entertainment
2008-06-15 19:35:40 0 d-------- C:\Program Files\Diablo II
2008-06-15 19:32:16 21840 --a-----t C:\WINDOWS\system32\SIntfNT.dll
2008-06-15 19:32:16 17212 --a-----t C:\WINDOWS\system32\SIntf32.dll
2008-06-15 19:32:16 12067 --a-----t C:\WINDOWS\system32\SIntf16.dll
2008-06-15 13:51:41 34562 --a------ C:\WINDOWS\DIIUnin.dat
2008-06-15 10:37:58 2829 --a------ C:\WINDOWS\DIIUnin.pif
2008-06-15 10:37:58 94208 --a------ C:\WINDOWS\DIIUnin.exe <Not Verified; Blizzard Entertainment; Diablo II Uninstaller>
2008-06-15 09:50:14 0 d-------- C:\Program Files\OpenAL
2008-06-13 14:26:00 0 d-------- C:\Documents and Settings\Ryan Gartner\Application Data\Sierra Entertainment
2008-06-13 14:15:33 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-09 14:47:05 0 d-------- C:\Documents and Settings\Ryan Gartner\Application Data\vlc
2008-06-07 18:53:00 0 d-------- C:\Program Files\Activision
2008-06-07 18:04:48 0 d-------- C:\Program Files\Common Files\InstallShield
2008-06-03 00:42:16 967 --a------ C:\WINDOWS\ScUnin.pif
2008-06-03 00:42:16 94208 --a------ C:\WINDOWS\ScUnin.exe <Not Verified; Blizzard Entertainment; Starcraft Uninstaller>
2008-06-03 00:42:16 35382 --a------ C:\WINDOWS\scunin.dat
2008-06-02 15:24:27 0 d-------- C:\Program Files\Elaborate Bytes


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{20618412-C528-C784-C056-C164D1F7C502}]
C:\WINDOWS\system32\detxbiua.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2A698452-C5D8-C584-C256-C264C987C5A2}]
C:\WINDOWS\system32\ijdybpaw.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
11/26/2007 10:46 AM 324936 --a------ c:\PROGRA~1\mcafee\msk\mcapbho.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{37A924AF-1A5F-CF21-AB1D-1D5CF82A8A73}]
C:\WINDOWS\system32\zywlcime.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{38093456-9012-4568-9076-908765467183}]
C:\WINDOWS\system32\tisqctyu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3D698451-2015-6358-9871-2015987452D3}]
C:\WINDOWS\system32\apzhctde.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{60A345CD-ABCD-EFAB-CDEF-ABCD01020306}]
C:\WINDOWS\system32\pqzfajke.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7FD45A54-9875-698F-E56E-65102358FDF7}]
C:\WINDOWS\system32\apsggjba.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{97421D0D-E07F-40DF-8F07-99597B9585AD}]
C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B629FF4F-ACDB-5C90-A098-FACB3456A26B}]
C:\WINDOWS\system32\hdf453d.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [07/27/2007 02:00 PM C:\WINDOWS\system32\bthprops.cpl]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [08/23/2007 05:45 PM]
"nwiz"="nwiz.exe" [08/23/2007 05:45 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [08/23/2007 05:45 PM]
"RTHDCPL"="RTHDCPL.EXE" [02/26/2007 09:03 AM C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [05/16/2006 12:04 PM C:\WINDOWS\SkyTel.exe]
"Alcmtr"="ALCMTR.EXE" [05/03/2005 12:43 PM C:\WINDOWS\Alcmtr.exe]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [11/23/2006 01:31 AM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [09/08/2006 06:34 PM]
"LchGKey"="C:\WINDOWS\LchGKey.exe" [04/10/2007 02:44 AM]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [02/21/2007 09:19 PM]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [02/21/2007 09:17 PM]
"Hook"="C:\Program Files\VideoView\StkHK.exe" [07/30/2007 11:31 PM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [11/24/2006 01:10 AM]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [12/06/2006 08:55 AM]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/13/2006 01:40 AM]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [03/27/2008 08:35 AM]
"Zune Launcher"="C:\Program Files\Zune\ZuneLauncher.exe" [04/29/2008 07:56 PM]
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [04/29/2006 03:21 PM]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [11/01/2007 07:12 PM]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [08/24/2007 11:57 PM]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [11/30/2007 05:42 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [12/24/2006 04:05 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [07/27/2007 02:00 PM]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 09:34 PM]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [04/03/2006 05:07 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/24/2005 7:05:26 AM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{7FD45A54-9875-698F-E56E-65102358FDF7}"= C:\WINDOWS\system32\apsggjba.dll [ ]
"{8A041F13-A111-12A3-B0CF-F99818AA68A8}"= C:\WINDOWS\system32\zxmsewin.dll [ ]
"{2A698452-C5D8-C584-C256-C264C987C5A2}"= C:\WINDOWS\system32\ijdybpaw.dll [ ]
"{B629FF4F-ACDB-5C90-A098-FACB3456A26B}"= C:\WINDOWS\system32\hdf453d.dll [ ]
"{7319A1F1-9410-9654-3201-345FFA349137}"= C:\WINDOWS\system32\zywmgime.dll [ ]
"{20618412-C528-C784-C056-C164D1F7C502}"= C:\WINDOWS\system32\detxbiua.dll [ ]
"{37A924AF-1A5F-CF21-AB1D-1D5CF82A8A73}"= C:\WINDOWS\system32\zywlcime.dll [ ]
"{87FD640A-158F-48AC-FD14-1597F14A9778}"= C:\WINDOWS\system32\mndshsrv.dll [ ]
"{6A908760-8000-4000-A000-9000322145A6}"= C:\WINDOWS\system32\akjsfkaq.dll [ ]
"{3D698451-2015-6358-9871-2015987452D3}"= C:\WINDOWS\system32\apzhctde.dll [ ]
"{60A345CD-ABCD-EFAB-CDEF-ABCD01020306}"= C:\WINDOWS\system32\pqzfajke.dll [ ]
"{5A069845-2036-6084-9054-6087502480A5}"= C:\WINDOWS\system32\ozfyebyt.dll [ ]
"{45671234-7890-ABCD-CDEF-567801237654}"= C:\WINDOWS\system32\yxcsdhlp.dll [ ]
"{30618412-C528-C784-C056-C164D1F7C503}"= C:\WINDOWS\system32\detxciua.dll [ ]
"{57AC9076-C898-B098-D098-A18319080975}"= C:\WINDOWS\system32\nhmxejkl.dll [ ]
"{39109876-7619-9101-7012-901938475193}"= C:\WINDOWS\system32\ietzcpaq.dll [ ]
"{38093456-9012-4568-9076-908765467183}"= C:\WINDOWS\system32\tisqctyu.dll [ ]
"{4D698451-2015-6358-9871-2015987452D4}"= C:\WINDOWS\system32\apzhdtde.dll [ ]
"{7C954872-1230-6541-9548-6541025884C7}"= C:\WINDOWS\system32\fd233ds4f3.dll [ ]
"{25FD6584-698F-BCD2-602C-698745210352}"= C:\WINDOWS\system32\rijxbkin.dll [ ]
"{8C8D1401-A58D-A81C-CD24-A5915C4517C8}"= C:\WINDOWS\system32\mnmhhsrv.dll [ ]
"{A1954FAC-1023-154F-895A-1458258AD81A}"= C:\WINDOWS\system32\ypdjhbmp.dll [ ]
"{40618412-C528-C784-C056-C164D1F7C504}"= C:\WINDOWS\system32\detxdiua.dll [ ]
"{97FD640A-158F-48AC-FD14-1597F14A9779}"= C:\WINDOWS\system32\mndsisrv.dll [ ]
"{49109876-7619-9101-7012-901938475194}"= C:\WINDOWS\system32\ietzdpaq.dll [ ]
"{6A069845-2036-6084-9054-6087502480A6}"= C:\WINDOWS\system32\ozfyfbyt.dll [ ]
"{8C954872-1230-6541-9548-6541025884C8}"= C:\WINDOWS\system32\fd233ds4f4.dll [ ]
"{9319A1F1-9410-9654-3201-345FFA349139}"= C:\WINDOWS\system32\zywmiime.dll [ ]
"{C629FF4F-ACDB-5C90-A098-FACB3456A26C}"= C:\WINDOWS\system32\hdf453d1.dll [ ]
"{8FD45A54-9875-698F-E56E-65102358FDF8}"= C:\WINDOWS\system32\apsghjba.dll [ ]
"{50618412-C528-C784-C056-C164D1F7C505}"= C:\WINDOWS\system32\detxeiua.dll [ ]
"{47A924AF-1A5F-CF21-AB1D-1D5CF82A8A74}"= C:\WINDOWS\system32\zywldime.dll [ ]
"{48093456-9012-4568-9076-908765467184}"= C:\WINDOWS\system32\tisqdtyu.dll [ ]
"{A9895933-6636-4281-BC58-EE6DE2AF96E3}"= C:\WINDOWS\system32\ddserh.dll [ ]
"{0B846B26-BFE6-4E8E-A948-1DB17B77B483}"= C:\WINDOWS\system32\tdfhex.dll [ ]
"{73AE86E6-7F03-4C3B-8980-FB1DA157D3C7}"= C:\WINDOWS\system32\fmcvxy.dll [ ]
"{53D44DB6-E22B-4B17-97D3-572C96CCA6E1}"= C:\WINDOWS\system32\zsdgff.dll [ ]
"{461D2AB4-29A5-45C2-9134-D52272D3DE38}"= C:\WINDOWS\system32\rfdswc.dll [ ]
"{6E6CA8A1-81BC-4707-A54C-F4903DD70BAD}"= C:\WINDOWS\system32\zgxfdx.dll [ ]
"{259BF3CF-194D-4FE6-9ADB-DE6544B098B6}"= C:\WINDOWS\system32\dndsaf.dll [ ]
"{4D165A2A-4BC1-4CA8-8299-08E05AAAB5A4}"= C:\WINDOWS\system32\tdggrz.dll [ ]
"{5E907A48-400E-4EA8-9792-FFAE052D59E9}"= C:\WINDOWS\system32\pedadt.dll [ ]
"{0086DD39-EB8E-4504-A085-AC8A433E34D0}"= C:\WINDOWS\system32\ydggsx.dll [ ]
"{28766E1C-74B0-4417-8C75-F12AE309EF35}"= C:\WINDOWS\system32\wzcfsw.dll [ ]
"{EA5D4B0E-B8CE-4761-8C7E-5D26369F0EC6}"= C:\WINDOWS\system32\fsrgeb.dll [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"DesktopWin"= {DA191DE0-AA86-4ED0-4B87-292A3D48BE99} - C:\WINDOWS\AppPatch\DesktopWin.dll [ ]
"ThunderAdvise"= {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=NTNJXSJTVC.dll caotxb.dll jsnoer.dll joliom.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0471f14d-1816-11dd-bc89-00030d000001}]
Auto\command- F:\boot.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL boot.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{36025cb6-1a66-11dd-bc8c-00030d000001}]
Auto\command- G:\Start.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94eb998e-fec7-11dc-bc74-00030d000001}]
Auto\command- F:\boot.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL boot.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cfa4b455-2d03-11dd-bc9a-00030d000001}]
Auto\command- F:\Start.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8b84a24-49cd-11dd-bca6-00030d000001}]
Auto\command- boot.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL boot.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{990B770D-62AE-5421-DA6D-16033B76258C}]
%SystemRoot%\system32\winup.exe



-- Hosts -----------------------------------------------------------------------

202.165.102.205 972.aksjd11.com
202.165.102.205 w3og.cn
203.208.35.100 qazc.fourtw.cn
203.208.35.100 www.aujoy.cn
203.208.35.101 www.hao601.cn
203.208.35.101 www.psp476.cn
72.14.235.99 222.1212l112.net
72.14.235.99 444.1212l112.netn
72.14.235.99 555.1212l112.net
72.14.235.99 111.1212l112.net

8264 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-07-22 13:19:04 ------------



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Core(TM)2 CPU X6800 @ 2.93GHz
CPU 1: Intel(R) Core(TM)2 CPU X6800 @ 2.93GHz
Percentage of Memory in Use: 19%
Physical Memory (total/avail): 2813.98 MiB / 2261.8 MiB
Pagefile Memory (total/avail): 4700.76 MiB / 4212.57 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1927.68 MiB

C: is Fixed (NTFS) - 186.3 GiB total, 25.5 GiB free.
D: is CDROM (No Media)
E: is Fixed (NTFS) - 186.31 GiB total, 75.12 GiB free.
F: is CDROM (No Media)

\\.\PHYSICALDRIVE1 - Hitachi HTS722020K9SA00 - 186.31 GiB - 1 partition
\PARTITION0 - Installable File System - 186.31 GiB - E:

\\.\PHYSICALDRIVE0 - Hitachi HTS722020K9SA00 - 186.31 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 186.3 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: McAfee Personal Firewall v (McAfee)
AV: McAfee VirusScan v (McAfee)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:enabledxpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:Enabledxpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:enabledxpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:Enabled:Windows Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:Enabledxpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqw.exe"="C:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqw.exe:Enabled:Enemy Territory - QUAKE Wars(TM) "
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:EnablednkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:EnablednkBstrB"
"C:\\Program Files\\Electronic Arts\\Battlefield 2142 Deluxe Edition\\BF2142.exe"="C:\\Program Files\\Electronic Arts\\Battlefield 2142 Deluxe Edition\\BF2142.exe:Enabled:Battlefield 2142"
"C:\\Program Files\\Gravity\\RO\\GatheringRO-Patcher.exe"="C:\\Program Files\\Gravity\\RO\\GatheringRO-Patcher.exe:Enabled:GatheringRO-Patcher"
"C:\\Program Files\\Gravity\\RO\\Ragnarok.exe"="C:\\Program Files\\Gravity\\RO\\Ragnarok.exe:Enabled:Ragnarok Online"
"C:\\Program Files\\Starcraft\\StarCraft.exe"="C:\\Program Files\\Starcraft\\StarCraft.exe:Enabledtarcraft - Brood War"
"C:\\Program Files\\Steam\\steam.exe"="C:\\Program Files\\Steam\\steam.exe:Enabledteam"
"C:\\Program Files\\AGEIA Technologies\\bin\\TrayIcon.exe"="C:\\Program Files\\AGEIA Technologies\\bin\\TrayIcon.exe:Enabled:AGEIA PhysX System Tray Icon"
"C:\\Program Files\\Sierra Entertainment\\Empire Earth III\\EE3.exe"="C:\\Program Files\\Sierra Entertainment\\Empire Earth III\\EE3.exeisabled:Empire Earth III"
"C:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqwded.exe"="C:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqwded.exeisabled:etqwded.exe"
"C:\\Program Files\\Ubisoft\\THE SETTLERS - Rise of an Empire\\base\\bin\\Settlers6.exe"="C:\\Program Files\\Ubisoft\\THE SETTLERS - Rise of an Empire\\base\\bin\\Settlers6.exeisabled:THE SETTLERS - Rise of an Empire"
"C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic.exe"="C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic.exeisabled:World in Conflict"
"C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"="C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_ds.exeisabled:World in Conflict - Dedicated Server"
"C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_online.exe"="C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_online.exeisabled:World in Conflict - Online Only"
"C:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"="C:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe:Enabledins of a Solar Empire"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:Enabled:avgemc.exe"
"C:\\Program Files\\CCP\\EVE\\bin\\ExeFile.exe"="C:\\Program Files\\CCP\\EVE\\bin\\ExeFile.exe:Enabled:CCP ExeFile"
"C:\\Program Files\\Steam\\steamapps\\common\\universe at war earth assault\\UAWEA.exe"="C:\\Program Files\\Steam\\steamapps\\common\\universe at war earth assault\\UAWEA.exe:Enabled:Universe at War: Earth Assault Application"
"C:\\Program Files\\DAP\\DAP.exe"="C:\\Program Files\\DAP\\DAP.exe:Enabledownload Accelerator Plus (DAP)"
"C:\\Program Files\\Steam\\steamapps\\nightshadewolf\\day of defeat source\\hl2.exe"="C:\\Program Files\\Steam\\steamapps\\nightshadewolf\\day of defeat source\\hl2.exe:Enabled:hl2"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Ryan Gartner\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=RYAN-F15720B3EA
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Ryan Gartner
LOGONSERVER=\\RYAN-F15720B3EA
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\RYANGA~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\RYANGA~1\LOCALS~1\Temp
USERDOMAIN=RYAN-F15720B3EA
USERNAME=Ryan Gartner
USERPROFILE=C:\Documents and Settings\Ryan Gartner
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Ryan Gartner (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Documents and Settings\Ryan Gartner\Local Settings\Application Data\{0E8E33D8-193A-414A-A909-0F101A142D26}\setup.exe
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> MsiExec /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
AGEIA PhysX v7.11.13 --> MsiExec.exe /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
Battlefield 2142 Deluxe Edition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}\setup.exe" -l0x9 -removeonly
BitComet 1.00 --> C:\Program Files\BitComet\uninst.exe
BlueSoleil --> MsiExec.exe /X{DD7DBE40-889C-4674-8EE5-76C094C31F75}
Cataclysm --> C:\Sierra\CATACL~1\UNINST~1\UNWISE.EXE C:\Sierra\CATACL~1\UNINST~1\INSTALL.LOG
Command & Conquer 3 --> MsiExec.exe /I{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}
Command & Conquer™ 3: Kane's Wrath --> MsiExec.exe /I{CC2422C9-F7B5-4175-B295-5EC2283AA674}
Day of Defeat: Source --> "C:\Program Files\Steam\steam.exe" steam://uninstall/300
Diablo II --> C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Download Accelerator Plus (DAP) --> C:\PROGRA~1\DAP\DAPREMOVE.EXE
Empire Earth III --> C:\Program Files\InstallShield Installation Information\{B17E235C-7A3B-4482-B650-21FFDE1D452E}\setup.exe -runfromtemp -l0x0009 -removeonly
Enemy Territory - QUAKE Wars(TM) --> C:\Program Files\InstallShield Installation Information\{B7A585C8-CE4E-4150-84C6-A13C3CB1379F}\setup.exe -runfromtemp -l0x0409
Enemy Territory - QUAKE Wars(TM) 1.4 Patch --> C:\Program Files\InstallShield Installation Information\{BCA71D05-6BC9-4735-BA3F-7218EBE6A023}\setup.exe -runfromtemp -l0x0409
ESET Online Scanner --> C:\WINDOWS\system32\OnlineScannerUninstaller.exe
EVE-ONLINE (remove only) --> C:\Program Files\CCP\EVE\Uninstall.exe
Fraps (remove only) --> "C:\Fraps\uninstall.exe"
Frontlines: Fuel of War --> "C:\Program Files\Steam\steam.exe" steam://uninstall/9460
Galactic Civilizations II - Gold Edition --> C:\PROGRA~1\Stardock\TOTALG~1\GalCiv2\UNWISE.EXE C:\PROGRA~1\Stardock\TOTALG~1\GalCiv2\INSTALL.LOG
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Homeworld --> C:\Sierra\HOMEWO~1\UNINST~1\UNWISE.EXE C:\Sierra\HOMEWO~1\UNINST~1\INSTALL.LOG
Homeworld2 --> C:\Program Files\Sierra\Homeworld2\uninstall.exe
Intel(R) PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
Linksys EasyLink Advisor 1.5 (1010) --> rundll32 C:\PROGRA~1\LINKSY~1\AUInst.dll,ExUninstall
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver --> MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
mDrWiFi --> MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mHelp --> MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Motorola SM56 Data Fax Modem --> rundll32.exe sm56co6a.dll,SM56UnInstaller
Mozilla Firefox (2.0.0.13) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mSCfg --> MsiExec.exe /I{829CD169-E692-48E8-9BDE-A3E8D8B65538}
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
Multimedia Keyboard Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F385F486-C1BC-4350-8837-6F17761134B5}\Setup.exe" -l0x9
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Nero 7 Essentials --> MsiExec.exe /X{ADD9E56D-2DD8-448A-8887-B3AF76AB1033}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Ragnarok Online --> "C:\WINDOWS\IFinst27.exe" -UC:\Program Files\Gravity\RO\IFU3B.inf
Ragnarok Sakray --> "C:\WINDOWS\IFinst27.exe" -UC:\Program Files\Gravity\RO\IFU3A.inf
Real Alternative 1.52 --> "C:\Program Files\Real Alternative\unins000.exe"
REALTEK GbE & FE Ethernet PCI-E NIC Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\setup.exe" -l0x9 -removeonly
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Scorched3D 41.3 --> C:\Program Files\Scorched3D\uninst.exe
Sins of a Solar Empire --> "C:\Documents and Settings\Ryan Gartner\Local Settings\Application Data\{0E8E33D8-193A-414A-A909-0F101A142D26}\setup.exe" REMOVE=TRUE MODIFY=FALSE
Starcraft --> C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
Stardock Central --> C:\PROGRA~1\Stardock\SDCENT~1\UNWISE.EXE C:\PROGRA~1\Stardock\SDCENT~1\INSTALL.LOG
Steam --> C:\PROGRA~1\Steam\UNWISE.EXE C:\PROGRA~1\Steam\INSTALL.LOG
STK1135 PC Camera --> C:\Program Files\InstallShield Installation Information\{6A92D7DC-DC2A-42B0-8FC0-F162B1CFDFD3}\setup.exe -runfromtemp -l0x0009 -removeonly
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Team Fortress 2 --> "C:\Program Files\Steam\steam.exe" steam://uninstall/440
Texas Instruments PCIxx21/x515/xx12 drivers. --> C:\Program Files\InstallShield Installation Information\{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}\setup.exe -runfromtemp -l0x0409
THE SETTLERS - Rise of an Empire --> "C:\Program Files\InstallShield Installation Information\{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}\setup.exe" -runfromtemp -l0x0009 -removeonly
Universe at War: Earth Assault --> "C:\Program Files\Steam\steam.exe" steam://uninstall/10430
VirtualCloneDrive --> "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\vcd-uninst.exe" /D="C:\Program Files\Elaborate Bytes\VirtualCloneDrive"
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Driver Package - Microsoft WPD (8/28/2006 1.0.0.2) --> rundll32.exe C:\PROGRA~1\DIFX\7AA84A78695B31A503D9537A76801D74E0FD14BD\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\WINDOWS\system32\DRVSTORE\Zune_9C3D37D5063B767B2FEA1899B50894F1AC95FAA6\Zune.inf
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
World in Conflict --> C:\Program Files\InstallShield Installation Information\{F11ADC64-C89E-47F4-A0B3-3665FF859397}\setup.exe -runfromtemp -l0x0009 -removeonly
X3 REUNION --> MsiExec.exe /I{A8E414A8-9E31-40E6-B13B-5F1FCA00EF9F}
Zune --> MsiExec.exe /X{ED55BFEF-90F3-4926-9536-D94FDBBF65DC}


-- Application Event Log -------------------------------------------------------

Event Record #/Type2621 / Error
Event Submitted/Written: 07/22/2008 01:51:19 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [!ws!]

Event Record #/Type2613 / Error
Event Submitted/Written: 07/22/2008 01:43:05 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [!ws!]

Event Record #/Type2598 / Error
Event Submitted/Written: 07/21/2008 03:01:55 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application DAP.exe, version 8.6.2.4, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type2597 / Error
Event Submitted/Written: 07/21/2008 07:59:25 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application dap.exe, version 8.6.2.4, faulting module unknown, version 0.0.0.0, fault address 0x68542f72.
Processing media-specific event for [dap.exe!ws!]

Event Record #/Type2596 / Error
Event Submitted/Written: 07/21/2008 00:16:32 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application DAP.exe, version 8.6.2.4, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type7698 / Error
Event Submitted/Written: 07/22/2008 01:15:49 PM
Event ID/Source: 7032 / Service Control Manager
Event Description:
The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error:
%%1056

Event Record #/Type7681 / Error
Event Submitted/Written: 07/22/2008 01:14:27 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register with DCOM within the required timeout.

Event Record #/Type7677 / Error
Event Submitted/Written: 07/22/2008 01:14:00 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Zune Network Sharing Service service terminated with the following error:
%%1008

Event Record #/Type7676 / Error
Event Submitted/Written: 07/22/2008 01:13:58 PM
Event ID/Source: 29 / W32Time
Event Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 15 minutes.
NtpClient has no source of accurate time.

Event Record #/Type7675 / Error
Event Submitted/Written: 07/22/2008 01:13:58 PM
Event ID/Source: 17 / W32Time
Event Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)



-- End of Deckard's System Scanner: finished at 2008-07-22 13:19:04 ------------


UNINSTALL LIST

Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Reader 7.0.8
AGEIA PhysX v7.11.13
Battlefield 2142 Deluxe Edition
BitComet 1.00
BlueSoleil
Cataclysm
Command & Conquer 3
Command & Conquer™ 3: Kane's Wrath
Day of Defeat: Source
Diablo II
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Download Accelerator Plus (DAP)
Empire Earth III
Enemy Territory - QUAKE Wars(TM)
Enemy Territory - QUAKE Wars(TM) 1.4 Patch
ESET Online Scanner
EVE-ONLINE (remove only)
Fraps (remove only)
Frontlines: Fuel of War
Galactic Civilizations II - Gold Edition
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Homeworld
Homeworld2
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Intel(R) PROSet/Wireless Software
Linksys EasyLink Advisor 1.5 (1010)
Malwarebytes' Anti-Malware
McAfee SecurityCenter
mCore
mDriver
mDrWiFi
mHelp
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
mIWA
mLogView
mMHouse
Motorola SM56 Data Fax Modem
Mozilla Firefox (2.0.0.13)
mPfMgr
mPfWiz
mProSafe
mSCfg
MSN
Multimedia Keyboard Driver
mWlsSafe
mZConfig
Nero 7 Essentials
NVIDIA Drivers
PowerDVD
Ragnarok Online
Ragnarok Sakray
Real Alternative 1.52
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Scorched3D 41.3
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Starcraft
Stardock Central
Steam
STK1135 PC Camera
Synaptics Pointing Device Driver
Team Fortress 2
Texas Instruments PCIxx21/x515/xx12 drivers.
THE SETTLERS - Rise of an Empire
Universe at War: Earth Assault
Update for Windows XP (KB898461)
Update for Windows XP (KB904942)
VirtualCloneDrive
Winamp
Windows Driver Package - Microsoft WPD (8/28/2006 1.0.0.2)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
WinRAR archiver
World in Conflict
X3 REUNION
Zune


Thanks for spending whatever time you do trying to figure this out.

Well . . . That's a mess! You are probably right to suspect a bad pen drive, but that was probably only a small contributor.
Frankly, in cases such as this, a reformat and clean install is easier than trying to remove the mess since things might never get back to "normal." However, if you want to try, we can give it a go - just continue with the step below:

Please follow the steps in the linky below to run combofix and post that log for me:

How To Use ComboFix


Best Luck
PP

I must say, combofix may have done it. I have access to all files that gave me rundll32 errors, I can view my system information again and my sound drivers are back how they should be. One thing...I thought I had installed the recovery console but combofix apparently didnt detect it so I ran it again using the downloaded file just incase it would ever be needed again. Here is the log of the first time

ComboFix 08-07-21.2 - Ryan Gartner 2008-07-22 22:14:09.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2300 [GMT 2:00]
Running from: C:\Documents and Settings\Ryan Gartner\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Ryan Gartner\services.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\accesss.exe
C:\WINDOWS\astctl32.ocx
C:\WINDOWS\avpcc.dll
C:\WINDOWS\clrssn.exe
C:\WINDOWS\cpan.dll
C:\WINDOWS\ctfmon32.exe
C:\WINDOWS\ctrlpan.dll
C:\WINDOWS\directx32.exe
C:\WINDOWS\dnsrelay.dll
C:\WINDOWS\editpad.exe
C:\WINDOWS\explore.exe
C:\WINDOWS\explorer32.exe
C:\WINDOWS\funniest.exe
C:\WINDOWS\funny.exe
C:\WINDOWS\gfmnaaa.dll
C:\WINDOWS\helpcvs.exe
C:\WINDOWS\iedll.exe
C:\WINDOWS\iexplorer.exe
C:\WINDOWS\inetinf.exe
C:\WINDOWS\internet.exe
C:\WINDOWS\loader.exe
C:\WINDOWS\msconfd.dll
C:\WINDOWS\msspi.dll
C:\WINDOWS\mssys.exe
C:\WINDOWS\msupdate.exe
C:\WINDOWS\mswsc10.dll
C:\WINDOWS\mswsc20.dll
C:\WINDOWS\mtwirl32.dll
C:\WINDOWS\notepad32.exe
C:\WINDOWS\olehelp.exe
C:\WINDOWS\qttasks.exe
C:\WINDOWS\quicken.exe
C:\WINDOWS\rundll16.exe
C:\WINDOWS\searchword.dll
C:\WINDOWS\sistem.exe
C:\WINDOWS\svchost32.exe
C:\WINDOWS\svcinit.exe
C:\WINDOWS\systeem.exe
C:\WINDOWS\system32\btfunc.dll
C:\WINDOWS\system32\cgsqatyu.sys
C:\WINDOWS\system32\ciwdaapi.sys
C:\WINDOWS\system32\dndsaf.dll.LoG
C:\WINDOWS\system32\drivers\HBKernel.sys
C:\WINDOWS\system32\dtzfajke.sys
C:\WINDOWS\system32\fstlbsys.sys
C:\WINDOWS\system32\fxcbbime.sys
C:\WINDOWS\system32\fxwlbime.sys
C:\WINDOWS\system32\fxwmbime.sys
C:\WINDOWS\system32\fxzxbime.sys
C:\WINDOWS\system32\fzmsbwin.sys
C:\WINDOWS\system32\gajzalit.sys
C:\WINDOWS\system32\gpsgajba.sys
C:\WINDOWS\system32\gpzhatde.sys
C:\WINDOWS\system32\gsdhadwd.sys
C:\WINDOWS\system32\hljwugsf.bin
C:\WINDOWS\system32\ijsgajba.sys
C:\WINDOWS\system32\ijzhatde.sys
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\pmjhbhlp.sys
C:\WINDOWS\system32\pzdyapaw.sys
C:\WINDOWS\system32\pzwlaime.sys
C:\WINDOWS\system32\pzwmaime.sys
C:\WINDOWS\system32\rnmxajkl.sys
C:\WINDOWS\system32\sdjsakaq.sys
C:\WINDOWS\system32\smhxbbyt.sys
C:\WINDOWS\system32\smmhbsrv.sys
C:\WINDOWS\system32\spmybapi.sys
C:\WINDOWS\system32\spwdbapi.sys
C:\WINDOWS\system32\sqjsakaq.sys
C:\WINDOWS\system32\tdfhex.dll.LoG
C:\WINDOWS\system32\tdggrz.dll.LoG
C:\WINDOWS\system32\wymxajkl.sys
C:\WINDOWS\system32\xsdjbbmp.sys
C:\WINDOWS\system32\xzcsbhlp.sys
C:\WINDOWS\systemcritical.exe
C:\WINDOWS\time.exe
C:\WINDOWS\users32.exe
C:\WINDOWS\waol.exe
C:\WINDOWS\win32e.exe
C:\WINDOWS\win64.exe
C:\WINDOWS\winajbm.dll
C:\WINDOWS\window.exe
C:\WINDOWS\winmgnt.exe
C:\WINDOWS\x.exe
C:\WINDOWS\xplugin.dll
C:\WINDOWS\xxxvideo.hta
C:\WINDOWS\y.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_HBKERNEL
-------\Service_HBKernel


((((((((((((((((((((((((( Files Created from 2008-06-22 to 2008-07-22 )))))))))))))))))))))))))))))))
.

2008-07-22 19:02 . 2008-07-22 19:02 <DIR> d-------- C:\WINDOWS\system32\modtrux18
2008-07-22 13:17 . 2008-07-22 13:17 <DIR> d-------- C:\Deckard
2008-07-22 11:46 . 2008-07-22 12:20 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-07-22 10:44 . 2008-07-22 19:02 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-22 10:44 . 2008-07-22 10:44 <DIR> d-------- C:\Documents and Settings\Ryan Gartner\Application Data\Malwarebytes
2008-07-22 10:44 . 2008-07-22 10:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-22 07:31 . 2008-07-22 15:48 8,983 --a------ C:\WINDOWS\system32\Config.MPF
2008-07-22 07:30 . 2008-07-22 07:30 <DIR> d-------- C:\Program Files\SiteAdvisor
2008-07-22 07:30 . 2008-07-22 07:30 <DIR> d-------- C:\Documents and Settings\Ryan Gartner\Application Data\SiteAdvisor
2008-07-22 07:30 . 2008-07-22 07:30 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-07-22 07:30 . 2006-03-03 08:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2008-07-22 07:29 . 2007-11-22 06:44 201,320 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-07-22 07:29 . 2007-11-22 06:44 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-07-22 07:29 . 2007-12-02 12:51 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-07-22 07:29 . 2007-11-22 06:44 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-07-22 07:29 . 2007-11-22 06:44 33,832 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-07-22 07:28 . 2008-07-22 07:28 <DIR> d-------- C:\Program Files\McAfee.com
2008-07-22 07:28 . 2008-07-22 20:54 <DIR> d-------- C:\Program Files\McAfee
2008-07-22 07:28 . 2008-07-22 07:28 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-07-22 07:28 . 2007-07-13 06:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-07-22 07:16 . 2008-07-22 07:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-07-22 03:02 . 2008-07-22 03:02 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-22 01:46 . 2008-07-22 01:46 <DIR> d-------- C:\Program Files\Common Files\INCA Shared
2008-07-21 18:03 . 2008-07-21 18:03 <DIR> d-------- C:\Program Files\Codemasters
2008-07-20 13:55 . 2008-07-20 13:56 <DIR> d-------- C:\Program Files\Zune
2008-07-20 13:55 . 2008-03-21 13:57 14,640 --------- C:\WINDOWS\system32\spmsgXP_2k3.dll
2008-07-20 13:55 . 2008-07-20 13:55 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2008-07-20 13:55 . 2008-07-20 13:55 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_zumbus_01007.Wdf
2008-07-16 16:58 . 2008-07-16 16:58 <DIR> d-------- C:\Program Files\Sierra On-Line
2008-07-16 16:42 . 2008-07-16 16:42 <DIR> d-------- C:\Program Files\Sierra
2008-07-11 23:06 . 2008-07-14 01:13 8 --a------ C:\WINDOWS\system32\Update.dat
2008-07-08 00:27 . 2008-07-08 00:27 36 --a------ C:\WINDOWS\system32\qbhxaklo.sys
2008-07-08 00:27 . 2008-07-08 00:27 24 --a------ C:\WINDOWS\system32\ngjxakin.sys
2008-07-08 00:21 . 2008-07-08 00:21 20 --a------ C:\WINDOWS\system32\ladyapaw.sys
2008-07-06 17:00 . 2008-07-06 17:00 <DIR> d-------- C:\Program Files\Stardock Games
2008-07-06 12:52 . 2008-07-22 07:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-07-06 12:45 . 2008-07-06 12:45 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-07-06 12:44 . 2008-07-22 07:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-07-06 09:05 . 2008-07-06 09:05 223,942 --a------ C:\AnalysisLog.sr0
2008-07-06 01:01 . 2008-07-06 01:01 <DIR> d-------- C:\Program Files\EGOSOFT
2008-07-04 15:08 . 2008-07-04 15:08 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-07-03 20:48 . 2008-07-03 20:49 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2008-07-03 20:47 . 2007-12-05 05:15 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Intel
2008-07-03 20:47 . 2008-04-10 03:17 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Gtek
2008-07-03 20:47 . 2008-07-03 20:47 <DIR> d-------- C:\Documents and Settings\Administrator
2008-07-03 20:18 . 2008-07-04 16:10 <DIR> d-------- C:\WINDOWS\system32\vi
2008-07-03 20:18 . 2008-07-08 17:29 <DIR> d-------- C:\WINDOWS\system32\gI5
2008-07-03 01:40 . 2008-07-21 18:14 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-03 01:40 . 2008-07-03 01:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-07-02 21:16 . 2008-07-02 21:16 <DIR> d--h----- C:\WINDOWS\PIF
2008-07-02 20:20 . 2008-07-02 20:20 9,936 --a------ C:\WINDOWS\system32\awtsRKAt.dll
2008-07-02 20:10 . 2008-07-02 20:10 <DIR> d-------- C:\Temp\syschk3
2008-07-02 20:10 . 2008-07-22 22:14 <DIR> d-------- C:\Temp
2008-07-02 19:30 . 2007-07-31 04:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-07-02 19:30 . 2007-07-31 04:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-07-02 19:30 . 2007-07-31 04:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-06-22 11:15 . 2008-06-22 11:15 <DIR> d-------- C:\Program Files\TRABULANCE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-21 02:08 --------- d-----w C:\Program Files\Steam
2008-07-17 04:21 --------- d-----w C:\Program Files\DAP
2008-07-07 19:20 --------- d-----w C:\Program Files\Linksys EasyLink Advisor
2008-07-02 12:00 --------- d-----w C:\Program Files\Starcraft
2008-07-02 09:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-01 21:04 --------- d-----w C:\Program Files\Sierra Entertainment
2008-06-19 17:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Age of Empires 3
2008-06-15 17:35 --------- d-----w C:\Program Files\Diablo II
2008-06-15 08:37 94,208 ----a-w C:\WINDOWS\DIIUnin.exe
2008-06-15 08:37 2,829 ----a-w C:\WINDOWS\DIIUnin.pif
2008-06-15 07:50 --------- d-----w C:\Program Files\OpenAL
2008-06-13 12:26 --------- d-----w C:\Documents and Settings\Ryan Gartner\Application Data\Sierra Entertainment
2008-06-13 12:15 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-11 18:18 278,728 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2008-06-11 18:18 25,416 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys
2008-06-09 12:47 --------- d-----w C:\Documents and Settings\Ryan Gartner\Application Data\vlc
2008-06-07 16:53 --------- d-----w C:\Program Files\Activision
2008-06-07 16:04 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-02 22:42 94,208 ----a-w C:\WINDOWS\ScUnin.exe
2008-06-02 13:24 --------- d-----w C:\Program Files\Elaborate Bytes
2008-04-06 20:19 22,328 ----a-w C:\Documents and Settings\Ryan Gartner\Application Data\PnkBstrK.sys
2004-08-08 22:27 520 --sh--w C:\WINDOWS\system32\erjxakin.sys
2004-08-08 23:33 3,640 --sh--w C:\WINDOWS\system32\ictxaiua.sys
2004-08-08 23:33 1,040 --sh--w C:\WINDOWS\system32\nttzapaq.sys
2004-08-08 23:33 1,040 --sh--w C:\WINDOWS\system32\smdsbsrv.sys
2004-08-08 23:34 1,040 --sh--w C:\WINDOWS\system32\snfybbyt.sys
2004-08-08 22:27 520 --sh--w C:\WINDOWS\system32\vlhxaklo.sys
2004-08-08 22:19 520 --sh--w C:\WINDOWS\system32\xbfsbjbo.sys
2004-08-08 22:20 1,040 --sh--w C:\WINDOWS\system32\xscqbhlp.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-24 04:05 143360]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-07-27 14:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 21:34 5724184]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2006-04-03 05:07 389120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-08-23 17:45 8478720]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-08-23 17:45 81920]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-23 01:31 630784]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-09-08 18:34 815104]
"LchGKey"="C:\WINDOWS\LchGKey.exe" [2007-04-10 02:44 36864]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 21:19 819200]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 21:17 970752]
"Hook"="C:\Program Files\VideoView\StkHK.exe" [2007-07-30 23:31 40960]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-24 01:10 56928]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 08:55 54832]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-13 01:40 155648]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-03-27 08:35 36352]
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 15:21 94208]
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [2008-04-29 19:56 158624]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2007-07-27 14:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"nwiz"="nwiz.exe" [2007-08-23 17:45 1626112 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-02-26 09:03 16125440 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 07:05:26 29696]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqw.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Electronic Arts\\Battlefield 2142 Deluxe Edition\\BF2142.exe"=
"C:\\Program Files\\Gravity\\RO\\GatheringRO-Patcher.exe"=
"C:\\Program Files\\Gravity\\RO\\Ragnarok.exe"=
"C:\\Program Files\\Starcraft\\StarCraft.exe"=
"C:\\Program Files\\Steam\\steam.exe"=
"C:\\Program Files\\AGEIA Technologies\\bin\\TrayIcon.exe"=
"C:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqwded.exe"=
"C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic.exe"=
"C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"=
"C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_online.exe"=
"C:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"C:\\Program Files\\CCP\\EVE\\bin\\ExeFile.exe"=
"C:\\Program Files\\Steam\\steamapps\\common\\universe at war earth assault\\UAWEA.exe"=
"C:\\Program Files\\DAP\\DAP.exe"=
"C:\\Program Files\\Steam\\steamapps\\nightshadewolf\\day of defeat source\\hl2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13936:TCP"= 13936:TCP:BitComet 13936 TCP
"13936:UDP"= 13936:UDP:BitComet 13936 UDP

R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;C:\WINDOWS\System32\StkCSrv.exe [2007-04-20 00:42]
R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-04-29 19:39]
R2 ZuneBusEnum;Zune Bus Enumerator;c:\WINDOWS\system32\ZuneBusEnum.exe [2008-04-29 19:56]
S2 cdralw;NVIDIA Compatible Windows Miniport Driver;C:\WINDOWS\system32\DRIVERS\nvmini.sys []
S3 eth8023;eth8023;C:\WINDOWS\system32\drivers\eth8023.sys []
S3 StkCMini;Syntek AVStream USB2.0 2M WebCam;C:\WINDOWS\system32\Drivers\StkCMini.sys [2007-06-28 01:44]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-04-29 19:56]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0471f14d-1816-11dd-bc89-00030d000001}]
\Shell\Auto\command - F:\boot.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL boot.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{36025cb6-1a66-11dd-bc8c-00030d000001}]
\Shell\Auto\command - G:\Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94eb998e-fec7-11dc-bc74-00030d000001}]
\Shell\Auto\command - F:\boot.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL boot.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cfa4b455-2d03-11dd-bc9a-00030d000001}]
\Shell\Auto\command - F:\Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8b84a24-49cd-11dd-bca6-00030d000001}]
\Shell\Auto\command - boot.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL boot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{990B770D-62AE-5421-DA6D-16033B76258C}]
%SystemRoot%\system32\winup.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-07-22 05:28:47 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-07-22 05:28:45 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-AVG7_CC - C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
HKLM-Run-HBmhly - C:\WINDOWS\system32\HBmhly.exe
HKU-Default-Run-AVG7_Run - C:\PROGRA~1\Grisoft\AVG7\avgw.exe
ShellExecuteHooks-{30618412-C528-C784-C056-C164D1F7C503} - C:\WINDOWS\system32\detxciua.dll
ShellExecuteHooks-{9319A1F1-9410-9654-3201-345FFA349139} - C:\WINDOWS\system32\zywmiime.dll
ShellExecuteHooks-{C629FF4F-ACDB-5C90-A098-FACB3456A26C} - C:\WINDOWS\system32\hdf453d1.dll
ShellExecuteHooks-{8FD45A54-9875-698F-E56E-65102358FDF8} - C:\WINDOWS\system32\apsghjba.dll
ShellExecuteHooks-{50618412-C528-C784-C056-C164D1F7C505} - C:\WINDOWS\system32\detxeiua.dll
ShellExecuteHooks-{47A924AF-1A5F-CF21-AB1D-1D5CF82A8A74} - C:\WINDOWS\system32\zywldime.dll
ShellExecuteHooks-{48093456-9012-4568-9076-908765467184} - C:\WINDOWS\system32\tisqdtyu.dll
ShellExecuteHooks-{73AE86E6-7F03-4C3B-8980-FB1DA157D3C7} - C:\WINDOWS\system32\fmcvxy.dll
ShellExecuteHooks-{53D44DB6-E22B-4B17-97D3-572C96CCA6E1} - C:\WINDOWS\system32\zsdgff.dll
ShellExecuteHooks-{5E907A48-400E-4EA8-9792-FFAE052D59E9} - C:\WINDOWS\system32\pedadt.dll
ShellExecuteHooks-{0086DD39-EB8E-4504-A085-AC8A433E34D0} - C:\WINDOWS\system32\ydggsx.dll
ShellExecuteHooks-{7914E0AA-ECCB-4311-B584-C49538227824} - C:\WINDOWS\system32\jhfrxz.dll
SSODL-DesktopWin-{DA191DE0-AA86-4ED0-4B87-292A3D48BE99} - C:\WINDOWS\AppPatch\DesktopWin.dll


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = about:blank
O8 -: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 -: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 -: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 -: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206
O18 -: Name-Space Handler: FTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\PROGRA~1\DAP\dapie.dll
O18 -: Name-Space Handler: HTTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\PROGRA~1\DAP\dapie.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-22 22:17:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\CleGameKey\Driver\ZClevoGKY.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Zune\ZuneNss.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
.
**************************************************************************
.
Completion time: 2008-07-22 22:21:40 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-22 20:21:37

Pre-Run: 27,029,389,312 bytes free
Post-Run: 26,963,234,816 bytes free

348

And this is when I installed the recovery console.

ComboFix 08-07-21.2 - Ryan Gartner 2008-07-22 22:35:19.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2270 [GMT 2:00]
Running from: C:\Documents and Settings\Ryan Gartner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Ryan Gartner\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\caotxb.dll
C:\WINDOWS\system32\cedafb.dll
C:\WINDOWS\system32\ddserh.dll
C:\WINDOWS\system32\fsrgeb.dll
C:\WINDOWS\system32\googleons.dll
C:\WINDOWS\system32\hhrdxd.dll
C:\WINDOWS\system32\jfrwdh.dll
C:\WINDOWS\system32\jsnoer.dll
C:\WINDOWS\system32\rfdswc.dll
C:\WINDOWS\system32\sgdewg.dll
C:\WINDOWS\system32\tdfhex.dll
C:\WINDOWS\system32\welycz.dll
C:\WINDOWS\system32\zgxfdx.dll
C:\WINDOWS\system32\zycdex.dll

.
((((((((((((((((((((((((( Files Created from 2008-06-22 to 2008-07-22 )))))))))))))))))))))))))))))))
.

2008-07-22 22:33 . 2008-07-22 22:33 36,864 --a------ C:\WINDOWS\system32\mssetd.dll
2008-07-22 22:33 . 2008-07-22 22:33 24,576 --a------ C:\WINDOWS\system32\wcnonpe.dll
2008-07-22 22:33 . 2008-07-22 22:33 24,576 --a------ C:\WINDOWS\system32\myusemt.dll
2008-07-22 22:33 . 2008-07-22 22:33 24,576 --a------ C:\WINDOWS\system32\longasus.dll
2008-07-22 22:33 . 2008-07-22 22:33 14,336 --a------ C:\WINDOWS\system32\mssetdk.exe
2008-07-22 19:02 . 2008-07-22 19:02 <DIR> d-------- C:\WINDOWS\system32\modtrux18
2008-07-22 13:17 . 2008-07-22 13:17 <DIR> d-------- C:\Deckard
2008-07-22 11:46 . 2008-07-22 12:20 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-07-22 10:44 . 2008-07-22 19:02 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-22 10:44 . 2008-07-22 10:44 <DIR> d-------- C:\Documents and Settings\Ryan Gartner\Application Data\Malwarebytes
2008-07-22 10:44 . 2008-07-22 10:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-22 07:31 . 2008-07-22 15:48 8,983 --a------ C:\WINDOWS\system32\Config.MPF
2008-07-22 07:30 . 2008-07-22 07:30 <DIR> d-------- C:\Program Files\SiteAdvisor
2008-07-22 07:30 . 2008-07-22 07:30 <DIR> d-------- C:\Documents and Settings\Ryan Gartner\Application Data\SiteAdvisor
2008-07-22 07:30 . 2008-07-22 07:30 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-07-22 07:30 . 2006-03-03 08:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2008-07-22 07:29 . 2007-11-22 06:44 201,320 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-07-22 07:29 . 2007-11-22 06:44 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-07-22 07:29 . 2007-12-02 12:51 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-07-22 07:29 . 2007-11-22 06:44 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-07-22 07:29 . 2007-11-22 06:44 33,832 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-07-22 07:28 . 2008-07-22 07:28 <DIR> d-------- C:\Program Files\McAfee.com
2008-07-22 07:28 . 2008-07-22 20:54 <DIR> d-------- C:\Program Files\McAfee
2008-07-22 07:28 . 2008-07-22 07:28 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-07-22 07:28 . 2007-07-13 06:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-07-22 07:16 . 2008-07-22 07:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-07-22 03:02 . 2008-07-22 03:02 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-22 01:46 . 2008-07-22 01:46 <DIR> d-------- C:\Program Files\Common Files\INCA Shared
2008-07-21 18:03 . 2008-07-21 18:03 <DIR> d-------- C:\Program Files\Codemasters
2008-07-20 13:55 . 2008-07-20 13:56 <DIR> d-------- C:\Program Files\Zune
2008-07-20 13:55 . 2008-03-21 13:57 14,640 --------- C:\WINDOWS\system32\spmsgXP_2k3.dll
2008-07-20 13:55 . 2008-07-20 13:55 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2008-07-20 13:55 . 2008-07-20 13:55 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_zumbus_01007.Wdf
2008-07-16 16:58 . 2008-07-16 16:58 <DIR> d-------- C:\Program Files\Sierra On-Line
2008-07-16 16:42 . 2008-07-16 16:42 <DIR> d-------- C:\Program Files\Sierra
2008-07-11 23:06 . 2008-07-14 01:13 8 --a------ C:\WINDOWS\system32\Update.dat
2008-07-08 00:27 . 2008-07-08 00:27 36 --a------ C:\WINDOWS\system32\qbhxaklo.sys
2008-07-08 00:27 . 2008-07-08 00:27 24 --a------ C:\WINDOWS\system32\ngjxakin.sys
2008-07-08 00:21 . 2008-07-08 00:21 20 --a------ C:\WINDOWS\system32\ladyapaw.sys
2008-07-06 17:00 . 2008-07-06 17:00 <DIR> d-------- C:\Program Files\Stardock Games
2008-07-06 12:52 . 2008-07-22 07:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-07-06 12:45 . 2008-07-06 12:45 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-07-06 12:44 . 2008-07-22 07:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-07-06 09:05 . 2008-07-06 09:05 223,942 --a------ C:\AnalysisLog.sr0
2008-07-06 01:01 . 2008-07-06 01:01 <DIR> d-------- C:\Program Files\EGOSOFT
2008-07-04 15:08 . 2008-07-04 15:08 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-07-03 20:48 . 2008-07-03 20:49 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2008-07-03 20:47 . 2007-12-05 05:15 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Intel
2008-07-03 20:47 . 2008-04-10 03:17 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Gtek
2008-07-03 20:47 . 2008-07-03 20:47 <DIR> d-------- C:\Documents and Settings\Administrator
2008-07-03 20:18 . 2008-07-04 16:10 <DIR> d-------- C:\WINDOWS\system32\vi
2008-07-03 20:18 . 2008-07-08 17:29 <DIR> d-------- C:\WINDOWS\system32\gI5
2008-07-03 01:40 . 2008-07-21 18:14 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-03 01:40 . 2008-07-03 01:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-07-02 21:16 . 2008-07-02 21:16 <DIR> d--h----- C:\WINDOWS\PIF
2008-07-02 20:20 . 2008-07-02 20:20 9,936 --a------ C:\WINDOWS\system32\awtsRKAt.dll
2008-07-02 20:10 . 2008-07-02 20:10 <DIR> d-------- C:\Temp\syschk3
2008-07-02 20:10 . 2008-07-22 22:14 <DIR> d-------- C:\Temp
2008-07-02 19:30 . 2007-07-31 04:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-07-02 19:30 . 2007-07-31 04:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-07-02 19:30 . 2007-07-31 04:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-06-22 11:15 . 2008-06-22 11:15 <DIR> d-------- C:\Program Files\TRABULANCE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-22 21:02 9,728 ----a-w C:\WINDOWS\AppPatch\AclLayer.dll
2008-07-22 20:31 14,336 ----a-w C:\WINDOWS\AppPatch\DesktopWin.dll
2008-07-21 02:08 --------- d-----w C:\Program Files\Steam
2008-07-17 04:21 --------- d-----w C:\Program Files\DAP
2008-07-07 19:20 --------- d-----w C:\Program Files\Linksys EasyLink Advisor
2008-07-02 12:00 --------- d-----w C:\Program Files\Starcraft
2008-07-02 09:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-01 21:04 --------- d-----w C:\Program Files\Sierra Entertainment
2008-06-19 17:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Age of Empires 3
2008-06-15 17:35 --------- d-----w C:\Program Files\Diablo II
2008-06-15 08:37 94,208 ----a-w C:\WINDOWS\DIIUnin.exe
2008-06-15 08:37 2,829 ----a-w C:\WINDOWS\DIIUnin.pif
2008-06-15 07:50 --------- d-----w C:\Program Files\OpenAL
2008-06-13 12:26 --------- d-----w C:\Documents and Settings\Ryan Gartner\Application Data\Sierra Entertainment
2008-06-13 12:15 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-11 18:18 278,728 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2008-06-11 18:18 25,416 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys
2008-06-09 12:47 --------- d-----w C:\Documents and Settings\Ryan Gartner\Application Data\vlc
2008-06-07 16:53 --------- d-----w C:\Program Files\Activision
2008-06-07 16:04 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-02 22:42 94,208 ----a-w C:\WINDOWS\ScUnin.exe
2008-06-02 13:24 --------- d-----w C:\Program Files\Elaborate Bytes
2008-04-06 20:19 22,328 ----a-w C:\Documents and Settings\Ryan Gartner\Application Data\PnkBstrK.sys
2004-08-08 22:27 520 --sh--w C:\WINDOWS\system32\erjxakin.sys
2004-08-08 23:33 3,640 --sh--w C:\WINDOWS\system32\ictxaiua.sys
2004-08-08 23:33 1,040 --sh--w C:\WINDOWS\system32\nttzapaq.sys
2004-08-08 23:33 1,040 --sh--w C:\WINDOWS\system32\smdsbsrv.sys
2004-08-08 23:34 1,040 --sh--w C:\WINDOWS\system32\snfybbyt.sys
2004-08-08 22:27 520 --sh--w C:\WINDOWS\system32\vlhxaklo.sys
2004-08-08 22:19 520 --sh--w C:\WINDOWS\system32\xbfsbjbo.sys
2004-08-08 22:20 1,040 --sh--w C:\WINDOWS\system32\xscqbhlp.sys
.

((((((((((((((((((((((((((((( snapshot@2008-07-22_22.21.28.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-22 20:34:28 24,576 ----a-w C:\WINDOWS\system32\comrsdo.dll
+ 2008-07-22 20:34:12 240,128 ---ha-w C:\WINDOWS\system32\fmcvxy.dll
+ 2008-07-22 20:34:15 225,792 ---ha-w C:\WINDOWS\system32\jfdses.dll
+ 2008-07-22 20:34:05 225,792 ---ha-w C:\WINDOWS\system32\jhfrxz.dll
+ 2008-07-22 20:34:44 24,576 ----a-w C:\WINDOWS\system32\tennfs.dll
+ 2008-07-22 20:34:49 24,576 ----a-w C:\WINDOWS\system32\theralte.dll
+ 2008-07-22 20:34:18 28,672 ----a-w C:\WINDOWS\system32\woswelc.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-24 04:05 143360]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-07-27 14:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 21:34 5724184]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2006-04-03 05:07 389120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-08-23 17:45 8478720]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-08-23 17:45 81920]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-23 01:31 630784]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-09-08 18:34 815104]
"LchGKey"="C:\WINDOWS\LchGKey.exe" [2007-04-10 02:44 36864]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 21:19 819200]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 21:17 970752]
"Hook"="C:\Program Files\VideoView\StkHK.exe" [2007-07-30 23:31 40960]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-24 01:10 56928]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 08:55 54832]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-13 01:40 155648]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-03-27 08:35 36352]
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 15:21 94208]
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [2008-04-29 19:56 158624]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2007-07-27 14:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"nwiz"="nwiz.exe" [2007-08-23 17:45 1626112 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-02-26 09:03 16125440 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 07:05:26 29696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{7914E0AA-ECCB-4311-B584-C49538227824}"= "C:\WINDOWS\system32\jhfrxz.dll" [2008-07-22 22:34 225792]
"{73AE86E6-7F03-4C3B-8980-FB1DA157D3C7}"= "C:\WINDOWS\system32\fmcvxy.dll" [2008-07-22 22:34 240128]
"{81AF1CF6-D1C9-4C6A-AC01-EDE54E71945B}"= "C:\WINDOWS\system32\jfdses.dll" [2008-07-22 22:34 225792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"DesktopWin"= {DA191DE0-AA86-4ED0-4B87-292A3D48BE99} - C:\WINDOWS\AppPatch\DesktopWin.dll [2008-07-22 22:31 14336]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqw.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Electronic Arts\\Battlefield 2142 Deluxe Edition\\BF2142.exe"=
"C:\\Program Files\\Gravity\\RO\\GatheringRO-Patcher.exe"=
"C:\\Program Files\\Gravity\\RO\\Ragnarok.exe"=
"C:\\Program Files\\Starcraft\\StarCraft.exe"=
"C:\\Program Files\\Steam\\steam.exe"=
"C:\\Program Files\\AGEIA Technologies\\bin\\TrayIcon.exe"=
"C:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqwded.exe"=
"C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic.exe"=
"C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"=
"C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_online.exe"=
"C:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"C:\\Program Files\\CCP\\EVE\\bin\\ExeFile.exe"=
"C:\\Program Files\\Steam\\steamapps\\common\\universe at war earth assault\\UAWEA.exe"=
"C:\\Program Files\\DAP\\DAP.exe"=
"C:\\Program Files\\Steam\\steamapps\\nightshadewolf\\day of defeat source\\hl2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13936:TCP"= 13936:TCP:BitComet 13936 TCP
"13936:UDP"= 13936:UDP:BitComet 13936 UDP

R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;C:\WINDOWS\System32\StkCSrv.exe [2007-04-20 00:42]
R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-04-29 19:39]
R2 ZuneBusEnum;Zune Bus Enumerator;c:\WINDOWS\system32\ZuneBusEnum.exe [2008-04-29 19:56]
S2 cdralw;NVIDIA Compatible Windows Miniport Driver;C:\WINDOWS\system32\DRIVERS\nvmini.sys []
S3 eth8023;eth8023;C:\WINDOWS\system32\drivers\eth8023.sys []
S3 StkCMini;Syntek AVStream USB2.0 2M WebCam;C:\WINDOWS\system32\Drivers\StkCMini.sys [2007-06-28 01:44]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-04-29 19:56]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0471f14d-1816-11dd-bc89-00030d000001}]
\Shell\Auto\command - F:\boot.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL boot.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{36025cb6-1a66-11dd-bc8c-00030d000001}]
\Shell\Auto\command - G:\Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94eb998e-fec7-11dc-bc74-00030d000001}]
\Shell\Auto\command - F:\boot.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL boot.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cfa4b455-2d03-11dd-bc9a-00030d000001}]
\Shell\Auto\command - F:\Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8b84a24-49cd-11dd-bca6-00030d000001}]
\Shell\Auto\command - boot.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL boot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{990B770D-62AE-5421-DA6D-16033B76258C}]
%SystemRoot%\system32\winup.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-07-22 05:28:47 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-07-22 05:28:45 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = about:blank
O8 -: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 -: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 -: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 -: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206
O18 -: Name-Space Handler: FTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\PROGRA~1\DAP\dapie.dll
O18 -: Name-Space Handler: HTTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\PROGRA~1\DAP\dapie.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-22 23:02:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Zune\ZuneNss.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CleGameKey\Driver\ZClevoGKY.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
.
**************************************************************************
.
Completion time: 2008-07-22 23:05:34 - machine was rebooted [Ryan Gartner]
ComboFix-quarantined-files.txt 2008-07-22 21:05:31
ComboFix2.txt 2008-07-22 20:21:41

Pre-Run: 26,932,555,776 bytes free
Post-Run: 26,960,424,960 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

282

Hi slntassassin87,

There is still a bunch left to remove, but I am having trouble viewing this thread. Can you see all the posts OK?
I can only see them when I click the "reply" button and then some of the combofix log entries are cut off.

Could you please start a new thread and then run ComboFix again and post the log. I should be able to see that and give you the next steps ( a script for combofix to remove additional baddies).

PP

Hmmm I can see all of them ok...I will remake it with the combofix logs