0

Hello,

First off I know this is a somewhat common problem cause I know people who've told me they've had this before, but I tried searching for it here and didn't see any threads pop up with it.

I use Google Chrome and Mozilla Firefox to browse, and both of them everytime I try to search something in google (including a solution to this problem) without even getting search results, I get instantly redirected to "http://msdn.microsoft.com/en-us/aa570318.aspx" I've run a couple scanners and everything is coming back clean, I use Avira which hasn't found anything, and malwarebytes comes back clean as well. Any help would be greatly appreciated!

2
Contributors
16
Replies
19
Views
6 Years
Discussion Span
Last Post by jholland1964
0

Okay here's the logs:

Malwarebytes:

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6785

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/6/2011 12:40:38 PM
mbam-log-2011-06-06 (12-40-38).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 366186
Time elapsed: 3 hour(s), 43 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

-

GMER ONE:

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit quick scan 2011-06-06 08:51:51
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 rev.
Running: zd33rvgm.exe; Driver: C:\DOCUME~1\Tim\LOCALS~1\Temp\kggcyaoc.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 MBR read error
Disk \Device\Harddisk0\DR0 MBR BIOS signature not found 0

---- System - GMER 1.0.15 ----

SSDT sphu.sys ZwEnumerateKey [0xB7EC6CA2]
SSDT sphu.sys ZwEnumerateValueKey [0xB7EC7030]

---- Devices - GMER 1.0.15 ----

Device \Driver\iastor \Device\Ide\iaStor0 [B7D8C150] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iastor \Device\Ide\IAAStorageDevice-0 [B7D8C150] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iastor \Device\Ide\IAAStorageDevice-1 [B7D8C150] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\aooksuc1 \Device\Scsi\aooksuc11Port1Path0Target0Lun0 89C23330
Device \Driver\aooksuc1 \Device\Scsi\aooksuc11 89C23330
Device \FileSystem\Ntfs \Ntfs 8A7CE1F8
Device \FileSystem\Fastfat \Fat 897581F8

---- EOF - GMER 1.0.15 ----

-

GMER TWO:


GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-07 00:05:23
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\iaStor0 rev.
Running: zd33rvgm.exe; Driver: C:\DOCUME~1\Tim\LOCALS~1\Temp\kggcyaoc.sys


---- System - GMER 1.0.15 ----

SSDT sphu.sys ZwCreateKey [0xB7EA80E0]
SSDT sphu.sys ZwEnumerateKey [0xB7EC6CA2]
SSDT sphu.sys ZwEnumerateValueKey [0xB7EC7030]
SSDT sphu.sys ZwOpenKey [0xB7EA80C0]
SSDT sphu.sys ZwQueryKey [0xB7EC7108]
SSDT sphu.sys ZwQueryValueKey [0xB7EC6F88]
SSDT sphu.sys ZwSetValueKey [0xB7EC719A]

INT 0x63 ? 8A760BF8
INT 0x74 ? 8A7CFBF8
INT 0x83 ? 8A7CFBF8
INT 0x84 ? 8A7CFBF8
INT 0x94 ? 8A7CFBF8
INT 0xA4 ? 8A7CFBF8

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A7CE1F8
Device \FileSystem\Fastfat \FatCdrom 897581F8
Device \FileSystem\Udfs \UdfsCdRom 8979B1F8
Device \FileSystem\Udfs \UdfsDisk 8979B1F8
Device \Driver\usbuhci \Device\USBPDO-0 89C821F8
Device \Driver\usbehci \Device\USBPDO-1 89C601F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A7D01F8
Device \Driver\dmio \Device\DmControl\DmConfig 8A7D01F8
Device \Driver\dmio \Device\DmControl\DmPnP 8A7D01F8
Device \Driver\dmio \Device\DmControl\DmInfo 8A7D01F8
Device \Driver\usbuhci \Device\USBPDO-2 89C821F8
Device \Driver\usbuhci \Device\USBPDO-3 89C821F8
Device \Driver\usbehci \Device\USBPDO-4 89C601F8
Device \Driver\usbuhci \Device\USBPDO-5 89C821F8
Device \Driver\usbuhci \Device\USBPDO-6 89C821F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A7611F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A7611F8
Device \Driver\Cdrom \Device\CdRom0 89C281F8
Device \Driver\iastor \Device\Ide\iaStor0 [B7D8C150] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iastor \Device\Ide\IAAStorageDevice-0 [B7D8C150] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iastor \Device\Ide\IAAStorageDevice-1 [B7D8C150] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom1 89C281F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 8A7611F8
Device \Driver\PCI_PNP6538 \Device\0000004a sphu.sys
Device \Driver\NetBT \Device\NetBt_Wins_Export 899BA500
Device \Driver\NetBT \Device\NetbiosSmb 899BA500
Device \Driver\usbuhci \Device\USBFDO-0 89C821F8
Device \Driver\usbuhci \Device\USBFDO-1 89C821F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 899B6500
Device \Driver\usbehci \Device\USBFDO-2 89C601F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 899B6500
Device \Driver\usbuhci \Device\USBFDO-3 89C821F8
Device \Driver\Ftdisk \Device\FtControl 8A7611F8
Device \Driver\usbuhci \Device\USBFDO-4 89C821F8
Device \Driver\usbuhci \Device\USBFDO-5 89C821F8
Device \Driver\usbehci \Device\USBFDO-6 89C601F8
Device \Driver\aooksuc1 \Device\Scsi\aooksuc11Port1Path0Target0Lun0 89C23330
Device \Driver\aooksuc1 \Device\Scsi\aooksuc11 89C23330
Device \Driver\sptd \Device\1219164038 sphu.sys
Device \FileSystem\Fastfat \Fat 897581F8
Device \FileSystem\Cdfs \Cdfs 89245500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xEC 0x88 0x6F 0xAA ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB7 0x88 0xDD 0xB8 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x09 0x9E 0xA1 0x98 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xEC 0x88 0x6F 0xAA ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB7 0x88 0xDD 0xB8 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x09 0x9E 0xA1 0x98 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xEC 0x88 0x6F 0xAA ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB7 0x88 0xDD 0xB8 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x09 0x9E 0xA1 0x98 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xEC 0x88 0x6F 0xAA ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB7 0x88 0xDD 0xB8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x4D 0x14 0x07 0xCE ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xEC 0x88 0x6F 0xAA ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB7 0x88 0xDD 0xB8 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x4D 0x14 0x07 0xCE ...

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 MBR read error
Disk \Device\Harddisk0\DR0 MBR BIOS signature not found 0

---- Files - GMER 1.0.15 ----

File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapFRE34.upk 721 bytes
File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapFRE35.upk 721 bytes
File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapICE20_01.upk 1810 bytes
File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapICE20_02.upk 1618 bytes
File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapICE20_03.upk 1886 bytes
File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapICE20_04.upk 1227 bytes
File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapICE25.upk 5417 bytes
File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapICE50_01.upk 1070 bytes
File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapICE50_02.upk 1761 bytes
File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapICE50_03.upk 2137 bytes
File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapICE50_04.upk 1630 bytes
File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapICE50_05.upk 1137 bytes
File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapICE50_06.upk 1568 bytes
File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapICE50_07.upk 1272 bytes
File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapICE60_01.upk 2610 bytes
File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapICE60_02.upk 3489 bytes
File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapICE60_03.upk 1088 bytes
File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapJUG20.upk 11375 bytes
File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapJUG40.upk 11203 bytes
File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapJUG70_01.upk 963 bytes
File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapJUG70_02.upk 3284 bytes
File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapJUG70_03.upk 3989 bytes
File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapJUG70_04.upk 1848 bytes
File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapJUG80_01.upk 2715 bytes
File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapJUG80_02.upk 3247 bytes
File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapJUG80_03.upk 1973 bytes
File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapLAV70_01.upk 4498 bytes
File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapLAV70_02.upk 1368 bytes
File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapLAV70_03.upk 1311 bytes
File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapLAV70_04.upk 1546 bytes
File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapLAV70_05.upk 2110 bytes
File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapLOS10_01.upk 3434 bytes
File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapLOS10_02.upk 1424 bytes
File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapLOS30.upk 3369 bytes
File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapLOS30_01.upk 3372 bytes
File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapLOS30_02.upk 3372 bytes
File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapLOS40_01.upk 1823 bytes
File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapLOS40_02.upk 1007 bytes
File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapLOS50_01.upk 3156 bytes
File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapMIN03.upk 5307 bytes
File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapMIN10.upk 3197 bytes
File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapNOR01.upk 1882 bytes
File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapNOR02.upk 2220 bytes
File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapNOR03.upk 1021 bytes
File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapPRO01.upk 5358 bytes
File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapPRO02.upk 2461 bytes
File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapSCI10.upk 1360 bytes
File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapSTA20.upk 5640 bytes
File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapSTA20_01.upk 1221 bytes
File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapSTA30.upk 617 bytes
File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapSTA30_01.upk 948 bytes
File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapSTA30_02.upk 2608 bytes
File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapSTA60_02.upk 2615 bytes
File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapSTA60_03.upk 2577 bytes
File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapSTA70.upk 3211 bytes
File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapTER20.upk 1133 bytes
File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapTER20_01.upk 1047 bytes
File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapUNC10.upk 49433 bytes
File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapUNC11.upk 23773 bytes
File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapUNC11_00.upk 1084 bytes
File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapUNC11_02.upk 983 bytes
File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapUNC13.upk 41855 bytes
File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapUNC17.upk 38333 bytes
File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapUNC20.upk 35859 bytes
File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapFRE33.upk 721 bytes
File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapICE60_04.upk 990 bytes
File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapLAV60.upk 10534 bytes
File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapLOS50_02.upk 1836 bytes
File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapSTA60_01.upk 2154 bytes
File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapUNC21.upk 19858 bytes
File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapUNC84.upk 40717 bytes
File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapUNC24.upk 41870 bytes
File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapUNC25.upk 31920 bytes
File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapUNC30.upk 59604 bytes
File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapUNC31.upk 59312 bytes
File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapUNC42.upk 23279 bytes
File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapUNC51.upk 43530 bytes
File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapUNC53.upk 41345 bytes
File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapUNC54.upk 49046 bytes
File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapUNC55.upk 59863 bytes
File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapUNC61.upk 37399 bytes
File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapUNC62.upk 64907 bytes
File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapUNC71.upk 42158 bytes
File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapUNC73.upk 30860 bytes
File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapUNC80.upk 46863 bytes
File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapUNC81.upk 0 bytes
File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapUNC82.upk 0 bytes
File C:\Program Files\Mass Effect\BioGame\CookedPC\Packages\GUI\Maps\MapUNC83.upk 0 bytes

---- EOF - GMER 1.0.15 ----

-

DDS:


.
DDS (Ver_2011-06-03.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Tim at 0:13:59 on 2011-06-07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1524 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\ehome\RMSysTry.exe
svchost.exe 4
svchost.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\DOCUME~1\Tim\LOCALS~1\Temp\AMPing.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
svchost.exe 4
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\wuauclt.exe
.
============== Pseudo HJT Report ===============
.
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://search.live.com/sphome.aspx
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Google Update] "c:\documents and settings\tim\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\extend~1.lnk - c:\windows\ehome\RMSysTry.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1278769954000
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1278769945609
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{05A8B4D3-BC4F-4BD2-8534-027A9BFF2A4B} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{7BB6B2EA-2693-4EB9-9A5A-9B6E0A8B70A7} : DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\tim\application data\mozilla\firefox\profiles\6fr90hb6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\documents and settings\tim\local settings\application data\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
.
============= SERVICES / DRIVERS ===============
.
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-10 14336]
R2 AMPingService;AMPingService;c:\docume~1\tim\locals~1\temp\AMPing.exe [2010-3-29 28480]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\McrdSvc.exe [2005-10-20 96256]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 cpuz132;cpuz132;\??\c:\docume~1\tim\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\tim\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2011-2-20 17480]
S3 WMP300Nv1;Linksys Wireless-N PCI Adapter WMP300N Driver;c:\windows\system32\drivers\WMP300Nv1.sys [2007-10-17 822400]
.
=============== Created Last 30 ================
.
2011-06-04 02:13:18 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
==================== Find3M ====================
.
2011-05-31 12:34:37 17480 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 13:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-06 20:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 20:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-21 23:01:46 2672 --sha-w- c:\documents and settings\all users\application data\KGyGaAvL.sys
2011-03-21 23:01:37 88 --sh--r- c:\documents and settings\all users\application data\9ACA661F1F.sys
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys spdf.sys hal.dll >>UNKNOWN [0x8A781938]<<
c:\windows\system32\drivers\iaStor.sys Intel Corporation Intel Matrix Storage Manager driver
spdf.sys
_asm { PUSH EBP; MOV EBP, ESP; JMP 0xfffffffff5d6dd9b; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8A72E030]
3 CLASSPNP[0xB8108FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Ide\IAAStorageDevice-1[0x8A1B2030]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV DS, AX; MOV ES, AX; MOV SS, AX; MOV SP, 0x7c00; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x80; STD ; CLD ; CLD ; REP MOVSD ; NOP ; JMP FAR 0x0:0x620; }
user != kernel MBR !!!
.
============= FINISH: 0:15:17.98 ===============

-

DDS ATTACH:


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-03.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 9/11/2008 3:57:10 PM
System Uptime: 6/7/2011 12:10:43 AM (0 hours ago)
.
Motherboard: Dell Inc. | | 0WG864
Processor: Intel(R) Pentium(R) D CPU 2.80GHz | Microprocessor | 2793/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 293 GiB total, 15.668 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\81B38E88D100
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\81B38E88D100
Service: NIC1394
.
==== System Restore Points ===================
.
RP172: 3/9/2011 4:44:47 PM - System Checkpoint
RP173: 3/10/2011 4:48:00 PM - System Checkpoint
RP174: 3/12/2011 12:10:18 AM - System Checkpoint
RP175: 3/13/2011 2:25:34 AM - System Checkpoint
RP176: 3/14/2011 3:06:39 AM - System Checkpoint
RP177: 3/15/2011 4:06:39 AM - System Checkpoint
RP178: 3/16/2011 4:16:31 AM - System Checkpoint
RP179: 3/17/2011 5:16:34 AM - System Checkpoint
RP180: 3/18/2011 6:17:43 AM - System Checkpoint
RP181: 3/18/2011 7:56:49 PM - Installed Rosetta Stone Version 3
RP182: 3/19/2011 11:00:07 PM - System Checkpoint
RP183: 3/21/2011 6:36:58 PM - System Checkpoint
.
==== Installed Programs ======================
.
.
3ivx MPEG-4 5.0.2 Plus Decoder (remove only)
Acrobat.com
Adobe Acrobat Reader 3.0
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Reader 9.3.2
Age of Empires III: Complete Collection
Akamai NetSession Interface
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AutoUpdate
AviSynth 2.5
Bandisoft MPEG-1 Decoder
BitTorrent
Bonjour
Command & Conquer The First Decade
Corel PaintShop Photo Pro X3
dBpoweramp m4a Codec
Dell Resource CD
Diablo II
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DNA
EA Download Manager
EA Installer
EA Shared Game Component: Activation
ESET Online Scanner v3
ffdshow [rev 2527] [2008-12-19]
GemMaster Mystic
Google Chrome
High Definition Audio Driver Package - KB835221
Hitman Pro 3.5
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB895961-v4)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB938759)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
ICA
ImagXpress
Intel(R) Matrix Storage Manager
Intel(R) Network Connections 15.2.89.0
IPM_PSP_CL
IPM_PSP_COM
iTunes
Jasc Animation Shop 3
Java Auto Updater
Java(TM) 6 Update 24
Junk Mail filter update
Logitech Desktop Messenger
Logitech ImageStudio
Loong
M4a/Flac/Ogg/Ape/Mpc Tag Support Plugin for Media Player v 1.1
Malwarebytes' Anti-Malware version 1.51.0.1200
Mass Effect
Mass Effect 2
Media Center Extender
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 4.0.1 (x86 en-US)
MSN
MSN Toolbar
MSN Toolbar Platform
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
MSXML 6.0 Parser (KB933579)
neroxml
Nexon Game Manager
NVIDIA Control Panel 266.58
NVIDIA Graphics Driver 266.58
NVIDIA Install Application
NVIDIA nView 135.50
NVIDIA nView Desktop Manager
NVIDIA PhysX
NVIDIA PhysX System Software 9.10.0514
Otto
Pando Media Booster
PSPPContent
PSPPRO_DCRAW
QuickTime
Rosetta Stone Version 3
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Segoe UI
SigmaTel Audio
Skype Toolbars
Skype™ 4.2
Sonic Encoders
Star Wars Jedi Knight Jedi Academy
Star Wars JK II Jedi Outcast
Steam
System Requirements Lab
System Requirements Lab for Intel
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Outlook 2007 Junk Email Filter (KB2483110)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
VC80CRTRedist - 8.0.50727.762
Ventrilo Client
VLC media player 1.0.2
Warcraft III
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows PowerShell(TM) 1.0
Windows XP Media Center Edition 2005 KB905589
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
6/7/2011 12:05:40 AM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk0\D.
6/7/2011 12:04:50 AM, error: Srv [2019] - The server was unable to allocate from the system nonpaged pool because the pool was empty.
6/6/2011 8:45:11 AM, error: Service Control Manager [7000] - The Zune Bus Enumerator Driver service failed to start due to the following error: The system cannot find the file specified.
6/6/2011 8:45:11 AM, error: Service Control Manager [7000] - The adfs service failed to start due to the following error: The system cannot find the file specified.
6/5/2011 2:46:25 PM, error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.114 with the system having network hardware address 00:25:9C:E7:30:7B. Network operations on this system may be disrupted as a result.
.
==== End Of File ===========================

0

Very sorry for the delay in getting back to you. Please do the following:
Download the TDSSKiller utility. This is a .zip file so extract it into a folder on the infected (or possibly infected) computer with an archiver (WinZip, for example);
Run the TDSSKiller.exe file;
Wait until the scanning and disinfection completes. A reboot might require after the disinfection has been completed.
The utility starts scanning the system for malicious and suspicious objects when you click the button Start scan.
If the utility detects an infection with the MBR bootkit, it will report the it has detected an infected object type “Physical drive” and prompt for action:

Cure. This action is only available if the utility has identified the exact type of the bootkit. If it has detected an unknown bootkit, it will be reported as Rootkit.Win32.BackBoot.gen.
Skip.
Copy to quarantine. The utility quarantines the infected MBR.
Restore. The utility restores a standard MBR.
A reboot might require after the disinfection has been completed.

By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder.
Logs have names like: UtilityName.Version_Date_Time_log.txt.
E.g. C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt

Please post back here with that log.

0

Hi, thanks for the reply, I ran that scan and this is the log:


2011/06/10 10:46:21.0421 4108 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:48
2011/06/10 10:46:23.0140 4108 ================================================================================
2011/06/10 10:46:23.0140 4108 SystemInfo:
2011/06/10 10:46:23.0140 4108
2011/06/10 10:46:23.0140 4108 OS Version: 5.1.2600 ServicePack: 3.0
2011/06/10 10:46:23.0140 4108 Product type: Workstation
2011/06/10 10:46:23.0140 4108 ComputerName: TIM-57FC674CF68
2011/06/10 10:46:23.0140 4108 UserName: Tim
2011/06/10 10:46:23.0140 4108 Windows directory: C:\WINDOWS
2011/06/10 10:46:23.0140 4108 System windows directory: C:\WINDOWS
2011/06/10 10:46:23.0140 4108 Processor architecture: Intel x86
2011/06/10 10:46:23.0140 4108 Number of processors: 2
2011/06/10 10:46:23.0140 4108 Page size: 0x1000
2011/06/10 10:46:23.0140 4108 Boot type: Normal boot
2011/06/10 10:46:23.0140 4108 ================================================================================
2011/06/10 10:46:23.0984 4108 Initialize success
2011/06/10 10:46:48.0453 5368 ================================================================================
2011/06/10 10:46:48.0453 5368 Scan started
2011/06/10 10:46:48.0453 5368 Mode: Manual;
2011/06/10 10:46:48.0453 5368 ================================================================================
2011/06/10 10:46:50.0781 5368 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/10 10:46:50.0843 5368 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/06/10 10:46:50.0921 5368 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/06/10 10:46:50.0968 5368 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/06/10 10:46:51.0265 5368 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/06/10 10:46:51.0640 5368 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/10 10:46:51.0765 5368 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\drivers\atapi.sys
2011/06/10 10:46:51.0828 5368 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/10 10:46:51.0875 5368 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/10 10:46:51.0937 5368 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/10 10:46:51.0984 5368 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/10 10:46:52.0015 5368 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/06/10 10:46:52.0078 5368 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/10 10:46:52.0125 5368 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/10 10:46:52.0171 5368 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/10 10:46:52.0218 5368 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
2011/06/10 10:46:52.0375 5368 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
2011/06/10 10:46:53.0125 5368 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/10 10:46:53.0375 5368 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/10 10:46:54.0000 5368 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/10 10:46:54.0375 5368 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/10 10:46:54.0562 5368 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/10 10:46:55.0296 5368 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/10 10:46:55.0656 5368 e1express (6de32a9123ef60f9d423e9163af0e305) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
2011/06/10 10:46:56.0359 5368 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/10 10:46:56.0781 5368 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/06/10 10:46:57.0156 5368 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/10 10:46:57.0640 5368 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/06/10 10:46:58.0109 5368 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/06/10 10:46:58.0500 5368 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/10 10:46:58.0765 5368 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/10 10:46:58.0968 5368 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/06/10 10:46:59.0187 5368 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/10 10:46:59.0328 5368 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/06/10 10:46:59.0484 5368 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/10 10:46:59.0531 5368 hitmanpro35 (60de0d719dd083a8beb476da616d2811) C:\WINDOWS\system32\drivers\hitmanpro35.sys
2011/06/10 10:46:59.0796 5368 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/10 10:46:59.0906 5368 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
2011/06/10 10:46:59.0968 5368 iastor (019cf5f31c67030841233c545a0e217a) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2011/06/10 10:47:00.0000 5368 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/10 10:47:00.0093 5368 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/06/10 10:47:00.0156 5368 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/06/10 10:47:00.0218 5368 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/06/10 10:47:00.0281 5368 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/10 10:47:00.0343 5368 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/10 10:47:00.0406 5368 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/10 10:47:00.0453 5368 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/10 10:47:00.0484 5368 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/10 10:47:00.0578 5368 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/10 10:47:00.0625 5368 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/06/10 10:47:00.0687 5368 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/10 10:47:00.0765 5368 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/10 10:47:00.0859 5368 lusbaudio (f57fcbfbbd7ff68cc286f6fefeaed2b2) C:\WINDOWS\system32\drivers\lvsound2.sys
2011/06/10 10:47:00.0906 5368 LVBulk (eb17c2146d2bafa79c67e35229f4297c) C:\WINDOWS\system32\DRIVERS\LVBulk.sys
2011/06/10 10:47:00.0937 5368 LVVI500A (c4a1debc2b9a61a31d2616c2c6c03eee) C:\WINDOWS\system32\DRIVERS\lvvi500a.sys
2011/06/10 10:47:00.0984 5368 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2011/06/10 10:47:01.0031 5368 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/10 10:47:01.0093 5368 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/10 10:47:01.0156 5368 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/10 10:47:01.0203 5368 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/06/10 10:47:01.0234 5368 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/10 10:47:01.0296 5368 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/10 10:47:01.0359 5368 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/10 10:47:01.0421 5368 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/10 10:47:01.0453 5368 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/10 10:47:01.0484 5368 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/10 10:47:01.0515 5368 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/10 10:47:01.0546 5368 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/10 10:47:01.0609 5368 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/06/10 10:47:01.0687 5368 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/10 10:47:01.0718 5368 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/06/10 10:47:01.0750 5368 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/10 10:47:01.0796 5368 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/06/10 10:47:01.0828 5368 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/10 10:47:01.0859 5368 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/10 10:47:01.0890 5368 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/10 10:47:01.0921 5368 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/10 10:47:01.0937 5368 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/10 10:47:01.0984 5368 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/10 10:47:02.0046 5368 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/06/10 10:47:02.0078 5368 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/10 10:47:02.0125 5368 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/10 10:47:02.0187 5368 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/10 10:47:02.0468 5368 nv (18c9b152da7bea76b2f9e4b6412e0aaf) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/06/10 10:47:02.0906 5368 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/10 10:47:02.0953 5368 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/10 10:47:03.0015 5368 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/06/10 10:47:03.0078 5368 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/06/10 10:47:03.0125 5368 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/10 10:47:03.0171 5368 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/10 10:47:03.0218 5368 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/10 10:47:03.0281 5368 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/06/10 10:47:03.0468 5368 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/10 10:47:03.0531 5368 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/10 10:47:03.0578 5368 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/10 10:47:04.0187 5368 QWAVEDRV (2bb1d2baf3493362e5c1949c5f210d5f) C:\WINDOWS\system32\DRIVERS\qwavedrv.sys
2011/06/10 10:47:04.0234 5368 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/10 10:47:04.0312 5368 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/10 10:47:04.0359 5368 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/10 10:47:04.0375 5368 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/10 10:47:04.0421 5368 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/10 10:47:04.0468 5368 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/10 10:47:04.0515 5368 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/06/10 10:47:04.0578 5368 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/10 10:47:04.0921 5368 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/10 10:47:05.0109 5368 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/10 10:47:05.0156 5368 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/06/10 10:47:05.0203 5368 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/06/10 10:47:05.0265 5368 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/06/10 10:47:05.0312 5368 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/10 10:47:05.0406 5368 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys
2011/06/10 10:47:05.0406 5368 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
2011/06/10 10:47:05.0406 5368 sptd - detected LockedFile.Multi.Generic (1)
2011/06/10 10:47:05.0453 5368 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/10 10:47:05.0531 5368 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/10 10:47:05.0656 5368 STHDA (797fcc1d859b203958e915bb82528da9) C:\WINDOWS\system32\drivers\sthda.sys
2011/06/10 10:47:05.0875 5368 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/06/10 10:47:05.0937 5368 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/10 10:47:06.0000 5368 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/10 10:47:06.0125 5368 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/10 10:47:06.0234 5368 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/10 10:47:06.0281 5368 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/10 10:47:06.0328 5368 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/10 10:47:06.0375 5368 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/10 10:47:06.0500 5368 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/10 10:47:06.0562 5368 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/10 10:47:06.0750 5368 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/06/10 10:47:06.0906 5368 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/06/10 10:47:07.0046 5368 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/06/10 10:47:07.0203 5368 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/10 10:47:07.0343 5368 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/10 10:47:07.0484 5368 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/10 10:47:07.0750 5368 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/06/10 10:47:08.0031 5368 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/06/10 10:47:08.0453 5368 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/10 10:47:08.0734 5368 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/10 10:47:09.0078 5368 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/06/10 10:47:09.0296 5368 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/10 10:47:09.0406 5368 WMP300Nv1 (ee44fe4c6388eae2ec5749e2c5d781f2) C:\WINDOWS\system32\DRIVERS\WMP300Nv1.sys
2011/06/10 10:47:09.0484 5368 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/06/10 10:47:09.0531 5368 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/06/10 10:47:09.0562 5368 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/06/10 10:47:09.0687 5368 MBR (0x1B8) (96eadc590b857c8e4386ebf7f1c1731d) \Device\Harddisk0\DR0
2011/06/10 10:47:09.0687 5368 \Device\Harddisk0\DR0 - detected Trojan-Clicker.Win32.Wistler.a (0)
2011/06/10 10:47:09.0687 5368 ================================================================================
2011/06/10 10:47:09.0687 5368 Scan finished
2011/06/10 10:47:09.0687 5368 ================================================================================
2011/06/10 10:47:09.0703 4940 Detected object count: 2
2011/06/10 10:47:09.0703 4940 Actual detected object count: 2
2011/06/10 10:48:24.0390 4940 LockedFile.Multi.Generic(sptd) - User select action: Skip
2011/06/10 10:48:24.0437 4940 \Device\Harddisk0\DR0 (Trojan-Clicker.Win32.Wistler.a) - will be cured after reboot
2011/06/10 10:48:24.0437 4940 \Device\Harddisk0\DR0 - ok
2011/06/10 10:48:24.0437 4940 Trojan-Clicker.Win32.Wistler.a(\Device\Harddisk0\DR0) - User select action: Cure
2011/06/10 10:48:46.0421 4744 Deinitialize success


I left the options on the one's it chose by default, I wasn't sure if I should change the "suspicious file" from skip as I'm not sure what it is.

0

That's fine for now, we will leave it and see what happens.
Now do the following:
Please download ComboFix by sUBs from

http://www.bleepingcomputer.com/download/anti-virus/combofix

Please note that the BleepingComputer.com download link will expire in 10 minutes after you click it so if you don’t click within ten minutes after reaching the page you will need to refresh the page.

You must download it to and run it from your Desktop
• Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
• Double click combofix.exe & follow the prompts.
• When ComboFix has finished running, you will see a screen stating that it is preparing the log report
• This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
• Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!

0

Okay I ran that, and I assume you wanted the log!


ComboFix 11-06-11.01 - Tim 06/12/2011 20:10:17.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1425 [GMT -4:00]
Running from: c:\documents and settings\Tim\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\Tim\LOCALS~1\Temp\AMPing.exe
c:\documents and settings\Tim\Local Settings\Temp\AMPing.exe
c:\documents and settings\Tim\WINDOWS
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AMPingService
-------\Service_AMPingService
.
.
((((((((((((((((((((((((( Files Created from 2011-05-13 to 2011-06-13 )))))))))))))))))))))))))))))))
.
.
2011-06-04 02:13 . 2011-06-04 02:13 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-31 12:34 . 2011-02-20 05:23 17480 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-05-29 13:11 . 2010-07-10 15:53 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 13:11 . 2010-07-10 15:53 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-06 20:20 . 2011-04-06 20:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 20:20 . 2011-04-06 20:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-21 23:01 . 2010-11-10 13:09 2672 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2011-03-21 23:01 . 2010-11-10 13:09 88 --sh--r- c:\documents and settings\All Users\Application Data\9ACA661F1F.sys
2009-01-27 01:34 . 2009-01-27 01:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-01-27 01:34 . 2009-01-27 01:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2011-05-18 14:36 . 2011-04-09 01:50 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2009-01-30 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-20 282624]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-08 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-08 13880424]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Extender Resource Monitor.lnk - c:\windows\ehome\RMSysTry.exe [2005-10-20 18432]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Tim^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Tim\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-12-29 10:40 687560 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EADM]
2011-04-03 06:10 11857920 ----a-w- c:\program files\Electronic Arts\EADM\EADMUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-09-19 12:23 136176 ----atw- c:\documents and settings\Tim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HitmanPro35]
2011-05-12 03:13 6470464 ----a-w- c:\program files\Hitman Pro 3.5\HitmanPro35 (1).exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-14 15:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]
2002-12-10 22:32 155648 ----a-w- c:\program files\Logitech\ImageStudio\ISStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]
2002-12-10 22:31 61440 ----a-w- c:\program files\Logitech\ImageStudio\LogiTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
2002-12-10 21:54 127022 ----a-w- c:\program files\Common Files\Logitech\QCDriver3\LVComS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN Toolbar]
2009-12-09 01:29 240992 ----a-w- c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-11-28 03:11 1242448 ----a-w- c:\program files\Steam\steam.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LucasArts\\Star Wars JK II Jedi Outcast\\GameData\\jk2mp.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Jedi Knight Jedi Academy\\GameData\\jamp.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Diablo II\\Diablo II.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\autopatcher.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\autopatcher2.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\autopatcherx.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\autopatchery.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
"c:\\Program Files\\Electronic Arts\\Mass Effect™ 2\\MassEffect2Launcher.exe"=
"c:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"=
"c:\\Program Files\\Mass Effect\\MassEffectLauncher.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\rundll32.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"4000:TCP"= 4000:TCP:Diablo 2
"4000:UDP"= 4000:UDP:Diablo 2
"3074:TCP"= 3074:TCP:Halo 3
"88:UDP"= 88:UDP:Halo 3
"3074:UDP"= 3074:UDP:Halo 3
"6112:TCP"= 6112:TCP:Diablo 2
"3776:UDP"= 3776:UDP:Media Center Extender Service
"3390:TCP"= 3390:TCP:Remote Media Center Experience
"57412:TCP"= 57412:TCP:Pando Media Booster
"57412:UDP"= 57412:UDP:Pando Media Booster
"1036:TCP"= 1036:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/23/2009 8:10 AM 717296]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/10/2004 7:00 AM 14336]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 10:58 AM 11336]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2/20/2011 1:23 AM 17480]
S3 WMP300Nv1;Linksys Wireless-N PCI Adapter WMP300N Driver;c:\windows\system32\drivers\WMP300Nv1.sys [10/17/2007 10:17 PM 822400]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
QWAVE REG_MULTI_SZ QWAVE
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
2011-06-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-688789844-839522115-1003Core.job
- c:\documents and settings\Tim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-19 12:23]
.
2011-06-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-688789844-839522115-1003UA.job
- c:\documents and settings\Tim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-19 12:23]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\documents and settings\Tim\Application Data\Mozilla\Firefox\Profiles\6fr90hb6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-Corel File Shell Monitor - c:\program files\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe
MSConfigStartUp-Corel Photo Downloader - c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
MSConfigStartUp-Zune Launcher - c:\program files\Zune\ZuneLauncher.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-12 20:19
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7e,1a,f0,88,f5,e2,5c,45,8a,82,ae,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7e,1a,f0,88,f5,e2,5c,45,8a,82,ae,\
.
[HKEY_USERS\S-1-5-21-1417001333-688789844-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:ee,25,67,b6,de,a9,7d,ce,27,34,33,95,73,c2,49,80,35,b5,9b,00,84,
8a,20,36,54,ee,9a,df,c3,c2,15,4b,15,67,0d,5c,f0,a5,7f,f6,a8,e2,12,c6,53,8c,\
"rkeysecu"=hex:70,96,93,80,76,10,c0,69,b7,9d,64,d3,aa,6b,49,7b
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(904)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\stsystra.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\ehome\RMSvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\ehome\McrdSvc.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-06-12 20:32:03 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-13 00:32
.
Pre-Run: 18,486,558,720 bytes free
Post-Run: 22,260,711,424 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
Current=4 Default=4 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 1B32C37BDF5DBB93D892286684F64D15

0

Yes definitely needed that log. As you can see it is very large. Let me go through it and I'll get back to you if anything else needs doing with that.
In the meantime, update MBA-M and do another Full Scan with it. Have it remove everything it finds and Reboot the computer.
Post back with that new log.

0

okay updated and scanned!


Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6845

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/12/2011 11:59:46 PM
mbam-log-2011-06-12 (23-59-46).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 356456
Time elapsed: 2 hour(s), 55 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

0

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:


netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

0

okie dokie! Scanned:

OTL:


OTL logfile created on: 6/13/2011 12:51:56 AM - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Documents and Settings\Tim\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 70.58% Memory free
3.85 Gb Paging File | 3.49 Gb Available in Paging File | 90.63% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 293.41 Gb Total Space | 20.74 Gb Free Space | 7.07% Space Free | Partition Type: NTFS
Drive D: | 7.55 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: TIM-57FC674CF68 | User Name: Tim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/13 00:41:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tim\Desktop\OTL.exe
PRC - [2010/03/11 15:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/07/06 07:15:00 | 000,151,552 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/07/06 07:14:30 | 000,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2006/03/20 16:00:04 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe


========== Modules (SafeList) ==========

MOD - [2011/06/13 00:41:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tim\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/05/17 19:54:17 | 003,275,864 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_8832f4b.dll -- (Akamai)
SRV - [2010/03/11 15:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/08/19 21:05:59 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2006/07/06 07:14:30 | 000,090,112 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/05/31 08:34:37 | 000,017,480 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hitmanpro35.sys -- (hitmanpro35)
DRV - [2009/12/18 10:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/03/23 08:10:03 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2007/10/17 22:17:22 | 000,822,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WMP300Nv1.sys -- (WMP300Nv1)
DRV - [2006/03/20 16:06:04 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2002/06/10 14:24:22 | 000,188,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvvi500a.sys -- (LVVI500A)
DRV - [2002/06/10 14:21:02 | 000,010,254 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVBulk.sys -- (LVBulk)
DRV - [2002/06/10 14:20:32 | 000,034,816 | ---- | M] (Logitech Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\LVSound2.sys -- (lusbaudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=BABTDF&PC=BBLN&q="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.bbc.co.uk/"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=BABTDF&PC=BBLN&q="
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\Firefox [2010/07/11 07:01:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/07/11 07:01:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/18 10:36:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/20 14:08:21 | 000,000,000 | ---D | M]

[2009/01/31 10:31:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tim\Application Data\Mozilla\Extensions
[2009/01/31 10:31:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tim\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/04/14 23:04:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\6fr90hb6.default\extensions
[2010/07/14 15:45:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\6fr90hb6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/28 08:20:08 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\6fr90hb6.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/03/04 19:42:24 | 000,000,000 | ---D | M] (Illimitux) -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\6fr90hb6.default\extensions\illimitux@illimitux.net
[2009/02/17 22:49:07 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\6fr90hb6.default\extensions\moveplayer@movenetworks.com
[2010/06/10 21:59:18 | 000,002,425 | ---- | M] () -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\6fr90hb6.default\searchplugins\askcom.xml
[2010/07/11 18:41:30 | 000,001,832 | ---- | M] () -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\6fr90hb6.default\searchplugins\bing.xml
[2011/04/08 21:50:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/22 23:56:14 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/07/14 06:32:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/10/24 19:51:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/04 18:40:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/04/29 23:03:43 | 000,000,000 | ---D | M] (The Browser Highlighter) -- C:\Program Files\Mozilla Firefox\extensions\browserhighlighter@ebay.com
File not found (No name found) --
[2011/05/18 10:36:41 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2008/09/03 20:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/06/12 20:19:10 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1278769954000 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1278769945609 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Tim\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tim\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/11 15:55:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - C:\WINDOWS\System32\iprip.dll (Microsoft Corporation)
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011/06/13 00:41:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tim\Desktop\School
[2011/06/13 00:41:07 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tim\Desktop\OTL.exe
[2011/06/12 20:36:35 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/06/12 20:07:07 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/06/12 20:03:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/06/12 20:03:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/06/12 20:03:21 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/06/12 20:03:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/06/12 20:03:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/06/12 20:03:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/12 20:00:16 | 004,120,119 | R--- | C] (Swearware) -- C:\Documents and Settings\Tim\Desktop\ComboFix.exe
[2011/06/06 08:41:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tim\Desktop\cleaner
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/13 00:44:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-688789844-839522115-1003UA.job
[2011/06/13 00:41:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tim\Desktop\OTL.exe
[2011/06/12 20:19:10 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/06/12 20:18:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/12 20:07:18 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2011/06/12 20:00:19 | 004,120,119 | R--- | M] (Swearware) -- C:\Documents and Settings\Tim\Desktop\ComboFix.exe
[2011/06/12 01:44:00 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-688789844-839522115-1003Core.job
[2011/06/09 21:45:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/08 14:46:44 | 000,002,268 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\Google Chrome.lnk
[2011/06/08 14:46:44 | 000,002,246 | ---- | M] () -- C:\Documents and Settings\Tim\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/06/06 23:21:44 | 000,221,184 | ---- | M] () -- C:\Documents and Settings\Tim\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/06 08:53:38 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Tim\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/05/31 08:38:04 | 000,000,209 | ---- | M] () -- C:\Boot.bak
[2011/05/31 08:34:37 | 000,017,480 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/24 10:51:42 | 000,206,715 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\830px-ThedasMap.jpg
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/12 20:07:18 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2011/06/12 20:07:14 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/06/12 20:03:21 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/06/12 20:03:21 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/06/12 20:03:21 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/06/12 20:03:21 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/06/12 20:03:21 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/24 10:51:41 | 000,206,715 | ---- | C] () -- C:\Documents and Settings\Tim\Desktop\830px-ThedasMap.jpg
[2011/02/20 01:23:07 | 000,017,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/11/10 09:09:13 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\9ACA661F1F.sys
[2010/11/10 09:09:12 | 000,002,672 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/09/17 08:57:03 | 000,079,872 | RHS- | C] () -- C:\WINDOWS\System32\scardsspg.dll
[2010/08/28 16:27:20 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/08/28 16:27:16 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/08/28 16:27:16 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/08/28 16:24:46 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/08/25 17:29:59 | 000,068,256 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/06/06 15:53:59 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/04/20 15:46:43 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\liplW7.dll
[2010/04/20 15:46:43 | 000,290,816 | ---- | C] () -- C:\WINDOWS\System32\liplA6.dll
[2010/04/20 15:46:43 | 000,278,528 | ---- | C] () -- C:\WINDOWS\System32\liplPX.dll
[2010/04/20 15:46:43 | 000,278,528 | ---- | C] () -- C:\WINDOWS\System32\liplP6.dll
[2010/04/20 15:46:43 | 000,278,528 | ---- | C] () -- C:\WINDOWS\System32\liplM6.dll
[2010/04/20 15:46:43 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\lipl.dll
[2010/04/20 15:46:43 | 000,005,187 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2010/03/28 20:45:54 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Tim\Local Settings\Application Data\prvlcl.dat
[2009/10/01 22:06:49 | 000,057,252 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/07/14 08:57:49 | 000,000,153 | ---- | C] () -- C:\WINDOWS\ACROREAD.INI
[2009/07/14 08:57:15 | 000,069,632 | ---- | C] () -- C:\WINDOWS\UNINSTCC.EXE
[2009/07/08 21:03:02 | 000,058,880 | ---- | C] () -- C:\WINDOWS\System32\bdmpegv.dll
[2009/06/07 12:26:49 | 000,018,944 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/27 18:59:00 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/03/22 22:19:05 | 000,000,048 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/12/24 01:26:31 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/12/02 12:40:50 | 000,000,039 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2008/10/23 17:49:51 | 001,073,528 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2008/10/23 17:49:51 | 000,003,625 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp m4a Codec.dat
[2008/10/17 16:06:31 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2008/10/17 16:06:31 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2008/10/17 16:06:31 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2008/09/15 20:14:24 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/09/15 20:11:10 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/09/13 08:28:08 | 000,000,932 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2008/09/13 08:27:29 | 000,000,241 | ---- | C] () -- C:\WINDOWS\QSync.INI
[2008/09/13 08:23:36 | 000,081,920 | R--- | C] () -- C:\WINDOWS\bwUnin-6.1.4.36-8876480L.exe
[2008/09/12 10:37:04 | 000,221,184 | ---- | C] () -- C:\Documents and Settings\Tim\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/11 19:13:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/09/11 16:01:41 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Tim\Local Settings\Application Data\fusioncache.dat
[2008/09/11 15:57:17 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/09/11 15:52:25 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/09/11 11:44:16 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/09/11 11:43:33 | 000,270,192 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/12/22 00:16:14 | 000,033,504 | ---- | C] () -- C:\WINDOWS\System32\DivXVfWCodec.dll
[2007/12/22 00:16:04 | 000,447,200 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2007/12/22 00:15:02 | 000,033,504 | ---- | C] () -- C:\WINDOWS\System32\SamsungVfWCodec.dll
[2007/12/21 23:37:44 | 000,066,272 | ---- | C] () -- C:\WINDOWS\System32\libfaac.dll
[2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/03/22 18:38:24 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 18:38:24 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 07:00:00 | 000,444,028 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 07:00:00 | 000,071,904 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/10 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/05/13 05:16:19 | 000,356,352 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll

========== LOP Check ==========

[2010/09/10 00:18:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
[2010/09/09 22:51:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3 YPack Trial
[2009/03/23 17:03:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/03/23 08:12:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2010/07/11 07:00:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Mender
[2011/04/06 00:33:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2011/02/20 01:29:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/11/19 02:04:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nexon
[2010/11/19 02:04:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2010/11/19 00:27:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2011/03/18 19:58:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2011/03/18 19:57:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RosettaStoneLtdBackup
[2011/05/09 23:22:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2010/04/27 09:39:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/21 15:54:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/06/06 23:25:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\BitTorrent
[2009/03/23 17:04:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\DAEMON Tools
[2009/03/23 17:04:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\DAEMON Tools Lite
[2009/03/23 17:04:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\DAEMON Tools Pro
[2009/08/05 00:01:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\DNA
[2010/07/14 17:46:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\ElevatedDiagnostics
[2010/07/11 07:20:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\GetRightToGo
[2009/01/23 18:23:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Jasc
[2010/05/26 11:44:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\NeuLion
[2009/09/08 09:46:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Quake3
[2009/04/01 13:47:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Red Alert 3
[2010/07/11 07:07:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\SystemRequirementsLab

========== Purity Check ==========

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/10 07:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/07/14 16:59:48 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2010/07/14 16:59:48 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/10 07:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/07/14 16:59:48 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010/07/14 16:59:48 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/10 07:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/10 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2006/07/06 06:59:42 | 000,246,784 | ---- | M] (Intel Corporation) MD5=019CF5F31C67030841233C545A0E217A -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\iaStor.sys
[2006/07/06 06:59:42 | 000,246,784 | ---- | M] (Intel Corporation) MD5=019CF5F31C67030841233C545A0E217A -- C:\WINDOWS\system32\drivers\iaStor.sys
[2006/05/11 12:30:52 | 000,247,808 | ---- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- C:\WINDOWS\dell\iastor\iastor.sys
[2006/05/11 12:30:52 | 000,247,808 | ---- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\iaStor.sys
[2006/07/06 07:01:32 | 000,484,864 | ---- | M] (Intel Corporation) MD5=6A3C354BFC163B81F6EF2FC421280DB5 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$NtUninstallKB975467_0$\netlogon.dll
[2004/08/10 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtUninstallKB968389_0$\netlogon.dll

< MD5 for: NVATABUS.SYS >
[2006/03/16 20:51:32 | 000,099,840 | ---- | M] (NVIDIA Corporation) MD5=B7FB72492B753930EC70A0F49D04F12F -- C:\WINDOWS\dell\nvraid\NvAtaBus.sys

< MD5 for: SCECLI.DLL >
[2004/08/10 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010/09/17 08:57:03 | 000,079,872 | RHS- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\scardsspg.dll
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\System32\config\*.sav >
[2008/09/11 11:42:38 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/09/11 11:42:38 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/09/11 11:42:38 | 000,897,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

========== Files - Unicode (All) ==========
[2010/11/19 02:06:17 | 000,000,000 | ---D | M](C:\Documents and Settings\Tim\My Documents\?? ???) -- C:\Documents and Settings\Tim\My Documents\넥슨 플러그
[2010/11/19 02:06:17 | 000,000,000 | ---D | C](C:\Documents and Settings\Tim\My Documents\?? ???) -- C:\Documents and Settings\Tim\My Documents\넥슨 플러그

< End of report >


OTL Extras logfile created on: 6/13/2011 12:51:56 AM - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Documents and Settings\Tim\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 70.58% Memory free
3.85 Gb Paging File | 3.49 Gb Available in Paging File | 90.63% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 293.41 Gb Total Space | 20.74 Gb Free Space | 7.07% Space Free | Partition Type: NTFS
Drive D: | 7.55 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: TIM-57FC674CF68 | User Name: Tim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"57412:TCP" = 57412:TCP:*:Enabled:Pando Media Booster
"57412:UDP" = 57412:UDP:*:Enabled:Pando Media Booster
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"4000:TCP" = 4000:TCP:*:Enabled:Diablo 2
"4000:UDP" = 4000:UDP:*:Enabled:Diablo 2
"3074:TCP" = 3074:TCP:*:Enabled:Halo 3
"88:UDP" = 88:UDP:*:Enabled:Halo 3
"3074:UDP" = 3074:UDP:*:Enabled:Halo 3
"6112:TCP" = 6112:TCP:*:Enabled:Diablo 2
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"3776:UDP" = 3776:UDP:*:Enabled:Media Center Extender Service
"3390:TCP" = 3390:TCP:*:Enabled:Remote Media Center Experience
"57412:TCP" = 57412:TCP:*:Enabled:Pando Media Booster
"57412:UDP" = 57412:UDP:*:Enabled:Pando Media Booster
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services -- (Rosetta Stone Ltd. )
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone Version 3 Application -- (Multidmedia Limited )

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Trillian\trillian.exe" = C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian -- (Cerulean Studios)
"C:\Program Files\LucasArts\Star Wars JK II Jedi Outcast\GameData\jk2mp.exe" = C:\Program Files\LucasArts\Star Wars JK II Jedi Outcast\GameData\jk2mp.exe:*:Enabled:jk2mp -- ()
"C:\Program Files\LucasArts\Star Wars Jedi Knight Jedi Academy\GameData\jamp.exe" = C:\Program Files\LucasArts\Star Wars Jedi Knight Jedi Academy\GameData\jamp.exe:*:Enabled:Jedi Academy MultiPlayer -- (Activision Inc)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Program Files\Warcraft III\Warcraft III.exe" = C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment)
"C:\Program Files\Diablo II\Diablo II.exe" = C:\Program Files\Diablo II\Diablo II.exe:*:Enabled:Diablo II - Lord of Destruction -- (Blizzard North)
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Program Files\Microsoft Games\Age of Empires III\age3.exe" = C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:*:Enabled:Age of Empires III: Complete Collection -- (Ensemble Studios)
"C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe" = C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:*:Enabled:Age of Empires III: Complete Collection -- (Ensemble Studios)
"C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe" = C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe:*:Enabled:Age of Empires III: Complete Collection -- (Microsoft Corporation)
"C:\Program Files\Microsoft Games\Age of Empires III\autopatcher.exe" = C:\Program Files\Microsoft Games\Age of Empires III\autopatcher.exe:*:Enabled:Age of Empires III: Complete Collection -- ()
"C:\Program Files\Microsoft Games\Age of Empires III\autopatcher2.exe" = C:\Program Files\Microsoft Games\Age of Empires III\autopatcher2.exe:*:Enabled:Age of Empires III: Complete Collection -- (Ensemble Studios)
"C:\Program Files\Microsoft Games\Age of Empires III\autopatcherx.exe" = C:\Program Files\Microsoft Games\Age of Empires III\autopatcherx.exe:*:Enabled:Age of Empires III: Complete Collection -- ()
"C:\Program Files\Microsoft Games\Age of Empires III\autopatchery.exe" = C:\Program Files\Microsoft Games\Age of Empires III\autopatchery.exe:*:Enabled:Age of Empires III: Complete Collection -- (Ensemble Studios)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services -- (Rosetta Stone Ltd. )
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone Version 3 Application -- (Multidmedia Limited )
"C:\Program Files\Electronic Arts\Mass Effect™ 2\MassEffect2Launcher.exe" = C:\Program Files\Electronic Arts\Mass Effect™ 2\MassEffect2Launcher.exe:*:Enabled:Mass Effect 2 - Launcher -- (BioWare)
"C:\Program Files\Mass Effect\Binaries\MassEffect.exe" = C:\Program Files\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game -- (BioWare)
"C:\Program Files\Mass Effect\MassEffectLauncher.exe" = C:\Program Files\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher -- (BioWare)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{DEAEB5DB-04FA-489D-94EF-8600898B93EE}" = Corel PaintShop Photo Pro X3
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{174D5678-D941-433C-BD23-58A5C7B0D36D}" = Jasc Animation Shop 3
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1EECBA68-8BE4-4076-94DF-E9ED206B1D21}" = Star Wars Jedi Knight Jedi Academy
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23FE964A-853B-4176-86D7-9E18B5CA1FC0}" = Media Center Extender
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 24
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{4541091F-1F3D-4BA3-A5A3-F71000000100}" = Age of Empires III: Complete Collection
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A24DD7E-7B01-41AC-ADA8-F1776177A3BA}" = Logitech ImageStudio
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}" = Command & Conquer The First Decade
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75D84EF7-0D8C-4E70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7AAA00C4-26E6-4EC0-8069-955B0A9D6009}" = Intel(R) Network Connections 15.2.89.0
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7FA856CB-5544-449D-84C5-07A18CD51467}" = Loong
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{8681B1E6-CD96-46EF-9065-CE0D1085ED99}" = Star Wars JK II Jedi Outcast
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{92482FB3-C05B-41C6-89E7-75D985602A6E}" = System Requirements Lab
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9EBDAF91-DADA-47CE-94F2-F5B004007934}" = System Requirements Lab
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A65F7CF8-6F76-40CE-B44D-D5A89D9881C7}" = MSN Toolbar Platform
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.50
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D08A5DFE-F0C2-74FC-DD56-A3B371E9344D}" = EA Shared Game Component: Activation
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DE8B9311-ADE7-4EDE-B121-326CAA3D225D}" = PSPPContent
"{DE99075E-7D25-4B96-B32E-BFE6FBFAA644}" = IPM_PSP_CL
"{DEAEB5DB-04FA-489D-94EF-8600898B93EE}" = ICA
"{DEF1928A-FC01-48E7-A7E6-4651D42EF6A1}" = PSPPRO_DCRAW
"{DEF8C145-CC4F-4DAA-AD5C-E707C07AEE50}" = IPM_PSP_COM
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F7FC9307-374E-4017-8E9D-DE1154780480}" = System Requirements Lab for Intel
"{F8A3C1B6-D2E0-4CE1-80A2-555D6F71C639}" = Microsoft Search Enhancement Pack
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FCD9CD52-7222-4672-94A0-A722BA702FD0}" = Dell Resource CD
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"3ivx MPEG-4 5.0.2 Plus Decoder" = 3ivx MPEG-4 5.0.2 Plus Decoder (remove only)
"Adobe Acrobat Reader 3.0" = Adobe Acrobat Reader 3.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"AviSynth" = AviSynth 2.5
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"BitTorrent" = BitTorrent
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.ea.Activation.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Shared Game Component: Activation
"dBpoweramp m4a Codec" = dBpoweramp m4a Codec
"Diablo II" = Diablo II
"EA Installer.1522122559" = EA Installer
"EADM" = EA Download Manager
"EHome Devices" = Media Center Extender
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"GFWL_{4541091F-1F3D-4BA3-A5A3-F71000000100}" = Age of Empires III: Complete Collection
"HitmanPro35" = Hitman Pro 3.5
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"M4a/Flac/Ogg/Ape/Mpc Tag Support Plugin for Media Player_is1" = M4a/Flac/Ogg/Ape/Mpc Tag Support Plugin for Media Player v 1.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"VLC media player" = VLC media player 1.0.2
"Warcraft III" = Warcraft III
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/9/2011 11:18:49 PM | Computer Name = TIM-57FC674CF68 | Source = MsiInstaller | ID = 11706
Description = Product: ICA -- Error 1706.No valid source could be found for product
ICA. The Windows Installer cannot continue.

Error - 5/9/2011 11:24:04 PM | Computer Name = TIM-57FC674CF68 | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(BZDN2012089293-QkxaMDAwMj1GN2dBRChTRjBBRFlnOEYxNURBMUYm._bzdn._tcp.local.)
active for over two minutes. This places considerable burden on the network.

Error - 5/28/2011 9:35:23 PM | Computer Name = TIM-57FC674CF68 | Source = Application Error | ID = 1000
Description = Faulting application wmpnetwk.exe, version 11.0.5721.5262, faulting
module xvid.dll, version 0.0.0.0, fault address 0x0001d554.

Error - 6/1/2011 5:16:34 AM | Computer Name = TIM-57FC674CF68 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ieframe.dll, version 8.0.6001.19019, fault address 0x000a34b8.

Error - 6/1/2011 10:55:46 PM | Computer Name = TIM-57FC674CF68 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module gdiplus.dll, version 5.2.6001.22319, fault address 0x000e13f4.

Error - 6/3/2011 10:15:07 AM | Computer Name = TIM-57FC674CF68 | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 0.0.0.0, faulting module
ntdll.dll, version 5.1.2600.6055, fault address 0x000113c0.

Error - 6/7/2011 12:21:16 AM | Computer Name = TIM-57FC674CF68 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 2.0.1.4120, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 6/8/2011 10:09:25 AM | Computer Name = TIM-57FC674CF68 | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 0.0.0.0, faulting module
kernel32.dll, version 5.1.2600.5781, fault address 0x0000984e.

Error - 6/8/2011 10:05:00 PM | Computer Name = TIM-57FC674CF68 | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 0.0.0.0, faulting module
gcswf32.dll, version 10.3.181.22, fault address 0x000d7eef.

Error - 6/12/2011 8:03:07 PM | Computer Name = TIM-57FC674CF68 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 0.0.0.0, faulting module
iexplore.exe, version 0.0.0.0, fault address 0x0008d560.

[ OSession Events ]
Error - 2/21/2011 11:34:03 PM | Computer Name = TIM-57FC674CF68 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2/21/2011 11:34:14 PM | Computer Name = TIM-57FC674CF68 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 6/12/2011 8:06:10 PM | Computer Name = TIM-57FC674CF68 | Source = Service Control Manager | ID = 7031
Description = The AMPingService service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 6/12/2011 8:06:41 PM | Computer Name = TIM-57FC674CF68 | Source = WMPNetworkSvc | ID = 866312
Description = A new media server was not initialized because WMCreateDeviceRegistration()
encountered error '0xc00d2711'. The Windows Media DRM components on your computer
might be corrupted. Verify that protected files play correctly in Windows Media
Player, and then restart the WMPNetworkSvc service.

Error - 6/12/2011 8:06:41 PM | Computer Name = TIM-57FC674CF68 | Source = WMPNetworkSvc | ID = 866312
Description = A new media server was not initialized because WMCreateDeviceRegistration()
encountered error '0xc00d2711'. The Windows Media DRM components on your computer
might be corrupted. Verify that protected files play correctly in Windows Media
Player, and then restart the WMPNetworkSvc service.

Error - 6/12/2011 8:10:13 PM | Computer Name = TIM-57FC674CF68 | Source = Service Control Manager | ID = 7031
Description = The Windows Media Player Network Sharing Service service terminated
unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 30000 milliseconds: Restart the service.

Error - 6/12/2011 8:10:13 PM | Computer Name = TIM-57FC674CF68 | Source = Service Control Manager | ID = 7031
Description = The AMPingService service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 6/12/2011 8:14:20 PM | Computer Name = TIM-57FC674CF68 | Source = Service Control Manager | ID = 7031
Description = The Windows Media Player Network Sharing Service service terminated
unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 30000 milliseconds: Restart the service.

Error - 6/12/2011 8:14:20 PM | Computer Name = TIM-57FC674CF68 | Source = Service Control Manager | ID = 7031
Description = The AMPingService service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 6/12/2011 8:16:34 PM | Computer Name = TIM-57FC674CF68 | Source = Service Control Manager | ID = 7034
Description = The AMPingService service terminated unexpectedly. It has done this
2 time(s).

Error - 6/12/2011 8:19:21 PM | Computer Name = TIM-57FC674CF68 | Source = Service Control Manager | ID = 7000
Description = The Zune Bus Enumerator Driver service failed to start due to the
following error: %%2

Error - 6/12/2011 8:19:21 PM | Computer Name = TIM-57FC674CF68 | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2


< End of report >

0

okie dokie! Scanned:

OTL:


OTL logfile created on: 6/13/2011 12:51:56 AM - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Documents and Settings\Tim\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 70.58% Memory free
3.85 Gb Paging File | 3.49 Gb Available in Paging File | 90.63% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 293.41 Gb Total Space | 20.74 Gb Free Space | 7.07% Space Free | Partition Type: NTFS
Drive D: | 7.55 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: TIM-57FC674CF68 | User Name: Tim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/13 00:41:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tim\Desktop\OTL.exe
PRC - [2010/03/11 15:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/07/06 07:15:00 | 000,151,552 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/07/06 07:14:30 | 000,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2006/03/20 16:00:04 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe


========== Modules (SafeList) ==========

MOD - [2011/06/13 00:41:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tim\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/05/17 19:54:17 | 003,275,864 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_8832f4b.dll -- (Akamai)
SRV - [2010/03/11 15:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/08/19 21:05:59 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2006/07/06 07:14:30 | 000,090,112 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/05/31 08:34:37 | 000,017,480 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hitmanpro35.sys -- (hitmanpro35)
DRV - [2009/12/18 10:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/03/23 08:10:03 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2007/10/17 22:17:22 | 000,822,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WMP300Nv1.sys -- (WMP300Nv1)
DRV - [2006/03/20 16:06:04 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2002/06/10 14:24:22 | 000,188,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvvi500a.sys -- (LVVI500A)
DRV - [2002/06/10 14:21:02 | 000,010,254 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVBulk.sys -- (LVBulk)
DRV - [2002/06/10 14:20:32 | 000,034,816 | ---- | M] (Logitech Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\LVSound2.sys -- (lusbaudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=BABTDF&PC=BBLN&q="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.bbc.co.uk/"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=BABTDF&PC=BBLN&q="
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\Firefox [2010/07/11 07:01:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/07/11 07:01:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/18 10:36:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/20 14:08:21 | 000,000,000 | ---D | M]

[2009/01/31 10:31:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tim\Application Data\Mozilla\Extensions
[2009/01/31 10:31:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tim\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/04/14 23:04:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\6fr90hb6.default\extensions
[2010/07/14 15:45:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\6fr90hb6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/28 08:20:08 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\6fr90hb6.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/03/04 19:42:24 | 000,000,000 | ---D | M] (Illimitux) -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\6fr90hb6.default\extensions\illimitux@illimitux.net
[2009/02/17 22:49:07 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\6fr90hb6.default\extensions\moveplayer@movenetworks.com
[2010/06/10 21:59:18 | 000,002,425 | ---- | M] () -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\6fr90hb6.default\searchplugins\askcom.xml
[2010/07/11 18:41:30 | 000,001,832 | ---- | M] () -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\6fr90hb6.default\searchplugins\bing.xml
[2011/04/08 21:50:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/22 23:56:14 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/07/14 06:32:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/10/24 19:51:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/04 18:40:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/04/29 23:03:43 | 000,000,000 | ---D | M] (The Browser Highlighter) -- C:\Program Files\Mozilla Firefox\extensions\browserhighlighter@ebay.com
File not found (No name found) --
[2011/05/18 10:36:41 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2008/09/03 20:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/06/12 20:19:10 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1278769954000 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1278769945609 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Tim\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tim\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/11 15:55:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - C:\WINDOWS\System32\iprip.dll (Microsoft Corporation)
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011/06/13 00:41:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tim\Desktop\School
[2011/06/13 00:41:07 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tim\Desktop\OTL.exe
[2011/06/12 20:36:35 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/06/12 20:07:07 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/06/12 20:03:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/06/12 20:03:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/06/12 20:03:21 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/06/12 20:03:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/06/12 20:03:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/06/12 20:03:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/12 20:00:16 | 004,120,119 | R--- | C] (Swearware) -- C:\Documents and Settings\Tim\Desktop\ComboFix.exe
[2011/06/06 08:41:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tim\Desktop\cleaner
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/13 00:44:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-688789844-839522115-1003UA.job
[2011/06/13 00:41:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tim\Desktop\OTL.exe
[2011/06/12 20:19:10 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/06/12 20:18:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/12 20:07:18 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2011/06/12 20:00:19 | 004,120,119 | R--- | M] (Swearware) -- C:\Documents and Settings\Tim\Desktop\ComboFix.exe
[2011/06/12 01:44:00 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-688789844-839522115-1003Core.job
[2011/06/09 21:45:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/08 14:46:44 | 000,002,268 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\Google Chrome.lnk
[2011/06/08 14:46:44 | 000,002,246 | ---- | M] () -- C:\Documents and Settings\Tim\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/06/06 23:21:44 | 000,221,184 | ---- | M] () -- C:\Documents and Settings\Tim\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/06 08:53:38 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Tim\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/05/31 08:38:04 | 000,000,209 | ---- | M] () -- C:\Boot.bak
[2011/05/31 08:34:37 | 000,017,480 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/24 10:51:42 | 000,206,715 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\830px-ThedasMap.jpg
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/12 20:07:18 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2011/06/12 20:07:14 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/06/12 20:03:21 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/06/12 20:03:21 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/06/12 20:03:21 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/06/12 20:03:21 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/06/12 20:03:21 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/24 10:51:41 | 000,206,715 | ---- | C] () -- C:\Documents and Settings\Tim\Desktop\830px-ThedasMap.jpg
[2011/02/20 01:23:07 | 000,017,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/11/10 09:09:13 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\9ACA661F1F.sys
[2010/11/10 09:09:12 | 000,002,672 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/09/17 08:57:03 | 000,079,872 | RHS- | C] () -- C:\WINDOWS\System32\scardsspg.dll
[2010/08/28 16:27:20 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/08/28 16:27:16 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/08/28 16:27:16 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/08/28 16:24:46 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/08/25 17:29:59 | 000,068,256 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/06/06 15:53:59 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/04/20 15:46:43 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\liplW7.dll
[2010/04/20 15:46:43 | 000,290,816 | ---- | C] () -- C:\WINDOWS\System32\liplA6.dll
[2010/04/20 15:46:43 | 000,278,528 | ---- | C] () -- C:\WINDOWS\System32\liplPX.dll
[2010/04/20 15:46:43 | 000,278,528 | ---- | C] () -- C:\WINDOWS\System32\liplP6.dll
[2010/04/20 15:46:43 | 000,278,528 | ---- | C] () -- C:\WINDOWS\System32\liplM6.dll
[2010/04/20 15:46:43 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\lipl.dll
[2010/04/20 15:46:43 | 000,005,187 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2010/03/28 20:45:54 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Tim\Local Settings\Application Data\prvlcl.dat
[2009/10/01 22:06:49 | 000,057,252 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/07/14 08:57:49 | 000,000,153 | ---- | C] () -- C:\WINDOWS\ACROREAD.INI
[2009/07/14 08:57:15 | 000,069,632 | ---- | C] () -- C:\WINDOWS\UNINSTCC.EXE
[2009/07/08 21:03:02 | 000,058,880 | ---- | C] () -- C:\WINDOWS\System32\bdmpegv.dll
[2009/06/07 12:26:49 | 000,018,944 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/27 18:59:00 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/03/22 22:19:05 | 000,000,048 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/12/24 01:26:31 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/12/02 12:40:50 | 000,000,039 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2008/10/23 17:49:51 | 001,073,528 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2008/10/23 17:49:51 | 000,003,625 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp m4a Codec.dat
[2008/10/17 16:06:31 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2008/10/17 16:06:31 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2008/10/17 16:06:31 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2008/09/15 20:14:24 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/09/15 20:11:10 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/09/13 08:28:08 | 000,000,932 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2008/09/13 08:27:29 | 000,000,241 | ---- | C] () -- C:\WINDOWS\QSync.INI
[2008/09/13 08:23:36 | 000,081,920 | R--- | C] () -- C:\WINDOWS\bwUnin-6.1.4.36-8876480L.exe
[2008/09/12 10:37:04 | 000,221,184 | ---- | C] () -- C:\Documents and Settings\Tim\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/11 19:13:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/09/11 16:01:41 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Tim\Local Settings\Application Data\fusioncache.dat
[2008/09/11 15:57:17 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/09/11 15:52:25 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/09/11 11:44:16 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/09/11 11:43:33 | 000,270,192 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/12/22 00:16:14 | 000,033,504 | ---- | C] () -- C:\WINDOWS\System32\DivXVfWCodec.dll
[2007/12/22 00:16:04 | 000,447,200 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2007/12/22 00:15:02 | 000,033,504 | ---- | C] () -- C:\WINDOWS\System32\SamsungVfWCodec.dll
[2007/12/21 23:37:44 | 000,066,272 | ---- | C] () -- C:\WINDOWS\System32\libfaac.dll
[2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/03/22 18:38:24 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 18:38:24 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 07:00:00 | 000,444,028 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 07:00:00 | 000,071,904 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/10 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/05/13 05:16:19 | 000,356,352 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll

========== LOP Check ==========

[2010/09/10 00:18:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
[2010/09/09 22:51:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3 YPack Trial
[2009/03/23 17:03:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/03/23 08:12:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2010/07/11 07:00:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Mender
[2011/04/06 00:33:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2011/02/20 01:29:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/11/19 02:04:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nexon
[2010/11/19 02:04:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2010/11/19 00:27:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2011/03/18 19:58:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2011/03/18 19:57:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RosettaStoneLtdBackup
[2011/05/09 23:22:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2010/04/27 09:39:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/21 15:54:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/06/06 23:25:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\BitTorrent
[2009/03/23 17:04:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\DAEMON Tools
[2009/03/23 17:04:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\DAEMON Tools Lite
[2009/03/23 17:04:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\DAEMON Tools Pro
[2009/08/05 00:01:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\DNA
[2010/07/14 17:46:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\ElevatedDiagnostics
[2010/07/11 07:20:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\GetRightToGo
[2009/01/23 18:23:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Jasc
[2010/05/26 11:44:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\NeuLion
[2009/09/08 09:46:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Quake3
[2009/04/01 13:47:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Red Alert 3
[2010/07/11 07:07:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\SystemRequirementsLab

========== Purity Check ==========

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/10 07:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/07/14 16:59:48 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2010/07/14 16:59:48 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/10 07:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/07/14 16:59:48 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010/07/14 16:59:48 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/10 07:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/10 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2006/07/06 06:59:42 | 000,246,784 | ---- | M] (Intel Corporation) MD5=019CF5F31C67030841233C545A0E217A -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\iaStor.sys
[2006/07/06 06:59:42 | 000,246,784 | ---- | M] (Intel Corporation) MD5=019CF5F31C67030841233C545A0E217A -- C:\WINDOWS\system32\drivers\iaStor.sys
[2006/05/11 12:30:52 | 000,247,808 | ---- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- C:\WINDOWS\dell\iastor\iastor.sys
[2006/05/11 12:30:52 | 000,247,808 | ---- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\iaStor.sys
[2006/07/06 07:01:32 | 000,484,864 | ---- | M] (Intel Corporation) MD5=6A3C354BFC163B81F6EF2FC421280DB5 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$NtUninstallKB975467_0$\netlogon.dll
[2004/08/10 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtUninstallKB968389_0$\netlogon.dll

< MD5 for: NVATABUS.SYS >
[2006/03/16 20:51:32 | 000,099,840 | ---- | M] (NVIDIA Corporation) MD5=B7FB72492B753930EC70A0F49D04F12F -- C:\WINDOWS\dell\nvraid\NvAtaBus.sys

< MD5 for: SCECLI.DLL >
[2004/08/10 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010/09/17 08:57:03 | 000,079,872 | RHS- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\scardsspg.dll
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\System32\config\*.sav >
[2008/09/11 11:42:38 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/09/11 11:42:38 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/09/11 11:42:38 | 000,897,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

========== Files - Unicode (All) ==========
[2010/11/19 02:06:17 | 000,000,000 | ---D | M](C:\Documents and Settings\Tim\My Documents\?? ???) -- C:\Documents and Settings\Tim\My Documents\넥슨 플러그
[2010/11/19 02:06:17 | 000,000,000 | ---D | C](C:\Documents and Settings\Tim\My Documents\?? ???) -- C:\Documents and Settings\Tim\My Documents\넥슨 플러그

< End of report >


OTL Extras logfile created on: 6/13/2011 12:51:56 AM - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Documents and Settings\Tim\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 70.58% Memory free
3.85 Gb Paging File | 3.49 Gb Available in Paging File | 90.63% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 293.41 Gb Total Space | 20.74 Gb Free Space | 7.07% Space Free | Partition Type: NTFS
Drive D: | 7.55 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: TIM-57FC674CF68 | User Name: Tim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"57412:TCP" = 57412:TCP:*:Enabled:Pando Media Booster
"57412:UDP" = 57412:UDP:*:Enabled:Pando Media Booster
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"4000:TCP" = 4000:TCP:*:Enabled:Diablo 2
"4000:UDP" = 4000:UDP:*:Enabled:Diablo 2
"3074:TCP" = 3074:TCP:*:Enabled:Halo 3
"88:UDP" = 88:UDP:*:Enabled:Halo 3
"3074:UDP" = 3074:UDP:*:Enabled:Halo 3
"6112:TCP" = 6112:TCP:*:Enabled:Diablo 2
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"3776:UDP" = 3776:UDP:*:Enabled:Media Center Extender Service
"3390:TCP" = 3390:TCP:*:Enabled:Remote Media Center Experience
"57412:TCP" = 57412:TCP:*:Enabled:Pando Media Booster
"57412:UDP" = 57412:UDP:*:Enabled:Pando Media Booster
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services -- (Rosetta Stone Ltd. )
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone Version 3 Application -- (Multidmedia Limited )

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Trillian\trillian.exe" = C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian -- (Cerulean Studios)
"C:\Program Files\LucasArts\Star Wars JK II Jedi Outcast\GameData\jk2mp.exe" = C:\Program Files\LucasArts\Star Wars JK II Jedi Outcast\GameData\jk2mp.exe:*:Enabled:jk2mp -- ()
"C:\Program Files\LucasArts\Star Wars Jedi Knight Jedi Academy\GameData\jamp.exe" = C:\Program Files\LucasArts\Star Wars Jedi Knight Jedi Academy\GameData\jamp.exe:*:Enabled:Jedi Academy MultiPlayer -- (Activision Inc)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Program Files\Warcraft III\Warcraft III.exe" = C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment)
"C:\Program Files\Diablo II\Diablo II.exe" = C:\Program Files\Diablo II\Diablo II.exe:*:Enabled:Diablo II - Lord of Destruction -- (Blizzard North)
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Program Files\Microsoft Games\Age of Empires III\age3.exe" = C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:*:Enabled:Age of Empires III: Complete Collection -- (Ensemble Studios)
"C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe" = C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:*:Enabled:Age of Empires III: Complete Collection -- (Ensemble Studios)
"C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe" = C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe:*:Enabled:Age of Empires III: Complete Collection -- (Microsoft Corporation)
"C:\Program Files\Microsoft Games\Age of Empires III\autopatcher.exe" = C:\Program Files\Microsoft Games\Age of Empires III\autopatcher.exe:*:Enabled:Age of Empires III: Complete Collection -- ()
"C:\Program Files\Microsoft Games\Age of Empires III\autopatcher2.exe" = C:\Program Files\Microsoft Games\Age of Empires III\autopatcher2.exe:*:Enabled:Age of Empires III: Complete Collection -- (Ensemble Studios)
"C:\Program Files\Microsoft Games\Age of Empires III\autopatcherx.exe" = C:\Program Files\Microsoft Games\Age of Empires III\autopatcherx.exe:*:Enabled:Age of Empires III: Complete Collection -- ()
"C:\Program Files\Microsoft Games\Age of Empires III\autopatchery.exe" = C:\Program Files\Microsoft Games\Age of Empires III\autopatchery.exe:*:Enabled:Age of Empires III: Complete Collection -- (Ensemble Studios)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services -- (Rosetta Stone Ltd. )
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone Version 3 Application -- (Multidmedia Limited )
"C:\Program Files\Electronic Arts\Mass Effect™ 2\MassEffect2Launcher.exe" = C:\Program Files\Electronic Arts\Mass Effect™ 2\MassEffect2Launcher.exe:*:Enabled:Mass Effect 2 - Launcher -- (BioWare)
"C:\Program Files\Mass Effect\Binaries\MassEffect.exe" = C:\Program Files\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game -- (BioWare)
"C:\Program Files\Mass Effect\MassEffectLauncher.exe" = C:\Program Files\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher -- (BioWare)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{DEAEB5DB-04FA-489D-94EF-8600898B93EE}" = Corel PaintShop Photo Pro X3
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{174D5678-D941-433C-BD23-58A5C7B0D36D}" = Jasc Animation Shop 3
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1EECBA68-8BE4-4076-94DF-E9ED206B1D21}" = Star Wars Jedi Knight Jedi Academy
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23FE964A-853B-4176-86D7-9E18B5CA1FC0}" = Media Center Extender
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 24
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{4541091F-1F3D-4BA3-A5A3-F71000000100}" = Age of Empires III: Complete Collection
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A24DD7E-7B01-41AC-ADA8-F1776177A3BA}" = Logitech ImageStudio
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}" = Command & Conquer The First Decade
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75D84EF7-0D8C-4E70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7AAA00C4-26E6-4EC0-8069-955B0A9D6009}" = Intel(R) Network Connections 15.2.89.0
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7FA856CB-5544-449D-84C5-07A18CD51467}" = Loong
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{8681B1E6-CD96-46EF-9065-CE0D1085ED99}" = Star Wars JK II Jedi Outcast
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{92482FB3-C05B-41C6-89E7-75D985602A6E}" = System Requirements Lab
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9EBDAF91-DADA-47CE-94F2-F5B004007934}" = System Requirements Lab
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A65F7CF8-6F76-40CE-B44D-D5A89D9881C7}" = MSN Toolbar Platform
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.50
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D08A5DFE-F0C2-74FC-DD56-A3B371E9344D}" = EA Shared Game Component: Activation
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DE8B9311-ADE7-4EDE-B121-326CAA3D225D}" = PSPPContent
"{DE99075E-7D25-4B96-B32E-BFE6FBFAA644}" = IPM_PSP_CL
"{DEAEB5DB-04FA-489D-94EF-8600898B93EE}" = ICA
"{DEF1928A-FC01-48E7-A7E6-4651D42EF6A1}" = PSPPRO_DCRAW
"{DEF8C145-CC4F-4DAA-AD5C-E707C07AEE50}" = IPM_PSP_COM
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F7FC9307-374E-4017-8E9D-DE1154780480}" = System Requirements Lab for Intel
"{F8A3C1B6-D2E0-4CE1-80A2-555D6F71C639}" = Microsoft Search Enhancement Pack
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FCD9CD52-7222-4672-94A0-A722BA702FD0}" = Dell Resource CD
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"3ivx MPEG-4 5.0.2 Plus Decoder" = 3ivx MPEG-4 5.0.2 Plus Decoder (remove only)
"Adobe Acrobat Reader 3.0" = Adobe Acrobat Reader 3.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"AviSynth" = AviSynth 2.5
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"BitTorrent" = BitTorrent
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.ea.Activation.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Shared Game Component: Activation
"dBpoweramp m4a Codec" = dBpoweramp m4a Codec
"Diablo II" = Diablo II
"EA Installer.1522122559" = EA Installer
"EADM" = EA Download Manager
"EHome Devices" = Media Center Extender
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"GFWL_{4541091F-1F3D-4BA3-A5A3-F71000000100}" = Age of Empires III: Complete Collection
"HitmanPro35" = Hitman Pro 3.5
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"M4a/Flac/Ogg/Ape/Mpc Tag Support Plugin for Media Player_is1" = M4a/Flac/Ogg/Ape/Mpc Tag Support Plugin for Media Player v 1.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"VLC media player" = VLC media player 1.0.2
"Warcraft III" = Warcraft III
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/9/2011 11:18:49 PM | Computer Name = TIM-57FC674CF68 | Source = MsiInstaller | ID = 11706
Description = Product: ICA -- Error 1706.No valid source could be found for product
ICA. The Windows Installer cannot continue.

Error - 5/9/2011 11:24:04 PM | Computer Name = TIM-57FC674CF68 | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(BZDN2012089293-QkxaMDAwMj1GN2dBRChTRjBBRFlnOEYxNURBMUYm._bzdn._tcp.local.)
active for over two minutes. This places considerable burden on the network.

Error - 5/28/2011 9:35:23 PM | Computer Name = TIM-57FC674CF68 | Source = Application Error | ID = 1000
Description = Faulting application wmpnetwk.exe, version 11.0.5721.5262, faulting
module xvid.dll, version 0.0.0.0, fault address 0x0001d554.

Error - 6/1/2011 5:16:34 AM | Computer Name = TIM-57FC674CF68 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ieframe.dll, version 8.0.6001.19019, fault address 0x000a34b8.

Error - 6/1/2011 10:55:46 PM | Computer Name = TIM-57FC674CF68 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module gdiplus.dll, version 5.2.6001.22319, fault address 0x000e13f4.

Error - 6/3/2011 10:15:07 AM | Computer Name = TIM-57FC674CF68 | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 0.0.0.0, faulting module
ntdll.dll, version 5.1.2600.6055, fault address 0x000113c0.

Error - 6/7/2011 12:21:16 AM | Computer Name = TIM-57FC674CF68 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 2.0.1.4120, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 6/8/2011 10:09:25 AM | Computer Name = TIM-57FC674CF68 | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 0.0.0.0, faulting module
kernel32.dll, version 5.1.2600.5781, fault address 0x0000984e.

Error - 6/8/2011 10:05:00 PM | Computer Name = TIM-57FC674CF68 | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 0.0.0.0, faulting module
gcswf32.dll, version 10.3.181.22, fault address 0x000d7eef.

Error - 6/12/2011 8:03:07 PM | Computer Name = TIM-57FC674CF68 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 0.0.0.0, faulting module
iexplore.exe, version 0.0.0.0, fault address 0x0008d560.

[ OSession Events ]
Error - 2/21/2011 11:34:03 PM | Computer Name = TIM-57FC674CF68 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2/21/2011 11:34:14 PM | Computer Name = TIM-57FC674CF68 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 6/12/2011 8:06:10 PM | Computer Name = TIM-57FC674CF68 | Source = Service Control Manager | ID = 7031
Description = The AMPingService service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 6/12/2011 8:06:41 PM | Computer Name = TIM-57FC674CF68 | Source = WMPNetworkSvc | ID = 866312
Description = A new media server was not initialized because WMCreateDeviceRegistration()
encountered error '0xc00d2711'. The Windows Media DRM components on your computer
might be corrupted. Verify that protected files play correctly in Windows Media
Player, and then restart the WMPNetworkSvc service.

Error - 6/12/2011 8:06:41 PM | Computer Name = TIM-57FC674CF68 | Source = WMPNetworkSvc | ID = 866312
Description = A new media server was not initialized because WMCreateDeviceRegistration()
encountered error '0xc00d2711'. The Windows Media DRM components on your computer
might be corrupted. Verify that protected files play correctly in Windows Media
Player, and then restart the WMPNetworkSvc service.

Error - 6/12/2011 8:10:13 PM | Computer Name = TIM-57FC674CF68 | Source = Service Control Manager | ID = 7031
Description = The Windows Media Player Network Sharing Service service terminated
unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 30000 milliseconds: Restart the service.

Error - 6/12/2011 8:10:13 PM | Computer Name = TIM-57FC674CF68 | Source = Service Control Manager | ID = 7031
Description = The AMPingService service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 6/12/2011 8:14:20 PM | Computer Name = TIM-57FC674CF68 | Source = Service Control Manager | ID = 7031
Description = The Windows Media Player Network Sharing Service service terminated
unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 30000 milliseconds: Restart the service.

Error - 6/12/2011 8:14:20 PM | Computer Name = TIM-57FC674CF68 | Source = Service Control Manager | ID = 7031
Description = The AMPingService service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 6/12/2011 8:16:34 PM | Computer Name = TIM-57FC674CF68 | Source = Service Control Manager | ID = 7034
Description = The AMPingService service terminated unexpectedly. It has done this
2 time(s).

Error - 6/12/2011 8:19:21 PM | Computer Name = TIM-57FC674CF68 | Source = Service Control Manager | ID = 7000
Description = The Zune Bus Enumerator Driver service failed to start due to the
following error: %%2

Error - 6/12/2011 8:19:21 PM | Computer Name = TIM-57FC674CF68 | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2


< End of report >

0

Thanks. Can I ask you, your logs show open ports, are these open intentionally to allow you to connect to games?
How is the computer running? Are you still getting the redirects?

Edited by jholland1964: n/a

0

Yes, the ports were opened to host some games with friends, and I haven't gotten any redirects from google, but instead now when I try to click on a search result, even to go to a wiki page, the first half of url's at the top disappear, for instance at the top right now I see /hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/365966/1581535#post1581535 the www.daniweb.com is disappeared, the space is still there and I can highlight it, but it's blank and can't copy/paste. Also the text on tab's disappear as well when I have multiple tabs opened.

0

why yes it is google chrome, firefox seems to go smoothly

0

Really can't give advice on Chrome since I don't use it. One thing you need to do is update your Java program.

Go here to download the latest version:
http://java.com/en/download/manual.jsp

Choose the Offline install and save it to the desktop.

After you have downloaded then close all your browsers, email programs etc. and go to Add/Remove and Uninstall ALL Java that you see there
Java Auto Updater
Java(TM) 6 Update 24

Once you have uninstalled those then double click the install file on your desktop to install the new version. WATCH the install VERY CAREFULLY because it might contain a toolbar or other item you don't want. If you see one of these "extras" that the check mark OUT of the boxes you will see there so you won't get the extra item offered, like an Asktool bar or Yahoo toolbar, something like that...you don't need them

Allow the install to coninue to completion. Once it finished then open the browser and go back to the download page and on the right side look for Verify Now, click that to go to the verification page to be sure the install went as it was supposed to.

Then try your Chrome and see if it works ok.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.