Inactive Malware - Google redirect

Status
Not open for further replies.
T

tacobob20

Posts: 30   +0
Hello. I've got an infection that's driving me crazy. Any help would be greatly appreciated.

Browser Hijack, redirected from Google search results, and is intermittent. IE and Firefox confirmed, was not yet able to duplicate in chrome.
Some common anti-virus applications are unable to run, even in safe mode (I.e. spybot, had to rename malwarebytes).


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4772

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

10/7/2010 6:45:25 PM
mbam-log-2010-10-07 (18-45-25).txt

Scan type: Quick scan
Objects scanned: 187142
Time elapsed: 4 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 

Attachments

  • gmer.log
    6.1 KB · Views: 1
  • Attach.txt
    22.9 KB · Views: 0
  • DDS.txt
    12.9 KB · Views: 1
Hi and welcome to TechSpot forums :).

====

Looks like you have run Combofix at some point. Do you have the log?

====

Please download JavaRa

If you get this message:
Problems with the download? Please use this direct link or try another mirror.

Select the Direct link download unzip it to your Desktop.

Double click JavaRa.exe then click Remove Older Versions.

Follow any prompts; a log will popup (JavaRa.log)-- please post the contents of this log.

Next, open JavaRa.exe again, and select Search For Updates.

Select Update Using Sun Java's Website --> Search, and continue the instructions for downloading and installing the latest Java version. Look for JDK 6 Update 21 (JDK or JRE). On the right select this one Download JRE..

In Vista and Windows 7 run the tool as Administrator.

====

Download and Run ATF Cleaner
Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it.

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

========

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:


netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT


* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Thank you for your speedy response.
Yes, I had run combofix at some point before finding this forum. The log is attached




JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Fri Oct 08 18:35:46 2010

Found and removed: C:\Program Files\Java\jre1.5.0_11

Found and removed: C:\Documents and Settings\Brad\Application Data\Sun\Java\jre1.6.0_11

Found and removed: C:\Documents and Settings\Brad\Application Data\Sun\Java\jre1.6.0_12

Found and removed: C:\Documents and Settings\Brad\Application Data\Sun\Java\jre1.6.0_13

Found and removed: C:\Documents and Settings\Brad\Application Data\Sun\Java\jre1.6.0_14

Found and removed: C:\Documents and Settings\Brad\Application Data\Sun\Java\jre1.6.0_15

Found and removed: C:\Documents and Settings\Brad\Application Data\Sun\Java\jre1.6.0_17

Found and removed: Software\JavaSoft\Java2D\1.5.0_11

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D511001

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D511001

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D511001

Found and removed: SOFTWARE\Classes\JavaPlugin.150_11

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_11

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_11

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D511001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D511001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150110}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_11

Found and removed: Software\Classes\JavaPlugin.160_01

Found and removed: Software\Classes\JavaPlugin.160_17

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_11\

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core1.zip

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core2.zip

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core3.zip

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Fri Oct 08 18:36:02 2010

------------------------------------

Finished reporting.
 
OTL part 1

OTL logfile created on: 10/8/2010 7:03:28 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Brad\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 79.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 58.59 Gb Total Space | 7.11 Gb Free Space | 12.14% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 360.08 Gb Total Space | 88.59 Gb Free Space | 24.60% Space Free | Partition Type: NTFS
Drive F: | 48.83 Gb Total Space | 24.54 Gb Free Space | 50.25% Space Free | Partition Type: NTFS
Drive G: | 500.00 Gb Total Space | 51.43 Gb Free Space | 10.29% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CERBERUS
Current User Name: Brad
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/10/08 18:32:55 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brad\Desktop\OTL.exe
PRC - [2010/08/23 17:20:19 | 001,242,448 | ---- | M] (Valve Corporation) -- G:\Games\Steam\steam.exe
PRC - [2010/03/29 17:12:18 | 000,810,120 | ---- | M] (ESET) -- G:\Tools\nod32\ekrn.exe
PRC - [2010/03/29 17:11:50 | 002,145,000 | ---- | M] (ESET) -- G:\Tools\nod32\egui.exe
PRC - [2010/01/22 21:57:08 | 000,395,824 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnat.exe
PRC - [2010/01/22 21:56:46 | 000,064,048 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Player\hqtray.exe
PRC - [2010/01/22 21:56:44 | 000,334,384 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnetdhcp.exe
PRC - [2010/01/22 21:56:28 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Player\vmware-authd.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- G:\Tools\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/10/31 21:04:40 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2008/10/08 00:41:36 | 000,023,552 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\Ctxfihlp.exe
PRC - [2008/10/08 00:37:38 | 001,212,928 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTxfispi.exe
PRC - [2008/08/30 16:04:08 | 001,519,168 | ---- | M] (UltraVNC) -- C:\Program Files\UltraVNC\winvnc.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/05/11 12:58:54 | 000,176,128 | ---- | M] () -- C:\Program Files\Razer\Habu\razerhid.exe
PRC - [2006/12/18 21:34:00 | 000,868,352 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2006/08/07 18:00:28 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files\Razer\Habu\razerofa.exe
PRC - [2006/08/07 18:00:24 | 000,143,360 | ---- | M] () -- C:\Program Files\Razer\Habu\razertra.exe
PRC - [2006/06/16 01:28:36 | 000,987,136 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
PRC - [2006/03/30 15:58:14 | 000,143,360 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
PRC - [2006/03/06 09:31:52 | 001,122,304 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\G-series Software\LGDCore.exe
PRC - [2006/03/06 09:16:12 | 000,198,656 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
PRC - [2006/03/06 09:15:42 | 000,289,792 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
PRC - [2006/03/06 09:14:58 | 000,497,152 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\G-series Software\LCDMon.exe
PRC - [2005/08/07 16:10:20 | 000,016,384 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\CTHELPER.EXE


========== Modules (SafeList) ==========

MOD - [2010/10/08 18:32:55 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brad\Desktop\OTL.exe
MOD - [2008/04/13 18:12:00 | 001,384,479 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvbvm60.dll
MOD - [2008/04/13 18:11:52 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dinput.dll
MOD - [2008/04/13 18:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2005/08/07 16:10:18 | 000,007,168 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTAGENT.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\DOCUME~1\Brad\LOCALS~1\Temp\WJFXGVWEU.exe -- (WJFXGVWEU)
SRV - File not found [On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\UCZGBTEWN.exe -- (UCZGBTEWN)
SRV - File not found [On_Demand | Stopped] -- C:\DOCUME~1\Brad\LOCALS~1\Temp\RPGNCM.exe -- (RPGNCM)
SRV - [2010/07/02 22:00:54 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- g:\Games\Steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2010/03/29 17:16:36 | 000,033,560 | ---- | M] (ESET) [On_Demand | Stopped] -- G:\Tools\nod32\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010/03/29 17:12:18 | 000,810,120 | ---- | M] (ESET) [Auto | Running] -- G:\Tools\nod32\ekrn.exe -- (ekrn)
SRV - [2010/01/22 21:57:08 | 000,395,824 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vmnat.exe -- (VMware NAT Service)
SRV - [2010/01/22 21:56:44 | 000,334,384 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2010/01/22 21:56:28 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2010/01/22 21:00:48 | 000,563,760 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2009/10/20 12:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009/10/12 14:32:24 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60)
SRV - [2009/06/21 07:05:46 | 000,691,200 | ---- | M] (FileZilla Project) [On_Demand | Stopped] -- C:\Program Files\FileZilla Server\FileZilla Server.exe -- (FileZilla Server)
SRV - [2009/01/21 05:46:11 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2008/10/31 21:04:40 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008/08/30 16:04:08 | 001,519,168 | ---- | M] (UltraVNC) [Auto | Running] -- C:\Program Files\UltraVNC\WinVNC.exe -- (uvnc_service)
SRV - [2008/07/24 15:22:50 | 000,102,400 | ---- | M] (WDC) [Disabled | Stopped] -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe)
SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2006/03/30 15:58:14 | 000,143,360 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2006/03/30 15:54:48 | 000,131,131 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp)
SRV - [2006/03/30 15:54:18 | 000,065,599 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog)
SRV - [2006/02/07 01:13:32 | 000,020,543 | ---- | M] (Apache Software Foundation) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe -- (ForcewareWebInterface)
SRV - [2006/01/05 00:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)


========== Driver Services (SafeList) ==========

DRV - [2010/04/03 16:55:31 | 010,232,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2010/03/29 17:13:44 | 000,095,872 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2010/03/29 17:12:00 | 000,114,984 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010/03/29 17:07:30 | 000,140,216 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2010/01/22 21:58:02 | 000,032,688 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2010/01/22 21:57:58 | 000,026,288 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2010/01/22 21:57:56 | 000,023,216 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2010/01/22 21:57:54 | 000,854,192 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmx86.sys -- (vmx86)
DRV - [2010/01/22 21:57:54 | 000,070,704 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmci.sys -- (vmci)
DRV - [2010/01/22 21:56:46 | 000,014,896 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmparport.sys -- (VMparport)
DRV - [2010/01/22 21:00:42 | 000,032,304 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hcmon.sys -- (hcmon)
DRV - [2010/01/22 17:13:00 | 000,031,280 | R--- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vmusb.sys -- (vmusb)
DRV - [2010/01/22 17:13:00 | 000,016,560 | R--- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2009/10/20 12:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2009/10/12 14:31:52 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009/04/08 14:29:52 | 000,056,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\xusb21.sys -- (xusb21)
DRV - [2008/10/08 02:22:04 | 001,177,624 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2008/10/08 02:22:02 | 000,095,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2008/10/08 02:22:00 | 000,158,744 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2008/10/08 02:21:58 | 000,014,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2008/10/08 02:21:56 | 000,130,072 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2008/10/08 02:21:54 | 000,347,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2008/10/08 02:21:50 | 000,526,232 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2008/10/08 02:21:46 | 000,511,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2008/10/08 02:21:44 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)
DRV - [2008/10/08 02:21:44 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV - [2008/10/08 02:21:40 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)
DRV - [2008/10/08 02:21:40 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV - [2008/10/08 02:21:38 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CT20XUT.SYS -- (CT20XUT.SYS)
DRV - [2008/10/08 02:21:38 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CT20XUT.sys -- (CT20XUT)
DRV - [2008/04/13 10:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/06/29 15:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007/02/17 16:17:47 | 000,646,392 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2007/01/16 09:09:00 | 000,293,888 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2006/10/23 13:09:48 | 000,027,776 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\habu.sys -- (HabuFltr)
DRV - [2006/07/01 23:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/06/16 01:30:16 | 000,176,128 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8187.sys -- (RTLWUSB)
DRV - [2006/05/01 11:27:06 | 000,082,944 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvraid.sys -- (nvraid) NVIDIA nForce(tm)
DRV - [2006/05/01 11:27:00 | 000,100,736 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2006/03/31 05:39:54 | 000,013,532 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SjyPkt.sys -- (SjyPkt)
DRV - [2006/03/22 00:24:02 | 000,018,944 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/22 00:24:00 | 000,052,736 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/03/22 00:23:50 | 000,109,568 | R--- | M] (NVIDIA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\nvtcp.sys -- (NVTCP)
DRV - [2006/03/17 17:18:00 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2005/12/21 12:23:26 | 000,014,592 | ---- | M] (Motorola) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\USBICP.sys -- (uisp)
DRV - [2005/01/19 16:30:52 | 000,067,200 | R--- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SI3132.sys -- (SI3132)
DRV - [2004/11/01 13:21:32 | 000,010,368 | R--- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2004/08/12 20:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/07/26 13:54:48 | 000,056,576 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiH0006.sys -- (SaiH0006)
DRV - [2004/06/26 14:22:00 | 000,004,736 | ---- | M] (RDV Soft) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vncdrv.sys -- (vncdrv)
DRV - [2004/04/30 10:37:02 | 000,160,640 | ---- | M] ( ) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\a347bus.sys -- (a347bus)
DRV - [2004/04/30 10:33:00 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\a347scsi.sys -- (a347scsi)
 
OTL part 2

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:3073

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - HKLM\software\mozilla\Firefox\extensions\\copytolightning@corel.com: G:\School\Corel\WordPerfect Lightning\Programs\FirefoxExtension\ [2009/08/30 20:56:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/03 00:51:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/06 18:37:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2007/11/11 18:01:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2009/02/10 23:02:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: G:\Tools\nod32\Mozilla Thunderbird [2010/10/02 02:35:25 | 000,000,000 | ---D | M]

[2009/10/05 00:20:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\Mozilla\Extensions
[2010/10/08 18:24:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\Mozilla\Firefox\Profiles\gn9wnj7g.default\extensions
[2010/10/07 17:36:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Brad\Application Data\Mozilla\Firefox\Profiles\gn9wnj7g.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/07 17:36:20 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\Brad\Application Data\Mozilla\Firefox\Profiles\gn9wnj7g.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010/10/07 17:36:20 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Brad\Application Data\Mozilla\Firefox\Profiles\gn9wnj7g.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/02/26 03:33:46 | 000,010,952 | ---- | M] () -- C:\Documents and Settings\Brad\Application Data\Mozilla\Firefox\Profiles\gn9wnj7g.default\searchplugins\gutenberg.xml
[2009/02/26 03:34:31 | 000,001,504 | ---- | M] () -- C:\Documents and Settings\Brad\Application Data\Mozilla\Firefox\Profiles\gn9wnj7g.default\searchplugins\imdb.xml
[2009/02/26 03:32:51 | 000,001,032 | ---- | M] () -- C:\Documents and Settings\Brad\Application Data\Mozilla\Firefox\Profiles\gn9wnj7g.default\searchplugins\wikipedia-eng.xml
[2009/10/01 14:20:43 | 000,004,140 | ---- | M] () -- C:\Documents and Settings\Brad\Application Data\Mozilla\Firefox\Profiles\gn9wnj7g.default\searchplugins\youtube.xml
[2010/10/07 23:14:57 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/24 16:48:21 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/10/06 18:37:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/10/02 00:14:46 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - G:\Tools\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [egui] G:\Tools\nod32\egui.exe (ESET)
O4 - HKLM..\Run: [Habu] C:\Program Files\Razer\Habu\razerhid.exe ()
O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\G-series Software\LCDMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [VMware hqtray] C:\Program Files\VMware\VMware Player\hqtray.exe (VMware, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] G:\Tools\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Steam] g:\games\steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ASUS WiFi-AP Solo.lnk = C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe (ASUSTek Computer Inc.)
O4 - Startup: C:\Documents and Settings\Brad\Start Menu\Programs\Startup\AutorunsDisabled [2010/09/30 20:11:31 | 000,000,000 | -H-D | M]
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\Tools\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1234752321875 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Brad\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Brad\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/02/17 02:41:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/03/10 21:25:18 | 000,000,000 | ---D | M] - E:\Autorun -- [ NTFS ]
O32 - AutoRun File - [2009/02/03 10:32:00 | 000,647,552 | ---- | M] (Sysinternals - www.sysinternals.com) - G:\autoruns.exe -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (79671029160476672)

========== Files/Folders - Created Within 90 Days ==========

[2010/10/08 18:57:18 | 000,000,000 | ---D | C] -- C:\Program Files\Sun
[2010/10/08 18:34:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brad\Desktop\JavaRa unzip
[2010/10/08 18:32:45 | 000,576,512 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Brad\Desktop\OTL.exe
[2010/10/06 22:06:28 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/10/06 18:38:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/10/04 18:25:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/10/04 18:23:49 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Brad\Desktop\spybotsd162.exe
[2010/10/02 16:41:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
[2010/10/02 05:08:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brad\Local Settings\Application Data\ESET
[2010/10/02 02:35:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/10/02 00:51:17 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/02 00:51:16 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/02 00:50:15 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Brad\Desktop\mbam-setup-1.46.exe
[2010/10/02 00:46:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/10/02 00:06:49 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/10/02 00:04:07 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/10/02 00:04:07 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/10/02 00:04:07 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/10/02 00:04:07 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/10/02 00:03:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/10/02 00:01:29 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/09/30 20:11:31 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Brad\Start Menu\Programs\Startup\AutorunsDisabled
[2010/09/22 17:51:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brad\Application Data\.minecraft
[2010/09/20 18:18:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brad\My Documents\My Digital Editions
[2010/09/19 19:24:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DirectX
[2010/09/19 19:24:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brad\My Documents\Overlord
[2010/09/04 19:29:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brad\My Documents\Amnesia
[2010/08/02 06:49:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brad\My Documents\StarCraft II
[2010/07/24 16:48:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2009/02/15 21:27:56 | 000,160,640 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347bus.sys
[2009/02/15 21:27:56 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347scsi.sys
 
OTL part 3

========== Files - Modified Within 90 Days ==========

[2010/10/08 18:32:55 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brad\Desktop\OTL.exe
[2010/10/08 18:28:14 | 000,156,329 | ---- | M] () -- C:\Documents and Settings\Brad\Desktop\JavaRa.zip
[2010/10/08 18:27:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-790525478-854245398-839522115-1003UA.job
[2010/10/08 18:23:39 | 000,276,202 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/10/08 18:23:28 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/08 18:11:42 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/10/08 18:11:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/08 00:39:13 | 000,053,776 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000008-00001102-00000005-00211102}.rfx
[2010/10/08 00:39:13 | 000,053,776 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000008-00001102-00000005-00211102}.rfx
[2010/10/08 00:39:13 | 000,000,788 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000008-00001102-00000005-00211102}.rfx
[2010/10/08 00:39:08 | 007,864,320 | -H-- | M] () -- C:\Documents and Settings\Brad\NTUSER.DAT
[2010/10/08 00:39:08 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Brad\ntuser.ini
[2010/10/05 17:56:15 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/10/05 17:47:01 | 003,873,401 | R--- | M] () -- C:\Documents and Settings\Brad\Desktop\CmboFix.exe
[2010/10/04 23:27:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-790525478-854245398-839522115-1003Core.job
[2010/10/04 18:35:09 | 000,000,613 | ---- | M] () -- C:\Documents and Settings\Brad\Desktop\Shortcut to in.exe.lnk
[2010/10/04 18:25:39 | 000,000,753 | ---- | M] () -- C:\Documents and Settings\Brad\Desktop\Spybot - Search & Destroy.lnk
[2010/10/04 18:25:39 | 000,000,753 | ---- | M] () -- C:\Documents and Settings\Brad\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/10/04 18:23:49 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Brad\Desktop\spybotsd162.exe
[2010/10/03 19:08:56 | 000,000,542 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/10/03 19:08:56 | 000,000,339 | RHS- | M] () -- C:\boot.ini
[2010/10/03 17:45:14 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Brad\Desktop\dds.scr
[2010/10/03 17:44:40 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Brad\Desktop\vwfuf460.exe
[2010/10/02 17:29:10 | 000,000,000 | ---- | M] () -- C:\WINDOWS\LCDMedia.INI
[2010/10/02 15:39:54 | 000,504,880 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/10/02 15:39:54 | 000,443,368 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/02 15:39:54 | 000,072,212 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/02 15:38:11 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/02 01:58:59 | 000,008,246 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010/10/02 01:33:51 | 039,327,232 | ---- | M] () -- C:\Documents and Settings\Brad\Desktop\eav_nt32_enu.msi
[2010/10/02 00:50:15 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Brad\Desktop\mbam-setup-1.46.exe
[2010/10/02 00:14:46 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/10/01 23:09:06 | 000,000,241 | ---- | M] () -- C:\Boot.bak
[2010/09/24 21:25:48 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Brad\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/23 23:27:39 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Brad\Desktop\Google Chrome.lnk
[2010/09/20 18:17:49 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Digital Editions.lnk
[2010/09/05 18:30:08 | 000,148,400 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/27 00:03:10 | 000,475,535 | ---- | M] () -- C:\Documents and Settings\Brad\Desktop\POLARSTAR.jpg
[2010/08/26 21:43:47 | 000,000,466 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Cygwin.lnk
[2010/08/26 00:24:34 | 000,000,837 | ---- | M] () -- C:\Documents and Settings\Brad\Desktop\VidTor.exe.lnk
[2010/08/25 22:24:41 | 000,034,356 | ---- | M] () -- C:\Documents and Settings\Brad\Desktop\f36484_1274230002073.jpg
[2010/08/15 21:12:54 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/08/10 22:24:06 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Brad\Local Settings\Application Data\PUTTY.RND
[2010/08/02 07:00:51 | 000,000,606 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\StarCraft II.lnk

========== Files Created - No Company Name ==========

[2010/10/08 18:28:13 | 000,156,329 | ---- | C] () -- C:\Documents and Settings\Brad\Desktop\JavaRa.zip
[2010/10/04 18:35:09 | 000,000,613 | ---- | C] () -- C:\Documents and Settings\Brad\Desktop\Shortcut to in.exe.lnk
[2010/10/04 18:25:39 | 000,000,753 | ---- | C] () -- C:\Documents and Settings\Brad\Desktop\Spybot - Search & Destroy.lnk
[2010/10/04 18:25:39 | 000,000,753 | ---- | C] () -- C:\Documents and Settings\Brad\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/10/03 17:45:40 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Brad\Desktop\dds.scr
[2010/10/03 17:45:01 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Brad\Desktop\vwfuf460.exe
[2010/10/02 17:29:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\LCDMedia.INI
[2010/10/02 01:33:51 | 039,327,232 | ---- | C] () -- C:\Documents and Settings\Brad\Desktop\eav_nt32_enu.msi
[2010/10/02 00:06:53 | 000,000,241 | ---- | C] () -- C:\Boot.bak
[2010/10/02 00:06:51 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/10/02 00:04:07 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/10/02 00:04:07 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/10/02 00:04:07 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/10/02 00:04:07 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/10/02 00:04:07 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/02 00:00:04 | 003,873,401 | R--- | C] () -- C:\Documents and Settings\Brad\Desktop\CmboFix.exe
[2010/09/20 18:17:49 | 000,001,819 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Digital Editions.lnk
[2010/08/27 00:03:10 | 000,475,535 | ---- | C] () -- C:\Documents and Settings\Brad\Desktop\POLARSTAR.jpg
[2010/08/26 21:43:47 | 000,000,466 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Cygwin.lnk
[2010/08/25 22:24:41 | 000,034,356 | ---- | C] () -- C:\Documents and Settings\Brad\Desktop\f36484_1274230002073.jpg
[2010/08/02 06:49:26 | 000,000,606 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\StarCraft II.lnk
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2010/03/20 14:43:48 | 000,001,816 | ---- | C] () -- C:\WINDOWS\TSearch.INI
[2010/03/15 22:37:54 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Brad\Local Settings\Application Data\PUTTY.RND
[2010/01/31 20:40:56 | 000,015,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2009/10/20 12:19:30 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009/08/30 20:58:05 | 000,000,952 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2009/07/19 19:02:19 | 000,000,023 | ---- | C] () -- C:\WINDOWS\SWFDecompiler.INI
[2009/06/30 18:25:40 | 000,007,775 | ---- | C] () -- C:\Documents and Settings\Brad\Application Data\.civclientrc
[2008/10/08 01:08:38 | 000,020,936 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2008/10/08 00:41:40 | 000,002,560 | ---- | C] () -- C:\WINDOWS\System32\CtxfiRes.dll
[2008/10/08 00:41:40 | 000,002,560 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2008/09/30 14:59:11 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\csdlocalmon.dll
[2008/09/12 22:22:40 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2008/05/16 15:01:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/02/24 17:44:52 | 000,054,624 | ---- | C] () -- C:\WINDOWS\System32\4401D.sys
[2008/02/08 21:22:04 | 000,000,753 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/11/11 18:06:06 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/04/01 14:19:47 | 000,000,048 | ---- | C] () -- C:\WINDOWS\scmate.ini
[2007/03/30 11:59:58 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2007/03/30 11:59:57 | 000,471,552 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2007/03/28 21:37:31 | 000,000,121 | ---- | C] () -- C:\WINDOWS\Winchat.ini
[2007/02/19 01:18:40 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Brad\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/02/17 12:13:22 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2007/02/17 02:49:33 | 000,000,804 | R--- | C] () -- C:\WINDOWS\System32\AsusSetup.ini
[2007/02/17 02:49:33 | 000,000,403 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini
[2007/02/17 02:48:48 | 000,031,101 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2007/02/17 02:47:46 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2007/02/17 02:47:45 | 000,031,063 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2007/02/17 02:47:37 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2005/08/07 16:19:00 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
[2005/06/07 07:10:50 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL
[2003/03/21 03:56:12 | 000,000,321 | ---- | C] () -- C:\WINDOWS\System32\kill.ini

========== LOP Check ==========

[2008/12/02 22:53:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy
[2010/01/04 17:41:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010/07/03 03:39:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BioWare
[2009/08/30 20:56:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Borland
[2010/10/02 02:35:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2009/09/06 15:50:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gamerizon
[2010/01/31 21:29:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/04/23 00:47:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ice-pick Lodge
[2009/06/28 16:48:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ironclad Games
[2009/06/28 16:25:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Stardock
[2009/01/07 15:09:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/12/26 19:05:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Valve
[2007/03/03 16:02:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2008/07/16 15:32:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{0E8E33D8-193A-414A-A909-0F101A142D26}
[2009/06/28 16:25:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{3324F7A6-7151-481D-8C80-99FEE7AFB967}
[2009/06/30 18:25:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\.freeciv
[2010/09/25 16:41:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\.minecraft
[2009/09/22 22:27:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\.purple
[2010/09/24 21:02:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\Azureus
[2008/08/31 15:40:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\Bioshock
[2009/04/14 23:22:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\Braid
[2008/09/30 13:01:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\COWON
[2009/05/06 14:03:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\Crayon Physics Deluxe
[2009/05/14 16:33:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\Dark Sector
[2010/04/03 11:56:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\FileZilla
[2008/12/03 00:18:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\GamesFaction
[2009/08/16 19:07:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\Gmote
[2009/02/27 15:49:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\gtk-2.0
[2009/09/13 16:28:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\InfraRecorder
[2009/08/23 18:11:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\Larva Mortus
[2009/05/06 15:19:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\Larva Mortus Demo
[2007/03/24 18:10:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\Leadertech
[2009/08/11 10:00:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\MioNet
[2007/04/23 19:26:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\My Battle for Middle-earth Files
[2009/12/13 16:58:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\runic games
[2009/01/02 04:10:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\Spore
[2009/06/28 16:31:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\Stardock
[2010/04/14 17:26:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\SystemRequirementsLab
[2009/06/09 13:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\The Path
[2007/04/24 02:37:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\Thunderbird
[2010/01/10 22:57:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\uk.co.planetside
[2010/04/18 21:47:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\Wireshark
[2007/04/14 23:37:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\WordWeb

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2006/02/28 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/02/15 20:57:13 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/02/15 20:57:13 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2006/02/28 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/02/15 20:57:13 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/02/15 20:57:13 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2006/02/28 06:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 18:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 18:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 18:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2006/02/28 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2006/02/28 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NVATABUS.SYS >
[2006/05/01 11:27:00 | 000,100,736 | ---- | M] (NVIDIA Corporation) MD5=49628180ADB2E043CE017D85014BB751 -- C:\WINDOWS\OemDir\nvatabus.sys
[2006/05/01 11:27:00 | 000,100,736 | ---- | M] (NVIDIA Corporation) MD5=49628180ADB2E043CE017D85014BB751 -- C:\WINDOWS\system32\drivers\nvatabus.sys

< MD5 for: SCECLI.DLL >
[2006/02/28 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 18:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 18:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 18:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2007/02/16 19:25:03 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007/02/16 19:25:03 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007/02/16 19:25:03 | 000,921,600 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< End of report >
 
Extras 1

OTL Extras logfile created on: 10/8/2010 7:03:28 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Brad\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 79.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 58.59 Gb Total Space | 7.11 Gb Free Space | 12.14% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 360.08 Gb Total Space | 88.59 Gb Free Space | 24.60% Space Free | Partition Type: NTFS
Drive F: | 48.83 Gb Total Space | 24.54 Gb Free Space | 50.25% Space Free | Partition Type: NTFS
Drive G: | 500.00 Gb Total Space | 51.43 Gb Free Space | 10.29% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CERBERUS
Current User Name: Brad
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
"5900:TCP" = 5900:TCP:*:Enabled:vnc5900
"5800:TCP" = 5800:TCP:*:Enabled:vnc5800
"1700:TCP" = 1700:TCP:*:Enabled:MioNet Remote Drive Access 0
"1701:TCP" = 1701:TCP:*:Enabled:MioNet Remote Drive Access 1
"1702:TCP" = 1702:TCP:*:Enabled:MioNet Remote Drive Access 2
"1703:TCP" = 1703:TCP:*:Enabled:MioNet Remote Drive Access 3
"1704:TCP" = 1704:TCP:*:Enabled:MioNet Remote Drive Access 4
"1705:TCP" = 1705:TCP:*:Enabled:MioNet Remote Drive Access 5
"1706:TCP" = 1706:TCP:*:Enabled:MioNet Remote Drive Access 6
"1707:TCP" = 1707:TCP:*:Enabled:MioNet Remote Drive Access 7
"1708:TCP" = 1708:TCP:*:Enabled:MioNet Remote Drive Access 8
"1709:TCP" = 1709:TCP:*:Enabled:MioNet Remote Drive Access 9
"1641:TCP" = 1641:TCP:*:Enabled:MioNet Remote Drive Verification
"1647:TCP" = 1647:TCP:*:Enabled:MioNet Storage Device Configuration
"5432:UDP" = 5432:UDP:*:Enabled:MioNet Storage Device Discovery
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\VMware\VMware Player\vmware-authd.exe" = C:\Program Files\VMware\VMware Player\vmware-authd.exe:*:Enabled:VMware Authd -- (VMware, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe" = C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"E:\Games\Starcraft\StarCraft.exe" = E:\Games\Starcraft\StarCraft.exe:*:Enabled:Starcraft -- (Blizzard Entertainment)
"E:\Games\NWN 2\nwn2main.exe" = E:\Games\NWN 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main -- (Obsidian Entertainment, Inc.)
"E:\Games\NWN 2\nwn2main_amdxp.exe" = E:\Games\NWN 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD -- (Obsidian Entertainment, Inc.)
"E:\Games\NWN 2\nwupdate.exe" = E:\Games\NWN 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater -- (Obsidian Entertainment, Inc.)
"E:\Games\NWN 2\nwn2server.exe" = E:\Games\NWN 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server -- (Obsidian Entertainment, Inc.)
"E:\Games\FEAR\fpupdate.exe" = E:\Games\FEAR\fpupdate.exe:*:Enabled:fpupdate -- ()
"E:\Games\FEAR\FEAR.exe" = E:\Games\FEAR\FEAR.exe:*:Enabled:FEAR -- (Monolith Productions, Inc.)
"E:\Games\FEAR\FEARMP.exe" = E:\Games\FEAR\FEARMP.exe:*:Enabled:FEAR -- (Monolith Productions, Inc.)
"E:\Games\Battle for Middle Earth\game.dat" = E:\Games\Battle for Middle Earth\game.dat:*:Enabled:The Battle for Middle-earth (tm) -- ()
"E:\Games\Dungeon Siege 2\DungeonSiege2.exe" = E:\Games\Dungeon Siege 2\DungeonSiege2.exe:*:Enabled:Dungeon Siege 2 Game Executable -- (Gas Powered Games)
"E:\Games\Battlefield 2142\BF2142.exe" = E:\Games\Battlefield 2142\BF2142.exe:*:Enabled:Battlefield 2 -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"E:\Games\Crysis\Bin32\Crysis.exe" = E:\Games\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32 -- (Crytek GmbH)
"E:\Games\Crysis\Bin32\CrysisDedicatedServer.exe" = E:\Games\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32 -- (Crytek GmbH)
"E:\Games\FEAR\FEARXP\FEARXP.exe" = E:\Games\FEAR\FEARXP\FEARXP.exe:*:Enabled:FEARXP -- (Monolith Productions, Inc.)
"C:\Program Files\UltraVNC\vncviewer.exe" = C:\Program Files\UltraVNC\vncviewer.exe:*:Enabled:vncviewer.exe -- (UltraVNC)
"E:\Games\Sins of a Solar Empire\Sins of a Solar Empire.exe" = E:\Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:*:Enabled:Sins of a Solar Empire -- (Ironclad Games)
"E:\Games\Sins of a Solar Empire\Sins of a Solar Empire Entrenchment.exe" = E:\Games\Sins of a Solar Empire\Sins of a Solar Empire Entrenchment.exe:*:Enabled:Sins of a Solar Empire - Entrenchment -- (Ironclad Games)
"G:\Games\Steam\steamapps\common\beyond good and evil\CheckApplication.exe" = G:\Games\Steam\steamapps\common\beyond good and evil\CheckApplication.exe:*:Enabled:Beyond Good and Evil -- (Ubisoft)
"G:\Games\Steam\steamapps\common\dark sector\DS.exe" = G:\Games\Steam\steamapps\common\dark sector\DS.exe:*:Enabled:Dark Sector -- (Digital Extremes)
"G:\Games\Steam\steamapps\common\farcry\Bin32\FarCry.exe" = G:\Games\Steam\steamapps\common\farcry\Bin32\FarCry.exe:*:Enabled:Far Cry -- (Crytek)
"G:\Games\Steam\steamapps\common\farcry\Bin32\FarCryConfigurator.exe" = G:\Games\Steam\steamapps\common\farcry\Bin32\FarCryConfigurator.exe:*:Enabled:Far Cry -- (Crytek)
"G:\Games\Steam\steamapps\common\final doom\plutonia.bat" = G:\Games\Steam\steamapps\common\final doom\plutonia.bat:*:Enabled:Final Doom -- ()
"G:\Games\Steam\steamapps\common\final doom\tnt.bat" = G:\Games\Steam\steamapps\common\final doom\tnt.bat:*:Enabled:Final Doom -- ()
"G:\Games\Steam\steamapps\common\dawn of war soulstorm\soulstorm.exe" = G:\Games\Steam\steamapps\common\dawn of war soulstorm\soulstorm.exe:*:Enabled:Dawn of War: Soulstorm -- (THQ Canada Inc.)
"G:\Games\Steam\steamapps\common\commander keen\testapp3.bat" = G:\Games\Steam\steamapps\common\commander keen\testapp3.bat:*:Enabled:Commander Keen Complete Pack -- ()
"G:\Games\Steam\steamapps\common\commander keen\testapp4.bat" = G:\Games\Steam\steamapps\common\commander keen\testapp4.bat:*:Enabled:Commander Keen Complete Pack -- ()
"G:\Games\Steam\steamapps\common\commander keen\testapp5.bat" = G:\Games\Steam\steamapps\common\commander keen\testapp5.bat:*:Enabled:Commander Keen Complete Pack -- ()
"G:\Games\Steam\steamapps\common\doom 3\Doom3.exe" = G:\Games\Steam\steamapps\common\doom 3\Doom3.exe:*:Enabled:Doom 3 -- (id Software)
"G:\Games\Steam\steamapps\common\hexen 2\glh2.exe" = G:\Games\Steam\steamapps\common\hexen 2\glh2.exe:*:Enabled:Hexen 2 -- ()
"G:\Games\Steam\steamapps\common\fallout 3\FalloutLauncher.exe" = G:\Games\Steam\steamapps\common\fallout 3\FalloutLauncher.exe:*:Enabled:Fallout 3 -- (Bethesda Softworks)
"G:\Games\Steam\steamapps\common\mirrors edge\Binaries\MirrorsEdge.exe" = G:\Games\Steam\steamapps\common\mirrors edge\Binaries\MirrorsEdge.exe:*:Enabled:Mirror's Edge -- (EA Digital Illusions CE AB)
"G:\Games\Steam\steamapps\common\master levels of doom\master.bat" = G:\Games\Steam\steamapps\common\master levels of doom\master.bat:*:Enabled:Master Levels of Doom -- ()
"G:\Games\Steam\steamapps\common\spore\runme.exe" = G:\Games\Steam\steamapps\common\spore\runme.exe:*:Enabled:Spore: Creepy and Cute Parts -- ()
"G:\Games\Steam\steamapps\common\osmos igf demo\OsmosDemo.exe" = G:\Games\Steam\steamapps\common\osmos igf demo\OsmosDemo.exe:*:Enabled:Osmos IGF Demo -- ()
"G:\Games\Steam\steamapps\common\rip\RIP\RIP.exe" = G:\Games\Steam\steamapps\common\rip\RIP\RIP.exe:*:Enabled:RIP -- ()
"G:\Games\Steam\steamapps\common\quake\Winquake.exe" = G:\Games\Steam\steamapps\common\quake\Winquake.exe:*:Enabled:Quake -- ()
"G:\Games\Steam\steamapps\common\quake\qwcl.exe" = G:\Games\Steam\steamapps\common\quake\qwcl.exe:*:Enabled:Quake -- ()
"G:\Games\Steam\steamapps\common\quake\Glquake.exe" = G:\Games\Steam\steamapps\common\quake\Glquake.exe:*:Enabled:Quake -- ()
"G:\Games\Steam\steamapps\common\quake\glqwcl.exe" = G:\Games\Steam\steamapps\common\quake\glqwcl.exe:*:Enabled:Quake -- ()
"G:\Games\Steam\steamapps\common\larva mortus\larvamortus.exe" = G:\Games\Steam\steamapps\common\larva mortus\larvamortus.exe:*:Enabled:Larva Mortus -- ()
"G:\Games\Steam\steamapps\common\fear2spdemo\FEAR2SPDemo.exe" = G:\Games\Steam\steamapps\common\fear2spdemo\FEAR2SPDemo.exe:*:Enabled:F.E.A.R. 2: Project Origin Single-player Demo -- (Monolith Productions, Inc.)
"G:\Games\Steam\steamapps\common\stalker shadow of chernobyl\bin\XR_3DA.exe" = G:\Games\Steam\steamapps\common\stalker shadow of chernobyl\bin\XR_3DA.exe:*:Enabled:STALKER: Shadow of Chernobyl -- ()
"G:\Games\Steam\steamapps\common\unreal tournament 3\Binaries\UT3.exe" = G:\Games\Steam\steamapps\common\unreal tournament 3\Binaries\UT3.exe:*:Enabled:Unreal Tournament 3 -- ()
"G:\Games\Steam\steamapps\common\world of goo demo\WorldOfGoo.exe" = G:\Games\Steam\steamapps\common\world of goo demo\WorldOfGoo.exe:*:Enabled:World of Goo Demo -- ()
"G:\Games\Steam\steamapps\common\quake 2\quake2.exe" = G:\Games\Steam\steamapps\common\quake 2\quake2.exe:*:Enabled:Quake 2 -- ()
"G:\Games\Steam\steamapps\common\thief deadly shadows\System\runme.exe" = G:\Games\Steam\steamapps\common\thief deadly shadows\System\runme.exe:*:Enabled:Thief: Deadly Shadows -- ()
"G:\Games\Steam\steamapps\common\penumbra overture\redist\Penumbra.exe" = G:\Games\Steam\steamapps\common\penumbra overture\redist\Penumbra.exe:*:Enabled:penumbra Overture -- ()
"G:\Games\Steam\steamapps\common\return to castle wolfenstein\WolfSP.exe" = G:\Games\Steam\steamapps\common\return to castle wolfenstein\WolfSP.exe:*:Enabled:Return to Castle Wolfenstein -- ()
"G:\Games\Steam\steamapps\common\return to castle wolfenstein\WolfMP.exe" = G:\Games\Steam\steamapps\common\return to castle wolfenstein\WolfMP.exe:*:Enabled:Return to Castle Wolfenstein -- ()
"G:\Games\Steam\steamapps\common\mass effect\Binaries\MassEffect.exe" = G:\Games\Steam\steamapps\common\mass effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect -- (BioWare)
"G:\Games\Steam\steamapps\common\swkotor\swkotor.exe" = G:\Games\Steam\steamapps\common\swkotor\swkotor.exe:*:Enabled:Star Wars: Knights of The Old Republic -- (BioWare Corp.)
"G:\Games\Steam\steamapps\common\timeshift\bin\TimeShift.Exe" = G:\Games\Steam\steamapps\common\timeshift\bin\TimeShift.Exe:*:Enabled:TimeShift -- (Sierra Entertainment)
"G:\Games\Steam\steamapps\common\batman arkham asylum - demo\Binaries\ShippingPC-BmGame.exe" = G:\Games\Steam\steamapps\common\batman arkham asylum - demo\Binaries\ShippingPC-BmGame.exe:*:Enabled:Batman: Arkham Asylum - Demo -- (Rocksteady Studios Ltd)
"G:\Games\Steam\steamapps\common\shadowgrounds\Shadowgrounds.exe" = G:\Games\Steam\steamapps\common\shadowgrounds\Shadowgrounds.exe:*:Enabled:Shadowgrounds -- (Frozenbyte Oy)
"G:\Games\Steam\steamapps\common\shadowgrounds\ShadowgroundsLauncher.exe" = G:\Games\Steam\steamapps\common\shadowgrounds\ShadowgroundsLauncher.exe:*:Enabled:Shadowgrounds -- ()
"G:\Games\Steam\steamapps\common\aaaaaaaaaaaaaaaaaaaaaaaaa!!! demo\main.exe" = G:\Games\Steam\steamapps\common\aaaaaaaaaaaaaaaaaaaaaaaaa!!! demo\main.exe:*:Enabled:AaaaaAAaaaAAAaaAAAAaAAAAA!!! - A Reckless Disregard for Gravity Demo -- ()
"G:\Games\Steam\steamapps\common\machinarium demo\machinarium.exe" = G:\Games\Steam\steamapps\common\machinarium demo\machinarium.exe:*:Enabled:Machinarium Demo -- (Adobe Systems, Inc.)
"G:\Games\Steam\steamapps\common\doom 2\doom2.bat" = G:\Games\Steam\steamapps\common\doom 2\doom2.bat:*:Enabled:Doom II: Hell on Earth -- ()
"G:\Games\Steam\steamapps\common\quake 3 arena\quake3.exe" = G:\Games\Steam\steamapps\common\quake 3 arena\quake3.exe:*:Enabled:Quake III Arena -- ()
"G:\Games\Steam\steamapps\common\deus ex\System\DeusEx.exe" = G:\Games\Steam\steamapps\common\deus ex\System\DeusEx.exe:*:Enabled:Deus Ex: Game of the Year Edition -- ()
"G:\Games\Steam\steamapps\common\lumines\lumines.exe" = G:\Games\Steam\steamapps\common\lumines\lumines.exe:*:Enabled:Lumines Advanced Pack -- ()
"G:\Games\Steam\steamapps\common\prototype\prototypef.exe" = G:\Games\Steam\steamapps\common\prototype\prototypef.exe:*:Enabled:prototype -- (Activision)
"G:\Games\Steam\steamapps\common\stalker clear sky\bin\xrEngine.exe" = G:\Games\Steam\steamapps\common\stalker clear sky\bin\xrEngine.exe:*:Enabled:STALKER: Clear Sky -- ()
"G:\Games\Steam\steamapps\common\osmos\osmos.exe" = G:\Games\Steam\steamapps\common\osmos\osmos.exe:*:Enabled:Osmos -- (Hemisphere Games, Inc.)
"G:\Games\Steam\steamapps\common\the witcher enhanced edition\System\witcher.exe" = G:\Games\Steam\steamapps\common\the witcher enhanced edition\System\witcher.exe:*:Enabled:The Witcher: Enhanced Edition -- (CD Projekt Red)
"G:\Games\Steam\steamapps\common\the witcher enhanced edition\System\djinni!.exe" = G:\Games\Steam\steamapps\common\the witcher enhanced edition\System\djinni!.exe:*:Enabled:The Witcher: Enhanced Edition -- (CD Projekt Red)
"G:\Games\Steam\steamapps\common\king's bounty - the legend\kb.exe" = G:\Games\Steam\steamapps\common\king's bounty - the legend\kb.exe:*:Enabled:King's Bounty - The Legend -- ()
 
"G:\Games\Steam\steamapps\common\king's bounty - the legend\save_fixer.exe" = G:\Games\Steam\steamapps\common\king's bounty - the legend\save_fixer.exe:*:Enabled:King's Bounty - The Legend -- ()
"G:\Games\Steam\steamapps\common\psychonauts\PsychoLauncher.exe" = G:\Games\Steam\steamapps\common\psychonauts\PsychoLauncher.exe:*:Enabled:psychonauts -- (Double Fine Productions, Inc.)
"G:\Games\Steam\steamapps\common\torchlight\Torchlight.exe" = G:\Games\Steam\steamapps\common\torchlight\Torchlight.exe:*:Enabled:Torchlight -- (Runic Games, Inc.)
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus -- File not found
"E:\Games\Unreal Anthology\UT2004\System\UT2004.exe" = E:\Games\Unreal Anthology\UT2004\System\UT2004.exe:*:Enabled:UT2004 -- ()
"G:\Games\Steam\steamapps\common\eufloria - demo\Eufloria.exe" = G:\Games\Steam\steamapps\common\eufloria - demo\Eufloria.exe:*:Enabled:Eufloria - Demo -- (Alex May and Rudolf Kremers)
"G:\Games\Steam\steamapps\common\fallout 3\Fallout3.exe" = G:\Games\Steam\steamapps\common\fallout 3\Fallout3.exe:*:Enabled:Fallout3 -- (Bethesda Softworks)
"G:\Games\StarCraft 2 beta\StarCraft II Beta\StarCraft II.exe" = G:\Games\StarCraft 2 beta\StarCraft II Beta\StarCraft II.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"G:\Games\StarCraft 2 beta\StarCraft II Beta\Versions\Base14803\SC2.exe" = G:\Games\StarCraft 2 beta\StarCraft II Beta\Versions\Base14803\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment)
"C:\Program Files\VMware\VMware Player\vmware-authd.exe" = C:\Program Files\VMware\VMware Player\vmware-authd.exe:*:Enabled:VMware Authd -- (VMware, Inc.)
"G:\Games\Steam\steamapps\common\the void\bin\win32\Game.exe" = G:\Games\Steam\steamapps\common\the void\bin\win32\Game.exe:*:Enabled:The Void -- ()
"G:\Games\Steam\steamapps\common\the void\bin\win32\Config.exe" = G:\Games\Steam\steamapps\common\the void\bin\win32\Config.exe:*:Enabled:The Void -- (Ice-Pick Lodge)
"G:\Games\MW4\MW4MERCS.ICD" = G:\Games\MW4\MW4MERCS.ICD:*:Enabled:MechWarrior IV -- (Microsoft Corp.)
"G:\Games\MW4\MTX\mtx.exe" = G:\Games\MW4\MTX\mtx.exe:*:Enabled:MTX -- (Studio MekTek Inc.)
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"G:\Games\StarCraft 2 beta\StarCraft II Beta\Versions\Base15133\SC2.exe" = G:\Games\StarCraft 2 beta\StarCraft II Beta\Versions\Base15133\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment)
"G:\Games\StarCraft 2 beta\StarCraft II Beta\Versions\Base15250\SC2.exe" = G:\Games\StarCraft 2 beta\StarCraft II Beta\Versions\Base15250\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment)
"G:\Games\MW4\MTX\Download\Mechwarrior Mercenaries - Mektek Mekpak\MW4Mercs.exe" = G:\Games\MW4\MTX\Download\Mechwarrior Mercenaries - Mektek Mekpak\MW4Mercs.exe:*:Enabled:MechWarrior IV -- (Microsoft Corp.)
"G:\Games\Steam\steamapps\common\defensegridtheawakening\DefenseGrid.exe" = G:\Games\Steam\steamapps\common\defensegridtheawakening\DefenseGrid.exe:*:Enabled:Defense Grid: The Awakening -- ()
"G:\Games\Steam\steamapps\common\alien breed impact\Binaries\AlienBreed-Impact.exe" = G:\Games\Steam\steamapps\common\alien breed impact\Binaries\AlienBreed-Impact.exe:*:Enabled:Alien Breed: Impact -- ()
"G:\Games\Steam\steamapps\common\mass effect 2\Binaries\MassEffect2.exe" = G:\Games\Steam\steamapps\common\mass effect 2\Binaries\MassEffect2.exe:*:Enabled:Mass Effect 2 -- (BioWare)
"G:\Games\Steam\steamapps\common\mass effect 2\MassEffect2Launcher.exe" = G:\Games\Steam\steamapps\common\mass effect 2\MassEffect2Launcher.exe:*:Enabled:Mass Effect 2 -- (BioWare)
"G:\Games\Steam\steamapps\common\mass effect 2\docs\EA Help\Electronic_Arts_Technical_Support.htm" = G:\Games\Steam\steamapps\common\mass effect 2\docs\EA Help\Electronic_Arts_Technical_Support.htm:*:Enabled:Mass Effect 2 -- ()
"G:\Games\Steam\steamapps\common\titan quest\Titan Quest.exe" = G:\Games\Steam\steamapps\common\titan quest\Titan Quest.exe:*:Enabled:Titan Quest -- ()
"G:\Games\Steam\steamapps\common\titan quest\help.htm" = G:\Games\Steam\steamapps\common\titan quest\help.htm:*:Enabled:Titan Quest -- ()
"G:\Games\Steam\steamapps\common\overlord\Overlord.exe" = G:\Games\Steam\steamapps\common\overlord\Overlord.exe:*:Enabled:Overlord -- (Triumph Studios)
"G:\Games\Steam\steamapps\common\overlord\Config.exe" = G:\Games\Steam\steamapps\common\overlord\Config.exe:*:Enabled:Overlord -- ()
"G:\Games\Steam\steamapps\common\red faction\RedFaction.exe" = G:\Games\Steam\steamapps\common\red faction\RedFaction.exe:*:Enabled:Red Faction -- (Volition, Inc.)
"G:\Games\Steam\steamapps\common\full spectrum warrior\Launcher.exe" = G:\Games\Steam\steamapps\common\full spectrum warrior\Launcher.exe:*:Enabled:Full Spectrum Warrior -- ()
"G:\Games\Steam\steamapps\common\full spectrum warrior\help.htm" = G:\Games\Steam\steamapps\common\full spectrum warrior\help.htm:*:Enabled:Full Spectrum Warrior -- ()
"G:\Games\Steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe" = G:\Games\Steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins Updater -- (BioWare)
"G:\Games\Steam\steamapps\common\red faction\RF.exe" = G:\Games\Steam\steamapps\common\red faction\RF.exe:*:Enabled:Red Faction -- ()
"G:\Games\Steam\steamapps\common\galcon fusion\GalconFusion.exe" = G:\Games\Steam\steamapps\common\galcon fusion\GalconFusion.exe:*:Enabled:Galcon Fusion Demo -- ()
"G:\Games\Steam\steamapps\common\dragon age origins\bin_ship\DAOrigins.exe" = G:\Games\Steam\steamapps\common\dragon age origins\bin_ship\DAOrigins.exe:*:Enabled:Dragon Age: Origins -- (BioWare)
"G:\Games\Steam\steamapps\common\dragon age origins\DAOriginsLauncher.exe" = G:\Games\Steam\steamapps\common\dragon age origins\DAOriginsLauncher.exe:*:Enabled:Dragon Age: Origins -- (BioWare)
"G:\Games\Steam\steamapps\common\dragon age origins\docs\EA Help\Electronic_Arts_Technical_Support.htm" = G:\Games\Steam\steamapps\common\dragon age origins\docs\EA Help\Electronic_Arts_Technical_Support.htm:*:Enabled:Dragon Age: Origins -- ()
"G:\Games\Steam\steamapps\common\alien swarm\srcds.exe" = G:\Games\Steam\steamapps\common\alien swarm\srcds.exe:*:Enabled:Alien Swarm Dedicated Server -- ()
"G:\Games\Steam\steamapps\common\trine\trine_launcher.exe" = G:\Games\Steam\steamapps\common\trine\trine_launcher.exe:*:Enabled:Trine -- ()
"G:\Games\Steam\steamapps\common\disciples iii renaissance - demo\DisciplesIII.exe" = G:\Games\Steam\steamapps\common\disciples iii renaissance - demo\DisciplesIII.exe:*:Enabled:Disciples III: Renaissance - Demo -- ()
"G:\Games\StarCraft II\StarCraft II.exe" = G:\Games\StarCraft II\StarCraft II.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"G:\Games\StarCraft II\Versions\Base15405\SC2.exe" = G:\Games\StarCraft II\Versions\Base15405\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.)
"G:\Games\Steam\steamapps\common\alien swarm\swarm.exe" = G:\Games\Steam\steamapps\common\alien swarm\swarm.exe:*:Enabled:Alien Swarm -- ()
"G:\Games\Steam\steamapps\common\alien swarm\bin\SDKLauncher.exe" = G:\Games\Steam\steamapps\common\alien swarm\bin\SDKLauncher.exe:*:Enabled:Alien Swarm - SDK -- ()
"G:\Games\Steam\steamapps\common\gratuitous space battles\GSB.exe" = G:\Games\Steam\steamapps\common\gratuitous space battles\GSB.exe:*:Enabled:Gratuitous Space Battles -- ()
"G:\Games\Steam\steamapps\common\dawn of war 2\DOW2.exe" = G:\Games\Steam\steamapps\common\dawn of war 2\DOW2.exe:*:Enabled:Warhammer® 40,000™: Dawn of War® II – Chaos Rising™ -- (THQ Canada Inc.)
"G:\Games\Steam\steamapps\common\metro 2033\metro2033.exe" = G:\Games\Steam\steamapps\common\metro 2033\metro2033.exe:*:Enabled:Metro 2033 -- (4A Games)
"G:\Games\Steam\steamapps\common\morrowind\Morrowind Launcher.exe" = G:\Games\Steam\steamapps\common\morrowind\Morrowind Launcher.exe:*:Enabled:The Elder Scrolls III: Morrowind -- (Bethesda Softworks)
"G:\Games\Steam\steamapps\common\amnesia the dark descent demo\Launcher.exe" = G:\Games\Steam\steamapps\common\amnesia the dark descent demo\Launcher.exe:*:Enabled:Amnesia: The Dark Descent Demo -- ()
"G:\Games\Steam\steamapps\common\borderlands\Binaries\Borderlands.exe" = G:\Games\Steam\steamapps\common\borderlands\Binaries\Borderlands.exe:*:Enabled:Borderlands -- (Take-Two Interactive Software, Inc.)
"G:\Games\Steam\steamapps\common\left 4 dead\left4dead.exe" = G:\Games\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead -- ()
"G:\Games\Steam\steamapps\common\left 4 dead 2\left4dead2.exe" = G:\Games\Steam\steamapps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2 -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{DCDAB2ED-5741-4C30-A1A4-0FCB8A529001}" = WordPerfect Office X4
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{14AA72DA-DB40-4A34-93A6-401A81D7AF9E}" = Unreal Anthology
"{152B782A-05F3-48EC-9AAC-4D3EB68D9E20}" = Quake 4(TM)
"{16551E12-7EBB-4F63-9B6D-4AED6C2A6FB0}" = Avvenu
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi
"{1DF03ECE-6AF4-414E-B118-C316F151A9A2}" = Corel WordPerfect Office - iFilter
"{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{25A1E6A4-2DBD-4AC0-8650-8EA9A45B1848}" = Supreme Commander Demo
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 21
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2B653229-9854-4989-B780-D978F5F13EAB}" = FEAR
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{2F29D6D2-824E-4FEF-8AED-7013F39F642A}" = OpenOffice.org 2.3
"{32A3A4F4-B792-11D6-A78A-00B0D0160210}" = Java(TM) SE Development Kit 6 Update 21
"{32CF189D-52BB-4C1C-8F93-97E8F3CDDC95}" = Razer Habu Config
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{405ABBEB-8DF1-4174-86C0-DCB5E1C78F14}" = NetDeviceManager
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{44B2E182-DD85-45FC-9F51-326B81D7C7F1}" = Fax
"{47BE1E5F-8978-484B-BE86-B616C00EA75A}" = Deus Ex - Invisible War
"{4873CC58-69D8-490D-9E5C-001DC2EE2000}" = WordPerfect Lightning
"{4873CC58-69D8-490D-9E5C-001DC2EE2010}" = WordPerfect Lightning - Messages
"{4873CC58-69D8-490D-9E5C-001DC2EE2020}" = WordPerfect Lightning - IPM
"{4873CC58-69D8-490D-9E5C-001DC2EE2100}" = WordPerfect Lightning - EN
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™
"{54194F60-988C-4D03-B922-C2B00EFDA39A}" = NVIDIA PhysX
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{588C135F-0B15-4A02-8F2D-04697BE2904E}" = Icewind Dale II
"{5A080213-5AEC-4BF2-BB32-796EB0E421EC}" = Logitech G-series Keyboard Software
"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade
"{6530FDAA-5B1F-4830-95BB-650E9804D239}" = UE3Redist
"{6583D00E-0924-4950-8BE9-5D09FE70B333}" = MTX
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{83F12F73-D52E-40C0-93B1-463C311C4E17}" = Dawn Of War
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B3F4499-32E6-470D-8586-E6C03420F889}" = ASUS WiFi-AP Solo
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{909BBDB7-BABE-434C-9124-863A9F8D1CF8}" = FEAR Extraction Point
"{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{962E05CF-3394-496D-0091-850CF1762F6B}" = The Battle for Middle-earth (tm)
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4418082-E601-3954-805B-D56A2B50EC8B}" = Microsoft Visual C# 2008 Express Edition with SP1 - ENU
"{A53A11EA-0095-493F-86FA-A15E8A86A405}" = VMware Player
"{A53A1A49-C3EA-406c-B87C-8E02B622D605}" = C7200_doccd
"{A785BBA7-3FB9-4D81-BC35-4A2028915ACB}" = Prey
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB5E5711-5016-418A-942C-2D218F920E9F}" = Painkiller Black
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{AF898E59-68BD-4598-99C9-73398FBFAB6A}" = COWON mTrans
"{B34E4B72-37C6-4f79-A5B3-008EEFC6EA8B}" = PS_AIO_02_Software_min
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B46AC30C-22D2-4610-B041-1DA7BB29EB57}" = HP Photosmart All-In-One Software 9.0
"{B7E5D642-E74E-40a4-B5C7-6AB6EE916814}" = PS_AIO_02_ProductContext
"{B91B4988-2671-4C7A-9B84-5FE9E38EDDE0}" = ESET NOD32 Antivirus
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BC10649A-983B-494e-AD1F-DE0BF717D701}" = PS_AIO_02_Software
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BD76AF27-5CD9-4848-87FC-12285A90AE6A}" = c7200_Help
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1583439-B034-4881-819C-D52A0587662B}" = Neverwinter Nights Platinum Edition
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC31A34E-1874-4A9C-BA89-2F5A1DEE6990}" = ArmageddonEmpires
"{CCD04643-5246-48AC-9D8C-F43A37BB8F36}" = WD Drive Manager (x86)
"{CCEB53A5-A252-4CF3-8602-429AB06BF0AE}" = Terragen
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CECEB0FF-5C45-4b50-9A00-C596E36D88F4}" = C7200
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}" = Black & White® 2
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529000}" = WordPerfect Office X4
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529001}" = WordPerfect Office X4 - ICA
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529010}" = WordPerfect Office X4 - Common
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529011}" = WordPerfect Office X4 - WP
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529012}" = WordPerfect Office X4 - QP
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529013}" = WordPerfect Office X4 - PR
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529014}" = WordPerfect Office X4 - Content
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529016}" = WordPerfect Office X4 - Skins
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529017}" = WordPerfect Office X4 - Filters
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529018}" = WordPerfect Office X4 - Graphics
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529023}" = WordPerfect Office X4 - System
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529030}" = WordPerfect Office X4 - Migration Manager
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529040}" = WordPerfect Office X4 - IPM
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529041}" = WordPerfect Office X4 - IPM EN
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529050}" = WordPerfect Office X4 - PerfectExperts
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529100}" = WordPerfect Office X4 - EN
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = COWON Media Center - jetAudio Basic VX
"{DFC6573E-124D-4026-BFA4-B433C9D3FF21}" = ISO Recorder
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E280923D-C5D9-4728-8C79-AC9A0DC75875}" = BioShock
"{E40CE517-0D42-4198-96B4-C8232B257EB5}" = Data Lifeguard Diagnostic for Windows
 
extras part 3

"{E4406ED3-B04C-44F1-ABB4-08775B74934F}" = Call Of Cthulhu DCoTE
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{E9F81423-211E-46B6-9AE0-38568BC5CF6F}" = Alcohol 120% (Trial Version)
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{ECCA8FE7-767A-4C8A-9DAA-BAB60F877C41}" = Sins of a Solar Empire
"{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}" = Battlefield 2142
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F112F66E-25CA-42DD-983C-6118EB38F606}" = Microsoft Games for Windows - LIVE
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F20C1251-1D0A-4944-B2AE-678581B33B19}" = Neverwinter Nights 2
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F6EE49FD-B736-4888-A05A-115F3B1160FA}" = WordPerfect Lightning - MSOM
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{FF39FC01-819B-42E4-AE49-1968AF12DDD4}" = Dawn of War - Dark Crusade
"{FF70923C-8A51-47F4-A7E9-893C6D54EB68}" = TES Construction Set
"0D91165CEEB2095316E8A04A59CDF0AE4B957C61" = Windows Driver Package - MOTOROLA (uisp) USB (09/08/2006 1.2.0.0)
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"7-Zip" = 7-Zip 4.65
"9E140F48C9836B9B78539C08FB2B17146BDB3F65" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (04/28/2006 1.3.1.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Aspell English Dictionary_is1" = Aspell English Dictionary-0.50-2
"AudioCS" = Creative Audio Control Panel
"C248DC5465E4500BAAAE52DF5A4C1714C1714ABE" = Windows Driver Package - Razer (HidUsb) HIDClass (01/10/2007 1.00)
"Crayon Physics Deluxe Demo_is1" = Crayon Physics Deluxe Demo - release 52
"CrossLoop_is1" = CrossLoop 2.43
"DDA23392-9C73-4909-A221-BC12C6D2664D" = GmoteServer
"Digital Editions" = Adobe Digital Editions
"DivX Codec" = DivX Codec
"DungeonSiege2" = Dungeon Siege 2
"DVD Decrypter" = DVD Decrypter (Remove Only)
"FileZilla Client" = FileZilla Client 3.3.2
"FileZilla Server" = FileZilla Server (remove only)
"Flash Movie Player" = Flash Movie Player 1.5
"Freeciv-2.1.9-gtk2" = Freeciv 2.1.9 (GTK+ client)
"GNU Aspell_is1" = GNU Aspell 0.50-3
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (remove only)
"Halo" = Microsoft Halo
"Handbrake" = HandBrake 0.9.3
"HijackThis" = HijackThis 2.0.2
"Homeworld2" = Homeworld2
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"HPOCR" = HP OCR Software 9.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Impulse" = Impulse
"InfraRecorder" = InfraRecorder
"InstallShield_{152B782A-05F3-48EC-9AAC-4D3EB68D9E20}" = Quake 4(TM)
"InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mech Warrior Mercenaries Co-Op" = Mech Warrior Mercenaries Co-Op
"MechWarrior Mercenaries" = MechWarrior 4 Mercenaries
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual C# 2008 Express Edition with SP1 - ENU" = Microsoft Visual C# 2008 Express Edition with SP1 - ENU
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mozilla Thunderbird (2.0.0.0)" = Mozilla Thunderbird (2.0.0.0)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"oggcodecs" = oggcodecs 0.71.0946
"On the Rain-Slick Precipice of Darkness, Episode One" = On the Rain-Slick Precipice of Darkness, Episode One
"On the Rain-Slick Precipice of Darkness, Episode Two" = On the Rain-Slick Precipice of Darkness, Episode Two
"OpenAL" = OpenAL
"Pidgin" = Pidgin
"RealPlayer 6.0" = RealPlayer
"Sins of a Solar Empire" = Sins of a Solar Empire
"Sins of a Solar Empire - Entrenchment" = Sins of a Solar Empire - Entrenchment
"Starcraft" = Starcraft
"StarCraft II" = StarCraft II
"StarCraft II Beta" = StarCraft II Beta
"Steam App 10150" = Prototype
"Steam App 11450" = Overlord
"Steam App 11900" = Lumines
"Steam App 15530" = AaaaaAAaaaAAAaaAAAAaAAAAA!!! - A Reckless Disregard for Gravity Demo
"Steam App 17450" = Dragon Age: Origins
"Steam App 18500" = Defense Grid: The Awakening
"Steam App 20510" = STALKER: Clear Sky
"Steam App 20530" = Red Faction
"Steam App 20570" = Warhammer® 40,000™: Dawn of War® II – Chaos Rising™
"Steam App 2200" = Quake III Arena
"Steam App 22320" = The Elder Scrolls III: Morrowind
"Steam App 22620" = Alien Breed: Impact Demo
"Steam App 2300" = Doom II: Hell on Earth
"Steam App 23380" = Gyromancer
"Steam App 24980" = Mass Effect 2
"Steam App 2500" = Shadowgrounds
"Steam App 25900" = King's Bounty - The Legend
"Steam App 29180" = Osmos
"Steam App 32370" = Star Wars: Knights of The Old Republic
"Steam App 35020" = Batman: Arkham Asylum - Demo
"Steam App 37000" = The Void
"Steam App 37810" = QuantZ Demo
"Steam App 3830" = Psychonauts
"Steam App 40710" = Machinarium Demo
"Steam App 41220" = Eufloria - Demo
"Steam App 41500" = Torchlight
"Steam App 41800" = Gratuitous Space Battles
"Steam App 43110" = Metro 2033
"Steam App 44205" = Galcon Fusion - Demo
"Steam App 4520" = Full Spectrum Warrior
"Steam App 4540" = Titan Quest
"Steam App 500" = Left 4 Dead
"Steam App 550" = Left 4 Dead 2
"Steam App 57310" = Amnesia: The Dark Descent Demo
"Steam App 57610" = Disciples III: Renaissance - Demo
"Steam App 590" = Left 4 Dead 2 Demo
"Steam App 630" = Alien Swarm
"Steam App 640" = Alien Swarm - SDK
"Steam App 6910" = Deus Ex: Game of the Year Edition
"Steam App 8980" = Borderlands
"SUPER ©" = SUPER © Version 2007.bld.22 (Mar 14, 2007)
"SysInfo" = Creative System Information
"SystemRequirementsLab" = System Requirements Lab
"Tremulous" = Tremulous 1.1.0
"Ultravnc2_is1" = UltraVNC 1.0.5
"VLC media player" = VLC media player 1.0.3
"VMware_Player" = VMware Player
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = The GIMP 2.2.13
"WinPcapInst" = WinPcap 4.1.1
"Wireshark" = Wireshark 1.2.7
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WordWeb" = WordWeb
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"InstallShield_{6530FDAA-5B1F-4830-95BB-650E9804D239}" = UE3Redist
"Macromedia Breeze Meeting 5 Add-in" = Macromedia Breeze Meeting 5 Add-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/2/2010 4:35:40 AM | Computer Name = CERBERUS | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 10/2/2010 4:35:40 AM | Computer Name = CERBERUS | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 10/2/2010 6:53:58 PM | Computer Name = CERBERUS | Source = Application Error | ID = 1000
Description = Faulting application WJFXGVWEU.exe, version 1.71.0.0, faulting module
WJFXGVWEU.exe, version 1.71.0.0, fault address 0x0002964c.

Error - 10/2/2010 7:14:40 PM | Computer Name = CERBERUS | Source = MBAMService | ID = 131073
Description =

Error - 10/4/2010 8:44:54 PM | Computer Name = CERBERUS | Source = Application Error | ID = 1000
Description = Faulting application pev.exe, version 0.0.0.0, faulting module pev.exe,
version 0.0.0.0, fault address 0x0008d560.

Error - 10/8/2010 12:12:57 AM | Computer Name = CERBERUS | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 10/8/2010 12:18:01 AM | Computer Name = CERBERUS | Source = Application Error | ID = 1004
Description = Faulting application svchost.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 10/8/2010 12:43:39 AM | Computer Name = CERBERUS | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x001a61ae.

Error - 10/8/2010 12:53:59 AM | Computer Name = CERBERUS | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x001a61ae.

Error - 10/8/2010 8:35:49 PM | Computer Name = CERBERUS | Source = Application Error | ID = 1000
Description = Faulting application javara.exe, version 1.16.1.1763, faulting module
ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.

[ System Events ]
Error - 10/8/2010 8:12:01 PM | Computer Name = CERBERUS | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\D.

Error - 10/8/2010 8:12:01 PM | Computer Name = CERBERUS | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\D.

Error - 10/8/2010 8:12:01 PM | Computer Name = CERBERUS | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\D.

Error - 10/8/2010 8:12:01 PM | Computer Name = CERBERUS | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 10/8/2010 8:12:01 PM | Computer Name = CERBERUS | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 10/8/2010 8:12:30 PM | Computer Name = CERBERUS | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the VMware USB Arbitration
Service service to connect.

Error - 10/8/2010 8:12:30 PM | Computer Name = CERBERUS | Source = Service Control Manager | ID = 7000
Description = The VMware USB Arbitration Service service failed to start due to
the following error: %%1053

Error - 10/8/2010 8:23:36 PM | Computer Name = CERBERUS | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 10/8/2010 8:43:06 PM | Computer Name = CERBERUS | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 10/8/2010 9:02:36 PM | Computer Name = CERBERUS | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.


< End of report >
 

Attachments

  • ComboFix.txt
    22.3 KB · Views: 1
Ok. The combofix log is not much good as I see it has been run at least 6 times, meaning the first log would have been overwritten.
Never mind :).

====

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
SRV - File not found [Disabled | Stopped] -- C:\DOCUME~1\Brad\LOCALS~1\Temp\WJFXGVWEU.exe -- (WJFXGVWEU)
SRV - File not found [On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\UCZGBTEWN.exe -- (UCZGBTEWN)
SRV - File not found [On_Demand | Stopped] -- C:\DOCUME~1\Brad\LOCALS~1\Temp\RPGNCM.exe -- (RPGNCM)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:3073
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
:Commands
[emptyflash]
[emptytemp]
[resethosts]
[Reboot]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • Post log from this run.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

====

Let me know how things are now please.
 
Log from first run:
-------------------------------


All processes killed
========== OTL ==========
Service WJFXGVWEU stopped successfully!
Service WJFXGVWEU deleted successfully!
File C:\DOCUME~1\Brad\LOCALS~1\Temp\WJFXGVWEU.exe not found.
Service UCZGBTEWN stopped successfully!
Service UCZGBTEWN deleted successfully!
File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\UCZGBTEWN.exe not found.
Service RPGNCM stopped successfully!
Service RPGNCM deleted successfully!
File C:\DOCUME~1\Brad\LOCALS~1\Temp\RPGNCM.exe not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled\ deleted successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: adm

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Brad
->Flash cache emptied: 615 bytes

User: Dad
->Flash cache emptied: 0 bytes

User: Default User

User: Kids
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: User

User: User.CERBERUS

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: adm

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Brad
->Temp folder emptied: 918128 bytes
->Temporary Internet Files folder emptied: 82054 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 61959236 bytes
->Google Chrome cache emptied: 24397505 bytes
->Flash cache emptied: 0 bytes

User: Dad
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes

User: Kids
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: User.CERBERUS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 83.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.14.1 log created on 10092010_001841

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
 
Log after the reboot:
----------------------------------

OTL logfile created on: 10/9/2010 12:29:58 AM - Run 2
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Brad\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 81.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 58.59 Gb Total Space | 7.26 Gb Free Space | 12.39% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 360.08 Gb Total Space | 88.59 Gb Free Space | 24.60% Space Free | Partition Type: NTFS
Drive F: | 48.83 Gb Total Space | 24.54 Gb Free Space | 50.25% Space Free | Partition Type: NTFS
Drive G: | 500.00 Gb Total Space | 51.46 Gb Free Space | 10.29% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CERBERUS
Current User Name: Brad
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/10/08 18:32:55 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brad\Desktop\OTL.exe
PRC - [2010/08/23 17:20:19 | 001,242,448 | ---- | M] (Valve Corporation) -- G:\Games\Steam\steam.exe
PRC - [2010/03/29 17:12:18 | 000,810,120 | ---- | M] (ESET) -- G:\Tools\nod32\ekrn.exe
PRC - [2010/03/29 17:11:50 | 002,145,000 | ---- | M] (ESET) -- G:\Tools\nod32\egui.exe
PRC - [2010/01/22 21:57:08 | 000,395,824 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnat.exe
PRC - [2010/01/22 21:56:46 | 000,064,048 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Player\hqtray.exe
PRC - [2010/01/22 21:56:44 | 000,334,384 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnetdhcp.exe
PRC - [2010/01/22 21:56:28 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Player\vmware-authd.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- G:\Tools\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/10/31 21:04:40 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2008/10/08 00:41:36 | 000,023,552 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\Ctxfihlp.exe
PRC - [2008/10/08 00:37:38 | 001,212,928 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTxfispi.exe
PRC - [2008/08/30 16:04:08 | 001,519,168 | ---- | M] (UltraVNC) -- C:\Program Files\UltraVNC\winvnc.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/05/11 12:58:54 | 000,176,128 | ---- | M] () -- C:\Program Files\Razer\Habu\razerhid.exe
PRC - [2006/12/18 21:34:00 | 000,868,352 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2006/08/07 18:00:28 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files\Razer\Habu\razerofa.exe
PRC - [2006/08/07 18:00:24 | 000,143,360 | ---- | M] () -- C:\Program Files\Razer\Habu\razertra.exe
PRC - [2006/06/16 01:28:36 | 000,987,136 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
PRC - [2006/03/30 15:58:14 | 000,143,360 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
PRC - [2006/03/06 09:31:52 | 001,122,304 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\G-series Software\LGDCore.exe
PRC - [2006/03/06 09:16:12 | 000,198,656 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
PRC - [2006/03/06 09:15:42 | 000,289,792 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
PRC - [2006/03/06 09:14:58 | 000,497,152 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\G-series Software\LCDMon.exe
PRC - [2005/08/07 16:10:20 | 000,016,384 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\CTHELPER.EXE


========== Modules (SafeList) ==========

MOD - [2010/10/08 18:32:55 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brad\Desktop\OTL.exe
MOD - [2008/04/13 18:12:00 | 001,384,479 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvbvm60.dll
MOD - [2008/04/13 18:11:52 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dinput.dll
MOD - [2008/04/13 18:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2005/08/07 16:10:18 | 000,007,168 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTAGENT.DLL


========== Win32 Services (SafeList) ==========

SRV - [2010/07/02 22:00:54 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- g:\Games\Steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2010/03/29 17:16:36 | 000,033,560 | ---- | M] (ESET) [On_Demand | Stopped] -- G:\Tools\nod32\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010/03/29 17:12:18 | 000,810,120 | ---- | M] (ESET) [Auto | Running] -- G:\Tools\nod32\ekrn.exe -- (ekrn)
SRV - [2010/01/22 21:57:08 | 000,395,824 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vmnat.exe -- (VMware NAT Service)
SRV - [2010/01/22 21:56:44 | 000,334,384 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2010/01/22 21:56:28 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2010/01/22 21:00:48 | 000,563,760 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2009/10/20 12:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009/10/12 14:32:24 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60)
SRV - [2009/06/21 07:05:46 | 000,691,200 | ---- | M] (FileZilla Project) [On_Demand | Stopped] -- C:\Program Files\FileZilla Server\FileZilla Server.exe -- (FileZilla Server)
SRV - [2009/01/21 05:46:11 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2008/10/31 21:04:40 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008/08/30 16:04:08 | 001,519,168 | ---- | M] (UltraVNC) [Auto | Running] -- C:\Program Files\UltraVNC\WinVNC.exe -- (uvnc_service)
SRV - [2008/07/24 15:22:50 | 000,102,400 | ---- | M] (WDC) [Disabled | Stopped] -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe)
SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2006/03/30 15:58:14 | 000,143,360 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2006/03/30 15:54:48 | 000,131,131 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp)
SRV - [2006/03/30 15:54:18 | 000,065,599 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog)
SRV - [2006/02/07 01:13:32 | 000,020,543 | ---- | M] (Apache Software Foundation) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe -- (ForcewareWebInterface)
SRV - [2006/01/05 00:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)


========== Driver Services (SafeList) ==========

DRV - [2010/04/03 16:55:31 | 010,232,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2010/03/29 17:13:44 | 000,095,872 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2010/03/29 17:12:00 | 000,114,984 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010/03/29 17:07:30 | 000,140,216 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2010/01/22 21:58:02 | 000,032,688 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2010/01/22 21:57:58 | 000,026,288 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2010/01/22 21:57:56 | 000,023,216 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2010/01/22 21:57:54 | 000,854,192 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmx86.sys -- (vmx86)
DRV - [2010/01/22 21:57:54 | 000,070,704 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmci.sys -- (vmci)
DRV - [2010/01/22 21:56:46 | 000,014,896 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmparport.sys -- (VMparport)
DRV - [2010/01/22 21:00:42 | 000,032,304 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hcmon.sys -- (hcmon)
DRV - [2010/01/22 17:13:00 | 000,031,280 | R--- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vmusb.sys -- (vmusb)
DRV - [2010/01/22 17:13:00 | 000,016,560 | R--- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2009/10/20 12:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2009/10/12 14:31:52 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009/04/08 14:29:52 | 000,056,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\xusb21.sys -- (xusb21)
DRV - [2008/10/08 02:22:04 | 001,177,624 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2008/10/08 02:22:02 | 000,095,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2008/10/08 02:22:00 | 000,158,744 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2008/10/08 02:21:58 | 000,014,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2008/10/08 02:21:56 | 000,130,072 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2008/10/08 02:21:54 | 000,347,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2008/10/08 02:21:50 | 000,526,232 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2008/10/08 02:21:46 | 000,511,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2008/10/08 02:21:44 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)
DRV - [2008/10/08 02:21:44 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV - [2008/10/08 02:21:40 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)
DRV - [2008/10/08 02:21:40 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV - [2008/10/08 02:21:38 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CT20XUT.SYS -- (CT20XUT.SYS)
DRV - [2008/10/08 02:21:38 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CT20XUT.sys -- (CT20XUT)
DRV - [2008/04/13 10:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/06/29 15:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007/02/17 16:17:47 | 000,646,392 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2007/01/16 09:09:00 | 000,293,888 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2006/10/23 13:09:48 | 000,027,776 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\habu.sys -- (HabuFltr)
DRV - [2006/07/01 23:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/06/16 01:30:16 | 000,176,128 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8187.sys -- (RTLWUSB)
DRV - [2006/05/01 11:27:06 | 000,082,944 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvraid.sys -- (nvraid) NVIDIA nForce(tm)
DRV - [2006/05/01 11:27:00 | 000,100,736 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2006/03/31 05:39:54 | 000,013,532 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SjyPkt.sys -- (SjyPkt)
DRV - [2006/03/22 00:24:02 | 000,018,944 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/22 00:24:00 | 000,052,736 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/03/22 00:23:50 | 000,109,568 | R--- | M] (NVIDIA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\nvtcp.sys -- (NVTCP)
DRV - [2006/03/17 17:18:00 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2005/12/21 12:23:26 | 000,014,592 | ---- | M] (Motorola) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\USBICP.sys -- (uisp)
DRV - [2005/01/19 16:30:52 | 000,067,200 | R--- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SI3132.sys -- (SI3132)
DRV - [2004/11/01 13:21:32 | 000,010,368 | R--- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2004/08/12 20:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/07/26 13:54:48 | 000,056,576 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiH0006.sys -- (SaiH0006)
DRV - [2004/06/26 14:22:00 | 000,004,736 | ---- | M] (RDV Soft) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vncdrv.sys -- (vncdrv)
DRV - [2004/04/30 10:37:02 | 000,160,640 | ---- | M] ( ) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\a347bus.sys -- (a347bus)
DRV - [2004/04/30 10:33:00 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\a347scsi.sys -- (a347scsi)
 
========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - HKLM\software\mozilla\Firefox\extensions\\copytolightning@corel.com: G:\School\Corel\WordPerfect Lightning\Programs\FirefoxExtension\ [2009/08/30 20:56:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/03 00:51:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/06 18:37:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2007/11/11 18:01:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2009/02/10 23:02:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: G:\Tools\nod32\Mozilla Thunderbird [2010/10/02 02:35:25 | 000,000,000 | ---D | M]

[2009/10/05 00:20:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\Mozilla\Extensions
[2010/10/08 23:19:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\Mozilla\Firefox\Profiles\gn9wnj7g.default\extensions
[2010/10/07 17:36:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Brad\Application Data\Mozilla\Firefox\Profiles\gn9wnj7g.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/07 17:36:20 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\Brad\Application Data\Mozilla\Firefox\Profiles\gn9wnj7g.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010/10/07 17:36:20 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Brad\Application Data\Mozilla\Firefox\Profiles\gn9wnj7g.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/02/26 03:33:46 | 000,010,952 | ---- | M] () -- C:\Documents and Settings\Brad\Application Data\Mozilla\Firefox\Profiles\gn9wnj7g.default\searchplugins\gutenberg.xml
[2009/02/26 03:34:31 | 000,001,504 | ---- | M] () -- C:\Documents and Settings\Brad\Application Data\Mozilla\Firefox\Profiles\gn9wnj7g.default\searchplugins\imdb.xml
[2009/02/26 03:32:51 | 000,001,032 | ---- | M] () -- C:\Documents and Settings\Brad\Application Data\Mozilla\Firefox\Profiles\gn9wnj7g.default\searchplugins\wikipedia-eng.xml
[2009/10/01 14:20:43 | 000,004,140 | ---- | M] () -- C:\Documents and Settings\Brad\Application Data\Mozilla\Firefox\Profiles\gn9wnj7g.default\searchplugins\youtube.xml
[2010/10/08 23:19:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/24 16:48:21 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/10/06 18:37:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/10/09 00:18:44 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - G:\Tools\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [egui] G:\Tools\nod32\egui.exe (ESET)
O4 - HKLM..\Run: [Habu] C:\Program Files\Razer\Habu\razerhid.exe ()
O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\G-series Software\LCDMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [VMware hqtray] C:\Program Files\VMware\VMware Player\hqtray.exe (VMware, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] G:\Tools\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Steam] g:\games\steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ASUS WiFi-AP Solo.lnk = C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe (ASUSTek Computer Inc.)
O4 - Startup: C:\Documents and Settings\Brad\Start Menu\Programs\Startup\AutorunsDisabled [2010/09/30 20:11:31 | 000,000,000 | -H-D | M]
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\Tools\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1234752321875 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Brad\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Brad\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/02/17 02:41:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/03/10 21:25:18 | 000,000,000 | ---D | M] - E:\Autorun -- [ NTFS ]
O32 - AutoRun File - [2009/02/03 10:32:00 | 000,647,552 | ---- | M] (Sysinternals - www.sysinternals.com) - G:\autoruns.exe -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
 
========== Files/Folders - Created Within 90 Days ==========

[2010/10/09 00:18:41 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/10/08 18:57:18 | 000,000,000 | ---D | C] -- C:\Program Files\Sun
[2010/10/08 18:34:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brad\Desktop\JavaRa unzip
[2010/10/08 18:32:45 | 000,576,512 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Brad\Desktop\OTL.exe
[2010/10/06 22:06:28 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/10/06 18:38:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/10/04 18:25:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/10/04 18:23:49 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Brad\Desktop\spybotsd162.exe
[2010/10/02 16:41:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
[2010/10/02 05:08:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brad\Local Settings\Application Data\ESET
[2010/10/02 02:35:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/10/02 00:51:17 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/02 00:51:16 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/02 00:50:15 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Brad\Desktop\mbam-setup-1.46.exe
[2010/10/02 00:46:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/10/02 00:06:49 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/10/02 00:04:07 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/10/02 00:04:07 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/10/02 00:04:07 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/10/02 00:04:07 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/10/02 00:03:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/10/02 00:01:29 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/09/30 20:11:31 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Brad\Start Menu\Programs\Startup\AutorunsDisabled
[2010/09/22 17:51:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brad\Application Data\.minecraft
[2010/09/20 18:18:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brad\My Documents\My Digital Editions
[2010/09/19 19:24:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DirectX
[2010/09/19 19:24:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brad\My Documents\Overlord
[2010/09/04 19:29:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brad\My Documents\Amnesia
[2010/08/02 06:49:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brad\My Documents\StarCraft II
[2010/07/24 16:48:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2009/02/15 21:27:56 | 000,160,640 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347bus.sys
[2009/02/15 21:27:56 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347scsi.sys

========== Files - Modified Within 90 Days ==========

[2010/10/09 00:27:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-790525478-854245398-839522115-1003UA.job
[2010/10/09 00:25:35 | 000,276,202 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/10/09 00:25:24 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/09 00:20:23 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/10/09 00:20:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/09 00:19:10 | 007,864,320 | -H-- | M] () -- C:\Documents and Settings\Brad\NTUSER.DAT
[2010/10/09 00:19:10 | 000,053,776 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000008-00001102-00000005-00211102}.rfx
[2010/10/09 00:19:10 | 000,053,776 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000008-00001102-00000005-00211102}.rfx
[2010/10/09 00:19:10 | 000,000,788 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000008-00001102-00000005-00211102}.rfx
[2010/10/09 00:19:06 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Brad\ntuser.ini
[2010/10/09 00:18:44 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/10/08 23:27:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-790525478-854245398-839522115-1003Core.job
[2010/10/08 18:32:55 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brad\Desktop\OTL.exe
[2010/10/08 18:28:14 | 000,156,329 | ---- | M] () -- C:\Documents and Settings\Brad\Desktop\JavaRa.zip
[2010/10/05 17:56:15 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/10/05 17:47:01 | 003,873,401 | R--- | M] () -- C:\Documents and Settings\Brad\Desktop\CmboFix.exe
[2010/10/04 18:35:09 | 000,000,613 | ---- | M] () -- C:\Documents and Settings\Brad\Desktop\Shortcut to in.exe.lnk
[2010/10/04 18:25:39 | 000,000,753 | ---- | M] () -- C:\Documents and Settings\Brad\Desktop\Spybot - Search & Destroy.lnk
[2010/10/04 18:25:39 | 000,000,753 | ---- | M] () -- C:\Documents and Settings\Brad\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/10/04 18:23:49 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Brad\Desktop\spybotsd162.exe
[2010/10/03 19:08:56 | 000,000,542 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/10/03 19:08:56 | 000,000,339 | RHS- | M] () -- C:\boot.ini
[2010/10/03 17:45:14 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Brad\Desktop\dds.scr
[2010/10/03 17:44:40 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Brad\Desktop\vwfuf460.exe
[2010/10/02 17:29:10 | 000,000,000 | ---- | M] () -- C:\WINDOWS\LCDMedia.INI
[2010/10/02 15:39:54 | 000,504,880 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/10/02 15:39:54 | 000,443,368 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/02 15:39:54 | 000,072,212 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/02 15:38:11 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/02 01:58:59 | 000,008,246 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010/10/02 01:33:51 | 039,327,232 | ---- | M] () -- C:\Documents and Settings\Brad\Desktop\eav_nt32_enu.msi
[2010/10/02 00:50:15 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Brad\Desktop\mbam-setup-1.46.exe
[2010/10/01 23:09:06 | 000,000,241 | ---- | M] () -- C:\Boot.bak
[2010/09/24 21:25:48 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Brad\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/23 23:27:39 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Brad\Desktop\Google Chrome.lnk
[2010/09/20 18:17:49 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Digital Editions.lnk
[2010/09/05 18:30:08 | 000,148,400 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/27 00:03:10 | 000,475,535 | ---- | M] () -- C:\Documents and Settings\Brad\Desktop\POLARSTAR.jpg
[2010/08/26 21:43:47 | 000,000,466 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Cygwin.lnk
[2010/08/26 00:24:34 | 000,000,837 | ---- | M] () -- C:\Documents and Settings\Brad\Desktop\VidTor.exe.lnk
[2010/08/25 22:24:41 | 000,034,356 | ---- | M] () -- C:\Documents and Settings\Brad\Desktop\f36484_1274230002073.jpg
[2010/08/15 21:12:54 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/08/10 22:24:06 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Brad\Local Settings\Application Data\PUTTY.RND
[2010/08/02 07:00:51 | 000,000,606 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\StarCraft II.lnk

========== Files Created - No Company Name ==========

[2010/10/08 18:28:13 | 000,156,329 | ---- | C] () -- C:\Documents and Settings\Brad\Desktop\JavaRa.zip
[2010/10/04 18:35:09 | 000,000,613 | ---- | C] () -- C:\Documents and Settings\Brad\Desktop\Shortcut to in.exe.lnk
[2010/10/04 18:25:39 | 000,000,753 | ---- | C] () -- C:\Documents and Settings\Brad\Desktop\Spybot - Search & Destroy.lnk
[2010/10/04 18:25:39 | 000,000,753 | ---- | C] () -- C:\Documents and Settings\Brad\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/10/03 17:45:40 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Brad\Desktop\dds.scr
[2010/10/03 17:45:01 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Brad\Desktop\vwfuf460.exe
[2010/10/02 17:29:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\LCDMedia.INI
[2010/10/02 01:33:51 | 039,327,232 | ---- | C] () -- C:\Documents and Settings\Brad\Desktop\eav_nt32_enu.msi
[2010/10/02 00:06:53 | 000,000,241 | ---- | C] () -- C:\Boot.bak
[2010/10/02 00:06:51 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/10/02 00:04:07 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/10/02 00:04:07 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/10/02 00:04:07 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/10/02 00:04:07 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/10/02 00:04:07 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/02 00:00:04 | 003,873,401 | R--- | C] () -- C:\Documents and Settings\Brad\Desktop\CmboFix.exe
[2010/09/20 18:17:49 | 000,001,819 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Digital Editions.lnk
[2010/08/27 00:03:10 | 000,475,535 | ---- | C] () -- C:\Documents and Settings\Brad\Desktop\POLARSTAR.jpg
[2010/08/26 21:43:47 | 000,000,466 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Cygwin.lnk
[2010/08/25 22:24:41 | 000,034,356 | ---- | C] () -- C:\Documents and Settings\Brad\Desktop\f36484_1274230002073.jpg
[2010/08/02 06:49:26 | 000,000,606 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\StarCraft II.lnk
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2010/03/20 14:43:48 | 000,001,816 | ---- | C] () -- C:\WINDOWS\TSearch.INI
[2010/03/15 22:37:54 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Brad\Local Settings\Application Data\PUTTY.RND
[2010/01/31 20:40:56 | 000,015,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2009/10/20 12:19:30 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009/08/30 20:58:05 | 000,000,952 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2009/07/19 19:02:19 | 000,000,023 | ---- | C] () -- C:\WINDOWS\SWFDecompiler.INI
[2009/06/30 18:25:40 | 000,007,775 | ---- | C] () -- C:\Documents and Settings\Brad\Application Data\.civclientrc
[2008/10/08 01:08:38 | 000,020,936 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2008/10/08 00:41:40 | 000,002,560 | ---- | C] () -- C:\WINDOWS\System32\CtxfiRes.dll
[2008/10/08 00:41:40 | 000,002,560 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2008/09/30 14:59:11 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\csdlocalmon.dll
[2008/09/12 22:22:40 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2008/05/16 15:01:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/02/24 17:44:52 | 000,054,624 | ---- | C] () -- C:\WINDOWS\System32\4401D.sys
[2008/02/08 21:22:04 | 000,000,753 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/11/11 18:06:06 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/04/01 14:19:47 | 000,000,048 | ---- | C] () -- C:\WINDOWS\scmate.ini
[2007/03/30 11:59:58 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2007/03/30 11:59:57 | 000,471,552 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2007/03/28 21:37:31 | 000,000,121 | ---- | C] () -- C:\WINDOWS\Winchat.ini
[2007/02/19 01:18:40 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Brad\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/02/17 12:13:22 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2007/02/17 02:49:33 | 000,000,804 | R--- | C] () -- C:\WINDOWS\System32\AsusSetup.ini
[2007/02/17 02:49:33 | 000,000,403 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini
[2007/02/17 02:48:48 | 000,031,101 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2007/02/17 02:47:46 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2007/02/17 02:47:45 | 000,031,063 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2007/02/17 02:47:37 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2005/08/07 16:19:00 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
[2005/06/07 07:10:50 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL
[2003/03/21 03:56:12 | 000,000,321 | ---- | C] () -- C:\WINDOWS\System32\kill.ini

========== LOP Check ==========

[2008/12/02 22:53:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy
[2010/01/04 17:41:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010/07/03 03:39:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BioWare
[2009/08/30 20:56:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Borland
[2010/10/02 02:35:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2009/09/06 15:50:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gamerizon
[2010/01/31 21:29:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/04/23 00:47:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ice-pick Lodge
[2009/06/28 16:48:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ironclad Games
[2009/06/28 16:25:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Stardock
[2009/01/07 15:09:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/12/26 19:05:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Valve
[2007/03/03 16:02:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2008/07/16 15:32:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{0E8E33D8-193A-414A-A909-0F101A142D26}
[2009/06/28 16:25:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{3324F7A6-7151-481D-8C80-99FEE7AFB967}
[2009/06/30 18:25:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\.freeciv
[2010/09/25 16:41:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\.minecraft
[2009/09/22 22:27:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\.purple
[2010/09/24 21:02:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\Azureus
[2008/08/31 15:40:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\Bioshock
[2009/04/14 23:22:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\Braid
[2008/09/30 13:01:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\COWON
[2009/05/06 14:03:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\Crayon Physics Deluxe
[2009/05/14 16:33:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\Dark Sector
[2010/04/03 11:56:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\FileZilla
[2008/12/03 00:18:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\GamesFaction
[2009/08/16 19:07:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\Gmote
[2009/02/27 15:49:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\gtk-2.0
[2009/09/13 16:28:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\InfraRecorder
[2009/08/23 18:11:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\Larva Mortus
[2009/05/06 15:19:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\Larva Mortus Demo
[2007/03/24 18:10:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\Leadertech
[2009/08/11 10:00:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\MioNet
[2007/04/23 19:26:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\My Battle for Middle-earth Files
[2009/12/13 16:58:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\runic games
[2009/01/02 04:10:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\Spore
[2009/06/28 16:31:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\Stardock
[2010/04/14 17:26:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\SystemRequirementsLab
[2009/06/09 13:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\The Path
[2007/04/24 02:37:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\Thunderbird
[2010/01/10 22:57:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\uk.co.planetside
[2010/04/18 21:47:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\Wireshark
[2007/04/14 23:37:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\WordWeb

========== Purity Check ==========


< End of report >
 
Download Bootkit Remover to your Desktop.

  • You then need to extract the remover.exe file from the RAR using a program capable of extracting RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/
  • After extracting remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator.
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.
 
Not sure if it matters, but this system also dual boots to Ubuntu. The windows system is on a striped raid. Boot order goes to the raid first with the Linux system on a different Disk.

The Output:
--------------------------------


Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.2.0.0
OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive2 at offset 0x00000000`00007e00
ATA_Read(): DeviceIoControl() ERROR 1
Boot sector MD5 is: 96d582cc2961041aba7e9700bfe28a1e

Size Device Name MBR Status
--------------------------------------------
467 GB \\.\PhysicalDrive2 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>


Done;
Press any key to quit...
 
I am actually not sure. There is something happening there, but not sure if it is because of the Ubuntu install.
Let me get back to you.
 
If it helps, I don't mind losing the grub boot loader. I'll be waiting patiently. Thanks for your help so far.
 
I will try something else before that :).

Please download ComboFix by sUBs from HERE or HERE
  • You must download it to and run it from your Desktop
  • Physically disconnect from the internet.
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply.
  • Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!
 
ComboFix 10-10-09.06 - Brad 10/10/2010 18:21:34.7.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2706 [GMT -6:00]
Running from: c:\documents and settings\Brad\Desktop\ComboFx.exe
AV: ESET NOD32 Antivirus 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ActiveArmor Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
.

((((((((((((((((((((((((( Files Created from 2010-09-11 to 2010-10-11 )))))))))))))))))))))))))))))))
.

2010-10-09 06:18 . 2010-10-09 06:18 -------- d-----w- C:\_OTL
2010-10-09 00:57 . 2010-10-09 00:57 -------- d-----w- c:\program files\Sun
2010-10-07 00:37 . 2010-07-17 11:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-07 00:37 . 2010-07-17 11:00 423656 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-10-05 00:25 . 2010-10-05 23:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-10-02 22:41 . 2010-10-02 22:41 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2010-10-02 11:08 . 2010-10-02 11:08 -------- d-----w- c:\documents and settings\Brad\Local Settings\Application Data\ESET
2010-10-02 08:35 . 2010-10-02 08:35 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2010-10-02 06:51 . 2010-04-29 21:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-02 06:51 . 2010-04-29 21:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-22 23:51 . 2010-09-25 22:41 -------- d-----w- c:\documents and settings\Brad\Application Data\.minecraft
2010-09-20 01:24 . 2010-09-20 01:24 -------- d-----w- c:\program files\Common Files\DirectX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2006-05-03 09:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll
.

((((((((((((((((((((((((((((( SnapShot_2010-10-02_23.39.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-10-10 19:52 . 2010-10-10 19:52 16384 c:\windows\temp\Perflib_Perfdata_6dc.dat
+ 2010-10-10 19:53 . 2010-10-10 19:53 16384 c:\windows\temp\Perflib_Perfdata_1f4.dat
+ 2010-10-07 00:37 . 2010-07-17 11:00 153376 c:\windows\system32\javaws.exe
+ 2010-10-07 00:37 . 2010-07-17 11:00 145184 c:\windows\system32\javaw.exe
- 2008-09-02 08:35 . 2009-10-11 11:17 145184 c:\windows\system32\javaw.exe
- 2008-09-02 08:35 . 2009-10-11 11:17 145184 c:\windows\system32\java.exe
+ 2010-10-07 00:37 . 2010-07-17 11:00 145184 c:\windows\system32\java.exe
+ 2010-10-09 00:57 . 2010-10-09 00:57 386048 c:\windows\Installer\29d729.msi
+ 2010-10-09 00:56 . 2010-10-09 00:56 533504 c:\windows\Installer\29d721.msi
+ 2010-10-07 00:38 . 2010-10-07 00:38 180224 c:\windows\Installer\276620.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="g:\games\steam\steam.exe" [2010-08-23 1242448]
"Google Update"="c:\documents and settings\Brad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-02-16 135664]
"SpybotSD TeaTimer"="g:\tools\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LGDCore"="c:\program files\Logitech\G-series Software\LGDCore.exe" [2006-03-06 1122304]
"Launch LCDMon"="c:\program files\Logitech\G-series Software\LCDMon.exe" [2006-03-06 497152]
"CTHelper"="CTHELPER.EXE" [2005-08-07 16384]
"Habu"="c:\program files\Razer\Habu\razerhid.exe" [2007-05-11 176128]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"CTxfiHlp"="CTXFIHLP.EXE" [2008-10-08 23552]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-19 868352]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-04 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-04 13670504]
"VMware hqtray"="c:\program files\VMware\VMware Player\hqtray.exe" [2010-01-23 64048]
"egui"="g:\tools\nod32\egui.exe" [2010-03-29 2145000]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\documents and settings\Brad\Start Menu\Programs\Startup\AutorunsDisabled
WordWeb.lnk - c:\program files\WordWeb\wweb32.exe [2007-3-30 44384]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
ASUS WiFi-AP Solo.lnk - c:\program files\ASUS WiFi-AP Solo\RtWLan.exe [2007-2-17 987136]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Avvenu Access n Share Update]
2007-03-21 18:51 28672 ----a-w- c:\program files\Avvenu\Avvenu_updater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 08:00 90112 ------w- c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"nSvcLog"=2 (0x2)
"nSvcIp"=2 (0x2)
"ForcewareWebInterface"=2 (0x2)
"NVSvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"e:\\Games\\Starcraft\\StarCraft.exe"=
"e:\\Games\\NWN 2\\nwn2main.exe"=
"e:\\Games\\NWN 2\\nwn2main_amdxp.exe"=
"e:\\Games\\NWN 2\\nwupdate.exe"=
"e:\\Games\\NWN 2\\nwn2server.exe"=
"e:\\Games\\FEAR\\fpupdate.exe"=
"e:\\Games\\FEAR\\FEAR.exe"=
"e:\\Games\\FEAR\\FEARMP.exe"=
"e:\\Games\\Battle for Middle Earth\\game.dat"=
"e:\\Games\\Dungeon Siege 2\\DungeonSiege2.exe"=
"e:\\Games\\Battlefield 2142\\BF2142.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"e:\\Games\\Crysis\\Bin32\\Crysis.exe"=
"e:\\Games\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"e:\\Games\\FEAR\\FEARXP\\FEARXP.exe"=
"c:\\Program Files\\UltraVNC\\vncviewer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"e:\\Games\\Sins of a Solar Empire\\Sins of a Solar Empire Entrenchment.exe"=
"g:\\Games\\Steam\\steamapps\\common\\beyond good and evil\\CheckApplication.exe"=
"g:\\Games\\Steam\\steamapps\\common\\dark sector\\DS.exe"=
"g:\\Games\\Steam\\steamapps\\common\\farcry\\Bin32\\FarCry.exe"=
"g:\\Games\\Steam\\steamapps\\common\\farcry\\Bin32\\FarCryConfigurator.exe"=
"g:\\Games\\Steam\\steamapps\\common\\final doom\\plutonia.bat"=
"g:\\Games\\Steam\\steamapps\\common\\final doom\\tnt.bat"=
"g:\\Games\\Steam\\steamapps\\common\\dawn of war soulstorm\\soulstorm.exe"=
"g:\\Games\\Steam\\steamapps\\common\\commander keen\\testapp3.bat"=
"g:\\Games\\Steam\\steamapps\\common\\commander keen\\testapp4.bat"=
"g:\\Games\\Steam\\steamapps\\common\\commander keen\\testapp5.bat"=
"g:\\Games\\Steam\\steamapps\\common\\doom 3\\Doom3.exe"=
"g:\\Games\\Steam\\steamapps\\common\\hexen 2\\glh2.exe"=
"g:\\Games\\Steam\\steamapps\\common\\fallout 3\\FalloutLauncher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\mirrors edge\\Binaries\\MirrorsEdge.exe"=
"g:\\Games\\Steam\\steamapps\\common\\master levels of doom\\master.bat"=
"g:\\Games\\Steam\\steamapps\\common\\spore\\runme.exe"=
"g:\\Games\\Steam\\steamapps\\common\\osmos igf demo\\OsmosDemo.exe"=
"g:\\Games\\Steam\\steamapps\\common\\rip\\RIP\\RIP.exe"=
"g:\\Games\\Steam\\steamapps\\common\\quake\\Winquake.exe"=
"g:\\Games\\Steam\\steamapps\\common\\quake\\qwcl.exe"=
"g:\\Games\\Steam\\steamapps\\common\\quake\\Glquake.exe"=
"g:\\Games\\Steam\\steamapps\\common\\quake\\glqwcl.exe"=
"g:\\Games\\Steam\\steamapps\\common\\larva mortus\\larvamortus.exe"=
"g:\\Games\\Steam\\steamapps\\common\\fear2spdemo\\FEAR2SPDemo.exe"=
"g:\\Games\\Steam\\steamapps\\common\\stalker shadow of chernobyl\\bin\\XR_3DA.exe"=
"g:\\Games\\Steam\\steamapps\\common\\unreal tournament 3\\Binaries\\UT3.exe"=
"g:\\Games\\Steam\\steamapps\\common\\world of goo demo\\WorldOfGoo.exe"=
"g:\\Games\\Steam\\steamapps\\common\\quake 2\\quake2.exe"=
"g:\\Games\\Steam\\steamapps\\common\\thief deadly shadows\\System\\runme.exe"=
"g:\\Games\\Steam\\steamapps\\common\\penumbra overture\\redist\\Penumbra.exe"=
"g:\\Games\\Steam\\steamapps\\common\\return to castle wolfenstein\\WolfSP.exe"=
"g:\\Games\\Steam\\steamapps\\common\\return to castle wolfenstein\\WolfMP.exe"=
"g:\\Games\\Steam\\steamapps\\common\\mass effect\\Binaries\\MassEffect.exe"=
"g:\\Games\\Steam\\steamapps\\common\\swkotor\\swkotor.exe"=
"g:\\Games\\Steam\\steamapps\\common\\timeshift\\bin\\TimeShift.Exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"g:\\Games\\Steam\\steamapps\\common\\batman arkham asylum - demo\\Binaries\\ShippingPC-BmGame.exe"=
"g:\\Games\\Steam\\steamapps\\common\\shadowgrounds\\Shadowgrounds.exe"=
"g:\\Games\\Steam\\steamapps\\common\\shadowgrounds\\ShadowgroundsLauncher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\aaaaaaaaaaaaaaaaaaaaaaaaa!!! demo\\main.exe"=
"g:\\Games\\Steam\\steamapps\\common\\machinarium demo\\machinarium.exe"=
"g:\\Games\\Steam\\steamapps\\common\\doom 2\\doom2.bat"=
"g:\\Games\\Steam\\steamapps\\common\\quake 3 arena\\quake3.exe"=
"g:\\Games\\Steam\\steamapps\\common\\deus ex\\System\\DeusEx.exe"=
"g:\\Games\\Steam\\steamapps\\common\\lumines\\lumines.exe"=
"g:\\Games\\Steam\\steamapps\\common\\prototype\\prototypef.exe"=
"g:\\Games\\Steam\\steamapps\\common\\stalker clear sky\\bin\\xrEngine.exe"=
"g:\\Games\\Steam\\steamapps\\common\\osmos\\osmos.exe"=
"g:\\Games\\Steam\\steamapps\\common\\the witcher enhanced edition\\System\\witcher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\the witcher enhanced edition\\System\\djinni!.exe"=
"g:\\Games\\Steam\\steamapps\\common\\king's bounty - the legend\\kb.exe"=
"g:\\Games\\Steam\\steamapps\\common\\king's bounty - the legend\\save_fixer.exe"=
"g:\\Games\\Steam\\steamapps\\common\\psychonauts\\PsychoLauncher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\torchlight\\Torchlight.exe"=
"e:\\Games\\Unreal Anthology\\UT2004\\System\\UT2004.exe"=
"g:\\Games\\Steam\\steamapps\\common\\eufloria - demo\\Eufloria.exe"=
"g:\\Games\\Steam\\steamapps\\common\\fallout 3\\Fallout3.exe"=
"g:\\Games\\StarCraft 2 beta\\StarCraft II Beta\\StarCraft II.exe"=
"g:\\Games\\StarCraft 2 beta\\StarCraft II Beta\\Versions\\Base14803\\SC2.exe"=
"c:\\Program Files\\VMware\\VMware Player\\vmware-authd.exe"=
"g:\\Games\\Steam\\steamapps\\common\\the void\\bin\\win32\\Game.exe"=
"g:\\Games\\Steam\\steamapps\\common\\the void\\bin\\win32\\Config.exe"=
"g:\\Games\\MW4\\MW4MERCS.ICD"=
"g:\\Games\\MW4\\MTX\\mtx.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"g:\\Games\\StarCraft 2 beta\\StarCraft II Beta\\Versions\\Base15133\\SC2.exe"=
"g:\\Games\\StarCraft 2 beta\\StarCraft II Beta\\Versions\\Base15250\\SC2.exe"=
"g:\\Games\\MW4\\MTX\\Download\\Mechwarrior Mercenaries - Mektek Mekpak\\MW4Mercs.exe"=
"g:\\Games\\Steam\\steamapps\\common\\defensegridtheawakening\\DefenseGrid.exe"=
"g:\\Games\\Steam\\steamapps\\common\\alien breed impact\\Binaries\\AlienBreed-Impact.exe"=
"g:\\Games\\Steam\\steamapps\\common\\mass effect 2\\Binaries\\MassEffect2.exe"=
"g:\\Games\\Steam\\steamapps\\common\\mass effect 2\\MassEffect2Launcher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\mass effect 2\\docs\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"g:\\Games\\Steam\\steamapps\\common\\titan quest\\Titan Quest.exe"=
"g:\\Games\\Steam\\steamapps\\common\\titan quest\\help.htm"=
"g:\\Games\\Steam\\steamapps\\common\\overlord\\Overlord.exe"=
"g:\\Games\\Steam\\steamapps\\common\\overlord\\Config.exe"=
"g:\\Games\\Steam\\steamapps\\common\\red faction\\RedFaction.exe"=
"g:\\Games\\Steam\\steamapps\\common\\full spectrum warrior\\Launcher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\full spectrum warrior\\help.htm"=
"g:\\Games\\Steam\\steamapps\\common\\dragon age origins\\bin_ship\\daupdatersvc.service.exe"=
"g:\\Games\\Steam\\steamapps\\common\\red faction\\RF.exe"=
"g:\\Games\\Steam\\steamapps\\common\\galcon fusion\\GalconFusion.exe"=
"g:\\Games\\Steam\\steamapps\\common\\dragon age origins\\bin_ship\\DAOrigins.exe"=
"g:\\Games\\Steam\\steamapps\\common\\dragon age origins\\DAOriginsLauncher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\dragon age origins\\docs\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"g:\\Games\\Steam\\steamapps\\common\\alien swarm\\srcds.exe"=
"g:\\Games\\Steam\\steamapps\\common\\trine\\trine_launcher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\disciples iii renaissance - demo\\DisciplesIII.exe"=
"g:\\Games\\StarCraft II\\StarCraft II.exe"=
"g:\\Games\\StarCraft II\\Versions\\Base15405\\SC2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"g:\\Games\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"=
"g:\\Games\\Steam\\steamapps\\common\\alien swarm\\bin\\SDKLauncher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\gratuitous space battles\\GSB.exe"=
"g:\\Games\\Steam\\steamapps\\common\\dawn of war 2\\DOW2.exe"=
"g:\\Games\\Steam\\steamapps\\common\\metro 2033\\metro2033.exe"=
"g:\\Games\\Steam\\steamapps\\common\\morrowind\\Morrowind Launcher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\amnesia the dark descent demo\\Launcher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\borderlands\\Binaries\\Borderlands.exe"=
"g:\\Games\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"g:\\Games\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access 0
"1701:TCP"= 1701:TCP:MioNet Remote Drive Access 1
"1702:TCP"= 1702:TCP:MioNet Remote Drive Access 2
"1703:TCP"= 1703:TCP:MioNet Remote Drive Access 3
"1704:TCP"= 1704:TCP:MioNet Remote Drive Access 4
"1705:TCP"= 1705:TCP:MioNet Remote Drive Access 5
"1706:TCP"= 1706:TCP:MioNet Remote Drive Access 6
"1707:TCP"= 1707:TCP:MioNet Remote Drive Access 7
"1708:TCP"= 1708:TCP:MioNet Remote Drive Access 8
"1709:TCP"= 1709:TCP:MioNet Remote Drive Access 9
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"1647:TCP"= 1647:TCP:MioNet Storage Device Configuration
"5432:UDP"= 5432:UDP:MioNet Storage Device Discovery

R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [2/15/2009 9:27 PM 5248]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [3/29/2010 5:12 PM 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [3/29/2010 5:13 PM 95872]
R2 ekrn;ESET Service;g:\tools\nod32\ekrn.exe [3/29/2010 5:12 PM 810120]
R2 uvnc_service;uvnc_service;c:\program files\UltraVNC\winvnc.exe [1/12/2009 9:09 PM 1519168]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [1/22/2010 9:57 PM 70704]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [10/8/2008 2:21 AM 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [10/8/2008 2:21 AM 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [10/8/2008 2:21 AM 72728]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [1/22/2010 9:00 PM 563760]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [1/21/2009 5:46 AM 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [10/8/2008 2:21 AM 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [10/8/2008 2:21 AM 1324056]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [10/8/2008 2:21 AM 72728]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;g:\games\Steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe [7/2/2010 10:00 PM 25832]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 12:19 PM 50704]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2/17/2007 2:52 AM 176128]
S3 SaiH0006;SaiH0006;c:\windows\system32\drivers\SaiH0006.sys [7/26/2004 1:54 PM 56576]
S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [2/17/2007 2:52 AM 13532]
S4 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [2/15/2009 9:27 PM 160640]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/17/2007 4:17 PM 646392]
S4 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [7/24/2008 3:22 PM 102400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder

2010-10-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-854245398-839522115-1003Core.job
- c:\documents and settings\Brad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-16 04:07]

2010-10-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-854245398-839522115-1003UA.job
- c:\documents and settings\Brad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-16 04:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
LSP: c:\program files\VMware\VMware Player\vsocklib.dll
FF - ProfilePath - c:\documents and settings\Brad\Application Data\Mozilla\Firefox\Profiles\gn9wnj7g.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\Brad\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Macromedia Breeze Meeting 5 Add-in - c:\documents and settings\Brad\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\breezeaddin5x0\breezeaddin5x0.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-790525478-854245398-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:17,37,c8,94,82,b9,b6,ff,46,86,c8,c4,9c,7e,17,0f,87,53,71,c7,f2,cf,da,
91,64,66,b3,9f,fa,38,87,49,e6,6b,43,cd,b7,87,23,8d,b5,5a,fd,86,2b,96,3e,7e,\
"??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49

[HKEY_USERS\S-1-5-21-790525478-854245398-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:4a,a7,ba,46,ed,c1,96,5f,4e,e2,2f,e7,69,31,43,d0,bb,16,31,ad,bb,
5e,a7,fb,9c,5f,58,85,1f,02,96,8e,bb,b4,b3,0e,db,60,d5,a3,7d,b9,1f,24,d5,63,\
"rkeysecu"=hex:b9,20,94,2f,ae,ae,e5,89,f2,28,e6,75,9f,0f,a8,11
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(748)
c:\windows\system32\nvappfilter.dll

- - - - - - - > 'explorer.exe'(2068)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-10-10 18:29:45
ComboFix-quarantined-files.txt 2010-10-11 00:29
ComboFix2.txt 2010-10-05 23:58
ComboFix3.txt 2010-10-05 00:51
ComboFix4.txt 2010-10-04 01:24
ComboFix5.txt 2010-10-11 00:19

Pre-Run: 7,642,263,552 bytes free
Post-Run: 7,622,823,936 bytes free

- - End Of File - - 7A0F40385053CFB4FAA48D999ABCABBF
 
Combofix is showing that it has been run 7 times. Has it been run previous to you starting this thread?

How are things now since running Combofix?
 
Status
Not open for further replies.

Similar threads

D
Mini PCs sold on Amazon contained factory-installed spyware
Replies
16
Views
403
Fastturtle
F
N
Several popular Minecraft mods are infected with Fracturiser malware
Replies
0
Views
616
nanoguy
N
D
Google Chrome gets real-time phishing and malware protection with upgraded Safe Browsing...
Replies
7
Views
255
Evrsr
E

Latest posts

Back