PDA

View Full Version : Computer acting goofy (Resolved)



northsider
2009-07-20, 05:50
Lately my computer has been acting very goofy. It's been sluggish, explorer gives me random errors (action cannot be completed...etc), my DVD drive stopped working, windows doesn't shut down completely on shut down or reboot (I have to hard reset now)...it's just very odd that all these problems are occurring at once. Following is my HJ log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:44:44 PM, on 7/19/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Smoky City Design\The Panorama Factory V5\PFactory.exe
C:\Windows\system32\Taskmgr.exe
C:\hp\kbd\kbd.exe
C:\Windows\Explorer.EXE
C:\Program Files\Adobe\Adobe Photoshop Lightroom 2\lightroom.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 124.115.177.53:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Get Flash by FlashKeeper - C:\Program Files\FlashKeeper\GetFlash.htm
O9 - Extra button: FlashKeeper - {86301D40-94C1-4a5e-843B-7F43965E364A} - C:\Program Files\FlashKeeper\GetFlash.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdbcz.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8399 bytes



Thank you for the help.

katana
2009-07-20, 14:54
Please note that all instructions given are customised for this computer only,
the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
Please Read All Instructions Carefully
If you don't understand something, stop and ask! Don't keep going on.
Please do not run any other tools or scans whilst I am helping you
Failure to reply within 5 days will result in the topic being closed.
Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those few things, everything should go smoothly http://www.countingcows.de/laechel.gif

Some of the logs I request will be quite large, You may need to split them over a couple of replies.

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe
----------------------------------------------------------------------------------------



Download and Run RSIT

Please download Random's System Information Tool by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open:

log.txt will be opened maximized.
info.txt will be opened minimized.

Please post the contents of both log.txt and info.txt.


Please Download GMER to your desktop

Download GMER (http://www.gmer.net/gmer.zip) and extract it to your desktop.

***Please close any open programs ***

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst

If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click Yes.

Once the scan is complete, you may receive another notice about rootkit activity.
Click OK.

GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.
If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked. Click the Scan button and let the program do its work. GMER will produce a log.
Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.


DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

Please post the results from the GMER scan in your reply.

northsider
2009-07-21, 16:31
I apologize, I cannot access this website from my home computer anymore, odd. I have printed the instructions and I will complete the steps above when I get home tonight.:thanks:

northsider
2009-07-22, 01:24
Logfile of random's system information tool 1.06 (written by random/random)
Run by mr. splashy pants at 2009-07-21 17:19:00
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 112 GB (38%) free of 296 GB
Total RAM: 2942 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:19:28 PM, on 7/21/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\hp\kbd\kbd.exe
C:\Users\mr. splashy pants\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\mr. splashy pants.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 124.115.177.53:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Get Flash by FlashKeeper - C:\Program Files\FlashKeeper\GetFlash.htm
O9 - Extra button: FlashKeeper - {86301D40-94C1-4a5e-843B-7F43965E364A} - C:\Program Files\FlashKeeper\GetFlash.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdbcz.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8410 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\User_Feed_Synchronization-{EAC7F15F-AED1-4CD4-8576-FC5D9588A2DC}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-29 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-01-15 4874240]
"hpsysdrv"=c:\hp\support\hpsysdrv.exe [2007-04-18 65536]
"KBD"=C:\HP\KBD\KbdStub.EXE [2006-12-08 65536]
"OsdMaestro"=C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [2007-02-15 118784]
"HP Health Check Scheduler"=[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe []
""= []
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-02-18 2221352]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2008-04-23 1443072]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe /runcleanupscript []
"UDC Integration"= []
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2007-12-12 86016]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-12-12 8497696]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-12-12 81920]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-20 1233920]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-20 125952]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-02-28 1828136]
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe [2009-04-29 3338240]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-20 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^mr. splashy pants^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ShortKeys 2.lnk]
C:\PROGRA~1\SHORTK~1\shortkey.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^mr. splashy pants^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xfire.lnk]
C:\PROGRA~1\Xfire\xfire.exe [2009-01-15 2993488]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Snapfish Media Detector.lnk - C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{7F4FF6D5-E71D-4B1A-AD0B-A660C1FD1837}"= []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b05d979-0a7d-11dd-a88e-001e8cc51322}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com k:
shell\Open\command - resycled\boot.com k:


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"

======List of files/folders created in the last 1 months======

2009-07-21 17:19:00 ----D---- C:\rsit
2009-07-17 18:15:07 ----D---- C:\ProgramData\WindowsSearch
2009-07-17 07:24:27 ----A---- C:\Windows\system32\msshooks.dll
2009-07-17 07:24:27 ----A---- C:\Windows\system32\msscb.dll
2009-07-17 07:24:26 ----A---- C:\Windows\system32\thawbrkr.dll
2009-07-17 07:24:26 ----A---- C:\Windows\system32\srchadmin.dll
2009-07-17 07:24:26 ----A---- C:\Windows\system32\SearchFilterHost.exe
2009-07-17 07:24:26 ----A---- C:\Windows\system32\propsys.dll
2009-07-17 07:24:26 ----A---- C:\Windows\system32\propdefs.dll
2009-07-17 07:24:26 ----A---- C:\Windows\system32\msstrc.dll
2009-07-17 07:24:26 ----A---- C:\Windows\system32\mssprxy.dll
2009-07-17 07:24:26 ----A---- C:\Windows\system32\mssitlb.dll
2009-07-17 07:24:26 ----A---- C:\Windows\system32\msshsq.dll
2009-07-17 07:24:26 ----A---- C:\Windows\system32\korwbrkr.dll
2009-07-17 07:24:25 ----A---- C:\Windows\system32\xmlfilter.dll
2009-07-17 07:24:25 ----A---- C:\Windows\system32\wsepno.dll
2009-07-17 07:24:25 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2009-07-17 07:24:25 ----A---- C:\Windows\system32\rtffilt.dll
2009-07-17 07:24:25 ----A---- C:\Windows\system32\offfilt.dll
2009-07-17 07:24:25 ----A---- C:\Windows\system32\nlhtml.dll
2009-07-17 07:24:25 ----A---- C:\Windows\system32\msscntrs.dll
2009-07-17 07:24:25 ----A---- C:\Windows\system32\mimefilt.dll
2009-07-17 07:24:25 ----A---- C:\Windows\system32\chtbrkr.dll
2009-07-17 07:24:25 ----A---- C:\Windows\system32\chsbrkr.dll
2009-07-17 07:24:24 ----A---- C:\Windows\system32\tquery.dll
2009-07-17 07:24:24 ----A---- C:\Windows\system32\SearchIndexer.exe
2009-07-17 07:24:24 ----A---- C:\Windows\system32\mssvp.dll
2009-07-17 07:24:24 ----A---- C:\Windows\system32\mssrch.dll
2009-07-17 07:24:24 ----A---- C:\Windows\system32\mssphtb.dll
2009-07-17 07:24:24 ----A---- C:\Windows\system32\mssph.dll
2009-07-17 07:23:10 ----A---- C:\Windows\system32\tzres.dll
2009-07-17 07:02:03 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-07-17 07:02:03 ----A---- C:\Windows\system32\infocardapi.dll
2009-07-17 07:02:01 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-07-17 07:02:01 ----A---- C:\Windows\system32\icardres.dll
2009-07-17 07:02:01 ----A---- C:\Windows\system32\icardagt.exe
2009-07-17 07:01:59 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-07-17 07:01:56 ----A---- C:\Windows\system32\PresentationHost.exe
2009-07-17 06:55:16 ----A---- C:\Windows\system32\dfshim.dll
2009-07-17 06:55:13 ----A---- C:\Windows\system32\mscoree.dll
2009-07-17 06:55:12 ----A---- C:\Windows\system32\netfxperf.dll
2009-07-17 06:55:02 ----A---- C:\Windows\system32\mscorier.dll
2009-07-17 06:54:57 ----A---- C:\Windows\system32\mscories.dll
2009-07-17 06:53:33 ----A---- C:\Windows\system32\iesetup.dll
2009-07-17 06:53:32 ----A---- C:\Windows\system32\wininet.dll
2009-07-17 06:53:32 ----A---- C:\Windows\system32\ieui.dll
2009-07-17 06:53:32 ----A---- C:\Windows\system32\iertutil.dll
2009-07-17 06:53:32 ----A---- C:\Windows\system32\iernonce.dll
2009-07-17 06:53:32 ----A---- C:\Windows\system32\ie4uinit.exe
2009-07-17 06:53:31 ----A---- C:\Windows\system32\urlmon.dll
2009-07-17 06:53:31 ----A---- C:\Windows\system32\jsproxy.dll
2009-07-17 06:53:31 ----A---- C:\Windows\system32\iedkcs32.dll
2009-07-17 06:53:29 ----A---- C:\Windows\system32\mshtml.dll
2009-07-17 06:53:29 ----A---- C:\Windows\system32\ieframe.dll
2009-07-17 06:52:38 ----A---- C:\Windows\system32\mshtmler.dll
2009-07-17 06:52:38 ----A---- C:\Windows\system32\mshtmled.dll
2009-07-17 06:52:38 ----A---- C:\Windows\system32\icardie.dll
2009-07-17 06:52:38 ----A---- C:\Windows\system32\admparse.dll
2009-07-17 06:52:37 ----A---- C:\Windows\system32\msls31.dll
2009-07-17 06:52:37 ----A---- C:\Windows\system32\imgutil.dll
2009-07-17 06:52:37 ----A---- C:\Windows\system32\ieakeng.dll
2009-07-17 06:52:37 ----A---- C:\Windows\system32\dxtmsft.dll
2009-07-17 06:52:37 ----A---- C:\Windows\system32\corpol.dll
2009-07-17 06:52:36 ----A---- C:\Windows\system32\occache.dll
2009-07-17 06:52:36 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-07-17 06:52:36 ----A---- C:\Windows\system32\licmgr10.dll
2009-07-17 06:52:36 ----A---- C:\Windows\system32\inseng.dll
2009-07-17 06:52:36 ----A---- C:\Windows\system32\iepeers.dll
2009-07-17 06:52:36 ----A---- C:\Windows\system32\dxtrans.dll
2009-07-17 06:52:35 ----A---- C:\Windows\system32\WinFXDocObj.exe
2009-07-17 06:52:35 ----A---- C:\Windows\system32\wextract.exe
2009-07-17 06:52:35 ----A---- C:\Windows\system32\webcheck.dll
2009-07-17 06:52:35 ----A---- C:\Windows\system32\mstime.dll
2009-07-17 06:52:35 ----A---- C:\Windows\system32\msrating.dll
2009-07-17 06:52:35 ----A---- C:\Windows\system32\msfeedssync.exe
2009-07-17 06:52:35 ----A---- C:\Windows\system32\ieakui.dll
2009-07-17 06:52:35 ----A---- C:\Windows\system32\ieaksie.dll
2009-07-17 06:52:34 ----A---- C:\Windows\system32\pngfilt.dll
2009-07-17 06:52:34 ----A---- C:\Windows\system32\msfeeds.dll
2009-07-17 06:52:34 ----A---- C:\Windows\system32\advpack.dll
2009-07-17 06:52:33 ----A---- C:\Windows\system32\vbscript.dll
2009-07-17 06:52:33 ----A---- C:\Windows\system32\url.dll
2009-07-17 06:52:33 ----A---- C:\Windows\system32\jscript.dll
2009-07-17 06:52:33 ----A---- C:\Windows\system32\ieapfltr.dll
2009-07-17 06:52:32 ----A---- C:\Windows\system32\mshta.exe
2009-07-17 06:52:32 ----A---- C:\Windows\system32\iexpress.exe
2009-07-17 06:52:31 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2009-07-17 06:52:31 ----A---- C:\Windows\system32\SetDepNx.exe
2009-07-17 06:52:31 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2009-07-17 06:52:31 ----A---- C:\Windows\system32\PDMSetup.exe
2009-07-17 06:52:31 ----A---- C:\Windows\system32\ieUnatt.exe
2009-07-17 06:52:31 ----A---- C:\Windows\system32\iesysprep.dll
2009-07-16 22:56:51 ----A---- C:\Windows\system32\MRT.INI
2009-07-16 22:51:30 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2009-07-16 22:51:28 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2009-07-16 22:51:18 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2009-07-16 22:50:35 ----A---- C:\Windows\system32\shell32.dll
2009-07-16 22:49:54 ----A---- C:\Windows\system32\Apphlpdm.dll
2009-07-16 22:49:53 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2009-07-16 22:49:53 ----A---- C:\Windows\system32\gameux.dll
2009-07-16 22:49:51 ----A---- C:\Windows\system32\xolehlp.dll
2009-07-16 22:49:51 ----A---- C:\Windows\system32\msdtcprx.dll
2009-07-16 22:49:49 ----A---- C:\Windows\system32\lsasrv.dll
2009-07-16 22:49:49 ----A---- C:\Windows\system32\kernel32.dll
2009-07-16 22:49:48 ----A---- C:\Windows\system32\secur32.dll
2009-07-16 22:49:48 ----A---- C:\Windows\system32\apilogen.dll
2009-07-16 22:49:48 ----A---- C:\Windows\system32\amxread.dll
2009-07-16 22:49:20 ----A---- C:\Windows\system32\EncDec.dll
2009-07-16 22:49:19 ----A---- C:\Windows\system32\psisdecd.dll
2009-07-16 22:49:13 ----A---- C:\Windows\system32\localspl.dll
2009-07-16 22:49:05 ----A---- C:\Windows\system32\rpcss.dll
2009-07-16 22:49:05 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-07-16 22:49:04 ----A---- C:\Windows\system32\sdohlp.dll
2009-07-16 22:49:04 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-07-16 22:49:04 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-07-16 22:49:04 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-07-16 22:49:04 ----A---- C:\Windows\system32\iasrecst.dll
2009-07-16 22:49:04 ----A---- C:\Windows\system32\iasdatastore.dll
2009-07-16 22:49:04 ----A---- C:\Windows\system32\iasads.dll
2009-07-16 22:49:03 ----A---- C:\Windows\system32\iashost.exe
2009-07-16 22:49:01 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2009-07-16 22:49:01 ----A---- C:\Windows\system32\WindowsCodecs.dll
2009-07-16 22:49:01 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2009-07-16 22:48:59 ----A---- C:\Windows\system32\msxml3.dll
2009-07-16 22:48:53 ----A---- C:\Windows\system32\pacerprf.dll
2009-07-16 22:48:50 ----A---- C:\Windows\system32\t2embed.dll
2009-07-16 22:48:50 ----A---- C:\Windows\system32\fontsub.dll
2009-07-16 22:48:50 ----A---- C:\Windows\system32\dciman32.dll
2009-07-16 22:48:50 ----A---- C:\Windows\system32\atmfd.dll
2009-07-16 22:48:47 ----A---- C:\Windows\system32\winhttp.dll
2009-07-16 22:48:43 ----A---- C:\Windows\system32\schannel.dll
2009-07-16 22:48:41 ----A---- C:\Windows\system32\IPSECSVC.DLL
2009-07-16 22:48:38 ----A---- C:\Windows\system32\emdmgmt.dll
2009-07-16 22:48:38 ----A---- C:\Windows\system32\dataclen.dll
2009-07-16 22:48:38 ----A---- C:\Windows\system32\cdd.dll
2009-07-16 22:48:35 ----A---- C:\Windows\system32\connect.dll
2009-07-16 22:48:33 ----A---- C:\Windows\system32\gdi32.dll
2009-07-16 22:48:30 ----A---- C:\Windows\system32\netapi32.dll
2009-07-16 22:48:26 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2009-07-16 22:48:20 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-07-16 22:48:20 ----A---- C:\Windows\system32\WMNetMgr.dll
2009-07-16 22:48:20 ----A---- C:\Windows\system32\mf.dll
2009-07-16 22:48:19 ----A---- C:\Windows\system32\logagent.exe
2009-07-16 22:48:13 ----A---- C:\Windows\system32\wmp.dll
2009-07-16 22:48:12 ----A---- C:\Windows\system32\spwmp.dll
2009-07-16 22:48:12 ----A---- C:\Windows\system32\dxmasf.dll
2009-07-16 22:48:11 ----A---- C:\Windows\system32\wmploc.DLL
2009-07-16 22:48:06 ----A---- C:\Windows\system32\es.dll
2009-07-16 22:48:00 ----A---- C:\Windows\explorer.exe
2009-07-16 22:47:56 ----A---- C:\Windows\system32\win32spl.dll
2009-07-16 22:47:54 ----A---- C:\Windows\system32\wmpeffects.dll
2009-07-16 22:47:48 ----A---- C:\Windows\system32\wshext.dll
2009-07-16 22:47:48 ----A---- C:\Windows\system32\wscript.exe
2009-07-16 22:47:48 ----A---- C:\Windows\system32\scrobj.dll
2009-07-16 22:47:48 ----A---- C:\Windows\system32\cscript.exe
2009-07-16 22:47:47 ----A---- C:\Windows\system32\scrrun.dll
2009-07-16 22:47:46 ----A---- C:\Windows\system32\inetcomm.dll
2009-07-16 22:47:09 ----A---- C:\Windows\system32\Faultrep.dll
2009-07-16 22:47:08 ----A---- C:\Windows\system32\wersvc.dll
2009-07-16 22:47:07 ----A---- C:\Windows\system32\rpcrt4.dll
2009-07-16 22:46:51 ----A---- C:\Windows\system32\quartz.dll
2009-07-16 22:42:45 ----A---- C:\Windows\system32\msxml6.dll
2009-07-16 22:38:48 ----A---- C:\Windows\system32\wups2.dll
2009-07-16 22:38:48 ----A---- C:\Windows\system32\wucltux.dll
2009-07-16 22:38:48 ----A---- C:\Windows\system32\wuaueng.dll
2009-07-16 22:38:48 ----A---- C:\Windows\system32\wuauclt.exe
2009-07-16 22:38:35 ----A---- C:\Windows\system32\wups.dll
2009-07-16 22:38:35 ----A---- C:\Windows\system32\wudriver.dll
2009-07-16 22:38:35 ----A---- C:\Windows\system32\wuapi.dll
2009-07-16 22:38:30 ----A---- C:\Windows\system32\wuwebv.dll
2009-07-16 22:38:30 ----A---- C:\Windows\system32\wuapp.exe
2009-07-15 11:47:17 ----D---- C:\Program Files\UCT
2009-07-09 21:56:23 ----D---- C:\Program Files\Topaz Labs
2009-07-05 08:41:06 ----D---- C:\Users\mr. splashy pants\AppData\Roaming\blueMarine
2009-07-05 08:36:53 ----D---- C:\Program Files\blueMarine
2009-07-02 07:30:13 ----D---- C:\Program Files\ImageMagick-6.5.4-Q16

======List of files/folders modified in the last 1 months======

2009-07-21 17:19:29 ----D---- C:\Windows\Temp
2009-07-21 17:18:58 ----D---- C:\Windows\Tasks
2009-07-21 17:18:50 ----D---- C:\ProgramData\Google Updater
2009-07-21 17:17:06 ----D---- C:\Program Files\Common Files\Akamai
2009-07-20 22:00:13 ----D---- C:\Windows\System32
2009-07-20 22:00:13 ----D---- C:\Windows\inf
2009-07-20 22:00:13 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-07-19 21:56:36 ----D---- C:\Program Files\GIMP-2.0
2009-07-19 21:55:51 ----D---- C:\Users\mr. splashy pants\AppData\Roaming\gtk-2.0
2009-07-19 21:48:22 ----SHD---- C:\System Volume Information
2009-07-17 20:45:16 ----D---- C:\NVIDIA
2009-07-17 20:38:25 ----D---- C:\Program Files\SystemRequirementsLab
2009-07-17 20:38:00 ----D---- C:\Users\mr. splashy pants\AppData\Roaming\SystemRequirementsLab
2009-07-17 20:32:30 ----D---- C:\Windows\Prefetch
2009-07-17 20:26:07 ----D---- C:\Windows
2009-07-17 20:25:12 ----D---- C:\Program Files\ShortKeys2
2009-07-17 20:01:47 ----D---- C:\Windows\system32\drivers
2009-07-17 20:01:40 ----SHD---- C:\Windows\Installer
2009-07-17 20:00:36 ----D---- C:\Windows\system32\catroot
2009-07-17 20:00:35 ----D---- C:\Windows\system32\catroot2
2009-07-17 19:58:27 ----D---- C:\Program Files\DriftCity
2009-07-17 19:58:13 ----D---- C:\Program Files
2009-07-17 19:57:12 ----D---- C:\Program Files\Common Files
2009-07-17 19:57:09 ----D---- C:\Windows\system32\Tasks
2009-07-17 18:40:35 ----D---- C:\Windows\rescache
2009-07-17 18:35:39 ----D---- C:\Windows\winsxs
2009-07-17 18:30:38 ----D---- C:\Windows\Microsoft.NET
2009-07-17 18:30:35 ----RSD---- C:\Windows\assembly
2009-07-17 18:22:51 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-07-17 18:18:18 ----D---- C:\Windows\system32\en-US
2009-07-17 18:18:18 ----D---- C:\Windows\ehome
2009-07-17 18:18:15 ----D---- C:\Program Files\Windows Mail
2009-07-17 18:18:13 ----D---- C:\Windows\AppPatch
2009-07-17 18:18:12 ----D---- C:\Windows\PolicyDefinitions
2009-07-17 18:18:10 ----D---- C:\Program Files\Windows Media Player
2009-07-17 18:18:06 ----D---- C:\Windows\system32\wbem
2009-07-17 18:18:01 ----D---- C:\Windows\system32\manifeststore
2009-07-17 18:17:55 ----D---- C:\Windows\system32\XPSViewer
2009-07-17 18:17:39 ----D---- C:\Windows\system32\migration
2009-07-17 18:17:38 ----D---- C:\Program Files\Internet Explorer
2009-07-17 18:15:07 ----D---- C:\ProgramData
2009-07-17 06:52:33 ----A---- C:\Windows\wininit.ini
2009-07-16 22:54:18 ----D---- C:\Windows\Registration
2009-07-16 22:52:06 ----D---- C:\ProgramData\NVIDIA
2009-07-16 18:39:39 ----AD---- C:\ProgramData\TEMP
2009-07-16 17:06:37 ----D---- C:\Windows\system32\WDI
2009-07-16 17:00:36 ----D---- C:\Users\mr. splashy pants\AppData\Roaming\Vso
2009-07-16 16:55:57 ----D---- C:\Users\mr. splashy pants\AppData\Roaming\uTorrent
2009-07-15 12:03:50 ----D---- C:\Users\mr. splashy pants\AppData\Roaming\.purple
2009-07-12 15:56:57 ----D---- C:\Program Files\PhotomatixPro3
2009-07-12 08:56:36 ----D---- C:\ProgramData\Watermark Factory
2009-07-07 20:20:51 ----A---- C:\Windows\system32\PnkBstrB.exe
2009-07-07 08:10:58 ----A---- C:\Windows\system32\mrt.exe
2009-07-05 12:37:43 ----D---- C:\Users\mr. splashy pants\AppData\Roaming\FileZilla
2009-07-02 14:04:43 ----D---- C:\Users\mr. splashy pants\AppData\Roaming\Adobe
2009-07-01 21:36:56 ----D---- C:\Users\mr. splashy pants\AppData\Roaming\mIRC

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 easdrv;easdrv; C:\Windows\system32\DRIVERS\easdrv.sys [2008-04-23 29704]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2007-08-07 25160]
R1 epfwtdir;epfwtdir; C:\Windows\system32\DRIVERS\epfwtdir.sys [2008-04-23 33800]
R2 eamon;EAMON; C:\Windows\system32\DRIVERS\eamon.sys [2008-04-23 40456]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 Sentinel;Sentinel; C:\Windows\System32\Drivers\SENTINEL.SYS [2008-03-21 88896]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704]
R3 HSF_DP;HSF_DP; C:\Windows\system32\DRIVERS\HSX_DP.sys [2008-05-08 980992]
R3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2008-05-08 266752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-01-15 2047576]
R3 NVENETFD;NVIDIA nForce 10/100 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2008-08-01 1052704]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-12-12 7629376]
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2008-05-05 47360]
R3 Ps2;PS2; C:\Windows\system32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-05-08 661504]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
S3 AnyDVD;AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [2007-09-07 96704]
S3 ayp8hkzx;ayp8hkzx; C:\Windows\system32\drivers\ayp8hkzx.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 ElbyDelay;ElbyDelay; C:\Windows\System32\Drivers\ElbyDelay.sys [2007-02-15 11984]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-20 39936]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]
S4 nvrd32;NVIDIA nForce RAID Driver; C:\Windows\system32\drivers\nvrd32.sys [2007-12-07 131616]
S4 nvsmu;nvsmu; C:\Windows\system32\drivers\nvsmu.sys [2007-10-12 13312]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-20 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Akamai;Akamai; C:\Windows\System32\svchost.exe [2008-01-20 21504]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-04-23 472320]
R2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-29 183280]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-09-19 65536]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-11-19 79136]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-05-22 118784]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [2006-12-19 81920]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-05-02 75064]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 SentinelKeysServer;Sentinel Keys Server; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2008-03-21 327800]
R2 SentinelProtectionServer;Sentinel Protection Server; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [2008-03-21 204920]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]
S2 Windows Tribute Service;Windows Tribute Service; C:\Windows\system32\kdbcz.exe -srv []
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-27 34312]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-04-23 19200]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-04-18 654848]
S3 GameConsoleService;GameConsoleService; C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2007-07-23 181800]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 npggsvc;nProtect GameGuard Service; C:\Windows\system32\GameMon.des [2009-02-16 2736890]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------

northsider
2009-07-22, 01:25
info.txt logfile of random's system information tool 1.06 2009-07-21 17:19:33

======Uninstall list======

-->"C:\Program Files\HP Games\3D Ultra Minigolf Adventures\Uninstall.exe"
-->"C:\Program Files\HP Games\7 Wonders of the Ancient World\Uninstall.exe"
-->"C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Blasterball 2 Revolution\Uninstall.exe"
-->"C:\Program Files\HP Games\Blasterball 3\Uninstall.exe"
-->"C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Crystal Maze\Uninstall.exe"
-->"C:\Program Files\HP Games\Diner Dash\Uninstall.exe"
-->"C:\Program Files\HP Games\FATE\Uninstall.exe"
-->"C:\Program Files\HP Games\Fish Tycoon\Uninstall.exe"
-->"C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Jewel Quest Solitaire\Uninstall.exe"
-->"C:\Program Files\HP Games\Jewel Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\Magic Academy\Uninstall.exe"
-->"C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\My HP Game Console\Uninstall.exe"
-->"C:\Program Files\HP Games\Otto's Magic Blocks\Uninstall.exe"
-->"C:\Program Files\HP Games\Peggle\Uninstall.exe"
-->"C:\Program Files\HP Games\Penguins!\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer Pineapple Cup\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files\HP Games\Ricochet Lost Worlds\Uninstall.exe"
-->"C:\Program Files\HP Games\Shooting Stars Pool\Uninstall.exe"
-->"C:\Program Files\HP Games\Slingo Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Super Granny\Uninstall.exe"
-->"C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
-->"C:\Program Files\HP Games\Virtual Villagers - A New Home\Uninstall.exe"
-->"C:\Program Files\HP Games\Virtual Villagers - Chapter 2 - The Lost Children\Uninstall.exe"
-->"C:\Program Files\HP Games\Zuma Deluxe\Uninstall.exe"
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe"
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3-->C:\Program Files\Common Files\Adobe\Installers\435a6af7459cb02a9c1138113a26e93\Setup.exe
Adobe Dreamweaver CS3-->MsiExec.exe /I{F01D5ED5-D53A-4468-B428-149DC2CB3110}
Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Extension Manager CS3-->MsiExec.exe /I{2A539CD9-0F75-4875-9A32-E06DD93C4114}
Adobe Flash CS3 Professional-->C:\Program Files\Common Files\Adobe\Installers\c3c7fe8b09d497ab2b3fd91c9353390\Setup.exe
Adobe Flash CS3-->MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Video Encoder-->MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Illustrator CS-->RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}\setup.exe"
Adobe Illustrator CS3-->C:\Program Files\Common Files\Adobe\Installers\a04a925a57548091300ada368235fc6\Setup.exe
Adobe Illustrator CS3-->MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Photoshop Lightroom 2.2-->MsiExec.exe /I{A4EE4223-98B1-4874-BA6E-E8A574F9C0FF}
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Setup-->MsiExec.exe /I{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}
Adobe Setup-->MsiExec.exe /I{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Setup-->MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Setup-->MsiExec.exe /I{FFC1ADE3-944B-4231-894E-3903C37271D2}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Aleo Flash Intro Banner Maker 2.6.106-->"C:\Program Files\Aleo Software\Flash Intro and Banner Maker\unins000.exe"
AnyDVD-->"C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
ArcGIS Desktop-->MsiExec.exe /I{1F34839E-4826-4B64-B1B3-42E5AE8DEC5A}
ArcGIS License Manager-->C:\PROGRA~1\ESRI\License\arcgis9x\UNWISE32.EXE C:\PROGRA~1\ESRI\License\arcgis9x\ARCGIS~1.LOG "License Manager"
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Auto Gordian Knot 2.45-->C:\Program Files\AutoGK\uninst.exe
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
Battlefield 2 Complete Collection-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A8DBF55D-73C0-4E37-A10E-365BFBB14119}\setup.exe" -l0x9 -removeonly
Battlefield Heroes-->"C:\Program Files\EA Games\Battlefield Heroes\uninstaller.exe" "C:\Program Files\EA Games\Battlefield Heroes\Uninstall.xml"
CloneDVD2-->"C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2"
CoffeeCup Photo Gallery - Registered-->C:\PROGRA~1\COFFEE~1\COFFEE~1\UNWISE.EXE C:\PROGRA~1\COFFEE~1\COFFEE~1\INSTALL.LOG
Combat Arms-->"C:\ProgramData\NexonUS\NGM\NGM.exe" -mode:uninstall -dll:ngm.nexon.net/ngm/NGM/Bin/NGMDll.dll -game:33563143 -locale:US
CombatTools-->"C:\Program Files\CombatTools\uninstall.exe"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
ConvertXtoDVD 2.1.14.223-->"C:\Program Files\vso\ConvertXtoDVD\unins000.exe"
CyberLink DVD Suite Deluxe-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe" -uninstall
Defraggler (remove only)-->"C:\Program Files\Defraggler\uninst.exe"
DHTML Editing Component-->MsiExec.exe /X{2EA870FA-585F-4187-903D-CB9FFD21E2E0}
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
EA Download Manager-->C:\Program Files\Electronic Arts\EADM\Uninstall.exe
EA.com Matchup-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F173C40-563E-11D4-89C5-0010ADDAAC33}\setup.exe" -l0x9
EA.com Update-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AB97F52-512B-43EF-AAEC-4825C17B32ED}\setup.exe" -l0x9
Easy GIF Animator 4.6 Pro-->"C:\Program Files\Easy GIF Animator\unins000.exe"
Enhanced Multimedia Keyboard Solution-->C:\HP\KBD\Install.exe /u
ESET NOD32 Antivirus-->MsiExec.exe /I{98B987B8-17AE-4883-879A-65E6FB41A51C}
FastStone Image Viewer 3.5-->C:\Program Files\FastStone Image Viewer\uninst.exe
FileZilla Client 3.0.9.2-->C:\Program Files\FileZilla FTP Client\uninstall.exe
FlashKeeper 3.0-->"C:\Program Files\FlashKeeper\unins000.exe"
Floppy Disk Manager-->C:\PROGRA~1\FLOPPY~1\UNWISE.EXE C:\PROGRA~1\FLOPPY~1\INSTALL.LOG
FreeRIP v3.081-->"C:\Program Files\FreeRIP3\unins000.exe"
Gfire 0.7.0-->"C:\Program Files\Pidgin\unins000.exe"
GIMP 2.4.5-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
GlobeXplorer ImageConnect 3.1.1.4-->"C:\Program Files\GlobeXplorer\ImageConnect for ArcGIS\unins000.exe"
Google SketchUp 6 Exporters-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EB459C2F-41CA-4222-B9CA-F8EBA40B8DAB}\setup.exe" -l0x9 -removeonly
Google SketchUp 6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x9 -removeonly
Google SketchUp LayOut 6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C12D609B-EB71-411B-82C3-9BE6D40435D7}\setup.exe" -l0x9 -removeonly
Google SketchUp Pro 6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12E75B98-8463-4C1F-8DDA-F6CF31566A55}\setup.exe" -l0x9 -removeonly
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
GSiteCrawler-->C:\PROGRA~1\SOFTplus\GSITEC~1\UNWISE.EXE C:\PROGRA~1\SOFTplus\GSITEC~1\INSTALL.LOG
GTK+ Runtime 2.12.8 rev a (remove only)-->C:\Program Files\Common Files\GTK\2.0\uninst.exe
Hardware Diagnostic Tools-->C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
HDR PhotoStudio 2-->C:\Program Files\UCT\HDR PhotoStudio 2.12.27.2521\uninstall.exe
Hewlett-Packard Active Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent for Health Check-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C8D47273-7A1A-4614-A3D8-263632D8A5ED}\setup.exe" -l0x9 -removeonly
HP Customer Feedback-->MsiExec.exe /I{9DBA770F-BF73-4D39-B1DF-6035D95268FC}
HP Demo-->MsiExec.exe /I{9A379E7A-22ED-44FF-9293-E393D704505D}
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1BCE2581-B7CA-4BB4-BDFB-D113506AA38B}\setup.exe" -l0x9 -removeonly
HP On-Screen Cap/Num/Scroll Lock Indicator-->C:\Windows\system32\OsdRemove.exe
HP Photosmart Essential 2.5-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Picasso Media Center Add-In-->MsiExec.exe /I{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}
HP Total Care Advisor-->MsiExec.exe /X{fef8097e-662d-49b3-aa77-2919db3746d7}
HP Update-->MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
ijji Auto Installer-->"C:\Program Files\InstallShield Installation Information\{1DCC7418-2089-4BDD-B321-3771956160FC}\setup.exe" -runfromtemp -l0x0009 -removeonly
ImageMagick 6.5.4-2 Q16 (2009-07-15)-->"C:\Program Files\ImageMagick-6.5.4-Q16\unins000.exe"
Inkscape 0.46-->C:\Program Files\Inkscape\Uninstall.exe
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
LabelPrint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" -uninstall
Lame ACM MP3 Codec-->C:\Windows\system32\rundll32.exe setupapi,InstallHinfSection Remove_LameMP3 132 C:\Windows\INF\LameACM.inf
LightScribe System Software 1.10.23.1-->MsiExec.exe /X{0E19A83E-F53B-40CF-8C91-96F32D955E6A}
LightScribeTemplateLabeler-->MsiExec.exe /X{305D4B08-5807-4475-B1C8-D54685534864}
Magic ISO Maker v5.5 (build 0272)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
MAPublisher 6.2 for Illustrator-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F8B4B430-560F-469F-8F1A-F670F1034A42}\Setup.exe" -l0x9
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Money 2007 Home & Business-->"C:\Program Files\Microsoft Money 2007\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Money Shared Libraries-->MsiExec.exe /X{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}
Microsoft Office Home and Student 60 day trial-->c:\hp\bin\MSOffice\uninst2.cmd
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
mIRC-->C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
Morpheus Ultra 5.1 (remove only)-->"C:\Program Files\Morpheus Ultra\UninstMorpheus Ultra.exe"
Mozilla Firefox (3.0.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MP3 Converter Simple-->C:\PROGRA~1\MP3CON~1\UNWISE.EXE C:\PROGRA~1\MP3CON~1\INSTALL.LOG
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
muvee autoProducer 6.1-->C:\Program Files\InstallShield Installation Information\{5115C036-C0D5-4E1B-81C9-542CA967478A}\muveesetup.exe -removeonly -runfromtemp
My HP Games-->"C:\Program Files\HP Games\Uninstall.exe"
Nero 8-->MsiExec.exe /X{BE282C23-5484-47FF-B2C1-EBEA5C891033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Network Addon Mod Version April 2008-->C:\Users\mr. splashy pants\Documents\SimCity 4\Plugins\Network Addon Mod\uninst.exe
Noiseware Professional Edition-->MsiExec.exe /I{554EB98C-D995-471F-8874-D2BA7BF5EB3E}
Noiseware Professional Plug-in-->MsiExec.exe /I{7C515D87-2DCD-422B-B993-3FE8A71B3DDB}
Notepad++-->C:\Program Files\Notepad++\uninstall.exe
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
OpenOffice.org 3.0-->MsiExec.exe /I{F44DA61E-720D-4E79-871F-F6E628B33242}
Opera 9.51-->MsiExec.exe /X{179624B1-2683-45ED-965A-B72189EB5820}
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Photomatix Pro version 3.0.1-->"C:\Program Files\PhotomatixPro3\unins000.exe"
Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe"
Pidgin-->C:\Program Files\Pidgin\pidgin-uninst.exe
Power2Go-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" -uninstall
PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
ProxySwitcher Standard-->"C:\Program Files\Proxy Switcher Standard\unins000.exe"
PunkBuster Services-->C:\Windows\system32\pbsvc.exe -u
Python 2.4.1-->C:\Python24\\Python24\UNWISE.EXE C:\Python24\\Python24\INSTALL.LOG
Python 2.5-->MsiExec.exe /I{0A2C5854-557E-48C8-835A-3B9F074BDCAA}
Quake-->C:\Windows\IsUninst.exe -fC:\QUAKE\Uninst.isu
Raptr-->"C:\Program Files\Raptr\uninstall.exe"
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Registry Mechanic 8.0-->"C:\Program Files\Registry Mechanic\unins000.exe" /Log
Sentinel Protection Installer 7.4.2-->MsiExec.exe /I{335424A2-2C4E-49F3-A066-58635269DB83}
Snapfish Picture Mover-->MsiExec.exe /X{029B5901-1F27-4347-9923-E8ACC8F54E15}
Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\UIU32m.exe -U -ITrx200Cz.INF
SPSS 16.0-->MsiExec.exe /X{9A657E90-E2B7-44DE-8929-055948162595}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SWF Decompiler Premium 2.0.4.2076-->"C:\Program Files\SWF Decompiler Premium\unins000.exe"
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
The Flash Ad Creator-->C:\Windows\unvise32.exe C:\Program Files\The Flash Ad Creator\uninstal.log
The Panorama Factory V5 m32 Edition-->MsiExec.exe /I{5525F6BD-0627-4F48-9640-B809A834E69C}
Topaz Adjust 3-->MsiExec.exe /I{5E684419-44E3-46EE-A43C-A60082CBF4EC}
TRS2006-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5ED9E38C-9A96-49D8-89B3-92E278003FCF}\Setup.exe" -l0x9
UFRaw 0.15-->"C:\Program Files\GIMP-2.0\unins000.exe"
Ultra Video Joiner 4.1.0-->"C:\Program Files\Ultra Video Joiner\unins000.exe"
Universal Document Converter-->"C:\Program Files\Universal Document Converter\unins000.exe"
VLC media player 0.9.8a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
VobSub v2.23 (Remove Only)-->"C:\Program Files\Gabest\VobSub\uninstall.exe"
Watermark Factory 2-->"C:\Program Files\Watermark Factory 2\unins000.exe"
WeatherBug Gadget-->MsiExec.exe /I{209CDA54-D390-46A2-A97C-7BF61734418D}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
World of Subways Vol.1-->C:\Program Files\InstallShield Installation Information\{891570B1-75CB-4281-8A00-742274F44973}\Setup.exe -runfromtemp -l0x0009 -removeonly
XAMPP 1.7.0-->"c:\xampp\uninstall.exe"
Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"
XviD MPEG4 Video Codec (remove only)-->"C:\Windows\system32\xvid-uninstall.exe"
Zelda Classic 2.10w-->C:\Program Files\ZC2.10\uninstall.exe

=====HijackThis Backups=====

O4 - HKCU\..\Run: [BM5761af88] Rundll32.exe "C:\Users\MR7A8E~1.SPL\AppData\Local\Temp\pspydynd.dll",s [2008-10-14]
O4 - HKLM\..\Run: [001.tmp] C:\Windows\temp\001.tmp [2008-10-14]
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file) [2008-10-14]
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\MR7A8E~1.SPL\AppData\Local\Temp\awtqnnmL.dll,c [2008-10-14]
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file) [2008-10-14]

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: ESET NOD32 Antivirus 3.0 (outdated)
AS: ESET NOD32 Antivirus 3.0 (outdated)
AS: Spybot - Search and Destroy (disabled)
AS: Windows Defender

======System event log======

Computer Name: desktop
Event Code: 7000
Message: The Parallel port driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Record Number: 45496
Source Name: Service Control Manager
Time Written: 20090721025410.000000-000
Event Type: Error
User:

Computer Name: desktop
Event Code: 15016
Message: Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number.
Record Number: 45581
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20090721032414.086775-000
Event Type: Error
User:

Computer Name: desktop
Event Code: 7000
Message: The Parallel port driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Record Number: 45616
Source Name: Service Control Manager
Time Written: 20090721032428.000000-000
Event Type: Error
User:

Computer Name: desktop
Event Code: 15016
Message: Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number.
Record Number: 45670
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20090721221622.296776-000
Event Type: Error
User:

Computer Name: desktop
Event Code: 7000
Message: The Parallel port driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Record Number: 45704
Source Name: Service Control Manager
Time Written: 20090721221635.000000-000
Event Type: Error
User:

=====Application event log=====

Computer Name: desktop
Event Code: 1000
Message: Faulting application ufraw-gimp.exe, version 0.0.0.0, time stamp 0x4951e086, faulting module libpng12-0.dll, version 6.0.6001.18000, time stamp 0x4791a7a6, exception code 0xc0000135, fault offset 0x00009cac, process id 0xf04, application start time 0x01ca09afb7da0e26.
Record Number: 13468
Source Name: Application Error
Time Written: 20090721030245.000000-000
Event Type: Error
User:

Computer Name: desktop
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-3836633319-2046781596-2562864062-1000:
Process 996 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3836633319-2046781596-2562864062-1000

Record Number: 13471
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090721032303.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: desktop
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-3836633319-2046781596-2562864062-1000_Classes:
Process 996 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3836633319-2046781596-2562864062-1000_CLASSES

Record Number: 13472
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090721032303.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: desktop
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 13488
Source Name: Microsoft-Windows-WMI
Time Written: 20090721032425.000000-000
Event Type: Error
User:

Computer Name: desktop
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 13510
Source Name: Microsoft-Windows-WMI
Time Written: 20090721221635.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: desktop
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 18065
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090721221927.454776-000
Event Type: Audit Failure
User:

Computer Name: desktop
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 18066
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090721221927.511776-000
Event Type: Audit Failure
User:

Computer Name: desktop
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 18067
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090721221927.588776-000
Event Type: Audit Failure
User:

Computer Name: desktop
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 18068
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090721221927.666776-000
Event Type: Audit Failure
User:

Computer Name: desktop
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 18069
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090721221927.738776-000
Event Type: Audit Failure
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\ImageMagick-6.5.4-Q16;C:\hp\bin\Python;%SystemRoot%\System32\Wbem;%SystemRoot%;%SystemRoot%\system32
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=16
"PROCESSOR_IDENTIFIER"=x86 Family 16 Model 2 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=0202
"NUMBER_OF_PROCESSORS"=3
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"PLATFORM"=HPD
"PCBRAND"=Pavilion
"OnlineServices"=Online Services
"ARCGISHOME"=C:\Program Files\ArcGIS\
"PYTHONPATH"=C:\Program Files\ArcGIS\bin

-----------------EOF-----------------

katana
2009-07-22, 02:09
Do you have the GMER log ?


Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
Update Malwarebytes' Anti-Malware
and Launch Malwarebytes' Anti-Malware
then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply
If requested, please reboot
If you accidently close it, the log file is saved here and will be named like this:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

northsider
2009-07-22, 02:18
Do you have the GMER log ?


Sorry, I tried. I ran it twice and each time it froze up and when I clicked 'end program' I got the BSOD

http://i32.tinypic.com/dpbtwy.png

northsider
2009-07-22, 05:48
From Malware:

Malwarebytes' Anti-Malware 1.39
Database version: 2476
Windows 6.0.6001 Service Pack 1

7/21/2009 9:47:38 PM
mbam-log-2009-07-21 (21-47-38).txt

Scan type: Full Scan (C:\|K:\|)
Objects scanned: 472426
Time elapsed: 1 hour(s), 55 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{7f4ff6d5-e71d-4b1a-ad0b-a660c1fd1837} (Trojan.Vundo) -> Quarantined and

deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Windows Tribute Service (Trojan.Agent) ->

Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{7f4ff6d5-

e71d-4b1a-ad0b-a660c1fd1837} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\imagemagick-6.5.4-q16\uninstall\PathTool.exe (Trojan.Downloader) -> Quarantined and

deleted successfully.

katana
2009-07-22, 12:09
Information

Registry Cleaners

Re. Registry Mechanic 8.0

I don't personally recommend the use of ANY registry cleaners.
Here is an excerpt from a discussion on regcleaners

Most reg cleaners aren't "bad" as such, but they aren't perfect and even the best have been known to cause problems.
The point we are trying to make is that the risk of using one far outweighs any benefit.
If it does work perfectly you will not see any difference
If it doesn't work properly you may end up with an expensive doorstop.
http://forums.whatthetech.com/Regcleaner_t42862.html

----------------------------------------------------------------------------------------
Step 1


Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:

Bleeping Computer ComboFix Tutorial (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)

You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log to post in your next reply
Re-enable all the programs that were disabled during the running of ComboFix..


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

For instructions on how to disable your security programs, please see this topic
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs (http://www.bleepingcomputer.com/forums/topic114351.html)


----------------------------------------------------------------------------------------
Step 2

Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html

Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.


**Note**

To optimize scanning time and produce a more sensible report for review: Close any open programs.
Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

----------------------------------------------------------------------------------------
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Some of the logs I request will be quite large, You may need to split them over a couple of replies.

Combofix Log
Kaspersky Log
How are things running now ?




---------------------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------------
Additional Notes



Your Adobe Acrobat Reader is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Adobe Reader is a large program and uses unnecessary space.
If you prefer a smaller program you can get Foxit 3.0 from http://www.foxitsoftware.com/pdf/rd_intro.php << Recommended

There is a newer version of Adobe Acrobat Reader available.

Please go to this link Adobe Acrobat Reader Download Link (http://www.adobe.com/products/acrobat/readstep2.html)
Click Download
On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
Click the Continue button
Click Run, and click Run again
Next click the Install Now button and follow the on screen prompts



Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please download Java SE Runtime Environment (JRE) (http://java.sun.com/javase/downloads/index.jsp). ( don't install it yet )

Scroll down to where it says "Java SE Runtime Environment (JRE)".
Click the "Download" button to the right.
Platform = Windows Language = Multi Language
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.

Now download JavaRa (http://sourceforge.net/project/downloading.php?groupname=javara&filename=JavaRa.zip&use_mirror=osdn) and unzip it to your desktop.

***Please close any instances of Internet Explorer (or other web browser) before continuing!***

Double-click on JavaRa.exe to start the program.
From the drop-down menu, choose English and click on Select.
JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
A logfile will pop up. Please save it to a convenient location.

Now install the Java SE Runtime Environment (JRE) package you downloaded
(it comes with a toolbar pre-selected, so make sure you uncheck the box)

You can delete JavaRa (zip and exe)

Remove Programs

Older versions of some programs have vulnerabilities that malware can use to infect your system.

Now click Start---Control Panel. Double click Add or Remove Programs (XP) / Programs and Features (Vista) .
If any of the following programs are still listed there, click on the program to highlight it, and click on remove.

Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Reader 8.1.2

Java(TM) 6 Update 13
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
Now close the Control Panel.

northsider
2009-07-23, 01:55
ComboFix 09-07-22.01 - mr. splashy pants 07/22/2009 17:33.2.3 - NTFSx86
Running from: c:\users\mr. splashy pants\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
SP: ESET NOD32 Antivirus 3.0 *disabled* (Outdated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-3836633319-2046781596-2562864062-500
c:\$recycle.bin\S-1-5-21-708656238-3559070962-3415412772-500
c:\users\mr. splashy pants\AppData\Local\Microsoft\Windows\Temporary Internet Files\ijjistarter_verinfo.dat
K:\resycled

.
((((((((((((((((((((((((( Files Created from 2009-06-22 to 2009-07-22 )))))))))))))))))))))))))))))))
.

2009-07-22 22:40 . 2009-07-22 22:40 -------- d-----w- c:\users\mr. splashy pants\AppData\Local\temp
2009-07-21 23:18 . 2009-07-13 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-21 23:18 . 2009-07-21 23:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-21 23:18 . 2009-07-13 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-21 22:19 . 2009-07-21 22:19 -------- d-----w- C:\rsit
2009-07-18 01:47 . 2009-07-18 01:47 -------- d-----w- c:\users\mr. splashy pants\{29c37e67-91de-4e97-8312-cfd15f62bb87}
2009-07-18 01:37 . 2009-07-18 01:37 290816 ----a-w- c:\users\mr. splashy pants\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_4.dll
2009-07-18 01:37 . 2009-07-18 01:37 290816 ----a-w- c:\users\mr. splashy pants\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_3.dll
2009-07-18 01:37 . 2009-07-18 01:37 290816 ----a-w- c:\users\mr. splashy pants\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_2.dll
2009-07-18 01:37 . 2009-07-18 01:37 290816 ----a-w- c:\users\mr. splashy pants\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_1.dll
2009-07-17 23:15 . 2009-07-17 23:15 -------- d-----w- c:\programdata\WindowsSearch
2009-07-17 12:23 . 2008-10-22 01:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-07-17 12:02 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-07-17 12:02 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-07-17 12:02 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-07-17 12:02 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2009-07-17 12:02 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-07-17 12:01 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-07-17 12:01 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-07-17 11:55 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-07-17 11:55 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-07-17 11:55 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-07-17 11:55 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-07-17 11:54 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2009-07-17 11:53 . 2009-05-09 05:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-17 11:53 . 2009-05-09 05:50 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-17 03:52 . 2008-07-08 13:45 4984 ----a-w- c:\windows\system32\drivers\nvphy.bin
2009-07-17 03:51 . 2008-06-26 01:45 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2009-07-17 03:51 . 2008-06-26 01:45 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2009-07-17 03:51 . 2008-06-26 03:29 801280 ----a-w- c:\windows\system32\NaturalLanguage6.dll
2009-07-17 03:50 . 2009-04-21 11:55 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-07-17 03:48 . 2008-09-05 05:14 1191936 ----a-w- c:\windows\system32\msxml3.dll
2009-07-17 03:47 . 2008-08-27 01:05 212480 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-07-17 03:47 . 2008-08-12 03:39 443392 ----a-w- c:\windows\system32\win32spl.dll
2009-07-17 03:47 . 2008-06-26 03:29 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2009-07-17 03:47 . 2008-05-10 01:33 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys
2009-07-17 03:47 . 2008-05-08 21:59 90112 ----a-w- c:\windows\system32\wshext.dll
2009-07-17 03:47 . 2008-05-08 21:59 180224 ----a-w- c:\windows\system32\scrobj.dll
2009-07-17 03:47 . 2008-05-08 21:59 155648 ----a-w- c:\windows\system32\wscript.exe
2009-07-17 03:47 . 2008-05-08 21:58 135168 ----a-w- c:\windows\system32\cscript.exe
2009-07-17 03:47 . 2008-05-08 21:59 172032 ----a-w- c:\windows\system32\scrrun.dll
2009-07-17 03:47 . 2008-04-10 05:12 738304 ----a-w- c:\windows\system32\inetcomm.dll
2009-07-17 03:47 . 2008-09-18 04:56 147456 ----a-w- c:\windows\system32\Faultrep.dll
2009-07-17 03:47 . 2008-09-18 04:56 125952 ----a-w- c:\windows\system32\wersvc.dll
2009-07-17 03:47 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-07-17 03:46 . 2008-04-26 08:08 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-07-17 03:42 . 2008-09-10 03:40 1334272 ----a-w- c:\windows\system32\msxml6.dll
2009-07-17 03:38 . 2008-10-16 21:13 1809944 ----a-w- c:\windows\system32\wuaueng.dll
2009-07-17 03:38 . 2008-10-16 21:09 51224 ----a-w- c:\windows\system32\wuauclt.exe
2009-07-17 03:38 . 2008-10-16 21:09 43544 ----a-w- c:\windows\system32\wups2.dll
2009-07-17 03:38 . 2008-10-16 20:56 1524736 ----a-w- c:\windows\system32\wucltux.dll
2009-07-17 03:38 . 2008-10-16 21:12 561688 ----a-w- c:\windows\system32\wuapi.dll
2009-07-17 03:38 . 2008-10-16 21:08 34328 ----a-w- c:\windows\system32\wups.dll
2009-07-17 03:38 . 2008-10-16 20:55 83456 ----a-w- c:\windows\system32\wudriver.dll
2009-07-17 03:38 . 2008-10-16 19:08 162064 ----a-w- c:\windows\system32\wuwebv.dll
2009-07-17 03:38 . 2008-10-16 18:56 31232 ----a-w- c:\windows\system32\wuapp.exe
2009-07-15 16:47 . 2009-07-15 16:47 -------- d-----w- c:\program files\UCT
2009-07-10 02:56 . 2009-07-10 02:56 -------- d-----w- c:\program files\Topaz Labs
2009-07-05 13:41 . 2009-07-05 13:41 -------- d-----w- c:\users\mr. splashy pants\AppData\Roaming\blueMarine
2009-07-05 13:39 . 2009-07-05 13:39 -------- d-----w- c:\users\mr. splashy pants\.blueMarine
2009-07-05 13:36 . 2009-07-10 02:51 -------- d-----w- c:\program files\blueMarine

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-22 22:10 . 2008-11-07 01:43 -------- d-----w- c:\program files\Common Files\Akamai
2009-07-21 22:18 . 2008-07-22 15:58 -------- d-----w- c:\programdata\Google Updater
2009-07-20 02:56 . 2008-04-19 16:08 -------- d-----w- c:\program files\GIMP-2.0
2009-07-20 02:55 . 2008-04-19 16:10 -------- d-----w- c:\users\mr. splashy pants\AppData\Roaming\gtk-2.0
2009-07-18 01:38 . 2009-01-11 21:48 -------- d-----w- c:\program files\SystemRequirementsLab
2009-07-18 01:38 . 2009-01-11 21:48 -------- d-----w- c:\users\mr. splashy pants\AppData\Roaming\SystemRequirementsLab
2009-07-18 01:25 . 2008-05-30 03:24 -------- d-----w- c:\program files\ShortKeys2
2009-07-18 00:58 . 2009-05-24 23:08 -------- d-----w- c:\program files\DriftCity
2009-07-17 23:22 . 2008-09-24 01:08 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-17 23:18 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-17 23:17 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-07-17 03:52 . 2008-02-20 20:49 -------- d-----w- c:\programdata\NVIDIA
2009-07-16 22:00 . 2008-05-06 01:54 -------- d-----w- c:\users\mr. splashy pants\AppData\Roaming\Vso
2009-07-16 21:55 . 2009-01-26 02:38 -------- d-----w- c:\users\mr. splashy pants\AppData\Roaming\uTorrent
2009-07-15 17:03 . 2008-04-15 21:16 -------- d-----w- c:\users\mr. splashy pants\AppData\Roaming\.purple
2009-07-12 20:56 . 2009-01-09 01:02 -------- d-----w- c:\program files\PhotomatixPro3
2009-07-12 13:56 . 2008-06-25 21:29 -------- d-----w- c:\programdata\Watermark Factory
2009-07-08 01:21 . 2009-05-03 00:03 139072 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-08 01:20 . 2009-05-03 00:03 189672 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-05 17:37 . 2008-04-24 05:17 -------- d-----w- c:\users\mr. splashy pants\AppData\Roaming\FileZilla
2009-07-02 02:36 . 2008-07-01 23:51 -------- d-----w- c:\users\mr. splashy pants\AppData\Roaming\mIRC
2009-06-15 15:24 . 2009-07-17 03:48 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 15:20 . 2009-07-17 03:48 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 15:20 . 2009-07-17 03:48 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:52 . 2009-07-17 03:48 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-06-13 15:27 . 2009-06-13 15:27 -------- d-----w- c:\program files\DOSBox-0.73
2009-06-10 03:32 . 2009-05-26 21:48 -------- d-----w- c:\program files\Imagenomic
2009-06-04 21:39 . 2008-02-20 20:46 457248 ----a-w- c:\windows\system32\nvuninst.exe
2009-05-26 23:09 . 2009-05-26 23:09 -------- d-----w- c:\users\mr. splashy pants\AppData\Roaming\Imagenomic
2009-05-24 23:20 . 2009-05-24 23:20 -------- d-----w- c:\users\mr. splashy pants\AppData\Roaming\NPLUTO Corporation
2009-05-24 23:19 . 2009-05-24 23:19 -------- d-----w- c:\program files\Common Files\INCA Shared
2009-05-24 23:09 . 2009-05-24 22:37 -------- d--h--w- c:\users\mr. splashy pants\AppData\Roaming\ijjigame
2009-05-24 22:39 . 2009-05-24 22:39 -------- d-----w- c:\users\mr. splashy pants\AppData\Roaming\com.raptr.Raptr.848BBC53270CAC248E8FA0F339176201CDEB525F.1
2009-05-24 22:39 . 2009-05-24 22:39 782795312 ----a-w- c:\users\mr. splashy pants\AppData\Roaming\ijjigame\DriftCity_Setup.exe
2009-05-24 22:39 . 2009-05-24 22:39 -------- d-----w- c:\program files\Raptr
2009-05-24 22:39 . 2009-05-24 22:39 -------- d-----w- c:\users\mr. splashy pants\AppData\Roaming\Raptr
2009-05-24 22:39 . 2009-05-24 22:39 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-05-24 22:39 . 2009-05-24 22:39 38208 ----a-w- c:\users\mr. splashy pants\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-05-24 22:37 . 2009-05-24 23:09 480688 ----a-w- c:\users\mr. splashy pants\AppData\Roaming\ijjigame\ijjistarter2FxB.exe
2009-05-24 22:34 . 2009-05-24 22:34 -------- d-----w- c:\programdata\ijjigame
2009-05-24 22:33 . 2009-05-24 22:33 -------- d-----w- c:\program files\NHN USA
2009-07-22 22:30 . 2009-05-24 17:11 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2008-10-16 01:14 . 2008-10-16 01:11 72 --sh--w- c:\windows\SDEA3C77D.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-04-29 3338240]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-04-23 1443072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-07-13 1287440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-12 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-12 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-12 81920]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-01-15 4874240]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-9-10 110592]
Snapfish Media Detector.lnk - c:\program files\Snapfish Picture Mover\SnapfishMediaDetector.exe [2007-5-7 1273856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^mr. splashy pants^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ShortKeys 2.lnk]
backup=c:\windows\pss\ShortKeys 2.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^mr. splashy pants^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xfire.lnk]
backup=c:\windows\pss\Xfire.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3836633319-2046781596-2562864062-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B66ADC90-C273-481F-B02E-623049270084}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{1BE45D2F-4A21-459F-9127-0197B4653D19}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{3F33A095-8AC0-41CA-9EEA-FBB92E169FB9}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{A6FA814D-4F1C-4759-B670-B0FD49F6EF49}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{ED3CB178-B216-4095-9A83-5A84C17D0FD2}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{D4AABE38-63E4-450C-B661-C2C9659C58F8}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{2BF1D320-B5A6-4323-ABA7-AD53C4351257}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"TCP Query User{B0D7E509-348E-450B-93BE-4F260FF4AA54}c:\\program files\\steam\\steamapps\\jkelly6\\day of defeat\\hl.exe"= UDP:c:\program files\steam\steamapps\jkelly6\day of defeat\hl.exe:Half-Life Launcher
"UDP Query User{24A46BF0-B1BD-4CBC-A4FE-84DBEBD6A428}c:\\program files\\steam\\steamapps\\jkelly6\\day of defeat\\hl.exe"= TCP:c:\program files\steam\steamapps\jkelly6\day of defeat\hl.exe:Half-Life Launcher
"{F291C3A5-6D50-40E3-ACE7-EF07C501E1AD}"= UDP:49153:azur
"{7D2E7764-52A4-4AF3-BCD2-DAB24DBD6BA9}"= TCP:49153:azur2
"TCP Query User{84C65031-F888-4A57-92F3-23171BC49829}c:\\program files\\spssinc\\spss16\\spss.exe"= UDP:c:\program files\spssinc\spss16\spss.exe:SPSS
"UDP Query User{F9E4C2A0-83BD-430C-B1F0-9BC2DB68083D}c:\\program files\\spssinc\\spss16\\spss.exe"= TCP:c:\program files\spssinc\spss16\spss.exe:SPSS
"{A00119A7-EE0E-46CE-89BB-1A842BEBDD22}"= UDP:c:\program files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe:Sentinel Protection Server
"{86DFA113-62A3-416F-A9C9-6576257A8BB7}"= TCP:c:\program files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe:Sentinel Protection Server
"{37E07B4C-46C3-4F97-B8A0-CE3C9FB5548C}"= UDP:c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe:Sentinel Keys Server
"{6E77E8E7-A2DE-4AE2-88F7-2EA1390E5B30}"= TCP:c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe:Sentinel Keys Server
"TCP Query User{49093ACE-158E-46F4-A26A-85093A160809}c:\\program files\\pidgin\\pidgin.exe"= UDP:c:\program files\pidgin\pidgin.exe:Pidgin
"UDP Query User{70074BDB-7FA8-45B1-87F7-8C3F7AD17440}c:\\program files\\pidgin\\pidgin.exe"= TCP:c:\program files\pidgin\pidgin.exe:Pidgin
"TCP Query User{88D7CC30-9B91-4DE5-8A2C-29455598C8DD}c:\\program files\\morpheus ultra\\morpheus.exe"= UDP:c:\program files\morpheus ultra\morpheus.exe:Morpheus
"UDP Query User{18091603-0F2C-4476-A54A-BDF83063C579}c:\\program files\\morpheus ultra\\morpheus.exe"= TCP:c:\program files\morpheus ultra\morpheus.exe:Morpheus
"TCP Query User{276AE645-A6DE-4A17-9C55-EB62F7218C28}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire
"UDP Query User{044A91EA-FA87-48A2-B3EF-C3D630127371}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire
"TCP Query User{9D64DD82-33EB-4CB6-8F7E-86AB7CBDF845}c:\\program files\\esri\\license\\arcgis9x\\lmgrd.exe"= UDP:c:\program files\esri\license\arcgis9x\lmgrd.exe:lmgrd
"UDP Query User{9AAFE904-2626-4C5D-865E-5F6849567959}c:\\program files\\esri\\license\\arcgis9x\\lmgrd.exe"= TCP:c:\program files\esri\license\arcgis9x\lmgrd.exe:lmgrd
"TCP Query User{EC81E014-AE43-4A59-9E94-BDDC0AB482E4}c:\\program files\\esri\\license\\arcgis9x\\arcgis.exe"= UDP:c:\program files\esri\license\arcgis9x\arcgis.exe:ARCGIS
"UDP Query User{82DE6889-478B-4EBB-861C-0F7195CA39B9}c:\\program files\\esri\\license\\arcgis9x\\arcgis.exe"= TCP:c:\program files\esri\license\arcgis9x\arcgis.exe:ARCGIS
"{EEF182A2-684B-4294-ACF5-3FFA4269AE98}"= UDP:c:\program files\Proxy Switcher Standard\ProxySwitcher.exe:Proxy Switcher
"{88D200BC-0130-43CF-BC18-CA3B887F4CCC}"= TCP:c:\program files\Proxy Switcher Standard\ProxySwitcher.exe:Proxy Switcher
"TCP Query User{334BE2C3-2055-44D4-9AEA-B9AD8392A43D}c:\\program files\\adobe\\adobe dreamweaver cs3\\dreamweaver.exe"= UDP:c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe:Adobe Dreamweaver CS3
"UDP Query User{4638B361-18CC-447E-B90E-C297F7E9FF5F}c:\\program files\\adobe\\adobe dreamweaver cs3\\dreamweaver.exe"= TCP:c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe:Adobe Dreamweaver CS3
"TCP Query User{AEFFE7CB-D36D-435A-9C4C-C0E5C788BD62}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC
"UDP Query User{92D207B7-1EF7-415A-8D94-BBFD22EED539}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC
"TCP Query User{F446863F-75B9-4562-B6E7-1AD132CF9750}c:\\program files\\hydrairc\\hydrairc.exe"= UDP:c:\program files\hydrairc\hydrairc.exe:HydraIRC
"UDP Query User{565AB9F0-852D-4ED3-A97A-E39E1D39B1E9}c:\\program files\\hydrairc\\hydrairc.exe"= TCP:c:\program files\hydrairc\hydrairc.exe:HydraIRC
"TCP Query User{BF752C30-134B-4836-8031-9639B3EB643B}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus
"UDP Query User{691973ED-B401-465D-9B98-874086E3B2FC}c:\\program files\\azureus\\azureus.exe"= TCP:c:\program files\azureus\azureus.exe:Azureus
"{49F64D90-40E0-4306-B68D-071AE32D37A8}"= UDP:c:\program files\Opera\opera.exe:Opera
"{16846865-70A4-4C5A-9A58-75A8F2BE5E67}"= TCP:c:\program files\Opera\opera.exe:Opera
"{00D98AFB-4571-49FD-816D-151B28B6F887}"= UDP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager
"{0C75B757-F65F-4EEF-B82A-D325EA0D2959}"= TCP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager
"{A14EBED7-6AAB-4BA7-BF6D-22DE24C3B0C0}"= UDP:c:\nexon\Combat Arms\NMService.exe:Nexon Messenger Core
"{E1739EA5-8762-4672-B7E8-567810B22845}"= TCP:c:\nexon\Combat Arms\NMService.exe:Nexon Messenger Core
"TCP Query User{F5F5DE34-20F0-4BCA-B2E7-96D3DC7AB74A}c:\\program files\\peercast\\peercast.exe"= UDP:c:\program files\peercast\peercast.exe:PeerCast
"UDP Query User{EC5F912B-AD7B-4F1A-B7ED-0F63B589868F}c:\\program files\\peercast\\peercast.exe"= TCP:c:\program files\peercast\peercast.exe:PeerCast
"{6C244466-6A21-4C87-B353-2F5C9EC9F9ED}"= UDP:9420:Akamai NetSession Interface
"{A5FEE701-7ABE-47FE-AC4C-416B8474F817}"= TCP:5000:Akamai NetSession Interface
"TCP Query User{0FCA682C-7338-48B8-A4CA-9AF34479C7A1}c:\\users\\mr. splashy pants\\appdata\\local\\xenocode\\appliancecaches\\kumaclient.exe_v60664c46\\native\\stubexe\\@programfiles@\\kuma games\\kumawar\\kumawar.exe"= UDP:c:\users\mr. splashy pants\appdata\local\xenocode\appliancecaches\kumaclient.exe_v60664c46\native\stubexe\@programfiles@\kuma games\kumawar\kumawar.exe:kumawar.exe
"UDP Query User{96429495-590C-4AA8-8AFA-150E5130316E}c:\\users\\mr. splashy pants\\appdata\\local\\xenocode\\appliancecaches\\kumaclient.exe_v60664c46\\native\\stubexe\\@programfiles@\\kuma games\\kumawar\\kumawar.exe"= TCP:c:\users\mr. splashy pants\appdata\local\xenocode\appliancecaches\kumaclient.exe_v60664c46\native\stubexe\@programfiles@\kuma games\kumawar\kumawar.exe:kumawar.exe
"{9647680D-EFA1-40C5-9393-853920C39646}"= UDP:9420:Akamai NetSession Interface
"{4AF48D54-B5D3-4732-808E-4E2F55C9D49E}"= TCP:5000:Akamai NetSession Interface
"TCP Query User{EDEB61E7-2A8F-4923-93C6-5567BB9A7A40}c:\\windows\\system32\\javaw.exe"= UDP:c:\windows\system32\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{93F532DB-074A-4B8C-A451-BF7D390F58C7}c:\\windows\\system32\\javaw.exe"= TCP:c:\windows\system32\javaw.exe:Java(TM) Platform SE binary
"TCP Query User{CC4B6B2A-2FAF-4508-BF53-F13CEC316B44}c:\\program files\\gimp-2.0\\lib\\gimp\\2.0\\plug-ins\\script-fu.exe"= UDP:c:\program files\gimp-2.0\lib\gimp\2.0\plug-ins\script-fu.exe:script-fu
"UDP Query User{41ABEFD5-C7CB-47E5-91B5-A68A1AA3AC3D}c:\\program files\\gimp-2.0\\lib\\gimp\\2.0\\plug-ins\\script-fu.exe"= TCP:c:\program files\gimp-2.0\lib\gimp\2.0\plug-ins\script-fu.exe:script-fu
"TCP Query User{5A737611-0A74-47C3-BCAB-039DB1184B7C}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{4866647B-9B0E-4621-8F1C-36EB5D1B3CF9}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"TCP Query User{9FC77725-DCA2-4EE3-9F3A-9E1431B7A4BB}c:\\program files\\destiny\\radiodestiny broadcaster\\radiodestiny broadcaster.exe"= UDP:c:\program files\destiny\radiodestiny broadcaster\radiodestiny broadcaster.exe:RadioDestiny Broadcaster
"UDP Query User{C5BFB387-9D93-4E1A-A768-2AF6FB07B21A}c:\\program files\\destiny\\radiodestiny broadcaster\\radiodestiny broadcaster.exe"= TCP:c:\program files\destiny\radiodestiny broadcaster\radiodestiny broadcaster.exe:RadioDestiny Broadcaster
"{96678E00-8F8D-48E4-B6CC-B48BED9DF1C2}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{991B4950-B442-473C-BAF2-4E2648D042DF}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{282938F8-08AF-4ABC-8225-0949AF9995F6}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{6B9E2F87-5156-4658-9F47-481D0094EBA0}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"{9CF3BA8A-ABA2-42CE-B507-1A12622506F5}"= UDP:49183:Akamai NetSession Interface
"{26ABAC0D-69F0-4F1B-884C-2C4C1A1E7C91}"= UDP:49162:Akamai NetSession Interface
"{724EFBE3-D1A7-4F34-84A6-CF7042F42D42}"= UDP:49163:Akamai NetSession Interface
"{B24D709A-E814-4AE9-AEE6-B8086AC4653E}"= UDP:49201:Akamai NetSession Interface
"{61BB27A4-9924-48B9-B689-8EAD938E2E96}"= UDP:49451:Akamai NetSession Interface
"{A60ED9D5-EE04-43AD-825D-BB3FA430323E}"= UDP:49175:Akamai NetSession Interface
"{08C93076-C772-486F-A5A1-8F32CACE87DA}"= UDP:57943:Akamai NetSession Interface
"{729BF44B-105C-45E9-B002-5EDA5E587E1F}"= UDP:49171:Akamai NetSession Interface
"TCP Query User{58964123-4EEB-476C-8877-7C031952A194}c:\\program files\\apache group\\apache2\\bin\\apache.exe"= UDP:c:\program files\apache group\apache2\bin\apache.exe:Apache HTTP Server
"UDP Query User{F4BC3700-DEE4-46F8-8FC1-A6E93B174FB3}c:\\program files\\apache group\\apache2\\bin\\apache.exe"= TCP:c:\program files\apache group\apache2\bin\apache.exe:Apache HTTP Server
"TCP Query User{B52F5EBE-F902-41B6-BEEF-ECA3E2B4F87E}c:\\xampp\\apache\\bin\\apache.exe"= UDP:c:\xampp\apache\bin\apache.exe:Apache HTTP Server
"UDP Query User{D658AD10-20E3-4BE9-B5AC-AA0809B08A97}c:\\xampp\\apache\\bin\\apache.exe"= TCP:c:\xampp\apache\bin\apache.exe:Apache HTTP Server
"TCP Query User{9C9D7F46-D650-4571-BCE6-A1FEF23C3A11}c:\\xampp\\mysql\\bin\\mysqld.exe"= UDP:c:\xampp\mysql\bin\mysqld.exe:mysqld
"UDP Query User{ED6A69FD-B440-4931-AD7C-8D97F4F31217}c:\\xampp\\mysql\\bin\\mysqld.exe"= TCP:c:\xampp\mysql\bin\mysqld.exe:mysqld
"TCP Query User{3F12BC7C-7E18-47BF-B23C-F9ED673CE654}c:\\xampp\\mercurymail\\mercury.exe"= UDP:c:\xampp\mercurymail\mercury.exe:Mercury/32 Core Processing Module v4.52
"UDP Query User{5CFBABD2-3DD7-40AA-A2AB-053A66FA0EFF}c:\\xampp\\mercurymail\\mercury.exe"= TCP:c:\xampp\mercurymail\mercury.exe:Mercury/32 Core Processing Module v4.52
"{E72263C9-EDC6-4D3B-8B72-C9FBD4F7C80B}"= UDP:c:\program files\Orb Networks\Orb\bin\Orb.exe:Orb
"{ECCACFF9-8389-4761-8220-71D3E713915E}"= TCP:c:\program files\Orb Networks\Orb\bin\Orb.exe:Orb
"{ADEC84E1-0919-4D19-B719-C01ACF78352F}"= UDP:c:\program files\Orb Networks\Orb\bin\OrbIR.exe:OrbIR
"{9F65E944-07C7-460C-95E6-E2973BFDF0BC}"= TCP:c:\program files\Orb Networks\Orb\bin\OrbIR.exe:OrbIR
"{05F67FBA-6D2C-4B7C-B6C8-0456D53966FD}"= UDP:c:\program files\Orb Networks\Orb\bin\OrbStreamerClient.exe:Orb Stream Client
"{CC324087-4DCE-4389-BE23-0AE786742C7D}"= TCP:c:\program files\Orb Networks\Orb\bin\OrbStreamerClient.exe:Orb Stream Client
"{580598EB-0AAE-4E81-B1EC-4ACB8E95E5E4}"= UDP:c:\program files\Orb Networks\Orb\bin\xmltv.exe:OrbTVGuide
"{2A22B635-82BE-40CC-878D-D17318A1AD6D}"= TCP:c:\program files\Orb Networks\Orb\bin\xmltv.exe:OrbTVGuide
"{74C5B502-8CE9-4FC3-9785-3EEFA0E31028}"= UDP:c:\program files\Orb Networks\Orb\bin\OrbTray.exe:OrbTray
"{0645181F-0AD8-4DAA-BA2F-BC1F3153738D}"= TCP:c:\program files\Orb Networks\Orb\bin\OrbTray.exe:OrbTray
"{A6F8386F-5B85-42EF-8120-2EF4FF4BE21D}"= UDP:49182:Akamai NetSession Interface
"{88B9A71A-00D5-485D-9279-733FE03E99F9}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{E45FC038-E473-4519-902C-503E009388FD}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{0F9A3FB0-09C8-40F6-8E57-8B13763164A0}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{4520C1D6-9F9F-475B-B7F9-3CB463E6DFA8}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{A08A6E5A-CBDD-4685-A4E9-807ABB556BEA}"= UDP:49173:Akamai NetSession Interface
"{6DDA2912-F699-47B2-943B-4642F721ADB8}"= UDP:49165:Akamai NetSession Interface
"{32C2992F-1D68-4CFF-B4A6-7602ADFCAA75}"= UDP:49172:Akamai NetSession Interface
"{76BBEE42-9E15-45E1-AC75-894ABE32EA73}"= UDP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{A783CEB3-C3F5-463A-B209-75A4DD6DC3A7}"= TCP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{42200B41-6001-47EA-8C0E-6E78362AE7AC}"= UDP:49165:Akamai NetSession Interface
"{BA430AC2-2218-44B3-9042-DC4CFFE59B6D}"= UDP:49175:Akamai NetSession Interface
"{BF7979C2-452A-4C3E-B22C-E6DE585A0CAD}"= UDP:64099:Akamai NetSession Interface
"TCP Query User{DFAF1AB6-1CE3-4E70-8465-F40B769937E7}c:\\program files\\raptr\\raptrbt.exe"= UDP:c:\program files\raptr\raptrbt.exe:RaptrBT
"UDP Query User{59DC5355-2FFD-4B12-8438-27F1E5E68D9D}c:\\program files\\raptr\\raptrbt.exe"= TCP:c:\program files\raptr\raptrbt.exe:RaptrBT
"TCP Query User{773E7A5C-7FBA-4B30-82CF-D17DFF67750D}c:\\ijji\\english\\u_skid.exe"= UDP:c:\ijji\english\u_skid.exe:<ijji Downloader>
"UDP Query User{D5994BE0-1BED-43BF-A801-28C7303ED566}c:\\ijji\\english\\u_skid.exe"= TCP:c:\ijji\english\u_skid.exe:<ijji Downloader>
"TCP Query User{35BB1CD2-1D1D-4066-825F-0C23F5E75767}c:\\program files\\raptr\\raptr.exe"= UDP:c:\program files\raptr\raptr.exe:Raptr Client
"UDP Query User{5ACBE0EA-5E4E-4E43-8BD1-05D2D89715A3}c:\\program files\\raptr\\raptr.exe"= TCP:c:\program files\raptr\raptr.exe:Raptr Client
"TCP Query User{5C1D6F18-B50F-4D9C-8E2F-2071CB15A0A5}c:\\program files\\driftcity\\driftcity.exe"= UDP:c:\program files\driftcity\driftcity.exe:DriftCity
"UDP Query User{FE03E6A7-4425-47FA-A699-7DAE749A9F6D}c:\\program files\\driftcity\\driftcity.exe"= TCP:c:\program files\driftcity\driftcity.exe:DriftCity
"{1452BCA4-F855-4F05-8BF0-5DD65F653DE5}"= UDP:57597:Akamai NetSession Interface
"{7F24792E-D6CE-4164-BBA0-01A6F6804D3C}"= UDP:49863:Akamai NetSession Interface
"{1D075F23-D31D-43E2-99AB-0136151CED4F}"= UDP:50060:Akamai NetSession Interface
"{FFCB1ECA-F0E3-4389-91D9-31247AFE93D4}"= UDP:51446:Akamai NetSession Interface
"{3FF6DDA0-7B26-4B88-96CF-8D1441FCF451}"= UDP:51626:Akamai NetSession Interface
"{E39A4D5E-5BBB-4E0D-A9F8-D8ADFDDE2A05}"= UDP:59041:Akamai NetSession Interface
"{ECC3F4D9-DEA8-4324-A7DC-67F3C4D8B2B2}"= UDP:52634:Akamai NetSession Interface
"{DF6B65B4-0791-4D5E-8E54-241CEB03CAF0}"= UDP:52679:Akamai NetSession Interface
"{CC1C348C-A32F-40F3-8B80-1EE9194CC711}"= UDP:52712:Akamai NetSession Interface
"{8B7C31FA-E35A-43AE-80ED-BF102B64C600}"= UDP:56991:Akamai NetSession Interface
"{20A5B87A-4D4A-49D5-A4C1-3252E832A5D1}"= UDP:59849:Akamai NetSession Interface
"{A05C8467-5E2F-410A-9818-6049575C840A}"= UDP:59323:Akamai NetSession Interface
"{3F3A7854-8C51-4863-8EBE-C8FFC21F8301}"= UDP:49169:Akamai NetSession Interface

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"c:\\Nexon\\Combat Arms\\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\\Nexon\\Combat Arms\\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe

R1 epfwtdir;epfwtdir;c:\windows\System32\drivers\epfwtdir.sys [4/23/2008 3:00 PM 33800]
R2 Akamai;Akamai;c:\windows\System32\svchost.exe -k Akamai [1/20/2008 9:23 PM 21504]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [4/23/2008 2:58 PM 472320]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [9/23/2008 8:08 PM 1153368]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [3/21/2008 1:20 AM 327800]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-25 04:33]

2009-07-22 c:\windows\Tasks\User_Feed_Synchronization-{EAC7F15F-AED1-4CD4-8576-FC5D9588A2DC}.job
- c:\windows\system32\msfeedssync.exe [2009-07-17 11:31]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
HKLM-Run-UDC Integration - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 124.115.177.53:8080
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Get Flash by FlashKeeper - c:\program files\FlashKeeper\GetFlash.htm
IE: {{86301D40-94C1-4a5e-843B-7F43965E364A} - c:\program files\FlashKeeper\GetFlash.htm
FF - ProfilePath - c:\users\mr. splashy pants\AppData\Roaming\Mozilla\Firefox\Profiles\24rcesq7.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (Eng)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Opera\program\plugins\NPQNXWrap.dll
FF - plugin: c:\program files\Opera\program\plugins\NPSnpy.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\users\mr. splashy pants\AppData\Roaming\Mozilla\Firefox\Profiles\24rcesq7.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-22 17:40
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3836633319-2046781596-2562864062-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ca,e5,ba,7a,60,63,b6,ab,d5,26,9e,27,ae,24,71,f9,f6,46,ad,f1,cb,d9,a5,
b5,ad,65,ae,45,7b,44,99,79,fd,c3,00,02,00,3b,60,31,43,73,ef,7e,71,dc,49,1c,\
"??"=hex:aa,d3,ad,10,3e,21,e1,5a,ee,a5,d7,2f,8a,be,03,83

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-07-22 17:44
ComboFix-quarantined-files.txt 2009-07-22 22:44

Pre-Run: 137,847,107,584 bytes free
Post-Run: 137,807,208,448 bytes free

373 --- E O F --- 2009-07-17 12:42

northsider
2009-07-23, 02:01
...still running kaspersky... will update in an hour or two;)

northsider
2009-07-23, 05:27
only 13% done...probably wont be done until tomorrow. I will update you tomorrow evening

northsider
2009-07-23, 14:51
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Thursday, July 23, 2009
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Thursday, July 23, 2009 00:49:25
Records in database: 2516115
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\

Scan statistics:
Files scanned: 358839
Threat name: 1
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 06:51:12


File name / Threat name / Threats count
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.632 1
C:\Program Files\mIRC\mirc.exe.bak Infected: not-a-virus:Client-IRC.Win32.mIRC.632 1

The selected area was scanned.

katana
2009-07-24, 00:20
That looks fine now, how are things running ?

Please post a fresh RSIT log

northsider
2009-07-24, 01:04
It appears to be running more smoothly.


Logfile of random's system information tool 1.06 (written by random/random)
Run by mr. splashy pants at 2009-07-23 17:04:16
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 153 GB (52%) free of 296 GB
Total RAM: 2942 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:04:27 PM, on 7/23/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\hp\kbd\kbd.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom 2\Lightroom.exe
C:\Windows\System32\mobsync.exe
C:\Users\mr. splashy pants\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\mr. splashy pants.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 124.115.177.53:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Get Flash by FlashKeeper - C:\Program Files\FlashKeeper\GetFlash.htm
O9 - Extra button: FlashKeeper - {86301D40-94C1-4a5e-843B-7F43965E364A} - C:\Program Files\FlashKeeper\GetFlash.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7452 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\User_Feed_Synchronization-{EAC7F15F-AED1-4CD4-8576-FC5D9588A2DC}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-29 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-01-15 4874240]
"hpsysdrv"=c:\hp\support\hpsysdrv.exe [2007-04-18 65536]
"KBD"=C:\HP\KBD\KbdStub.EXE [2006-12-08 65536]
"OsdMaestro"=C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [2007-02-15 118784]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-02-18 2221352]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2008-04-23 1443072]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-07-13 1287440]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-05-22 13539872]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-05-22 92704]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-20 1233920]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-20 125952]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-02-28 1828136]
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe [2009-04-29 3338240]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-20 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^mr. splashy pants^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ShortKeys 2.lnk]
C:\PROGRA~1\SHORTK~1\shortkey.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^mr. splashy pants^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xfire.lnk]
C:\PROGRA~1\Xfire\xfire.exe [2009-01-15 2993488]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Snapfish Media Detector.lnk - C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"

======List of files/folders created in the last 1 months======

2009-07-22 21:01:32 ----D---- C:\Windows\LastGood
2009-07-22 17:44:37 ----SHD---- C:\$RECYCLE.BIN
2009-07-22 17:44:35 ----A---- C:\ComboFix.txt
2009-07-22 17:32:43 ----SD---- C:\ComboFix
2009-07-22 17:00:11 ----A---- C:\Windows\zip.exe
2009-07-22 17:00:11 ----A---- C:\Windows\SWXCACLS.exe
2009-07-22 17:00:11 ----A---- C:\Windows\SWSC.exe
2009-07-22 17:00:11 ----A---- C:\Windows\SWREG.exe
2009-07-22 17:00:11 ----A---- C:\Windows\sed.exe
2009-07-22 17:00:11 ----A---- C:\Windows\PEV.exe
2009-07-22 17:00:11 ----A---- C:\Windows\NIRCMD.exe
2009-07-22 17:00:11 ----A---- C:\Windows\grep.exe
2009-07-22 17:00:06 ----D---- C:\Windows\ERDNT
2009-07-22 16:59:55 ----D---- C:\Qoobox
2009-07-21 18:18:08 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-21 17:34:58 ----D---- C:\Windows\Minidump
2009-07-21 17:19:00 ----D---- C:\rsit
2009-07-17 18:15:07 ----D---- C:\ProgramData\WindowsSearch
2009-07-17 07:24:27 ----A---- C:\Windows\system32\msshooks.dll
2009-07-17 07:24:27 ----A---- C:\Windows\system32\msscb.dll
2009-07-17 07:24:26 ----A---- C:\Windows\system32\thawbrkr.dll
2009-07-17 07:24:26 ----A---- C:\Windows\system32\srchadmin.dll
2009-07-17 07:24:26 ----A---- C:\Windows\system32\SearchFilterHost.exe
2009-07-17 07:24:26 ----A---- C:\Windows\system32\propsys.dll
2009-07-17 07:24:26 ----A---- C:\Windows\system32\propdefs.dll
2009-07-17 07:24:26 ----A---- C:\Windows\system32\msstrc.dll
2009-07-17 07:24:26 ----A---- C:\Windows\system32\mssprxy.dll
2009-07-17 07:24:26 ----A---- C:\Windows\system32\mssitlb.dll
2009-07-17 07:24:26 ----A---- C:\Windows\system32\msshsq.dll
2009-07-17 07:24:26 ----A---- C:\Windows\system32\korwbrkr.dll
2009-07-17 07:24:25 ----A---- C:\Windows\system32\xmlfilter.dll
2009-07-17 07:24:25 ----A---- C:\Windows\system32\wsepno.dll
2009-07-17 07:24:25 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2009-07-17 07:24:25 ----A---- C:\Windows\system32\rtffilt.dll
2009-07-17 07:24:25 ----A---- C:\Windows\system32\offfilt.dll
2009-07-17 07:24:25 ----A---- C:\Windows\system32\nlhtml.dll
2009-07-17 07:24:25 ----A---- C:\Windows\system32\msscntrs.dll
2009-07-17 07:24:25 ----A---- C:\Windows\system32\mimefilt.dll
2009-07-17 07:24:25 ----A---- C:\Windows\system32\chtbrkr.dll
2009-07-17 07:24:25 ----A---- C:\Windows\system32\chsbrkr.dll
2009-07-17 07:24:24 ----A---- C:\Windows\system32\tquery.dll
2009-07-17 07:24:24 ----A---- C:\Windows\system32\SearchIndexer.exe
2009-07-17 07:24:24 ----A---- C:\Windows\system32\mssvp.dll
2009-07-17 07:24:24 ----A---- C:\Windows\system32\mssrch.dll
2009-07-17 07:24:24 ----A---- C:\Windows\system32\mssphtb.dll
2009-07-17 07:24:24 ----A---- C:\Windows\system32\mssph.dll
2009-07-17 07:23:10 ----A---- C:\Windows\system32\tzres.dll
2009-07-17 07:02:03 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-07-17 07:02:03 ----A---- C:\Windows\system32\infocardapi.dll
2009-07-17 07:02:01 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-07-17 07:02:01 ----A---- C:\Windows\system32\icardres.dll
2009-07-17 07:02:01 ----A---- C:\Windows\system32\icardagt.exe
2009-07-17 07:01:59 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-07-17 07:01:56 ----A---- C:\Windows\system32\PresentationHost.exe
2009-07-17 06:55:16 ----A---- C:\Windows\system32\dfshim.dll
2009-07-17 06:55:13 ----A---- C:\Windows\system32\mscoree.dll
2009-07-17 06:55:12 ----A---- C:\Windows\system32\netfxperf.dll
2009-07-17 06:55:02 ----A---- C:\Windows\system32\mscorier.dll
2009-07-17 06:54:57 ----A---- C:\Windows\system32\mscories.dll
2009-07-17 06:53:33 ----A---- C:\Windows\system32\iesetup.dll
2009-07-17 06:53:32 ----A---- C:\Windows\system32\wininet.dll
2009-07-17 06:53:32 ----A---- C:\Windows\system32\ieui.dll
2009-07-17 06:53:32 ----A---- C:\Windows\system32\iertutil.dll
2009-07-17 06:53:32 ----A---- C:\Windows\system32\iernonce.dll
2009-07-17 06:53:32 ----A---- C:\Windows\system32\ie4uinit.exe
2009-07-17 06:53:31 ----A---- C:\Windows\system32\urlmon.dll
2009-07-17 06:53:31 ----A---- C:\Windows\system32\jsproxy.dll
2009-07-17 06:53:31 ----A---- C:\Windows\system32\iedkcs32.dll
2009-07-17 06:53:29 ----A---- C:\Windows\system32\mshtml.dll
2009-07-17 06:53:29 ----A---- C:\Windows\system32\ieframe.dll
2009-07-17 06:52:38 ----A---- C:\Windows\system32\mshtmler.dll
2009-07-17 06:52:38 ----A---- C:\Windows\system32\mshtmled.dll
2009-07-17 06:52:38 ----A---- C:\Windows\system32\icardie.dll
2009-07-17 06:52:38 ----A---- C:\Windows\system32\admparse.dll
2009-07-17 06:52:37 ----A---- C:\Windows\system32\msls31.dll
2009-07-17 06:52:37 ----A---- C:\Windows\system32\imgutil.dll
2009-07-17 06:52:37 ----A---- C:\Windows\system32\ieakeng.dll
2009-07-17 06:52:37 ----A---- C:\Windows\system32\dxtmsft.dll
2009-07-17 06:52:37 ----A---- C:\Windows\system32\corpol.dll
2009-07-17 06:52:36 ----A---- C:\Windows\system32\occache.dll
2009-07-17 06:52:36 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-07-17 06:52:36 ----A---- C:\Windows\system32\licmgr10.dll
2009-07-17 06:52:36 ----A---- C:\Windows\system32\inseng.dll
2009-07-17 06:52:36 ----A---- C:\Windows\system32\iepeers.dll
2009-07-17 06:52:36 ----A---- C:\Windows\system32\dxtrans.dll
2009-07-17 06:52:35 ----A---- C:\Windows\system32\WinFXDocObj.exe
2009-07-17 06:52:35 ----A---- C:\Windows\system32\wextract.exe
2009-07-17 06:52:35 ----A---- C:\Windows\system32\webcheck.dll
2009-07-17 06:52:35 ----A---- C:\Windows\system32\mstime.dll
2009-07-17 06:52:35 ----A---- C:\Windows\system32\msrating.dll
2009-07-17 06:52:35 ----A---- C:\Windows\system32\msfeedssync.exe
2009-07-17 06:52:35 ----A---- C:\Windows\system32\ieakui.dll
2009-07-17 06:52:35 ----A---- C:\Windows\system32\ieaksie.dll
2009-07-17 06:52:34 ----A---- C:\Windows\system32\pngfilt.dll
2009-07-17 06:52:34 ----A---- C:\Windows\system32\msfeeds.dll
2009-07-17 06:52:34 ----A---- C:\Windows\system32\advpack.dll
2009-07-17 06:52:33 ----A---- C:\Windows\system32\vbscript.dll
2009-07-17 06:52:33 ----A---- C:\Windows\system32\url.dll
2009-07-17 06:52:33 ----A---- C:\Windows\system32\jscript.dll
2009-07-17 06:52:33 ----A---- C:\Windows\system32\ieapfltr.dll
2009-07-17 06:52:32 ----A---- C:\Windows\system32\mshta.exe
2009-07-17 06:52:32 ----A---- C:\Windows\system32\iexpress.exe
2009-07-17 06:52:31 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2009-07-17 06:52:31 ----A---- C:\Windows\system32\SetDepNx.exe
2009-07-17 06:52:31 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2009-07-17 06:52:31 ----A---- C:\Windows\system32\PDMSetup.exe
2009-07-17 06:52:31 ----A---- C:\Windows\system32\ieUnatt.exe
2009-07-17 06:52:31 ----A---- C:\Windows\system32\iesysprep.dll
2009-07-16 22:56:51 ----A---- C:\Windows\system32\MRT.INI
2009-07-16 22:51:30 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2009-07-16 22:51:28 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2009-07-16 22:51:18 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2009-07-16 22:50:35 ----A---- C:\Windows\system32\shell32.dll
2009-07-16 22:49:54 ----A---- C:\Windows\system32\Apphlpdm.dll
2009-07-16 22:49:53 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2009-07-16 22:49:53 ----A---- C:\Windows\system32\gameux.dll
2009-07-16 22:49:51 ----A---- C:\Windows\system32\xolehlp.dll
2009-07-16 22:49:51 ----A---- C:\Windows\system32\msdtcprx.dll
2009-07-16 22:49:49 ----A---- C:\Windows\system32\lsasrv.dll
2009-07-16 22:49:49 ----A---- C:\Windows\system32\kernel32.dll
2009-07-16 22:49:48 ----A---- C:\Windows\system32\secur32.dll
2009-07-16 22:49:48 ----A---- C:\Windows\system32\apilogen.dll
2009-07-16 22:49:48 ----A---- C:\Windows\system32\amxread.dll
2009-07-16 22:49:20 ----A---- C:\Windows\system32\EncDec.dll
2009-07-16 22:49:19 ----A---- C:\Windows\system32\psisdecd.dll
2009-07-16 22:49:13 ----A---- C:\Windows\system32\localspl.dll
2009-07-16 22:49:05 ----A---- C:\Windows\system32\rpcss.dll
2009-07-16 22:49:05 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-07-16 22:49:04 ----A---- C:\Windows\system32\sdohlp.dll
2009-07-16 22:49:04 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-07-16 22:49:04 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-07-16 22:49:04 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-07-16 22:49:04 ----A---- C:\Windows\system32\iasrecst.dll
2009-07-16 22:49:04 ----A---- C:\Windows\system32\iasdatastore.dll
2009-07-16 22:49:04 ----A---- C:\Windows\system32\iasads.dll
2009-07-16 22:49:03 ----A---- C:\Windows\system32\iashost.exe
2009-07-16 22:49:01 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2009-07-16 22:49:01 ----A---- C:\Windows\system32\WindowsCodecs.dll
2009-07-16 22:49:01 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2009-07-16 22:48:59 ----A---- C:\Windows\system32\msxml3.dll
2009-07-16 22:48:53 ----A---- C:\Windows\system32\pacerprf.dll
2009-07-16 22:48:50 ----A---- C:\Windows\system32\t2embed.dll
2009-07-16 22:48:50 ----A---- C:\Windows\system32\fontsub.dll
2009-07-16 22:48:50 ----A---- C:\Windows\system32\dciman32.dll
2009-07-16 22:48:50 ----A---- C:\Windows\system32\atmfd.dll
2009-07-16 22:48:47 ----A---- C:\Windows\system32\winhttp.dll
2009-07-16 22:48:43 ----A---- C:\Windows\system32\schannel.dll
2009-07-16 22:48:41 ----A---- C:\Windows\system32\IPSECSVC.DLL
2009-07-16 22:48:38 ----A---- C:\Windows\system32\emdmgmt.dll
2009-07-16 22:48:38 ----A---- C:\Windows\system32\dataclen.dll
2009-07-16 22:48:38 ----A---- C:\Windows\system32\cdd.dll
2009-07-16 22:48:35 ----A---- C:\Windows\system32\connect.dll
2009-07-16 22:48:33 ----A---- C:\Windows\system32\gdi32.dll
2009-07-16 22:48:30 ----A---- C:\Windows\system32\netapi32.dll
2009-07-16 22:48:26 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2009-07-16 22:48:20 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-07-16 22:48:20 ----A---- C:\Windows\system32\WMNetMgr.dll
2009-07-16 22:48:20 ----A---- C:\Windows\system32\mf.dll
2009-07-16 22:48:19 ----A---- C:\Windows\system32\logagent.exe
2009-07-16 22:48:13 ----A---- C:\Windows\system32\wmp.dll
2009-07-16 22:48:12 ----A---- C:\Windows\system32\spwmp.dll
2009-07-16 22:48:12 ----A---- C:\Windows\system32\dxmasf.dll
2009-07-16 22:48:11 ----A---- C:\Windows\system32\wmploc.DLL
2009-07-16 22:48:06 ----A---- C:\Windows\system32\es.dll
2009-07-16 22:48:00 ----A---- C:\Windows\explorer.exe
2009-07-16 22:47:56 ----A---- C:\Windows\system32\win32spl.dll
2009-07-16 22:47:54 ----A---- C:\Windows\system32\wmpeffects.dll
2009-07-16 22:47:48 ----A---- C:\Windows\system32\wshext.dll
2009-07-16 22:47:48 ----A---- C:\Windows\system32\wscript.exe
2009-07-16 22:47:48 ----A---- C:\Windows\system32\scrobj.dll
2009-07-16 22:47:48 ----A---- C:\Windows\system32\cscript.exe
2009-07-16 22:47:47 ----A---- C:\Windows\system32\scrrun.dll
2009-07-16 22:47:46 ----A---- C:\Windows\system32\inetcomm.dll
2009-07-16 22:47:09 ----A---- C:\Windows\system32\Faultrep.dll
2009-07-16 22:47:08 ----A---- C:\Windows\system32\wersvc.dll
2009-07-16 22:47:07 ----A---- C:\Windows\system32\rpcrt4.dll
2009-07-16 22:46:51 ----A---- C:\Windows\system32\quartz.dll
2009-07-16 22:42:45 ----A---- C:\Windows\system32\msxml6.dll
2009-07-16 22:38:48 ----A---- C:\Windows\system32\wups2.dll
2009-07-16 22:38:48 ----A---- C:\Windows\system32\wucltux.dll
2009-07-16 22:38:48 ----A---- C:\Windows\system32\wuaueng.dll
2009-07-16 22:38:48 ----A---- C:\Windows\system32\wuauclt.exe
2009-07-16 22:38:35 ----A---- C:\Windows\system32\wups.dll
2009-07-16 22:38:35 ----A---- C:\Windows\system32\wudriver.dll
2009-07-16 22:38:35 ----A---- C:\Windows\system32\wuapi.dll
2009-07-16 22:38:30 ----A---- C:\Windows\system32\wuwebv.dll
2009-07-16 22:38:30 ----A---- C:\Windows\system32\wuapp.exe
2009-07-15 11:47:17 ----D---- C:\Program Files\UCT
2009-07-09 21:56:23 ----D---- C:\Program Files\Topaz Labs
2009-07-05 08:41:06 ----D---- C:\Users\mr. splashy pants\AppData\Roaming\blueMarine
2009-07-05 08:36:53 ----D---- C:\Program Files\blueMarine

======List of files/folders modified in the last 1 months======

2009-07-23 17:04:27 ----D---- C:\Windows\Prefetch
2009-07-23 17:04:19 ----D---- C:\Windows\Temp
2009-07-23 16:10:45 ----D---- C:\Program Files\Common Files\Akamai
2009-07-23 14:31:10 ----D---- C:\Windows\Tasks
2009-07-22 21:45:03 ----SHD---- C:\System Volume Information
2009-07-22 21:09:52 ----D---- C:\Program Files\GIMP-2.0
2009-07-22 21:07:42 ----D---- C:\Users\mr. splashy pants\AppData\Roaming\gtk-2.0
2009-07-22 21:02:34 ----D---- C:\Windows
2009-07-22 21:02:32 ----D---- C:\Windows\System32
2009-07-22 21:01:49 ----D---- C:\Windows\system32\drivers
2009-07-22 21:01:42 ----D---- C:\Windows\system32\catroot
2009-07-22 21:01:38 ----D---- C:\Windows\system32\catroot2
2009-07-22 21:01:32 ----D---- C:\Windows\inf
2009-07-22 18:19:12 ----D---- C:\ProgramData\Google Updater
2009-07-22 17:44:39 ----D---- C:\Windows\system32\en-US
2009-07-22 17:40:55 ----A---- C:\Windows\system.ini
2009-07-22 17:37:09 ----D---- C:\Windows\AppPatch
2009-07-22 17:37:08 ----D---- C:\Program Files\Common Files
2009-07-22 17:30:53 ----D---- C:\Program Files\Mozilla Firefox
2009-07-21 22:33:41 ----D---- C:\Program Files
2009-07-21 17:22:41 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-07-17 20:45:16 ----D---- C:\NVIDIA
2009-07-17 20:38:25 ----D---- C:\Program Files\SystemRequirementsLab
2009-07-17 20:38:00 ----D---- C:\Users\mr. splashy pants\AppData\Roaming\SystemRequirementsLab
2009-07-17 20:25:12 ----D---- C:\Program Files\ShortKeys2
2009-07-17 20:01:40 ----SHD---- C:\Windows\Installer
2009-07-17 19:58:27 ----D---- C:\Program Files\DriftCity
2009-07-17 19:57:09 ----D---- C:\Windows\system32\Tasks
2009-07-17 18:40:35 ----D---- C:\Windows\rescache
2009-07-17 18:35:39 ----D---- C:\Windows\winsxs
2009-07-17 18:30:38 ----D---- C:\Windows\Microsoft.NET
2009-07-17 18:30:35 ----RSD---- C:\Windows\assembly
2009-07-17 18:22:51 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-07-17 18:18:18 ----D---- C:\Windows\ehome
2009-07-17 18:18:15 ----D---- C:\Program Files\Windows Mail
2009-07-17 18:18:12 ----D---- C:\Windows\PolicyDefinitions
2009-07-17 18:18:10 ----D---- C:\Program Files\Windows Media Player
2009-07-17 18:18:06 ----D---- C:\Windows\system32\wbem
2009-07-17 18:18:01 ----D---- C:\Windows\system32\manifeststore
2009-07-17 18:17:55 ----D---- C:\Windows\system32\XPSViewer
2009-07-17 18:17:39 ----D---- C:\Windows\system32\migration
2009-07-17 18:17:38 ----D---- C:\Program Files\Internet Explorer
2009-07-17 18:15:07 ----D---- C:\ProgramData
2009-07-17 06:52:33 ----A---- C:\Windows\wininit.ini
2009-07-16 22:54:18 ----D---- C:\Windows\Registration
2009-07-16 22:52:06 ----D---- C:\ProgramData\NVIDIA
2009-07-16 18:39:39 ----AD---- C:\ProgramData\TEMP
2009-07-16 17:06:37 ----D---- C:\Windows\system32\WDI
2009-07-16 17:00:36 ----D---- C:\Users\mr. splashy pants\AppData\Roaming\Vso
2009-07-16 16:55:57 ----D---- C:\Users\mr. splashy pants\AppData\Roaming\uTorrent
2009-07-15 12:03:50 ----D---- C:\Users\mr. splashy pants\AppData\Roaming\.purple
2009-07-12 15:56:57 ----D---- C:\Program Files\PhotomatixPro3
2009-07-12 08:56:36 ----D---- C:\ProgramData\Watermark Factory
2009-07-07 20:20:51 ----A---- C:\Windows\system32\PnkBstrB.exe
2009-07-07 08:10:58 ----A---- C:\Windows\system32\mrt.exe
2009-07-05 12:37:43 ----D---- C:\Users\mr. splashy pants\AppData\Roaming\FileZilla
2009-07-02 14:04:43 ----D---- C:\Users\mr. splashy pants\AppData\Roaming\Adobe
2009-07-01 21:36:56 ----D---- C:\Users\mr. splashy pants\AppData\Roaming\mIRC

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 easdrv;easdrv; C:\Windows\system32\DRIVERS\easdrv.sys [2008-04-23 29704]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2007-08-07 25160]
R1 epfwtdir;epfwtdir; C:\Windows\system32\DRIVERS\epfwtdir.sys [2008-04-23 33800]
R2 eamon;EAMON; C:\Windows\system32\DRIVERS\eamon.sys [2008-04-23 40456]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 Sentinel;Sentinel; C:\Windows\System32\Drivers\SENTINEL.SYS [2008-03-21 88896]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704]
R3 catchme;catchme; \??\C:\Users\MR7A8E~1.SPL\AppData\Local\Temp\catchme.sys []
R3 HSF_DP;HSF_DP; C:\Windows\system32\DRIVERS\HSX_DP.sys [2008-05-08 980992]
R3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2008-05-08 266752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-01-15 2047576]
R3 NVENETFD;NVIDIA nForce 10/100 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2008-08-01 1052704]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-05-22 7465312]
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2008-05-05 47360]
R3 Ps2;PS2; C:\Windows\system32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-05-08 661504]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
S3 agjxufeu;agjxufeu; C:\Windows\system32\drivers\agjxufeu.sys []
S3 AnyDVD;AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [2007-09-07 96704]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 ElbyDelay;ElbyDelay; C:\Windows\System32\Drivers\ElbyDelay.sys [2007-02-15 11984]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-20 39936]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]
S4 nvrd32;NVIDIA nForce RAID Driver; C:\Windows\system32\drivers\nvrd32.sys [2007-12-07 131616]
S4 nvsmu;nvsmu; C:\Windows\system32\drivers\nvsmu.sys [2007-10-12 13312]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-20 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Akamai;Akamai; C:\Windows\System32\svchost.exe [2008-01-20 21504]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-04-23 472320]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-09-19 65536]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-11-19 79136]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-05-22 118784]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [2006-12-19 81920]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-05-02 75064]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 SentinelKeysServer;Sentinel Keys Server; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2008-03-21 327800]
R2 SentinelProtectionServer;Sentinel Protection Server; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [2008-03-21 204920]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-29 183280]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-27 34312]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-04-23 19200]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-04-18 654848]
S3 GameConsoleService;GameConsoleService; C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2007-07-23 181800]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 npggsvc;nProtect GameGuard Service; C:\Windows\system32\GameMon.des [2009-02-16 2736890]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------

katana
2009-07-24, 01:15
OTMoveIt
Please download OTM by OldTimer (http://oldtimer.geekstogo.com/OTM.exe) and save it to your desktop

Double-click OTM.exe to run it.
Copy the lines in the codebox below. ( Make sure you include :Processes )



:Processes
:Services
agjxufeu
:Reg
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^mr. splashy pants^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ShortKeys 2.lnk]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=-
:Commands
[Purity]
[EmptyTemp]


Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.


- Close ALL open windows (especially Internet Explorer!)-
Click the red Moveit! button.
Copy everything in the Results window (under the green bar), and paste it in your next reply.
Close OTM


If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

northsider
2009-07-24, 01:50
All processes killed
========== PROCESSES ==========
========== SERVICES/DRIVERS ==========
Service\Driver agjxufeu not found.
Service\Driver agjxufeu not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^mr. splashy pants^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ShortKeys 2.lnk\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: mr. splashy pants
->Temp folder emptied: 71939468 bytes
->Temporary Internet Files folder emptied: 16726439 bytes
->Java cache emptied: 28494792 bytes
->FireFox cache emptied: 50031016 bytes
->Opera cache emptied: 25160 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
File delete failed. C:\Windows\SDEA3C77D.tmp scheduled to be deleted on reboot.
%systemroot% .tmp files removed: 72 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
File delete failed. C:\Windows\temp\TMP000000101B0BEB8921AB44C7 scheduled to be deleted on reboot.
Windows Temp folder emptied: 526336 bytes
RecycleBin emptied: 3288 bytes

Total Files Cleaned = 159.98 mb


OTM by OldTimer - Version 3.0.0.5 log created on 07232009_174302

Files moved on Reboot...
File move failed. C:\Windows\SDEA3C77D.tmp scheduled to be moved on reboot.
File C:\Windows\temp\TMP000000101B0BEB8921AB44C7 not found!

Registry entries deleted on Reboot...

katana
2009-07-24, 10:52
Congratulations your logs look clean :)

Let's see if I can help you keep it that way

First lets tidy up



Uninstall Combofix
This will clear your System Volume Information restore points and remove all the infected files that were quarantined
Click START, type RUN into the search box, then click Enter
Now type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
http://i189.photobucket.com/albums/z176/EPL47/CF_Cleanup.png





OTCleanup
Please download OTCleanup from HERE (http://oldtimer.geekstogo.com/OTC.exe)
Click the OTC.exe icon and then click the CleanUp button.
If you get any pop ups asking if it is OK let the program proceed. At the end the program will ask to let it reboot the computer. Let it do so.
Let me know if there were any problems with OT CleanIt




You can also delete any logs we have produced, and empty your Recycle bin.

----------------------------------------------------------- -----------------------------------------------------------

The following is some info to help you stay safe and clean.


You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.
( Vista users must ensure that any programs are Vista compatible BEFORE installing )

Online Scanners
I would recommend a scan at one or more of the following sites at least once a month.

http://www.pandasecurity.com/activescan
http://www.kaspersky.com/kos/eng/partner/71706/kavwebscan.html

!!! Make sure that all your programs are updated !!!
Secunia Software Inspector does all the work for you, .... see HERE (http://secunia.com/software_inspector/) for details

AntiSpyware
AntiSpyware is not the same thing as Antivirus.
Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
Most of the programs in this list have a free (for Home Users ) and paid versions,
it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
Spybot - Search & Destroy (http://www.safer-networking.org/) <<< A must have program It includes host protection and registry protection A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
MalwareBytes Anti-malware (http://www.malwarebytes.org/mbam.php) <<< A New and effective program
a-squared Free (http://www.emsisoft.com/en/software/free/) <<< A good "realtime" or "on demand" scanner
superantispyware (http://www.superantispyware.com/) <<< A good "realtime" or "on demand" scanner

Prevention
These programs don't detect malware, they help stop it getting on your machine in the first place.
Each does a different job, so you can have more than one
Winpatrol (http://www.winpatrol.com) An excellent startup manager and then some !! Notifies you if programs are added to startup Allows delayed startup A must have addition
SpywareBlaster 4.0 (http://www.javacoolsoftware.com/spywareblaster.html) SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
SpywareGuard 2.2 (http://www.javacoolsoftware.com/spywareguard.html) SpywareGuard provides real-time protection against spyware. Not required if you have other "realtime" antispyware or Winpatrol
ZonedOut (http://www.funkytoad.com/index.php?option=com_content&view=article&id=15&Itemid=33) Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
MVPS HOSTS (http://www.mvps.org/winhelp2002/hosts.zip) This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial (http://www.mvps.org/winhelp2002/hosts.htm) by WinHelp2002. Not required if you are using other host file protections

Internet Browsers
Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.
Using a different web browser can help stop malware getting on your machine.

Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.

Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialise and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.

Next press the Apply button and then the OK to exit the Internet Properties page.

If you are still using IE6 then either update, or get one of the following.
FireFox (http://www.mozilla.com/en-US/firefox/) With many addons available that make customization easy this is a very popular choice NoScript and AdBlockPlus addons are essential
Opera (http://www.opera.com/) Another popular alternative
Netscape (http://browser.netscape.com/addons) Another popular alternative Also has Addons available

Cleaning Temporary Internet Files and Tracking Cookies
Temporary Internet Files are mainly the files that are downloaded when you open a web page.
Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.
It is a good idea to empty the Temporary Internet Files folder on a regular basis.

Tracking Cookies are files that websites use to monitor which sites you visit and how often.
A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.
CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords

Both of these can be cleaned manually, but a quicker option is to use a program
ATF Cleaner (http://www.atribune.org/index.php?option=com_content&task=view&id=25&Itemid=25) Free and very simple to use
CCleaner (http://www.ccleaner.com/) Free and very flexible, you can chose which cookies to keep

Also PLEASE read this article.....So How Did I Get Infected In The First Place (http://forum.malwareremoval.com/viewtopic.php?t=4959)

The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.

If you follow this advice then (with a bit of luck) you will never have to hear from me again :D


If you could post back one more time to let me know everything is OK, then I can have this thread archived.

Happy surfing K'

northsider
2009-07-24, 16:35
Thanks for the help. My DVD burner/drive is acting goofy...which is why I became suspicious in the first place. It has nothing to do with viruses/malware however, as it's acting up on my linux boot as well. It works until I try to burn data to it, the I cannot open or use it until I reboot (in fact nothing even gets burned to it, it just shuts off). I'm guessing that this has to be a hardware related issue.

I will try to follow your instructions above when I have time...I appreciate all the help. :-D:rockon: