Fake Windows Security Virus removed, caused more rootkits and problems.

I had the infamous Windows Security Center virus that's been going around, after a Malwarebytes and spybot scan I got rid of the program, but now I still have some lingering viruses that seem completely impossible to remove.
I believe one is a .sys file in my windows/system32/drivers/ folder, possibly caused by Rootkit.Agent.

Any help is immensely appreciated, I'll attach a hijack this log, followed by a Combofix log here.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:12:24, on 4/7/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox 3.5 Beta 4\firefox.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Documents and Settings\Spen\Desktop\thunder\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - (no file)
O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://c:\program files\BitComet\bitcomet .exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://c:\program files\BitComet\bitcomet .exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://c:\program files\BitComet\bitcomet .exe/AddAllLink.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: ʹÓÃѸÀ×ÏÂÔØ - C:\Documents and Settings\Spen\Desktop\thunder\Thunder\Program\geturl.htm
O8 - Extra context menu item: ʹÓÃѸÀ×ÏÂÔØÈ«²¿Á´½Ó - C:\Documents and Settings\Spen\Desktop\thunder\Thunder\Program\getallurl.htm
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1c9cfcb98311892) (gupdate1c9cfcb98311892) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

--
End of file - 5818 bytes




--------------------------------------



ComboFix 10-04-07.01 - Spen 04/07/2010 20:30:33.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1504 [GMT -7:00]
Running from: c:\documents and settings\Spen\Desktop\commy.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Local Settings\Application Data\{64E78697-7384-45D7-B0C2-057C6B5A8FBE}
c:\documents and settings\Administrator\Local Settings\Application Data\{64E78697-7384-45D7-B0C2-057C6B5A8FBE}\chrome.manifest
c:\documents and settings\Administrator\Local Settings\Application Data\{64E78697-7384-45D7-B0C2-057C6B5A8FBE}\chrome\content\_cfg.js
c:\documents and settings\Administrator\Local Settings\Application Data\{64E78697-7384-45D7-B0C2-057C6B5A8FBE}\chrome\content\overlay.xul
c:\documents and settings\Administrator\Local Settings\Application Data\{64E78697-7384-45D7-B0C2-057C6B5A8FBE}\install.rdf
c:\documents and settings\Spen\Local Settings\Application Data\{58529860-AEB4-4D33-8616-6EBC4329C137}
c:\documents and settings\Spen\Local Settings\Application Data\{58529860-AEB4-4D33-8616-6EBC4329C137}\chrome.manifest
c:\documents and settings\Spen\Local Settings\Application Data\{58529860-AEB4-4D33-8616-6EBC4329C137}\chrome\content\_cfg.js
c:\documents and settings\Spen\Local Settings\Application Data\{58529860-AEB4-4D33-8616-6EBC4329C137}\chrome\content\overlay.xul
c:\documents and settings\Spen\Local Settings\Application Data\{58529860-AEB4-4D33-8616-6EBC4329C137}\install.rdf
c:\windows\system32\_VOIDberfndeixm.log
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\ctfmon .exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\rundll32 .exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\winlogon.bak
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF


((((((((((((((((((((((((( Files Created from 2010-03-08 to 2010-04-08 )))))))))))))))))))))))))))))))
.

2010-04-08 02:00 . 2010-04-08 02:00 -------- d-----w- c:\program files\FileASSASSIN
2010-04-07 19:46 . 2010-03-30 07:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-07 19:46 . 2010-04-07 19:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-07 19:46 . 2010-03-30 07:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-07 09:07 . 2010-04-07 09:08 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-07 09:05 . 2010-04-07 09:05 -------- d-----w- c:\program files\Trend Micro
2010-04-07 03:25 . 2010-04-07 04:07 -------- d-----w- c:\windows\system32\NtmsData
2010-04-07 03:22 . 2010-04-07 03:22 -------- d-----w- c:\documents and settings\Spen\Application Data\Avira
2010-04-07 03:04 . 2010-03-01 16:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-04-07 03:04 . 2010-02-16 20:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-04-07 03:04 . 2009-05-11 18:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-04-07 03:04 . 2009-05-11 18:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-04-07 03:04 . 2010-04-07 03:04 -------- d-----w- c:\program files\Avira
2010-04-07 03:04 . 2010-04-07 03:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-04-07 02:52 . 2010-04-07 02:52 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-04-06 06:52 . 2010-04-06 07:16 201728 --sha-w- c:\documents and settings\Spen\Local Settings\Application Data\2269221376.dll
2010-04-06 06:51 . 2010-04-07 09:02 -------- d-----w- c:\documents and settings\Spen\Local Settings\Application Data\AskToolbar
2010-04-06 06:31 . 2010-04-06 06:31 -------- d-----w- c:\documents and settings\Spen\Application Data\CheckPoint
2010-04-06 06:21 . 2010-04-06 06:21 -------- d-----w- c:\program files\Zone Labs
2010-04-06 06:21 . 2010-04-07 09:18 -------- d-----w- c:\windows\Internet Logs
2010-04-06 06:17 . 2010-04-07 09:01 120 ----a-w- c:\windows\Igucur.dat
2010-04-06 06:17 . 2010-04-07 09:01 0 ----a-w- c:\windows\Qgivodexadapeq.bin
2010-04-06 06:15 . 2010-04-06 06:24 201728 --sha-w- c:\documents and settings\Administrator\Local Settings\Application Data\2269221376.dll
2010-04-06 06:08 . 2010-04-07 03:26 -------- d-sh--w- c:\documents and settings\Administrator\.COMMgr
2010-04-06 06:08 . 2010-04-08 03:43 823808 ----a-w- c:\windows\system32\drivers\zwhlwd.sys
2010-04-05 15:10 . 2010-04-05 15:10 -------- d-----w- c:\program files\iPod
2010-04-05 15:10 . 2010-04-06 06:08 -------- d-----w- c:\program files\iTunes
2010-04-05 15:10 . 2010-04-05 15:10 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-05 15:08 . 2010-04-07 19:31 -------- d-----w- c:\program files\QuickTime
2010-04-05 15:04 . 2010-04-05 15:04 -------- d-----w- c:\program files\Bonjour
2010-04-05 15:02 . 2010-04-05 15:02 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-04-01 03:17 . 2010-04-01 03:17 -------- d-----w- c:\program files\dumps
2010-03-29 06:18 . 2010-04-01 22:40 -------- d-----w- c:\program files\Steam
2010-03-26 07:39 . 2010-03-26 07:39 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Winamp Toolbar
2010-03-26 07:37 . 2010-04-06 06:08 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AskToolbar
2010-03-24 05:56 . 2010-03-24 05:56 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2010-03-24 05:52 . 2010-03-03 04:02 45056 ----a-w- c:\windows\system32\aticalrt.dll
2010-03-24 05:52 . 2010-03-03 04:02 45056 ----a-w- c:\windows\system32\aticalcl.dll
2010-03-24 05:52 . 2010-03-03 04:01 3641344 ----a-w- c:\windows\system32\aticaldd.dll
2010-03-24 05:52 . 2010-03-03 03:20 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-03-24 05:52 . 2010-03-03 03:07 65024 ----a-w- c:\windows\system32\atimpc32.dll
2010-03-24 05:52 . 2009-05-11 22:35 118784 ----a-w- c:\windows\system32\atibtmon.exe
2010-03-24 05:52 . 2010-03-24 05:54 -------- d-----w- c:\program files\ATI
2010-03-21 21:05 . 2010-03-21 21:05 2131336 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\faabpk7i.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
2010-03-21 09:51 . 2010-04-01 07:39 -------- d-----w- c:\program files\StarCraft II Beta
2010-03-21 09:51 . 2010-03-21 09:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2010-03-20 18:41 . 2010-03-20 18:41 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google
2010-03-20 18:22 . 2010-03-21 23:01 -------- d-----w- c:\program files\Ask.com
2010-03-17 21:18 . 2010-03-17 21:18 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp
2010-03-15 10:03 . 2010-03-15 10:03 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Blizzard Entertainment
2010-03-15 08:37 . 2010-03-29 02:37 -------- d-----w- c:\program files\World of Warcraft
2010-03-15 08:35 . 2010-03-15 08:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\DivX
2010-03-14 19:55 . 2010-03-21 09:59 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-03-14 19:47 . 2010-03-14 19:47 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-03-14 19:41 . 2010-03-14 19:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Search
2010-03-14 19:41 . 2010-04-05 00:14 -------- d-----w- c:\documents and settings\Administrator\Tracing
2010-03-14 19:40 . 2010-03-14 19:40 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Identities
2010-03-14 19:40 . 2010-03-14 19:40 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Desktop Search
2010-03-14 06:26 . 2010-03-14 06:26 -------- d-----w- c:\documents and settings\Alex\Application Data\Windows Search

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-08 03:25 . 2009-05-08 10:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-04-08 03:07 . 2009-06-10 23:29 -------- d-----w- c:\program files\Mozilla Firefox 3.5 Beta 4
2010-04-07 19:46 . 2009-03-28 21:11 -------- d-----w- c:\documents and settings\Spen\Application Data\Malwarebytes
2010-04-07 19:46 . 2009-03-28 21:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-07 19:39 . 2010-04-06 07:05 1323584 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-04-07 12:48 . 2009-05-03 11:00 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-07 09:23 . 2009-06-10 23:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-07 02:43 . 2010-04-07 03:21 1601024 ----a-w- c:\windows\Internet Logs\xDB11.tmp
2010-04-07 02:43 . 2010-04-07 03:21 8704 ----a-w- c:\windows\Internet Logs\xDB10.tmp
2010-04-07 02:39 . 2010-04-07 02:43 1601024 ----a-w- c:\windows\Internet Logs\xDBA.tmp
2010-04-07 02:39 . 2010-04-07 02:43 8192 ----a-w- c:\windows\Internet Logs\xDB9.tmp
2010-04-07 02:24 . 2008-10-30 07:24 -------- d-----w- c:\program files\BitComet
2010-04-07 02:23 . 2010-04-07 02:39 1601024 ----a-w- c:\windows\Internet Logs\xDB8.tmp
2010-04-07 02:23 . 2010-04-07 02:39 8704 ----a-w- c:\windows\Internet Logs\xDB7.tmp
2010-04-06 16:06 . 2010-04-07 02:23 8192 ----a-w- c:\windows\Internet Logs\xDBD.tmp
2010-04-06 16:06 . 2010-04-07 02:23 1601024 ----a-w- c:\windows\Internet Logs\xDBF.tmp
2010-04-06 07:24 . 2010-04-06 07:24 699904 ----a-w- c:\windows\isRS-000.tmp
2010-04-06 07:18 . 2010-04-06 16:06 8704 ----a-w- c:\windows\Internet Logs\xDBE.tmp
2010-04-06 07:18 . 2010-04-06 07:18 8192 ----a-w- c:\windows\Internet Logs\xDB5.tmp
2010-04-06 07:18 . 2010-04-06 07:18 1599488 ----a-w- c:\windows\Internet Logs\xDB6.tmp
2010-04-06 07:08 . 2010-04-06 07:17 864256 ----a-w- c:\windows\Internet Logs\xDB4.tmp
2010-04-06 06:39 . 2009-03-28 21:08 17864 ----a-w- c:\documents and settings\Spen\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-06 06:36 . 2010-04-06 06:36 36864 ----a-w- c:\windows\Internet Logs\xDBB.tmp
2010-04-06 06:36 . 2010-04-06 06:36 1572864 ----a-w- c:\windows\Internet Logs\xDBC.tmp
2010-04-06 06:36 . 2009-12-11 06:42 -------- d-----w- c:\program files\Winamp Remote
2010-04-06 06:30 . 2010-04-06 06:30 -------- d-----w- c:\program files\CheckPoint
2010-04-06 06:30 . 2010-04-06 06:30 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-04-06 05:49 . 2008-11-03 02:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent
2010-04-05 15:10 . 2008-11-04 01:04 -------- d-----w- c:\program files\Common Files\Apple
2010-04-03 07:40 . 2008-11-03 02:27 -------- d-----w- c:\program files\uTorrent
2010-04-02 04:03 . 2008-10-31 03:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
2010-04-01 07:48 . 2008-10-30 05:39 17864 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-24 05:54 . 2008-10-30 05:36 -------- d-----w- c:\program files\ATI Technologies
2010-03-20 18:37 . 2008-11-04 01:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
2010-03-18 01:33 . 2008-10-31 02:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\Winamp
2010-03-14 19:45 . 2008-10-31 02:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\LimeWire
2010-03-14 12:49 . 2009-08-13 01:34 -------- d-----w- c:\documents and settings\Alex\Application Data\vlc
2010-03-14 09:33 . 2008-11-07 01:52 -------- d-----w- c:\program files\PokerStars
2010-03-14 07:30 . 2008-10-30 06:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-14 06:32 . 2009-07-18 19:39 -------- d-----w- c:\documents and settings\Alex\Application Data\LimeWire
2010-03-13 02:21 . 2010-02-06 16:30 -------- d-----w- c:\documents and settings\Alex\Application Data\dvdcss
2010-03-03 04:21 . 2008-09-24 03:09 4630016 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2010-03-03 04:07 . 2008-09-24 01:56 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2010-03-03 03:44 . 2008-09-24 02:09 14262272 ----a-w- c:\windows\system32\atioglxx.dll
2010-03-03 03:40 . 2008-09-24 02:18 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-03-03 03:40 . 2008-09-24 01:54 3616096 ----a-w- c:\windows\system32\ati3duag.dll
2010-03-03 03:39 . 2008-09-24 02:17 301056 ----a-w- c:\windows\system32\ati2dvag.dll
2010-03-03 03:24 . 2008-09-24 02:07 208896 ----a-w- c:\windows\system32\atipdlxx.dll
2010-03-03 03:24 . 2008-09-24 01:38 2232320 ----a-w- c:\windows\system32\ativvaxx.dll
2010-03-03 03:24 . 2008-09-24 02:06 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-03-03 03:24 . 2008-09-24 02:06 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-03-03 03:24 . 2008-09-24 01:38 887724 ----a-w- c:\windows\system32\ativva6x.dat
2010-03-03 03:24 . 2008-09-24 01:38 3 ----a-w- c:\windows\system32\ativva5x.dat
2010-03-03 03:24 . 2008-09-24 02:06 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-03-03 03:23 . 2008-09-24 02:06 159744 ----a-w- c:\windows\system32\ati2evxx.dll
2010-03-03 03:22 . 2008-09-24 02:04 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2010-03-03 03:21 . 2008-09-24 02:03 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-03-03 03:16 . 2008-09-24 01:20 565248 ----a-w- c:\windows\system32\atikvmag.dll
2010-03-03 03:15 . 2008-09-24 01:19 184320 ----a-w- c:\windows\system32\atiadlxx.dll
2010-03-03 03:14 . 2008-09-24 01:18 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-03-03 03:14 . 2008-09-24 01:18 393216 ----a-w- c:\windows\system32\atiok3x2.dll
2010-03-03 03:09 . 2008-09-24 01:12 638976 ----a-w- c:\windows\system32\ati2cqag.dll
2010-03-03 03:07 . 2008-09-24 01:18 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-03-03 03:07 . 2008-09-24 01:24 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2010-03-02 14:23 . 2009-07-17 01:59 -------- d-----w- c:\documents and settings\Alex\Application Data\Apple Computer
2010-02-25 19:55 . 2008-09-17 19:17 201875 ----a-w- c:\windows\system32\atiicdxx.dat
2010-02-12 18:46 . 2010-02-12 18:46 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 18:46 . 2010-02-12 18:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-01-09 01:37 . 2009-07-28 06:58 17864 ----a-w- c:\documents and settings\Alex\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.


------- Sigcheck -------

[-] 2009-01-13 . 6225F14B8CE08CCBA8B25AD27843C674 . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\59fc8f12b80caa991163249076d0bcca\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 23:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

c:\documents and settings\Alex\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-9-18 147456]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk
backup=c:\windows\pss\McAfee Security Scan.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
c:\program files\quicktime\qttask .exe -atboottime [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-28 00:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-06-20 00:20 57344 -c--a-w- c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare]
c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-28 03:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
c:\program files\BitComet\bitcomet .exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COM+ Manager]
c:\documents and settings\Administrator\.COMMgr\complmgr.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 02:56 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-08-08 12:11 490952 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate]
2008-10-05 03:24 235936 ----a-w- c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
c:\documents and settings\Spen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hf8wefhuaihf8ewfydiujhfdsfdf]
c:\docume~1\ADMINI~1\LOCALS~1\Temp\m27f2z3pza.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hsf87efjhdsf87f3jfsdi7fhsujfd]
c:\docume~1\ADMINI~1\LOCALS~1\Temp\avp32.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
c:\program files\iTunes\iTunesHelper.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-03-30 07:46 1086856 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mplay32xe.exe]
c:\docume~1\ADMINI~1\LOCALS~1\Temp\mplay32xe.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
c:\program files\Messenger\msmsgs.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-27 00:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
c:\program files\Winamp Remote\bin\OrbTray.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-10-09 22:54 17021440 -c--a-w- c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Software Informer]
c:\program files\Software Informer\softinfo.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 23:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-04-01 03:17 1238352 ----a-w- c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XboxStat]
c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe [N/A]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"14634:TCP"= 14634:TCP:BitComet 14634 TCP
"14634:UDP"= 14634:UDP:BitComet 14634 UDP

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/30/2008 12:04 AM 717296]
S0 anvjhxi;anvjhxi;c:\windows\system32\drivers\mcou.sys --> c:\windows\system32\drivers\mcou.sys [?]
S0 kmtex;kmtex;c:\windows\system32\drivers\docmkg.sys --> c:\windows\system32\drivers\docmkg.sys [?]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [4/6/2010 8:04 PM 135336]
S2 gupdate1c9cfcb98311892;Google Update Service (gupdate1c9cfcb98311892);c:\program files\Google\Update\GoogleUpdate.exe [5/8/2009 3:56 AM 133104]
S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;c:\windows\system32\drivers\xusb20.sys [10/13/2006 2:48 PM 50048]

--- Other Services/Drivers In Memory ---

*Deregistered* - zwhlwd

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-04-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2010-04-08 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-08 10:55]

2010-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-08 10:56]

2010-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-08 10:56]

2010-04-08 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-02-04 23:50]
.
.
------- Supplementary Scan -------
.
IE: &D&ownload &with BitComet - c:\program files\BitComet\bitcomet .exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\bitcomet .exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\bitcomet .exe/AddAllLink.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: ʹÓÃѸÀ×ÏÂÔØ - c:\documents and settings\Spen\Desktop\thunder\Thunder\Program\geturl.htm
IE: ʹÓÃѸÀ×ÏÂÔØÈ«²¿Á´½Ó - c:\documents and settings\Spen\Desktop\thunder\Thunder\Program\getallurl.htm
FF - ProfilePath - c:\documents and settings\Spen\Application Data\Mozilla\Firefox\Profiles\a0hc1fm0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - component: c:\program files\CheckPoint\ZAForceField\TrustChecker\components\TrustCheckerMozillaPlugin.dll
FF - plugin: c:\documents and settings\Spen\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox 3.5 Beta 4\plugins\npLegitCheckPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox 3.5 Beta 4\plugins\npnul32.dll
FF - plugin: c:\program files\Mozilla Firefox 3.5 Beta 4\plugins\npqtplugin.dll
FF - plugin: c:\program files\Mozilla Firefox 3.5 Beta 4\plugins\npqtplugin2.dll
FF - plugin: c:\program files\Mozilla Firefox 3.5 Beta 4\plugins\npqtplugin3.dll
FF - plugin: c:\program files\Mozilla Firefox 3.5 Beta 4\plugins\npqtplugin4.dll
FF - plugin: c:\program files\Mozilla Firefox 3.5 Beta 4\plugins\npqtplugin5.dll
FF - plugin: c:\program files\Mozilla Firefox 3.5 Beta 4\plugins\npqtplugin6.dll
FF - plugin: c:\program files\Mozilla Firefox 3.5 Beta 4\plugins\npqtplugin7.dll

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-KLiteCodecPack_is1 - g:\programs\K-Lite Codec Pack\unins000.exe
AddRemove-uTorrent - g:\program files\uTorrent\uTorrent.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-07 20:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A896AC8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf763bfc3
\Driver\ACPI -> ACPI.sys @ 0xf7496cb8
\Driver\atapi -> 0x8ab5a1f8
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e4d75
ParseProcedure -> ntoskrnl.exe @ 0x8057950b
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e4d75
ParseProcedure -> ntoskrnl.exe @ 0x8057950b
NDIS: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xba57fba0
PacketIndicateHandler -> NDIS.sys @ 0xba58cb21
SendHandler -> NDIS.sys @ 0xba56a87b
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\zwhlwd]

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-789336058-1935655697-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:1d,43,1b,e5,21,0f,a6,e6,42,fb,76,42,c0,36,94,8e,fe,02,91,09,1e,
d6,00,e0,bc,02,7f,c0,ad,40,8b,26,85,c8,39,53,a1,27,f8,1e,4a,12,cb,45,01,07,\
"rkeysecu"=hex:04,5a,e4,57,be,78,e9,65,76,e7,15,b6,48,67,f8,26
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(656)
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll

- - - - - - - > 'lsass.exe'(724)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(1456)
c:\windows\system32\WININET.dll
.
Completion time: 2010-04-07 20:46:56 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-08 03:46

Pre-Run: 2,381,766,656 bytes free
Post-Run: 6,554,066,944 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 700EC4A17B6344AE34C1097B7DB7B7D0

Hi

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• Under the Custom Scan box paste this in
  
  %systemroot%\*. /mp /s
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\system32\*.exe /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\system32\drivers\*.sys /lockedfiles
  %systemroot%\System32\config\*.sav
  %systemroot%\system32\*.sys
  %systemroot%\system32\drivers\*.dll
  %systemroot%\system32\drivers\*.ini
  %systemroot%\system32\drivers\*.exe
  %SYSTEMDRIVE%\*.*
  %PROGRAMFILES%\*.
  %appdata%\*.*
  netsvcs
  msconfig
  safebootminimal
  safebootnetwork
  activex
  drivers32
  /md5start
  eventlog.dll
  scecli.dll
  netlogon.dll
  cngaudit.dll
  sceclt.dll
  ntelogon.dll
  logevent.dll
  iaStor.sys
  nvstor.sys
  atapi.sys
  IdeChnDr.sys
  viasraid.sys
  AGP440.sys
  vaxscsi.sys
  nvatabus.sys
  viamraid.sys
  nvata.sys
  nvgts.sys
  iastorv.sys
  ViPrt.sys
  eNetHook.dll
  ahcix86.sys
  KR10N.sys
  disk.sys
  nvstor32.sys
  ahcix86s.sys
  nvrd32.sys
  symmpi.sys
  adp3132.sys
  mv61xx.sys
  usbstor.sys
  /md5stop
  CREATERESTOREPOINT
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time
    

OTL Extras logfile created on: 4/8/2010 6:10:40 PM - Run 1
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Documents and Settings\Spen\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 1.82 Gb Free Space | 0.78% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ALEX-ROOM
Current User Name: Spen
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"14634:TCP" = 14634:TCP:*:Enabled:BitComet 14634 TCP
"14634:UDP" = 14634:UDP:*:Enabled:BitComet 14634 UDP
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Winamp Remote\bin\Orb.exe" = C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb -- (Orb Networks, Inc.)
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- (Orb Networks)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{1A48AB8A-DA88-545F-9D3D-C481DC6C31A3}" = Catalyst Control Center Graphics Full Existing
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{257DEF70-A302-CF80-79FE-D8C72EB5E4D0}" = ccc-utility
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2CF6349E-8A3F-B726-F59A-8703FC8885E8}" = Catalyst Control Center Graphics Light
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{302126A2-BB96-5931-6249-CAACA2C89AA1}" = ccc-core-static
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5B9EFDF8-AC4F-CA21-9A8C-7534D49E7EE9}" = Catalyst Control Center HydraVision Full
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C89B82E-AD76-7715-43EA-C37E563E83BB}" = ATI Catalyst Install Manager
"{6F42FC6B-947B-9B89-29B0-545F0815AD7F}" = ATI Parental Control & Encoder
"{72736F5F-520D-472A-88CC-7B02872FD34E}" = ATI Catalyst Registration
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{855AA20A-CA81-7EF1-1936-AE4AA3DC4BEA}" = ccc-core-preinstall
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9867BC9-0EAD-BAC6-C320-4FBC2E127643}" = Catalyst Control Center Core Implementation
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.1
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{BE8A9C2C-8E41-445B-A746-BEB0B1F992F8}" = DJ_AIO_03_F4200_Software_Min
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3B6AEB1-390C-4792-8677-CD87F8B2C959}" = HP Deskjet F4200 All-In-One Driver 11.0 03
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF097717-F174-4144-954A-FBC4BF301033}" = Nero 7 Ultra Edition
"{D0E6B5D9-6737-AF3E-7BE5-7327DD6B6002}" = Catalyst Control Center Graphics Previews Common
"{E4C82E4B-CD9E-27ED-BC6A-E099DE3EC3ED}" = CCC Help English
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{E7231089-60AD-CD67-8CC0-B0F415E2A32A}" = Catalyst Control Center Graphics Full New
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"BitComet" = BitComet 1.05
"CCleaner" = CCleaner (remove only)
"FileASSASSIN" = FileASSASSIN
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"LimeWire" = LimeWire 4.18.8
"Magic ISO Maker v5.5 (build 0273)" = Magic ISO Maker v5.5 (build 0273)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Orb" = Winamp Remote
"PartyPoker" = PartyPoker
"PokerStars" = PokerStars
"Postal 2 Share The Pain" = Postal 2 Share The Pain
"PowerShell" = Windows PowerShell(TM) 1.0
"PunkBusterSvc" = PunkBuster Services
"RealVNC_is1" = VNC Free Edition 4.1.2
"StarCraft II Beta" = StarCraft II Beta
"Steam App 240" = Counter-Strike: Source
"uTorrent" = µTorrent
"VIDEOzilla_is1" = VIDEOzilla v2.8
"VLC media player" = VLC media player 1.0.3
"Wdf01001" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.1
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"Winamp Toolbar for Firefox" = Winamp Toolbar for Firefox
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"ZoneAlarm" = ZoneAlarm
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/6/2010 10:44:03 PM | Computer Name = ALEX-ROOM | Source = Application Error | ID = 1000
Description = Faulting application vsmon.exe, version 9.1.7.2, faulting module ,
version 0.0.0.0, fault address 0x00000000.

Error - 4/6/2010 10:52:19 PM | Computer Name = ALEX-ROOM | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.1.3685, faulting module
3difr.x3d, version 9.1.0.0, fault address 0x0001d601.

Error - 4/6/2010 11:08:29 PM | Computer Name = ALEX-ROOM | Source = Application Error | ID = 1000
Description = Faulting application acrotray .exe, version 3.2.1203.2000, faulting
module msvcrt.dll, version 7.0.2600.2180, fault address 0x00037fd4.

Error - 4/8/2010 3:59:43 AM | Computer Name = ALEX-ROOM | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module Flash10c.ocx, version 10.0.32.18, fault address 0x0005ba18.

Error - 4/8/2010 7:06:59 AM | Computer Name = ALEX-ROOM | Source = Application Error | ID = 1000
Description = Faulting application pavark.exe, version 5.0.0.4, faulting module
ntdll.dll, version 5.1.2600.3520, fault address 0x000101b3.

Error - 4/8/2010 7:08:08 AM | Computer Name = ALEX-ROOM | Source = Application Error | ID = 1000
Description = Faulting application pavark.exe, version 5.0.0.4, faulting module
ntdll.dll, version 5.1.2600.3520, fault address 0x00011a5d.

Error - 4/8/2010 7:09:11 AM | Computer Name = ALEX-ROOM | Source = Application Error | ID = 1000
Description = Faulting application pooolngutfdddddrk.exe, version 5.0.0.4, faulting
module jscript.dll, version 5.7.6002.22145, fault address 0x0000c6c0.

Error - 4/8/2010 6:57:03 PM | Computer Name = ALEX-ROOM | Source = Google Update | ID = 20
Description =

Error - 4/8/2010 7:57:03 PM | Computer Name = ALEX-ROOM | Source = Google Update | ID = 20
Description =

Error - 4/8/2010 8:57:03 PM | Computer Name = ALEX-ROOM | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 4/8/2010 1:16:27 AM | Computer Name = ALEX-ROOM | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460

Error - 4/8/2010 1:24:32 AM | Computer Name = ALEX-ROOM | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460

Error - 4/8/2010 2:02:08 AM | Computer Name = ALEX-ROOM | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460

Error - 4/8/2010 2:15:33 AM | Computer Name = ALEX-ROOM | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460

Error - 4/8/2010 2:38:59 AM | Computer Name = ALEX-ROOM | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460

Error - 4/8/2010 3:36:57 AM | Computer Name = ALEX-ROOM | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_ZWHLWD\0000 disappeared from the system without
first being prepared for removal.

Error - 4/8/2010 3:22:52 PM | Computer Name = ALEX-ROOM | Source = Service Control Manager | ID = 7028
Description = The Cfg Registry key denied access to SYSTEM account programs so the
Service Control Manager took ownership of the Registry key.

Error - 4/8/2010 3:23:02 PM | Computer Name = ALEX-ROOM | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Cdrom Imapi

Error - 4/8/2010 3:23:35 PM | Computer Name = ALEX-ROOM | Source = Service Control Manager | ID = 7034
Description = The Application Layer Gateway Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 4/8/2010 3:46:02 PM | Computer Name = ALEX-ROOM | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Cdrom Imapi


< End of report >

OTL.txt had too much text to display as a message, i'll attach the TXT file for you.

Hmm I'm trying to attach it and it's telling me it is an invalid file.
My next two posts are OTL.txt in two posts.

Last edited by jogna on 9th April 2010, 1:28 am; edited 1 time in total

OTL logfile created on: 4/8/2010 6:10:40 PM - Run 1
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Documents and Settings\Spen\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 1.82 Gb Free Space | 0.78% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ALEX-ROOM
Current User Name: Spen
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/08 18:09:53 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Spen\My Documents\Downloads\OTL.exe
PRC - [2010/04/08 12:34:15 | 000,319,792 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2010/03/30 00:46:02 | 001,086,856 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/16 15:36:32 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/01/26 15:31:12 | 005,365,592 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
PRC - [2008/04/13 17:12:40 | 000,032,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wpabaln.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/04/08 18:09:53 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Spen\My Documents\Downloads\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/16 15:36:32 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2007/10/25 16:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2006/05/12 16:04:08 | 000,439,248 | ---- | M] (RealVNC Ltd.) [Disabled | Stopped] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)


========== Driver Services (SafeList) ==========

DRV - [2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/03/02 21:21:08 | 004,630,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010/02/16 13:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/11/22 15:42:54 | 000,486,280 | ---- | M] (Check Point Software Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2009/05/11 11:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/09 01:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2009/03/30 01:14:47 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/10/30 00:04:51 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2008/10/13 19:26:10 | 004,879,360 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/08/07 20:14:56 | 000,111,360 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/04/13 11:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 09:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/07/20 19:40:10 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2007/02/26 17:15:22 | 000,061,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\xusb21.sys -- (xusb21)
DRV - [2006/10/13 14:48:26 | 000,050,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\xusb20.sys -- (xusb20)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://go.microsoft.com/fwlink/?LinkId=69157"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.53.4
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=IEFM1&q="


FF - HKLM\software\mozilla\Firefox\extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2010/04/05 23:31:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox 3.5 Beta 4\components [2010/04/07 01:38:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox 3.5 Beta 4\plugins [2010/04/07 01:38:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/05 08:08:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/05 08:08:37 | 000,000,000 | ---D | M]

[2009/03/28 14:09:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spen\Application Data\Mozilla\Extensions
[2009/11/06 23:36:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spen\Application Data\Mozilla\Firefox\Profiles\a0hc1fm0.default\extensions
[2009/11/06 23:35:52 | 000,002,171 | ---- | M] () -- C:\Documents and Settings\Spen\Application Data\Mozilla\Firefox\Profiles\a0hc1fm0.default\searchplugins\bing.xml
[2010/04/08 01:17:05 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/01/22 23:20:30 | 000,491,520 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll

O1 HOSTS File: ([2010/04/08 02:14:18 | 000,385,193 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 13312 more lines...
O2 - BHO: (ThunderAtOnce Class) - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Documents and Settings\Spen\Desktop\thunder\Thunder\ComDlls\TDAtOnce_Now.dll (Thunder Networking Technologies,LTD)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll (BitComet)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {889D2FEB-5411-4565-8998-1DD2C5261283} - No CLSID value found.
O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: ʹÓÃѸÀ×ÏÂÔØ - C:\Documents and Settings\Spen\Desktop\thunder\Thunder\Program\geturl.htm ()
O8 - Extra context menu item: ʹÓÃѸÀ×ÏÂÔØÈ«²¿Á´½Ó - C:\Documents and Settings\Spen\Desktop\thunder\Thunder\Program\getAllurl.htm ()
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll (BitComet)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.144.18 64.59.144.19
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Spen\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Spen\Application Data\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - Unable to open key or key not present!
O32 - AutoRun File - [2008/10/29 23:08:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/10/29 14:41:07 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe - (Lime Wire, LLC)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan.lnk - C:\PROGRA~1\McAfee Security Scan\1.0.150\SSScheduler.exe - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe - (Microsoft Corporation)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Alcmtr - hkey= - key= - C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: ATICustomerCare - hkey= - key= - C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe File not found
MsConfig - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
MsConfig - StartUpReg: BitComet - hkey= - key= - c:\program files\BitComet\bitcomet .exe File not found
MsConfig - StartUpReg: COM+ Manager - hkey= - key= - C:\Documents and Settings\Administrator\.COMMgr\complmgr.exe File not found
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
MsConfig - StartUpReg: FlashPlayerUpdate - hkey= - key= - File not found
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Documents and Settings\Spen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe File not found
MsConfig - StartUpReg: hf8wefhuaihf8ewfydiujhfdsfdf - hkey= - key= - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\m27f2z3pza.exe File not found
MsConfig - StartUpReg: hsf87efjhdsf87f3jfsdi7fhsujfd - hkey= - key= - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\avp32.exe File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe File not found
MsConfig - StartUpReg: Malwarebytes Anti-Malware (reboot) - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
MsConfig - StartUpReg: mplay32xe.exe - hkey= - key= - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mplay32xe.exe File not found
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: MsnMsgr - hkey= - key= - c:\program files\windows live\messenger\msnmsgr .exe (Microsoft Corporation)
MsConfig - StartUpReg: Orb - hkey= - key= - C:\Program Files\Winamp Remote\bin\OrbTray.exe File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\program files\quicktime\qttask .exe (Apple Inc.)
MsConfig - StartUpReg: RTHDCPL - hkey= - key= - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: Software Informer - hkey= - key= - C:\Program Files\Software Informer\softinfo.exe File not found
MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= - c:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
MsConfig - StartUpReg: StartCCC - hkey= - key= - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe File not found
MsConfig - StartUpReg: Steam - hkey= - key= - C:\Program Files\Steam\Steam.exe (Valve Corporation)
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe File not found
MsConfig - StartUpReg: XboxStat - hkey= - key= - C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows script 5.7
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494)
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /HideWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.HFYU - C:\WINDOWS\System32\huffyuv.dll (Disappearing Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.VP60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP70 - C:\WINDOWS\System32\vp7vfw.dll (On2.com)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2010/04/08 12:46:25 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/04/08 12:28:11 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2010/04/08 12:27:23 | 002,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2010/04/08 12:27:23 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2010/04/08 12:27:22 | 002,189,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2010/04/08 12:27:22 | 002,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2010/04/08 12:27:09 | 000,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2010/04/08 12:27:01 | 000,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2010/04/08 12:26:18 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2010/04/08 12:24:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/04/08 12:23:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/04/08 12:22:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/04/08 12:17:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/04/08 12:17:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/04/08 12:16:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/04/08 12:16:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/04/08 12:07:52 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/04/08 04:10:32 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Spen\IETldCache
[2010/04/08 04:08:39 | 000,008,576 | ---- | C] (Panda Software International) -- C:\WINDOWS\System32\drivers\iyxnciyqodnk.sys
[2010/04/08 04:08:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/04/08 04:07:22 | 000,008,576 | ---- | C] (Panda Software International) -- C:\WINDOWS\System32\drivers\irxyvcqntpwi.sys
[2010/04/08 04:05:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Spen\Pavark
[2010/04/08 04:05:14 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/04/08 03:07:06 | 000,000,000 | ---D | C] -- C:\b9366766186a5e08fc2c
[2010/04/08 00:26:40 | 000,000,000 | ---D | C] -- C:\commy
[2010/04/07 23:28:25 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidserv.dll
[2010/04/07 23:23:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2010/04/07 23:20:48 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2010/04/07 23:20:48 | 000,004,255 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv01nt5.dll
[2010/04/07 23:20:48 | 000,003,967 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv02nt5.dll
[2010/04/07 23:20:48 | 000,003,615 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv05nt5.dll
[2010/04/07 23:20:47 | 000,003,775 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv11nt5.dll
[2010/04/07 23:20:47 | 000,003,711 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv09nt5.dll
[2010/04/07 23:20:47 | 000,003,647 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv07nt5.dll
[2010/04/07 23:20:47 | 000,003,135 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv08nt5.dll
[2010/04/07 23:20:46 | 000,043,008 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\drivers\amdagp.sys
[2010/04/07 23:20:45 | 000,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3d1ag.dll
[2010/04/07 23:20:45 | 000,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvaa.dll
[2010/04/07 23:20:45 | 000,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativtmxx.dll
[2010/04/07 23:20:45 | 000,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativmvxx.ax
[2010/04/07 23:20:45 | 000,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativdaxx.ax
[2010/04/07 23:20:44 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2010/04/07 23:20:44 | 000,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthprint.sys
[2010/04/07 23:20:44 | 000,025,471 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv04nt5.dll
[2010/04/07 23:20:44 | 000,021,183 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv01nt5.dll
[2010/04/07 23:20:44 | 000,017,279 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv10nt5.dll
[2010/04/07 23:20:44 | 000,014,143 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv06nt5.dll
[2010/04/07 23:20:44 | 000,011,359 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv02nt5.dll
[2010/04/07 23:20:44 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2010/04/07 23:20:42 | 000,015,423 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\ch7xxnt5.dll
[2010/04/07 23:20:39 | 000,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2010/04/07 23:20:39 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2010/04/07 23:20:39 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2010/04/07 23:20:39 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2010/04/07 23:20:39 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2010/04/07 23:20:39 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2010/04/07 23:20:39 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2010/04/07 23:20:39 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2010/04/07 23:20:37 | 000,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2010/04/07 23:20:37 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2010/04/07 23:20:37 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2010/04/07 23:20:37 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2010/04/07 23:20:37 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2010/04/07 23:20:37 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2010/04/07 23:20:37 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2010/04/07 23:20:36 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\faxpatch.exe
[2010/04/07 23:20:33 | 000,032,285 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\hsfcisp2.dll
[2010/04/07 23:20:32 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2010/04/07 23:20:31 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsdupd.exe
[2010/04/07 23:20:30 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irbus.sys
[2010/04/07 23:20:27 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwnh.dll
[2010/04/07 23:20:26 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpapi.dll
[2010/04/07 23:20:22 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2010/04/07 23:20:22 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2010/04/07 23:20:22 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2010/04/07 23:20:22 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2010/04/07 23:20:22 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2010/04/07 23:20:12 | 000,086,016 | ---- | C] (Conexant) -- C:\WINDOWS\System32\mdmxsdk.dll
[2010/04/07 23:20:11 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2010/04/07 23:20:11 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2010/04/07 23:20:11 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2010/04/07 23:20:11 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2010/04/07 23:20:04 | 001,737,856 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\mtxparhd.dll
[2010/04/07 23:20:04 | 001,372,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2010/04/07 23:20:04 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2010/04/07 23:20:04 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2010/04/07 23:20:04 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2010/04/07 23:20:04 | 000,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mutohpen.sys
[2010/04/07 23:20:03 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2010/04/07 23:20:03 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2010/04/07 23:20:03 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2010/04/07 23:20:00 | 004,274,816 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll
[2010/04/07 23:20:00 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2010/04/07 23:19:57 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2010/04/07 23:19:57 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2010/04/07 23:19:57 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2010/04/07 23:19:57 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2010/04/07 23:19:56 | 000,397,056 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\s3gnb.dll
[2010/04/07 23:19:56 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2010/04/07 23:19:56 | 000,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2010/04/07 23:19:54 | 000,286,792 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slextspk.dll
[2010/04/07 23:19:54 | 000,188,508 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slgen.dll
[2010/04/07 23:19:54 | 000,073,832 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slcoinst.dll
[2010/04/07 23:19:54 | 000,073,796 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slserv.exe
[2010/04/07 23:19:54 | 000,040,960 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\drivers\sisagp.sys
[2010/04/07 23:19:54 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slrundll.exe
[2010/04/07 23:19:54 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\slrundll.exe
[2010/04/07 23:19:54 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2010/04/07 23:19:54 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2010/04/07 23:19:54 | 000,003,901 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\siint5.dll
[2010/04/07 23:19:53 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdwxp.exe
[2010/04/07 23:19:53 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spdwnwxp.exe
[2010/04/07 23:19:49 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2010/04/07 23:19:48 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\verclsid.exe
[2010/04/07 23:19:48 | 000,011,325 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\vchnt5.dll
[2010/04/07 23:19:47 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
[2010/04/07 23:19:45 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2010/04/07 23:17:46 | 000,095,424 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2010/04/07 23:17:46 | 000,025,471 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\watv10nt.sys
[2010/04/07 23:17:46 | 000,022,271 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\watv06nt.sys
[2010/04/07 23:17:46 | 000,013,240 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slwdmsup.sys
[2010/04/07 23:17:46 | 000,011,935 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv11nt.sys
[2010/04/07 23:17:46 | 000,011,871 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys
[2010/04/07 23:17:46 | 000,011,807 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv07nt.sys
[2010/04/07 23:17:46 | 000,011,295 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv08nt.sys
[2010/04/07 23:17:45 | 001,897,408 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nv4_mini.sys
[2010/04/07 23:17:45 | 001,309,184 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2010/04/07 23:17:45 | 000,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\drivers\mtxparhm.sys
[2010/04/07 23:17:45 | 000,404,990 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2010/04/07 23:17:45 | 000,180,360 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2010/04/07 23:17:45 | 000,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\drivers\s3gnbm.sys
[2010/04/07 23:17:45 | 000,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys
[2010/04/07 23:17:45 | 000,126,686 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2010/04/07 23:17:45 | 000,013,776 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\recagent.sys
[2010/04/07 23:17:44 | 000,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys
[2010/04/07 23:17:44 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys
[2010/04/07 23:17:44 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys
[2010/04/07 23:17:44 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1rvxx.sys
[2010/04/07 23:17:44 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys
[2010/04/07 23:17:44 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys
[2010/04/07 23:17:44 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys
[2010/04/07 23:17:44 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys
[2010/04/07 23:17:44 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys
[2010/04/07 23:17:44 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xsxx.sys
[2010/04/07 23:17:44 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys
[2010/04/07 23:17:44 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1raxx.sys
[2010/04/07 23:17:44 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys
[2010/04/07 23:17:44 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys
[2010/04/07 23:17:44 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys
[2010/04/07 23:17:44 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1ttxx.sys
[2010/04/07 23:17:44 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2010/04/07 23:17:44 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2010/04/07 23:17:44 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2010/04/07 23:17:44 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1pdxx.sys
[2010/04/07 23:17:44 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1mdxx.sys
[2010/04/07 23:14:15 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2010/04/07 23:14:10 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/04/07 23:14:03 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2010/04/07 23:14:03 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2010/04/07 23:13:33 | 000,455,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2010/04/07 20:47:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/04/07 20:26:45 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/04/07 20:25:10 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/04/07 20:25:10 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/04/07 20:25:10 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/04/07 20:25:10 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/04/07 20:24:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/07 20:22:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/07 19:00:40 | 000,000,000 | ---D | C] -- C:\Program Files\FileASSASSIN
[2010/04/07 13:52:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Spen\Desktop\SmitfraudFix
[2010/04/07 12:46:24 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/07 12:46:20 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/07 12:46:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/07 06:00:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/04/07 06:00:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/04/07 02:18:41 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Spen\Recent
[2010/04/07 02:07:32 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/04/07 02:05:18 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/04/06 21:14:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/04/06 20:31:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/04/06 20:25:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/04/06 20:22:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Spen\Application Data\Avira
[2010/04/06 20:04:02 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/04/06 20:04:01 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/04/06 20:04:01 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/04/06 20:04:01 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/04/06 20:04:01 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/04/06 20:04:00 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/04/06 20:04:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/04/05 23:51:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Spen\Local Settings\Application Data\AskToolbar
[2010/04/05 23:43:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/04/05 23:31:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Spen\My Documents\ForceField Shared Files
[2010/04/05 23:31:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Spen\Application Data\CheckPoint
[2010/04/05 23:30:50 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2010/04/05 23:30:46 | 000,058,248 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsregexp.dll
[2010/04/05 23:30:45 | 000,103,816 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcommdb.dll
[2010/04/05 23:30:45 | 000,069,000 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcomm.dll
[2010/04/05 23:30:39 | 001,238,408 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zpeng25.dll
[2010/04/05 23:30:39 | 000,299,912 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vspubapi.dll
[2010/04/05 23:30:39 | 000,109,960 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsxml.dll
[2010/04/05 23:30:39 | 000,107,912 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsmonapi.dll
[2010/04/05 23:30:39 | 000,041,864 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vswmi.dll
[2010/04/05 23:30:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
[2010/04/05 23:30:38 | 000,486,280 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys
[2010/04/05 23:30:12 | 000,621,960 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsutil.dll
[2010/04/05 23:30:12 | 000,227,720 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsinit.dll
[2010/04/05 23:30:12 | 000,112,008 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdata.dll
[2010/04/05 23:21:46 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2010/04/05 23:21:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2010/04/05 08:10:14 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/04/05 08:10:11 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/04/05 08:10:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/04/05 08:08:00 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/04/05 08:04:11 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/03/31 20:17:38 | 000,000,000 | ---D | C] -- C:\Program Files\dumps
[2010/03/29 19:36:32 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/03/28 23:18:36 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2010/03/23 22:56:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ATI
[2010/03/23 22:52:53 | 003,641,344 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\System32\aticaldd.dll
[2010/03/23 22:52:53 | 000,143,360 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atiapfxx.exe
[2010/03/23 22:52:53 | 000,118,784 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atibtmon.exe
[2010/03/23 22:52:53 | 000,065,024 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\System32\atimpc32.dll
[2010/03/23 22:52:53 | 000,045,056 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\System32\aticalrt.dll
[2010/03/23 22:52:53 | 000,045,056 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\System32\aticalcl.dll
[2010/03/23 22:52:35 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2010/03/21 02:51:23 | 000,000,000 | ---D | C] -- C:\Program Files\StarCraft II Beta
[2010/03/21 02:51:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment
[2010/03/20 11:42:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Spen\Desktop\Unused Desktop Shortcuts
[2010/03/20 11:22:17 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2010/03/17 21:53:42 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2010/03/17 21:53:42 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2010/03/15 01:37:48 | 000,000,000 | ---D | C] -- C:\Program Files\World of Warcraft
[2010/03/14 12:55:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment
[2009/12/10 21:58:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2009/05/13 00:30:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/05/08 03:56:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/11/10 19:48:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/10/29 23:11:24 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/10/29 23:11:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/08 18:01:00 | 000,000,250 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/04/08 17:23:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/08 14:23:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/08 12:47:29 | 000,454,170 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/08 12:47:29 | 000,074,628 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/08 12:47:28 | 000,538,676 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/08 12:45:53 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/04/08 12:45:37 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/08 12:45:32 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/08 12:45:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/08 12:45:25 | 000,117,360 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/08 12:44:36 | 008,650,752 | -H-- | M] () -- C:\Documents and Settings\Spen\NTUSER.DAT
[2010/04/08 12:44:36 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Spen\ntuser.ini
[2010/04/08 12:44:31 | 005,379,218 | -H-- | M] () -- C:\Documents and Settings\Spen\Local Settings\Application Data\IconCache.db
[2010/04/08 12:34:15 | 000,000,673 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2010/04/08 12:29:15 | 000,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2010/04/08 12:26:59 | 000,018,640 | ---- | M] () -- C:\Documents and Settings\Spen\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/08 12:24:11 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/04/08 12:20:34 | 000,002,639 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/08 12:12:26 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/04/08 04:08:33 | 000,008,576 | ---- | M] (Panda Software International) -- C:\WINDOWS\System32\drivers\iyxnciyqodnk.sys
[2010/04/08 04:07:15 | 000,008,576 | ---- | M] (Panda Software International) -- C:\WINDOWS\System32\drivers\irxyvcqntpwi.sys
[2010/04/08 02:14:18 | 000,385,193 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/04/08 02:00:22 | 000,000,000 | RHS- | M] () -- C:\Documents and Settings\All Users\Documents\khq
[2010/04/08 00:40:13 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/08 00:39:48 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100408-021417.backup
[2010/04/07 23:28:54 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2010/04/07 23:28:52 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2010/04/07 22:19:22 | 000,007,882 | -HS- | M] () -- C:\Documents and Settings\Spen\Local Settings\Application Data\bQT88M2c
[2010/04/07 22:19:22 | 000,007,882 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\bQT88M2c
[2010/04/07 21:32:39 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/07 20:26:54 | 000,000,279 | RHS- | M] () -- C:\boot.ini
[2010/04/07 12:46:26 | 000,000,757 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Pokemon Gold.lnk
[2010/04/07 02:42:50 | 000,000,090 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/04/07 02:07:40 | 000,000,992 | ---- | M] () -- C:\Documents and Settings\Spen\Desktop\Spybot - Search & Destroy.lnk
[2010/04/07 02:05:18 | 000,001,783 | ---- | M] () -- C:\Documents and Settings\Spen\Desktop\HijackThis.lnk
[2010/04/07 02:01:38 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Igucur.dat
[2010/04/07 02:01:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Qgivodexadapeq.bin
[2010/04/06 19:52:17 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/04/06 19:31:37 | 000,148,016 | ---- | M] () -- C:\Documents and Settings\Spen\My Documents\cc_20100406_193125.reg
[2010/04/06 00:18:30 | 000,012,848 | -HS- | M] () -- C:\Documents and Settings\Spen\Local Settings\Application Data\GbW53PfLB
[2010/04/06 00:18:30 | 000,012,848 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\GbW53PfLB
[2010/04/06 00:16:43 | 000,201,728 | -HS- | M] () -- C:\Documents and Settings\Spen\Local Settings\Application Data\2269221376.dll
[2010/04/06 00:03:12 | 000,000,319 | ---- | M] () -- C:\Documents and Settings\Spen\Desktop\trojan_fakerean_exe_fix.reg
[2010/04/06 00:00:44 | 000,002,322 | ---- | M] () -- C:\Documents and Settings\Spen\Desktop\Google Chrome.lnk
[2010/04/05 23:31:36 | 000,422,437 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/04/05 23:30:47 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/04/05 23:07:41 | 000,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100407-021746.backup
[2010/04/05 18:48:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/05 08:10:34 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/05 08:08:28 | 000,001,653 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/04/01 20:41:41 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/28 23:18:36 | 000,001,886 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2010/03/21 02:59:13 | 000,000,868 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\StarCraft II Beta.lnk
[2010/03/17 21:53:42 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2010/03/17 21:53:42 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2010/03/12 18:02:38 | 000,261,632 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/03/11 05:38:51 | 000,133,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\extmgr.dll
[2010/03/10 06:18:21 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/08 12:34:15 | 000,000,673 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2010/04/08 12:29:15 | 000,004,444 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF
[2010/04/08 02:00:22 | 000,000,000 | RHS- | C] () -- C:\Documents and Settings\All Users\Documents\khq
[2010/04/08 02:00:10 | 000,734,581 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\rydxuu.exe
[2010/04/07 23:28:54 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2010/04/07 23:28:52 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2010/04/07 23:22:33 | 000,002,639 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/04/07 23:20:27 | 000,000,974 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[2010/04/07 23:17:44 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2010/04/07 23:17:43 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2010/04/07 23:17:43 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2010/04/07 22:15:50 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe
[2010/04/07 22:14:05 | 000,007,882 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\bQT88M2c
[2010/04/07 22:14:04 | 000,007,882 | -HS- | C] () -- C:\Documents and Settings\Spen\Local Settings\Application Data\bQT88M2c
[2010/04/07 20:26:53 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2010/04/07 20:26:48 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/04/07 20:25:10 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/04/07 20:25:10 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/04/07 20:25:10 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/04/07 20:25:10 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/07 20:25:10 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/04/07 12:46:26 | 000,000,757 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Pokemon Gold.lnk
[2010/04/07 02:42:50 | 000,000,090 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/04/07 02:07:40 | 000,000,992 | ---- | C] () -- C:\Documents and Settings\Spen\Desktop\Spybot - Search & Destroy.lnk
[2010/04/07 02:05:18 | 000,001,783 | ---- | C] () -- C:\Documents and Settings\Spen\Desktop\HijackThis.lnk
[2010/04/06 19:52:17 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/04/06 19:31:29 | 000,148,016 | ---- | C] () -- C:\Documents and Settings\Spen\My Documents\cc_20100406_193125.reg
[2010/04/06 00:03:12 | 000,000,319 | ---- | C] () -- C:\Documents and Settings\Spen\Desktop\trojan_fakerean_exe_fix.reg
[2010/04/06 00:00:44 | 000,002,322 | ---- | C] () -- C:\Documents and Settings\Spen\Desktop\Google Chrome.lnk
[2010/04/05 23:52:20 | 000,201,728 | -HS- | C] () -- C:\Documents and Settings\Spen\Local Settings\Application Data\2269221376.dll
[2010/04/05 23:39:03 | 000,012,848 | -HS- | C] () -- C:\Documents and Settings\Spen\Local Settings\Application Data\GbW53PfLB
[2010/04/05 23:30:47 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/04/05 23:30:38 | 000,422,437 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/04/05 23:17:38 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Igucur.dat
[2010/04/05 23:17:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Qgivodexadapeq.bin
[2010/04/05 23:08:05 | 000,012,848 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\GbW53PfLB
[2010/04/05 08:10:34 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/05 08:08:28 | 000,001,653 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/03/28 23:18:36 | 000,001,886 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2010/03/23 22:52:53 | 000,033,616 | ---- | C] () -- C:\WINDOWS\System32\atiapfxx.blb
[2010/03/21 02:51:23 | 000,000,868 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\StarCraft II Beta.lnk
[2010/03/20 11:22:20 | 000,000,250 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2009/12/12 21:34:43 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Spen\Local Settings\Application Data\fusioncache.dat
[2009/05/31 15:49:48 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\EGameEncrypt.dll
[2009/05/18 13:56:09 | 000,000,337 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/04/11 12:15:27 | 000,000,146 | ---- | C] () -- C:\Documents and Settings\Spen\default.pls
[2009/03/28 17:06:14 | 000,203,264 | ---- | C] () -- C:\Documents and Settings\Spen\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/28 15:31:22 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/03/28 15:31:09 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/03/28 15:31:09 | 000,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/03/28 15:31:09 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/03/28 15:31:01 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/03/28 15:31:01 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/03/28 14:07:50 | 000,028,672 | -H-- | C] () -- C:\Documents and Settings\Spen\ntuser.dat.LOG
[2009/03/28 14:07:50 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Spen\ntuser.ini
[2009/03/28 14:07:49 | 008,650,752 | -H-- | C] () -- C:\Documents and Settings\Spen\NTUSER.DAT
[2009/02/15 07:43:11 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008/12/03 23:28:15 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\vzcontextmenu.dll
[2008/12/03 23:28:13 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\DetectDxQT.dll
[2008/11/05 19:36:34 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/11/01 16:57:24 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/13 17:11:51 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/10/29 14:46:49 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/10/29 14:46:49 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/10/29 14:46:49 | 000,909,312 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2001/08/17 08:31:52 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2001/08/17 08:31:56 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2001/08/17 08:31:48 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2001/08/17 08:31:56 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2004/08/03 17:46:54 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2001/08/17 08:31:44 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2001/08/17 08:31:48 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2001/08/17 08:31:48 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2001/08/17 08:31:50 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2001/08/17 08:31:44 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2004/08/03 17:45:08 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2004/08/03 17:45:14 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2004/08/03 17:45:10 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2004/08/03 17:45:16 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2004/08/03 17:45:12 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2009/11/22 15:42:54 | 000,486,280 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\vsdatant.sys
[2008/04/13 11:44:59 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2009/08/14 06:21:25 | 001,850,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys

< %systemroot%\system32\drivers\*.dll >
[2008/04/13 17:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008/04/13 17:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/13 17:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/13 17:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/13 17:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/13 17:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/13 17:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2010/03/02 20:07:44 | 000,053,248 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2erec.dll
[2008/04/13 17:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/13 17:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/13 17:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/13 17:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/13 17:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/13 17:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2004/08/04 00:56:44 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidserv.dll
[2008/04/13 17:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008/04/13 17:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2008/10/29 23:08:28 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/06/13 20:26:14 | 000,000,209 | ---- | M] () -- C:\Boot.bak
[2010/04/07 20:26:54 | 000,000,279 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2008/10/29 23:08:28 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/11/30 16:17:14 | 000,000,081 | ---- | M] () -- C:\DVDPATH.TXT
[2008/10/29 23:08:28 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/10/29 23:08:28 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/03 17:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/04/08 12:12:26 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/04/08 12:45:24 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2010/04/07 19:43:01 | 000,002,741 | ---- | M] () -- C:\rapport.txt
[2009/11/03 21:45:35 | 000,000,209 | ---- | M] () -- C:\Shortcut to CD Drive.lnk
[2008/11/24 18:08:40 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/01/28 15:50:26 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/06/13 12:58:06 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/08/02 21:13:33 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/08/14 19:08:56 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/09/09 21:42:20 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/10/13 16:48:19 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2008/11/24 18:08:40 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/01/28 15:50:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/06/13 12:58:06 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/08/02 21:13:33 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/08/14 19:08:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/09/09 21:42:19 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/10/13 16:48:19 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm

< %PROGRAMFILES%\*. >
[2010/04/06 20:53:31 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2008/11/03 18:05:00 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010/03/21 16:01:17 | 000,000,000 | ---D | M] -- C:\Program Files\Ask.com
[2010/03/23 22:54:54 | 000,000,000 | ---D | M] -- C:\Program Files\ATI
[2010/03/23 22:54:27 | 000,000,000 | ---D | M] -- C:\Program Files\ATI Technologies
[2010/04/06 20:04:00 | 000,000,000 | ---D | M] -- C:\Program Files\Avira
[2010/04/06 19:24:49 | 000,000,000 | ---D | M] -- C:\Program Files\BitComet
[2010/04/05 08:04:11 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2009/01/12 23:50:04 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2010/04/05 23:30:50 | 000,000,000 | ---D | M] -- C:\Program Files\CheckPoint
[2009/07/04 02:33:51 | 000,000,000 | ---D | M] -- C:\Program Files\Comical
[2010/04/08 00:33:19 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2008/10/29 23:03:58 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2008/10/30 00:06:22 | 000,000,000 | ---D | M] -- C:\Program Files\DAEMON Tools Lite
[2009/12/21 22:52:59 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2010/03/31 20:17:38 | 000,000,000 | ---D | M] -- C:\Program Files\dumps
[2010/04/07 19:00:41 | 000,000,000 | ---D | M] -- C:\Program Files\FileASSASSIN
[2010/02/05 23:15:22 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2009/05/18 13:58:49 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2009/05/18 13:57:23 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2010/03/14 00:30:50 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2008/10/29 23:16:10 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2010/04/08 04:10:20 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2009/07/04 00:20:34 | 000,000,000 | ---D | M] -- C:\Program Files\IObit
[2010/04/05 08:10:14 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/04/05 23:08:35 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2008/10/30 00:09:21 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2009/05/18 14:18:08 | 000,000,000 | ---D | M] -- C:\Program Files\JRE
[2009/12/25 22:09:38 | 000,000,000 | ---D | M] -- C:\Program Files\LimeWire
[2009/06/16 02:36:28 | 000,000,000 | ---D | M] -- C:\Program Files\MagicISO
[2010/04/07 12:46:27 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/08 12:41:09 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2009/11/06 12:56:41 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2009/12/10 21:27:09 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2008/10/29 23:08:42 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2010/04/08 12:16:59 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/04/02 17:05:50 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2010/04/08 00:43:29 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox 3.5 Beta 4
[2009/12/08 00:43:52 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2008/10/29 22:57:05 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2008/10/29 22:57:45 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2009/01/13 10:26:27 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2009/12/08 00:40:12 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2008/11/05 19:23:05 | 000,000,000 | ---D | M] -- C:\Program Files\Nero
[2010/04/08 12:14:43 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2008/10/29 23:31:59 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2009/05/18 14:18:07 | 000,000,000 | ---D | M] -- C:\Program Files\OpenOffice.org 3
[2010/04/08 12:39:01 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2009/11/27 01:37:29 | 000,000,000 | ---D | M] -- C:\Program Files\PartyGaming
[2010/03/14 02:33:36 | 000,000,000 | ---D | M] -- C:\Program Files\PokerStars
[2009/06/16 02:36:28 | 000,000,000 | ---D | M] -- C:\Program Files\Postal2STP
[2009/11/27 01:37:27 | 000,000,000 | ---D | M] -- C:\Program Files\Project64 v1.5
[2010/04/07 12:31:58 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2008/10/29 23:20:35 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2008/10/30 00:09:49 | 000,000,000 | ---D | M] -- C:\Program Files\RealVNC
[2009/12/08 00:43:42 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/04/07 02:08:55 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2010/04/01 00:39:52 | 000,000,000 | ---D | M] -- C:\Program Files\StarCraft II Beta
[2010/04/01 15:40:44 | 000,000,000 | ---D | M] -- C:\Program Files\Steam
[2010/04/07 02:05:18 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2008/10/29 23:12:25 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/04/08 12:34:15 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent
[2008/10/30 20:32:28 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2008/12/03 23:28:18 | 000,000,000 | ---D | M] -- C:\Program Files\VIDEOzilla
[2009/07/23 13:54:13 | 000,000,000 | ---D | M] -- C:\Program Files\Winamp
[2010/04/05 23:36:27 | 000,000,000 | ---D | M] -- C:\Program Files\Winamp Remote
[2009/07/23 13:52:58 | 000,000,000 | ---D | M] -- C:\Program Files\Winamp Toolbar
[2010/04/07 23:33:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Desktop Search
[2009/11/06 12:55:59 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2009/11/06 12:56:21 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2008/10/29 23:08:26 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2010/04/08 12:14:39 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2008/10/29 23:03:18 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Plus
[2008/10/29 23:07:13 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2008/10/30 00:29:36 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2010/03/28 19:37:26 | 000,000,000 | ---D | M] -- C:\Program Files\World of Warcraft
[2008/10/29 23:08:42 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2010/04/05 23:21:46 | 000,000,000 | ---D | M] -- C:\Program Files\Zone Labs

< %appdata%\*.* >
[2008/10/29 14:48:34 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Spen\Application Data\desktop.ini


< MD5 for: AGP440.SYS >
[2004/08/09 23:32:38 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/04/08 12:07:47 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2010/04/08 12:07:47 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2010/04/08 12:07:47 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sp3.cab:AGP440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\59fc8f12b80caa991163249076d0bcca\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: AHCIX86.SYS >
[2008/03/07 18:24:52 | 000,176,136 | ---- | M] (AMD Technologies Inc.) MD5=B6E729A575F84938A08D367E8352EB86 -- C:\ATI\SUPPORT\8-10_xp32_dd_ccc_wdm_enu_69561\SBDrv\RAID7xx\x86\ahcix86.sys

< MD5 for: ATAPI.SYS >
[2004/08/09 23:32:38 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/04/08 12:07:47 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010/04/08 12:07:47 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2010/04/08 12:07:47 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sp3.cab:atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\59fc8f12b80caa991163249076d0bcca\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2004/08/03 17:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/09 23:32:38 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2010/04/08 12:07:47 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2010/04/08 12:07:47 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2010/04/08 12:07:47 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sp3.cab:disk.sys
[2004/08/03 17:59:54 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 11:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 11:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\SoftwareDistribution\Download\59fc8f12b80caa991163249076d0bcca\disk.sys
[2008/04/13 11:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\disk.sys
[2008/04/13 11:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\59fc8f12b80caa991163249076d0bcca\eventlog.dll
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/03 19:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2004/08/03 19:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ERDNT\cache\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/16 21:50:11 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=06CF9EEDB7E827205C6948C9DAF56974 -- C:\WINDOWS\$hf_mig$\KB944043-v3\SP3QFE\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\59fc8f12b80caa991163249076d0bcca\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 11:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2009/02/06 11:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\ERDNT\cache\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/03 19:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2004/08/03 19:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\59fc8f12b80caa991163249076d0bcca\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2004/08/09 23:32:38 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2010/04/08 12:07:47 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2010/04/08 12:07:47 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2010/04/08 12:07:47 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sp3.cab:usbstor.sys
[2004/08/04 00:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2008/04/13 11:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/13 11:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\SoftwareDistribution\Download\59fc8f12b80caa991163249076d0bcca\usbstor.sys
[2008/04/13 11:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\usbstor.sys
[2008/04/13 11:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-04-08 19:41:23
< End of report >

Hi...this infection is interesting. Please re-run ComboFix and post a log.

I really wish there was no limit to message size, it's difficult for me to post my logs
It will take me like 10 posts to put this entire log on.

ComboFix 10-04-09.01 - Spen 04/09/2010 21:31:52.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1462 [GMT -7:00]
Running from: c:\documents and settings\Spen\My Documents\Downloads\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\.COMMgr
c:\windows\system32\drivers\irxyvcqntpwi.sys
c:\windows\system32\drivers\iyxnciyqodnk.sys
.
---- Previous Run -------
.
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\drivers\kalebtt.sys
c:\windows\system32\drivers\zwhlwd.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

c:\windows\system32\drivers\cdrom.sys was missing
Restored copy from - c:\windows\system32\dllcache\cdrom.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Legacy_zwhlwd
-------\Service_wwykp
-------\Service_zwhlwd
-------\Legacy_irxyvcqntpwi
-------\Legacy_iyxnciyqodnk
-------\Service_irxyvcqntpwi
-------\Service_iyxnciyqodnk


((((((((((((((((((((((((( Files Created from 2010-03-10 to 2010-04-10 )))))))))))))))))))))))))))))))
.

2010-04-10 04:36 . 2008-04-13 18:40 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys
2010-04-10 04:36 . 2008-04-13 18:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2010-04-10 04:30 . 2010-04-10 04:30 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-04-08 19:28 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-04-08 19:26 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-04-08 19:26 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-04-08 19:26 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-04-08 19:22 . 2010-04-08 19:22 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-04-08 19:17 . 2010-04-08 19:17 -------- d-----w- c:\windows\system32\scripting
2010-04-08 19:17 . 2010-04-08 19:17 -------- d-----w- c:\windows\l2schemas
2010-04-08 19:16 . 2010-04-08 19:16 -------- d-----w- c:\windows\system32\en
2010-04-08 19:16 . 2010-04-08 19:16 -------- d-----w- c:\windows\system32\bits
2010-04-08 11:15 . 2010-04-08 11:15 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-04-08 11:10 . 2010-04-08 11:10 -------- d-sh--w- c:\documents and settings\Spen\IETldCache
2010-04-08 11:08 . 2010-02-25 06:24 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-04-08 11:08 . 2010-02-25 06:24 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-04-08 11:08 . 2010-04-09 14:43 -------- d-----w- c:\windows\ie8updates
2010-04-08 11:08 . 2010-02-16 04:50 64000 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-04-08 11:05 . 2010-04-08 11:05 -------- d-----w- c:\documents and settings\Spen\Pavark
2010-04-08 11:05 . 2010-04-08 11:08 -------- dc-h--w- c:\windows\ie8
2010-04-08 10:07 . 2010-04-08 10:07 -------- d-----w- C:\b9366766186a5e08fc2c
2010-04-08 06:28 . 2004-08-04 07:56 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll
2010-04-08 06:23 . 2010-04-08 19:14 -------- d-----w- c:\windows\ServicePackFiles
2010-04-08 06:19 . 2008-04-14 00:12 76800 ------w- c:\windows\system32\qutil.dll
2010-04-08 06:17 . 2004-08-04 05:41 95424 ------w- c:\windows\system32\drivers\slnthal.sys
2010-04-08 06:14 . 2009-12-31 16:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys
2010-04-08 06:14 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-04-08 06:14 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-04-08 06:14 . 2009-10-15 16:28 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-04-08 06:13 . 2009-12-04 18:22 455424 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-04-08 02:00 . 2010-04-08 02:00 -------- d-----w- c:\program files\FileASSASSIN
2010-04-07 19:46 . 2010-03-30 07:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-07 19:46 . 2010-04-07 19:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-07 19:46 . 2010-03-30 07:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-07 09:07 . 2010-04-07 09:08 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-07 09:05 . 2010-04-07 09:05 -------- d-----w- c:\program files\Trend Micro
2010-04-07 03:25 . 2010-04-07 04:07 -------- d-----w- c:\windows\system32\NtmsData
2010-04-07 03:22 . 2010-04-07 03:22 -------- d-----w- c:\documents and settings\Spen\Application Data\Avira
2010-04-07 03:04 . 2010-03-01 16:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-04-07 03:04 . 2010-02-16 20:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-04-07 03:04 . 2009-05-11 18:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-04-07 03:04 . 2009-05-11 18:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-04-07 03:04 . 2010-04-07 03:04 -------- d-----w- c:\program files\Avira
2010-04-07 03:04 . 2010-04-07 03:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-04-07 02:52 . 2010-04-07 02:52 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-04-06 06:52 . 2010-04-06 07:16 201728 --sha-w- c:\documents and settings\Spen\Local Settings\Application Data\2269221376.dll
2010-04-06 06:51 . 2010-04-08 05:15 -------- d-----w- c:\documents and settings\Spen\Local Settings\Application Data\AskToolbar
2010-04-06 06:31 . 2010-04-06 06:31 -------- d-----w- c:\documents and settings\Spen\Application Data\CheckPoint
2010-04-06 06:21 . 2010-04-06 06:21 -------- d-----w- c:\program files\Zone Labs
2010-04-06 06:21 . 2010-04-07 09:18 -------- d-----w- c:\windows\Internet Logs
2010-04-06 06:17 . 2010-04-07 09:01 120 ----a-w- c:\windows\Igucur.dat
2010-04-06 06:17 . 2010-04-07 09:01 0 ----a-w- c:\windows\Qgivodexadapeq.bin
2010-04-06 06:15 . 2010-04-06 06:24 201728 --sha-w- c:\documents and settings\Administrator\Local Settings\Application Data\2269221376.dll
2010-04-05 15:10 . 2010-04-05 15:10 -------- d-----w- c:\program files\iPod
2010-04-05 15:10 . 2010-04-06 06:08 -------- d-----w- c:\program files\iTunes
2010-04-05 15:10 . 2010-04-05 15:10 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-05 15:08 . 2010-04-07 19:31 -------- d-----w- c:\program files\QuickTime
2010-04-05 15:04 . 2010-04-05 15:04 -------- d-----w- c:\program files\Bonjour
2010-04-05 15:02 . 2010-04-05 15:02 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-04-01 03:17 . 2010-04-01 03:17 -------- d-----w- c:\program files\dumps
2010-03-29 06:18 . 2010-04-01 22:40 -------- d-----w- c:\program files\Steam
2010-03-26 07:39 . 2010-03-26 07:39 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Winamp Toolbar
2010-03-26 07:37 . 2010-04-06 06:08 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AskToolbar
2010-03-24 05:56 . 2010-03-24 05:56 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2010-03-24 05:52 . 2010-03-03 04:02 45056 ----a-w- c:\windows\system32\aticalrt.dll
2010-03-24 05:52 . 2010-03-03 04:02 45056 ----a-w- c:\windows\system32\aticalcl.dll
2010-03-24 05:52 . 2010-03-03 04:01 3641344 ----a-w- c:\windows\system32\aticaldd.dll
2010-03-24 05:52 . 2010-03-03 03:20 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-03-24 05:52 . 2010-03-03 03:07 65024 ----a-w- c:\windows\system32\atimpc32.dll
2010-03-24 05:52 . 2009-05-11 22:35 118784 ----a-w- c:\windows\system32\atibtmon.exe
2010-03-24 05:52 . 2010-03-24 05:54 -------- d-----w- c:\program files\ATI
2010-03-21 21:05 . 2010-03-21 21:05 2131336 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\faabpk7i.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
2010-03-21 09:51 . 2010-04-01 07:39 -------- d-----w- c:\program files\StarCraft II Beta
2010-03-21 09:51 . 2010-03-21 09:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2010-03-20 18:41 . 2010-03-20 18:41 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google
2010-03-20 18:22 . 2010-03-21 23:01 -------- d-----w- c:\program files\Ask.com
2010-03-17 21:18 . 2010-03-17 21:18 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp
2010-03-15 10:03 . 2010-03-15 10:03 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Blizzard Entertainment
2010-03-15 08:37 . 2010-03-29 02:37 -------- d-----w- c:\program files\World of Warcraft
2010-03-15 08:35 . 2010-03-15 08:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\DivX
2010-03-14 19:55 . 2010-03-21 09:59 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-03-14 19:47 . 2010-03-14 19:47 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-03-14 19:41 . 2010-03-14 19:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Search
2010-03-14 19:41 . 2010-04-05 00:14 -------- d-----w- c:\documents and settings\Administrator\Tracing
2010-03-14 19:40 . 2010-03-14 19:40 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Identities
2010-03-14 19:40 . 2010-03-14 19:40 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Desktop Search
2010-03-14 06:26 . 2010-03-14 06:26 -------- d-----w- c:\documents and settings\Alex\Application Data\Windows Search

(((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 23:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-04-08 319792]

c:\documents and settings\Alex\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-9-18 147456]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk
backup=c:\windows\pss\McAfee Security Scan.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
c:\program files\quicktime\qttask .exe -atboottime [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-28 00:10 35696 -c--a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-06-20 00:20 57344 -c--a-w- c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare]
c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-28 03:03 152872 -c--a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
c:\program files\BitComet\bitcomet .exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COM+ Manager]
c:\documents and settings\Administrator\.COMMgr\complmgr.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-08-08 12:11 490952 -c--a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate]
2008-10-05 03:24 235936 -c--a-w- c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
c:\documents and settings\Spen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hf8wefhuaihf8ewfydiujhfdsfdf]
c:\docume~1\ADMINI~1\LOCALS~1\Temp\m27f2z3pza.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hsf87efjhdsf87f3jfsdi7fhsujfd]
c:\docume~1\ADMINI~1\LOCALS~1\Temp\avp32.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
c:\program files\iTunes\iTunesHelper.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-03-30 07:46 1086856 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mplay32xe.exe]
c:\docume~1\ADMINI~1\LOCALS~1\Temp\mplay32xe.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-27 00:44 3883856 -c--a-w- c:\program files\Windows Live\Messenger\msnmsgr .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
c:\program files\Winamp Remote\bin\OrbTray.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-10-09 22:54 17021440 -c--a-w- c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Software Informer]
c:\program files\Software Informer\softinfo.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 23:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-04-01 03:17 1238352 ----a-w- c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XboxStat]
c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe [N/A]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"14634:TCP"= 14634:TCP:BitComet 14634 TCP
"14634:UDP"= 14634:UDP:BitComet 14634 UDP

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [4/6/2010 8:04 PM 135336]
S0 anvjhxi;anvjhxi;c:\windows\system32\drivers\mcou.sys --> c:\windows\system32\drivers\mcou.sys [?]
S0 kmtex;kmtex;c:\windows\system32\drivers\docmkg.sys --> c:\windows\system32\drivers\docmkg.sys [?]
S2 gupdate1c9cfcb98311892;Google Update Service (gupdate1c9cfcb98311892);c:\program files\Google\Update\GoogleUpdate.exe [5/8/2009 3:56 AM 133104]
S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;c:\windows\system32\drivers\xusb20.sys [10/13/2006 2:48 PM 50048]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/30/2008 12:04 AM 717296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-04-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2010-04-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-08 10:55]

2010-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-08 10:56]

2010-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-08 10:56]

2010-04-09 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-02-04 23:50]
.
.
------- Supplementary Scan -------
.
IE: &D&ownload &with BitComet - c:\program files\BitComet\bitcomet .exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\bitcomet .exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\bitcomet .exe/AddAllLink.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: ʹÓÃѸÀ×ÏÂÔØ - c:\documents and settings\Spen\Desktop\thunder\Thunder\Program\geturl.htm
IE: ʹÓÃѸÀ×ÏÂÔØÈ«²¿Á´½Ó - c:\documents and settings\Spen\Desktop\thunder\Thunder\Program\getallurl.htm
FF - ProfilePath - c:\documents and settings\Spen\Application Data\Mozilla\Firefox\Profiles\a0hc1fm0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - component: c:\program files\CheckPoint\ZAForceField\TrustChecker\components\TrustCheckerMozillaPlugin.dll
FF - plugin: c:\documents and settings\Spen\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-09 21:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-789336058-1935655697-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:1d,43,1b,e5,21,0f,a6,e6,42,fb,76,42,c0,36,94,8e,fe,02,91,09,1e,
d6,00,e0,bc,02,7f,c0,ad,40,8b,26,85,c8,39,53,a1,27,f8,1e,4a,12,cb,45,01,07,\
"rkeysecu"=hex:04,5a,e4,57,be,78,e9,65,76,e7,15,b6,48,67,f8,26
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(732)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll

- - - - - - - > 'explorer.exe'(2136)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wpabaln.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2010-04-09 21:44:12 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-10 04:44
ComboFix2.txt 2010-04-08 03:47

Pre-Run: 5,110,607,872 bytes free
Post-Run: 5,128,454,144 bytes free

Current=4 Default=4 Failed=3 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - 420B6FA475D27DFEC7098CF5EE0D231B

Thanks again for helping me out.
I am dying to install my copy of Windows 7, but I don't feel safe entering the product key while my computer is infected.

You cut out a lot of that ComboFix log. Luckily I caught the first part before it was cut, otherwise an important infection would not be removed.

-=-

I see you are running P2P applications: BitTorrent, uTorrent, and LimeWire. I suggest to read the following, and then decided whether you want to keep it or not: http://www.helpmyos.com/learn-security-f40/p2p-programs-t1102.htm

-=-

You are using Ask Toolbar. I suggest to remove it, as it tracks user habits on their search engine. But that choice is up to you.

-=-

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

-=-

Firefox is out of date. Firefox is a very popular web browser, and if it is out of date, it is very vulnerable to security bugs, and other holes. To update it now, click Help > Check for Updates.

-=-

Re-running ComboFix to remove infections:

• Close any open browsers.
  
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
• Open notepad and copy/paste the text in the box below into it:
  

  killall:: File:: c:\windows\Igucur.dat c:\windows\Qgivodexadapeq.bin c:\documents and settings\Administrator\Local Settings\Application Data\2269221376.dll c:\documents and settings\ADMINISTRATOR\Local Settings\Temp\m27f2z3pza.exe c:\documents and settings\ADMINISTRATOR\Local Settings\Temp\avp32.exe c:\documents and settings\ADMINISTRATOR\Local Settings\Temp\mplay32xe.exe RenV:: c:\program files\ATI\ATICustomerCare\aticustomercare .exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\clistart .exe c:\program files\Avira\AntiVir Desktop\avgnt .exe c:\program files\BitComet\bitcomet .exe c:\program files\CheckPoint\ZAForceField\forcefield .exe c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier .exe c:\program files\iTunes\ituneshelper .exe c:\program files\Messenger\msmsgs .exe c:\program files\QuickTime\qttask .exe c:\program files\Winamp Remote\bin\orbtray .exe c:\program files\Windows Live\Messenger\msnmsgr .exe c:\program files\Zone Labs\ZoneAlarm\zlclient .exe c:\program files\Windows Live\Messenger\msnmsgr .exe Registry:: [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hf8wefhuaihf8ewfydiujhfdsfdf] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hsf87efjhdsf87f3jfsdi7fhsujfd] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mplay32xe.exe] Driver:: kmtex anvjhxi Rootkit:: Reboot::

• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe
  
• When finished, it shall produce a log for you at C:\ComboFix.txt
  
• Please post the contents of the log in your next reply.

I must apologize for that.
I was having a lot of trouble fitting the entire log, is there any way I can send you the file? Anyway...

ComboFix 10-04-10.02 - Spen 04/10/2010 22:51:55.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1429 [GMT -7:00]
Running from: c:\documents and settings\Spen\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Spen\Desktop\CFscript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::
"c:\documents and settings\Administrator\Local Settings\Application Data\2269221376.dll"
"c:\documents and settings\ADMINISTRATOR\Local Settings\Temp\avp32.exe"
"c:\documents and settings\ADMINISTRATOR\Local Settings\Temp\m27f2z3pza.exe"
"c:\documents and settings\ADMINISTRATOR\Local Settings\Temp\mplay32xe.exe"
"c:\windows\Igucur.dat"
"c:\windows\Qgivodexadapeq.bin"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Local Settings\Application Data\2269221376.dll
c:\windows\Igucur.dat
c:\windows\Qgivodexadapeq.bin

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_anvjhxi
-------\Service_kmtex


((((((((((((((((((((((((( Files Created from 2010-03-11 to 2010-04-11 )))))))))))))))))))))))))))))))
.

2010-04-10 04:36 . 2008-04-13 18:40 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys
2010-04-10 04:36 . 2008-04-13 18:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2010-04-10 04:30 . 2010-04-10 04:30 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-04-08 19:28 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-04-08 19:26 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-04-08 19:26 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-04-08 19:26 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-04-08 19:22 . 2010-04-08 19:22 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-04-08 19:17 . 2010-04-08 19:17 -------- d-----w- c:\windows\system32\scripting
2010-04-08 19:17 . 2010-04-08 19:17 -------- d-----w- c:\windows\l2schemas
2010-04-08 19:16 . 2010-04-08 19:16 -------- d-----w- c:\windows\system32\en
2010-04-08 19:16 . 2010-04-08 19:16 -------- d-----w- c:\windows\system32\bits
2010-04-08 11:15 . 2010-04-08 11:15 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-04-08 11:10 . 2010-04-08 11:10 -------- d-sh--w- c:\documents and settings\Spen\IETldCache
2010-04-08 11:08 . 2010-02-25 06:24 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-04-08 11:08 . 2010-02-25 06:24 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-04-08 11:08 . 2010-04-09 14:43 -------- d-----w- c:\windows\ie8updates
2010-04-08 11:08 . 2010-02-16 04:50 64000 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-04-08 11:05 . 2010-04-08 11:05 -------- d-----w- c:\documents and settings\Spen\Pavark
2010-04-08 11:05 . 2010-04-08 11:08 -------- dc-h--w- c:\windows\ie8
2010-04-08 10:07 . 2010-04-08 10:07 -------- d-----w- C:\b9366766186a5e08fc2c
2010-04-08 06:28 . 2004-08-04 07:56 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll
2010-04-08 06:23 . 2010-04-08 19:14 -------- d-----w- c:\windows\ServicePackFiles
2010-04-08 06:19 . 2008-04-14 00:12 76800 ------w- c:\windows\system32\qutil.dll
2010-04-08 06:17 . 2004-08-04 05:41 95424 ------w- c:\windows\system32\drivers\slnthal.sys
2010-04-08 06:14 . 2009-12-31 16:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys
2010-04-08 06:14 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-04-08 06:14 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-04-08 06:14 . 2009-10-15 16:28 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-04-08 06:13 . 2009-12-04 18:22 455424 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-04-08 02:00 . 2010-04-08 02:00 -------- d-----w- c:\program files\FileASSASSIN
2010-04-07 19:46 . 2010-03-30 07:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-07 19:46 . 2010-04-07 19:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-07 19:46 . 2010-03-30 07:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-07 09:07 . 2010-04-07 09:08 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-07 09:05 . 2010-04-07 09:05 -------- d-----w- c:\program files\Trend Micro
2010-04-07 03:25 . 2010-04-07 04:07 -------- d-----w- c:\windows\system32\NtmsData
2010-04-07 03:22 . 2010-04-07 03:22 -------- d-----w- c:\documents and settings\Spen\Application Data\Avira
2010-04-07 03:04 . 2010-03-01 16:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-04-07 03:04 . 2010-02-16 20:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-04-07 03:04 . 2009-05-11 18:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-04-07 03:04 . 2009-05-11 18:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-04-07 03:04 . 2010-04-07 03:04 -------- d-----w- c:\program files\Avira
2010-04-07 03:04 . 2010-04-07 03:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-04-07 02:52 . 2010-04-07 02:52 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-04-06 06:52 . 2010-04-06 07:16 201728 --sha-w- c:\documents and settings\Spen\Local Settings\Application Data\2269221376.dll
2010-04-06 06:31 . 2010-04-06 06:31 -------- d-----w- c:\documents and settings\Spen\Application Data\CheckPoint
2010-04-06 06:21 . 2010-04-06 06:21 -------- d-----w- c:\program files\Zone Labs
2010-04-06 06:21 . 2010-04-07 09:18 -------- d-----w- c:\windows\Internet Logs
2010-04-05 15:10 . 2010-04-05 15:10 -------- d-----w- c:\program files\iPod
2010-04-05 15:10 . 2010-04-11 05:51 -------- d-----w- c:\program files\iTunes
2010-04-05 15:10 . 2010-04-05 15:10 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-05 15:08 . 2010-04-07 19:31 -------- d-----w- c:\program files\QuickTime
2010-04-05 15:04 . 2010-04-05 15:04 -------- d-----w- c:\program files\Bonjour
2010-04-05 15:02 . 2010-04-05 15:02 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-04-01 03:17 . 2010-04-01 03:17 -------- d-----w- c:\program files\dumps
2010-03-29 06:18 . 2010-04-01 22:40 -------- d-----w- c:\program files\Steam
2010-03-26 07:39 . 2010-03-26 07:39 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Winamp Toolbar
2010-03-26 07:37 . 2010-04-06 06:08 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AskToolbar
2010-03-24 05:56 . 2010-03-24 05:56 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2010-03-24 05:52 . 2010-03-03 04:02 45056 ----a-w- c:\windows\system32\aticalrt.dll
2010-03-24 05:52 . 2010-03-03 04:02 45056 ----a-w- c:\windows\system32\aticalcl.dll
2010-03-24 05:52 . 2010-03-03 04:01 3641344 ----a-w- c:\windows\system32\aticaldd.dll
2010-03-24 05:52 . 2010-03-03 03:20 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-03-24 05:52 . 2010-03-03 03:07 65024 ----a-w- c:\windows\system32\atimpc32.dll
2010-03-24 05:52 . 2009-05-11 22:35 118784 ----a-w- c:\windows\system32\atibtmon.exe
2010-03-24 05:52 . 2010-03-24 05:54 -------- d-----w- c:\program files\ATI
2010-03-21 21:05 . 2010-03-21 21:05 2131336 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\faabpk7i.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
2010-03-21 09:51 . 2010-04-01 07:39 -------- d-----w- c:\program files\StarCraft II Beta
2010-03-21 09:51 . 2010-03-21 09:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2010-03-20 18:41 . 2010-03-20 18:41 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google
2010-03-17 21:18 . 2010-03-17 21:18 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp
2010-03-15 10:03 . 2010-03-15 10:03 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Blizzard Entertainment
2010-03-15 08:37 . 2010-04-10 08:50 -------- d-----w- c:\program files\World of Warcraft
2010-03-15 08:35 . 2010-03-15 08:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\DivX
2010-03-14 19:55 . 2010-03-21 09:59 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-03-14 19:47 . 2010-03-14 19:47 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-03-14 19:41 . 2010-03-14 19:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Search
2010-03-14 19:41 . 2010-04-05 00:14 -------- d-----w- c:\documents and settings\Administrator\Tracing
2010-03-14 19:40 . 2010-03-14 19:40 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Identities
2010-03-14 19:40 . 2010-03-14 19:40 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Desktop Search
2010-03-14 06:26 . 2010-03-14 06:26 -------- d-----w- c:\documents and settings\Alex\Application Data\Windows Search

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-11 05:59 . 2009-03-30 08:26 -------- d-----w- c:\documents and settings\Spen\Application Data\uTorrent
2010-04-11 05:46 . 2009-04-23 07:37 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-11 05:43 . 2008-10-30 07:24 -------- d-----w- c:\program files\BitComet
2010-04-11 05:42 . 2009-06-10 23:29 -------- d-----w- c:\program files\Mozilla Firefox 3.5 Beta 4
2010-04-10 05:27 . 2009-05-08 10:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-04-09 04:31 . 2009-11-11 08:03 -------- d-----w- c:\documents and settings\Spen\Application Data\vlc
2010-04-09 01:24 . 2009-05-18 21:19 1 ----a-w- c:\documents and settings\Spen\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-04-08 19:34 . 2008-11-03 02:27 -------- d-----w- c:\program files\uTorrent
2010-04-08 19:26 . 2009-03-28 21:08 18640 ----a-w- c:\documents and settings\Spen\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-08 19:18 . 2008-10-30 06:07 86811 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-04-08 06:33 . 2009-12-11 04:29 -------- d-----w- c:\program files\Windows Desktop Search
2010-04-08 06:28 . 2010-04-08 06:28 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2010-04-08 06:28 . 2010-04-08 06:28 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-04-08 04:32 . 2009-05-03 11:00 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-07 19:46 . 2009-03-28 21:11 -------- d-----w- c:\documents and settings\Spen\Application Data\Malwarebytes
2010-04-07 19:46 . 2009-03-28 21:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-07 19:39 . 2010-04-06 07:05 1323584 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-04-07 09:23 . 2009-06-10 23:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-07 02:43 . 2010-04-07 03:21 1601024 ----a-w- c:\windows\Internet Logs\xDB11.tmp
2010-04-07 02:43 . 2010-04-07 03:21 8704 ----a-w- c:\windows\Internet Logs\xDB10.tmp
2010-04-07 02:39 . 2010-04-07 02:43 1601024 ----a-w- c:\windows\Internet Logs\xDBA.tmp
2010-04-07 02:39 . 2010-04-07 02:43 8192 ----a-w- c:\windows\Internet Logs\xDB9.tmp
2010-04-07 02:23 . 2010-04-07 02:39 1601024 ----a-w- c:\windows\Internet Logs\xDB8.tmp
2010-04-07 02:23 . 2010-04-07 02:39 8704 ----a-w- c:\windows\Internet Logs\xDB7.tmp
2010-04-06 16:06 . 2010-04-07 02:23 8192 ----a-w- c:\windows\Internet Logs\xDBD.tmp
2010-04-06 16:06 . 2010-04-07 02:23 1601024 ----a-w- c:\windows\Internet Logs\xDBF.tmp
2010-04-06 07:24 . 2010-04-06 07:24 699904 ----a-w- c:\windows\isRS-000.tmp
2010-04-06 07:18 . 2010-04-06 16:06 8704 ----a-w- c:\windows\Internet Logs\xDBE.tmp
2010-04-06 07:18 . 2010-04-06 07:18 8192 ----a-w- c:\windows\Internet Logs\xDB5.tmp
2010-04-06 07:18 . 2010-04-06 07:18 1599488 ----a-w- c:\windows\Internet Logs\xDB6.tmp
2010-04-06 07:08 . 2010-04-06 07:17 864256 ----a-w- c:\windows\Internet Logs\xDB4.tmp
2010-04-06 06:36 . 2010-04-06 06:36 36864 ----a-w- c:\windows\Internet Logs\xDBB.tmp
2010-04-06 06:36 . 2010-04-06 06:36 1572864 ----a-w- c:\windows\Internet Logs\xDBC.tmp
2010-04-06 06:36 . 2009-12-11 06:42 -------- d-----w- c:\program files\Winamp Remote
2010-04-06 06:30 . 2010-04-06 06:30 -------- d-----w- c:\program files\CheckPoint
2010-04-06 06:30 . 2010-04-06 06:30 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-04-06 05:49 . 2008-11-03 02:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent
2010-04-05 15:10 . 2008-11-04 01:04 -------- d-----w- c:\program files\Common Files\Apple
2010-04-02 04:03 . 2008-10-31 03:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
2010-04-01 07:48 . 2008-10-30 05:39 17864 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-24 05:54 . 2008-10-30 05:36 -------- d-----w- c:\program files\ATI Technologies
2010-03-20 18:37 . 2008-11-04 01:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
2010-03-18 01:33 . 2008-10-31 02:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\Winamp
2010-03-14 19:45 . 2008-10-31 02:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\LimeWire
2010-03-14 12:49 . 2009-08-13 01:34 -------- d-----w- c:\documents and settings\Alex\Application Data\vlc
2010-03-14 09:33 . 2008-11-07 01:52 -------- d-----w- c:\program files\PokerStars
2010-03-14 07:30 . 2008-10-30 06:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-14 06:32 . 2009-07-18 19:39 -------- d-----w- c:\documents and settings\Alex\Application Data\LimeWire
2010-03-13 02:21 . 2010-02-06 16:30 -------- d-----w- c:\documents and settings\Alex\Application Data\dvdcss
2010-03-03 04:21 . 2008-09-24 03:09 4630016 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2010-03-03 04:07 . 2008-09-24 01:56 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2010-03-03 03:44 . 2008-09-24 02:09 14262272 ----a-w- c:\windows\system32\atioglxx.dll
2010-03-03 03:40 . 2008-09-24 02:18 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-03-03 03:40 . 2008-09-24 01:54 3616096 ----a-w- c:\windows\system32\ati3duag.dll
2010-03-03 03:39 . 2008-09-24 02:17 301056 ----a-w- c:\windows\system32\ati2dvag.dll
2010-03-03 03:24 . 2008-09-24 02:07 208896 ----a-w- c:\windows\system32\atipdlxx.dll
2010-03-03 03:24 . 2008-09-24 01:38 2232320 ----a-w- c:\windows\system32\ativvaxx.dll
2010-03-03 03:24 . 2008-09-24 02:06 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-03-03 03:24 . 2008-09-24 02:06 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-03-03 03:24 . 2008-09-24 01:38 887724 ----a-w- c:\windows\system32\ativva6x.dat
2010-03-03 03:24 . 2008-09-24 01:38 3 ----a-w- c:\windows\system32\ativva5x.dat
2010-03-03 03:24 . 2008-09-24 02:06 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-03-03 03:23 . 2008-09-24 02:06 159744 ----a-w- c:\windows\system32\ati2evxx.dll
2010-03-03 03:22 . 2008-09-24 02:04 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2010-03-03 03:21 . 2008-09-24 02:03 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-03-03 03:16 . 2008-09-24 01:20 565248 ----a-w- c:\windows\system32\atikvmag.dll
2010-03-03 03:15 . 2008-09-24 01:19 184320 ----a-w- c:\windows\system32\atiadlxx.dll
2010-03-03 03:14 . 2008-09-24 01:18 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-03-03 03:14 . 2008-09-24 01:18 393216 ----a-w- c:\windows\system32\atiok3x2.dll
2010-03-03 03:09 . 2008-09-24 01:12 638976 ----a-w- c:\windows\system32\ati2cqag.dll
2010-03-03 03:07 . 2008-09-24 01:18 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-03-03 03:07 . 2008-09-24 01:24 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2010-03-02 14:23 . 2009-07-17 01:59 -------- d-----w- c:\documents and settings\Alex\Application Data\Apple Computer
2010-02-25 19:55 . 2008-09-17 19:17 201875 ----a-w- c:\windows\system32\atiicdxx.dat
2010-02-25 06:24 . 2004-08-04 02:56 916480 ------w- c:\windows\system32\wininet.dll
2010-02-12 18:46 . 2010-02-12 18:46 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 18:46 . 2010-02-12 18:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
.


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-04-08 319792]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr .exe" [2009-07-27 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

c:\documents and settings\Alex\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-9-18 147456]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk
backup=c:\windows\pss\McAfee Security Scan.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
c:\program files\quicktime\qttask .exe -atboottime [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 08:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-06-20 00:20 57344 -c--a-w- c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare]
2009-06-15 01:24 307200 ----a-r- c:\program files\ATI\ATICustomerCare\aticustomercare.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-28 03:03 152872 -c--a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
c:\program files\BitComet\bitcomet .exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COM+ Manager]
c:\documents and settings\Administrator\.COMMgr\complmgr.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-08-08 12:11 490952 -c--a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate]
2008-10-05 03:24 235936 -c--a-w- c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
c:\documents and settings\Spen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-03-26 08:10 142120 ----a-w- c:\program files\iTunes\ituneshelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-03-30 07:46 1086856 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-08-04 09:06 1667584 -c--a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
2008-04-01 01:54 507904 -c--a-w- c:\program files\Winamp Remote\bin\orbtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-10-09 22:54 17021440 -c--a-w- c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Software Informer]
c:\program files\Software Informer\softinfo.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 23:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-02-03 06:26 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\clistart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-04-01 03:17 1238352 ----a-w- c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-05-08 10:55 39408 -c--a-w- c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XboxStat]
c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe [N/A]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"14634:TCP"= 14634:TCP:BitComet 14634 TCP
"14634:UDP"= 14634:UDP:BitComet 14634 UDP

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [4/6/2010 8:04 PM 135336]
S2 gupdate1c9cfcb98311892;Google Update Service (gupdate1c9cfcb98311892);c:\program files\Google\Update\GoogleUpdate.exe [5/8/2009 3:56 AM 133104]
S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;c:\windows\system32\drivers\xusb20.sys [10/13/2006 2:48 PM 50048]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/30/2008 12:04 AM 717296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-04-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2010-04-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-08 10:55]

2010-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-08 10:56]

2010-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-08 10:56]
.
.
------- Supplementary Scan -------
.
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: ʹÓÃѸÀ×ÏÂÔØ - c:\documents and settings\Spen\Desktop\thunder\Thunder\Program\geturl.htm
IE: ʹÓÃѸÀ×ÏÂÔØÈ«²¿Á´½Ó - c:\documents and settings\Spen\Desktop\thunder\Thunder\Program\getallurl.htm
FF - ProfilePath - c:\documents and settings\Spen\Application Data\Mozilla\Firefox\Profiles\a0hc1fm0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - plugin: c:\documents and settings\Spen\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-10 22:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-789336058-1935655697-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:1d,43,1b,e5,21,0f,a6,e6,42,fb,76,42,c0,36,94,8e,fe,02,91,09,1e,
d6,00,e0,bc,02,7f,c0,ad,40,8b,26,85,c8,39,53,a1,27,f8,1e,4a,12,cb,45,01,07,\
"rkeysecu"=hex:04,5a,e4,57,be,78,e9,65,76,e7,15,b6,48,67,f8,26
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(732)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll

- - - - - - - > 'explorer.exe'(3748)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\wpabaln.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2010-04-10 23:02:58 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-11 06:02
ComboFix2.txt 2010-04-10 04:44
ComboFix3.txt 2010-04-08 03:47

Pre-Run: 5,141,135,360 bytes free
Post-Run: 5,123,846,144 bytes free

Current=4 Default=4 Failed=3 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - 907219E867BD6A96A3E30E6DEF6693DD

Re-running ComboFix to remove infections:

• Close any open browsers.
  
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
• Open notepad and copy/paste the text in the box below into it:
  

  Code:

  killall::

RenV::
c:\program files\BitComet\bitcomet  .exe
c:\program files\QuickTime\qttask  .exe
c:\program files\Windows Live\Messenger\msnmsgr  .exe

Reboot::
• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe
  
• When finished, it shall produce a log for you at C:\ComboFix.txt
  
• Please post the contents of the log in your next reply.