AV Security Suite annihilated windows

ComboFix 10-06-17.03 - memoirs 06/18/2010 18:01:22.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2920 [GMT -7:00]
Running from: c:\documents and settings\memoirs\Desktop\ComboFix.exe
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000013_.tmp.dll
c:\windows\system32\win.com

.
((((((((((((((((((((((((( Files Created from 2010-05-19 to 2010-06-19 )))))))))))))))))))))))))))))))
.

2010-06-19 03:42 . 2010-06-19 03:42 -------- d-----w- c:\documents and settings\memoirs\Application Data\Malwarebytes
2010-06-19 03:42 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-19 03:42 . 2010-06-19 03:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-19 03:42 . 2010-06-19 03:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-19 03:42 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-18 23:07 . 2010-06-18 23:11 -------- d-----w- c:\documents and settings\memoirs\Application Data\vlc
2010-06-18 04:10 . 2010-06-18 04:10 -------- d-----w- C:\_OTL
2010-06-18 04:09 . 2010-06-19 03:48 -------- d-----w- c:\documents and settings\memoirs\Local Settings\Application Data\hadkdjvi
2010-06-18 04:09 . 2010-06-19 03:48 -------- d-----w- c:\documents and settings\memoirs\Local Settings\Application Data\hnekrik
2010-06-17 05:10 . 2010-06-18 07:25 -------- d-----w- c:\documents and settings\Adrian\Local Settings\Application Data\tnfaof
2010-06-17 05:07 . 2010-06-18 07:25 -------- d-----w- c:\documents and settings\Adrian\Local Settings\Application Data\dhaegd
2010-06-17 05:04 . 2010-06-18 07:25 -------- d-----w- c:\documents and settings\Adrian\Local Settings\Application Data\qdswimv
2010-06-17 05:00 . 2010-06-18 07:25 -------- d-----w- c:\documents and settings\Adrian\Local Settings\Application Data\jclgsnask
2010-06-17 04:00 . 2010-06-18 07:25 -------- d-----w- c:\documents and settings\John Connor\Local Settings\Application Data\snoafjp
2010-06-17 03:55 . 2010-06-18 07:25 -------- d-----w- c:\documents and settings\John Connor\Local Settings\Application Data\qvveagw
2010-06-17 03:18 . 2010-06-17 05:56 -------- d-----w- c:\documents and settings\John Connor\Tracing
2010-06-17 03:02 . 2010-06-18 07:25 -------- d-----w- c:\documents and settings\John Connor\Local Settings\Application Data\fdhwbksk
2010-06-16 03:47 . 2010-06-16 03:48 -------- d-----w- c:\documents and settings\memoirs\Application Data\Mount&Blade Warband
2010-06-15 23:23 . 2010-06-16 01:23 -------- d-----w- c:\documents and settings\memoirs\Local Settings\Application Data\SecondLife
2010-06-15 23:23 . 2010-06-15 23:30 -------- d-----w- c:\documents and settings\memoirs\Application Data\SecondLife
2010-06-15 23:20 . 2010-06-15 23:20 -------- d-----w- c:\program files\SecondLifeViewer2
2010-06-15 20:58 . 2010-06-15 20:58 -------- d-s---w- c:\documents and settings\memoirs\UserData
2010-06-15 04:53 . 2010-06-19 00:30 -------- d-----w- c:\program files\PeerBlock
2010-06-15 04:51 . 2010-06-15 05:00 -------- d-----w- c:\documents and settings\memoirs\Application Data\gtk-2.0
2010-06-15 04:51 . 2010-06-15 04:51 -------- d-----w- c:\documents and settings\memoirs\Application Data\Python-Eggs
2010-06-15 04:48 . 2010-06-15 04:48 -------- d-----w- c:\program files\GTK2-Runtime
2010-06-15 04:46 . 2010-06-15 04:47 -------- d-----w- c:\program files\Deluge
2010-06-15 04:41 . 2010-06-17 02:52 -------- d-----w- c:\documents and settings\memoirs\Application Data\deluge
2010-06-14 23:44 . 2009-09-05 00:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-06-14 23:44 . 2009-09-05 00:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-06-14 23:44 . 2009-03-09 22:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2010-06-14 23:44 . 2010-06-16 03:48 -------- d-----w- c:\program files\Mount&Blade Warband
2010-06-14 22:41 . 2010-06-19 04:04 -------- d-----w- c:\documents and settings\memoirs\Tracing
2010-06-14 22:35 . 2010-06-14 22:35 -------- d-----w- c:\program files\Microsoft
2010-06-14 22:35 . 2010-06-14 22:35 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-06-14 22:32 . 2010-06-14 22:32 -------- d-----w- c:\program files\Common Files\Windows Live
2010-06-14 22:30 . 2010-06-14 22:30 -------- d-----w- c:\documents and settings\memoirs\Contacts
2010-06-13 20:37 . 2010-06-13 20:37 -------- d-----w- c:\documents and settings\John Connor\Local Settings\Application Data\My Games
2010-06-13 20:36 . 2010-06-13 20:36 -------- d-----w- C:\ProgramData
2010-06-13 14:50 . 2010-06-17 02:16 -------- d-----w- c:\documents and settings\memoirs\Application Data\Xfire
2010-06-13 14:44 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-06-13 14:44 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-06-13 14:44 . 2009-10-15 16:28 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-06-13 14:44 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-06-13 14:41 . 2010-05-21 21:14 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-06-10 20:02 . 2010-06-19 01:02 -------- d-----w- c:\documents and settings\All Users\Application Data\eboostr
2010-06-10 20:02 . 2010-06-10 21:44 -------- d-----w- c:\program files\eBoostr
2010-06-09 21:06 . 2010-06-09 21:06 -------- d-----w- c:\program files\Scanti
2010-06-09 20:56 . 2010-06-09 20:56 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-06-09 20:56 . 2010-06-09 20:57 -------- d-----w- c:\program files\NVIDIA Corporation
2010-06-09 20:55 . 2010-04-03 22:55 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-06-09 20:55 . 2010-04-03 22:55 11647592 ----a-w- c:\windows\system32\nvcompiler.dll
2010-06-03 20:48 . 2010-06-03 20:48 -------- d-----w- c:\program files\NTCore
2010-05-28 00:09 . 2010-05-28 00:09 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-05-25 02:35 . 2010-06-02 19:04 -------- d-----w- c:\program files\Mass Effect 2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-18 20:26 . 2008-11-15 02:48 -------- d-----w- c:\program files\Steam
2010-06-17 05:07 . 2008-11-03 14:25 23304 ----a-w- c:\documents and settings\Adrian\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-17 03:01 . 2009-12-30 00:32 23304 ----a-w- c:\documents and settings\John Connor\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-15 01:47 . 2008-11-14 23:05 -------- d-----w- c:\program files\Xfire
2010-06-15 01:47 . 2008-11-15 05:43 -------- d-----w- c:\program files\Zune
2010-06-15 01:46 . 2010-06-15 01:46 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_zumbus_01009.Wdf
2010-06-15 01:46 . 2010-06-15 01:46 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-06-14 22:41 . 2009-06-04 21:19 23304 ----a-w- c:\documents and settings\memoirs\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-14 22:34 . 2008-11-14 19:53 -------- d-----w- c:\program files\Windows Live
2010-06-13 14:42 . 2008-11-27 05:56 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-10 20:12 . 2009-11-22 22:30 -------- d-----w- c:\documents and settings\memoirs\Application Data\U3
2010-06-09 21:09 . 2010-05-10 23:21 -------- d-----w- c:\program files\FaceGen Modeller 3.4 Free
2010-06-06 04:30 . 2008-11-03 17:31 -------- d-----w- c:\program files\Bethesda Softworks
2010-06-04 17:24 . 2008-11-19 02:12 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-06-04 17:15 . 2009-02-06 04:57 -------- d-----w- c:\program files\Paradox Interactive
2010-06-04 17:12 . 2008-11-03 15:26 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-04 16:58 . 2009-02-19 15:53 -------- d-----w- c:\program files\Maxis
2010-06-04 16:43 . 2009-03-03 04:17 -------- d-----w- c:\program files\AOE II & III
2010-06-03 23:04 . 2009-09-11 23:26 -------- d-----w- c:\documents and settings\memoirs\Application Data\dvdcss
2010-05-30 19:58 . 2010-04-06 05:02 -------- d-----w- c:\documents and settings\memoirs\Application Data\Grand Ages Rome
2010-05-29 18:37 . 2010-02-03 23:38 -------- d-----w- c:\documents and settings\memoirs\Application Data\Any Audio Converter
2010-05-25 02:54 . 2010-04-25 23:18 -------- d-----w- c:\program files\Common Files\BioWare
2010-05-19 07:35 . 2009-07-07 01:59 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-18 22:04 . 2010-04-25 22:54 -------- d-----w- c:\program files\Mass Effect
2010-05-16 15:15 . 2008-11-03 21:26 -------- d-----w- c:\program files\Warcraft III
2010-05-12 21:31 . 2010-05-12 21:31 409600 ----a-w- c:\windows\system32\wrap_oal.dll
2010-05-12 21:31 . 2010-05-12 21:31 114688 ----a-w- c:\windows\system32\OpenAL32.dll
2010-05-11 22:38 . 2010-05-11 01:30 -------- d-----w- c:\program files\Alcohol 120
2010-05-11 21:55 . 2010-05-10 23:01 -------- d-----w- c:\program files\roms
2010-05-11 01:24 . 2009-01-09 10:04 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-05-10 23:22 . 2010-05-10 23:22 -------- d-----w- c:\documents and settings\memoirs\Application Data\FaceGen
2010-05-10 23:21 . 2010-05-10 23:21 766 ----a-r- c:\documents and settings\memoirs\Application Data\Microsoft\Installer\{05156799-4EC3-4885-864E-E190A429B307}\_6FEFF9B68218417F98F549.exe
2010-05-10 23:21 . 2010-05-10 23:21 766 ----a-r- c:\documents and settings\memoirs\Application Data\Microsoft\Installer\{05156799-4EC3-4885-864E-E190A429B307}\_061D43A5181EFECA1957E0.exe
2010-05-02 05:22 . 2004-08-03 23:17 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2004-08-04 00:56 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-16 16:09 . 2004-08-04 00:56 667136 ----a-w- c:\windows\system32\wininet.dll
2010-04-16 16:09 . 2004-08-04 00:56 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-04-08 01:58 . 2008-11-03 13:54 600680 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-04-04 02:23 . 2010-04-04 02:23 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-04-04 02:23 . 2010-04-04 02:23 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-04-04 02:23 . 2010-04-04 02:23 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-04-04 02:23 . 2010-04-04 02:23 13670504 ----a-w- c:\windows\system32\nvcpl.dll
2010-04-04 02:23 . 2010-04-04 02:23 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-04-04 02:22 . 2010-04-04 02:22 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-04-03 22:55 . 2009-05-01 05:02 2646632 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-04-03 22:55 . 2009-05-01 05:02 2183470 ----a-w- c:\windows\system32\nvdata.bin
2010-04-03 22:55 . 2009-05-01 05:02 2030184 ----a-w- c:\windows\system32\nvcuvid.dll
2010-04-03 22:55 . 2008-11-03 14:07 600680 ----a-w- c:\windows\system32\nvudisp.exe
2010-04-03 22:55 . 2008-10-07 20:33 6432128 ----a-w- c:\windows\system32\nv4_disp.dll
2010-04-03 22:55 . 2008-10-07 20:33 4075520 ----a-w- c:\windows\system32\nvcuda.dll
2010-04-03 22:55 . 2008-10-07 20:33 227944 ----a-w- c:\windows\system32\nvcodins.dll
2010-04-03 22:55 . 2008-10-07 20:33 227944 ----a-w- c:\windows\system32\nvcod.dll
2010-04-03 22:55 . 2008-10-07 20:33 14757888 ----a-w- c:\windows\system32\nvoglnt.dll
2010-04-03 22:55 . 2008-10-07 20:33 1097728 ----a-w- c:\windows\system32\nvapi.dll
2010-04-03 22:55 . 2008-10-07 20:33 10232128 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files\Alcohol 120\axcmd.exe" [2009-04-24 203928]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-06-10 1843312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-07 16862208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\jdk\bin\jusched.exe" [2009-05-10 148888]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-04 13670504]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-04 110696]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-01-07 158448]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
eBoostr Control Panel.lnk - c:\program files\eBoostr\eBoostrCP.exe [2008-8-8 1011320]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"\\\\GOLLUM\\SID MEIER'S CIVILIZATION 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\Steam\\SteamApps\\adrianwar\\insurgency\\hl2.exe"=
"c:\\Program Files\\SoulseekNS\\slsk.exe"=
"c:\\Program Files\\Steam\\SteamApps\\adrianwar\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Warcraft III\\war3.exe"=
"c:\\Program Files\\Steam\\SteamApps\\adrianwar\\source sdk base 2007\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\adrianwar\\age of chivalry\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\adrianwar\\counter-strike\\hl.exe"=
"c:\\Program Files\\Steam\\SteamApps\\adrianwar\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\adrianwar\\condition zero deleted scenes\\hl.exe"=
"c:\\Program Files\\Steam\\SteamApps\\adrianwar\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\adrianwar\\day of defeat source\\hl2.exe"=
"c:\\Program Files\\Warcraft II BNE\\Warcraft II BNE.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Ubisoft\\Heroes of Might and Magic V\\bin\\H5_Game.exe"=
"c:\\JDK\\bin\\java.exe"=
"c:\\xampp\\apache\\bin\\httpd.exe"=
"c:\\xampp\\mysql\\bin\\mysqld.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Sid Meier's Civilization IV Colonization\\Colonization.exe"=
"c:\\Program Files\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"c:\\Program Files\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
"c:\\Program Files\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords.exe"=
"c:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"=
"c:\\Program Files\\Mass Effect\\MassEffectLauncher.exe"=
"c:\\Program Files\\Mass Effect 2\\Binaries\\MassEffect2.exe"=
"c:\\Program Files\\Mass Effect 2\\MassEffect2Launcher.exe"=
"c:\\Program Files\\EA Games\\EADM\\Core.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\empire total war\\Empire.exe"=
"c:\\Program Files\\Deluge\\Deluge-Python\\deluge.exe"=

R0 eBoost;eBoostr caching filter driver;c:\windows\system32\drivers\EBoost.sys [8/8/2008 5:17 AM 96376]
R2 EBOOSTRSVC;eBoostr Service;c:\program files\eBoostr\EBstrSvc.exe [8/8/2008 5:17 AM 843384]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/9/2009 3:04 AM 721904]
S3 jatmlano;jatmlano;\??\c:\docume~1\memoirs\LOCALS~1\Temp\jatmlano.sys --> c:\docume~1\memoirs\LOCALS~1\Temp\jatmlano.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [8/2/2005 2:10 PM 32512]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - GTNDIS5
.
Contents of the 'Scheduled Tasks' folder

2010-06-19 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 01:20]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = http=127.0.0.1:1032
uInternet Settings,ProxyOverride =
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\memoirs\Application Data\Mozilla\Firefox\Profiles\0a4zo8ah.default\
FF - plugin: c:\jdk\bin\new_plugin\npdeploytk.dll
FF - plugin: c:\jdk\bin\new_plugin\npjp2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-nwiz - nwiz.exe
AddRemove-Age of Empires 2.0 - c:\program files\Microsoft Games\Age of Empires II\UNINSTAL.EXE
AddRemove-Age of Empires II: The Conquerors Expansion 1.0 - c:\program files\Microsoft Games\Age of Empires II\UNINSTALX.EXE
AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe
AddRemove-OpenAL - c:\program files\OpenAL\oalinst.exe
AddRemove-Wilderness Sounds 3.0 by Puma Man - c:\program files\Bethesda Softworks\Morrowind\Data Files\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-18 18:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(748)
c:\windows\system32\COMRes.dll
.
Completion time: 2010-06-18 18:08:28
ComboFix-quarantined-files.txt 2010-06-19 01:08

Pre-Run: 97,680,326,656 bytes free
Post-Run: 97,776,287,744 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 197C71DBEFDABFD60275F7FD8A783C3B

Hello.

1. Close any open browsers.
   
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
3. Open notepad and copy/paste the text in the quotebox below into it:
   

   Code:

   
Folder::
c:\documents and settings\memoirs\Local Settings\Application Data\hadkdjvi
c:\documents and settings\memoirs\Local Settings\Application Data\hnekrik
c:\documents and settings\Adrian\Local Settings\Application Data\tnfaof
c:\documents and settings\Adrian\Local Settings\Application Data\dhaegd
c:\documents and settings\Adrian\Local Settings\Application Data\qdswimv
c:\documents and settings\Adrian\Local Settings\Application Data\jclgsnask
c:\documents and settings\John Connor\Local Settings\Application Data\snoafjp
c:\documents and settings\John Connor\Local Settings\Application Data\qvveagw
c:\documents and settings\John Connor\Local Settings\Application Data\fdhwbksk

Driver::
jatmlano

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:1032
uInternet Settings,ProxyOverride =

   
   
4. Save this as CFScript.txt, in the same location as ComboFix.exe
   
   
   
   
5. Referring to the picture above, drag CFScript into ComboFix.exe
   
6. When finished, it shall produce a log for you at C:\ComboFix.txt
   
7. Please post the contents of the log in your next reply.
   

ComboFix 10-06-17.03 - memoirs 06/20/2010 11:03:30.2.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2927 [GMT -7:00]
Running from: c:\documents and settings\memoirs\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\memoirs\Desktop\CFscript.txt.txt
.

((((((((((((((((((((((((( Files Created from 2010-05-20 to 2010-06-20 )))))))))))))))))))))))))))))))
.

2010-06-19 04:46 . 2010-06-19 04:46 -------- d-----w- c:\documents and settings\memoirs\Application Data\The Creative Assembly
2010-06-19 03:49 . 2010-06-19 03:49 -------- d-----w- c:\documents and settings\memoirs\Application Data\Unity
2010-06-19 03:42 . 2010-06-19 03:42 -------- d-----w- c:\documents and settings\memoirs\Application Data\Malwarebytes
2010-06-19 03:42 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-19 03:42 . 2010-06-19 03:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-19 03:42 . 2010-06-19 03:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-19 03:42 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-19 02:44 . 2010-06-19 02:44 -------- d-----w- c:\documents and settings\memoirs\Local Settings\Application Data\Unity
2010-06-19 02:44 . 2010-06-19 02:44 -------- d-----w- c:\program files\Unity
2010-06-18 23:07 . 2010-06-19 19:01 -------- d-----w- c:\documents and settings\memoirs\Application Data\vlc
2010-06-18 04:10 . 2010-06-18 04:10 -------- d-----w- C:\_OTL
2010-06-18 04:09 . 2010-06-19 03:48 -------- d-----w- c:\documents and settings\memoirs\Local Settings\Application Data\hadkdjvi
2010-06-18 04:09 . 2010-06-19 03:48 -------- d-----w- c:\documents and settings\memoirs\Local Settings\Application Data\hnekrik
2010-06-17 05:10 . 2010-06-18 07:25 -------- d-----w- c:\documents and settings\Adrian\Local Settings\Application Data\tnfaof
2010-06-17 05:07 . 2010-06-18 07:25 -------- d-----w- c:\documents and settings\Adrian\Local Settings\Application Data\dhaegd
2010-06-17 05:04 . 2010-06-18 07:25 -------- d-----w- c:\documents and settings\Adrian\Local Settings\Application Data\qdswimv
2010-06-17 05:00 . 2010-06-18 07:25 -------- d-----w- c:\documents and settings\Adrian\Local Settings\Application Data\jclgsnask
2010-06-17 04:00 . 2010-06-18 07:25 -------- d-----w- c:\documents and settings\John Connor\Local Settings\Application Data\snoafjp
2010-06-17 03:55 . 2010-06-18 07:25 -------- d-----w- c:\documents and settings\John Connor\Local Settings\Application Data\qvveagw
2010-06-17 03:18 . 2010-06-17 05:56 -------- d-----w- c:\documents and settings\John Connor\Tracing
2010-06-17 03:02 . 2010-06-18 07:25 -------- d-----w- c:\documents and settings\John Connor\Local Settings\Application Data\fdhwbksk
2010-06-16 03:47 . 2010-06-16 03:48 -------- d-----w- c:\documents and settings\memoirs\Application Data\Mount&Blade Warband
2010-06-15 23:23 . 2010-06-16 01:23 -------- d-----w- c:\documents and settings\memoirs\Local Settings\Application Data\SecondLife
2010-06-15 23:23 . 2010-06-15 23:30 -------- d-----w- c:\documents and settings\memoirs\Application Data\SecondLife
2010-06-15 23:20 . 2010-06-15 23:20 -------- d-----w- c:\program files\SecondLifeViewer2
2010-06-15 20:58 . 2010-06-15 20:58 -------- d-s---w- c:\documents and settings\memoirs\UserData
2010-06-15 04:53 . 2010-06-20 17:57 -------- d-----w- c:\program files\PeerBlock
2010-06-15 04:51 . 2010-06-15 05:00 -------- d-----w- c:\documents and settings\memoirs\Application Data\gtk-2.0
2010-06-15 04:51 . 2010-06-15 04:51 -------- d-----w- c:\documents and settings\memoirs\Application Data\Python-Eggs
2010-06-15 04:48 . 2010-06-15 04:48 -------- d-----w- c:\program files\GTK2-Runtime
2010-06-15 04:46 . 2010-06-15 04:47 -------- d-----w- c:\program files\Deluge
2010-06-15 04:41 . 2010-06-17 02:52 -------- d-----w- c:\documents and settings\memoirs\Application Data\deluge
2010-06-14 23:44 . 2009-09-05 00:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-06-14 23:44 . 2009-09-05 00:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-06-14 23:44 . 2009-03-09 22:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2010-06-14 23:44 . 2010-06-16 03:48 -------- d-----w- c:\program files\Mount&Blade Warband
2010-06-14 22:41 . 2010-06-20 17:56 -------- d-----w- c:\documents and settings\memoirs\Tracing
2010-06-14 22:35 . 2010-06-14 22:35 -------- d-----w- c:\program files\Microsoft
2010-06-14 22:35 . 2010-06-14 22:35 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-06-14 22:32 . 2010-06-14 22:32 -------- d-----w- c:\program files\Common Files\Windows Live
2010-06-14 22:30 . 2010-06-14 22:30 -------- d-----w- c:\documents and settings\memoirs\Contacts
2010-06-13 20:37 . 2010-06-13 20:37 -------- d-----w- c:\documents and settings\John Connor\Local Settings\Application Data\My Games
2010-06-13 20:36 . 2010-06-13 20:36 -------- d-----w- C:\ProgramData
2010-06-13 14:50 . 2010-06-19 07:33 -------- d-----w- c:\documents and settings\memoirs\Application Data\Xfire
2010-06-13 14:44 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-06-13 14:44 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-06-13 14:44 . 2009-10-15 16:28 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-06-13 14:44 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-06-13 14:41 . 2010-05-21 21:14 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-06-10 20:02 . 2010-06-20 18:02 -------- d-----w- c:\documents and settings\All Users\Application Data\eboostr
2010-06-10 20:02 . 2010-06-10 21:44 -------- d-----w- c:\program files\eBoostr
2010-06-09 21:06 . 2010-06-09 21:06 -------- d-----w- c:\program files\Scanti
2010-06-09 20:56 . 2010-06-09 20:56 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-06-09 20:56 . 2010-06-09 20:57 -------- d-----w- c:\program files\NVIDIA Corporation
2010-06-09 20:55 . 2010-04-03 22:55 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-06-09 20:55 . 2010-04-03 22:55 11647592 ----a-w- c:\windows\system32\nvcompiler.dll
2010-06-03 20:48 . 2010-06-03 20:48 -------- d-----w- c:\program files\NTCore
2010-05-28 00:09 . 2010-05-28 00:09 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-05-25 02:35 . 2010-06-02 19:04 -------- d-----w- c:\program files\Mass Effect 2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-19 17:54 . 2010-06-19 17:54 0 ---ha-w- c:\windows\system32\drivers\Msft_User_ZuneDriver_01_09_00.Wdf
2010-06-19 17:54 . 2010-06-19 17:54 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01009.Wdf
2010-06-19 17:54 . 2010-06-19 17:54 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_09_00.Wdf
2010-06-19 04:50 . 2008-11-15 02:48 -------- d-----w- c:\program files\Steam
2010-06-19 02:03 . 2008-11-14 23:05 -------- d-----w- c:\program files\Xfire
2010-06-17 05:07 . 2008-11-03 14:25 23304 ----a-w- c:\documents and settings\Adrian\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-17 03:01 . 2009-12-30 00:32 23304 ----a-w- c:\documents and settings\John Connor\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-15 01:47 . 2008-11-15 05:43 -------- d-----w- c:\program files\Zune
2010-06-15 01:46 . 2010-06-15 01:46 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_zumbus_01009.Wdf
2010-06-15 01:46 . 2010-06-15 01:46 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-06-14 22:41 . 2009-06-04 21:19 23304 ----a-w- c:\documents and settings\memoirs\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-14 22:34 . 2008-11-14 19:53 -------- d-----w- c:\program files\Windows Live
2010-06-13 14:42 . 2008-11-27 05:56 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-10 20:12 . 2009-11-22 22:30 -------- d-----w- c:\documents and settings\memoirs\Application Data\U3
2010-06-09 21:09 . 2010-05-10 23:21 -------- d-----w- c:\program files\FaceGen Modeller 3.4 Free
2010-06-06 04:30 . 2008-11-03 17:31 -------- d-----w- c:\program files\Bethesda Softworks
2010-06-04 17:24 . 2008-11-19 02:12 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-06-04 17:15 . 2009-02-06 04:57 -------- d-----w- c:\program files\Paradox Interactive
2010-06-04 17:12 . 2008-11-03 15:26 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-04 16:58 . 2009-02-19 15:53 -------- d-----w- c:\program files\Maxis
2010-06-04 16:43 . 2009-03-03 04:17 -------- d-----w- c:\program files\AOE II & III
2010-06-03 23:04 . 2009-09-11 23:26 -------- d-----w- c:\documents and settings\memoirs\Application Data\dvdcss
2010-05-30 19:58 . 2010-04-06 05:02 -------- d-----w- c:\documents and settings\memoirs\Application Data\Grand Ages Rome
2010-05-29 18:37 . 2010-02-03 23:38 -------- d-----w- c:\documents and settings\memoirs\Application Data\Any Audio Converter
2010-05-25 02:54 . 2010-04-25 23:18 -------- d-----w- c:\program files\Common Files\BioWare
2010-05-19 07:35 . 2009-07-07 01:59 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-18 22:04 . 2010-04-25 22:54 -------- d-----w- c:\program files\Mass Effect
2010-05-16 15:15 . 2008-11-03 21:26 -------- d-----w- c:\program files\Warcraft III
2010-05-12 21:31 . 2010-05-12 21:31 409600 ----a-w- c:\windows\system32\wrap_oal.dll
2010-05-12 21:31 . 2010-05-12 21:31 114688 ----a-w- c:\windows\system32\OpenAL32.dll
2010-05-11 22:38 . 2010-05-11 01:30 -------- d-----w- c:\program files\Alcohol 120
2010-05-11 21:55 . 2010-05-10 23:01 -------- d-----w- c:\program files\roms
2010-05-11 01:24 . 2009-01-09 10:04 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-05-10 23:22 . 2010-05-10 23:22 -------- d-----w- c:\documents and settings\memoirs\Application Data\FaceGen
2010-05-10 23:21 . 2010-05-10 23:21 766 ----a-r- c:\documents and settings\memoirs\Application Data\Microsoft\Installer\{05156799-4EC3-4885-864E-E190A429B307}\_6FEFF9B68218417F98F549.exe
2010-05-10 23:21 . 2010-05-10 23:21 766 ----a-r- c:\documents and settings\memoirs\Application Data\Microsoft\Installer\{05156799-4EC3-4885-864E-E190A429B307}\_061D43A5181EFECA1957E0.exe
2010-05-02 05:22 . 2004-08-03 23:17 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2004-08-04 00:56 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-16 16:09 . 2004-08-04 00:56 667136 ----a-w- c:\windows\system32\wininet.dll
2010-04-16 16:09 . 2004-08-04 00:56 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-04-08 01:58 . 2008-11-03 13:54 600680 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-04-04 02:23 . 2010-04-04 02:23 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-04-04 02:23 . 2010-04-04 02:23 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-04-04 02:23 . 2010-04-04 02:23 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-04-04 02:23 . 2010-04-04 02:23 13670504 ----a-w- c:\windows\system32\nvcpl.dll
2010-04-04 02:23 . 2010-04-04 02:23 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-04-04 02:22 . 2010-04-04 02:22 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-04-03 22:55 . 2009-05-01 05:02 2646632 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-04-03 22:55 . 2009-05-01 05:02 2183470 ----a-w- c:\windows\system32\nvdata.bin
2010-04-03 22:55 . 2009-05-01 05:02 2030184 ----a-w- c:\windows\system32\nvcuvid.dll
2010-04-03 22:55 . 2008-11-03 14:07 600680 ----a-w- c:\windows\system32\nvudisp.exe
2010-04-03 22:55 . 2008-10-07 20:33 6432128 ----a-w- c:\windows\system32\nv4_disp.dll
2010-04-03 22:55 . 2008-10-07 20:33 4075520 ----a-w- c:\windows\system32\nvcuda.dll
2010-04-03 22:55 . 2008-10-07 20:33 227944 ----a-w- c:\windows\system32\nvcodins.dll
2010-04-03 22:55 . 2008-10-07 20:33 227944 ----a-w- c:\windows\system32\nvcod.dll
2010-04-03 22:55 . 2008-10-07 20:33 14757888 ----a-w- c:\windows\system32\nvoglnt.dll
2010-04-03 22:55 . 2008-10-07 20:33 1097728 ----a-w- c:\windows\system32\nvapi.dll
2010-04-03 22:55 . 2008-10-07 20:33 10232128 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-06-19_01.05.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-20 18:02 . 2010-06-20 18:02 16384 c:\windows\Temp\Perflib_Perfdata_708.dat
+ 2010-06-20 18:02 . 2010-06-20 18:02 16384 c:\windows\Temp\Perflib_Perfdata_6e4.dat
+ 2010-01-07 21:22 . 2010-01-07 21:22 74240 c:\windows\system32\ZuneUsbTransport.dll
+ 2010-01-07 21:22 . 2010-01-07 21:22 18944 c:\windows\system32\ZuneTcp2Udp.dll
+ 2010-01-07 21:22 . 2010-01-07 21:22 57344 c:\windows\system32\ZuneRegUtil.dll
+ 2010-01-07 21:22 . 2010-01-07 21:22 12800 c:\windows\system32\ZunePTDNS.dll
+ 2006-09-29 01:56 . 2009-07-14 01:16 64512 c:\windows\system32\WudfSvc.dll
+ 2006-09-29 03:13 . 2009-07-14 01:16 39936 c:\windows\system32\WUDFCoinstaller.dll
+ 2008-11-03 14:32 . 2008-11-08 01:55 16928 c:\windows\system32\spmsg.dll
+ 2006-09-29 01:55 . 2009-07-13 23:50 91904 c:\windows\system32\drivers\WudfPf.sys
+ 2010-01-07 21:22 . 2010-01-07 21:22 310784 c:\windows\system32\ZuneNetProxy.dll
+ 2010-01-07 21:22 . 2010-01-07 21:22 147456 c:\windows\system32\ZuneMTPZ.dll
+ 2006-09-29 01:56 . 2009-07-14 01:16 567808 c:\windows\system32\WUDFx.dll
+ 2006-09-29 01:56 . 2009-07-13 23:50 148480 c:\windows\system32\WudfPlatform.dll
+ 2006-09-29 01:56 . 2009-07-14 01:14 195584 c:\windows\system32\WudfHost.exe
+ 2006-09-29 02:00 . 2009-07-13 23:50 132224 c:\windows\system32\drivers\WudfRd.sys
+ 2010-01-07 21:22 . 2010-01-07 21:22 708608 c:\windows\system32\drivers\UMDF\ZuneDriver.dll
+ 2009-12-14 22:28 . 2009-12-14 22:28 1837296 c:\windows\system32\WUDFUpdate_01009.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files\Alcohol 120\axcmd.exe" [2009-04-24 203928]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-07 16862208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\jdk\bin\jusched.exe" [2009-05-10 148888]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-04 13670504]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-04 110696]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-01-07 158448]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
eBoostr Control Panel.lnk - c:\program files\eBoostr\eBoostrCP.exe [2008-8-8 1011320]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"\\\\GOLLUM\\SID MEIER'S CIVILIZATION 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\Steam\\SteamApps\\adrianwar\\insurgency\\hl2.exe"=
"c:\\Program Files\\SoulseekNS\\slsk.exe"=
"c:\\Program Files\\Steam\\SteamApps\\adrianwar\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Warcraft III\\war3.exe"=
"c:\\Program Files\\Steam\\SteamApps\\adrianwar\\source sdk base 2007\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\adrianwar\\age of chivalry\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\adrianwar\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\adrianwar\\condition zero deleted scenes\\hl.exe"=
"c:\\Program Files\\Steam\\SteamApps\\adrianwar\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\adrianwar\\day of defeat source\\hl2.exe"=
"c:\\Program Files\\Warcraft II BNE\\Warcraft II BNE.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Ubisoft\\Heroes of Might and Magic V\\bin\\H5_Game.exe"=
"c:\\JDK\\bin\\java.exe"=
"c:\\xampp\\apache\\bin\\httpd.exe"=
"c:\\xampp\\mysql\\bin\\mysqld.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Sid Meier's Civilization IV Colonization\\Colonization.exe"=
"c:\\Program Files\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"c:\\Program Files\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
"c:\\Program Files\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords.exe"=
"c:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"=
"c:\\Program Files\\Mass Effect\\MassEffectLauncher.exe"=
"c:\\Program Files\\Mass Effect 2\\Binaries\\MassEffect2.exe"=
"c:\\Program Files\\Mass Effect 2\\MassEffect2Launcher.exe"=
"c:\\Program Files\\EA Games\\EADM\\Core.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\empire total war\\Empire.exe"=
"c:\\Program Files\\Deluge\\Deluge-Python\\deluge.exe"=
"c:\\Program Files\\Steam\\SteamApps\\adrianwar\\counter-strike\\hl.exe"=

R0 eBoost;eBoostr caching filter driver;c:\windows\system32\drivers\EBoost.sys [8/8/2008 5:17 AM 96376]
R2 EBOOSTRSVC;eBoostr Service;c:\program files\eBoostr\EBstrSvc.exe [8/8/2008 5:17 AM 843384]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/9/2009 3:04 AM 721904]
S3 jatmlano;jatmlano;\??\c:\docume~1\memoirs\LOCALS~1\Temp\jatmlano.sys --> c:\docume~1\memoirs\LOCALS~1\Temp\jatmlano.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [8/2/2005 2:10 PM 32512]
.
Contents of the 'Scheduled Tasks' folder

2010-06-20 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 01:20]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = http=127.0.0.1:1032
uInternet Settings,ProxyOverride =
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\memoirs\Application Data\Mozilla\Firefox\Profiles\0a4zo8ah.default\
FF - plugin: c:\jdk\bin\new_plugin\npdeploytk.dll
FF - plugin: c:\jdk\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-WudfPf
SafeBoot-WudfRd



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-20 11:14
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-06-20 11:16:40
ComboFix-quarantined-files.txt 2010-06-20 18:16
ComboFix2.txt 2010-06-19 01:08

Pre-Run: 90,880,270,336 bytes free
Post-Run: 90,878,459,904 bytes free

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 6EB9A049301D27E633A4CB039617D585

Hello.
That didn't work correctly because the script file wasn't saved correctly. The log shows it was named "CFscript.txt.txt" when it needs to be named "CFScript.txt"

I suspect this maybe becuase you cannot see file extensions when you saved it. Try once more and post the new log please.

ComboFix 10-06-17.03 - memoirs 06/21/2010 14:18:01.4.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2792 [GMT -7:00]
Running from: c:\documents and settings\memoirs\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\memoirs\Desktop\CFscript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\memoirs\Local Settings\Application Data\hadkdjvi
c:\documents and settings\memoirs\Local Settings\Application Data\hnekrik

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_JATMLANO
-------\Service_jatmlano


((((((((((((((((((((((((( Files Created from 2010-05-22 to 2010-06-22 )))))))))))))))))))))))))))))))
.

2010-06-21 19:37 . 2010-06-21 19:37 -------- d-----w- c:\documents and settings\John Connor
2010-06-21 19:37 . 2010-06-21 19:37 -------- d-----w- c:\documents and settings\Adrian
2010-06-19 04:46 . 2010-06-19 04:46 -------- d-----w- c:\documents and settings\memoirs\Application Data\The Creative Assembly
2010-06-19 03:49 . 2010-06-19 03:49 -------- d-----w- c:\documents and settings\memoirs\Application Data\Unity
2010-06-19 03:42 . 2010-06-19 03:42 -------- d-----w- c:\documents and settings\memoirs\Application Data\Malwarebytes
2010-06-19 03:42 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-19 03:42 . 2010-06-19 03:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-19 03:42 . 2010-06-19 03:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-19 03:42 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-19 02:44 . 2010-06-19 02:44 -------- d-----w- c:\documents and settings\memoirs\Local Settings\Application Data\Unity
2010-06-19 02:44 . 2010-06-19 02:44 -------- d-----w- c:\program files\Unity
2010-06-18 23:07 . 2010-06-21 07:00 -------- d-----w- c:\documents and settings\memoirs\Application Data\vlc
2010-06-18 04:10 . 2010-06-18 04:10 -------- d-----w- C:\_OTL
2010-06-16 03:47 . 2010-06-16 03:48 -------- d-----w- c:\documents and settings\memoirs\Application Data\Mount&Blade Warband
2010-06-15 23:23 . 2010-06-16 01:23 -------- d-----w- c:\documents and settings\memoirs\Local Settings\Application Data\SecondLife
2010-06-15 23:23 . 2010-06-15 23:30 -------- d-----w- c:\documents and settings\memoirs\Application Data\SecondLife
2010-06-15 23:20 . 2010-06-15 23:20 -------- d-----w- c:\program files\SecondLifeViewer2
2010-06-15 20:58 . 2010-06-15 20:58 -------- d-s---w- c:\documents and settings\memoirs\UserData
2010-06-15 04:53 . 2010-06-20 17:57 -------- d-----w- c:\program files\PeerBlock
2010-06-15 04:51 . 2010-06-15 05:00 -------- d-----w- c:\documents and settings\memoirs\Application Data\gtk-2.0
2010-06-15 04:51 . 2010-06-15 04:51 -------- d-----w- c:\documents and settings\memoirs\Application Data\Python-Eggs
2010-06-15 04:48 . 2010-06-15 04:48 -------- d-----w- c:\program files\GTK2-Runtime
2010-06-15 04:46 . 2010-06-15 04:47 -------- d-----w- c:\program files\Deluge
2010-06-15 04:41 . 2010-06-17 02:52 -------- d-----w- c:\documents and settings\memoirs\Application Data\deluge
2010-06-14 23:44 . 2009-09-05 00:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-06-14 23:44 . 2009-09-05 00:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-06-14 23:44 . 2009-03-09 22:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2010-06-14 23:44 . 2010-06-16 03:48 -------- d-----w- c:\program files\Mount&Blade Warband
2010-06-14 22:41 . 2010-06-22 03:09 -------- d-----w- c:\documents and settings\memoirs\Tracing
2010-06-14 22:35 . 2010-06-14 22:35 -------- d-----w- c:\program files\Microsoft
2010-06-14 22:35 . 2010-06-14 22:35 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-06-14 22:32 . 2010-06-14 22:32 -------- d-----w- c:\program files\Common Files\Windows Live
2010-06-14 22:30 . 2010-06-14 22:30 -------- d-----w- c:\documents and settings\memoirs\Contacts
2010-06-13 20:36 . 2010-06-13 20:36 -------- d-----w- C:\ProgramData
2010-06-13 14:50 . 2010-06-19 07:33 -------- d-----w- c:\documents and settings\memoirs\Application Data\Xfire
2010-06-13 14:44 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-06-13 14:44 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-06-13 14:44 . 2009-10-15 16:28 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-06-13 14:44 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-06-13 14:41 . 2010-05-21 21:14 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-06-10 20:02 . 2010-06-22 03:09 -------- d-----w- c:\documents and settings\All Users\Application Data\eboostr
2010-06-10 20:02 . 2010-06-10 21:44 -------- d-----w- c:\program files\eBoostr
2010-06-09 21:06 . 2010-06-09 21:06 -------- d-----w- c:\program files\Scanti
2010-06-09 20:56 . 2010-06-09 20:56 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-06-09 20:56 . 2010-06-09 20:57 -------- d-----w- c:\program files\NVIDIA Corporation
2010-06-09 20:55 . 2010-04-03 22:55 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-06-09 20:55 . 2010-04-03 22:55 11647592 ----a-w- c:\windows\system32\nvcompiler.dll
2010-06-03 20:48 . 2010-06-03 20:48 -------- d-----w- c:\program files\NTCore
2010-05-28 00:09 . 2010-05-28 00:09 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-05-25 02:35 . 2010-06-02 19:04 -------- d-----w- c:\program files\Mass Effect 2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-19 17:54 . 2010-06-19 17:54 0 ---ha-w- c:\windows\system32\drivers\Msft_User_ZuneDriver_01_09_00.Wdf
2010-06-19 17:54 . 2010-06-19 17:54 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01009.Wdf
2010-06-19 17:54 . 2010-06-19 17:54 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_09_00.Wdf
2010-06-19 04:50 . 2008-11-15 02:48 -------- d-----w- c:\program files\Steam
2010-06-19 02:03 . 2008-11-14 23:05 -------- d-----w- c:\program files\Xfire
2010-06-15 01:47 . 2008-11-15 05:43 -------- d-----w- c:\program files\Zune
2010-06-15 01:46 . 2010-06-15 01:46 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_zumbus_01009.Wdf
2010-06-15 01:46 . 2010-06-15 01:46 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-06-14 22:41 . 2009-06-04 21:19 23304 ----a-w- c:\documents and settings\memoirs\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-14 22:34 . 2008-11-14 19:53 -------- d-----w- c:\program files\Windows Live
2010-06-13 14:42 . 2008-11-27 05:56 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-10 20:12 . 2009-11-22 22:30 -------- d-----w- c:\documents and settings\memoirs\Application Data\U3
2010-06-09 21:09 . 2010-05-10 23:21 -------- d-----w- c:\program files\FaceGen Modeller 3.4 Free
2010-06-06 04:30 . 2008-11-03 17:31 -------- d-----w- c:\program files\Bethesda Softworks
2010-06-04 17:24 . 2008-11-19 02:12 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-06-04 17:15 . 2009-02-06 04:57 -------- d-----w- c:\program files\Paradox Interactive
2010-06-04 17:12 . 2008-11-03 15:26 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-04 16:58 . 2009-02-19 15:53 -------- d-----w- c:\program files\Maxis
2010-06-04 16:43 . 2009-03-03 04:17 -------- d-----w- c:\program files\AOE II & III
2010-06-03 23:04 . 2009-09-11 23:26 -------- d-----w- c:\documents and settings\memoirs\Application Data\dvdcss
2010-05-30 19:58 . 2010-04-06 05:02 -------- d-----w- c:\documents and settings\memoirs\Application Data\Grand Ages Rome
2010-05-29 18:37 . 2010-02-03 23:38 -------- d-----w- c:\documents and settings\memoirs\Application Data\Any Audio Converter
2010-05-25 02:54 . 2010-04-25 23:18 -------- d-----w- c:\program files\Common Files\BioWare
2010-05-19 07:35 . 2009-07-07 01:59 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-18 22:04 . 2010-04-25 22:54 -------- d-----w- c:\program files\Mass Effect
2010-05-16 15:15 . 2008-11-03 21:26 -------- d-----w- c:\program files\Warcraft III
2010-05-12 21:31 . 2010-05-12 21:31 409600 ----a-w- c:\windows\system32\wrap_oal.dll
2010-05-12 21:31 . 2010-05-12 21:31 114688 ----a-w- c:\windows\system32\OpenAL32.dll
2010-05-11 22:38 . 2010-05-11 01:30 -------- d-----w- c:\program files\Alcohol 120
2010-05-11 21:55 . 2010-05-10 23:01 -------- d-----w- c:\program files\roms
2010-05-11 01:24 . 2009-01-09 10:04 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-05-10 23:22 . 2010-05-10 23:22 -------- d-----w- c:\documents and settings\memoirs\Application Data\FaceGen
2010-05-10 23:21 . 2010-05-10 23:21 766 ----a-r- c:\documents and settings\memoirs\Application Data\Microsoft\Installer\{05156799-4EC3-4885-864E-E190A429B307}\_6FEFF9B68218417F98F549.exe
2010-05-10 23:21 . 2010-05-10 23:21 766 ----a-r- c:\documents and settings\memoirs\Application Data\Microsoft\Installer\{05156799-4EC3-4885-864E-E190A429B307}\_061D43A5181EFECA1957E0.exe
2010-05-02 05:22 . 2004-08-03 23:17 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2004-08-04 00:56 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-16 16:09 . 2004-08-04 00:56 667136 ----a-w- c:\windows\system32\wininet.dll
2010-04-16 16:09 . 2004-08-04 00:56 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-04-08 01:58 . 2008-11-03 13:54 600680 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-04-04 02:23 . 2010-04-04 02:23 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-04-04 02:23 . 2010-04-04 02:23 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-04-04 02:23 . 2010-04-04 02:23 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-04-04 02:23 . 2010-04-04 02:23 13670504 ----a-w- c:\windows\system32\nvcpl.dll
2010-04-04 02:23 . 2010-04-04 02:23 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-04-04 02:22 . 2010-04-04 02:22 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-04-03 22:55 . 2009-05-01 05:02 2646632 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-04-03 22:55 . 2009-05-01 05:02 2183470 ----a-w- c:\windows\system32\nvdata.bin
2010-04-03 22:55 . 2009-05-01 05:02 2030184 ----a-w- c:\windows\system32\nvcuvid.dll
2010-04-03 22:55 . 2008-11-03 14:07 600680 ----a-w- c:\windows\system32\nvudisp.exe
2010-04-03 22:55 . 2008-10-07 20:33 6432128 ----a-w- c:\windows\system32\nv4_disp.dll
2010-04-03 22:55 . 2008-10-07 20:33 4075520 ----a-w- c:\windows\system32\nvcuda.dll
2010-04-03 22:55 . 2008-10-07 20:33 227944 ----a-w- c:\windows\system32\nvcodins.dll
2010-04-03 22:55 . 2008-10-07 20:33 227944 ----a-w- c:\windows\system32\nvcod.dll
2010-04-03 22:55 . 2008-10-07 20:33 14757888 ----a-w- c:\windows\system32\nvoglnt.dll
2010-04-03 22:55 . 2008-10-07 20:33 1097728 ----a-w- c:\windows\system32\nvapi.dll
2010-04-03 22:55 . 2008-10-07 20:33 10232128 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files\Alcohol 120\axcmd.exe" [2009-04-24 203928]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-07 16862208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\jdk\bin\jusched.exe" [2009-05-10 148888]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-04 13670504]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-04 110696]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-01-07 158448]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
eBoostr Control Panel.lnk - c:\program files\eBoostr\eBoostrCP.exe [2008-8-8 1011320]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"\\\\GOLLUM\\SID MEIER'S CIVILIZATION 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\Steam\\SteamApps\\adrianwar\\insurgency\\hl2.exe"=
"c:\\Program Files\\SoulseekNS\\slsk.exe"=
"c:\\Program Files\\Steam\\SteamApps\\adrianwar\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Warcraft III\\war3.exe"=
"c:\\Program Files\\Steam\\SteamApps\\adrianwar\\source sdk base 2007\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\adrianwar\\age of chivalry\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\adrianwar\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\adrianwar\\condition zero deleted scenes\\hl.exe"=
"c:\\Program Files\\Steam\\SteamApps\\adrianwar\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\adrianwar\\day of defeat source\\hl2.exe"=
"c:\\Program Files\\Warcraft II BNE\\Warcraft II BNE.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Ubisoft\\Heroes of Might and Magic V\\bin\\H5_Game.exe"=
"c:\\JDK\\bin\\java.exe"=
"c:\\xampp\\apache\\bin\\httpd.exe"=
"c:\\xampp\\mysql\\bin\\mysqld.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Sid Meier's Civilization IV Colonization\\Colonization.exe"=
"c:\\Program Files\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"c:\\Program Files\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
"c:\\Program Files\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords.exe"=
"c:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"=
"c:\\Program Files\\Mass Effect\\MassEffectLauncher.exe"=
"c:\\Program Files\\Mass Effect 2\\Binaries\\MassEffect2.exe"=
"c:\\Program Files\\Mass Effect 2\\MassEffect2Launcher.exe"=
"c:\\Program Files\\EA Games\\EADM\\Core.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\empire total war\\Empire.exe"=
"c:\\Program Files\\Deluge\\Deluge-Python\\deluge.exe"=
"c:\\Program Files\\Steam\\SteamApps\\adrianwar\\counter-strike\\hl.exe"=

R0 eBoost;eBoostr caching filter driver;c:\windows\system32\drivers\EBoost.sys [8/8/2008 5:17 AM 96376]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/9/2009 3:04 AM 721904]
R2 EBOOSTRSVC;eBoostr Service;c:\program files\eBoostr\EBstrSvc.exe [8/8/2008 5:17 AM 843384]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [8/2/2005 2:10 PM 32512]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - GTNDIS5
.
Contents of the 'Scheduled Tasks' folder

2010-06-22 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 01:20]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\memoirs\Application Data\Mozilla\Firefox\Profiles\0a4zo8ah.default\
FF - plugin: c:\jdk\bin\new_plugin\npdeploytk.dll
FF - plugin: c:\jdk\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-21 20:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spnz.sys >>UNKNOWN [0x8B22E938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xb80ecf28
\Driver\ACPI -> ACPI.sys @ 0xb7e66cb8
\Driver\atapi -> atapi.sys @ 0xb7dfbb40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
SecurityProcedure -> ntkrnlpa.exe @ 0x80583d4a
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
SecurityProcedure -> ntkrnlpa.exe @ 0x80583d4a
NDIS: NVIDIA nForce Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xb7cd6bb0
PacketIndicateHandler -> NDIS.sys @ 0xb7cc5a0d
SendHandler -> NDIS.sys @ 0xb7cd9b40
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(716)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\jdk\bin\jqs.exe
c:\program files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
c:\program files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
c:\windows\system32\ZuneBusEnum.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
.
**************************************************************************
.
Completion time: 2010-06-21 20:16:55 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-22 03:16
ComboFix2.txt 2010-06-21 19:37
ComboFix3.txt 2010-06-20 18:16
ComboFix4.txt 2010-06-19 01:08

Pre-Run: 86,195,326,976 bytes free
Post-Run: 86,071,209,984 bytes free

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 05C02F15FD6C47302A0B0865D275300F

Hello.

• Download TDSSKiller and save it to your Desktop.
  
• Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  
• Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.
  
  "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v
  
  
• If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  
• When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.
  

12:10:22:703 2844 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48
12:10:22:703 2844 ================================================================================
12:10:22:703 2844 SystemInfo:

12:10:22:703 2844 OS Version: 5.1.2600 ServicePack: 3.0
12:10:22:703 2844 Product type: Workstation
12:10:22:703 2844 ComputerName: ADRIAN-9B9F6298
12:10:22:703 2844 UserName: memoirs
12:10:22:703 2844 Windows directory: C:\WINDOWS
12:10:22:703 2844 Processor architecture: Intel x86
12:10:22:703 2844 Number of processors: 4
12:10:22:703 2844 Page size: 0x1000
12:10:22:703 2844 Boot type: Normal boot
12:10:22:703 2844 ================================================================================
12:10:23:531 2844 Initialize success
12:10:23:531 2844
12:10:23:531 2844 Scanning Services ...
12:10:23:937 2844 Raw services enum returned 336 services
12:10:23:937 2844
12:10:23:937 2844 Scanning Drivers ...
12:10:24:625 2844 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:10:24:671 2844 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
12:10:24:703 2844 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
12:10:24:796 2844 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
12:10:25:000 2844 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
12:10:25:218 2844 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:10:25:234 2844 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:10:25:296 2844 atksgt (f9c24d25d9ff29f894995a64812b4d85) C:\WINDOWS\system32\DRIVERS\atksgt.sys
12:10:25:328 2844 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:10:25:390 2844 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:10:25:437 2844 BCM43XX (38ca1443660d0f5f06887c6a2e692aeb) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
12:10:25:531 2844 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:10:25:593 2844 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:10:25:609 2844 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:10:25:625 2844 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
12:10:25:656 2844 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:10:25:718 2844 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
12:10:25:750 2844 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
12:10:25:781 2844 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
12:10:25:796 2844 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:10:25:812 2844 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
12:10:25:828 2844 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
12:10:25:859 2844 eBoost (cc9ab7c20aa7e3e39cf50144cbcb6ebf) C:\WINDOWS\system32\drivers\eBoost.sys
12:10:25:859 2844 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
12:10:25:875 2844 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
12:10:25:921 2844 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
12:10:25:937 2844 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
12:10:25:953 2844 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
12:10:25:968 2844 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:10:25:968 2844 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:10:25:984 2844 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:10:26:031 2844 GTNDIS5 (fc80052194d5708254a346568f0e77c0) C:\WINDOWS\system32\GTNDIS5.SYS
12:10:26:093 2844 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:10:26:140 2844 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:10:26:187 2844 HPZid412 (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
12:10:26:187 2844 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
12:10:26:187 2844 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
12:10:26:250 2844 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
12:10:26:265 2844 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:10:26:265 2844 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:10:26:421 2844 IntcAzAudAddService (12cd9f66b64b25cbe18f1bb2c6f54832) C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:10:26:484 2844 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
12:10:26:515 2844 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:10:26:515 2844 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:10:26:546 2844 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:10:26:546 2844 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:10:26:562 2844 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:10:26:562 2844 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:10:26:578 2844 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:10:26:578 2844 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:10:26:609 2844 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys
12:10:26:640 2844 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
12:10:26:671 2844 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
12:10:26:703 2844 lirsgt (8ccf9ed46d52af1375875f74a91ffacf) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
12:10:26:750 2844 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:10:26:765 2844 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
12:10:26:765 2844 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:10:26:796 2844 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:10:26:812 2844 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
12:10:26:828 2844 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:10:26:890 2844 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:10:26:906 2844 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
12:10:26:937 2844 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:10:26:937 2844 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:10:26:937 2844 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
12:10:26:953 2844 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:10:26:953 2844 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
12:10:27:000 2844 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
12:10:27:015 2844 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:10:27:031 2844 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:10:27:031 2844 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:10:27:046 2844 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
12:10:27:046 2844 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:10:27:093 2844 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:10:27:109 2844 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
12:10:27:125 2844 NPF (d21fee8db254ba762656878168ac1db6) C:\WINDOWS\system32\drivers\npf.sys
12:10:27:125 2844 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
12:10:27:156 2844 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
12:10:27:187 2844 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:10:27:500 2844 nv (30913cbf518396912e54c2c9f1dd0f09) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:10:27:812 2844 NVENETFD (d875346596bd48d74ac9b9be791b8d69) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
12:10:28:000 2844 nvnetbus (f02c1c5e84c37667ecd3eea5958449bc) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
12:10:28:156 2844 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:10:28:171 2844 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:10:28:187 2844 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
12:10:28:187 2844 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
12:10:28:218 2844 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
12:10:28:234 2844 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
12:10:28:234 2844 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
12:10:28:250 2844 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
12:10:28:250 2844 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
12:10:28:296 2844 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
12:10:28:296 2844 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
12:10:28:343 2844 PnkBstrK (af77494e55b421be21c7eb716980ab22) C:\WINDOWS\system32\drivers\PnkBstrK.sys
12:10:28:375 2844 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:10:28:375 2844 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
12:10:28:390 2844 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
12:10:28:406 2844 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:10:28:437 2844 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:10:28:468 2844 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:10:28:468 2844 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:10:28:484 2844 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:10:28:484 2844 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:10:28:500 2844 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:10:28:515 2844 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:10:28:546 2844 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
12:10:28:546 2844 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:10:28:578 2844 rspndr (a3b23fb3f295694091f51865f98588b2) C:\WINDOWS\system32\DRIVERS\rspndr.sys
12:10:28:593 2844 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:10:28:609 2844 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
12:10:28:609 2844 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
12:10:28:609 2844 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:10:28:640 2844 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
12:10:28:703 2844 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\WINDOWS\system32\Drivers\sptd.sys
12:10:28:703 2844 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9
12:10:28:734 2844 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
12:10:28:750 2844 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
12:10:28:781 2844 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:10:28:781 2844 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
12:10:28:828 2844 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
12:10:28:890 2844 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:10:28:921 2844 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:10:28:937 2844 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
12:10:28:937 2844 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:10:28:953 2844 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
12:10:28:984 2844 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
12:10:29:000 2844 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:10:29:000 2844 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:10:29:031 2844 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:10:29:062 2844 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
12:10:29:062 2844 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:10:29:062 2844 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:10:29:078 2844 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:10:29:078 2844 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
12:10:29:093 2844 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
12:10:29:093 2844 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:10:29:140 2844 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
12:10:29:156 2844 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
12:10:29:203 2844 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
12:10:29:234 2844 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
12:10:29:265 2844 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
12:10:29:296 2844 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:10:29:312 2844 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:10:29:359 2844 zumbus (6bfb54f73aae470e9299e66cbc7bb632) C:\WINDOWS\system32\DRIVERS\zumbus.sys
12:10:29:359 2844
12:10:29:359 2844 Completed
12:10:29:359 2844
12:10:29:359 2844 Results:
12:10:29:359 2844 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
12:10:29:359 2844 File objects infected / cured / cured on reboot: 0 / 0 / 0
12:10:29:359 2844
12:10:29:359 2844 KLMD(ARK) unloaded successfully

Hello.

Download the GMER rootkit scan from here: GMER

1. Unzip it and start GMER.
   
2. Click the >>> tab and then click the Scan button.
   
3. Once done, click the Copy button.
   
4. This will copy the results to your clipboard.
   
5. Paste the results in your next reply.
   

Note:
If you're having problems with running GMER.exe, try it in safe mode. This tools works in safe mode.
You can also try renaming it since some malware blocks GMER.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-25 07:57:44
Windows 5.1.2600 Service Pack 3
Running: vzmbpodh.exe; Driver: C:\DOCUME~1\memoirs\LOCALS~1\Temp\pgldrkow.sys


---- System - GMER 1.0.15 ----

SSDT spbc.sys ZwCreateKey [0xB7EB50E0]
SSDT spbc.sys ZwEnumerateKey [0xB7ECDDA4]
SSDT spbc.sys ZwEnumerateValueKey [0xB7ECE132]
SSDT spbc.sys ZwOpenKey [0xB7EB50C0]
SSDT spbc.sys ZwQueryKey [0xB7ECE20A]
SSDT spbc.sys ZwQueryValueKey [0xB7ECE08A]
SSDT spbc.sys ZwSetValueKey [0xB7ECE29C]

INT 0x63 ? 8AFB2F00
INT 0x73 ? 8AFB2F00
INT 0x83 ? 8B283BF8
INT 0x83 ? 8B283BF8
INT 0x83 ? 8AFB2F00
INT 0x83 ? 8B283BF8
INT 0xB1 ? 8B210BF8
INT 0xB1 ? 8B210BF8

---- Kernel code sections - GMER 1.0.15 ----

? spbc.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload B78238AC 5 Bytes JMP 8AFB24E0
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6D1B380, 0x566445, 0xE8000020]
.text ad3lofki.SYS B6CD0386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text ad3lofki.SYS B6CD03AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text ad3lofki.SYS B6CD03C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text ad3lofki.SYS B6CD03C9 1 Byte [2E]
.text ad3lofki.SYS B6CD03C9 11 Bytes [2E, 00, 00, 00, 5A, 02, 00, ...]
.text ...
.text appjz112.SYS B6C97386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text appjz112.SYS B6C973AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text appjz112.SYS B6C973C4 3 Bytes [00, 80, 02]
.text appjz112.SYS B6C973C9 1 Byte [30]
.text appjz112.SYS B6C973C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xB2DCC300, 0x3AF78, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xB8418300, 0x1BCE, 0xE8000020]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B7EB6042] spbc.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B7EB613E] spbc.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B7EB60C0] spbc.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B7EB6800] spbc.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B7EB66D6] spbc.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B7EC5B90] spbc.sys
IAT \SystemRoot\System32\Drivers\ad3lofki.SYS[HAL.dll!KfAcquireSpinLock] CCCCCCC3
IAT \SystemRoot\System32\Drivers\ad3lofki.SYS[HAL.dll!READ_PORT_UCHAR] CCCCCCCC
IAT \SystemRoot\System32\Drivers\ad3lofki.SYS[HAL.dll!KeGetCurrentIrql] CCCCCCCC
IAT \SystemRoot\System32\Drivers\ad3lofki.SYS[HAL.dll!KfRaiseIrql] CCCCCCCC
IAT \SystemRoot\System32\Drivers\ad3lofki.SYS[HAL.dll!KfLowerIrql] 8BEC8B55
IAT \SystemRoot\System32\Drivers\ad3lofki.SYS[HAL.dll!HalGetInterruptVector] 00C73445
IAT \SystemRoot\System32\Drivers\ad3lofki.SYS[HAL.dll!HalTranslateBusAddress] 00000000
IAT \SystemRoot\System32\Drivers\ad3lofki.SYS[HAL.dll!KeStallExecutionProcessor] 830C458B
IAT \SystemRoot\System32\Drivers\ad3lofki.SYS[HAL.dll!KfReleaseSpinLock] C0840CEC
IAT \SystemRoot\System32\Drivers\ad3lofki.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 053C0D74
IAT \SystemRoot\System32\Drivers\ad3lofki.SYS[HAL.dll!READ_PORT_USHORT] 57B80974
IAT \SystemRoot\System32\Drivers\ad3lofki.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 8B000000
IAT \SystemRoot\System32\Drivers\ad3lofki.SYS[HAL.dll!WRITE_PORT_UCHAR] 56C35DE5
IAT \SystemRoot\System32\Drivers\ad3lofki.SYS[WMILIB.SYS!WmiSystemControl] 8D51FC4D
IAT \SystemRoot\System32\Drivers\ad3lofki.SYS[WMILIB.SYS!WmiCompleteRequest] 8D52FD55
IAT \SystemRoot\System32\Drivers\appjz112.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
IAT \SystemRoot\System32\Drivers\appjz112.SYS[HAL.dll!READ_PORT_UCHAR] 1C959E88
IAT \SystemRoot\System32\Drivers\appjz112.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
IAT \SystemRoot\System32\Drivers\appjz112.SYS[HAL.dll!KfRaiseIrql] 00001CB1
IAT \SystemRoot\System32\Drivers\appjz112.SYS[HAL.dll!KfLowerIrql] 0E798366
IAT \SystemRoot\System32\Drivers\appjz112.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
IAT \SystemRoot\System32\Drivers\appjz112.SYS[HAL.dll!HalTranslateBusAddress] 8986C636
IAT \SystemRoot\System32\Drivers\appjz112.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
IAT \SystemRoot\System32\Drivers\appjz112.SYS[HAL.dll!KfReleaseSpinLock] 1C8B86C6
IAT \SystemRoot\System32\Drivers\appjz112.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
IAT \SystemRoot\System32\Drivers\appjz112.SYS[HAL.dll!READ_PORT_USHORT] 001C9686
IAT \SystemRoot\System32\Drivers\appjz112.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
IAT \SystemRoot\System32\Drivers\appjz112.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CB2
IAT \SystemRoot\System32\Drivers\appjz112.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
IAT \SystemRoot\System32\Drivers\appjz112.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB99E

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8B2821F8

AttachedDevice \FileSystem\Ntfs \Ntfs eBoost.sys (eBoostr Filter Driver/eBoostr.com)

Device \Driver\NetBT \Device\NetBT_Tcpip_{430B52EA-1722-40C5-BB64-7019E10A8AF1} 8AA5B500
Device \Driver\usbohci \Device\USBPDO-0 8AFD51F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8B20E1F8
Device \Driver\dmio \Device\DmControl\DmConfig 8B20E1F8
Device \Driver\dmio \Device\DmControl\DmPnP 8B20E1F8
Device \Driver\dmio \Device\DmControl\DmInfo 8B20E1F8
Device \Driver\usbehci \Device\USBPDO-1 8B036500
Device \Driver\PCI_PNP0924 \Device\00000052 spbc.sys
Device \Driver\usbohci \Device\USBPDO-2 8AFD51F8
Device \Driver\PCI_PNP0924 \Device\00000053 spbc.sys
Device \Driver\usbehci \Device\USBPDO-3 8B036500
Device \Driver\sptd \Device\2577838424 spbc.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 8B2841F8
Device \Driver\Cdrom \Device\CdRom0 8AFD41F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8B2841F8
Device \Driver\Cdrom \Device\CdRom1 8AFD41F8
Device \Driver\atapi \Device\Ide\IdePort0 [B7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-5 [B7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [B7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [B7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-10 [B7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Ftdisk \Device\HarddiskVolume3 8B2841F8
Device \Driver\Cdrom \Device\CdRom2 8AFD41F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8AA5B500
Device \Driver\sptd \Device\2577682174 spbc.sys
Device \Driver\NetBT \Device\NetbiosSmb 8AA5B500
Device \Driver\usbohci \Device\USBFDO-0 8AFD51F8
Device \Driver\usbehci \Device\USBFDO-1 8B036500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8AE561F8
Device \Driver\usbohci \Device\USBFDO-2 8AFD51F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8AE561F8
Device \Driver\usbehci \Device\USBFDO-3 8B036500
Device \Driver\Ftdisk \Device\FtControl 8B2841F8
Device \Driver\appjz112 \Device\Scsi\appjz1121Port4Path0Target0Lun0 8AFEB1F8
Device \Driver\ad3lofki \Device\Scsi\ad3lofki1 8AEB31F8
Device \Driver\ad3lofki \Device\Scsi\ad3lofki1Port5Path0Target0Lun0 8AEB31F8
Device \Driver\appjz112 \Device\Scsi\appjz1121 8AFEB1F8
Device \FileSystem\Cdfs \Cdfs 8AAE8500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 3
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xDC 0xB4 0xA2 0x05 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x55 0x1F 0xF2 0x47 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xA6 0x3D 0x06 0x40 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6B 0x83 0xD5 0x58 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x75 0x71 0x52 0x5C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xB2 0xF2 0x7F 0x67 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x51 0x1D 0xFD 0x24 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xAA 0xB4 0x32 0x04 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x98 0x67 0x36 0x60 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x51 0x1D 0xFD 0x24 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xAA 0xB4 0x32 0x04 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x6E 0xD6 0x1E 0x61 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xDC 0xB4 0xA2 0x05 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x55 0x1F 0xF2 0x47 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xA6 0x3D 0x06 0x40 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 2
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6B 0x83 0xD5 0x58 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x75 0x71 0x52 0x5C ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xB2 0xF2 0x7F 0x67 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x51 0x1D 0xFD 0x24 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xAA 0xB4 0x32 0x04 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x98 0x67 0x36 0x60 ...

---- Files - GMER 1.0.15 ----

File C:\UCL\UCLShowcase\Showcase Pack Definition.txt 0 bytes

---- EOF - GMER 1.0.15 ----

Woohoo, no rootkit.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

• Check (tick) this box: YES, I accept the Terms of Use.
  
• Click on the Start button next to it.
  
• When prompted to run ActiveX. click Yes.
  
• You will be asked to install an ActiveX. Click Install.
  
• Once installed, the scanner will be initialized.
  
• After the scanner is initialized, click Start.
  
• Check (tick) Remove found threats box.
  
• Check (tick) Scan unwanted applications.
  
• Click on Scan.
  
• It will start scanning. Please be patient.
  
• Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.
  

It keeps getting stuck around 18%. Is it really necessary or could we skip this step?

Hello.

1. Close any open browsers.
   
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
3. Open notepad and copy/paste the text in the quotebox below into it:
   

   Code:

   
KILLALL::

TDL::
C:\WINDOWS\system32\Drivers\sptd.sys

   
   
4. Save this as CFScript.txt, in the same location as ComboFix.exe
   
   
   
   
5. Referring to the picture above, drag CFScript into ComboFix.exe
   
6. When finished, it shall produce a log for you at C:\ComboFix.txt
   
7. Please post the contents of the log in your next reply.
   

ComboFix 10-07-06.05 - memoirs 07/07/2010 12:34:01.5.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2785 [GMT -7:00]
Running from: c:\documents and settings\memoirs\Desktop\DEFENSE\ComboFix.exe
Command switches used :: c:\documents and settings\memoirs\Desktop\DEFENSE\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://resources.zune.net
.
((((((((((((((((((((((((( Files Created from 2010-06-07 to 2010-07-07 )))))))))))))))))))))))))))))))
.

2010-07-03 04:38 . 2010-07-03 04:39 -------- d-----w- c:\documents and settings\Guest\Application Data\Mount&Blade Warband
2010-06-22 22:49 . 2010-06-22 22:49 -------- d-----w- c:\documents and settings\memoirs\Application Data\Mount&Blade
2010-06-22 22:40 . 2010-06-23 15:06 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-06-21 19:37 . 2010-06-21 19:37 -------- d-----w- c:\documents and settings\John Connor
2010-06-21 19:37 . 2010-06-21 19:37 -------- d-----w- c:\documents and settings\Adrian
2010-06-19 04:46 . 2010-06-19 04:46 -------- d-----w- c:\documents and settings\memoirs\Application Data\The Creative Assembly
2010-06-19 03:49 . 2010-06-19 03:49 -------- d-----w- c:\documents and settings\memoirs\Application Data\Unity
2010-06-19 03:42 . 2010-06-19 03:42 -------- d-----w- c:\documents and settings\memoirs\Application Data\Malwarebytes
2010-06-19 03:42 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-19 03:42 . 2010-06-19 03:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-19 03:42 . 2010-06-19 03:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-19 03:42 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-19 02:44 . 2010-06-19 02:44 -------- d-----w- c:\documents and settings\memoirs\Local Settings\Application Data\Unity
2010-06-19 02:44 . 2010-06-19 02:44 -------- d-----w- c:\program files\Unity
2010-06-18 23:07 . 2010-07-06 21:24 -------- d-----w- c:\documents and settings\memoirs\Application Data\vlc
2010-06-18 04:10 . 2010-06-18 04:10 -------- d-----w- C:\_OTL
2010-06-16 03:47 . 2010-06-16 03:48 -------- d-----w- c:\documents and settings\memoirs\Application Data\Mount&Blade Warband
2010-06-15 23:23 . 2010-06-16 01:23 -------- d-----w- c:\documents and settings\memoirs\Local Settings\Application Data\SecondLife
2010-06-15 23:23 . 2010-06-15 23:30 -------- d-----w- c:\documents and settings\memoirs\Application Data\SecondLife
2010-06-15 23:20 . 2010-06-15 23:20 -------- d-----w- c:\program files\SecondLifeViewer2
2010-06-15 20:58 . 2010-06-15 20:58 -------- d-s---w- c:\documents and settings\memoirs\UserData
2010-06-15 04:53 . 2010-06-20 17:57 -------- d-----w- c:\program files\PeerBlock
2010-06-15 04:51 . 2010-06-15 05:00 -------- d-----w- c:\documents and settings\memoirs\Application Data\gtk-2.0
2010-06-15 04:51 . 2010-06-15 04:51 -------- d-----w- c:\documents and settings\memoirs\Application Data\Python-Eggs
2010-06-15 04:48 . 2010-06-15 04:48 -------- d-----w- c:\program files\GTK2-Runtime
2010-06-15 04:41 . 2010-06-17 02:52 -------- d-----w- c:\documents and settings\memoirs\Application Data\deluge
2010-06-14 23:44 . 2009-09-05 00:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-06-14 23:44 . 2009-09-05 00:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-06-14 23:44 . 2009-03-09 22:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2010-06-14 23:44 . 2010-06-23 04:21 -------- d-----w- c:\program files\Mount&Blade Warband
2010-06-14 22:41 . 2010-07-07 19:44 -------- d-----w- c:\documents and settings\memoirs\Tracing
2010-06-14 22:35 . 2010-06-14 22:35 -------- d-----w- c:\program files\Microsoft
2010-06-14 22:35 . 2010-06-14 22:35 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-06-14 22:32 . 2010-06-14 22:32 -------- d-----w- c:\program files\Common Files\Windows Live
2010-06-14 22:30 . 2010-06-14 22:30 -------- d-----w- c:\documents and settings\memoirs\Contacts
2010-06-13 20:36 . 2010-06-13 20:36 -------- d-----w- C:\ProgramData
2010-06-13 14:50 . 2010-06-19 07:33 -------- d-----w- c:\documents and settings\memoirs\Application Data\Xfire
2010-06-13 14:44 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-06-13 14:44 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-06-13 14:44 . 2009-10-15 16:28 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-06-13 14:44 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-06-13 14:41 . 2010-05-21 21:14 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-06-10 20:02 . 2010-07-07 19:44 -------- d-----w- c:\documents and settings\All Users\Application Data\eboostr
2010-06-10 20:02 . 2010-06-10 21:44 -------- d-----w- c:\program files\eBoostr
2010-06-09 21:06 . 2010-06-09 21:06 -------- d-----w- c:\program files\Scanti
2010-06-09 20:56 . 2010-06-09 20:56 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-06-09 20:56 . 2010-06-09 20:57 -------- d-----w- c:\program files\NVIDIA Corporation
2010-06-09 20:55 . 2010-04-03 22:55 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-06-09 20:55 . 2010-04-03 22:55 11647592 ----a-w- c:\windows\system32\nvcompiler.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-07 16:49 . 2008-11-14 23:05 -------- d-----w- c:\program files\Xfire
2010-07-04 15:00 . 2010-06-29 21:39 664 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\d3d9caps.tmp
2010-07-04 03:54 . 2008-11-15 02:48 -------- d-----w- c:\program files\Steam
2010-06-30 21:15 . 2008-11-03 15:26 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-29 22:55 . 2009-03-19 18:38 -------- d-----w- c:\documents and settings\Guest\Application Data\Mount&Blade
2010-06-29 21:36 . 2009-07-07 01:59 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-23 21:58 . 2008-11-05 04:22 23304 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-23 15:09 . 2009-06-28 20:32 -------- d-----w- c:\documents and settings\memoirs\Application Data\DAEMON Tools Lite
2010-06-22 22:41 . 2009-01-09 10:04 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-06-22 22:40 . 2009-01-09 10:07 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2010-06-19 17:54 . 2010-06-19 17:54 0 ---ha-w- c:\windows\system32\drivers\Msft_User_ZuneDriver_01_09_00.Wdf
2010-06-19 17:54 . 2010-06-19 17:54 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01009.Wdf
2010-06-19 17:54 . 2010-06-19 17:54 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_09_00.Wdf
2010-06-15 01:47 . 2008-11-15 05:43 -------- d-----w- c:\program files\Zune
2010-06-15 01:46 . 2010-06-15 01:46 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_zumbus_01009.Wdf
2010-06-15 01:46 . 2010-06-15 01:46 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-06-14 22:41 . 2009-06-04 21:19 23304 ----a-w- c:\documents and settings\memoirs\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-14 22:34 . 2008-11-14 19:53 -------- d-----w- c:\program files\Windows Live
2010-06-13 14:42 . 2008-11-27 05:56 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-10 20:12 . 2009-11-22 22:30 -------- d-----w- c:\documents and settings\memoirs\Application Data\U3
2010-06-09 21:09 . 2010-05-10 23:21 -------- d-----w- c:\program files\FaceGen Modeller 3.4 Free
2010-06-06 04:30 . 2008-11-03 17:31 -------- d-----w- c:\program files\Bethesda Softworks
2010-06-04 17:24 . 2008-11-19 02:12 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-06-04 17:15 . 2009-02-06 04:57 -------- d-----w- c:\program files\Paradox Interactive
2010-06-04 16:58 . 2009-02-19 15:53 -------- d-----w- c:\program files\Maxis
2010-06-04 16:43 . 2009-03-03 04:17 -------- d-----w- c:\program files\AOE II & III
2010-06-03 23:04 . 2009-09-11 23:26 -------- d-----w- c:\documents and settings\memoirs\Application Data\dvdcss
2010-06-03 20:48 . 2010-06-03 20:48 -------- d-----w- c:\program files\NTCore
2010-06-02 19:04 . 2010-05-25 02:35 -------- d-----w- c:\program files\Mass Effect 2
2010-05-30 19:58 . 2010-04-06 05:02 -------- d-----w- c:\documents and settings\memoirs\Application Data\Grand Ages Rome
2010-05-29 18:37 . 2010-02-03 23:38 -------- d-----w- c:\documents and settings\memoirs\Application Data\Any Audio Converter
2010-05-28 00:09 . 2010-05-28 00:09 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-05-25 02:54 . 2010-04-25 23:18 -------- d-----w- c:\program files\Common Files\BioWare
2010-05-18 22:04 . 2010-04-25 22:54 -------- d-----w- c:\program files\Mass Effect
2010-05-16 15:15 . 2008-11-03 21:26 -------- d-----w- c:\program files\Warcraft III
2010-05-12 21:31 . 2010-05-12 21:31 409600 ----a-w- c:\windows\system32\wrap_oal.dll
2010-05-12 21:31 . 2010-05-12 21:31 114688 ----a-w- c:\windows\system32\OpenAL32.dll
2010-05-11 22:38 . 2010-05-11 01:30 -------- d-----w- c:\program files\Alcohol 120
2010-05-11 21:55 . 2010-05-10 23:01 -------- d-----w- c:\program files\roms
2010-05-10 23:22 . 2010-05-10 23:22 -------- d-----w- c:\documents and settings\memoirs\Application Data\FaceGen
2010-05-10 23:21 . 2010-05-10 23:21 766 ----a-r- c:\documents and settings\memoirs\Application Data\Microsoft\Installer\{05156799-4EC3-4885-864E-E190A429B307}\_6FEFF9B68218417F98F549.exe
2010-05-10 23:21 . 2010-05-10 23:21 766 ----a-r- c:\documents and settings\memoirs\Application Data\Microsoft\Installer\{05156799-4EC3-4885-864E-E190A429B307}\_061D43A5181EFECA1957E0.exe
2010-05-02 05:22 . 2004-08-03 23:17 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2004-08-04 00:56 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-16 16:09 . 2004-08-04 00:56 667136 ----a-w- c:\windows\system32\wininet.dll
2010-04-16 16:09 . 2004-08-04 00:56 81920 ----a-w- c:\windows\system32\ieencode.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-06-19_01.05.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-07 19:44 . 2010-07-07 19:44 16384 c:\windows\temp\Perflib_Perfdata_470.dat
+ 2010-07-07 19:44 . 2010-07-07 19:44 16384 c:\windows\temp\Perflib_Perfdata_374.dat
+ 2010-01-07 21:22 . 2010-01-07 21:22 74240 c:\windows\system32\ZuneUsbTransport.dll
+ 2010-01-07 21:22 . 2010-01-07 21:22 18944 c:\windows\system32\ZuneTcp2Udp.dll
+ 2010-01-07 21:22 . 2010-01-07 21:22 57344 c:\windows\system32\ZuneRegUtil.dll
+ 2010-01-07 21:22 . 2010-01-07 21:22 12800 c:\windows\system32\ZunePTDNS.dll
+ 2006-09-29 01:56 . 2009-07-14 01:16 64512 c:\windows\system32\WudfSvc.dll
+ 2006-09-29 03:13 . 2009-07-14 01:16 39936 c:\windows\system32\WUDFCoinstaller.dll
+ 2008-11-03 14:32 . 2008-11-08 01:55 16928 c:\windows\system32\spmsg.dll
+ 2006-09-29 01:55 . 2009-07-13 23:50 91904 c:\windows\system32\drivers\WudfPf.sys
+ 2010-01-07 21:22 . 2010-01-07 21:22 310784 c:\windows\system32\ZuneNetProxy.dll
+ 2010-01-07 21:22 . 2010-01-07 21:22 147456 c:\windows\system32\ZuneMTPZ.dll
+ 2006-09-29 01:56 . 2009-07-14 01:16 567808 c:\windows\system32\WUDFx.dll
+ 2006-09-29 01:56 . 2009-07-13 23:50 148480 c:\windows\system32\WudfPlatform.dll
+ 2006-09-29 01:56 . 2009-07-14 01:14 195584 c:\windows\system32\WudfHost.exe
+ 2006-09-29 02:00 . 2009-07-13 23:50 132224 c:\windows\system32\drivers\WudfRd.sys
+ 2010-01-07 21:22 . 2010-01-07 21:22 708608 c:\windows\system32\drivers\UMDF\ZuneDriver.dll
+ 2009-12-14 22:28 . 2009-12-14 22:28 1837296 c:\windows\system32\WUDFUpdate_01009.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files\Alcohol 120\axcmd.exe" [2009-04-24 203928]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-07 16862208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\jdk\bin\jusched.exe" [2009-05-10 148888]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-04 13670504]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-04 110696]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-01-07 158448]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
eBoostr Control Panel.lnk - c:\program files\eBoostr\eBoostrCP.exe [2008-8-8 1011320]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"\\\\GOLLUM\\SID MEIER'S CIVILIZATION 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\Steam\\SteamApps\\adrianwar\\insurgency\\hl2.exe"=
"c:\\Program Files\\SoulseekNS\\slsk.exe"=
"c:\\Program Files\\Steam\\SteamApps\\adrianwar\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Warcraft III\\war3.exe"=
"c:\\Program Files\\Steam\\SteamApps\\adrianwar\\source sdk base 2007\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\adrianwar\\age of chivalry\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\adrianwar\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\adrianwar\\condition zero deleted scenes\\hl.exe"=
"c:\\Program Files\\Steam\\SteamApps\\adrianwar\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\adrianwar\\day of defeat source\\hl2.exe"=
"c:\\Program Files\\Warcraft II BNE\\Warcraft II BNE.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Ubisoft\\Heroes of Might and Magic V\\bin\\H5_Game.exe"=
"c:\\JDK\\bin\\java.exe"=
"c:\\xampp\\apache\\bin\\httpd.exe"=
"c:\\xampp\\mysql\\bin\\mysqld.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Sid Meier's Civilization IV Colonization\\Colonization.exe"=
"c:\\Program Files\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"c:\\Program Files\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
"c:\\Program Files\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords.exe"=
"c:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"=
"c:\\Program Files\\Mass Effect\\MassEffectLauncher.exe"=
"c:\\Program Files\\Mass Effect 2\\Binaries\\MassEffect2.exe"=
"c:\\Program Files\\Mass Effect 2\\MassEffect2Launcher.exe"=
"c:\\Program Files\\EA Games\\EADM\\Core.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\empire total war\\Empire.exe"=
"c:\\Program Files\\Steam\\SteamApps\\adrianwar\\counter-strike\\hl.exe"=
"c:\\Program Files\\Unreal Anthology\\UnrealTournament\\System\\UnrealTournament.exe"=

R0 eBoost;eBoostr caching filter driver;c:\windows\system32\drivers\EBoost.sys [8/8/2008 5:17 AM 96376]
R2 EBOOSTRSVC;eBoostr Service;c:\program files\eBoostr\EBstrSvc.exe [8/8/2008 5:17 AM 843384]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [8/2/2005 2:10 PM 32512]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/9/2009 3:04 AM 691696]
.
Contents of the 'Scheduled Tasks' folder

2010-07-07 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 01:20]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\memoirs\Application Data\Mozilla\Firefox\Profiles\0a4zo8ah.default\
FF - plugin: c:\jdk\bin\new_plugin\npdeploytk.dll
FF - plugin: c:\jdk\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-07 12:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3524)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\System32\wudfhost.exe
c:\jdk\bin\jqs.exe
c:\windows\system32\ZuneBusEnum.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\jdk\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2010-07-07 12:52:01 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-07 19:51
ComboFix2.txt 2010-06-22 03:16
ComboFix3.txt 2010-06-21 19:37
ComboFix4.txt 2010-06-20 18:16
ComboFix5.txt 2010-07-07 19:31

Pre-Run: 83,780,628,480 bytes free
Post-Run: 84,274,728,960 bytes free

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - FE2D4B1395587D79CA219BD92D6C10B0

Hello.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

• Check (tick) this box: YES, I accept the Terms of Use.
  
• Click on the Start button next to it.
  
• When prompted to run ActiveX. click Yes.
  
• You will be asked to install an ActiveX. Click Install.
  
• Once installed, the scanner will be initialized.
  
• After the scanner is initialized, click Start.
  
• Check (tick) Remove found threats box.
  
• Check (tick) Scan unwanted applications.
  
• Click on Scan.
  
• It will start scanning. Please be patient.
  
• Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.
  

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=6.00.2900.5512 (xpsp.080413-2105)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=545800214e767c44919dba26d77e7bcd
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-07-10 06:06:21
# local_time=2010-07-09 11:06:21 (-0700, US Mountain Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=324502
# found=12
# cleaned=12
# scan_time=7507
C:\_OTL\MovedFiles\06182010_002522\c_Documents and Settings\Adrian\Local Settings\Application Data\dhaegd\ybsorgx.exe Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\06182010_002522\c_Documents and Settings\Adrian\Local Settings\Application Data\jclgsnask\klgiqds.exe Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\06182010_002522\c_Documents and Settings\Adrian\Local Settings\Application Data\qdswimv\pspqqtj.exe Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\06182010_002522\c_Documents and Settings\Adrian\Local Settings\Application Data\tnfaof\scjdrca.exe Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\06182010_002522\c_Documents and Settings\John Connor\Local Settings\Application Data\fdhwbksk\rjhyfw.exe Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\06182010_002522\c_Documents and Settings\John Connor\Local Settings\Application Data\qvveagw\jqvjyh.exe Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\06182010_002522\c_Documents and Settings\John Connor\Local Settings\Application Data\snoafjp\kqkmurq.exe Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\06182010_002522\c_Documents and Settings\memoirs\Local Settings\Application Data\ddgymqcrk\vawxad.exe Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\06182010_002522\c_Documents and Settings\memoirs\Local Settings\Application Data\fsepvstt\yoiyhua.exe Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\06182010_002522\c_Documents and Settings\memoirs\Local Settings\Application Data\kjbdjk\haqdep.exe Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\06182010_002522\c_Documents and Settings\memoirs\Local Settings\Application Data\whcdawih\qhynod.exe Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\06182010_002522\c_Documents and Settings\memoirs\Local Settings\Application Data\xebdbx\qojkhs.exe Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C