Random sounds

Hi, my computer starts playing random sounds.... This ranges from music to commercials for products such as Lysol. I am not the primary user for this computer (its my grandparents) so i only have access to it on the weekends. I have ran a full scan of Avast antivirus and MBAM and have found nothing on either one. I have also ran Hijackthis and can post the logs for it as well if needed

Heres the OTL logs....


OTL logfile created on: 9/26/2010 11:41:39 AM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Roy\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

383.00 Mb Total Physical Memory | 66.00 Mb Available Physical Memory | 17.00% Memory free
919.00 Mb Paging File | 409.00 Mb Available in Paging File | 44.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 111.88 Gb Free Space | 75.07% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 1.80 Gb Total Space | 0.55 Gb Free Space | 30.59% Space Free | Partition Type: FAT32

Computer Name: EINGLETT
Current User Name: Roy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/09/26 11:40:36 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Roy\My Documents\Downloads\OTL.com
PRC - [2010/09/21 01:40:50 | 000,977,976 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Roy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2010/09/01 08:31:54 | 009,777,448 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe
PRC - [2010/08/13 13:08:46 | 000,033,056 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/08/10 00:00:42 | 000,013,088 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
PRC - [2010/06/28 16:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/09/26 11:40:36 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Roy\My Documents\Downloads\OTL.com
MOD - [2008/04/14 05:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Roy\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/06/28 16:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/28 16:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/28 16:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/28 16:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/06/28 16:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/28 16:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/09/27 19:31:25 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2009/09/23 16:10:06 | 000,207,280 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2008/04/13 22:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2005/09/18 11:32:00 | 003,493,984 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005/09/14 14:38:00 | 003,856,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/08/12 17:31:12 | 000,098,432 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005/07/29 20:11:04 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/07/29 20:11:02 | 000,034,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/01/07 20:07:16 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13116&gct=&gc=1&q=

IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz1.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Google Powered Search"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q="
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.selectedEngine: "Fast Browser Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {37d6d330-27cc-41d1-a1f2-158744751199}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: extension@virtusdesigns.com:3.6.6
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7
FF - prefs.js..extensions.enabledItems: {7694c49c-9fbd-11dc-8314-0800200c9a66}:3.6.6
FF - prefs.js..keyword.URL: "http://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=18&tid={D4BE7E42-ABCD-1168-AC6C-17625E4A5DAD}&q="

FF - user.js..browser.search.selectedEngine: "Search"
FF - user.js..keyword.URL: "http://www.sicto.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=3oOAX9Ew&q="

FF - HKLM\software\mozilla\Firefox\extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\firefox\
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/17 20:08:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/17 20:08:10 | 000,000,000 | ---D | M]

[2009/09/26 23:11:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roy\Application Data\Mozilla\Extensions
[2010/09/26 07:17:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roy\Application Data\Mozilla\Firefox\Profiles\d0o7jw35.default\extensions
[2009/10/20 00:14:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Roy\Application Data\Mozilla\Firefox\Profiles\d0o7jw35.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/01 21:48:55 | 000,000,000 | ---D | M] (Play Games For Free Toolbar) -- C:\Documents and Settings\Roy\Application Data\Mozilla\Firefox\Profiles\d0o7jw35.default\extensions\{37d6d330-27cc-41d1-a1f2-158744751199}
[2010/04/01 21:48:54 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Roy\Application Data\Mozilla\Firefox\Profiles\d0o7jw35.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/08/29 12:50:46 | 000,000,000 | ---D | M] (Aquatint Black) -- C:\Documents and Settings\Roy\Application Data\Mozilla\Firefox\Profiles\d0o7jw35.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}
[2009/09/26 23:12:36 | 000,000,000 | ---D | M] (CoolChaser Layout Auto Insert) -- C:\Documents and Settings\Roy\Application Data\Mozilla\Firefox\Profiles\d0o7jw35.default\extensions\{a2880346-35bb-45bb-9190-eedb49c132c5}(2)
[2010/06/09 22:51:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Roy\Application Data\Mozilla\Firefox\Profiles\d0o7jw35.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}
[2010/08/29 12:51:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roy\Application Data\Mozilla\Firefox\Profiles\d0o7jw35.default\extensions\extension@virtusdesigns.com
[2010/07/11 08:09:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roy\Application Data\Mozilla\Firefox\Profiles\d0o7jw35.default\extensions\toolbar@ask.com
[2010/09/05 17:29:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roy\Application Data\Mozilla\Firefox\Profiles\d0o7jw35.default\extensions\youtube2mp3@mondayx.de
[2010/08/29 12:51:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roy\Application Data\Mozilla\Firefox\Profiles\d0o7jw35.default\extensions\extension@virtusdesigns.com\__MACOSX
[2010/08/29 12:51:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roy\Application Data\Mozilla\Firefox\Profiles\d0o7jw35.default\extensions\extension@virtusdesigns.com\chrome
[2010/08/29 12:51:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roy\Application Data\Mozilla\Firefox\Profiles\d0o7jw35.default\extensions\extension@virtusdesigns.com\defaults
[2010/08/29 12:50:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Roy\Application Data\Mozilla\Firefox\Profiles\d0o7jw35.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}\chrome\mac\mozapps\extensions
[2010/08/29 12:50:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Roy\Application Data\Mozilla\Firefox\Profiles\d0o7jw35.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}\chrome\win\mozapps\extensions
[2010/06/15 22:46:15 | 000,000,911 | ---- | M] () -- C:\Documents and Settings\Roy\Application Data\Mozilla\Firefox\Profiles\d0o7jw35.default\searchplugins\conduit.xml
[2009/12/28 23:16:15 | 000,009,941 | ---- | M] () -- C:\Documents and Settings\Roy\Application Data\Mozilla\Firefox\Profiles\d0o7jw35.default\searchplugins\mywebsearch.xml
[2009/09/14 03:38:34 | 000,001,753 | ---- | M] () -- C:\Documents and Settings\Roy\Application Data\Mozilla\Firefox\Profiles\d0o7jw35.default\searchplugins\search-the-web.xml
[2010/09/26 07:17:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/01 17:01:40 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/08/28 20:42:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/28 20:42:18 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/10/04 21:06:48 | 000,003,700 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.png
[2009/10/04 21:06:49 | 000,001,963 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.xml
[2009/12/22 09:02:48 | 000,002,197 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google-search.xml

O1 HOSTS File: ([2010/04/03 22:33:13 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz1.dll (Conduit Ltd.)
O2 - BHO: (MP3 Rocket Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (MP3 Rocket Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\tbVuz1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (MP3 Rocket Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [combofix] C:\ComboFix\CF14296.cfx File not found
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Roy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Roy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/07 01:32:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{61d616d2-abbe-11de-9cc7-0013d3e77cc3}\Shell - "" = AutoRun
O33 - MountPoints2\{61d616d2-abbe-11de-9cc7-0013d3e77cc3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{61d616d2-abbe-11de-9cc7-0013d3e77cc3}\Shell\AutoRun\command - "" = I:\Autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: klmdb.sys - Driver
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: klmdb.sys - Driver
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error.
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.ffds - C:\WINDOWS\System32\ffdshow.ax ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2010/09/26 11:27:14 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/09/26 11:23:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Roy\Local Settings\Application Data\Temp
[2010/09/26 11:22:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Roy\Local Settings\Application Data\Google
[2010/09/05 20:02:52 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/09/05 19:55:32 | 000,233,472 | ---- | C] (Propellerhead Software AB) -- C:\WINDOWS\System32\REX Shared Library.dll
[2010/09/05 19:55:02 | 000,368,640 | ---- | C] (Propellerhead Software AB) -- C:\WINDOWS\System32\ReWire.dll
[2010/09/05 19:32:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Propellerhead Software
[2010/09/05 19:32:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Roy\Application Data\Propellerhead Software
[2010/09/05 19:27:00 | 000,000,000 | ---D | C] -- C:\Program Files\Propellerhead
[2010/09/05 17:45:20 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/09/05 17:44:16 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/09/05 17:44:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/09/05 17:32:49 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/09/05 17:27:01 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/09/04 22:01:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2010/08/28 21:38:02 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallJammer Registry
[2010/08/28 21:37:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Roy\Application Data\Riverpoint Writer
[2010/08/28 20:49:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Roy\Application Data\OpenOffice.org
[2010/08/28 20:43:52 | 000,000,000 | ---D | C] -- C:\Program Files\JRE
[2010/08/28 20:43:12 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2010/08/28 20:42:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/08/28 20:42:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/08/28 20:42:38 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/08/28 20:42:38 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/08/28 20:42:38 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/08/28 20:42:38 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/08/28 20:42:37 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2004/12/07 12:13:40 | 000,479,432 | ---- | C] (Microsoft Corporation) -- C:\Program Files\dxsetup.exe
[2004/12/07 12:13:38 | 002,249,416 | ---- | C] (Microsoft Corporation) -- C:\Program Files\dsetup32.dll
[2004/12/07 12:13:38 | 000,069,832 | ---- | C] (Microsoft Corporation) -- C:\Program Files\DSETUP.dll
[2004/11/24 14:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/09/26 11:36:42 | 000,002,443 | ---- | M] () -- C:\Documents and Settings\Roy\Desktop\HiJackThis.lnk
[2010/09/26 11:27:04 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-1085031214-725345543-1003UA.job
[2010/09/26 11:27:01 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-1085031214-725345543-1003Core.job
[2010/09/26 11:24:39 | 000,002,268 | ---- | M] () -- C:\Documents and Settings\Roy\Desktop\Google Chrome.lnk
[2010/09/26 11:24:39 | 000,002,246 | ---- | M] () -- C:\Documents and Settings\Roy\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/09/26 11:23:57 | 002,359,296 | ---- | M] () -- C:\Documents and Settings\Roy\ntuser.dat
[2010/09/25 21:55:47 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/25 21:55:37 | 000,030,277 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/09/25 21:55:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/25 16:04:38 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/25 14:56:30 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/13 08:40:40 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Roy\ntuser.ini
[2010/09/13 08:40:25 | 003,770,260 | -H-- | M] () -- C:\Documents and Settings\Roy\Local Settings\Application Data\IconCache.db
[2010/09/05 19:55:32 | 000,233,472 | ---- | M] (Propellerhead Software AB) -- C:\WINDOWS\System32\REX Shared Library.dll
[2010/09/05 19:55:03 | 000,368,640 | ---- | M] (Propellerhead Software AB) -- C:\WINDOWS\System32\ReWire.dll
[2010/09/05 19:28:19 | 000,000,722 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Reason.lnk
[2010/09/05 17:47:36 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/08/29 14:58:57 | 000,001,100 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/08/29 12:41:50 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Roy\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/08/29 12:41:46 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/08/29 12:41:46 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/08/29 11:51:46 | 000,018,496 | ---- | M] () -- C:\Documents and Settings\Roy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/08/29 11:51:25 | 000,018,632 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/08/29 09:30:04 | 000,118,952 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/28 21:38:02 | 000,001,973 | ---- | M] () -- C:\Documents and Settings\Roy\Application Data\Microsoft\Internet Explorer\Quick Launch\Riverpoint Writer.lnk
[2010/08/28 20:46:04 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.2.lnk
[2010/08/28 20:42:17 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/08/28 20:42:17 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/08/28 20:42:17 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/08/28 20:42:17 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/08/28 20:42:16 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/26 11:27:16 | 000,002,443 | ---- | C] () -- C:\Documents and Settings\Roy\Desktop\HiJackThis.lnk
[2010/09/26 11:24:39 | 000,002,268 | ---- | C] () -- C:\Documents and Settings\Roy\Desktop\Google Chrome.lnk
[2010/09/26 11:24:39 | 000,002,246 | ---- | C] () -- C:\Documents and Settings\Roy\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/09/26 11:22:58 | 000,000,970 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-1085031214-725345543-1003UA.job
[2010/09/26 11:22:56 | 000,000,918 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-1085031214-725345543-1003Core.job
[2010/09/05 19:28:19 | 000,000,722 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Reason.lnk
[2010/09/05 17:47:36 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/08/28 21:38:02 | 000,001,973 | ---- | C] () -- C:\Documents and Settings\Roy\Application Data\Microsoft\Internet Explorer\Quick Launch\Riverpoint Writer.lnk
[2010/08/28 20:46:04 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.2.lnk
[2010/06/03 08:11:39 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2010/04/02 20:39:14 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2009/10/23 22:40:31 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Roy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/19 13:15:47 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/09/27 20:29:42 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2009/09/27 20:29:42 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2008/12/19 10:15:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008/12/17 12:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008/12/17 12:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008/12/17 12:22:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/12/17 12:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008/12/17 11:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/12/11 06:27:02 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2005/09/18 11:32:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/09/18 11:32:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005/09/18 11:32:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/09/18 11:32:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/09/18 11:32:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/09/18 11:32:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/09/18 11:32:00 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2004/12/07 12:13:42 | 003,578,547 | ---- | C] () -- C:\Program Files\ManagedDX.CAB
[2004/12/07 12:13:42 | 001,156,363 | ---- | C] () -- C:\Program Files\BDANT.cab
[2004/12/07 12:13:42 | 000,703,080 | ---- | C] () -- C:\Program Files\BDA.cab
[2004/12/07 12:13:38 | 013,265,040 | R--- | C] () -- C:\Program Files\dxnt.cab
[2004/12/07 12:13:36 | 015,493,481 | ---- | C] () -- C:\Program Files\DirectX.cab
[2004/12/07 12:13:36 | 000,976,020 | ---- | C] () -- C:\Program Files\BDAXP.cab
[2004/12/07 11:47:32 | 000,020,717 | ---- | C] () -- C:\Program Files\DirectX SDK EULA.txt
[2004/10/03 12:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/14 05:41:56 | 000,094,720 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iphlpapi.dll
[2008/04/14 05:42:00 | 000,071,680 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msacm32.dll
[2004/08/03 21:07:00 | 000,146,432 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msls31.dll
[2008/04/14 05:42:04 | 000,237,056 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\rasapi32.dll
[2008/04/14 05:42:04 | 000,061,440 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\rasman.dll
[2008/04/14 05:42:06 | 000,433,664 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\riched20.dll
[2008/04/14 05:42:06 | 000,044,032 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\rtutils.dll
[2008/04/14 05:42:06 | 000,007,168 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\sensapi.dll
[2008/04/14 05:42:08 | 000,713,216 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\sxs.dll
[2008/04/14 05:42:08 | 000,181,760 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\tapi32.dll
[2008/04/14 05:42:12 | 000,022,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\wsock32.dll
[2008/04/13 23:09:26 | 002,897,920 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\xpsp2res.dll
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009/08/06 17:42:49 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/08/06 17:42:49 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/08/06 17:42:49 | 000,909,312 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2004/08/03 21:07:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2004/08/03 21:07:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2004/08/03 21:07:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2004/08/03 21:07:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2004/08/03 21:07:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2004/08/03 21:07:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2004/08/03 21:07:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2004/08/03 21:07:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2004/08/03 21:07:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2004/08/03 21:07:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2004/08/03 21:07:00 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2004/08/03 21:07:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2004/08/03 21:07:00 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2004/08/03 21:07:00 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2004/08/03 21:07:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2008/04/14 00:15:00 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2010/05/02 01:22:50 | 001,851,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2008/04/14 05:41:50 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008/04/14 05:41:50 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/14 05:41:50 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/14 05:41:50 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/14 05:41:50 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/14 05:41:50 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/14 05:41:50 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2008/04/14 05:41:52 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/14 05:41:52 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/14 05:41:52 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/14 05:41:52 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/14 05:41:52 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/14 05:41:52 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2008/04/14 05:42:06 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008/04/14 05:42:10 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2009/08/07 01:32:13 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/08/07 01:26:32 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/04/03 22:26:59 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2009/08/07 01:32:13 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/08/07 01:32:13 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/08/07 01:32:13 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/03 21:07:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/08/14 11:39:57 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/09/25 21:55:19 | 602,972,160 | -HS- | M] () -- C:\pagefile.sys
[2010/09/05 20:01:41 | 000,042,070 | ---- | M] () -- C:\TDSSKiller.2.2.8.1_05.09.2010_20.01.37_log.txt
[2010/09/05 20:02:03 | 000,042,070 | ---- | M] () -- C:\TDSSKiller.2.2.8.1_05.09.2010_20.02.01_log.txt

< %PROGRAMFILES%\*. >
[2010/08/14 11:35:15 | 000,000,000 | ---D | M] -- C:\Program Files\ACW
[2009/10/27 20:13:33 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/06/15 20:53:27 | 000,000,000 | ---D | M] -- C:\Program Files\Ahead
[2010/06/07 18:10:51 | 000,000,000 | ---D | M] -- C:\Program Files\Alwil Software
[2009/10/11 17:52:05 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010/07/10 23:04:59 | 000,000,000 | ---D | M] -- C:\Program Files\Ask.com
[2010/09/05 17:27:02 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2010/08/28 20:42:53 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2009/08/07 01:28:34 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2010/06/15 20:23:00 | 000,000,000 | ---D | M] -- C:\Program Files\Conduit
[2009/09/27 19:35:09 | 000,000,000 | ---D | M] -- C:\Program Files\DAEMON Tools Lite
[2009/09/27 19:35:09 | 000,000,000 | ---D | M] -- C:\Program Files\DAEMON Tools Toolbar
[2010/06/18 07:50:06 | 000,000,000 | ---D | M] -- C:\Program Files\Diablo II
[2010/01/22 20:45:12 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
[2009/09/27 00:52:52 | 000,000,000 | ---D | M] -- C:\Program Files\directx
[2010/04/03 22:55:18 | 000,000,000 | ---D | M] -- C:\Program Files\ESET
[2010/01/22 20:56:49 | 000,000,000 | ---D | M] -- C:\Program Files\Garmin
[2010/01/22 20:45:15 | 000,000,000 | ---D | M] -- C:\Program Files\Garmin GPS Plugin
[2010/06/18 02:52:25 | 000,000,000 | ---D | M] -- C:\Program Files\GIMP-2.0
[2010/06/18 03:43:20 | 000,000,000 | ---D | M] -- C:\Program Files\GTK2-Runtime
[2010/07/01 15:29:48 | 000,000,000 | ---D | M] -- C:\Program Files\Guild Wars
[2010/01/31 12:45:37 | 000,000,000 | ---D | M] -- C:\Program Files\GW Team Builder
[2010/08/28 21:38:02 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallJammer Registry
[2009/09/27 04:09:54 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/08/14 12:32:16 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/09/05 17:45:20 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/09/05 17:47:08 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2009/09/27 20:29:44 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/08/28 20:43:52 | 000,000,000 | ---D | M] -- C:\Program Files\JRE
[2010/07/25 17:23:24 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/14 11:50:22 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2009/08/07 01:32:34 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2010/08/14 11:49:17 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/09/26 07:07:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2010/06/09 17:59:06 | 000,000,000 | ---D | M] -- C:\Program Files\MP3 Rocket
[2009/10/11 07:13:53 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/08/07 01:27:38 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2009/08/07 01:28:08 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2009/10/11 06:53:33 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2010/08/14 11:43:20 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2009/08/07 01:30:23 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/08/28 20:43:47 | 000,000,000 | ---D | M] -- C:\Program Files\OpenOffice.org 3
[2010/08/14 12:05:30 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2009/11/25 14:54:25 | 000,000,000 | ---D | M] -- C:\Program Files\PokerStars.NET
[2010/09/05 19:27:00 | 000,000,000 | ---D | M] -- C:\Program Files\Propellerhead
[2010/09/05 17:34:23 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2009/09/27 04:09:55 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2009/10/11 07:13:20 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2009/09/27 01:00:21 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2010/06/09 22:54:20 | 000,000,000 | ---D | M] -- C:\Program Files\Sony Online Entertainment
[2010/04/03 17:36:01 | 000,000,000 | ---D | M] -- C:\Program Files\Spyware Doctor
[2010/09/26 11:27:14 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2009/08/07 17:09:42 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/06/11 02:51:02 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent
[2009/10/19 13:16:09 | 000,000,000 | ---D | M] -- C:\Program Files\Ventrilo
[2010/09/19 21:46:57 | 000,000,000 | ---D | M] -- C:\Program Files\Vuze_Remote
[2010/03/10 19:13:00 | 000,000,000 | ---D | M] -- C:\Program Files\Warrior Epic
[2010/08/29 12:07:29 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2010/08/29 12:07:28 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2010/08/14 11:43:16 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/08/07 01:30:27 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2009/11/08 04:33:10 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2009/08/07 01:32:34 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2009/12/05 02:39:19 | 000,000,000 | ---D | M] -- C:\Program Files\XP Codec Pack
[2009/10/27 11:53:13 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
[2010/01/03 18:23:36 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo! Games

< %appdata%\*.* >
[2009/08/06 17:46:36 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Roy\Application Data\desktop.ini


< MD5 for: AGP440.SYS >
[2004/08/03 21:07:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/03 21:07:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 21:07:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 21:07:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2004/08/03 21:07:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/03 21:07:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/03 21:07:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/14 00:10:48 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/14 00:10:48 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/03 21:07:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2004/08/03 21:07:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ERDNT\cache\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/03 21:07:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2004/08/03 21:07:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ERDNT\cache\netlogon.dll

< MD5 for: NVATA.SYS >
[2005/08/12 17:31:12 | 000,098,432 | ---- | M] (NVIDIA Corporation) MD5=11D1AD7E946538E02F9EF6A6E1792061 -- C:\cabs\K8MC51GMBD\IDE\Win2K\sata_ide\nvata.sys
[2005/08/12 17:31:12 | 000,098,432 | ---- | M] (NVIDIA Corporation) MD5=11D1AD7E946538E02F9EF6A6E1792061 -- C:\cabs\K8MC51GMBD\IDE\WinXP\sata_ide\nvata.sys
[2005/08/12 17:31:12 | 000,098,432 | ---- | M] (NVIDIA Corporation) MD5=11D1AD7E946538E02F9EF6A6E1792061 -- C:\WINDOWS\system32\drivers\nvata.sys

< MD5 for: NVATABUS.SYS >
[2005/08/12 17:31:12 | 000,098,432 | ---- | M] (NVIDIA Corporation) MD5=11D1AD7E946538E02F9EF6A6E1792061 -- C:\cabs\K8MC51GMBD\IDE\Win2K\sataraid\nvatabus.sys
[2005/08/12 17:31:12 | 000,098,432 | ---- | M] (NVIDIA Corporation) MD5=11D1AD7E946538E02F9EF6A6E1792061 -- C:\cabs\K8MC51GMBD\IDE\WinXP\sataraid\nvatabus.sys

< MD5 for: SCECLI.DLL >
[2004/08/03 21:07:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2004/08/03 21:07:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2004/08/03 21:07:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2004/08/03 21:07:00 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2008/04/14 00:15:40 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/14 00:15:40 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-07-18 07:02:12

========== Alternate Data Streams ==========

@Alternate Data Stream - 155 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >

OTL Extras logfile created on: 9/26/2010 11:41:39 AM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Roy\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

383.00 Mb Total Physical Memory | 66.00 Mb Available Physical Memory | 17.00% Memory free
919.00 Mb Paging File | 409.00 Mb Available in Paging File | 44.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 111.88 Gb Free Space | 75.07% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 1.80 Gb Total Space | 0.55 Gb Free Space | 30.59% Space Free | Partition Type: FAT32


Computer Name: EINGLETT
Current User Name: Roy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"223:TCP" = 223:TCP:*:Enabled:WarriorEpic
"223:UDP" = 223:UDP:*:Enabled:WarriorEpic
"860:TCP" = 860:TCP:*:Enabled:WarriorEpic
"860:UDP" = 860:UDP:*:Enabled:WarriorEpic
"262:TCP" = 262:TCP:*:Enabled:WarriorEpic
"262:UDP" = 262:UDP:*:Enabled:WarriorEpic
"367:TCP" = 367:TCP:*:Enabled:WarriorEpic
"367:UDP" = 367:UDP:*:Enabled:WarriorEpic
"90:TCP" = 90:TCP:*:Enabled:WarriorEpic
"90:UDP" = 90:UDP:*:Enabled:WarriorEpic
"311:TCP" = 311:TCP:*:Enabled:WarriorEpic
"311:UDP" = 311:UDP:*:Enabled:WarriorEpic
"33:TCP" = 33:TCP:*:Enabled:WarriorEpic
"33:UDP" = 33:UDP:*:Enabled:WarriorEpic
"770:TCP" = 770:TCP:*:Enabled:WarriorEpic
"770:UDP" = 770:UDP:*:Enabled:WarriorEpic
"876:TCP" = 876:TCP:*:Enabled:WarriorEpic
"876:UDP" = 876:UDP:*:Enabled:WarriorEpic
"946:TCP" = 946:TCP:*:Enabled:WarriorEpic
"946:UDP" = 946:UDP:*:Enabled:WarriorEpic
"987:TCP" = 987:TCP:*:Enabled:WarriorEpic
"987:UDP" = 987:UDP:*:Enabled:WarriorEpic
"991:TCP" = 991:TCP:*:Enabled:WarriorEpic
"991:UDP" = 991:UDP:*:Enabled:WarriorEpic
"600:TCP" = 600:TCP:*:Enabled:WarriorEpic
"600:UDP" = 600:UDP:*:Enabled:WarriorEpic
"448:TCP" = 448:TCP:*:Enabled:WarriorEpic
"448:UDP" = 448:UDP:*:Enabled:WarriorEpic
"87:TCP" = 87:TCP:*:Enabled:WarriorEpic
"87:UDP" = 87:UDP:*:Enabled:WarriorEpic
"710:TCP" = 710:TCP:*:Enabled:WarriorEpic
"710:UDP" = 710:UDP:*:Enabled:WarriorEpic
"282:TCP" = 282:TCP:*:Enabled:WarriorEpic
"282:UDP" = 282:UDP:*:Enabled:WarriorEpic
"363:TCP" = 363:TCP:*:Enabled:WarriorEpic
"363:UDP" = 363:UDP:*:Enabled:WarriorEpic
"740:TCP" = 740:TCP:*:Enabled:WarriorEpic
"740:UDP" = 740:UDP:*:Enabled:WarriorEpic
"708:TCP" = 708:TCP:*:Enabled:WarriorEpic
"708:UDP" = 708:UDP:*:Enabled:WarriorEpic
"612:TCP" = 612:TCP:*:Enabled:WarriorEpic
"612:UDP" = 612:UDP:*:Enabled:WarriorEpic
"774:TCP" = 774:TCP:*:Enabled:WarriorEpic
"774:UDP" = 774:UDP:*:Enabled:WarriorEpic
"214:TCP" = 214:TCP:*:Enabled:WarriorEpic
"214:UDP" = 214:UDP:*:Enabled:WarriorEpic

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Warrior Epic\WEShell_TGI.exe" = C:\Program Files\Warrior Epic\WEShell_TGI.exe:*:Enabled:Warrior Epic -- (True Games Interactive)
"C:\Program Files\Sony Online Entertainment\Installed Games\EverQuest II\EQ2VoiceService.exe" = C:\Program Files\Sony Online Entertainment\Installed Games\EverQuest II\EQ2VoiceService.exe:*:Disabled:EQ2VoiceService -- ()
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{15F4085A-BC98-4590-AFFD-03BBBE49524E}" = Garmin Communicator Plugin
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D69F6DA9-46CF-3EFD-DC4B-9E38F75F5B10}" = Super Collapse 3
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast5" = avast! Free Antivirus
"Diablo II" = Diablo II
"ESET Online Scanner" = ESET Online Scanner v3
"FF389026-F961-42C5-BACD-B4A3AA73E0F3" = Riverpoint Writer
"GTK2-Runtime" = GTK2-Runtime
"Guild Wars" = Guild Wars
"GW Team Builder_is1" = GW Team Builder 1.2.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.13)" = Mozilla Firefox (3.5.13)
"MP3 Rocket" = MP3 Rocket
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NeroVision!UninstallKey" = NeroVision Express 2
"NMIX!UninstallKey" = NeroMIX
"NVIDIA Drivers" = NVIDIA Drivers
"PokerStars.net" = PokerStars.net
"RatingsMigration" = Windows Media Player 9 Series Power Toy - Ratings Migration
"Reason4_is1" = Reason 4.0
"ST5UNST #1" = Typing Tutor
"Super Collapse 3" = Super Collapse 3 (remove only)
"uTorrent" = µTorrent
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"Warrior Epic" = Warrior Epic
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XP Codec Pack" = XP Codec Pack
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Diablo II" = Diablo II
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player
"SOE-EverQuest II Streaming (US English)" = EverQuest II (US English)
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/12/2010 1:40:37 PM | Computer Name = EINGLETT | Source = Bonjour Service | ID = 100
Description = 240: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 9/12/2010 1:40:37 PM | Computer Name = EINGLETT | Source = Bonjour Service | ID = 100
Description = 232: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 9/12/2010 1:40:37 PM | Computer Name = EINGLETT | Source = Bonjour Service | ID = 100
Description = 392: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 9/12/2010 1:40:37 PM | Computer Name = EINGLETT | Source = Bonjour Service | ID = 100
Description = 384: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 9/14/2010 8:30:30 PM | Computer Name = EINGLETT | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3888, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/20/2010 11:07:50 PM | Computer Name = EINGLETT | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3909, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/25/2010 6:50:03 AM | Computer Name = EINGLETT | Source = Application Error | ID = 1005
Description = Windows cannot access the file C:\Documents and Settings\LocalService\Local
Settings\Temporary Internet Files\Content.IE5\index.dat for one of the following
reasons: there is a problem with the network connection, the disk that the file
is stored on, or the storage drivers installed on this computer; or the disk is
missing. Windows closed the program index.dat because of this error. Program: index.dat
File:
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat

The
error value is listed in the Additional Data section. User Action 1. Open the file
again. This situation might be a temporary problem that corrects itself when the
program runs again. 2. If the file still cannot be accessed and - It is on the network,
your network administrator should verify that there is not a problem with the network
and that the server can be contacted. - It is on a removable disk, for example,
a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3.
Check and repair the file system by running CHKDSK. To run CHKDSK, click Start,
click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F,
and then press ENTER. 4. If the problem persists, restore the file from a backup
copy. 5. Determine whether other files on the same disk can be opened. If not, the
disk might be damaged. If it is a hard disk, contact your administrator or computer
hardware vendor for further assistance. Additional Data Error value: C000009C Disk
type: 3

Error - 9/25/2010 6:50:07 AM | Computer Name = EINGLETT | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module wininet.dll, version 6.0.2900.5969, fault address 0x00004603.

Error - 9/25/2010 7:37:50 AM | Computer Name = EINGLETT | Source = Application Error | ID = 1005
Description = Windows cannot access the file C:\Documents and Settings\LocalService\Local
Settings\Temporary Internet Files\Content.IE5\index.dat for one of the following
reasons: there is a problem with the network connection, the disk that the file
is stored on, or the storage drivers installed on this computer; or the disk is
missing. Windows closed the program index.dat because of this error. Program: index.dat
File:
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat

The
error value is listed in the Additional Data section. User Action 1. Open the file
again. This situation might be a temporary problem that corrects itself when the
program runs again. 2. If the file still cannot be accessed and - It is on the network,
your network administrator should verify that there is not a problem with the network
and that the server can be contacted. - It is on a removable disk, for example,
a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3.
Check and repair the file system by running CHKDSK. To run CHKDSK, click Start,
click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F,
and then press ENTER. 4. If the problem persists, restore the file from a backup
copy. 5. Determine whether other files on the same disk can be opened. If not, the
disk might be damaged. If it is a hard disk, contact your administrator or computer
hardware vendor for further assistance. Additional Data Error value: C000009C Disk
type: 3

Error - 9/25/2010 7:37:57 AM | Computer Name = EINGLETT | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module wininet.dll, version 6.0.2900.5969, fault address 0x0007a090.

[ System Events ]
Error - 8/20/2010 9:31:54 AM | Computer Name = EINGLETT | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 8/20/2010 9:31:59 AM | Computer Name = EINGLETT | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 8/20/2010 9:32:08 AM | Computer Name = EINGLETT | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 8/20/2010 9:32:24 AM | Computer Name = EINGLETT | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 8/20/2010 9:32:29 AM | Computer Name = EINGLETT | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 8/20/2010 9:32:35 AM | Computer Name = EINGLETT | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 8/20/2010 9:32:40 AM | Computer Name = EINGLETT | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 8/20/2010 9:32:45 AM | Computer Name = EINGLETT | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 8/20/2010 9:32:50 AM | Computer Name = EINGLETT | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 8/20/2010 9:32:56 AM | Computer Name = EINGLETT | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.


< End of report >

Hello.

• Download combofix from here
  Link 1
  Link 2
  
  1. If you are using Firefox, make sure that your download settings are as follows:
  
  * Tools->Options->Main tab
  * Set to "Always ask me where to Save the files".
  
  2. During the download, rename Combofix to Combo-Fix as follows:
  
  
  
  
  
  3. It is important you rename Combofix during the download, but not after.
  4. Please do not rename Combofix to other names, but only to the one indicated.
  5. Close any open browsers.
  6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
  
• We need to disable your local AV (Anti-virus) before running Combofix.
  
• See HERE for how to disable your AV.
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
  
  
  
• The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
  
  
  
  
• Allow ComboFix to download the Recovery Console.
  
• Accept the End-User License Agreement.
  
• The Recovery Console will be installed.
  
• You will then get this next prompt that asks if you want to continue the malware scan, select yes
  
  
  
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

I attached the log as otherwise it would have taken 10+ messages....

Hello.

1. Close any open browsers.
   
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
3. Open notepad and copy/paste the text in the quotebox below into it:
   

   Code:

   
KILLALL::

Firefox::
FF - ProfilePath - c:\documents and settings\Roy\Application Data\Mozilla\Firefox\Profiles\d0o7jw35.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q=
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=18&tid={D4BE7E42-ABCD-1168-AC6C-17625E4A5DAD}&q=

   
   
4. Save this as CFScript.txt, in the same location as ComboFix.exe
   
   
   
   
5. Referring to the picture above, drag CFScript into ComboFix.exe
   
6. When finished, it shall produce a log for you at C:\ComboFix.txt
   
7. Please post the contents of the log in your next reply.
   

Here ya go....

ComboFix 10-10-01.01 - Roy 10/01/2010 19:01:21.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.383.86 [GMT -4]
Running from: c:\documents and settings\Roy\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Roy\Desktop\cfscript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2010-09-01 to 2010-10-01 )))))))))))))))))))))))))))))))
.

2010-09-26 15:27 . 2010-09-26 15:27 388096 ----a-r- c:\documents and settings\Roy\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-26 15:27 . 2010-09-26 15:27 -------- d-----w- c:\program files\Trend Micro
2010-09-26 15:23 . 2010-09-26 15:23 -------- d-----w- c:\documents and settings\Roy\Local Settings\Application Data\Temp
2010-09-26 15:22 . 2010-09-26 15:23 -------- d-----w- c:\documents and settings\Roy\Local Settings\Application Data\Google
2010-09-06 00:07 . 2010-09-06 00:07 -------- d-----w- c:\documents and settings\Administrator.EINGLETT\Application Data\Propellerhead Software
2010-09-06 00:06 . 2010-09-06 00:06 -------- d-----w- c:\documents and settings\Administrator.EINGLETT\Application Data\Malwarebytes
2010-09-05 23:55 . 2010-09-05 23:55 233472 ----a-w- c:\windows\system32\REX Shared Library.dll
2010-09-05 23:55 . 2010-09-05 23:55 368640 ----a-w- c:\windows\system32\ReWire.dll
2010-09-05 23:32 . 2010-09-05 23:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Propellerhead Software
2010-09-05 23:32 . 2010-09-06 00:26 -------- d-----w- c:\documents and settings\Roy\Application Data\Propellerhead Software
2010-09-05 23:27 . 2010-09-05 23:27 -------- d-----w- c:\program files\Propellerhead
2010-09-05 21:45 . 2010-09-05 21:45 -------- d-----w- c:\program files\iPod
2010-09-05 21:44 . 2010-09-05 21:47 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-09-05 21:44 . 2010-09-05 21:47 -------- d-----w- c:\program files\iTunes
2010-09-05 21:32 . 2010-09-05 21:34 -------- d-----w- c:\program files\QuickTime
2010-09-05 21:27 . 2010-09-05 21:27 -------- d-----w- c:\program files\Bonjour
2010-09-05 21:20 . 2010-09-05 21:20 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe
2010-09-04 00:33 . 2010-09-04 00:33 -------- d-s---w- c:\documents and settings\LocalService\UserData

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-27 01:28 . 2010-02-07 16:02 -------- d-----w- c:\program files\Warrior Epic
2010-09-25 20:04 . 2009-08-08 21:10 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-20 01:46 . 2010-06-16 00:22 -------- d-----w- c:\program files\Vuze_Remote
2010-09-19 22:34 . 2009-09-27 05:00 -------- d-----w- c:\documents and settings\Roy\Application Data\Skype
2010-09-19 20:04 . 2009-09-27 05:01 -------- d-----w- c:\documents and settings\Roy\Application Data\skypePM
2010-09-05 23:34 . 2010-06-11 06:50 -------- d-----w- c:\documents and settings\Roy\Application Data\uTorrent
2010-09-05 22:37 . 2009-10-11 21:59 -------- d-----w- c:\documents and settings\Roy\Application Data\Apple Computer
2010-09-05 21:45 . 2009-10-11 21:48 -------- d-----w- c:\program files\Common Files\Apple
2010-08-29 18:58 . 2009-08-08 21:10 1100 ----a-w- c:\windows\system32\d3d8caps.dat
2010-08-29 16:20 . 2009-10-24 02:06 -------- d-----w- c:\documents and settings\Roy\Application Data\MP3Rocket
2010-08-29 16:07 . 2010-03-16 21:51 -------- d-----w- c:\program files\Windows Media Connect 2
2010-08-29 15:51 . 2009-08-07 21:44 18496 ----a-w- c:\documents and settings\Roy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-29 15:51 . 2010-06-05 01:30 18632 ---ha-w- c:\windows\system32\mlfcache.dat
2010-08-29 13:35 . 2010-08-29 13:35 503808 ----a-w- c:\documents and settings\Roy\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2eb05785-n\msvcp71.dll
2010-08-29 13:35 . 2010-08-29 13:35 499712 ----a-w- c:\documents and settings\Roy\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2eb05785-n\jmc.dll
2010-08-29 13:35 . 2010-08-29 13:35 61440 ----a-w- c:\documents and settings\Roy\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-476ac256-n\decora-sse.dll
2010-08-29 13:35 . 2010-08-29 13:35 348160 ----a-w- c:\documents and settings\Roy\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2eb05785-n\msvcr71.dll
2010-08-29 13:35 . 2010-08-29 13:35 12800 ----a-w- c:\documents and settings\Roy\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-476ac256-n\decora-d3d.dll
2010-08-29 01:38 . 2010-08-29 01:38 -------- d--h--w- c:\program files\InstallJammer Registry
2010-08-29 01:37 . 2010-08-29 01:37 1523845 ----a-w- c:\documents and settings\Roy\Application Data\Riverpoint Writer\Uninstall.exe
2010-08-29 01:37 . 2010-08-29 01:37 -------- d-----w- c:\documents and settings\Roy\Application Data\Riverpoint Writer
2010-08-29 01:34 . 2010-08-29 00:49 1 ----a-w- c:\documents and settings\Roy\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-08-29 00:49 . 2010-08-29 00:49 -------- d-----w- c:\documents and settings\Roy\Application Data\OpenOffice.org
2010-08-29 00:43 . 2010-08-29 00:43 -------- d-----w- c:\program files\JRE
2010-08-29 00:43 . 2010-08-29 00:43 -------- d-----w- c:\program files\OpenOffice.org 3
2010-08-29 00:42 . 2010-08-29 00:42 -------- d-----w- c:\program files\Common Files\Java
2010-08-29 00:42 . 2010-08-29 00:42 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-14 15:55 . 2009-08-07 05:31 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-08-14 15:35 . 2010-08-14 15:34 -------- d-----w- c:\program files\ACW
2010-08-14 15:25 . 2010-08-14 15:19 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-27 22:44 . 2010-07-27 22:44 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-27 22:44 . 2010-07-27 22:44 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-07-27 22:44 . 2010-07-27 22:44 107808 ----a-w- c:\windows\system32\dns-sd.exe
2004-12-07 16:13 . 2004-12-07 16:13 703080 -c--a-w- c:\program files\BDA.cab
2004-12-07 16:13 . 2004-12-07 16:13 3578547 ----a-w- c:\program files\ManagedDX.CAB
2004-12-07 16:13 . 2004-12-07 16:13 1156363 -c--a-w- c:\program files\BDANT.cab
2004-12-07 16:13 . 2004-12-07 16:13 479432 ----a-w- c:\program files\dxsetup.exe
2004-12-07 16:13 . 2004-12-07 16:13 69832 ----a-w- c:\program files\DSETUP.dll
2004-12-07 16:13 . 2004-12-07 16:13 2249416 ----a-w- c:\program files\dsetup32.dll
2004-12-07 16:13 . 2004-12-07 16:13 13265040 ----a-r- c:\program files\dxnt.cab
2004-12-07 16:13 . 2004-12-07 16:13 976020 ----a-w- c:\program files\BDAXP.cab
2004-12-07 16:13 . 2004-12-07 16:13 15493481 ----a-w- c:\program files\DirectX.cab
2004-12-07 15:47 . 2004-12-07 15:47 20717 ----a-w- c:\program files\DirectX SDK EULA.txt
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuz1.dll" [2010-09-20 2735200]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2010-09-20 01:47 2735200 ----a-w- c:\program files\Vuze_Remote\tbVuz1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 19:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuz1.dll" [2010-09-20 2735200]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\tbVuz1.dll" [2010-09-20 2735200]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Roy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-09-26 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-18 7204864]
"nwiz"="nwiz.exe" [2005-09-18 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-09-18 86016]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-08 61952]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-14 14820864]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10c.exe" [2009-07-18 257440]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Sony Online Entertainment\\Installed Games\\EverQuest II\\EQ2VoiceService.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"223:TCP"= 223:TCP:WarriorEpic
"223:UDP"= 223:UDP:WarriorEpic
"860:TCP"= 860:TCP:WarriorEpic
"860:UDP"= 860:UDP:WarriorEpic
"262:TCP"= 262:TCP:WarriorEpic
"262:UDP"= 262:UDP:WarriorEpic
"367:TCP"= 367:TCP:WarriorEpic
"367:UDP"= 367:UDP:WarriorEpic
"90:TCP"= 90:TCP:WarriorEpic
"90:UDP"= 90:UDP:WarriorEpic
"311:TCP"= 311:TCP:WarriorEpic
"311:UDP"= 311:UDP:WarriorEpic
"33:TCP"= 33:TCP:WarriorEpic
"33:UDP"= 33:UDP:WarriorEpic
"770:TCP"= 770:TCP:WarriorEpic
"770:UDP"= 770:UDP:WarriorEpic
"876:TCP"= 876:TCP:WarriorEpic
"876:UDP"= 876:UDP:WarriorEpic
"946:TCP"= 946:TCP:WarriorEpic
"946:UDP"= 946:UDP:WarriorEpic
"987:TCP"= 987:TCP:WarriorEpic
"987:UDP"= 987:UDP:WarriorEpic
"991:TCP"= 991:TCP:WarriorEpic
"991:UDP"= 991:UDP:WarriorEpic
"600:TCP"= 600:TCP:WarriorEpic
"600:UDP"= 600:UDP:WarriorEpic
"448:TCP"= 448:TCP:WarriorEpic
"448:UDP"= 448:UDP:WarriorEpic
"87:TCP"= 87:TCP:WarriorEpic
"87:UDP"= 87:UDP:WarriorEpic
"710:TCP"= 710:TCP:WarriorEpic
"710:UDP"= 710:UDP:WarriorEpic
"282:TCP"= 282:TCP:WarriorEpic
"282:UDP"= 282:UDP:WarriorEpic
"363:TCP"= 363:TCP:WarriorEpic
"363:UDP"= 363:UDP:WarriorEpic
"740:TCP"= 740:TCP:WarriorEpic
"740:UDP"= 740:UDP:WarriorEpic
"708:TCP"= 708:TCP:WarriorEpic
"708:UDP"= 708:UDP:WarriorEpic
"612:TCP"= 612:TCP:WarriorEpic
"612:UDP"= 612:UDP:WarriorEpic
"774:TCP"= 774:TCP:WarriorEpic
"774:UDP"= 774:UDP:WarriorEpic
"214:TCP"= 214:TCP:WarriorEpic
"214:UDP"= 214:UDP:WarriorEpic

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [4/2/2010 8:35 PM 207280]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7/8/2010 7:30 PM 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/8/2010 7:30 PM 17744]
S2 Browser Defender Update Service;Browser Defender Update Service;"c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe" --> c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [7/25/2010 5:23 PM 38224]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9/27/2009 7:31 PM 721904]
.
Contents of the 'Scheduled Tasks' folder

2010-10-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-1085031214-725345543-1003Core.job
- c:\documents and settings\Roy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-26 15:22]

2010-10-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-1085031214-725345543-1003UA.job
- c:\documents and settings\Roy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-26 15:22]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = ;*.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
FF - ProfilePath - c:\documents and settings\Roy\Application Data\Mozilla\Firefox\Profiles\d0o7jw35.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\Roy\Application Data\Mozilla\Firefox\Profiles\d0o7jw35.default\extensions\{37d6d330-27cc-41d1-a1f2-158744751199}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Roy\Application Data\Mozilla\Firefox\Profiles\d0o7jw35.default\extensions\{37d6d330-27cc-41d1-a1f2-158744751199}\components\RadioWMPCore.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\Roy\Application Data\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\Roy\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\Roy\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.2\Plugins\npybrowserplus_2.9.2.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-01 19:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2092)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2010-10-01 19:17:20 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-01 23:17
ComboFix2.txt 2010-09-27 01:18
ComboFix3.txt 2010-04-03 21:39

Pre-Run: 123,280,228,352 bytes free
Post-Run: 123,262,611,456 bytes free

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 1603C0B8FD112BE63EDC3EE1E53E7D59


I have uninstalled the program Warrior Epic that has all of those ports opened. Would it be safe for me to go ahead and block them again or should i wait until this is fixed?

Last edited by xx13thangelxx on 1st October 2010, 11:23 pm; edited 1 time in total (Reason for editing : added a question)

If you know how to close them ports then go ahead, but if not, let me know and we'll do it another way.

ok, closed them all using Windows Firewall. I just wasn't sure if i should wait or not or i would have already closed them.

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

µTorrent
Ask Toolbar
Adobe Reader 9.3.3
Java(TM) 6 Update 20
Vuze Remote Toolbar

Updating Java:

• Download the latest version of Java SE Runtime Environment (JRE) 6 Update 21.
  
• Click the "Download JRE" button to the right.
  
• In the Window that opens, select your platform, check the "agree" box, and click Continue.
  
• Click on the link to download Windows Offline Installation and save to your desktop.
  
• Close any programs you may have running - especially your web browser.
  
• Then from your desktop double-click on jre-6u21-windows-i586.exe that you downloaded to install the newest version.
  

Then download and install Adobe Reader 9.3.4