Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Helpassistant Problems


  • This topic is locked This topic is locked
21 replies to this topic

#1 Highlygifted

Highlygifted

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:11 AM

Posted 21 November 2009 - 12:42 AM

After removing Antivirus System Pro via MBAM, I'm still plagued with slow downs and crashes because of a.exe, b.exe, and c.exe, not to mention HelpAssistant duplicates my profiles upon deletion and reboot. I'm puzzled by the problem and in need of aid.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:41:46 AM, on 11/21/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\Documents and Settings\Patrick\Desktop\Program Files\Mozilla Firefox\firefox.exe
E:\Documents and Settings\Patrick\Desktop\HiJackThis_v2.exe
E:\WINDOWS\notepad.exe
E:\Documents and Settings\Patrick\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gunbound.ijji.com/
O2 - BHO: QQToolbar - {29CF293A-1E7D-4069-9E11-E39698D0AF95} - E:\Program Files\Tencent\QQToolbar\IEBar.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] E:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "E:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [JMB36X IDE Setup] E:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] E:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [IMJPMIG8.1] "E:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] E:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LVCOMSX] E:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] E:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] E:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [WinampAgent] "E:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "E:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "E:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "E:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "E:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "E:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [BrMfcWnd] E:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] E:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "E:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [UnlockerAssistant] "E:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [Google Update] "E:\Documents and Settings\Patrick\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "E:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CurseClient] E:\Program Files\Curse\CurseClient.exe -silent
O4 - HKCU\..\Run: [VeohPlugin] "E:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "E:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "E:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: OpenOffice.org 3.0.lnk = E:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - .DEFAULT Startup: OpenOffice.org 3.0.lnk = E:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 3.0.lnk = E:\Program Files\OpenOffice.org 3\program\quickstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - E:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - E:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - E:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - E:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: npkcmsvc - Unknown owner - E:\Nexon\MapleStory\npkcmsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - E:\Program Files\Spyware Doctor\pctsAuxs.exe

--
End of file - 6902 bytes








--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, November 21, 2009
Operating system: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, November 21, 2009 03:48:17
Records in database: 3252812
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
D:\
E:\
F:\
G:\
H:\

Scan statistics:
Objects scanned: 90744
Threats found: 3
Infected objects found: 3
Suspicious objects found: 0
Scan duration: 00:40:50


File name / Threat / Threats count
E:\Documents and Settings\HelpAssistant\Desktop\Crap\TorrentQ-2.1.0.0-setup-0350.exe Infected: not-a-virus:AdWare.Win32.Lop.bo 1
E:\Documents and Settings\HelpAssistant\Desktop\Crap\TorrentQ-2.1.0.0-setup-0350.exe Infected: Trojan.Win32.Obfuscated.en 1
E:\Documents and Settings\HelpAssistant\Desktop\Extreeme Crap\pcap304_x86.msi Infected: not-a-virus:NetTool.Win32.Proxy.e 1

Scanning stopped by the user.

BC AdBot (Login to Remove)

 


#2 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:11 AM

Posted 21 November 2009 - 08:50 AM

Hi and welcome to the HijackThis Logs and Virus/Trojan/Spyware/Malware Removal forum,

I am Posted Image and I am here to help you!

I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Please perform all steps in the order received and do not proceed if you need clarification.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!

==========

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under "Extra Registry" please check "Use Safelist" and also check "LOP Check" and "Purity Check" as pictured.Posted Image
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
==========

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

==========

Please download SINO by Artellos.
  • Save SINO to your desktop and run SINO.exe.
  • Then please check the following checkboxes:
    • System Info
    • Services
    • Boot Check
    • Tasklist
    • Startup Items
    • Event Log
    • Ipconfig
    • Ping
    • Netstat
    • Hosts file
    • Shares
    • Routing Table
  • Once checked, hit the Run Scan! button and wait for the program to finish the scan.
  • A notepad window will pop up. Please copy all of the content into your next reply.
Note: If you try to interact with the program once its started scanning it might appear to hang. The scan however will continue.

==========

Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

==========

With your next post please provide:

* OTL.txt
* Extra.txt
* Gmer log
* Sino log

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#3 Highlygifted

Highlygifted
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:11 AM

Posted 21 November 2009 - 11:44 AM

OTL logfile created on: 11/21/2009 10:36:37 AM - Run 1
OTL by OldTimer - Version 3.1.6.1 Folder = E:\Documents and Settings\Patrick\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): E:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program Files
C: Drive not present or media not loaded
D: Drive not present or media not loaded
Drive E: | 931.50 Gb Total Space | 407.35 Gb Free Space | 43.73% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHANGCOR-3F77A4
Current User Name: Patrick
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/21 10:35:51 | 00,528,896 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\Patrick\Desktop\OTL.exe
PRC - [2008/12/20 07:38:12 | 07,678,568 | ---- | M] (Mozilla Corporation) -- E:\Documents and Settings\Patrick\Desktop\Program Files\Mozilla Firefox\firefox.exe
PRC - [2004/08/03 23:56:56 | 00,013,312 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\system32\savedump.exe
PRC - [2004/08/03 23:56:50 | 01,032,192 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2009/11/21 10:35:51 | 00,528,896 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\Patrick\Desktop\OTL.exe
MOD - [2004/08/03 23:57:02 | 01,050,624 | R--- | M] (Microsoft Corporation) -- E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004/08/03 23:56:44 | 00,185,856 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\system32\wbem\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (npkcmsvc)
SRV - [2009/10/08 11:31:44 | 00,112,592 | ---- | M] (Threat Expert Ltd.) -- E:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/09/23 12:17:22 | 00,358,600 | ---- | M] (PC Tools) -- E:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/03/16 17:48:00 | 02,849,757 | ---- | M] (INCA Internet Co., Ltd.) -- E:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2008/12/18 04:25:12 | 29,181,272 | ---- | M] (Microsoft Corporation) -- e:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ)
SRV - [2008/11/24 21:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- e:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/06 21:53:51 | 00,066,872 | ---- | M] () -- E:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA)
SRV - [2008/10/23 20:04:14 | 00,068,865 | ---- | M] (Avira GmbH) -- E:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler)
SRV - [2008/10/23 20:04:10 | 00,151,297 | ---- | M] (Avira GmbH) -- E:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService)
SRV - [2008/09/10 16:39:48 | 00,536,872 | ---- | M] (Apple Inc.) -- E:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2008/09/10 15:50:26 | 00,116,040 | ---- | M] (Apple Inc.) -- E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/09/01 08:10:24 | 00,072,704 | ---- | M] (Adobe Systems) -- E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- E:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/03/11 03:25:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- E:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2008/01/11 16:50:16 | 00,030,312 | ---- | M] (Microsoft Corporation) -- E:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/10/25 14:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- E:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/10/18 10:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- E:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007/08/24 02:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- E:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2007/02/10 04:29:48 | 00,242,544 | ---- | M] (Microsoft Corporation) -- e:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2006/10/30 02:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2006/10/30 02:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- E:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/10/20 20:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) -- e:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- E:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2006/09/11 18:59:28 | 00,172,032 | ---- | M] () -- E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
SRV - [2006/09/11 18:56:02 | 00,135,227 | ---- | M] (NVIDIA Corporation) -- E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp)
SRV - [2006/09/11 18:55:42 | 00,065,599 | ---- | M] (NVIDIA Corporation) -- E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog)
SRV - [2006/04/13 15:14:26 | 00,020,543 | ---- | M] (Apache Software Foundation) -- E:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe -- (ForcewareWebInterface)
SRV - [2005/10/14 01:50:20 | 00,045,272 | ---- | M] (Microsoft Corporation) -- e:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2005/09/23 06:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2005/09/23 06:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- E:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/08/03 23:56:46 | 00,038,912 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)


========== Driver Services (SafeList) ==========

DRV - [2009/11/11 10:44:50 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- E:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/11/11 10:44:48 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- E:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/11/11 10:44:46 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- E:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/09/23 16:10:06 | 00,207,280 | ---- | M] (PC Tools) -- E:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/03/27 13:23:12 | 00,023,064 | ---- | M] (Screaming Bee LLC) -- E:\WINDOWS\system32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER)
DRV - [2008/11/25 22:00:12 | 00,075,072 | ---- | M] (Avira GmbH) -- E:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2008/09/10 15:45:18 | 00,032,000 | ---- | M] (Apple, Inc.) -- E:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2008/09/05 23:21:38 | 00,717,296 | ---- | M] () -- E:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/09/01 04:09:43 | 00,011,376 | ---- | M] () -- E:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008/08/20 12:58:58 | 00,044,944 | ---- | M] (Sonic Solutions) -- E:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008/05/20 15:29:41 | 00,052,032 | ---- | M] (Avira GmbH) -- E:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt)
DRV - [2008/05/19 17:36:28 | 00,023,217 | ---- | M] (INCA Internet Co., Ltd.) -- E:\Nexon\MapleStory\npkcrypt.sys -- (npkcrypt)
DRV - [2008/04/17 12:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- E:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/03/11 03:25:00 | 06,593,376 | ---- | M] (NVIDIA Corporation) -- E:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007/12/28 01:43:04 | 00,218,496 | R--- | M] (Vimicro Corporation) -- E:\WINDOWS\system32\drivers\usbvm323.sys -- (ZSMC326)
DRV - [2007/03/01 09:34:22 | 00,028,352 | ---- | M] (Avira GmbH) -- E:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007/02/27 14:25:01 | 00,011,840 | ---- | M] (Avira GmbH) -- E:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio)
DRV - [2007/01/15 20:09:06 | 00,293,888 | R--- | M] (Analog Devices, Inc.) -- E:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2006/12/31 14:38:18 | 00,031,616 | ---- | M] () -- E:\WINDOWS\system32\drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm)
DRV - [2006/12/06 06:41:16 | 00,044,416 | ---- | M] (JMicron Technology Corp.) -- E:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2006/09/11 06:45:38 | 00,019,968 | R--- | M] (NVIDIA Corporation) -- E:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/09/11 06:45:36 | 00,057,856 | R--- | M] (NVIDIA Corporation) -- E:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/09/11 06:45:26 | 00,110,592 | R--- | M] (NVIDIA Corporation) -- E:\WINDOWS\system32\drivers\nvtcp.sys -- (NVTCP)
DRV - [2006/08/21 05:24:28 | 00,105,344 | ---- | M] (NVIDIA Corporation) -- E:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006/08/06 17:57:30 | 00,093,952 | R--- | M] (Andrea Electronics Corporation) -- E:\WINDOWS\system32\drivers\aeaudio.sys -- (AEAudio)
DRV - [2006/03/17 04:18:58 | 00,392,960 | R--- | M] (Sensaura) -- E:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2006/02/07 06:52:58 | 00,006,912 | R--- | M] (JMicron ) -- E:\WINDOWS\system32\DRIVERS\JGOGO.sys -- (JGOGO)
DRV - [2005/05/27 08:32:52 | 01,317,152 | ---- | M] () -- E:\WINDOWS\system32\drivers\lvcm.sys -- (QCMerced)
DRV - [2005/05/27 08:31:28 | 00,022,016 | ---- | M] (Logitech Inc.) -- E:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2004/10/27 14:21:36 | 00,138,240 | ---- | M] (Windows ® Server 2003 DDK provider) -- E:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/10/15 11:50:20 | 00,015,295 | ---- | M] (Brother Industries Ltd.) -- E:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)
DRV - [2004/08/12 21:56:20 | 00,005,810 | R--- | M] () -- E:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/08/03 22:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio)
DRV - [2004/08/03 21:59:52 | 00,040,320 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2001/08/23 12:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- E:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2001/08/17 12:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- E:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-790525478-1202660629-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = E:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-790525478-1202660629-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-790525478-1202660629-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://gunbound.ijji.com/
IE - HKU\S-1-5-21-790525478-1202660629-725345543-1003\S-1-5-21-790525478-1202660629-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig?hl=en"
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: E:\Documents and Settings\Patrick\Desktop\Program Files\Mozilla Firefox\components [2009/08/27 16:56:27 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: E:\Documents and Settings\Patrick\Desktop\Program Files\Mozilla Firefox\plugins [2009/05/28 01:16:50 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.17\extensions\\Components: E:\Program Files\Mozilla Thunderbird\components [2009/01/05 20:09:10 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.17\extensions\\Plugins: E:\Program Files\Mozilla Thunderbird\plugins

[2009/11/20 23:06:45 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\bbmypt18.default\extensions
[2009/05/14 22:05:21 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\bbmypt18.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
[2009/05/14 22:05:21 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\bbmypt18.default\extensions\{6dd0bdba-0a02-429e-b595-87a7dfdca7a1}
[2008/08/31 13:53:01 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\bbmypt18.default\extensions\{a8dd47cf-239f-48c4-8379-e6b4cbafdcfa}
[2008/08/31 23:51:52 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\bbmypt18.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009/01/24 00:51:18 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\bbmypt18.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2008/09/01 06:06:55 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\bbmypt18.default\extensions\joao_albertoni@hotmail.com
[2008/09/04 09:13:33 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\bbmypt18.default\extensions\SolidStateION@solidstatenetworks.com

O1 HOSTS File: (27 bytes) - E:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (QQToolbar) - {29CF293A-1E7D-4069-9E11-E39698D0AF95} - E:\Program Files\Tencent\QQToolbar\IEBar.dll File not found
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-790525478-1202660629-725345543-1003\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-790525478-1202660629-725345543-1003\..\Toolbar\WebBrowser: (no name) - {65F8A3D2-4C22-4A33-9633-73167EAEEC45} - No CLSID value found.
O4 - HKLM..\Run: [36X Raid Configurer] E:\WINDOWS\System32\JMRaidSetup.exe (JMicron Technology Corp.)
O4 - HKLM..\Run: [BrMfcWnd] E:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] E:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [IMJPMIG8.1] E:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IndexSearch] E:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [iTunesHelper] E:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [JMB36X IDE Setup] E:\WINDOWS\JM\JMInsIDE.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LogitechVideoRepair] E:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] E:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] E:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] E:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSPY2002] E:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PaperPort PTD] E:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PHIME2002A] E:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] E:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PPort11reminder] E:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [QuickTime Task] E:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] E:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] E:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Synchronization Manager] E:\WINDOWS\System32\mobsync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [UnlockerAssistant] E:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe ()
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] E:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] E:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-790525478-1202660629-725345543-1003..\Run: [CurseClient] E:\Program Files\Curse\CurseClient.exe ()
O4 - HKU\S-1-5-21-790525478-1202660629-725345543-1003..\Run: [Google Update] E:\Documents and Settings\Patrick\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\S-1-5-21-790525478-1202660629-725345543-1003..\Run: [LogitechSoftwareUpdate] E:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-790525478-1202660629-725345543-1003..\Run: [VeohPlugin] E:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - Startup: E:\Documents and Settings\HelpAssistant\Start Menu\Programs\Startup\Adobe Gamma.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: E:\Documents and Settings\HelpAssistant\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = E:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: E:\Documents and Settings\Patrick\Start Menu\Programs\Startup\Adobe Gamma.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: E:\Documents and Settings\Patrick\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = E:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-790525478-1202660629-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-790525478-1202660629-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-790525478-1202660629-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-790525478-1202660629-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-790525478-1202660629-725345543-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - E:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - E:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - E:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - E:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - E:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - E:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - E:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - E:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - E:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - E:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - E:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - E:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - E:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - E:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - E:\Program Files\SUPERAntiSpyware\SASWINLO.dll - E:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - E:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - E:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/21 10:35:51 | 00,528,896 | ---- | C] (OldTimer Tools) -- E:\Documents and Settings\Patrick\Desktop\OTL.exe
[2009/11/21 00:55:40 | 00,105,344 | ---- | C] (NVIDIA Corporation) -- E:\WINDOWS\System32\drivers\nvata.sys
[2009/11/21 00:55:39 | 00,105,344 | R--- | C] (NVIDIA Corporation) -- E:\WINDOWS\System32\drivers\nvata_2.sys
[2009/11/21 00:55:39 | 00,044,416 | R--- | C] (JMicron Technology Corp.) -- E:\WINDOWS\System32\drivers\jraid_2.sys
[2009/11/21 00:55:39 | 00,044,416 | ---- | C] (JMicron Technology Corp.) -- E:\WINDOWS\System32\drivers\jraid.sys
[2009/11/21 00:55:38 | 00,095,360 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\drivers\atapi.sys
[2009/11/21 00:54:45 | 00,000,000 | ---D | C] -- E:\ComboFix
[2009/11/21 00:52:34 | 12,747,737 | ---- | C] (Safer Networking Limited ) -- E:\Documents and Settings\Patrick\Desktop\spybotsd162(2).exe
[2009/11/21 00:52:32 | 13,564,281 | ---- | C] (Safer Networking Limited ) -- E:\Documents and Settings\Patrick\Desktop\spybotsd162(2).exe.part
[2009/11/21 00:41:42 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- E:\Documents and Settings\Patrick\Desktop\HiJackThis.exe
[2009/11/20 23:10:25 | 00,000,000 | RHSD | C] -- E:\cmdcons
[2009/11/20 23:07:58 | 00,212,480 | ---- | C] (SteelWerX) -- E:\WINDOWS\SWXCACLS.exe
[2009/11/20 23:07:58 | 00,161,792 | ---- | C] (SteelWerX) -- E:\WINDOWS\SWREG.exe
[2009/11/20 23:07:58 | 00,136,704 | ---- | C] (SteelWerX) -- E:\WINDOWS\SWSC.exe
[2009/11/20 23:07:58 | 00,031,232 | ---- | C] (NirSoft) -- E:\WINDOWS\NIRCMD.exe
[2009/11/20 23:05:20 | 00,000,000 | ---D | C] -- E:\Program Files\Unlocker
[2009/11/20 22:57:52 | 00,000,000 | ---D | C] -- E:\WINDOWS\ERDNT
[2009/11/20 22:57:17 | 00,000,000 | ---D | C] -- E:\Qoobox
[2009/11/20 22:49:47 | 07,917,177 | ---- | C] (Safer Networking Limited ) -- E:\Documents and Settings\Patrick\Desktop\spybotsd162.exe
[2009/11/20 22:49:42 | 02,274,965 | ---- | C] (Safer Networking Limited ) -- E:\Documents and Settings\Patrick\Desktop\spybotsd162.exe.part
[2009/11/20 22:01:53 | 00,050,688 | ---- | C] (Atribune.org) -- E:\Documents and Settings\Patrick\Desktop\ATF-Cleaner.exe
[2009/11/20 00:10:10 | 00,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/11/20 00:09:12 | 00,000,000 | ---D | C] -- E:\Program Files\SUPERAntiSpyware
[2009/11/20 00:09:12 | 00,000,000 | ---D | C] -- E:\Documents and Settings\Patrick\Application Data\SUPERAntiSpyware.com
[2009/11/19 23:12:25 | 00,149,456 | ---- | C] (PC Tools) -- E:\WINDOWS\SGDetectionTool.dll
[2009/11/19 23:12:24 | 01,636,304 | ---- | C] (Threat Expert Ltd.) -- E:\WINDOWS\PCTBDCore.dll
[2009/11/19 23:12:24 | 00,165,840 | ---- | C] (Threat Expert Ltd.) -- E:\WINDOWS\PCTBDRes.dll
[2009/11/19 23:11:49 | 00,229,304 | ---- | C] (PC Tools) -- E:\WINDOWS\System32\drivers\pctgntdi.sys
[2009/11/19 23:11:35 | 00,207,280 | ---- | C] (PC Tools) -- E:\WINDOWS\System32\drivers\PCTCore.sys
[2009/11/19 23:11:35 | 00,087,784 | ---- | C] (PC Tools) -- E:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2009/11/19 23:11:29 | 00,070,408 | ---- | C] (PC Tools) -- E:\WINDOWS\System32\drivers\pctplsg.sys
[2009/11/19 23:11:22 | 00,000,000 | ---D | C] -- E:\Program Files\Spyware Doctor
[2009/11/19 23:11:22 | 00,000,000 | ---D | C] -- E:\Documents and Settings\Patrick\Application Data\PC Tools
[2009/11/19 23:11:22 | 00,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\PC Tools
[2009/11/19 23:02:44 | 33,827,984 | ---- | C] (PC Tools ) -- E:\Documents and Settings\Patrick\Desktop\7.0.0.508f-sdrevenue-setup.exe
[2009/11/19 22:11:15 | 00,000,000 | ---D | C] -- E:\Documents and Settings\Patrick\Local Settings\Application Data\Threat Expert
[2009/11/19 21:33:04 | 34,102,344 | ---- | C] (PC Tools ) -- E:\Documents and Settings\Patrick\Desktop\sdsetup_aff.exe
[2009/11/19 20:06:19 | 00,361,666 | ---- | C] (RegNow.com) -- E:\Documents and Settings\Patrick\Desktop\Download_7.0.0.508i-sdregnow-setup(2).exe
[2009/11/19 20:04:48 | 00,361,666 | ---- | C] (RegNow.com) -- E:\Documents and Settings\Patrick\Desktop\Download_7.0.0.508i-sdregnow-setup.exe
[2009/11/19 18:59:22 | 00,000,000 | ---D | C] -- E:\Documents and Settings\Patrick\Desktop\backups
[2009/11/19 18:30:58 | 00,000,000 | ---D | C] -- E:\Documents and Settings\Patrick\Local Settings\Application Data\nmhwqg
[2009/11/11 23:08:04 | 00,000,000 | ---D | C] -- E:\Documents and Settings\Patrick\Desktop\Rawr v2.2.27
[2009/10/25 22:31:17 | 00,000,000 | ---D | C] -- E:\Program Files\Veoh Networks
[2009/10/25 22:30:56 | 00,000,000 | R--D | C] -- E:\Documents and Settings\Patrick\My Documents\My Videos
[2008/10/22 20:06:18 | 01,839,104 | ---- | C] (Parallel Divergence Software) -- E:\Program Files\jeopardy.exe
[8 E:\WINDOWS\System32\*.tmp files -> E:\WINDOWS\System32\*.tmp -> ]
[4 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/21 10:39:04 | 03,177,996 | ---- | M] () -- E:\Documents and Settings\Patrick\Desktop\SINO.exe.part
[2009/11/21 10:39:04 | 00,000,000 | ---- | M] () -- E:\Documents and Settings\Patrick\Desktop\SINO.exe
[2009/11/21 10:38:33 | 00,292,352 | ---- | M] () -- E:\Documents and Settings\Patrick\Desktop\8m55sd6t.exe
[2009/11/21 10:35:51 | 00,528,896 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\Patrick\Desktop\OTL.exe
[2009/11/21 10:32:34 | 00,002,048 | --S- | M] () -- E:\WINDOWS\bootstat.dat
[2009/11/21 10:28:43 | 00,001,742 | ---- | M] () -- E:\Documents and Settings\Patrick\Desktop\Trillian.lnk
[2009/11/21 10:26:57 | 00,000,006 | -H-- | M] () -- E:\WINDOWS\tasks\SA.DAT
[2009/11/21 01:08:55 | 00,000,227 | ---- | M] () -- E:\WINDOWS\system.ini
[2009/11/21 01:08:32 | 00,000,027 | ---- | M] () -- E:\WINDOWS\System32\drivers\etc\hosts
[2009/11/21 01:07:06 | 12,845,056 | ---- | M] () -- E:\Documents and Settings\Patrick\ntuser.dat
[2009/11/21 01:07:02 | 00,000,178 | -HS- | M] () -- E:\Documents and Settings\Patrick\ntuser.ini
[2009/11/21 00:54:52 | 12,747,737 | ---- | M] (Safer Networking Limited ) -- E:\Documents and Settings\Patrick\Desktop\spybotsd162(2).exe
[2009/11/21 00:53:37 | 13,564,281 | ---- | M] (Safer Networking Limited ) -- E:\Documents and Settings\Patrick\Desktop\spybotsd162(2).exe.part
[2009/11/21 00:41:42 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- E:\Documents and Settings\Patrick\Desktop\HiJackThis.exe
[2009/11/20 23:10:34 | 00,000,281 | RHS- | M] () -- E:\boot.ini
[2009/11/20 23:04:54 | 00,220,454 | ---- | M] () -- E:\Documents and Settings\Patrick\Desktop\unlocker1.8.8.exe
[2009/11/20 22:59:17 | 07,917,177 | ---- | M] (Safer Networking Limited ) -- E:\Documents and Settings\Patrick\Desktop\spybotsd162.exe
[2009/11/20 22:50:16 | 03,570,958 | R--- | M] () -- E:\Documents and Settings\Patrick\Desktop\ComboFix.exe
[2009/11/20 22:49:47 | 02,274,965 | ---- | M] (Safer Networking Limited ) -- E:\Documents and Settings\Patrick\Desktop\spybotsd162.exe.part
[2009/11/20 22:01:49 | 00,050,688 | ---- | M] (Atribune.org) -- E:\Documents and Settings\Patrick\Desktop\ATF-Cleaner.exe
[2009/11/20 19:22:55 | 00,000,751 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2009/11/20 07:35:14 | 42,215,0144 | ---- | M] () -- E:\WINDOWS\MEMORY.DMP
[2009/11/20 01:01:01 | 00,000,986 | ---- | M] () -- E:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1202660629-725345543-1003UA.job
[2009/11/20 00:09:18 | 00,000,780 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/11/20 00:08:21 | 07,375,392 | ---- | M] () -- E:\Documents and Settings\Patrick\Desktop\SUPERAntiSpyware.exe
[2009/11/19 23:48:41 | 00,001,637 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2009/11/19 23:40:44 | 00,000,582 | ---- | M] () -- E:\WINDOWS\win.ini
[2009/11/19 23:08:49 | 33,827,984 | ---- | M] (PC Tools ) -- E:\Documents and Settings\Patrick\Desktop\7.0.0.508f-sdrevenue-setup.exe
[2009/11/19 21:36:37 | 34,102,344 | ---- | M] (PC Tools ) -- E:\Documents and Settings\Patrick\Desktop\sdsetup_aff.exe
[2009/11/19 20:18:28 | 00,071,680 | ---- | M] () -- E:\Documents and Settings\Patrick\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/19 20:06:54 | 00,361,666 | ---- | M] (RegNow.com) -- E:\Documents and Settings\Patrick\Desktop\Download_7.0.0.508i-sdregnow-setup(2).exe
[2009/11/19 20:05:04 | 00,361,666 | ---- | M] (RegNow.com) -- E:\Documents and Settings\Patrick\Desktop\Download_7.0.0.508i-sdregnow-setup.exe
[2009/11/19 19:55:54 | 02,647,894 | -H-- | M] () -- E:\Documents and Settings\Patrick\Local Settings\Application Data\IconCache.db
[2009/11/19 18:55:14 | 00,262,656 | ---- | M] () -- E:\Documents and Settings\Patrick\Desktop\rkill.com
[2009/11/19 17:29:39 | 00,002,206 | ---- | M] () -- E:\WINDOWS\System32\wpa.dbl
[2009/11/18 10:01:00 | 00,000,934 | ---- | M] () -- E:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1202660629-725345543-1003Core.job
[2009/11/15 23:32:23 | 09,939,848 | ---- | M] () -- E:\Documents and Settings\Patrick\Desktop\Work copy.png
[2009/11/15 20:23:01 | 64,694,637 | ---- | M] () -- E:\Documents and Settings\Patrick\Desktop\Work.psd
[2009/11/15 18:59:52 | 10,388,617 | ---- | M] () -- E:\Documents and Settings\Patrick\Desktop\CCI11152009_00000.PNG
[2009/11/14 01:47:57 | 00,260,608 | ---- | M] () -- E:\WINDOWS\PEV.exe
[2009/11/14 00:16:13 | 00,012,655 | ---- | M] () -- E:\Documents and Settings\Patrick\Desktop\Highlyworks.xml
[2009/11/13 18:01:12 | 00,002,300 | ---- | M] () -- E:\Documents and Settings\Patrick\Desktop\Google Chrome.lnk
[2009/11/13 07:54:29 | 07,124,315 | ---- | M] () -- E:\Documents and Settings\Patrick\Desktop\Baby SusanPic.png
[2009/11/13 07:51:29 | 00,012,027 | ---- | M] () -- E:\Documents and Settings\Patrick\Desktop\Baby Susan.rtf
[2009/11/11 23:11:38 | 00,012,283 | ---- | M] () -- E:\Documents and Settings\Patrick\Desktop\High.xml
[2009/11/11 22:05:48 | 14,805,676 | ---- | M] () -- E:\Documents and Settings\Patrick\Desktop\Rawr v2.2.27.zip
[2009/11/03 21:14:16 | 00,060,404 | ---- | M] () -- E:\Documents and Settings\Patrick\Desktop\VarsityRoster.rtf
[2009/11/02 07:06:42 | 00,587,556 | ---- | M] () -- E:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/02 07:06:42 | 00,487,072 | ---- | M] () -- E:\WINDOWS\System32\perfh009.dat
[2009/11/02 07:06:42 | 00,089,012 | ---- | M] () -- E:\WINDOWS\System32\perfc009.dat
[2009/10/29 22:24:54 | 16,875,2628 | ---- | M] () -- E:\Documents and Settings\Patrick\Desktop\secret.girlfriend.s01e04.hdtv.xvid-fqm.flv
[2009/10/25 22:31:19 | 00,001,184 | ---- | M] () -- E:\Documents and Settings\Patrick\Desktop\Veoh.com.lnk
[2009/10/25 22:29:20 | 11,907,624 | ---- | M] () -- E:\Documents and Settings\Patrick\Desktop\VeohWebPlayerSetup_eng.exe
[2009/10/25 06:11:34 | 00,077,312 | ---- | M] () -- E:\WINDOWS\MBR.exe
[8 E:\WINDOWS\System32\*.tmp files -> E:\WINDOWS\System32\*.tmp -> ]
[4 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/21 10:39:04 | 00,000,000 | ---- | C] () -- E:\Documents and Settings\Patrick\Desktop\SINO.exe
[2009/11/21 10:39:00 | 02,630,592 | ---- | C] () -- E:\Documents and Settings\Patrick\Desktop\SINO.exe.part
[2009/11/21 10:38:44 | 00,292,352 | ---- | C] () -- E:\Documents and Settings\Patrick\Desktop\8m55sd6t.exe
[2009/11/20 23:10:34 | 00,000,210 | ---- | C] () -- E:\Boot.bak
[2009/11/20 23:10:29 | 00,260,272 | ---- | C] () -- E:\cmldr
[2009/11/20 23:07:58 | 00,260,608 | ---- | C] () -- E:\WINDOWS\PEV.exe
[2009/11/20 23:07:58 | 00,098,816 | ---- | C] () -- E:\WINDOWS\sed.exe
[2009/11/20 23:07:58 | 00,080,412 | ---- | C] () -- E:\WINDOWS\grep.exe
[2009/11/20 23:07:58 | 00,077,312 | ---- | C] () -- E:\WINDOWS\MBR.exe
[2009/11/20 23:07:58 | 00,068,096 | ---- | C] () -- E:\WINDOWS\zip.exe
[2009/11/20 23:04:51 | 00,220,454 | ---- | C] () -- E:\Documents and Settings\Patrick\Desktop\unlocker1.8.8.exe
[2009/11/20 22:49:59 | 03,570,958 | R--- | C] () -- E:\Documents and Settings\Patrick\Desktop\ComboFix.exe
[2009/11/20 00:09:18 | 00,000,780 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/11/20 00:07:46 | 07,375,392 | ---- | C] () -- E:\Documents and Settings\Patrick\Desktop\SUPERAntiSpyware.exe
[2009/11/19 23:48:41 | 00,001,637 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2009/11/19 23:12:25 | 00,767,952 | ---- | C] () -- E:\WINDOWS\BDTSupport.dll
[2009/11/19 23:12:25 | 00,000,882 | ---- | C] () -- E:\WINDOWS\RegSDImport.xml
[2009/11/19 23:12:25 | 00,000,880 | ---- | C] () -- E:\WINDOWS\RegISSImport.xml
[2009/11/19 23:12:25 | 00,000,131 | ---- | C] () -- E:\WINDOWS\IDB.zip
[2009/11/19 23:12:24 | 01,152,470 | ---- | C] () -- E:\WINDOWS\UDB.zip
[2009/11/19 23:11:49 | 00,007,387 | ---- | C] () -- E:\WINDOWS\System32\drivers\pctgntdi.cat
[2009/11/19 23:11:35 | 00,007,412 | ---- | C] () -- E:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2009/11/19 23:11:35 | 00,007,383 | ---- | C] () -- E:\WINDOWS\System32\drivers\pctcore.cat
[2009/11/19 23:11:29 | 00,007,383 | ---- | C] () -- E:\WINDOWS\System32\drivers\pctplsg.cat
[2009/11/19 18:55:16 | 00,262,656 | ---- | C] () -- E:\Documents and Settings\Patrick\Desktop\rkill.com
[2009/11/15 23:31:53 | 09,939,848 | ---- | C] () -- E:\Documents and Settings\Patrick\Desktop\Work copy.png
[2009/11/15 20:22:59 | 64,694,637 | ---- | C] () -- E:\Documents and Settings\Patrick\Desktop\Work.psd
[2009/11/15 18:59:51 | 10,388,617 | ---- | C] () -- E:\Documents and Settings\Patrick\Desktop\CCI11152009_00000.PNG
[2009/11/13 07:53:50 | 07,124,315 | ---- | C] () -- E:\Documents and Settings\Patrick\Desktop\Baby SusanPic.png
[2009/11/13 07:51:26 | 00,012,027 | ---- | C] () -- E:\Documents and Settings\Patrick\Desktop\Baby Susan.rtf
[2009/11/11 23:30:09 | 00,012,655 | ---- | C] () -- E:\Documents and Settings\Patrick\Desktop\Highlyworks.xml
[2009/11/11 23:11:36 | 00,012,283 | ---- | C] () -- E:\Documents and Settings\Patrick\Desktop\High.xml
[2009/11/11 22:03:43 | 14,805,676 | ---- | C] () -- E:\Documents and Settings\Patrick\Desktop\Rawr v2.2.27.zip
[2009/11/09 20:34:23 | 00,017,080 | ---- | C] () -- E:\Documents and Settings\Patrick\Desktop\Copy of Ch9Vocab.odt
[2009/11/05 00:11:43 | 12,845,056 | ---- | C] () -- E:\Documents and Settings\Patrick\ntuser.dat
[2009/11/03 21:14:21 | 00,060,404 | ---- | C] () -- E:\Documents and Settings\Patrick\Desktop\VarsityRoster.rtf
[2009/10/29 22:24:55 | 16,875,2628 | ---- | C] () -- E:\Documents and Settings\Patrick\Desktop\secret.girlfriend.s01e04.hdtv.xvid-fqm.flv
[2009/10/25 22:31:19 | 00,001,184 | ---- | C] () -- E:\Documents and Settings\Patrick\Desktop\Veoh.com.lnk
[2009/10/25 22:28:11 | 11,907,624 | ---- | C] () -- E:\Documents and Settings\Patrick\Desktop\VeohWebPlayerSetup_eng.exe
[2009/05/21 17:51:48 | 00,041,808 | ---- | C] () -- E:\WINDOWS\System32\xfcodec.dll
[2009/04/06 14:05:20 | 00,000,229 | ---- | C] () -- E:\WINDOWS\Brpfx04a.ini
[2009/04/06 14:05:20 | 00,000,093 | ---- | C] () -- E:\WINDOWS\brpcfx.ini
[2009/04/06 14:05:06 | 00,000,419 | ---- | C] () -- E:\WINDOWS\BRWMARK.INI
[2009/04/06 14:05:06 | 00,000,027 | ---- | C] () -- E:\WINDOWS\BRPP2KA.INI
[2009/04/06 14:02:53 | 00,031,567 | ---- | C] () -- E:\WINDOWS\maxlink.ini
[2009/04/06 00:42:55 | 00,031,616 | ---- | C] () -- E:\WINDOWS\System32\drivers\vrtaucbl.sys
[2009/04/01 00:23:17 | 00,000,069 | ---- | C] () -- E:\WINDOWS\NeroDigital.ini
[2008/11/06 22:36:50 | 00,000,130 | ---- | C] () -- E:\Documents and Settings\Patrick\Local Settings\Application Data\fusioncache.dat
[2008/11/06 21:54:27 | 00,022,328 | ---- | C] () -- E:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/11/06 21:54:27 | 00,022,328 | ---- | C] () -- E:\Documents and Settings\Patrick\Application Data\PnkBstrK.sys
[2008/09/25 21:00:05 | 00,009,255 | ---- | C] () -- E:\WINDOWS\System32\lvcoinst.ini
[2008/09/25 21:00:04 | 01,317,152 | ---- | C] () -- E:\WINDOWS\System32\drivers\lvcm.sys
[2008/09/24 19:13:39 | 00,237,568 | ---- | C] () -- E:\WINDOWS\System32\lame_enc.dll
[2008/09/16 18:09:41 | 00,000,024 | ---- | C] () -- E:\WINDOWS\System32\sysmwwod.dll
[2008/09/15 23:04:17 | 00,071,680 | ---- | C] () -- E:\Documents and Settings\Patrick\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/07 10:28:11 | 00,000,754 | ---- | C] () -- E:\WINDOWS\WORDPAD.INI
[2008/09/05 23:21:38 | 00,717,296 | ---- | C] () -- E:\WINDOWS\System32\drivers\sptd.sys
[2008/09/02 18:12:28 | 00,000,356 | ---- | C] () -- E:\WINDOWS\System32\CNCASv51.ini
[2008/09/02 18:12:24 | 00,000,599 | ---- | C] () -- E:\WINDOWS\System32\CNCMP51.INI
[2008/09/02 17:48:45 | 00,006,656 | ---- | C] () -- E:\WINDOWS\System32\CNMVSyf.DLL
[2008/08/31 12:45:39 | 00,088,944 | ---- | C] () -- E:\Documents and Settings\Patrick\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/08/31 12:38:33 | 00,000,804 | R--- | C] () -- E:\WINDOWS\System32\AsusSetup.ini
[2008/08/31 12:38:33 | 00,000,396 | R--- | C] () -- E:\WINDOWS\System32\raidmgmt.ini
[2008/08/31 12:26:49 | 00,033,860 | ---- | C] () -- E:\WINDOWS\Ascd_tmp.ini
[2008/08/31 12:26:49 | 00,005,810 | R--- | C] () -- E:\WINDOWS\System32\drivers\ASACPI.sys
[2008/08/31 12:26:42 | 00,010,288 | ---- | C] () -- E:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/08/31 07:17:54 | 02,647,894 | -H-- | C] () -- E:\Documents and Settings\Patrick\Local Settings\Application Data\IconCache.db
[2008/08/31 07:12:19 | 00,000,062 | -HS- | C] () -- E:\Documents and Settings\Patrick\Application Data\desktop.ini
[2008/08/31 02:58:26 | 00,000,062 | -HS- | C] () -- E:\Documents and Settings\All Users\Application Data\desktop.ini
[2008/03/11 03:25:00 | 01,703,936 | ---- | C] () -- E:\WINDOWS\System32\nvwdmcpl.dll
[2008/03/11 03:25:00 | 01,482,752 | ---- | C] () -- E:\WINDOWS\System32\nview.dll
[2008/03/11 03:25:00 | 01,019,904 | ---- | C] () -- E:\WINDOWS\System32\nvwimg.dll
[2008/03/11 03:25:00 | 00,466,944 | ---- | C] () -- E:\WINDOWS\System32\nvshell.dll
[2008/03/11 03:25:00 | 00,286,720 | ---- | C] () -- E:\WINDOWS\System32\nvnt4cpl.dll
[2006/07/02 21:37:12 | 00,030,808 | ---- | C] () -- E:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/07/02 21:37:10 | 00,026,489 | ---- | C] () -- E:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/19 19:21:28 | 00,029,779 | ---- | C] () -- E:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/19 19:21:28 | 00,026,040 | ---- | C] () -- E:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2004/08/03 23:56:44 | 00,162,487 | RHS- | C] () -- E:\WINDOWS\System32\qsalvif.dll
[2004/07/17 10:36:38 | 00,011,376 | ---- | C] () -- E:\WINDOWS\System32\drivers\secdrv.sys
[2001/08/23 12:00:00 | 00,000,582 | ---- | C] () -- E:\WINDOWS\win.ini
[2001/08/23 12:00:00 | 00,000,227 | ---- | C] () -- E:\WINDOWS\system.ini

========== LOP Check ==========

[2008/11/26 23:12:32 | 00,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Blizzard
[2009/08/19 15:41:39 | 00,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Blizzard Entertainment
[2009/05/28 01:16:50 | 00,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\ijjigame
[2008/12/20 08:10:49 | 00,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\PMB Files
[2009/07/18 12:09:35 | 00,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/10/15 20:25:47 | 00,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Screaming Bee
[2008/10/09 13:30:17 | 00,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Sony
[2009/11/20 22:20:00 | 00,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\TEMP
[2008/12/02 00:12:22 | 00,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Tencent
[2008/09/23 17:48:54 | 00,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/08/05 16:39:40 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Patrick\Application Data\Acreon
[2009/05/04 22:00:10 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Patrick\Application Data\Any Video Converter
[2009/01/17 18:22:47 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Patrick\Application Data\Canon
[2009/05/28 20:04:37 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Patrick\Application Data\com.raptr.Raptr.848BBC53270CAC248E8FA0F339176201CDEB525F.1
[2008/10/10 00:01:35 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Patrick\Application Data\Cool Record Edit Pro
[2008/09/05 23:21:37 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Patrick\Application Data\DAEMON Tools
[2009/03/31 19:48:18 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Patrick\Application Data\DeepBurner
[2009/02/09 22:54:27 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Patrick\Application Data\eMule
[2009/07/10 08:15:55 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Patrick\Application Data\Engineer
[2008/10/09 22:52:28 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Patrick\Application Data\Free Sound Recorder
[2009/11/19 20:07:33 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Patrick\Application Data\GetRightToGo
[2008/09/24 22:22:09 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Patrick\Application Data\gnupg
[2008/10/08 20:03:39 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Patrick\Application Data\Go2PCsoft
[2009/05/28 16:35:32 | 00,000,000 | -H-D | M] -- E:\Documents and Settings\Patrick\Application Data\ijjigame
[2009/09/27 12:50:30 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Patrick\Application Data\ImgBurn
[2009/04/06 18:11:42 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Patrick\Application Data\InfraRecorder
[2008/12/20 11:46:22 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Patrick\Application Data\Nexon
[2009/03/05 16:57:13 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Patrick\Application Data\OpenOffice.org
[2008/09/20 19:39:36 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Patrick\Application Data\Publish Providers
[2008/12/01 23:49:43 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Patrick\Application Data\QQ
[2008/12/02 21:40:11 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Patrick\Application Data\QQUpdate
[2009/05/28 20:04:25 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Patrick\Application Data\Raptr
[2008/12/30 12:27:05 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Patrick\Application Data\Rogue.140F0B534E676AD25491A378BD6D96164D40676E.1
[2009/10/15 20:25:19 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Patrick\Application Data\Screaming Bee
[2008/09/24 23:06:27 | 00,000,000 | RH-D | M] -- E:\Documents and Settings\Patrick\Application Data\SecuROM
[2008/11/05 20:32:08 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Patrick\Application Data\Sony
[2008/09/20 19:27:04 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Patrick\Application Data\Sony Setup
[2009/08/28 19:00:37 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Patrick\Application Data\TeamViewer
[2008/12/03 23:22:57 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Patrick\Application Data\Tencent
[2008/10/27 16:51:33 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Patrick\Application Data\Thunderbird
[2009/09/27 12:24:49 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Patrick\Application Data\uTorrent
[2008/09/10 08:42:06 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Patrick\Application Data\Vso
[2001/08/23 12:00:00 | 00,000,065 | RH-- | M] () -- E:\WINDOWS\Tasks\desktop.ini
[2009/11/21 10:26:57 | 00,000,006 | -H-- | M] () -- E:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 508 bytes -> E:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 158 bytes -> E:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 126 bytes -> E:\Documents and Settings\All Users\Application Data\TEMP:AC6124CA
@Alternate Data Stream - 114 bytes -> E:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 110 bytes -> E:\Documents and Settings\All Users\Application Data\TEMP:888AFB86
< End of report >




OTL Extras logfile created on: 11/21/2009 10:36:37 AM - Run 1
OTL by OldTimer - Version 3.1.6.1 Folder = E:\Documents and Settings\Patrick\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): E:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program Files
C: Drive not present or media not loaded
D: Drive not present or media not loaded
Drive E: | 931.50 Gb Total Space | 407.35 Gb Free Space | 43.73% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHANGCOR-3F77A4
Current User Name: Patrick
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SYSTEMROOT%\hh.exe" %1
.html [@ = FirefoxHTML] -- E:\Documents and Settings\Patrick\Desktop\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.txt [@ = txtfile] -- E:\WINDOWS\notepad.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "E:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "E:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- E:\DOCUME~1\PATRICK\DESKTOP\PROGRA~1\MOZILL~1\FIREFOX.EXE -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- E:\DOCUME~1\PATRICK\DESKTOP\PROGRA~1\MOZILL~1\FIREFOX.EXE -requestPending -osint -url "%1" (Mozilla Corporation)
jsfile [edit] -- "E:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- E:\WINDOWS\notepad.exe %1 (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "E:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "E:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "E:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "E:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"55793:TCP" = 55793:TCP:*:Disabled:SolidNetworkManager
"55793:UDP" = 55793:UDP:*:Disabled:SolidNetworkManager
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"58278:TCP" = 58278:TCP:*:Enabled:Pando Media Booster
"58278:UDP" = 58278:UDP:*:Enabled:Pando Media Booster
"2052:TCP" = 2052:TCP:*:Enabled:whcxl
"6881:TCP" = 6881:TCP:*:Enabled:Blizzard Downloader: 6881
"6882:TCP" = 6882:TCP:*:Enabled:Blizzard Downloader: 6882
"6883:TCP" = 6883:TCP:*:Enabled:Blizzard Downloader: 6883
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\NCSoft\Exteel\System\Exteel.exe" = C:\Program Files\NCSoft\Exteel\System\Exteel.exe:*:Enabled:Exteel -- File not found
"E:\Documents and Settings\Patrick\Desktop\Program Files\NCSoft\Exteel\System\Exteel.exe" = E:\Documents and Settings\Patrick\Desktop\Program Files\NCSoft\Exteel\System\Exteel.exe:*:Enabled:Exteel -- ()
"E:\Program Files\NCsoft\Exteel\System\Exteel.exe" = E:\Program Files\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel -- ()
"E:\Program Files\Windows Live\Messenger\msnmsgr.exe" = E:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"E:\Program Files\Windows Live\Messenger\livecall.exe" = E:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\WINDOWS\system32\usmt\migwiz.exe" = E:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)
"C:\Program Files\Trillian\trillian.exe" = C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian -- File not found
"E:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe" = E:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\Program Files\NCSoft\Exteel\System\Exteel.exe" = C:\Program Files\NCSoft\Exteel\System\Exteel.exe:*:Enabled:Exteel -- File not found
"E:\Documents and Settings\Patrick\Desktop\Program Files\Trillian\trillian.exe" = E:\Documents and Settings\Patrick\Desktop\Program Files\Trillian\trillian.exe:*:Enabled:Trillian -- (Cerulean Studios)
"E:\Documents and Settings\Patrick\Desktop\Program Files\NCSoft\Exteel\System\Exteel.exe" = E:\Documents and Settings\Patrick\Desktop\Program Files\NCSoft\Exteel\System\Exteel.exe:*:Enabled:Exteel -- ()
"E:\Program Files\Xfire\xfire.exe" = E:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire -- (Xfire Inc.)
"E:\Documents and Settings\Patrick\Desktop\WotLK-Beta-3.0.1-enUS-downloader.exe" = E:\Documents and Settings\Patrick\Desktop\WotLK-Beta-3.0.1-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"E:\Documents and Settings\Patrick\Desktop\WotLK-Beta-3.0.1-enUS-downloader(2).exe" = E:\Documents and Settings\Patrick\Desktop\WotLK-Beta-3.0.1-enUS-downloader(2).exe:*:Enabled:Blizzard Downloader -- File not found
"E:\WINDOWS\system32\dpvsetup.exe" = E:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"E:\Program Files\Steam\steamapps\highlyasian\team fortress 2\hl2.exe" = E:\Program Files\Steam\steamapps\highlyasian\team fortress 2\hl2.exe:*:Enabled:hl2 -- ()
"C:\ijji\ENGLISH\u_gbound.exe" = C:\ijji\ENGLISH\u_gbound.exe:*:Enabled:<ijji Downloader> -- File not found
"C:\ijji\ENGLISH\Gunbound Revolution\GunBound.gme" = C:\ijji\ENGLISH\Gunbound Revolution\GunBound.gme:*:Enabled:GunBound -- File not found
"E:\Program Files\alaplaya\S4League\S4Client.exe" = E:\Program Files\alaplaya\S4League\S4Client.exe:*:Enabled:Project S4 Client.exe -- ()
"E:\Program Files\uTorrent\uTorrent.exe" = E:\Program Files\uTorrent\uTorrent.exe:*:Enabled:Torrent -- (BitTorrent, Inc.)
"E:\Program Files\Steam\steamapps\dade89gt\half-life\hl.exe" = E:\Program Files\Steam\steamapps\dade89gt\half-life\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"E:\Program Files\Bonjour\mDNSResponder.exe" = E:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"E:\Program Files\iTunes\iTunes.exe" = E:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"E:\Program Files\Atari\AITD\Alone.exe" = E:\Program Files\Atari\AITD\Alone.exe:*:Enabled:Alone In The Dark -- (Eden Games)
"E:\Program Files\NCsoft\Exteel\System\Exteel.exe" = E:\Program Files\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel -- ()
"E:\Program Files\Steam\steamapps\dade89gt\source sdk base\hl2.exe" = E:\Program Files\Steam\steamapps\dade89gt\source sdk base\hl2.exe:*:Enabled:hl2 -- ()
"E:\Program Files\Steam\steamapps\dade89gt\counter-strike source\hl2.exe" = E:\Program Files\Steam\steamapps\dade89gt\counter-strike source\hl2.exe:*:Enabled:hl2 -- ()
"E:\Program Files\Steam\steamapps\awesomeracer\source sdk base\hl2.exe" = E:\Program Files\Steam\steamapps\awesomeracer\source sdk base\hl2.exe:*:Enabled:hl2 -- ()
"E:\Program Files\Steam\steamapps\highlyasian\source sdk base\hl2.exe" = E:\Program Files\Steam\steamapps\highlyasian\source sdk base\hl2.exe:*:Enabled:hl2 -- ()
"E:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = E:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"E:\Program Files\Windows Live\Messenger\msnmsgr.exe" = E:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"E:\Program Files\Windows Live\Messenger\livecall.exe" = E:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
"E:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe" = E:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice -- (Microsoft Corporation)
"E:\ijji\ENGLISH\u_gbound.exe" = E:\ijji\ENGLISH\u_gbound.exe:*:Enabled:<ijji Downloader> -- (NHN USA inc.)
"E:\Documents and Settings\Patrick\Desktop\SRO_Full-Client_Downloader.exe" = E:\Documents and Settings\Patrick\Desktop\SRO_Full-Client_Downloader.exe:*:Enabled:Full-Client Downloader -- File not found
"E:\Program Files\Live Desktop\LiveDesktop.exe" = E:\Program Files\Live Desktop\LiveDesktop.exe:*:Enabled:Live Desktop -- (RemoteMsn.com)
"E:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe" = E:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32 -- (Crytek GmbH)
"E:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe" = E:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32 -- (Crytek GmbH)
"E:\WINDOWS\system32\PnkBstrA.exe" = E:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()
"E:\WINDOWS\system32\PnkBstrB.exe" = E:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()
"E:\Grand Chase\main.exe" = E:\Grand Chase\main.exe:*:Enabled:GrandChase -- ()
"E:\Documents and Settings\Patrick\Desktop\GunboundRV_setup.exe" = E:\Documents and Settings\Patrick\Desktop\GunboundRV_setup.exe:*:Enabled:<ijji Downloader> -- File not found
"E:\Program Files\Tencent\QQ\QQ.exe" = E:\Program Files\Tencent\QQ\QQ.exe:*:Enabled:QQ -- (TENCENT)
"E:\Program Files\Tencent\QQDownload\QQDownload.exe" = E:\Program Files\Tencent\QQDownload\QQDownload.exe:*:Enabled: -- (Tencent Technology (Shenzhen) Company Limited)
"E:\Program Files\Tencent\QQDownload\QDAutoUpdate.exe" = E:\Program Files\Tencent\QQDownload\QDAutoUpdate.exe:*:Enabled:AutoUpdate Module -- (Tencent Technology (Shenzhen) Company Limited)
"E:\Program Files\Tencent\QQDownload\QQDeskUpdate.exe" = E:\Program Files\Tencent\QQDownload\QQDeskUpdate.exe:*:Enabled:QQDeskUpdate -- ()
"E:\Program Files\Tencent\QQ\QQUpdateCenter.exe" = E:\Program Files\Tencent\QQ\QQUpdateCenter.exe:*:Enabled:QQUpdate -- ()
"E:\Program Files\Tencent\QQ2009\Bin\QQ.exe" = E:\Program Files\Tencent\QQ2009\Bin\QQ.exe:*:Enabled:QQ2009 -- (Tencent)
"E:\Program Files\Pando Networks\Media Booster\PMB.exe" = E:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"E:\Program Files\Warcraft III Demo\War3Demo.exe" = E:\Program Files\Warcraft III Demo\War3Demo.exe:*:Enabled:Warcraft III Demo -- (Blizzard Entertainment)
"E:\Documents and Settings\Patrick\Local Settings\Temp\Blizzard Launcher Temporary - 25ff3be0\Launcher.exe" = E:\Documents and Settings\Patrick\Local Settings\Temp\Blizzard Launcher Temporary - 25ff3be0\Launcher.exe:*:Enabled:Blizzard Launcher -- File not found
"E:\Program Files\Skype\Phone\Skype.exe" = E:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"E:\Program Files\eMule\emule.exe" = E:\Program Files\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)
"E:\Documents and Settings\Patrick\Local Settings\Temp\Blizzard Launcher Temporary - 73292bb0\Launcher.exe" = E:\Documents and Settings\Patrick\Local Settings\Temp\Blizzard Launcher Temporary - 73292bb0\Launcher.exe:*:Enabled:Blizzard Launcher -- File not found
"E:\Program Files\World of Warcraft\Launcher.exe" = E:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"E:\Program Files\VentSrv\ventrilo_srv.exe" = E:\Program Files\VentSrv\ventrilo_srv.exe:*:Enabled:ventrilo_srv -- ()
"E:\Program Files\World of Warcraft\BackgroundDownloader.exe" = E:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"E:\Documents and Settings\Patrick\temp\TeamViewer\Version4\TeamViewer.exe" = E:\Documents and Settings\Patrick\temp\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application -- (TeamViewer GmbH)
"E:\Program Files\TeamViewer\Version4\TeamViewer.exe" = E:\Program Files\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application -- (TeamViewer GmbH)
"E:\Program Files\Raptr\Raptr.exe" = E:\Program Files\Raptr\Raptr.exe:*:Enabled:Raptr Client -- ()
"E:\Program Files\Curse\CurseClient.exe" = E:\Program Files\Curse\CurseClient.exe:*:Enabled:Curse Client -- ()
"E:\ijji\ENGLISH\Gunbound Revolution\GunBound.gme" = E:\ijji\ENGLISH\Gunbound Revolution\GunBound.gme:*:Enabled:GunBound -- (Softnyx)
"E:\Program Files\World of Warcraft\WoW-3.1.2.9901-to-3.1.3.9947-enUS-downloader.exe" = E:\Program Files\World of Warcraft\WoW-3.1.2.9901-to-3.1.3.9947-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"E:\Program Files\Microsoft Games\Halo Server\haloded.exe" = E:\Program Files\Microsoft Games\Halo Server\haloded.exe:*:Enabled:Halo -- (Microsoft Corporation)
"E:\Program Files\Microsoft Games\Halo Trial\halo.exe" = E:\Program Files\Microsoft Games\Halo Trial\halo.exe:*:Enabled:Halo -- (Microsoft Corporation)
"E:\World of Warcraft Public Test\World of Warcraft Public Test\WoW-0.2.0.10026-to-0.2.0.10048-enUS-downloader.exe" = E:\World of Warcraft Public Test\World of Warcraft Public Test\WoW-0.2.0.10026-to-0.2.0.10048-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"E:\World of Warcraft Public Test\World of Warcraft Public Test\Launcher.exe" = E:\World of Warcraft Public Test\World of Warcraft Public Test\Launcher.exe:*:Enabled:Blizzard Launcher -- File not found
"E:\Program Files\World of Warcraft Public Test\Launcher.exe" = E:\Program Files\World of Warcraft Public Test\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"E:\Program Files\World of Warcraft Public Test\WoW-0.2.0.10026-to-0.2.0.10048-enUS-downloader.exe" = E:\Program Files\World of Warcraft Public Test\WoW-0.2.0.10026-to-0.2.0.10048-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"E:\Program Files\World of Warcraft Public Test\World of Warcraft Public Test\Launcher.exe" = E:\Program Files\World of Warcraft Public Test\World of Warcraft Public Test\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"E:\Program Files\World of Warcraft Public Test\World of Warcraft Public Test\WoW-0.2.0.10026-to-0.2.0.10048-enUS-downloader.exe" = E:\Program Files\World of Warcraft Public Test\World of Warcraft Public Test\WoW-0.2.0.10026-to-0.2.0.10048-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"E:\Program Files\World of Warcraft Public Test\World of Warcraft Public Test\WoW-0.2.0.10048-to-0.2.0.10072-enUS-downloader.exe" = E:\Program Files\World of Warcraft Public Test\World of Warcraft Public Test\WoW-0.2.0.10048-to-0.2.0.10072-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"E:\Program Files\World of Warcraft Public Test\World of Warcraft Public Test\WoW-0.2.0.10072-to-0.2.0.10083-enUS-downloader.exe" = E:\Program Files\World of Warcraft Public Test\World of Warcraft Public Test\WoW-0.2.0.10072-to-0.2.0.10083-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"E:\Program Files\World of Warcraft Public Test\World of Warcraft Public Test\wow-0.2.0.10083-to-0.2.0.10116-enUS-downloader.exe" = E:\Program Files\World of Warcraft Public Test\World of Warcraft Public Test\wow-0.2.0.10083-to-0.2.0.10116-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"E:\Program Files\World of Warcraft Public Test\World of Warcraft Public Test\WoW-0.2.0.10116-to-0.2.0.10128-enUS-downloader.exe" = E:\Program Files\World of Warcraft Public Test\World of Warcraft Public Test\WoW-0.2.0.10116-to-0.2.0.10128-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"E:\Program Files\World of Warcraft Public Test\WoW-0.2.0.10048-to-0.2.0.10072-enUS-downloader.exe" = E:\Program Files\World of Warcraft Public Test\WoW-0.2.0.10048-to-0.2.0.10072-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"E:\Program Files\World of Warcraft Public Test\WoW-0.2.0.10072-to-0.2.0.10083-enUS-downloader.exe" = E:\Program Files\World of Warcraft Public Test\WoW-0.2.0.10072-to-0.2.0.10083-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"E:\Program Files\World of Warcraft Public Test\World of Warcraft Public Test\WoW-0.2.0.10128-to-0.2.0.10147-enUS-downloader.exe" = E:\Program Files\World of Warcraft Public Test\World of Warcraft Public Test\WoW-0.2.0.10128-to-0.2.0.10147-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"E:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe" = E:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"E:\Program Files\World of Warcraft Public Test\World of Warcraft Public Test\WoW-0.2.0.10147-to-0.2.0.10170-enUS-downloader.exe" = E:\Program Files\World of Warcraft Public Test\World of Warcraft Public Test\WoW-0.2.0.10147-to-0.2.0.10170-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"E:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe" = E:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"E:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe" = E:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"E:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe" = E:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"E:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = E:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- (Veoh Networks)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis®
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}" = Tencent QQ2009
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{0C2AF762-0565-4C91-9F55-B8B53BB82A38}" = Microsoft Office Accounting 2008 Equifax Addin
"{0F31532A-16F1-4812-8B7B-D321A4CE91A6}" = Sony Vegas Pro 8.0
"{10C6EB34-4423-4DBA-AECA-76540029FF83}" = MorphVOX Pro
"{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0
"{1D46A3A0-B37D-423A-91C2-101A49E2FF80}" = Ventrilo Server
"{1DCC7418-2089-4BDD-B321-3771956160FC}" = ijji Auto Installer
"{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{270940EA-C235-40D9-B2AE-2D450356DF8E}" = Microsoft Office Accounting 2008
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2ADE2157-7A5E-122C-B51D-EB8A01B15943}" = DeepBurner v1.9.0.228
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2DD388FF-6422-43C9-86A1-C7A99C83E946}" = ASUS nVidia Driver
"{300A2961-B2B5-4889-9CB9-5C2A570D08AD}" = Debugging Tools for Windows (x86)
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A08B59E-A9F0-4F4D-B7E5-6875D7F13327}" = Brother MFL-Pro Suite MFC-290C
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer
"{41B9E2CF-0B3F-442A-B5B3-592A4A355634}" = iTunes
"{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{58F8C6D9-5B55-486A-A322-4E8D87670031}" = Canon MP Drivers
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype 3.8
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = PlayNC Launcher
"{5FA793A6-0071-42C1-9355-8F69A428C44F}" = Microsoft Office Accounting ADP Payroll Addin
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD®
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7A512A34-F4E8-43C4-BD80-43A022B31BF6}" = MapleStory
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{7B54248A-DC15-414B-A0ED-C5769FB151CB}" = NIMOCARD
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation
"{7F9129B6-C438-4CCB-80CB-A97E9F3B6B8C}" = Taksi Desktop Video Recorder v0.765
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8AB8D458-939E-403F-0097-9BA1C1F013D5}" = The Sims 2
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{93070872-9FC0-40DC-A0B4-153D4739D1E4}" = Multi-jmk Smartpad
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AA9768AA-FF0B-4C66-A085-31E934F77841}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP1
"{B391EECE-DFEA-4FC5-9D40-47FA43E2DBE6}" = Microsoft Office Accounting 2008 PayPal Addin
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims 3
"{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logitech QuickCam Software
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D99223D4-1F48-47BD-ADFD-D43C91CDFD00}" = S4 League
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = The Sims 2 Seasons
"{E3DF6916-2472-43D9-8B3C-9F2F0AAB01B5}" = Microsoft Office Accounting 2008 Fixed Asset Manager
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E905C356-97DE-44BB-0093-5CC49DD1E9D3}" = The Sims 2 University
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = The Sims 2 Nightlife
"{F9831B39-277F-4F53-BFB0-12DC90C4CB40}" = Requiem
"" = 1.9.242.202
"7-Zip" = 7-Zip 4.62
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Alone In The Dark_is1" = Alone In The Dark
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
"Any Video Converter_is1" = Any Video Converter 2.7.3
"Burn My Files_is1" = Burn My Files
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP1
"CABAL Online_is1" = CABAL Online
"CamStudio" = CamStudio
"CCleaner" = CCleaner (remove only)
"CEP - Colour Enable Packages_is1" = CEP (Color Enable Package) v.9.2 (beta)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-01-24
"Crysis WARHEAD®" = Crysis WARHEAD®
"CurseClient" = Curse Client
"DJ Music Mixer" = DJ Music Mixer
"DVD Flick_is1" = DVD Flick
"eMule" = eMule
"Fraps" = Fraps (remove only)
"FREE Hi-Q Recorder_is1" = FREE Hi-Q Recorder 1.92
"Free Mp3/Wma/Ogg Converter_is1" = Free Mp3/Wma/Ogg Converter 4.0.1
"Free Registry Fix" = Free Registry Fix 5.0
"Free RM to AVI Converter Splitter_is1" = Free RM to AVI Converter Splitter v2.0
"Free Sound Recorder" = Free Sound Recorder
"Gadwin PrintScreen" = Gadwin PrintScreen
"GOM Player" = GOM Player
"Grand Chase" = Grand Chase
"Guild Wars" = Guild Wars
"Gunbound Revolution_is1" = Gunbound Revolution
"Halo Server" = Halo Server
"Halo Trial" = Microsoft Halo Trial
"HijackThis" = HijackThis 2.0.2
"ImgBurn" = ImgBurn
"InfraRecorder" = InfraRecorder
"InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"InstallShield_{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"Live Desktop Pro_is1" = Live Desktop Pro 3.20
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0
"Microsoft Office Accounting 2008" = Microsoft Office Accounting 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (2.0.0.20)" = Mozilla Firefox (2.0.0.20)
"Mozilla Thunderbird (2.0.0.17)" = Mozilla Thunderbird (2.0.0.17)
"MP3 WAV WMA Converter" = MP3 WAV WMA Converter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero7Lite_is1" = Nero 7 Micro 7.11.10.0
"NVIDIA Drivers" = NVIDIA Drivers
"Pocket Tanks_is1" = Pocket Tanks v1.3
"PROR" = Microsoft Office Professional 2007 Trial
"PunkBusterSvc" = PunkBuster Services
"QcDrv" = Logitech Camera Driver
"QQ2008ʽ" = QQ2008 ʽ
"QQϷ" = QQϷ
"QQToolbar" = QQ工具栏
"Raptr" = Raptr
"RealAlt_is1" = Real Alternative 1.9.0
"Rogue" = Rogue
"RumbleFighter" = Rumble Fighter
"Silkroad" = Silkroad
"Spyware Doctor" = Spyware Doctor 7.0
"ST6UNST #1" = Wallpaper Positioner
"Steam App 215" = Source SDK Base
"Steam App 220" = Half-Life 2
"Steam App 240" = Counter-Strike: Source
"Steam App 400" = Portal
"Steam App 440" = Team Fortress 2
"Steam App 70" = Half-Life
"TeamViewer 4" = TeamViewer 4
"Tile Print_is1" = Tile Print Version 3
"Unlocker" = Unlocker 1.8.8
"Video Enhancer_is1" = Video Enhancer 1.9.2
"Virtual Audio Cable 4.04" = Virtual Audio Cable 4.04
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"Wrath of the Lich King Beta" = Wrath of the Lich King Beta
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire" = Xfire (remove only)
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-790525478-1202660629-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"ijji.com" = ijji
"NCsoft-Exteel" = Exteel
"uTorrent" = Torrent
"Warcraft III Demo" = Warcraft III Demo

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/20/2009 9:22:18 PM | Computer Name = CHANGCOR-3F77A4 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 11/20/2009 9:22:19 PM | Computer Name = CHANGCOR-3F77A4 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 11/20/2009 9:22:19 PM | Computer Name = CHANGCOR-3F77A4 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 11/20/2009 10:00:36 PM | Computer Name = CHANGCOR-3F77A4 | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.8.20081.21709, faulting
module msvcrt.dll, version 7.0.2600.2180, fault address 0x00036fa3.

Error - 11/20/2009 10:24:56 PM | Computer Name = CHANGCOR-3F77A4 | Source = Avira AntiVir | ID = 4122
Description = Unable to load file AVPREF.DLL. Returned error code: 1114

Error - 11/20/2009 10:33:36 PM | Computer Name = CHANGCOR-3F77A4 | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.8.20081.21709, faulting
module msvcrt.dll, version 7.0.2600.2180, fault address 0x000372e3.

Error - 11/20/2009 11:19:57 PM | Computer Name = CHANGCOR-3F77A4 | Source = Avira AntiVir | ID = 4122
Description = Unable to load file AVPREF.DLL. Returned error code: 1114

Error - 11/20/2009 11:59:14 PM | Computer Name = CHANGCOR-3F77A4 | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.8.20081.21709, faulting
module msvcrt.dll, version 7.0.2600.2180, fault address 0x000372e3.

Error - 11/21/2009 2:08:11 AM | Computer Name = CHANGCOR-3F77A4 | Source = Avira AntiVir | ID = 4122
Description = Unable to load file AVPREF.DLL. Returned error code: 1114

Error - 11/21/2009 11:26:58 AM | Computer Name = CHANGCOR-3F77A4 | Source = Avira AntiVir | ID = 4122
Description = Unable to load file AVPREF.DLL. Returned error code: 1114

[ System Events ]
Error - 11/21/2009 11:27:13 AM | Computer Name = CHANGCOR-3F77A4 | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126

Error - 11/21/2009 11:27:13 AM | Computer Name = CHANGCOR-3F77A4 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
PCIIde

Error - 11/21/2009 11:27:15 AM | Computer Name = CHANGCOR-3F77A4 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 11/21/2009 11:27:17 AM | Computer Name = CHANGCOR-3F77A4 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 11/21/2009 11:27:18 AM | Computer Name = CHANGCOR-3F77A4 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 11/21/2009 11:27:29 AM | Computer Name = CHANGCOR-3F77A4 | Source = RemoteAccess | ID = 20106
Description = Unable to add the interface {3A4674F1-3144-4C5D-865A-E44954444B8C}
with the Router Manager for the IP protocol. The following error occurred: Cannot
complete this function.

Error - 11/21/2009 11:28:02 AM | Computer Name = CHANGCOR-3F77A4 | Source = System Error | ID = 1003
Description = Error code 000000ea, parameter1 88d9f4a0, parameter2 8a316578, parameter3
8a2f80a8, parameter4 00000001.

Error - 11/21/2009 11:28:08 AM | Computer Name = CHANGCOR-3F77A4 | Source = System Error | ID = 1003
Description = Error code 1000007f, parameter1 00000008, parameter2 80042000, parameter3
00000000, parameter4 00000000.

Error - 11/21/2009 11:33:00 AM | Computer Name = CHANGCOR-3F77A4 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 11/21/2009 11:34:11 AM | Computer Name = CHANGCOR-3F77A4 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
avgio avipbb Fips PCIIde Processor SASDIFSV SASKUTIL ssmdrv


< End of report >




GMER 1.0.15.15252 - http://www.gmer.net
Rootkit scan 2009-11-21 11:32:50
Windows 5.1.2600 Service Pack 2
Running: 8m55sd6t.exe; Driver: E:\DOCUME~1\Patrick\LOCALS~1\Temp\fgrdrkog.sys


---- System - GMER 1.0.15 ----

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xBAF0DE22]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xBAEEECDC]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xBAEEEECE]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xBAF0E610]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xBAF0E8C4]
SSDT spax.sys ZwEnumerateKey [0xF74F5CA2]
SSDT spax.sys ZwEnumerateValueKey [0xF74F6030]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xBAF0CB14]
SSDT spax.sys ZwQueryKey [0xF74F6108]
SSDT spax.sys ZwQueryValueKey [0xF74F5F88]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xBAF0ED30]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xBAF0E0E2]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xBAEEE982]

INT 0x63 ? 8ACBFBF8
INT 0x73 ? 8ACBFBF8
INT 0x83 ? 8ACBFBF8
INT 0xB4 ? 8AC51BF8

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution + 17A 804E49B4 4 Bytes CALL EF1504A9
.text ntoskrnl.exe!ZwYieldExecution + 47A 804E4CB4 4 Bytes JMP C63F07A7
? spax.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload BACFE62C 5 Bytes JMP 8A7684E0
.text ak0qmwuv.SYS BAC8A386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text ak0qmwuv.SYS BAC8A3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text ak0qmwuv.SYS BAC8A3C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text ak0qmwuv.SYS BAC8A3C9 1 Byte [2E]
.text ak0qmwuv.SYS BAC8A3C9 11 Bytes [2E, 00, 00, 00, 5A, 02, 00, ...]
.text ...

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8AC512D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F7508C4C] spax.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7508CA0] spax.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74D8040] spax.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74D813C] spax.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74D80BE] spax.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74D87FC] spax.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74D86D2] spax.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F74E8048] spax.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8A7685E0
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!RtlInitUnicodeString] 2296E852
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!swprintf] 478B0000
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!KeSetEvent] 50016A40
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 1CAC8E8D
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!IoGetConfigurationInformation] E8510000
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 00002284
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!MmFreeMappingAddress] 6A18538B
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 868D5200
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 00001C98
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!MmUnmapIoSpace] 2272E850
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 4B8B0000
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!IofCompleteRequest] 51016A18
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!RtlCompareUnicodeString] 1CB4968D
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!IofCallDriver] E8520000
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 00002260
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] 8A05478A
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!IoConnectInterrupt] 001CBB8E
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!IoDetachDevice] 30C48300
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!KeWaitForSingleObject] 1CBD8688
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!KeInitializeEvent] 80E90000
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] C6000000
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!RtlInitAnsiString] 001CBB86
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] 438B0100
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!IoQueueWorkItem] 8E8D5018
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!MmMapIoSpace] 00001C90
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 2232E851
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!IoReportDetectedDevice] 538B0000
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!IoReportResourceForDetection] 52016A18
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 1CAC868D
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!NlsMbCodePageTag] E8500000
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!PoRequestPowerIrp] 00002220
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 8A05478A
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 001CBB8E
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!sprintf] 18C48300
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 1CBD8688
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!ObfDereferenceObject] 43EB0000
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 320C538A
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 88F93BC0
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!ZwClose] 001CBB96
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] F6317300
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 74070647
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 75C0841A
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 05578A0B
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!PoCallDriver] 968801B0
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!IoCreateDevice] 00001CBD
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 57B60F66
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 533B6604
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!ZwOpenKey] 03087408
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!RtlFreeUnicodeString] 72F93B3F
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!IoStartTimer] 8A09EBDA
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!KeInitializeTimer] 86880547
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!IoInitializeTimer] 00001CBD
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!KeInitializeDpc] 88084B8A
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!KeInitializeSpinLock] 001CBE8E
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!IoInitializeIrp] 40578B00
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!ZwCreateKey] 8D52006A
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 001CC086
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] B1E85000
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!ZwSetValueKey] 8B000021
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!KeInsertQueueDpc] 001CB88E
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] BC968B00
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!IoStartPacket] 8900001C
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 001CC48E
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] C8968900
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!IoFreeMdl] 8B00001C
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!MmUnlockPages] 016A4047
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] CCC68150
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 5600001C
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 002187E8
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 18C48300
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!KeSynchronizeExecution] 5D5B5E5F
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!IoStartNextPacket] CCCCCCC3
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!KeBugCheckEx] CCCCCCCC
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] CCCCCCCC
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!KeSetTimer] CCCCCCCC
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!KeCancelTimer] 8BEC8B55
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!_allmul] 00C73445
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!MmProbeAndLockPages] 00000000
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!_except_handler3] 830C458B
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!PoSetPowerState] C0840CEC
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 053C0D74
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 57B80974
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!_aulldiv] 8B000000
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!strstr] 56C35DE5
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!_strupr] 8D08758B
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!KeQuerySystemTime] 8D51FC4D
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 8D52FD55
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!KeTickCount] 8D51FE4D
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 8D52FF55
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!IoDeleteDevice] 8D51F84D
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 5052F455
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!IoAllocateWorkItem] EACAE856
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!IoAllocateIrp] C483FFFF
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!IoAllocateMdl] 0FC08520
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 0001B185
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!MmLockPagableDataSection] 46B70F00
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] F44D8B48
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] C1815753
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!ExFreePoolWithTag] 00002590
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!IoFreeIrp] 467C8D51
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!IoFreeWorkItem] 76F6E84A
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!InitSafeBootMode] D88BFFFF
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!RtlCompareMemory] 8504C483
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 5F0A75DB
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!memmove] 5B08438D
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!MmHighestUserAddress] 5DE58B5E
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[HAL.dll!KfAcquireSpinLock] 4B8BDF8B
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[HAL.dll!READ_PORT_UCHAR] 8D3F0304
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[HAL.dll!KeGetCurrentIrql] CB033043
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[HAL.dll!KfRaiseIrql] 0673C13B
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[HAL.dll!KfLowerIrql] C13B0003
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[HAL.dll!HalGetInterruptVector] 8366FA72
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[HAL.dll!HalTranslateBusAddress] 75000E7B
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[HAL.dll!KeStallExecutionProcessor] 0B7D80E3
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[HAL.dll!KfReleaseSpinLock] 307B8D00
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 00AA840F
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[HAL.dll!READ_PORT_USHORT] 83660000
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 6A000E7A
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[HAL.dll!WRITE_PORT_UCHAR] C6647400
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[WMILIB.SYS!WmiSystemControl] 4F8B0200
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[WMILIB.SYS!WmiCompleteRequest] 968D5140

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8AC4C1F8
Device \Driver\usbohci \Device\USBPDO-0 8AAE0500
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8ACC01F8
Device \Driver\dmio \Device\DmControl\DmConfig 8ACC01F8
Device \Driver\dmio \Device\DmControl\DmPnP 8ACC01F8
Device \Driver\dmio \Device\DmControl\DmInfo 8ACC01F8
Device \Driver\usbehci \Device\USBPDO-1 8AAD31F8
Device \Driver\PCI_PNP1326 \Device\00000055 spax.sys
Device \Driver\PCI_PNP1326 \Device\00000055 spax.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 8AC4F1F8
Device \Driver\sptd \Device\2057696326 spax.sys
Device \Driver\Cdrom \Device\CdRom0 8AAE91F8
Device \Driver\usbstor \Device\00000081 8A747500
Device \Driver\nvata \Device\00000075 8ACBF1F8
Device \Driver\usbstor \Device\00000083 8A747500
Device \Driver\usbstor \Device\00000085 8A747500
Device \Driver\PCTCore \Device\PCTCoreDevice 8AA17F30
Device \Driver\usbohci \Device\USBFDO-0 8AAE0500
Device \Driver\usbehci \Device\USBFDO-1 8AAD31F8
Device \Driver\nvata \Device\NvAta0 8ACBF1F8
Device \Driver\nvata \Device\NvAta1 8ACBF1F8
Device \Driver\nvata \Device\NvAta2 8ACBF1F8
Device \Driver\Ftdisk \Device\FtControl 8AC4F1F8
Device \Driver\usbstor \Device\0000007e 8A747500
Device \Driver\ak0qmwuv \Device\Scsi\ak0qmwuv1Port4Path0Target0Lun0 8A7791F8
Device \Driver\ak0qmwuv \Device\Scsi\ak0qmwuv1 8A7791F8
Device \Driver\JRAID \Device\Scsi\JRAID1 8AC4D1F8
Device \FileSystem\Cdfs \Cdfs 8A9E0500

---- Threads - GMER 1.0.15 ----

Thread System [4:232] 8A9F8D9D

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 E:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF2 0x9E 0x80 0xC9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xFD 0x36 0xCB 0xE1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x28 0xCF 0xBE 0x10 ...
Reg HKLM\SYSTEM\ControlSet002\Services\ctvuaz@DisplayName Security Windows
Reg HKLM\SYSTEM\ControlSet002\Services\ctvuaz@Type 32
Reg HKLM\SYSTEM\ControlSet002\Services\ctvuaz@Start 2
Reg HKLM\SYSTEM\ControlSet002\Services\ctvuaz@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\Services\ctvuaz@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet002\Services\ctvuaz@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet002\Services\ctvuaz@Description Offers routing services to businesses in local area and wide area network environments.
Reg HKLM\SYSTEM\ControlSet002\Services\ctvuaz\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\ctvuaz\Parameters@ServiceDll E:\WINDOWS\system32\qsalvif.dll
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 E:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF2 0x9E 0x80 0xC9 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xFD 0x36 0xCB 0xE1 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x28 0xCF 0xBE 0x10 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000

---- EOF - GMER 1.0.15 ----





System Investigator by Olrik
Log Created On: 1136_21-11-2009
SINO Version: 2.4.9.9

Total RAM: 3582 MB | Free RAM: 2392 MB | Pagefile Size: 5464 MB
E: | 416768 MB out of 953859 MB Free | Local Fixed Disk
F: | None | CD-ROM Disc
G: | None | Removable Disk
H: | None | Removable Disk

<<<< System Information >>>>

Computer Name: CHANGCOR-3F77A4
Username: Patrick
Language Setting: ENU
Windows Directory: E:\WINDOWS
Windows Version: Windows XP Service Pack 2

<<<< Tasklist >>>>

[System Idle Process] - Process ID: 0
[System] - Process ID: 4
[E:\WINDOWS\System32\smss.exe] - Process ID: 896
[csrss.exe] - Process ID: 960
[E:\WINDOWS\system32\winlogon.exe] - Process ID: 984
[E:\WINDOWS\system32\services.exe] - Process ID: 1032
[E:\WINDOWS\system32\lsass.exe] - Process ID: 1052
[E:\WINDOWS\system32\svchost.exe] - Process ID: 1204
[svchost.exe] - Process ID: 1260
[E:\WINDOWS\System32\svchost.exe] - Process ID: 1304
[svchost.exe] - Process ID: 1428
[svchost.exe] - Process ID: 1456
[E:\WINDOWS\system32\spoolsv.exe] - Process ID: 1628
[svchost.exe] - Process ID: 1800
[E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe] - Process ID: 1848
[E:\Program Files\Bonjour\mDNSResponder.exe] - Process ID: 1888
[E:\WINDOWS\system32\PnkBstrA.exe] - Process ID: 1956
[E:\Program Files\Spyware Doctor\pctsAuxs.exe] - Process ID: 2008
[E:\WINDOWS\system32\svchost.exe] - Process ID: 184
[E:\WINDOWS\Explorer.EXE] - Process ID: 664
[alg.exe] - Process ID: 1164
[E:\Program Files\Analog Devices\Core\smax4pnp.exe] - Process ID: 1652
[E:\Program Files\iTunes\iTunesHelper.exe] - Process ID: 1912
[E:\WINDOWS\system32\LVCOMSX.EXE] - Process ID: 1944
[E:\Program Files\Logitech\Video\LogiTray.exe] - Process ID: 2032
[E:\Program Files\Winamp\winampa.exe] - Process ID: 608
[E:\Program Files\ScanSoft\PaperPort\pptd40nt.exe] - Process ID: 712
[E:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe] - Process ID: 1036
[E:\Program Files\Unlocker\UnlockerAssistant.exe] - Process ID: 1896
[E:\Program Files\Curse\CurseClient.exe] - Process ID: 1396
[E:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe] - Process ID: 1404
[E:\Program Files\Brother\ControlCenter3\brccMCtl.exe] - Process ID: 2308
[E:\Program Files\OpenOffice.org 3\program\soffice.exe] - Process ID: 2392
[E:\Program Files\OpenOffice.org 3\program\soffice.bin] - Process ID: 2464
[E:\Program Files\Brother\Brmfcmon\BrMfcmon.exe] - Process ID: 2488
[E:\Program Files\Logitech\Video\FxSvr2.exe] - Process ID: 2560
[E:\Program Files\iPod\bin\iPodService.exe] - Process ID: 2652
[E:\Documents and Settings\Patrick\Desktop\Program Files\Mozilla Firefox\firefox.exe] - Process ID: 3728
[E:\DOCUME~1\Patrick\LOCALS~1\Temp\SINO\SINO.exe] - Process ID: 3676
[wmiprvse.exe] - Process ID: 2264

<<<< Startup Items >>>>

[Adobe Gamma] - <Startup> - Adobe Gamma.lnk
[desktop] - <Startup> - desktop.ini
[OpenOffice.org 3.0] - <Startup> - OpenOffice.org 3.0.lnk
[DWQueuedReporting] - <HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - "E:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
[Adobe Gamma] - <Startup> - Adobe Gamma.lnk
[desktop] - <Startup> - desktop.ini
[OpenOffice.org 3.0] - <Startup> - OpenOffice.org 3.0.lnk
[Google Update] - <HKU\S-1-5-21-790525478-1202660629-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - "E:\Documents and Settings\Patrick\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
[LogitechSoftwareUpdate] - <HKU\S-1-5-21-790525478-1202660629-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - "E:\Program Files\Logitech\Video\ManifestEngine.exe" boot
[CurseClient] - <HKU\S-1-5-21-790525478-1202660629-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - E:\Program Files\Curse\CurseClient.exe -silent
[VeohPlugin] - <HKU\S-1-5-21-790525478-1202660629-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - "E:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
[Adobe Gamma] - <Startup> - Adobe Gamma.lnk
[desktop] - <Startup> - desktop.ini
[OpenOffice.org 3.0] - <Startup> - OpenOffice.org 3.0.lnk
[DWQueuedReporting] - <HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - "E:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
[desktop] - <Common Startup> - desktop.ini
[SoundMAXPnP] - <HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - E:\Program Files\Analog Devices\Core\smax4pnp.exe
[JMB36X IDE Setup] - <HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - E:\WINDOWS\JM\JMInsIDE.exe
[36X Raid Configurer] - <HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - E:\WINDOWS\system32\JMRaidSetup.exe boot
[IMJPMIG8.1] - <HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - "E:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
[MSPY2002] - <HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - E:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
[PHIME2002ASync] - <HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
[PHIME2002A] - <HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
[QuickTime Task] - <HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - "E:\Program Files\QuickTime\qttask.exe" -atboottime
[iTunesHelper] - <HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - "E:\Program Files\iTunes\iTunesHelper.exe"
[LVCOMSX] - <HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - E:\WINDOWS\system32\LVCOMSX.EXE
[LogitechVideoRepair] - <HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - E:\Program Files\Logitech\Video\ISStart.exe
[LogitechVideoTray] - <HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - E:\Program Files\Logitech\Video\LogiTray.exe
[Synchronization Manager] - <HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - %SystemRoot%\system32\mobsync.exe /logon
[WinampAgent] - <HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - "E:\Program Files\Winamp\winampa.exe"
[SSBkgdUpdate] - <HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - "E:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
[PaperPort PTD] - <HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - "E:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
[IndexSearch] - <HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - "E:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
[PPort11reminder] - <HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - "E:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "E:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
[BrMfcWnd] - <HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - E:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
[ControlCenter3] - <HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - E:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
[Malwarebytes Anti-Malware (reboot)] - <HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - "E:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
[UnlockerAssistant] - <HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - "E:\Program Files\Unlocker\UnlockerAssistant.exe"
[KernelFaultCheck] - <HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - %systemroot%\system32\dumprep 0 -k

<<<< MS Services >>>>

Adobe LM Service (Adobe LM Service) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"
Alerter (Alerter) - Running [Auto | Stoppable | Not_Pausable] - E:\WINDOWS\system32\svchost.exe -k LocalService
Application Layer Gateway Service (ALG) - Running [Manual | Stoppable | Not_Pausable] - E:\WINDOWS\System32\alg.exe
Application Management (AppMgmt) - Stopped [Manual | Not_Stoppable | Not_Pausable] - E:\WINDOWS\system32\svchost.exe -k netsvcs
ASP.NET State Service (aspnet_state) - Stopped [Manual | Not_Stoppable | Not_Pausable] - E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
Windows Audio (AudioSrv) - Running [Auto | Stoppable | Not_Pausable] - E:\WINDOWS\System32\svchost.exe -k netsvcs
Background Intelligent Transfer Service (BITS) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - E:\WINDOWS\system32\svchost.exe -k netsvcs
Computer Browser (Browser) - Stopped [Auto | Not_Stoppable | Not_Pausable] - E:\WINDOWS\system32\svchost.exe -k netsvcs
Indexing Service (CiSvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - E:\WINDOWS\system32\cisvc.exe
ClipBook (ClipSrv) - Stopped [Manual | Not_Stoppable | Not_Pausable] - E:\WINDOWS\system32\clipsrv.exe
.NET Runtime Optimization Service v2.0.50727_X86 (clr_optimization_v2.0.50727_32) - Stopped [Manual | Not_Stoppable | Not_Pausable] - E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
COM+ System Application (COMSysApp) - Stopped [Manual | Not_Stoppable | Not_Pausable] - E:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
CryptSvc (CryptSvc) - Running [Auto | Stoppable | Not_Pausable] - E:\WINDOWS\system32\svchost.exe -k netsvcs
DCOM Server Process Launcher (DcomLaunch) - Running [Auto | Not_Stoppable | Not_Pausable] - E:\WINDOWS\system32\svchost -k DcomLaunch
DHCP Client (Dhcp) - Running [Auto | Stoppable | Not_Pausable] - E:\WINDOWS\system32\svchost.exe -k netsvcs
Logical Disk Manager Administrative Service (dmadmin) - Stopped [Manual | Not_Stoppable | Not_Pausable] - E:\WINDOWS\System32\dmadmin.exe /com
Logical Disk Manager (dmserver) - Running [Auto | Stoppable | Not_Pausable] - E:\WINDOWS\System32\svchost.exe -k netsvcs
DNS Client (Dnscache) - Running [Auto | Stoppable | Not_Pausable] - E:\WINDOWS\system32\svchost.exe -k NetworkService
Error Reporting Service (ERSvc) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - E:\WINDOWS\System32\svchost.exe -k netsvcs
Event Log (Eventlog) - Running [Auto | Not_Stoppable | Not_Pausable] - E:\WINDOWS\system32\services.exe
COM+ Event System (EventSystem) - Running [Manual | Stoppable | Not_Pausable] - E:\WINDOWS\system32\svchost.exe -k netsvcs
Fast User Switching Compatibility (FastUserSwitchingCompatibility) - Running [Auto | Stoppable | Not_Pausable] - E:\WINDOWS\System32\svchost.exe -k netsvcs
Windows Presentation Foundation Font Cache 3.0.0.0 (FontCache3.0.0.0) - Stopped [Manual | Not_Stoppable | Not_Pausable] - e:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
Help and Support (helpsvc) - Running [Auto | Stoppable | Not_Pausable] - E:\WINDOWS\System32\svchost.exe -k netsvcs
HID Input Service (HidServ) - Running [Auto | Stoppable | Not_Pausable] - E:\WINDOWS\System32\svchost.exe -k netsvcs
HTTP SSL (HTTPFilter) - Stopped [Manual | Not_Stoppable | Not_Pausable] - E:\WINDOWS\System32\svchost.exe -k HTTPFilter
InstallDriver Table Manager (IDriverT) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "E:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"
Windows CardSpace (idsvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "E:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
IMAPI CD-Burning COM Service (ImapiService) - Stopped [Manual | Not_Stoppable | Not_Pausable] - E:\WINDOWS\system32\imapi.exe
Server (lanmanserver) - Running [Auto | Stoppable | Pausable] - E:\WINDOWS\system32\svchost.exe -k netsvcs
Workstation (lanmanworkstation) - Running [Auto | Stoppable | Pausable] - E:\WINDOWS\system32\svchost.exe -k netsvcs
TCP/IP NetBIOS Helper (LmHosts) - Running [Auto | Stoppable | Not_Pausable] - E:\WINDOWS\system32\svchost.exe -k LocalService
Messenger (Messenger) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - E:\WINDOWS\system32\svchost.exe -k netsvcs
NetMeeting Remote Desktop Sharing (mnmsrvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - E:\WINDOWS\system32\mnmsrvc.exe
Distributed Transaction Coordinator (MSDTC) - Stopped [Manual | Not_Stoppable | Not_Pausable] - E:\WINDOWS\system32\msdtc.exe
Windows Installer (MSIServer) - Stopped [Manual | Not_Stoppable | Not_Pausable] - E:\WINDOWS\system32\msiexec.exe /V
Network DDE (NetDDE) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - E:\WINDOWS\system32\netdde.exe
Network DDE DSDM (NetDDEdsdm) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - E:\WINDOWS\system32\netdde.exe
Net Logon (Netlogon) - Stopped [Manual | Not_Stoppable | Not_Pausable] - E:\WINDOWS\system32\lsass.exe
Network Connections (Netman) - Running [Manual | Stoppable | Not_Pausable] - E:\WINDOWS\System32\svchost.exe -k netsvcs
Net.Tcp Port Sharing Service (NetTcpPortSharing) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - "E:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"
Network Location Awareness (NLA) (Nla) - Running [Manual | Stoppable | Not_Pausable] - E:\WINDOWS\system32\svchost.exe -k netsvcs
NT LM Security Support Provider (NtLmSsp) - Stopped [Manual | Not_Stoppable | Not_Pausable] - E:\WINDOWS\system32\lsass.exe
Removable Storage (NtmsSvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - E:\WINDOWS\system32\svchost.exe -k netsvcs
Microsoft Office Diagnostics Service (odserv) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "E:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE"
Office Source Engine (ose) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "E:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
Plug and Play (PlugPlay) - Running [Auto | Not_Stoppable | Not_Pausable] - E:\WINDOWS\system32\services.exe
IPSEC Services (PolicyAgent) - Running [Auto | Stoppable | Not_Pausable] - E:\WINDOWS\system32\lsass.exe
Protected Storage (ProtectedStorage) - Running [Auto | Stoppable | Not_Pausable] - E:\WINDOWS\system32\lsass.exe
Remote Access Auto Connection Manager (RasAuto) - Stopped [Manual | Not_Stoppable | Not_Pausable] - E:\WINDOWS\system32\svchost.exe -k netsvcs
Remote Access Connection Manager (RasMan) - Running [Manual | Stoppable | Not_Pausable] - E:\WINDOWS\system32\svchost.exe -k netsvcs
Remote Desktop Help Session Manager (RDSessMgr) - Stopped [Manual | Not_Stoppable | Not_Pausable] - E:\WINDOWS\system32\sessmgr.exe
Routing and Remote Access (RemoteAccess) - Running [Auto | Stoppable | Pausable] - E:\WINDOWS\system32\svchost.exe -k netsvcs
Remote Registry (RemoteRegistry) - Running [Auto | Stoppable | Not_Pausable] - E:\WINDOWS\system32\svchost.exe -k LocalService
Remote Procedure Call (RPC) Locator (RpcLocator) - Stopped [Manual | Not_Stoppable | Not_Pausable] - E:\WINDOWS\system32\locator.exe
Remote Procedure Call (RPC) (RpcSs) - Running [Auto | Not_Stoppable | Not_Pausable] - E:\WINDOWS\system32\svchost -k rpcss
QoS RSVP (RSVP) - Stopped [Manual | Not_Stoppable | Not_Pausable] - E:\WINDOWS\system32\rsvp.exe
Security Accounts Manager (SamSs) - Running [Auto | Not_Stoppable | Not_Pausable] - E:\WINDOWS\system32\lsass.exe
Smart Card (SCardSvr) - Stopped [Manual | Not_Stoppable | Not_Pausable] - E:\WINDOWS\System32\SCardSvr.exe
Task Scheduler (Schedule) - Running [Auto | Stoppable | Pausable] - E:\WINDOWS\System32\svchost.exe -k netsvcs
Secondary Logon (seclogon) - Running [Auto | Stoppable | Pausable] - E:\WINDOWS\System32\svchost.exe -k netsvcs
System Event Notification (SENS) - Running [Auto | Stoppable | Not_Pausable] - E:\WINDOWS\system32\svchost.exe -k netsvcs
Windows Firewall/Internet Connection Sharing (ICS) (SharedAccess) - Running [Auto | Stoppable | Not_Pausable] - E:\WINDOWS\System32\svchost.exe -k netsvcs
Shell Hardware Detection (ShellHWDetection) - Running [Auto | Stoppable | Pausable] - E:\WINDOWS\System32\svchost.exe -k netsvcs
Print Spooler (Spooler) - Running [Auto | Stoppable | Not_Pausable] - E:\WINDOWS\system32\spoolsv.exe
System Restore Service (srservice) - Running [Auto | Stoppable | Not_Pausable] - E:\WINDOWS\system32\svchost.exe -k netsvcs
SSDP Discovery Service (SSDPSRV) - Running [Manual | Stoppable | Not_Pausable] - E:\WINDOWS\system32\svchost.exe -k LocalService
Windows Image Acquisition (WIA) (stisvc) - Running [Auto | Stoppable | Not_Pausable] - E:\WINDOWS\system32\svchost.exe -k imgsvc
MS Software Shadow Copy Provider (SwPrv) - Stopped [Manual | Not_Stoppable | Not_Pausable] - E:\WINDOWS\system32\dllhost.exe /Processid:{9B88F29D-FA8D-4988-A5BC-2CCF1D4D4248}
Performance Logs and Alerts (SysmonLog) - Stopped [Manual | Not_Stoppable | Not_Pausable] - E:\WINDOWS\system32\smlogsvc.exe
Telephony (TapiSrv) - Running [Manual | Stoppable | Pausable] - E:\WINDOWS\System32\svchost.exe -k netsvcs
Terminal Services (TermService) - Running [Auto | Not_Stoppable | Not_Pausable] - E:\WINDOWS\System32\svchost -k DComLaunch
Themes (Themes) - Running [Auto | Stoppable | Not_Pausable] - E:\WINDOWS\System32\svchost.exe -k netsvcs
Telnet (TlntSvr) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - E:\WINDOWS\system32\tlntsvr.exe
Distributed Link Tracking Client (TrkWks) - Running [Auto | Stoppable | Not_Pausable] - E:\WINDOWS\system32\svchost.exe -k netsvcs
Universal Plug and Play Device Host (upnphost) - Stopped [Manual | Not_Stoppable | Not_Pausable] - E:\WINDOWS\system32\svchost.exe -k LocalService
Uninterruptible Power Supply (UPS) - Stopped [Manual | Not_Stoppable | Not_Pausable] - E:\WINDOWS\System32\ups.exe
Volume Shadow Copy (VSS) - Stopped [Manual | Not_Stoppable | Not_Pausable] - E:\WINDOWS\System32\vssvc.exe
Windows Time (W32Time) - Running [Auto | Stoppable | Not_Pausable] - E:\WINDOWS\System32\svchost.exe -k netsvcs
WebClient (WebClient) - Running [Auto | Stoppable | Not_Pausable] - E:\WINDOWS\system32\svchost.exe -k LocalService
Windows Management Instrumentation (winmgmt) - Running [Auto | Stoppable | Pausable] - E:\WINDOWS\system32\svchost.exe -k netsvcs
Portable Media Serial Number Service (WmdmPmSN) - Stopped [Manual | Not_Stoppable | Not_Pausable] - E:\WINDOWS\System32\svchost.exe -k netsvcs
Windows Management Instrumentation Driver Extensions (Wmi) - Stopped [Manual | Not_Stoppable | Not_Pausable] - E:\WINDOWS\System32\svchost.exe -k netsvcs
WMI Performance Adapter (WmiApSrv) - Stopped [Manual | Not_Stoppable | Not_Pausable] - E:\WINDOWS\system32\wbem\wmiapsrv.exe
Windows Media Player Network Sharing Service (WMPNetworkSvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "E:\Program Files\Windows Media Player\WMPNetwk.exe"
Security Center (wscsvc) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - E:\WINDOWS\System32\svchost.exe -k netsvcs
Automatic Updates (wuauserv) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - E:\WINDOWS\system32\svchost.exe -k netsvcs
Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - E:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
Wireless Zero Configuration (WZCSVC) - Running [Auto | Stoppable | Not_Pausable] - E:\WINDOWS\System32\svchost.exe -k netsvcs
Network Provisioning Service (xmlprov) - Stopped [Manual | Not_Stoppable | Not_Pausable] - E:\WINDOWS\System32\svchost.exe -k netsvcs

<<<< Non-MS Services >>>>

Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Stopped [Auto | Not_Stoppable | Not_Pausable] - "E:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe"
Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Stopped [Auto | Not_Stoppable | Not_Pausable] - "E:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe"
Apple Mobile Device (Apple Mobile Device) - Running [Auto | Stoppable | Not_Pausable] - "E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
Business Contact Manager SQL Server Startup Service (BcmSqlStartupSvc) - Stopped [Auto | Not_Stoppable | Not_Pausable] - "E:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe"
Bonjour Service (Bonjour Service) - Running [Auto | Stoppable | Not_Pausable] - "E:\Program Files\Bonjour\mDNSResponder.exe"
Browser Defender Update Service (Browser Defender Update Service) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - "E:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe"
Security Windows (ctvuaz) - Stopped [Auto | Not_Stoppable | Not_Pausable] - E:\WINDOWS\system32\svchost.exe -k netsvcs
ForceWare Intelligent Application Manager (IAM) (ForceWare Intelligent Application Manager (IAM)) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
Forceware Web Interface (ForcewareWebInterface) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - "E:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice
iPod Service (iPod Service) - Running [Manual | Stoppable | Not_Pausable] - "E:\Program Files\iPod\bin\iPodService.exe"
SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - "e:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ
SQL Server Active Directory Helper (MSSQLServerADHelper) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - "e:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe"
nProtect GameGuard Service (npggsvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - E:\WINDOWS\system32\GameMon.des -service
npkcmsvc (npkcmsvc) - Stopped [Auto | Not_Stoppable | Not_Pausable] - E:\Nexon\MapleStory\npkcmsvc.exe
ForceWare IP service (nSvcIp) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
ForceWare user log service (nSvcLog) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
NVIDIA Display Driver Service (NVSvc) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - E:\WINDOWS\system32\nvsvc32.exe
PnkBstrA (PnkBstrA) - Running [Auto | Stoppable | Not_Pausable] - E:\WINDOWS\system32\PnkBstrA.exe
PC Tools Auxiliary Service (sdAuxService) - Running [Auto | Stoppable | Not_Pausable] - E:\Program Files\Spyware Doctor\pctsAuxs.exe
SQL Server Browser (SQLBrowser) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - "e:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe"
SQL Server VSS Writer (SQLWriter) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - "e:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "E:\Program Files\Windows Live\Messenger\usnsvc.exe"
User Privilege Service (usprserv) - Stopped [Manual | Not_Stoppable | Not_Pausable] - E:\WINDOWS\System32\svchost.exe -k netsvcs
Windows Live Setup Service (WLSetupSvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "E:\Program Files\Windows Live\installer\WLSetupSvc.exe"

<<<< Boot.ini >>>>

[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
E:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

<<<< Ipconfig >>>>

Windows IP Configuration

Host Name . . . . . . . . . . . . : changcor-3f77a4
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Description . . . . . . . . . . . : NVIDIA nForce Networking Controller
Physical Address. . . . . . . . . : 00-1F-C6-E3-8B-06

Ethernet adapter Local Area Connection 3:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : NVIDIA nForce Networking Controller #2
Physical Address. . . . . . . . . : 00-1F-C6-E8-09-28
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.0.101
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 192.168.0.1
Lease Obtained. . . . . . . . . . : Saturday, November 21, 2009 11:34:29 AM
Lease Expires . . . . . . . . . . : Saturday, November 28, 2009 11:34:29 AM


<<<< Pinging >>>>

OpenDNS Domain Test
Pinging to www.opendns.com [208.69.38.150]:

Response - 108ms
Response - 93ms
Response - 109ms
Response - 77ms

Packets: Sent = 4, Received = 4, Lost = 0
Minimum = 109ms - Maximum = 77ms

OpenDNS IP Test
Pinging to 208.67.222.222 [208.67.222.222]:

Response - 47ms
Response - 46ms
Response - 46ms
Response - 46ms

Packets: Sent = 4, Received = 4, Lost = 0
Minimum = 46ms - Maximum = 46ms

YouTube Domain Test
Pinging to www.youtube.com [74.125.45.139]:

Response - 30ms
Response - 31ms
Response - 30ms
Response - 46ms

Packets: Sent = 4, Received = 4, Lost = 0
Minimum = 30ms - Maximum = 46ms

YouTube IP Test
Pinging to 208.117.236.69 [208.117.236.69]:

Response - 125ms
Response - 125ms
Response - 125ms
Response - 141ms

Packets: Sent = 4, Received = 4, Lost = 0
Minimum = 125ms - Maximum = 141ms

localhost Test
Pinging to 127.0.0.1 [127.0.0.1]:

Response - 0ms
Response - 0ms
Response - 0ms
Response - 0ms

Packets: Sent = 4, Received = 4, Lost = 0
Minimum = 0ms - Maximum = 0ms


<<<< Netstat >>>>

Active Connections

Proto Local Address Foreign Address State PID
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 1260
[svchost.exe]

TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
[System]

TCP 0.0.0.0:1723 0.0.0.0:0 LISTENING 4
[System]

TCP 0.0.0.0:2052 0.0.0.0:0 LISTENING 1304
[svchost.exe]

TCP 0.0.0.0:2479 0.0.0.0:0 LISTENING 1032
[services.exe]

TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING 1204
-- unknown component(s) --
[svchost.exe]

TCP 0.0.0.0:3859 0.0.0.0:0 LISTENING 1032
[services.exe]

TCP 0.0.0.0:65533 0.0.0.0:0 LISTENING 1032
[services.exe]

TCP 127.0.0.1:1027 0.0.0.0:0 LISTENING 1164
[alg.exe]

TCP 127.0.0.1:1048 0.0.0.0:0 LISTENING 1404
[veohwebplayer.exe]

TCP 127.0.0.1:5354 0.0.0.0:0 LISTENING 1888
[mDNSResponder.exe]

TCP 127.0.0.1:27015 0.0.0.0:0 LISTENING 1848
[AppleMobileDeviceService.exe]

TCP 192.168.0.101:139 0.0.0.0:0 LISTENING 4
[System]

TCP 192.168.0.101:1107 192.168.0.20:445 SYN_SENT 1304
[svchost.exe]

TCP 127.0.0.1:1033 127.0.0.1:27015 ESTABLISHED 1912
[iTunesHelper.exe]

TCP 127.0.0.1:1055 127.0.0.1:1056 ESTABLISHED 3728
[firefox.exe]

TCP 127.0.0.1:1056 127.0.0.1:1055 ESTABLISHED 3728
[firefox.exe]

TCP 127.0.0.1:1072 127.0.0.1:1073 ESTABLISHED 3728
[firefox.exe]

TCP 127.0.0.1:1073 127.0.0.1:1072 ESTABLISHED 3728
[firefox.exe]

TCP 127.0.0.1:27015 127.0.0.1:1033 ESTABLISHED 1848
[AppleMobileDeviceService.exe]

TCP 192.168.0.101:1076 74.125.157.106:80 ESTABLISHED 3728
[firefox.exe]

TCP 192.168.0.101:1077 74.125.67.132:80 ESTABLISHED 3728
[firefox.exe]

TCP 192.168.0.101:1078 74.125.45.139:80 ESTABLISHED 3728
[firefox.exe]

TCP 192.168.0.101:1079 74.125.45.139:80 ESTABLISHED 3728
[firefox.exe]

TCP 192.168.0.101:1080 74.125.19.138:80 ESTABLISHED 3728
[firefox.exe]

TCP 192.168.0.101:1091 69.163.167.204:80 CLOSE_WAIT 3676
[SINO.exe]

TCP 192.168.0.101:1067 192.168.0.1:5678 TIME_WAIT 0
TCP 192.168.0.101:1068 192.168.0.1:5678 TIME_WAIT 0
TCP 192.168.0.101:1069 192.168.0.1:5678 TIME_WAIT 0
TCP 192.168.0.101:1070 192.168.0.1:5678 TIME_WAIT 0
TCP 192.168.0.101:1071 192.168.0.1:5678 TIME_WAIT 0
TCP 192.168.0.101:1074 192.168.0.1:5678 TIME_WAIT 0
TCP 192.168.0.101:1082 208.43.87.2:80 TIME_WAIT 0
TCP 192.168.0.101:1084 8.3.211.74:80 TIME_WAIT 0
TCP 192.168.0.101:1087 69.167.127.68:80 TIME_WAIT 0
UDP 0.0.0.0:500 *:* 1052
[lsass.exe]

UDP 0.0.0.0:32286 *:* 1404
[veohwebplayer.exe]

UDP 0.0.0.0:49268 *:* 1888
[mDNSResponder.exe]

UDP 0.0.0.0:37618 *:* 1396
[CurseClient.exe]

UDP 0.0.0.0:1701 *:* 4
[System]

UDP 0.0.0.0:4500 *:* 1052
[lsass.exe]

UDP 0.0.0.0:1025 *:* 1888
[mDNSResponder.exe]

UDP 0.0.0.0:1049 *:* 1404
[veohwebplayer.exe]

UDP 0.0.0.0:32285 *:* 1404
[veohwebplayer.exe]

UDP 0.0.0.0:1045 *:* 1404
[veohwebplayer.exe]

UDP 0.0.0.0:445 *:* 4
[System]

UDP 127.0.0.1:1050 *:* 1404
[veohwebplayer.exe]

UDP 127.0.0.1:44301 *:* 1956
[PnkBstrA.exe]

UDP 127.0.0.1:1031 *:* 1304
[svchost.exe]

UDP 127.0.0.1:1032 *:* 1304
[svchost.exe]

UDP 127.0.0.1:1900 *:* 1456
[svchost.exe]

UDP 127.0.0.1:123 *:* 1304
[svchost.exe]

UDP 192.168.0.101:138 *:* 4
[System]

UDP 192.168.0.101:137 *:* 4
[System]

UDP 192.168.0.101:123 *:* 1304
[svchost.exe]

UDP 192.168.0.101:5353 *:* 1888
[mDNSResponder.exe]

UDP 192.168.0.101:1900 *:* 1456
[svchost.exe]


<<<< Routing Table >>>>

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1f c6 e3 8b 06 ...... NVIDIA nForce Networking Controller - Packet Scheduler Miniport
0x3 ...00 1f c6 e8 09 28 ...... NVIDIA nForce Networking Controller #2 - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.101 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.0.101 192.168.0.101 20
192.168.0.0 255.255.255.0 192.168.0.101 192.168.0.101 20
192.168.0.101 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.0.255 255.255.255.255 192.168.0.101 192.168.0.101 20
224.0.0.0 240.0.0.0 192.168.0.101 192.168.0.101 20
255.255.255.255 255.255.255.255 192.168.0.101 2 1
255.255.255.255 255.255.255.255 192.168.0.101 192.168.0.101 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None

Route Table

<<<< Hosts File >>>>

The HOSTS file is 27 Bytes in size.

There were 0 lines not pointing to 127.0.0.1

<<<< Active Shares >>>>

Share: E$ - Path: E:\
Share: IPC$ - Path:
Share: ADMIN$ - Path: E:\WINDOWS


END OF LOG FILE, Date of Completion: 1136_21-11-2009 ----------




Thank you for your time, hopefully these ares the correct logs you requested.







OTL logfile created on: 11/21/2009 10:36:37 AM - Run 1
OTL by OldTimer - Version 3.1.6.1 Folder = E:\Documents and Settings\Patrick\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): E:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program Files
C: Drive not present or media not loaded
D: Drive not present or media not loaded
Drive E: | 931.50 Gb Total Space | 407.35 Gb Free Space | 43.73% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHANGCOR-3F77A4
Current User Name: Patrick
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/21 10:35:51 | 00,528,896 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\Patrick\Desktop\OTL.exe
PRC - [2008/12/20 07:38:12 | 07,678,568 | ---- | M] (Mozilla Corporation) -- E:\Documents and Settings\Patrick\Desktop\Program Files\Mozilla Firefox\firefox.exe
PRC - [2004/08/03 23:56:56 | 00,013,312 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\system32\savedump.exe
PRC - [2004/08/03 23:56:50 | 01,032,192 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2009/11/21 10:35:51 | 00,528,896 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\Patrick\Desktop\OTL.exe
MOD - [2004/08/03 23:57:02 | 01,050,624 | R--- | M] (Microsoft Corporation) -- E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004/08/03 23:56:44 | 00,185,856 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\system32\wbem\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (npkcmsvc)
SRV - [2009/10/08 11:31:44 | 00,112,592 | ---- | M] (Threat Expert Ltd.) -- E:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/09/23 12:17:22 | 00,358,600 | ---- | M] (PC Tools) -- E:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/03/16 17:48:00 | 02,849,757 | ---- | M] (INCA Internet Co., Ltd.) -- E:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2008/12/18 04:25:12 | 29,181,272 | ---- | M] (Microsoft Corporation) -- e:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ)
SRV - [2008/11/24 21:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- e:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/06 21:53:51 | 00,066,872 | ---- | M] () -- E:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA)
SRV - [2008/10/23 20:04:14 | 00,068,865 | ---- | M] (Avira GmbH) -- E:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler)
SRV - [2008/10/23 20:04:10 | 00,151,297 | ---- | M] (Avira GmbH) -- E:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService)
SRV - [2008/09/10 16:39:48 | 00,536,872 | ---- | M] (Apple Inc.) -- E:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2008/09/10 15:50:26 | 00,116,040 | ---- | M] (Apple Inc.) -- E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/09/01 08:10:24 | 00,072,704 | ---- | M] (Adobe Systems) -- E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- E:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/03/11 03:25:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- E:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2008/01/11 16:50:16 | 00,030,312 | ---- | M] (Microsoft Corporation) -- E:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/10/25 14:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- E:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/10/18 10:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- E:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007/08/24 02:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- E:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2007/02/10 04:29:48 | 00,242,544 | ---- | M] (Microsoft Corporation) -- e:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2006/10/30 02:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2006/10/30 02:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- E:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/10/20 20:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) -- e:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- E:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2006/09/11 18:59:28 | 00,172,032 | ---- | M] () -- E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
SRV - [2006/09/11 18:56:02 | 00,135,227 | ---- | M] (NVIDIA Corporation) -- E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp)
SRV - [2006/09/11 18:55:42 | 00,065,599 | ---- | M] (NVIDIA Corporation) -- E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog)
SRV - [2006/04/13 15:14:26 | 00,020,543 | ---- | M] (Apache Software Foundation) -- E:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe -- (ForcewareWebInterface)
SRV - [2005/10/14 01:50:20 | 00,045,272 | ---- | M] (Microsoft Corporation) -- e:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2005/09/23 06:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2005/09/23 06:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- E:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/08/03 23:56:46 | 00,038,912 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)


========== Driver Services (SafeList) ==========

DRV - [2009/11/11 10:44:50 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- E:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/11/11 10:44:48 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- E:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/11/11 10:44:46 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- E:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/09/23 16:10:06 | 00,207,280 | ---- | M] (PC Tools) -- E:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/03/27 13:23:12 | 00,023,064 | ---- | M] (Screaming Bee LLC) -- E:\WINDOWS\system32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER)
DRV - [2008/11/25 22:00:12 | 00,075,072 | ---- | M] (Avira GmbH) -- E:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2008/09/10 15:45:18 | 00,032,000 | ---- | M] (Apple, Inc.) -- E:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2008/09/05 23:21:38 | 00,717,296 | ---- | M] () -- E:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/09/01 04:09:43 | 00,011,376 | ---- | M] () -- E:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008/08/20 12:58:58 | 00,044,944 | ---- | M] (Sonic Solutions) -- E:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008/05/20 15:29:41 | 00,052,032 | ---- | M] (Avira GmbH) -- E:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt)
DRV - [2008/05/19 17:36:28 | 00,023,217 | ---- | M] (INCA Internet Co., Ltd.) -- E:\Nexon\MapleStory\npkcrypt.sys -- (npkcrypt)
DRV - [2008/04/17 12:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- E:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/03/11 03:25:00 | 06,593,376 | ---- | M] (NVIDIA Corporation) -- E:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007/12/28 01:43:04 | 00,218,496 | R--- | M] (Vimicro Corporation) -- E:\WINDOWS\system32\drivers\usbvm323.sys -- (ZSMC326)
DRV - [2007/03/01 09:34:22 | 00,028,352 | ---- | M] (Avira GmbH) -- E:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007/02/27 14:25:01 | 00,011,840 | ---- | M] (Avira GmbH) -- E:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio)
DRV - [2007/01/15 20:09:06 | 00,293,888 | R--- | M] (Analog Devices, Inc.) -- E:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2006/12/31 14:38:18 | 00,031,616 | ---- | M] () -- E:\WINDOWS\system32\drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm)
DRV - [2006/12/06 06:41:16 | 00,044,416 | ---- | M] (JMicron Technology Corp.) -- E:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2006/09/11 06:45:38 | 00,019,968 | R--- | M] (NVIDIA Corporation) -- E:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/09/11 06:45:36 | 00,057,856 | R--- | M] (NVIDIA Corporation) -- E:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/09/11 06:45:26 | 00,110,592 | R--- | M] (NVIDIA Corporation) -- E:\WINDOWS\system32\drivers\nvtcp.sys -- (NVTCP)
DRV - [2006/08/21 05:24:28 | 00,105,344 | ---- | M] (NVIDIA Corporation) -- E:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006/08/06 17:57:30 | 00,093,952 | R--- | M] (Andrea Electronics Corporation) -- E:\WINDOWS\system32\drivers\aeaudio.sys -- (AEAudio)
DRV - [2006/03/17 04:18:58 | 00,392,960 | R--- | M] (Sensaura) -- E:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2006/02/07 06:52:58 | 00,006,912 | R--- | M] (JMicron ) -- E:\WINDOWS\system32\DRIVERS\JGOGO.sys -- (JGOGO)
DRV - [2005/05/27 08:32:52 | 01,317,152 | ---- | M] () -- E:\WINDOWS\system32\drivers\lvcm.sys -- (QCMerced)
DRV - [2005/05/27 08:31:28 | 00,022,016 | ---- | M] (Logitech Inc.) -- E:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2004/10/27 14:21:36 | 00,138,240 | ---- | M] (Windows ® Server 2003 DDK provider) -- E:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/10/15 11:50:20 | 00,015,295 | ---- | M] (Brother Industries Ltd.) -- E:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)
DRV - [2004/08/12 21:56:20 | 00,005,810 | R--- | M] () -- E:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/08/03 22:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio)
DRV - [2004/08/03 21:59:52 | 00,040,320 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2001/08/23 12:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- E:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2001/08/17 12:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- E:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-790525478-1202660629-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = E:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-790525478-1202660629-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-790525478-1202660629-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://gunbound.ijji.com/
IE - HKU\S-1-5-21-790525478-1202660629-725345543-1003\S-1-5-21-790525478-1202660629-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig?hl=en"
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: E:\Documents and Settings\Patrick\Desktop\Program Files\Mozilla Firefox\components [2009/08/27 16:56:27 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: E:\Documents and Settings\Patrick\Desktop\Program Files\Mozilla Firefox\plugins [2009/05/28 01:16:50 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.17\extensions\\Components: E:\Program Files\Mozilla Thunderbird\components [2009/01/05 20:09:10 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.17\extensions\\Plugins: E:\Program Files\Mozilla Thunderbird\plugins

[2009/11/20 23:06:45 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\bbmypt18.default\extensions
[2009/05/14 22:05:21 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\bbmypt18.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
[2009/05/14 22:05:21 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\bbmypt18.default\extensions\{6dd0bdba-0a02-429e-b595-87a7dfdca7a1}
[2008/08/31 13:53:01 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\bbmypt18.default\extensions\{a8dd47cf-239f-48c4-8379-e6b4cbafdcfa}
[2008/08/31 23:51:52 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\bbmypt18.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009/01/24 00:51:18 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\bbmypt18.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2008/09/01 06:06:55 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\bbmypt18.default\extensions\joao_albertoni@hotmail.com
[2008/09/04 09:13:33 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\bbmypt18.default\extensions\SolidStateION@solidstatenetworks.com

O1 HOSTS File: (27 bytes) - E:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (QQToolbar) - {29CF293A-1E7D-4069-9E11-E39698D0AF95} - E:\Program Files\Tencent\QQToolbar\IEBar.dll File not found
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-790525478-1202660629-725345543-1003\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-790525478-1202660629-725345543-1003\..\Toolbar\WebBrowser: (no name) - {65F8A3D2-4C22-4A33-9633-73167EAEEC45} - No CLSID value found.
O4 - HKLM..\Run: [36X Raid Configurer] E:\WINDOWS\System32\JMRaidSetup.exe (JMicron Technology Corp.)
O4 - HKLM..\Run: [BrMfcWnd] E:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] E:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [IMJPMIG8.1] E:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IndexSearch] E:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [iTunesHelper] E:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [JMB36X IDE Setup] E:\WINDOWS\JM\JMInsIDE.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LogitechVideoRepair] E:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] E:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] E:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] E:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSPY2002] E:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PaperPort PTD] E:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PHIME2002A] E:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] E:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PPort11reminder] E:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [QuickTime Task] E:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] E:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] E:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Synchronization Manager] E:\WINDOWS\System32\mobsync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [UnlockerAssistant] E:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe ()
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] E:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] E:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-790525478-1202660629-725345543-1003..\Run: [CurseClient] E:\Program Files\Curse\CurseClient.exe ()
O4 - HKU\S-1-5-21-790525478-1202660629-725345543-1003..\Run: [Google Update] E:\Documents and Settings\Patrick\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\S-1-5-21-790525478-1202660629-725345543-1003..\Run: [LogitechSoftwareUpdate] E:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-790525478-1202660629-725345543-1003..\Run: [VeohPlugin] E:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - Startup: E:\Documents and Settings\HelpAssistant\Start Menu\Programs\Startup\Adobe Gamma.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: E:\Documents and Settings\HelpAssistant\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = E:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: E:\Documents and Settings\Patrick\Start Menu\Programs\Startup\Adobe Gamma.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: E:\Documents and Settings\Patrick\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = E:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-790525478-1202660629-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-790525478-1202660629-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-790525478-1202660629-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-790525478-1202660629-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-790525478-1202660629-725345543-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - E:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - E:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - E:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - E:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - E:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - E:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - E:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - E:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - E:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - E:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - E:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - E:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - E:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - E:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - E:\Program Files\SUPERAntiSpyware\SASWINLO.dll - E:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - E:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - E:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/21 10:35:51 | 00,528,896 | ---- | C] (OldTimer Tools) -- E:\Documents and Settings\Patrick\Desktop\OTL.exe
[2009/11/21 00:55:40 | 00,105,344 | ---- | C] (NVIDIA Corporation) -- E:\WINDOWS\System32\drivers\nvata.sys
[2009/11/21 00:55:39 | 00,105,344 | R--- | C] (NVIDIA Corporation) -- E:\WINDOWS\System32\drivers\nvata_2.sys
[2009/11/21 00:55:39 | 00,044,416 | R--- | C] (JMicron Technology Corp.) -- E:\WINDOWS\System32\drivers\jraid_2.sys
[2009/11/21 00:55:39 | 00,044,416 | ---- | C] (JMicron Technology Corp.) -- E:\WINDOWS\System32\drivers\jraid.sys
[2009/11/21 00:55:38 | 00,095,360 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\drivers\atapi.sys
[2009/11/21 00:54:45 | 00,000,000 | ---D | C] -- E:\ComboFix
[2009/11/21 00:52:34 | 12,747,737 | ---- | C] (Safer Networking Limited ) -- E:\Documents and Settings\Patrick\Desktop\spybotsd162(2).exe
[2009/11/21 00:52:32 | 13,564,281 | ---- | C] (Safer Networking Limited ) -- E:\Documents and Settings\Patrick\Desktop\spybotsd162(2).exe.part
[2009/11/21 00:41:42 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- E:\Documents and Settings\Patrick\Desktop\HiJackThis.exe
[2009/11/20 23:10:25 | 00,000,000 | RHSD | C] -- E:\cmdcons
[2009/11/20 23:07:58 | 00,212,480 | ---- | C] (SteelWerX) -- E:\WINDOWS\SWXCACLS.exe
[2009/11/20 23:07:58 | 00,161,792 | ---- | C] (SteelWerX) -- E:\WINDOWS\SWREG.exe
[2009/11/20 23:07:58 | 00,136,704 | ---- | C] (SteelWerX) -- E:\WINDOWS\SWSC.exe
[2009/11/20 23:07:58 | 00,031,232 | ---- | C] (NirSoft) -- E:\WINDOWS\NIRCMD.exe
[2009/11/20 23:05:20 | 00,000,000 | ---D | C] -- E:\Program Files\Unlocker
[2009/11/20 22:57:52 | 00,000,000 | ---D | C] -- E:\WINDOWS\ERDNT
[2009/11/20 22:57:17 | 00,000,000 | ---D | C] -- E:\Qoobox
[2009/11/20 22:49:47 | 07,917,177 | ---- | C] (Safer Networking Limited ) -- E:\Documents and Settings\Patrick\Desktop\spybotsd162.exe
[2009/11/20 22:49:42 | 02,274,965 | ---- | C] (Safer Networking Limited ) -- E:\Documents and Settings\Patrick\Desktop\spybotsd162.exe.part
[2009/11/20 22:01:53 | 00,050,688 | ---- | C] (Atribune.org) -- E:\Documents and Settings\Patrick\Desktop\ATF-Cleaner.exe
[2009/11/20 00:10:10 | 00,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/11/20 00:09:12 | 00,000,000 | ---D | C] -- E:\Program Files\SUPERAntiSpyware
[2009/11/20 00:09:12 | 00,000,000 | ---D | C] -- E:\Documents and Settings\Patrick\Application Data\SUPERAntiSpyware.com
[2009/11/19 23:12:25 | 00,149,456 | ---- | C] (PC Tools) -- E:\WINDOWS\SGDetectionTool.dll
[2009/11/19 23:12:24 | 01,636,304 | ---- | C] (Threat Expert Ltd.) -- E:\WINDOWS\PCTBDCore.dll
[2009/11/19 23:12:24 | 00,165,840 | ---- | C] (Threat Expert Ltd.) -- E:\WINDOWS\PCTBDRes.dll
[2009/11/19 23:11:49 | 00,229,304 | ---- | C] (PC Tools) -- E:\WINDOWS\System32\drivers\pctgntdi.sys
[2009/11/19 23:11:35 | 00,207,280 | ---- | C] (PC Tools) -- E:\WINDOWS\System32\drivers\PCTCore.sys
[2009/11/19 23:11:35 | 00,087,784 | ---- | C] (PC Tools) -- E:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2009/11/19 23:11:29 | 00,070,408 | ---- | C] (PC Tools) -- E:\WINDOWS\System32\drivers\pctplsg.sys
[2009/11/19 23:11:22 | 00,000,000 | ---D | C] -- E:\Program Files\Spyware Doctor
[2009/11/19 23:11:22 | 00,000,000 | ---D | C] -- E:\Documents and Settings\Patrick\Application Data\PC Tools
[2009/11/19 23:11:22 | 00,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\PC Tools
[2009/11/19 23:02:44 | 33,827,984 | ---- | C] (PC Tools ) -- E:\Documents and Settings\Patrick\Desktop\7.0.0.508f-sdrevenue-setup.exe
[2009/11/19 22:11:15 | 00,000,000 | ---D | C] -- E:\Documents and Settings\Patrick\Local Settings\Application Data\Threat Expert
[2009/11/19 21:33:04 | 34,102,344 | ---- | C] (PC Tools ) -- E:\Documents and Settings\Patrick\Desktop\sdsetup_aff.exe
[2009/11/19 20:06:19 | 00,361,666 | ---- | C] (RegNow.com) -- E:\Documents and Settings\Patrick\Desktop\Download_7.0.0.508i-sdregnow-setup(2).exe
[2009/11/19 20:04:48 | 00,361,666 | ---- | C] (RegNow.com) -- E:\Documents and Settings\Patrick\Desktop\Download_7.0.0.508i-sdregnow-setup.exe
[2009/11/19 18:59:22 | 00,000,000 | ---D | C] -- E:\Documents and Settings\Patrick\Desktop\backups
[2009/11/19 18:30:58 | 00,000,000 | ---D | C] -- E:\Documents and Settings\Patrick\Local Settings\Application Data\nmhwqg
[2009/11/11 23:08:04 | 00,000,000 | ---D | C] -- E:\Documents and Settings\Patrick\Desktop\Rawr v2.2.27
[2009/10/25 22:31:17 | 00,000,000 | ---D | C] -- E:\Program Files\Veoh Networks
[2009/10/25 22:30:56 | 00,000,000 | R--D | C] -- E:\Documents and Settings\Patrick\My Documents\My Videos
[2008/10/22 20:06:18 | 01,839,104 | ---- | C] (Parallel Divergence Software) -- E:\Program Files\jeopardy.exe
[8 E:\WINDOWS\System32\*.tmp files -> E:\WINDOWS\System32\*.tmp -> ]
[4 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/21 10:39:04 | 03,177,996 | ---- | M] () -- E:\Documents and Settings\Patrick\Desktop\SINO.exe.part
[2009/11/21 10:39:04 | 00,000,000 | ---- | M] () -- E:\Documents and Settings\Patrick\Desktop\SINO.exe
[2009/11/21 10:38:33 | 00,292,352 | ---- | M] () -- E:\Documents and Settings\Patrick\Desktop\8m55sd6t.exe
[2009/11/21 10:35:51 | 00,528,896 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\Patrick\Desktop\OTL.exe
[2009/11/21 10:32:34 | 00,002,048 | --S- | M] () -- E:\WINDOWS\bootstat.dat
[2009/11/21 10:28:43 | 00,001,742 | ---- | M] () -- E:\Documents and Settings\Patrick\Desktop\Trillian.lnk
[2009/11/21 10:26:57 | 00,000,006 | -H-- | M] () -- E:\WINDOWS\tasks\SA.DAT
[2009/11/21 01:08:55 | 00,000,227 | ---- | M] () -- E:\WINDOWS\system.ini
[2009/11/21 01:08:32 | 00,000,027 | ---- | M] () -- E:\WINDOWS\System32\drivers\etc\hosts
[2009/11/21 01:07:06 | 12,845,056 | ---- | M] () -- E:\Documents and Settings\Patrick\ntuser.dat
[2009/11/21 01:07:02 | 00,000,178 | -HS- | M] () -- E:\Documents and Settings\Patrick\ntuser.ini
[2009/11/21 00:54:52 | 12,747,737 | ---- | M] (Safer Networking Limited ) -- E:\Documents and Settings\Patrick\Desktop\spybotsd162(2).exe
[2009/11/21 00:53:37 | 13,564,281 | ---- | M] (Safer Networking Limited ) -- E:\Documents and Settings\Patrick\Desktop\spybotsd162(2).exe.part
[2009/11/21 00:41:42 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- E:\Documents and Settings\Patrick\Desktop\HiJackThis.exe
[2009/11/20 23:10:34 | 00,000,281 | RHS- | M] () -- E:\boot.ini
[2009/11/20 23:04:54 | 00,220,454 | ---- | M] () -- E:\Documents and Settings\Patrick\Desktop\unlocker1.8.8.exe
[2009/11/20 22:59:17 | 07,917,177 | ---- | M] (Safer Networking Limited ) -- E:\Documents and Settings\Patrick\Desktop\spybotsd162.exe
[2009/11/20 22:50:16 | 03,570,958 | R--- | M] () -- E:\Documents and Settings\Patrick\Desktop\ComboFix.exe
[2009/11/20 22:49:47 | 02,274,965 | ---- | M] (Safer Networking Limited ) -- E:\Documents and Settings\Patrick\Desktop\spybotsd162.exe.part
[2009/11/20 22:01:49 | 00,050,688 | ---- | M] (Atribune.org) -- E:\Documents and Settings\Patrick\Desktop\ATF-Cleaner.exe
[2009/11/20 19:22:55 | 00,000,751 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2009/11/20 07:35:14 | 42,215,0144 | ---- | M] () -- E:\WINDOWS\MEMORY.DMP
[2009/11/20 01:01:01 | 00,000,986 | ---- | M] () -- E:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1202660629-725345543-1003UA.job
[2009/11/20 00:09:18 | 00,000,780 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/11/20 00:08:21 | 07,375,392 | ---- | M] () -- E:\Documents and Settings\Patrick\Desktop\SUPERAntiSpyware.exe
[2009/11/19 23:48:41 | 00,001,637 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2009/11/19 23:40:44 | 00,000,582 | ---- | M] () -- E:\WINDOWS\win.ini
[2009/11/19 23:08:49 | 33,827,984 | ---- | M] (PC Tools ) -- E:\Documents and Settings\Patrick\Desktop\7.0.0.508f-sdrevenue-setup.exe
[2009/11/19 21:36:37 | 34,102,344 | ---- | M] (PC Tools ) -- E:\Documents and Settings\Patrick\Desktop\sdsetup_aff.exe
[2009/11/19 20:18:28 | 00,071,680 | ---- | M] () -- E:\Documents and Settings\Patrick\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/19 20:06:54 | 00,361,666 | ---- | M] (RegNow.com) -- E:\Documents and Settings\Patrick\Desktop\Download_7.0.0.508i-sdregnow-setup(2).exe
[2009/11/19 20:05:04 | 00,361,666 | ---- | M] (RegNow.com) -- E:\Documents and Settings\Patrick\Desktop\Download_7.0.0.508i-sdregnow-setup.exe
[2009/11/19 19:55:54 | 02,647,894 | -H-- | M] () -- E:\Documents and Settings\Patrick\Local Settings\Application Data\IconCache.db
[2009/11/19 18:55:14 | 00,262,656 | ---- | M] () -- E:\Documents and Settings\Patrick\Desktop\rkill.com
[2009/11/19 17:29:39 | 00,002,206 | ---- | M] () -- E:\WINDOWS\System32\wpa.dbl
[2009/11/18 10:01:00 | 00,000,934 | ---- | M] () -- E:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1202660629-725345543-1003Core.job
[2009/11/15 23:32:23 | 09,939,848 | ---- | M] () -- E:\Documents and Settings\Patrick\Desktop\Work copy.png
[2009/11/15 20:23:01 | 64,694,637 | ---- | M] () -- E:\Documents and Settings\Patrick\Desktop\Work.psd
[2009/11/15 18:59:52 | 10,388,617 | ---- | M] () -- E:\Documents and Settings\Patrick\Desktop\CCI11152009_00000.PNG
[2009/11/14 01:47:57 | 00,260,608 | ---- | M] () -- E:\WINDOWS\PEV.exe
[2009/11/14 00:16:13 | 00,012,655 | ---- | M] () -- E:\Documents and Settings\Patrick\Desktop\Highlyworks.xml
[2009/11/13 18:01:12 | 00,002,300 | ---- | M] () -- E:\Documents and Settings\Patrick\Desktop\Google Chrome.lnk
[2009/11/13 07:54:29 | 07,124,315 | ---- | M] () -- E:\Documents and Settings\Patrick\Desktop\Baby SusanPic.png
[2009/11/13 07:51:29 | 00,012,027 | ---- | M] () -- E:\Documents and Settings\Patrick\Desktop\Baby Susan.rtf
[2009/11/11 23:11:38 | 00,012,283 | ---- | M] () -- E:\Documents and Settings\Patrick\Desktop\High.xml
[2009/11/11 22:05:48 | 14,805,676 | ---- | M] () -- E:\Documents and Settings\Patrick\Desktop\Rawr v2.2.27.zip
[2009/11/03 21:14:16 | 00,060,404 | ---- | M] () -- E:\Documents and Settings\Patrick\Desktop\VarsityRoster.rtf
[2009/11/02 07:06:42 | 00,587,556 | ---- | M] () -- E:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/02 07:06:42 | 00,487,072 | ---- | M] () -- E:\WINDOWS\System32\perfh009.dat
[2009/11/02 07:06:42 | 00,089,012 | ---- | M] () -- E:\WINDOWS\System32\perfc009.dat
[2009/10/29 22:24:54 | 16,875,2628 | ---- | M] () -- E:\Documents and Settings\Patrick\Desktop\secret.girlfriend.s01e04.hdtv.xvid-fqm.flv
[2009/10/25 22:31:19 | 00,001,184 | ---- | M] () -- E:\Documents and Settings\Patrick\Desktop\Veoh.com.lnk
[2009/10/25 22:29:20 | 11,907,624 | ---- | M] () -- E:\Documents and Settings\Patrick\Desktop\VeohWebPlayerSetup_eng.exe
[2009/10/25 06:11:34 | 00,077,312 | ---- | M] () -- E:\WINDOWS\MBR.exe
[8 E:\WINDOWS\System32\*.tmp files -> E:\WINDOWS\System32\*.tmp -> ]
[4 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/21 10:39:04 | 00,000,000 | ---- | C] () -- E:\Documents and Settings\Patrick\Desktop\SINO.exe
[2009/11/21 10:39:00 | 02,630,592 | ---- | C] () -- E:\Documents and Settings\Patrick\Desktop\SINO.exe.part
[2009/11/21 10:38:44 | 00,292,352 | ---- | C] () -- E:\Documents and Settings\Patrick\Desktop\8m55sd6t.exe
[2009/11/20 23:10:34 | 00,000,210 | ---- | C] () -- E:\Boot.bak
[2009/11/20 23:10:29 | 00,260,272 | ---- | C] () -- E:\cmldr
[2009/11/20 23:07:58 | 00,260,608 | ---- | C] () -- E:\WINDOWS\PEV.exe
[2009/11/20 23:07:58 | 00,098,816 | ---- | C] () -- E:\WINDOWS\sed.exe
[2009/11/20 23:07:58 | 00,080,412 | ---- | C] () -- E:\WINDOWS\grep.exe
[2009/11/20 23:07:58 | 00,077,312 | ---- | C] () -- E:\WINDOWS\MBR.exe
[2009/11/20 23:07:58 | 00,068,096 | ---- | C] () -- E:\WINDOWS\zip.exe
[2009/11/20 23:04:51 | 00,220,454 | ---- | C] () -- E:\Documents and Settings\Patrick\Desktop\unlocker1.8.8.exe
[2009/11/20 22:49:59 | 03,570,958 | R--- | C] () -- E:\Documents and Settings\Patrick\Desktop\ComboFix.exe
[2009/11/20 00:09:18 | 00,000,780 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/11/20 00:07:46 | 07,375,392 | ---- | C] () -- E:\Documents and Settings\Patrick\Desktop\SUPERAntiSpyware.exe
[2009/11/19 23:48:41 | 00,001,637 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2009/11/19 23:12:25 | 00,767,952 | ---- | C] () -- E:\WINDOWS\BDTSupport.dll
[2009/11/19 23:12:25 | 00,000,882 | ---- | C] () -- E:\WINDOWS\RegSDImport.xml
[2009/11/19 23:12:25 | 00,000,880 | ---- | C] () -- E:\WINDOWS\RegISSImport.xml
[2009/11/19 23:12:25 | 00,000,131 | ---- | C] () -- E:\WINDOWS\IDB.zip
[2009/11/19 23:12:24 | 01,152,470 | ---- | C] () -- E:\WINDOWS\UDB.zip
[2009/11/19 23:11:49 | 00,007,387 | ---- | C] () -- E:\WINDOWS\System32\drivers\pctgntdi.cat
[2009/11/19 23:11:35 | 00,007,412 | ---- | C] () -- E:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2009/11/19 23:11:35 | 00,007,383 | ---- | C] () -- E:\WINDOWS\System32\drivers\pctcore.cat
[2009/11/19 23:11:29 | 00,007,383 | ---- | C] () -- E:\WINDOWS\System32\drivers\pctplsg.cat
[2009/11/19 18:55:16 | 00,262,656 | ---- | C] () -- E:\Documents and Settings\Patrick\Desktop\rkill.com
[2009/11/15 23:31:53 | 09,939,848 | ---- | C] () -- E:\Documents and Settings\Patrick\Desktop\Work copy.png
[2009/11/15 20:22:59 | 64,694,637 | ---- | C] () -- E:\Documents and Settings\Patrick\Desktop\Work.psd
[2009/11/15 18:59:51 | 10,388,617 | ---- | C] () -- E:\Documents and Settings\Patrick\Desktop\CCI11152009_00000.PNG
[2009/11/13 07:53:50 | 07,124,315 | ---- | C] () -- E:\Documents and Settings\Patrick\Desktop\Baby SusanPic.png
[2009/11/13 07:51:26 | 00,012,027 | ---- | C] () -- E:\Documents and Settings\Patrick\Desktop\Baby Susan.rtf
[2009/11/11 23:30:09 | 00,012,655 | ---- | C] () -- E:\Documents and Settings\Patrick\Desktop\Highlyworks.xml
[2009/11/11 23:11:36 | 00,012,283 | ---- | C] () -- E:\Documents and Settings\Patrick\Desktop\High.xml
[2009/11/11 22:03:43 | 14,805,676 | ---- | C] () -- E:\Documents and Settings\Patrick\Desktop\Rawr v2.2.27.zip
[2009/11/09 20:34:23 | 00,017,080 | ---- | C] () -- E:\Documents and Settings\Patrick\Desktop\Copy of Ch9Vocab.odt
[2009/11/05 00:11:43 | 12,845,056 | ---- | C] () -- E:\Documents and Settings\Patrick\ntuser.dat
[2009/11/03 21:14:21 | 00,060,404 | ---- | C] () -- E:\Documents and Settings\Patrick\Desktop\VarsityRoster.rtf
[2009/10/29 22:24:55 | 16,875,2628 | ---- | C] () -- E:\Documents and Settings\Patrick\Desktop\secret.girlfriend.s01e04.hdtv.xvid-fqm.flv
[2009/10/25 22:31:19 | 00,001,184 | ---- | C] () -- E:\Documents and Settings\Patrick\Desktop\Veoh.com.lnk
[2009/10/25 22:28:11 | 11,907,624 | ---- | C] () -- E:\Documents and Settings\Patrick\Desktop\VeohWebPlayerSetup_eng.exe
[2009/05/21 17:51:48 | 00,041,808 | ---- | C] () -- E:\WINDOWS\System32\xfcodec.dll
[2009/04/06 14:05:20 | 00,000,229 | ---- | C] () -- E:\WINDOWS\Brpfx04a.ini
[2009/04/06 14:05:20 | 00,000,093 | ---- | C] () -- E:\WINDOWS\brpcfx.ini
[2009/04/06 14:05:06 | 00,000,419 | ---- | C] () -- E:\WINDOWS\BRWMARK.INI
[2009/04/06 14:05:06 | 00,000,027 | ---- | C] () -- E:\WINDOWS\BRPP2KA.INI
[2009/04/06 14:02:53 | 00,031,567 | ---- | C] () -- E:\WINDOWS\maxlink.ini
[2009/04/06 00:42:55 | 00,031,616 | ---- | C] () -- E:\WINDOWS\System32\drivers\vrtaucbl.sys
[2009/04/01 00:23:17 | 00,000,069 | ---- | C] () -- E:\WINDOWS\NeroDigital.ini
[2008/11/06 22:36:50 | 00,000,130 | ---- | C] () -- E:\Documents and Settings\Patrick\Local Settings\Application Data\fusioncache.dat
[2008/11/06 21:54:27 | 00,022,328 | ---- | C] () -- E:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/11/06 21:54:27 | 00,022,328 | ---- | C] () -- E:\Documents and Settings\Patrick\Application Data\PnkBstrK.sys
[2008/09/25 21:00:05 | 00,009,255 | ---- | C] () -- E:\WINDOWS\System32\lvcoinst.ini
[2008/09/25 21:00:04 | 01,317,152 | ---- | C] () -- E:\WINDOWS\System32\drivers\lvcm.sys
[2008/09/24 19:13:39 | 00,237,568 | ---- | C] () -- E:\WINDOWS\System32\lame_enc.dll
[2008/09/16 18:09:41 | 00,000,024 | ---- | C] () -- E:\WINDOWS\System32\sysmwwod.dll
[2008/09/15 23:04:17 | 00,071,680 | ---- | C] () -- E:\Documents and Settings\Patrick\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/07 10:28:11 | 00,000,754 | ---- | C] () -- E:\WINDOWS\WORDPAD.INI
[2008/09/05 23:21:38 | 00,717,296 | ---- | C] () -- E:\WINDOWS\System32\drivers\sptd.sys
[2008/09/02 18:12:28 | 00,000,356 | ---- | C] () -- E:\WINDOWS\System32\CNCASv51.ini
[2008/09/02 18:12:24 | 00,000,599 | ---- | C] () -- E:\WINDOWS\System32\CNCMP51.INI
[2008/09/02 17:48:45 | 00,006,656 | ---- | C] () -- E:\WINDOWS\System32\CNMVSyf.DLL
[2008/08/31 12:45:39 | 00,088,944 | ---- | C] () -- E:\Documents and Settings\Patrick\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/08/31 12:38:33 | 00,000,804 | R--- | C] () -- E:\WINDOWS\System32\AsusSetup.ini
[2008/08/31 12:38:33 | 00,000,396 | R--- | C] () -- E:\WINDOWS\System32\raidmgmt.ini
[2008/08/31 12:26:49 | 00,033,860 | ---- | C] () -- E:\WINDOWS\Ascd_tmp.ini
[2008/08/31 12:26:49 | 00,005,810 | R--- | C] () -- E:\WINDOWS\System32\drivers\ASACPI.sys
[2008/08/31 12:26:42 | 00,010,288 | ---- | C] () -- E:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/08/31 07:17:54 | 02,647,894 | -H-- | C] () -- E:\Documents and Settings\Patrick\Local Settings\Application Data\IconCache.db
[2008/08/31 07:12:19 | 00,000,062 | -HS- | C] () -- E:\Documents and Settings\Patrick\Application Data\desktop.ini
[2008/08/31 02:58:26 | 00,000,062 | -HS- | C] () -- E:\Documents and Settings\All Users\Application Data\desktop.ini
[2008/03/11 03:25:00 | 01,703,936 | ---- | C] () -- E:\WINDOWS\System32\nvwdmcpl.dll
[2008/03/11 03:25:00 | 01,482,752 | ---- | C] () -- E:\WINDOWS\System32\nview.dll
[2008/03/11 03:25:00 | 01,019,904 | ---- | C] () -- E:\WINDOWS\System32\nvwimg.dll
[2008/03/11 03:25:00 | 00,466,944 | ---- | C] () -- E:\WINDOWS\System32\nvshell.dll
[2008/03/11 03:25:00 | 00,286,720 | ---- | C] () -- E:\WINDOWS\System32\nvnt4cpl.dll
[2006/07/02 21:37:12 | 00,030,808 | ---- | C] () -- E:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/07/02 21:37:10 | 00,026,489 | ---- | C] () -- E:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/19 19:21:28 | 00,029,779 | ---- | C] () -- E:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/19 19:21:28 | 00,026,040 | ---- | C] () -- E:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2004/08/03 23:56:44 | 00,162,487 | RHS- | C] () -- E:\WINDOWS\System32\qsalvif.dll
[2004/07/17 10:36:38 | 00,011,376 | ---- | C] () -- E:\WINDOWS\System32\drivers\secdrv.sys
[2001/08/23 12:00:00 | 00,000,582 | ---- | C] () -- E:\WINDOWS\win.ini
[2001/08/23 12:00:00 | 00,000,227 | ---- | C] () -- E:\WINDOWS\system.ini

========== LOP Check ==========

[2008/11/26 23:12:32 | 00,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Blizzard
[2009/08/19 15:41:39 | 00,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Blizzard Entertainment
[2009/05/28 01:16:50 | 00,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\ijjigame
[2008/12/20 08:10:49 | 00,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\PMB Files
[2009/07/18 12:09:35 | 00,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/10/15 20:25:47 | 00,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Screaming Bee
[2008/10/09 13:30:17 | 00,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Sony
[2009/11/20 22:20:00 | 00,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\TEMP
[2008/12/02 00:12:22 | 00,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Tencent
[2008/09/23 17:48:54 | 00,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/08/05 16:39:40 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Patrick\Application Data\Acreon
[2009/05/04 22:00:10 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Patrick\Application Data\Any Video Converter
[2009/01/17 18:22:47 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Patrick\Application Data\Canon
[2009/05/28 20:04:37 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Patrick\Application Data\com.raptr.Raptr.848BBC53270CAC248E8FA0F339176201CDEB525F.1
[2008/10/10 00:01:35 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Patrick\Application Data\Cool Record Edit Pro
[2008/09/05 23:21:37 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Patrick\Application Data\DAEMON Tools
[2009/03/31 19:48:18 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Patrick\Application Data\DeepBurner
[2009/02/09 22:54:27 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Patrick\Application Data\eMule
[2009/07/10 08:15:55 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Patrick\Application Data\Engineer
[2008/10/09 22:52:28 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Patrick\Application Data\Free Sound Recorder
[2009/11/19 20:07:33 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Patrick\Application Data\GetRightToGo
[2008/09/24 22:22:09 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Patrick\Application Data\gnupg
[2008/10/08 20:03:39 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Patrick\Application Data\Go2PCsoft
[2009/05/28 16:35:32 | 00,000,000 | -H-D | M] -- E:\Documents and Settings\Patrick\Application Data\ijjigame
[2009/09/27 12:50:30 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Patrick\Application Data\ImgBurn
[2009/04/06 18:11:42 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Patrick\Application Data\InfraRecorder
[2008/12/20 11:46:22 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Patrick\Application Data\Nexon
[2009/03/05 16:57:13 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Patrick\Application Data\OpenOffice.org
[2008/09/20 19:39:36 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Patrick\Application Data\Publish Providers
[2008/12/01 23:49:43 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Patrick\Application Data\QQ
[2008/12/02 21:40:11 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Patrick\Application Data\QQUpdate
[2009/05/28 20:04:25 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Patrick\Application Data\Raptr
[2008/12/30 12:27:05 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Patrick\Application Data\Rogue.140F0B534E676AD25491A378BD6D96164D40676E.1
[2009/10/15 20:25:19 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Patrick\Application Data\Screaming Bee
[2008/09/24 23:06:27 | 00,000,000 | RH-D | M] -- E:\Documents and Settings\Patrick\Application Data\SecuROM
[2008/11/05 20:32:08 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Patrick\Application Data\Sony
[2008/09/20 19:27:04 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Patrick\Application Data\Sony Setup
[2009/08/28 19:00:37 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Patrick\Application Data\TeamViewer
[2008/12/03 23:22:57 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Patrick\Application Data\Tencent
[2008/10/27 16:51:33 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Patrick\Application Data\Thunderbird
[2009/09/27 12:24:49 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Patrick\Application Data\uTorrent
[2008/09/10 08:42:06 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Patrick\Application Data\Vso
[2001/08/23 12:00:00 | 00,000,065 | RH-- | M] () -- E:\WINDOWS\Tasks\desktop.ini
[2009/11/21 10:26:57 | 00,000,006 | -H-- | M] () -- E:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 508 bytes -> E:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 158 bytes -> E:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 126 bytes -> E:\Documents and Settings\All Users\Application Data\TEMP:AC6124CA
@Alternate Data Stream - 114 bytes -> E:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 110 bytes -> E:\Documents and Settings\All Users\Application Data\TEMP:888AFB86
< End of report >




OTL Extras logfile created on: 11/21/2009 10:36:37 AM - Run 1
OTL by OldTimer - Version 3.1.6.1 Folder = E:\Documents and Settings\Patrick\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): E:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program Files
C: Drive not present or media not loaded
D: Drive not present or media not loaded
Drive E: | 931.50 Gb Total Space | 407.35 Gb Free Space | 43.73% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHANGCOR-3F77A4
Current User Name: Patrick
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SYSTEMROOT%\hh.exe" %1
.html [@ = FirefoxHTML] -- E:\Documents and Settings\Patrick\Desktop\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.txt [@ = txtfile] -- E:\WINDOWS\notepad.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "E:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "E:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- E:\DOCUME~1\PATRICK\DESKTOP\PROGRA~1\MOZILL~1\FIREFOX.EXE -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- E:\DOCUME~1\PATRICK\DESKTOP\PROGRA~1\MOZILL~1\FIREFOX.EXE -requestPending -osint -url "%1" (Mozilla Corporation)
jsfile [edit] -- "E:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- E:\WINDOWS\notepad.exe %1 (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "E:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "E:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "E:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "E:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"55793:TCP" = 55793:TCP:*:Disabled:SolidNetworkManager
"55793:UDP" = 55793:UDP:*:Disabled:SolidNetworkManager
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"58278:TCP" = 58278:TCP:*:Enabled:Pando Media Booster
"58278:UDP" = 58278:UDP:*:Enabled:Pando Media Booster
"2052:TCP" = 2052:TCP:*:Enabled:whcxl
"6881:TCP" = 6881:TCP:*:Enabled:Blizzard Downloader: 6881
"6882:TCP" = 6882:TCP:*:Enabled:Blizzard Downloader: 6882
"6883:TCP" = 6883:TCP:*:Enabled:Blizzard Downloader: 6883
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\NCSoft\Exteel\System\Exteel.exe" = C:\Program Files\NCSoft\Exteel\System\Exteel.exe:*:Enabled:Exteel -- File not found
"E:\Documents and Settings\Patrick\Desktop\Program Files\NCSoft\Exteel\System\Exteel.exe" = E:\Documents and Settings\Patrick\Desktop\Program Files\NCSoft\Exteel\System\Exteel.exe:*:Enabled:Exteel -- ()
"E:\Program Files\NCsoft\Exteel\System\Exteel.exe" = E:\Program Files\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel -- ()
"E:\Program Files\Windows Live\Messenger\msnmsgr.exe" = E:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"E:\Program Files\Windows Live\Messenger\livecall.exe" = E:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\WINDOWS\system32\usmt\migwiz.exe" = E:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)
"C:\Program Files\Trillian\trillian.exe" = C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian -- File not found
"E:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe" = E:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\Program Files\NCSoft\Exteel\System\Exteel.exe" = C:\Program Files\NCSoft\Exteel\System\Exteel.exe:*:Enabled:Exteel -- File not found
"E:\Documents and Settings\Patrick\Desktop\Program Files\Trillian\trillian.exe" = E:\Documents and Settings\Patrick\Desktop\Program Files\Trillian\trillian.exe:*:Enabled:Trillian -- (Cerulean Studios)
"E:\Documents and Settings\Patrick\Desktop\Program Files\NCSoft\Exteel\System\Exteel.exe" = E:\Documents and Settings\Patrick\Desktop\Program Files\NCSoft\Exteel\System\Exteel.exe:*:Enabled:Exteel -- ()
"E:\Program Files\Xfire\xfire.exe" = E:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire -- (Xfire Inc.)
"E:\Documents and Settings\Patrick\Desktop\WotLK-Beta-3.0.1-enUS-downloader.exe" = E:\Documents and Settings\Patrick\Desktop\WotLK-Beta-3.0.1-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"E:\Documents and Settings\Patrick\Desktop\WotLK-Beta-3.0.1-enUS-downloader(2).exe" = E:\Documents and Settings\Patrick\Desktop\WotLK-Beta-3.0.1-enUS-downloader(2).exe:*:Enabled:Blizzard Downloader -- File not found
"E:\WINDOWS\system32\dpvsetup.exe" = E:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"E:\Program Files\Steam\steamapps\highlyasian\team fortress 2\hl2.exe" = E:\Program Files\Steam\steamapps\highlyasian\team fortress 2\hl2.exe:*:Enabled:hl2 -- ()
"C:\ijji\ENGLISH\u_gbound.exe" = C:\ijji\ENGLISH\u_gbound.exe:*:Enabled:<ijji Downloader> -- File not found
"C:\ijji\ENGLISH\Gunbound Revolution\GunBound.gme" = C:\ijji\ENGLISH\Gunbound Revolution\GunBound.gme:*:Enabled:GunBound -- File not found
"E:\Program Files\alaplaya\S4League\S4Client.exe" = E:\Program Files\alaplaya\S4League\S4Client.exe:*:Enabled:Project S4 Client.exe -- ()
"E:\Program Files\uTorrent\uTorrent.exe" = E:\Program Files\uTorrent\uTorrent.exe:*:Enabled:Torrent -- (BitTorrent, Inc.)
"E:\Program Files\Steam\steamapps\dade89gt\half-life\hl.exe" = E:\Program Files\Steam\steamapps\dade89gt\half-life\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"E:\Program Files\Bonjour\mDNSResponder.exe" = E:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"E:\Program Files\iTunes\iTunes.exe" = E:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"E:\Program Files\Atari\AITD\Alone.exe" = E:\Program Files\Atari\AITD\Alone.exe:*:Enabled:Alone In The Dark -- (Eden Games)
"E:\Program Files\NCsoft\Exteel\System\Exteel.exe" = E:\Program Files\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel -- ()
"E:\Program Files\Steam\steamapps\dade89gt\source sdk base\hl2.exe" = E:\Program Files\Steam\steamapps\dade89gt\source sdk base\hl2.exe:*:Enabled:hl2 -- ()
"E:\Program Files\Steam\steamapps\dade89gt\counter-strike source\hl2.exe" = E:\Program Files\Steam\steamapps\dade89gt\counter-strike source\hl2.exe:*:Enabled:hl2 -- ()
"E:\Program Files\Steam\steamapps\awesomeracer\source sdk base\hl2.exe" = E:\Program Files\Steam\steamapps\awesomeracer\source sdk base\hl2.exe:*:Enabled:hl2 -- ()
"E:\Program Files\Steam\steamapps\highlyasian\source sdk base\hl2.exe" = E:\Program Files\Steam\steamapps\highlyasian\source sdk base\hl2.exe:*:Enabled:hl2 -- ()
"E:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = E:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"E:\Program Files\Windows Live\Messenger\msnmsgr.exe" = E:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"E:\Program Files\Windows Live\Messenger\livecall.exe" = E:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
"E:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe" = E:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice -- (Microsoft Corporation)
"E:\ijji\ENGLISH\u_gbound.exe" = E:\ijji\ENGLISH\u_gbound.exe:*:Enabled:<ijji Downloader> -- (NHN USA inc.)
"E:\Documents and Settings\Patrick\Desktop\SRO_Full-Client_Downloader.exe" = E:\Documents and Settings\Patrick\Desktop\SRO_Full-Client_Downloader.exe:*:Enabled:Full-Client Downloader -- File not found
"E:\Program Files\Live Desktop\LiveDesktop.exe" = E:\Program Files\Live Desktop\LiveDesktop.exe:*:Enabled:Live Desktop -- (RemoteMsn.com)
"E:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe" = E:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32 -- (Crytek GmbH)
"E:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe" = E:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32 -- (Crytek GmbH)
"E:\WINDOWS\system32\PnkBstrA.exe" = E:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()
"E:\WINDOWS\system32\PnkBstrB.exe" = E:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()
"E:\Grand Chase\main.exe" = E:\Grand Chase\main.exe:*:Enabled:GrandChase -- ()
"E:\Documents and Settings\Patrick\Desktop\GunboundRV_setup.exe" = E:\Documents and Settings\Patrick\Desktop\GunboundRV_setup.exe:*:Enabled:<ijji Downloader> -- File not found
"E:\Program Files\Tencent\QQ\QQ.exe" = E:\Program Files\Tencent\QQ\QQ.exe:*:Enabled:QQ -- (TENCENT)
"E:\Program Files\Tencent\QQDownload\QQDownload.exe" = E:\Program Files\Tencent\QQDownload\QQDownload.exe:*:Enabled: -- (Tencent Technology (Shenzhen) Company Limited)
"E:\Program Files\Tencent\QQDownload\QDAutoUpdate.exe" = E:\Program Files\Tencent\QQDownload\QDAutoUpdate.exe:*:Enabled:AutoUpdate Module -- (Tencent Technology (Shenzhen) Company Limited)
"E:\Program Files\Tencent\QQDownload\QQDeskUpdate.exe" = E:\Program Files\Tencent\QQDownload\QQDeskUpdate.exe:*:Enabled:QQDeskUpdate -- ()
"E:\Program Files\Tencent\QQ\QQUpdateCenter.exe" = E:\Program Files\Tencent\QQ\QQUpdateCenter.exe:*:Enabled:QQUpdate -- ()
"E:\Program Files\Tencent\QQ2009\Bin\QQ.exe" = E:\Program Files\Tencent\QQ2009\Bin\QQ.exe:*:Enabled:QQ2009 -- (Tencent)
"E:\Program Files\Pando Networks\Media Booster\PMB.exe" = E:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"E:\Program Files\Warcraft III Demo\War3Demo.exe" = E:\Program Files\Warcraft III Demo\War3Demo.exe:*:Enabled:Warcraft III Demo -- (Blizzard Entertainment)
"E:\Documents and Settings\Patrick\Local Settings\Temp\Blizzard Launcher Temporary - 25ff3be0\Launcher.exe" = E:\Documents and Settings\Patrick\Local Settings\Temp\Blizzard Launcher Temporary - 25ff3be0\Launcher.exe:*:Enabled:Blizzard Launcher -- File not found
"E:\Program Files\Skype\Phone\Skype.exe" = E:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"E:\Program Files\eMule\emule.exe" = E:\Program Files\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)
"E:\Documents and Settings\Patrick\Local Settings\Temp\Blizzard Launcher Temporary - 73292bb0\Launcher.exe" = E:\Documents and Settings\Patrick\Local Settings\Temp\Blizzard Launcher Temporary - 73292bb0\Launcher.exe:*:Enabled:Blizzard Launcher -- File not found
"E:\Program Files\World of Warcraft\Launcher.exe" = E:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"E:\Program Files\VentSrv\ventrilo_srv.exe" = E:\Program Files\VentSrv\ventrilo_srv.exe:*:Enabled:ventrilo_srv -- ()
"E:\Program Files\World of Warcraft\BackgroundDownloader.exe" = E:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"E:\Documents and Settings\Patrick\temp\TeamViewer\Version4\TeamViewer.exe" = E:\Documents and Settings\Patrick\temp\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application -- (TeamViewer GmbH)
"E:\Program Files\TeamViewer\Version4\TeamViewer.exe" = E:\Program Files\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application -- (TeamViewer GmbH)
"E:\Program Files\Raptr\Raptr.exe" = E:\Program Files\Raptr\Raptr.exe:*:Enabled:Raptr Client -- ()
"E:\Program Files\Curse\CurseClient.exe" = E:\Program Files\Curse\CurseClient.exe:*:Enabled:Curse Client -- ()
"E:\ijji\ENGLISH\Gunbound Revolution\GunBound.gme" = E:\ijji\ENGLISH\Gunbound Revolution\GunBound.gme:*:Enabled:GunBound -- (Softnyx)
"E:\Program Files\World of Warcraft\WoW-3.1.2.9901-to-3.1.3.9947-enUS-downloader.exe" = E:\Program Files\World of Warcraft\WoW-3.1.2.9901-to-3.1.3.9947-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"E:\Program Files\Microsoft Games\Halo Server\haloded.exe" = E:\Program Files\Microsoft Games\Halo Server\haloded.exe:*:Enabled:Halo -- (Microsoft Corporation)
"E:\Program Files\Microsoft Games\Halo Trial\halo.exe" = E:\Program Files\Microsoft Games\Halo Trial\halo.exe:*:Enabled:Halo -- (Microsoft Corporation)
"E:\World of Warcraft Public Test\World of Warcraft Public Test\WoW-0.2.0.10026-to-0.2.0.10048-enUS-downloader.exe" = E:\World of Warcraft Public Test\World of Warcraft Public Test\WoW-0.2.0.10026-to-0.2.0.10048-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"E:\World of Warcraft Public Test\World of Warcraft Public Test\Launcher.exe" = E:\World of Warcraft Public Test\World of Warcraft Public Test\Launcher.exe:*:Enabled:Blizzard Launcher -- File not found
"E:\Program Files\World of Warcraft Public Test\Launcher.exe" = E:\Program Files\World of Warcraft Public Test\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"E:\Program Files\World of Warcraft Public Test\WoW-0.2.0.10026-to-0.2.0.10048-enUS-downloader.exe" = E:\Program Files\World of Warcraft Public Test\WoW-0.2.0.10026-to-0.2.0.10048-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"E:\Program Files\World of Warcraft Public Test\World of Warcraft Public Test\Launcher.exe" = E:\Program Files\World of Warcraft Public Test\World of Warcraft Public Test\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"E:\Program Files\World of Warcraft Public Test\World of Warcraft Public Test\WoW-0.2.0.10026-to-0.2.0.10048-enUS-downloader.exe" = E:\Program Files\World of Warcraft Public Test\World of Warcraft Public Test\WoW-0.2.0.10026-to-0.2.0.10048-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"E:\Program Files\World of Warcraft Public Test\World of Warcraft Public Test\WoW-0.2.0.10048-to-0.2.0.10072-enUS-downloader.exe" = E:\Program Files\World of Warcraft Public Test\World of Warcraft Public Test\WoW-0.2.0.10048-to-0.2.0.10072-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"E:\Program Files\World of Warcraft Public Test\World of Warcraft Public Test\WoW-0.2.0.10072-to-0.2.0.10083-enUS-downloader.exe" = E:\Program Files\World of Warcraft Public Test\World of Warcraft Public Test\WoW-0.2.0.10072-to-0.2.0.10083-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"E:\Program Files\World of Warcraft Public Test\World of Warcraft Public Test\wow-0.2.0.10083-to-0.2.0.10116-enUS-downloader.exe" = E:\Program Files\World of Warcraft Public Test\World of Warcraft Public Test\wow-0.2.0.10083-to-0.2.0.10116-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"E:\Program Files\World of Warcraft Public Test\World of Warcraft Public Test\WoW-0.2.0.10116-to-0.2.0.10128-enUS-downloader.exe" = E:\Program Files\World of Warcraft Public Test\World of Warcraft Public Test\WoW-0.2.0.10116-to-0.2.0.10128-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"E:\Program Files\World of Warcraft Public Test\WoW-0.2.0.10048-to-0.2.0.10072-enUS-downloader.exe" = E:\Program Files\World of Warcraft Public Test\WoW-0.2.0.10048-to-0.2.0.10072-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"E:\Program Files\World of Warcraft Public Test\WoW-0.2.0.10072-to-0.2.0.10083-enUS-downloader.exe" = E:\Program Files\World of Warcraft Public Test\WoW-0.2.0.10072-to-0.2.0.10083-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"E:\Program Files\World of Warcraft Public Test\World of Warcraft Public Test\WoW-0.2.0.10128-to-0.2.0.10147-enUS-downloader.exe" = E:\Program Files\World of Warcraft Public Test\World of Warcraft Public Test\WoW-0.2.0.10128-to-0.2.0.10147-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"E:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe" = E:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"E:\Program Files\World of Warcraft Public Test\World of Warcraft Public Test\WoW-0.2.0.10147-to-0.2.0.10170-enUS-downloader.exe" = E:\Program Files\World of Warcraft Public Test\World of Warcraft Public Test\WoW-0.2.0.10147-to-0.2.0.10170-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"E:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe" = E:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"E:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe" = E:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"E:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe" = E:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"E:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = E:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- (Veoh Networks)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis®
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}" = Tencent QQ2009
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{0C2AF762-0565-4C91-9F55-B8B53BB82A38}" = Microsoft Office Accounting 2008 Equifax Addin
"{0F31532A-16F1-4812-8B7B-D321A4CE91A6}" = Sony Vegas Pro 8.0
"{10C6EB34-4423-4DBA-AECA-76540029FF83}" = MorphVOX Pro
"{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0
"{1D46A3A0-B37D-423A-91C2-101A49E2FF80}" = Ventrilo Server
"{1DCC7418-2089-4BDD-B321-3771956160FC}" = ijji Auto Installer
"{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{270940EA-C235-40D9-B2AE-2D450356DF8E}" = Microsoft Office Accounting 2008
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2ADE2157-7A5E-122C-B51D-EB8A01B15943}" = DeepBurner v1.9.0.228
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2DD388FF-6422-43C9-86A1-C7A99C83E946}" = ASUS nVidia Driver
"{300A2961-B2B5-4889-9CB9-5C2A570D08AD}" = Debugging Tools for Windows (x86)
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A08B59E-A9F0-4F4D-B7E5-6875D7F13327}" = Brother MFL-Pro Suite MFC-290C
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer
"{41B9E2CF-0B3F-442A-B5B3-592A4A355634}" = iTunes
"{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{58F8C6D9-5B55-486A-A322-4E8D87670031}" = Canon MP Drivers
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype 3.8
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = PlayNC Launcher
"{5FA793A6-0071-42C1-9355-8F69A428C44F}" = Microsoft Office Accounting ADP Payroll Addin
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD®
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7A512A34-F4E8-43C4-BD80-43A022B31BF6}" = MapleStory
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{7B54248A-DC15-414B-A0ED-C5769FB151CB}" = NIMOCARD
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation
"{7F9129B6-C438-4CCB-80CB-A97E9F3B6B8C}" = Taksi Desktop Video Recorder v0.765
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8AB8D458-939E-403F-0097-9BA1C1F013D5}" = The Sims 2
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{93070872-9FC0-40DC-A0B4-153D4739D1E4}" = Multi-jmk Smartpad
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AA9768AA-FF0B-4C66-A085-31E934F77841}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP1
"{B391EECE-DFEA-4FC5-9D40-47FA43E2DBE6}" = Microsoft Office Accounting 2008 PayPal Addin
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims 3
"{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logitech QuickCam Software
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D99223D4-1F48-47BD-ADFD-D43C91CDFD00}" = S4 League
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = The Sims 2 Seasons
"{E3DF6916-2472-43D9-8B3C-9F2F0AAB01B5}" = Microsoft Office Accounting 2008 Fixed Asset Manager
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E905C356-97DE-44BB-0093-5CC49DD1E9D3}" = The Sims 2 University
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = The Sims 2 Nightlife
"{F9831B39-277F-4F53-BFB0-12DC90C4CB40}" = Requiem
"" = 1.9.242.202
"7-Zip" = 7-Zip 4.62
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Alone In The Dark_is1" = Alone In The Dark
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
"Any Video Converter_is1" = Any Video Converter 2.7.3
"Burn My Files_is1" = Burn My Files
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP1
"CABAL Online_is1" = CABAL Online
"CamStudio" = CamStudio
"CCleaner" = CCleaner (remove only)
"CEP - Colour Enable Packages_is1" = CEP (Color Enable Package) v.9.2 (beta)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-01-24
"Crysis WARHEAD®" = Crysis WARHEAD®
"CurseClient" = Curse Client
"DJ Music Mixer" = DJ Music Mixer
"DVD Flick_is1" = DVD Flick
"eMule" = eMule
"Fraps" = Fraps (remove only)
"FREE Hi-Q Recorder_is1" = FREE Hi-Q Recorder 1.92
"Free Mp3/Wma/Ogg Converter_is1" = Free Mp3/Wma/Ogg Converter 4.0.1
"Free Registry Fix" = Free Registry Fix 5.0
"Free RM to AVI Converter Splitter_is1" = Free RM to AVI Converter Splitter v2.0
"Free Sound Recorder" = Free Sound Recorder
"Gadwin PrintScreen" = Gadwin PrintScreen
"GOM Player" = GOM Player
"Grand Chase" = Grand Chase
"Guild Wars" = Guild Wars
"Gunbound Revolution_is1" = Gunbound Revolution
"Halo Server" = Halo Server
"Halo Trial" = Microsoft Halo Trial
"HijackThis" = HijackThis 2.0.2
"ImgBurn" = ImgBurn
"InfraRecorder" = InfraRecorder
"InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"InstallShield_{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"Live Desktop Pro_is1" = Live Desktop Pro 3.20
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0
"Microsoft Office Accounting 2008" = Microsoft Office Accounting 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (2.0.0.20)" = Mozilla Firefox (2.0.0.20)
"Mozilla Thunderbird (2.0.0.17)" = Mozilla Thunderbird (2.0.0.17)
"MP3 WAV WMA Converter" = MP3 WAV WMA Converter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero7Lite_is1" = Nero 7 Micro 7.11.10.0
"NVIDIA Drivers" = NVIDIA Drivers
"Pocket Tanks_is1" = Pocket Tanks v1.3
"PROR" = Microsoft Office Professional 2007 Trial
"PunkBusterSvc" = PunkBuster Services
"QcDrv" = Logitech Camera Driver
"QQ2008ʽ" = QQ2008 ʽ
"QQϷ" = QQϷ
"QQToolbar" = QQ工具栏
"Raptr" = Raptr
"RealAlt_is1" = Real Alternative 1.9.0
"Rogue" = Rogue
"RumbleFighter" = Rumble Fighter
"Silkroad" = Silkroad
"Spyware Doctor" = Spyware Doctor 7.0
"ST6UNST #1" = Wallpaper Positioner
"Steam App 215" = Source SDK Base
"Steam App 220" = Half-Life 2
"Steam App 240" = Counter-Strike: Source
"Steam App 400" = Portal
"Steam App 440" = Team Fortress 2
"Steam App 70" = Half-Life
"TeamViewer 4" = TeamViewer 4
"Tile Print_is1" = Tile Print Version 3
"Unlocker" = Unlocker 1.8.8
"Video Enhancer_is1" = Video Enhancer 1.9.2
"Virtual Audio Cable 4.04" = Virtual Audio Cable 4.04
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"Wrath of the Lich King Beta" = Wrath of the Lich King Beta
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire" = Xfire (remove only)
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-790525478-1202660629-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"ijji.com" = ijji
"NCsoft-Exteel" = Exteel
"uTorrent" = Torrent
"Warcraft III Demo" = Warcraft III Demo

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/20/2009 9:22:18 PM | Computer Name = CHANGCOR-3F77A4 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 11/20/2009 9:22:19 PM | Computer Name = CHANGCOR-3F77A4 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 11/20/2009 9:22:19 PM | Computer Name = CHANGCOR-3F77A4 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 11/20/2009 10:00:36 PM | Computer Name = CHANGCOR-3F77A4 | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.8.20081.21709, faulting
module msvcrt.dll, version 7.0.2600.2180, fault address 0x00036fa3.

Error - 11/20/2009 10:24:56 PM | Computer Name = CHANGCOR-3F77A4 | Source = Avira AntiVir | ID = 4122
Description = Unable to load file AVPREF.DLL. Returned error code: 1114

Error - 11/20/2009 10:33:36 PM | Computer Name = CHANGCOR-3F77A4 | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.8.20081.21709, faulting
module msvcrt.dll, version 7.0.2600.2180, fault address 0x000372e3.

Error - 11/20/2009 11:19:57 PM | Computer Name = CHANGCOR-3F77A4 | Source = Avira AntiVir | ID = 4122
Description = Unable to load file AVPREF.DLL. Returned error code: 1114

Error - 11/20/2009 11:59:14 PM | Computer Name = CHANGCOR-3F77A4 | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.8.20081.21709, faulting
module msvcrt.dll, version 7.0.2600.2180, fault address 0x000372e3.

Error - 11/21/2009 2:08:11 AM | Computer Name = CHANGCOR-3F77A4 | Source = Avira AntiVir | ID = 4122
Description = Unable to load file AVPREF.DLL. Returned error code: 1114

Error - 11/21/2009 11:26:58 AM | Computer Name = CHANGCOR-3F77A4 | Source = Avira AntiVir | ID = 4122
Description = Unable to load file AVPREF.DLL. Returned error code: 1114

[ System Events ]
Error - 11/21/2009 11:27:13 AM | Computer Name = CHANGCOR-3F77A4 | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126

Error - 11/21/2009 11:27:13 AM | Computer Name = CHANGCOR-3F77A4 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
PCIIde

Error - 11/21/2009 11:27:15 AM | Computer Name = CHANGCOR-3F77A4 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 11/21/2009 11:27:17 AM | Computer Name = CHANGCOR-3F77A4 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 11/21/2009 11:27:18 AM | Computer Name = CHANGCOR-3F77A4 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 11/21/2009 11:27:29 AM | Computer Name = CHANGCOR-3F77A4 | Source = RemoteAccess | ID = 20106
Description = Unable to add the interface {3A4674F1-3144-4C5D-865A-E44954444B8C}
with the Router Manager for the IP protocol. The following error occurred: Cannot
complete this function.

Error - 11/21/2009 11:28:02 AM | Computer Name = CHANGCOR-3F77A4 | Source = System Error | ID = 1003
Description = Error code 000000ea, parameter1 88d9f4a0, parameter2 8a316578, parameter3
8a2f80a8, parameter4 00000001.

Error - 11/21/2009 11:28:08 AM | Computer Name = CHANGCOR-3F77A4 | Source = System Error | ID = 1003
Description = Error code 1000007f, parameter1 00000008, parameter2 80042000, parameter3
00000000, parameter4 00000000.

Error - 11/21/2009 11:33:00 AM | Computer Name = CHANGCOR-3F77A4 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 11/21/2009 11:34:11 AM | Computer Name = CHANGCOR-3F77A4 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
avgio avipbb Fips PCIIde Processor SASDIFSV SASKUTIL ssmdrv


< End of report >




GMER 1.0.15.15252 - http://www.gmer.net
Rootkit scan 2009-11-21 11:32:50
Windows 5.1.2600 Service Pack 2
Running: 8m55sd6t.exe; Driver: E:\DOCUME~1\Patrick\LOCALS~1\Temp\fgrdrkog.sys


---- System - GMER 1.0.15 ----

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xBAF0DE22]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xBAEEECDC]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xBAEEEECE]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xBAF0E610]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xBAF0E8C4]
SSDT spax.sys ZwEnumerateKey [0xF74F5CA2]
SSDT spax.sys ZwEnumerateValueKey [0xF74F6030]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xBAF0CB14]
SSDT spax.sys ZwQueryKey [0xF74F6108]
SSDT spax.sys ZwQueryValueKey [0xF74F5F88]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xBAF0ED30]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xBAF0E0E2]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xBAEEE982]

INT 0x63 ? 8ACBFBF8
INT 0x73 ? 8ACBFBF8
INT 0x83 ? 8ACBFBF8
INT 0xB4 ? 8AC51BF8

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution + 17A 804E49B4 4 Bytes CALL EF1504A9
.text ntoskrnl.exe!ZwYieldExecution + 47A 804E4CB4 4 Bytes JMP C63F07A7
? spax.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload BACFE62C 5 Bytes JMP 8A7684E0
.text ak0qmwuv.SYS BAC8A386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text ak0qmwuv.SYS BAC8A3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text ak0qmwuv.SYS BAC8A3C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text ak0qmwuv.SYS BAC8A3C9 1 Byte [2E]
.text ak0qmwuv.SYS BAC8A3C9 11 Bytes [2E, 00, 00, 00, 5A, 02, 00, ...]
.text ...

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8AC512D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F7508C4C] spax.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7508CA0] spax.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74D8040] spax.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74D813C] spax.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74D80BE] spax.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74D87FC] spax.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74D86D2] spax.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F74E8048] spax.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8A7685E0
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!RtlInitUnicodeString] 2296E852
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!swprintf] 478B0000
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!KeSetEvent] 50016A40
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 1CAC8E8D
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!IoGetConfigurationInformation] E8510000
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 00002284
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!MmFreeMappingAddress] 6A18538B
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 868D5200
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 00001C98
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!MmUnmapIoSpace] 2272E850
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 4B8B0000
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!IofCompleteRequest] 51016A18
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!RtlCompareUnicodeString] 1CB4968D
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!IofCallDriver] E8520000
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 00002260
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] 8A05478A
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!IoConnectInterrupt] 001CBB8E
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!IoDetachDevice] 30C48300
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!KeWaitForSingleObject] 1CBD8688
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!KeInitializeEvent] 80E90000
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] C6000000
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!RtlInitAnsiString] 001CBB86
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] 438B0100
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!IoQueueWorkItem] 8E8D5018
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!MmMapIoSpace] 00001C90
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 2232E851
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!IoReportDetectedDevice] 538B0000
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!IoReportResourceForDetection] 52016A18
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 1CAC868D
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!NlsMbCodePageTag] E8500000
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!PoRequestPowerIrp] 00002220
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 8A05478A
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 001CBB8E
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!sprintf] 18C48300
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 1CBD8688
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!ObfDereferenceObject] 43EB0000
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 320C538A
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 88F93BC0
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!ZwClose] 001CBB96
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] F6317300
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 74070647
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 75C0841A
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 05578A0B
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!PoCallDriver] 968801B0
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!IoCreateDevice] 00001CBD
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 57B60F66
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 533B6604
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!ZwOpenKey] 03087408
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!RtlFreeUnicodeString] 72F93B3F
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!IoStartTimer] 8A09EBDA
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!KeInitializeTimer] 86880547
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!IoInitializeTimer] 00001CBD
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!KeInitializeDpc] 88084B8A
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!KeInitializeSpinLock] 001CBE8E
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!IoInitializeIrp] 40578B00
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!ZwCreateKey] 8D52006A
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 001CC086
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] B1E85000
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!ZwSetValueKey] 8B000021
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!KeInsertQueueDpc] 001CB88E
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] BC968B00
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!IoStartPacket] 8900001C
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 001CC48E
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] C8968900
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!IoFreeMdl] 8B00001C
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!MmUnlockPages] 016A4047
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] CCC68150
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 5600001C
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 002187E8
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 18C48300
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!KeSynchronizeExecution] 5D5B5E5F
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!IoStartNextPacket] CCCCCCC3
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!KeBugCheckEx] CCCCCCCC
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] CCCCCCCC
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!KeSetTimer] CCCCCCCC
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!KeCancelTimer] 8BEC8B55
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!_allmul] 00C73445
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!MmProbeAndLockPages] 00000000
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!_except_handler3] 830C458B
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!PoSetPowerState] C0840CEC
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 053C0D74
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 57B80974
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!_aulldiv] 8B000000
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!strstr] 56C35DE5
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!_strupr] 8D08758B
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!KeQuerySystemTime] 8D51FC4D
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 8D52FD55
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!KeTickCount] 8D51FE4D
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 8D52FF55
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!IoDeleteDevice] 8D51F84D
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 5052F455
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!IoAllocateWorkItem] EACAE856
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!IoAllocateIrp] C483FFFF
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!IoAllocateMdl] 0FC08520
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 0001B185
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!MmLockPagableDataSection] 46B70F00
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] F44D8B48
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] C1815753
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!ExFreePoolWithTag] 00002590
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!IoFreeIrp] 467C8D51
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!IoFreeWorkItem] 76F6E84A
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!InitSafeBootMode] D88BFFFF
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!RtlCompareMemory] 8504C483
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 5F0A75DB
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!memmove] 5B08438D
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[ntoskrnl.exe!MmHighestUserAddress] 5DE58B5E
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[HAL.dll!KfAcquireSpinLock] 4B8BDF8B
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[HAL.dll!READ_PORT_UCHAR] 8D3F0304
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[HAL.dll!KeGetCurrentIrql] CB033043
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[HAL.dll!KfRaiseIrql] 0673C13B
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[HAL.dll!KfLowerIrql] C13B0003
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[HAL.dll!HalGetInterruptVector] 8366FA72
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[HAL.dll!HalTranslateBusAddress] 75000E7B
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[HAL.dll!KeStallExecutionProcessor] 0B7D80E3
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[HAL.dll!KfReleaseSpinLock] 307B8D00
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 00AA840F
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[HAL.dll!READ_PORT_USHORT] 83660000
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 6A000E7A
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[HAL.dll!WRITE_PORT_UCHAR] C6647400
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[WMILIB.SYS!WmiSystemControl] 4F8B0200
IAT \SystemRoot\System32\Drivers\ak0qmwuv.SYS[WMILIB.SYS!WmiCompleteRequest] 968D5140

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8AC4C1F8
Device \Driver\usbohci \Device\USBPDO-0 8AAE0500
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8ACC01F8
Device \Driver\dmio \Device\DmControl\DmConfig 8ACC01F8
Device \Driver\dmio \Device\DmControl\DmPnP 8ACC01F8
Device \Driver\dmio \Device\DmControl\DmInfo 8ACC01F8
Device \Driver\usbehci \Device\USBPDO-1 8AAD31F8
Device \Driver\PCI_PNP1326 \Device\00000055 spax.sys
Device \Driver\PCI_PNP1326 \Device\00000055 spax.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 8AC4F1F8
Device \Driver\sptd \Device\2057696326 spax.sys
Device \Driver\Cdrom \Device\CdRom0 8AAE91F8
Device \Driver\usbstor \Device\00000081 8A747500
Device \Driver\nvata \Device\00000075 8ACBF1F8
Device \Driver\usbstor \Device\00000083 8A747500
Device \Driver\usbstor \Device\00000085 8A747500
Device \Driver\PCTCore \Device\PCTCoreDevice 8AA17F30
Device \Driver\usbohci \Device\USBFDO-0 8AAE0500
Device \Driver\usbehci \Device\USBFDO-1 8AAD31F8
Device \Driver\nvata \Device\NvAta0 8ACBF1F8
Device \Driver\nvata \Device\NvAta1 8ACBF1F8
Device \Driver\nvata \Device\NvAta2 8ACBF1F8
Device \Driver\Ftdisk \Device\FtControl 8AC4F1F8
Device \Driver\usbstor \Device\0000007e 8A747500
Device \Driver\ak0qmwuv \Device\Scsi\ak0qmwuv1Port4Path0Target0Lun0 8A7791F8
Device \Driver\ak0qmwuv \Device\Scsi\ak0qmwuv1 8A7791F8
Device \Driver\JRAID \Device\Scsi\JRAID1 8AC4D1F8
Device \FileSystem\Cdfs \Cdfs 8A9E0500

---- Threads - GMER 1.0.15 ----

Thread System [4:232] 8A9F8D9D

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 E:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF2 0x9E 0x80 0xC9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xFD 0x36 0xCB 0xE1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x28 0xCF 0xBE 0x10 ...
Reg HKLM\SYSTEM\ControlSet002\Services\ctvuaz@DisplayName Security Windows
Reg HKLM\SYSTEM\ControlSet002\Services\ctvuaz@Type 32
Reg HKLM\SYSTEM\ControlSet002\Services\ctvuaz@Start 2
Reg HKLM\SYSTEM\ControlSet002\Services\ctvuaz@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\Services\ctvuaz@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet002\Services\ctvuaz@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet002\Services\ctvuaz@Description Offers routing services to businesses in local area and wide area network environments.
Reg HKLM\SYSTEM\ControlSet002\Services\ctvuaz\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\ctvuaz\Parameters@ServiceDll E:\WINDOWS\system32\qsalvif.dll
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 E:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF2 0x9E 0x80 0xC9 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xFD 0x36 0xCB 0xE1 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x28 0xCF 0xBE 0x10 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000

---- EOF - GMER 1.0.15 ----





System Investigator by Olrik
Log Created On: 1136_21-11-2009
SINO Version: 2.4.9.9

Total RAM: 3582 MB | Free RAM: 2392 MB | Pagefile Size: 5464 MB
E: | 416768 MB out of 953859 MB Free | Local Fixed Disk
F: | None | CD-ROM Disc
G: | None | Removable Disk
H: | None | Removable Disk

<<<< System Information >>>>

Computer Name: CHANGCOR-3F77A4
Username: Patrick
Language Setting: ENU
Windows Directory: E:\WINDOWS
Windows Version: Windows XP Service Pack 2

<<<< Tasklist >>>>

[System Idle Process] - Process ID: 0
[System] - Process ID: 4
[E:\WINDOWS\System32\smss.exe] - Process ID: 896
[csrss.exe] - Process ID: 960
[E:\WINDOWS\system32\winlogon.exe] - Process ID: 984
[E:\WINDOWS\system32\services.exe] - Process ID: 1032
[E:\WINDOWS\system32\lsass.exe] - Process ID: 1052
[E:\WINDOWS\system32\svchost.exe] - [color="#CC6600"]Process ID:[/color] 1204
[color="#0000FF"][svchost.exe][/color] - [color="#CC6600"]Process ID:[/color] 1260
[color="#0000FF"][E:\WINDOWS\System32\svchost.exe][/color] - [color="#CC6600"]Process ID:[/color] 1304
[color="#0000FF"][svchost.exe][/color] - [color="#CC6600"]Process ID:[/color] 1428
[color="#0000FF"][svchost.exe][/color] - [color="#CC6600"]Process ID:[/color] 1456
[color="#0000FF"][E:\WINDOWS\system32\spoolsv.exe][/color] - [color="#CC6600"]Process ID:[/color] 1628
[color="#0000FF"][svchost.exe][/color] - [color="#CC6600"]Process ID:[/color] 1800
[color="#0000FF"][E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe][/color] - [color="#CC6600"]Process ID:[/color] 1848
[color="#0000FF"][E:\Program Files\Bonjour\mDNSResponder.exe][/color] - [color="#CC6600"]Process ID:[/color] 1888
[color="#0000FF"][E:\WINDOWS\system32\PnkBstrA.exe][/color] - [color="#CC6600"]Process ID:[/color] 1956
[color="#0000FF"][E:\Program Files\Spyware Doctor\pctsAuxs.exe][/color] - [color="#CC6600"]Process ID:[/color] 2008
[color="#0000FF"][E:\WINDOWS\system32\svchost.exe][/color] - [color="#CC6600"]Process ID:[/color] 184
[color="#0000FF"][E:\WINDOWS\Explorer.EXE][/color] - [color="#CC6600"]Process ID:[/color] 664
[color="#0000FF"][alg.exe][/color] - [color="#CC6600"]Process ID:[/color] 1164
[color="#0000FF"][E:\Program Files\Analog Devices\Core\smax4pnp.exe][/color] - [color="#CC6600"]Process ID:[/color] 1652
[color="#0000FF"][E:\Program Files\iTunes\iTunesHelper.exe][/color] - [color="#CC6600"]Process ID:[/color] 1912
[color="#0000FF"][E:\WINDOWS\system32\LVCOMSX.EXE][/color] - [color="#CC6600"]Process ID:[/color] 1944
[color="#0000FF"][E:\Program Files\Logitech\Video\LogiTray.exe][/color] - [color="#CC6600"]Process ID:[/color] 2032
[color="#0000FF"][E:\Program Files\Winamp\winampa.exe][/color] - [color="#CC6600"]Process ID:[/color] 608
[color="#0000FF"][E:\Program Files\ScanSoft\PaperPort\pptd40nt.exe][/color] - [color="#CC6600"]Process ID:[/color] 712
[color="#0000FF"][E:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe][/color] - [color="#CC6600"]Process ID:[/color] 1036
[color="#0000FF"][E:\Program Files\Unlocker\UnlockerAssistant.exe][/color] - [color="#CC6600"]Process ID:[/color] 1896
[color="#0000FF"][E:\Program Files\Curse\CurseClient.exe][/color] - [color="#CC6600"]Process ID:[/color] 1396
[color="#0000FF"][E:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe][/color] - [color="#CC6600"]Process ID:[/color] 1404
[color="#0000FF"][E:\Program Files\Brother\ControlCenter3\brccMCtl.exe][/color] - [color="#CC6600"]Process ID:[/color] 2308
[color="#0000FF"][E:\Program Files\OpenOffice.org 3\program\soffice.exe][/color] - [color="#CC6600"]Process ID:[/color] 2392
[color="#0000FF"][E:\Program Files\OpenOffice.org 3\program\soffice.bin][/color] - [color="#CC6600"]Process ID:[/color] 2464
[color="#0000FF"][E:\Program Files\Brother\Brmfcmon\BrMfcmon.exe][/color] - [color="#CC6600"]Process ID:[/color] 2488
[color="#0000FF"][E:\Program Files\Logitech\Video\FxSvr2.exe][/color] - [color="#CC6600"]Process ID:[/color] 2560
[color="#0000FF"][E:\Program Files\iPod\bin\iPodService.exe][/color] - [color="#CC6600"]Process ID:[/color] 2652
[color="#0000FF"][E:\Documents and Settings\Patrick\Desktop\Program Files\Mozilla Firefox\firefox.exe][/color] - [color="#CC6600"]Process ID:[/color] 3728
[color="#0000FF"][E:\DOCUME~1\Patrick\LOCALS~1\Temp\SINO\SINO.exe][/color] - [color="#CC6600"]Process ID:[/color] 3676
[color="#0000FF"][wmiprvse.exe][/color] - [color="#CC6600"]Process ID:[/color] 2264

[color="#FF0000"]<<<< Startup Items >>>>[/color]

[color="#0000FF"][Adobe Gamma][/color] - [color="#CC6600"]<Startup>[/color] - Adobe Gamma.lnk
[color="#0000FF"][desktop][/color] - [color="#CC6600"]<Startup>[/color] - desktop.ini
[color="#0000FF"][OpenOffice.org 3.0][/color] - [color="#CC6600"]<Startup>[/color] - OpenOffice.org 3.0.lnk
[color="#0000FF"][DWQueuedReporting][/color] - [color="#CC6600"]<HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run>[/color] - "E:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
[color="#0000FF"][Adobe Gamma][/color] - [color="#CC6600"]<Startup>[/color] - Adobe Gamma.lnk
[color="#0000FF"][desktop][/color] - [color="#CC6600"]<Startup>[/color] - desktop.ini
[color="#0000FF"][OpenOffice.org 3.0][/color] - [color="#CC6600"]<Startup>[/color] - OpenOffice.org 3.0.lnk
[color="#0000FF"][Google Update][/color] - [color="#CC6600"]<HKU\S-1-5-21-790525478-1202660629-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run>[/color] - "E:\Documents and Settings\Patrick\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
[color="#0000FF"][LogitechSoftwareUpdate][/color] - [color="#CC6600"]<HKU\S-1-5-21-790525478-1202660629-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run>[/color] - "E:\Program Files\Logitech\Video\ManifestEngine.exe" boot
[color="#0000FF"][CurseClient][/color] - [color="#CC6600"]<HKU\S-1-5-21-790525478-1202660629-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run>[/color] - E:\Program Files\Curse\CurseClient.exe -silent
[color="#0000FF"][VeohPlugin][/color] - [color="#CC6600"]<HKU\S-1-5-21-790525478-1202660629-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run>[/color] - "E:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
[color="#0000FF"][Adobe Gamma][/color] - [color="#CC6600"]<Startup>[/color] - Adobe Gamma.lnk
[color="#0000FF"][desktop][/color] - [color="#CC6600"]<Startup>[/color] - desktop.ini
[color="#0000FF"][OpenOffice.org 3.0][/color] - [color="#CC6600"]<Startup>[/color] - OpenOffice.org 3.0.lnk
[color="#0000FF"][DWQueuedReporting][/color] - [color="#CC6600"]<HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run>[/color] - "E:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
[color="#0000FF"][desktop][/color] - [color="#CC6600"]<Common Startup>[/color] - desktop.ini
[color="#0000FF"][SoundMAXPnP][/color] - [color="#CC6600"]<HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run>[/color] - E:\Program Files\Analog Devices\Core\smax4pnp.exe
[color="#0000FF"][JMB36X IDE Setup][/color] - [color="#CC6600"]<HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run>[/color] - E:\WINDOWS\JM\JMInsIDE.exe
[color="#0000FF"][36X Raid Configurer][/color] - [color="#CC6600"]<HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run>[/color] - E:\WINDOWS\system32\JMRaidSetup.exe boot
[color="#0000FF"][IMJPMIG8.1][/color] - [color="#CC6600"]<HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run>[/color] - "E:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
[color="#0000FF"][MSPY2002][/color] - [color="#CC6600"]<HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run>[/color] - E:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
[color="#0000FF"][PHIME2002ASync][/color] - [color="#CC6600"]<HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run>[/color] - E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
[color="#0000FF"][PHIME2002A][/color] - [color="#CC6600"]<HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run>[/color] - E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
[color="#0000FF"][QuickTime Task][/color] - [color="#CC6600"]<HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run>[/color] - "E:\Program Files\QuickTime\qttask.exe" -atboottime
[color="#0000FF"][iTunesHelper][/color] - [color="#CC6600"]<HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run>[/color] - "E:\Program Files\iTunes\iTunesHelper.exe"
[color="#0000FF"][LVCOMSX][/color] - [color="#CC6600"]<HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run>[/color] - E:\WINDOWS\system32\LVCOMSX.EXE
[color="#0000FF"][LogitechVideoRepair][/color] - [color="#CC6600"]<HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run>[/color] - E:\Program Files\Logitech\Video\ISStart.exe
[color="#0000FF"][LogitechVideoTray][/color] - [color="#CC6600"]<HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run>[/color] - E:\Program Files\Logitech\Video\LogiTray.exe
[color="#0000FF"][Synchronization Manager][/color] - [color="#CC6600"]<HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run>[/color] - %SystemRoot%\system32\mobsync.exe /logon
[color="#0000FF"][WinampAgent][/color] - [color="#CC6600"]<HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run>[/color] - "E:\Program Files\Winamp\winampa.exe"
[color="#0000FF"][SSBkgdUpdate][/color] - [color="#CC6600"]<HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run>[/color] - "E:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
[color="#0000FF"][PaperPort PTD][/color] - [color="#CC6600"]<HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run>[/color] - "E:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
[color="#0000FF"][IndexSearch][/color] - [color="#CC6600"]<HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run>[/color] - "E:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
[color="#0000FF"][PPort11reminder][/color] - [color="#CC6600"]<HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run>[/color] - "E:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "E:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
[color="#0000FF"][BrMfcWnd][/color] - [color="#CC6600"]<HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run>[/color] - E:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
[color="#0000FF"][ControlCenter3][/color] - [color="#CC6600"]<HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run>[/color] - E:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
[color="#0000FF"][Malwarebytes Anti-Malware (reboot)][/color] - [color="#CC6600"]<HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run>[/color] - "E:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
[color="#0000FF"][UnlockerAssistant][/color] - [color="#CC6600"]<HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run>[/color] - "E:\Program Files\Unlocker\UnlockerAssistant.exe"
[color="#0000FF"][KernelFaultCheck][/color] - [color="#CC6600"]<HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run>[/color] - %systemroot%\system32\dumprep 0 -k

[color="#FF0000"]<<<< MS Services >>>>[/color]

[color="#0000FF"]Adobe LM Service (Adobe LM Service)[/color] - [color="#CC6600"]Stopped [Manual | Not_Stoppable | Not_Pausable][/color] - "E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"
[color="#0000FF"]Alerter (Alerter)[/color] - [color="#CC6600"]Running [Auto | Stoppable | Not_Pausable][/color] - E:\WINDOWS\system32\svchost.exe -k LocalService
[color="#0000FF"]Application Layer Gateway Service (ALG)[/color] - [color="#CC6600"]Running [Manual | Stoppable | Not_Pausable][/color] - E:\WINDOWS\System32\alg.exe
[color="#0000FF"]Application Management (AppMgmt)[/color] - [color="#CC6600"]Stopped [Manual | Not_Stoppable | Not_Pausable][/color] - E:\WINDOWS\system32\svchost.exe -k netsvcs
[color="#0000FF"]ASP.NET State Service (aspnet_state)[/color] - [color="#CC6600"]Stopped [Manual | Not_Stoppable | Not_Pausable][/color] - E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
[color="#0000FF"]Windows Audio (AudioSrv)[/color] - [color="#CC6600"]Running [Auto | Stoppable | Not_Pausable][/color] - E:\WINDOWS\System32\svchost.exe -k netsvcs
[color="#0000FF"]Background Intelligent Transfer Service (BITS)[/color] - [color="#CC6600"]Stopped [Disabled | Not_Stoppable | Not_Pausable][/color] - E:\WINDOWS\system32\svchost.exe -k netsvcs
[color="#0000FF"]Computer Browser (Browser)[/color] - [color="#CC6600"]Stopped [Auto | Not_Stoppable | Not_Pausable][/color] - E:\WINDOWS\system32\svchost.exe -k netsvcs
[color="#0000FF"]Indexing Service (CiSvc)[/color] - [color="#CC6600"]Stopped [Manual | Not_Stoppable | Not_Pausable][/color] - E:\WINDOWS\system32\cisvc.exe
[color="#0000FF"]ClipBook (ClipSrv)[/color] - [color="#CC6600"]Stopped [Manual | Not_Stoppable | Not_Pausable][/color] - E:\WINDOWS\system32\clipsrv.exe
[color="#0000FF"].NET Runtime Optimization Service v2.0.50727_X86 (clr_optimization_v2.0.50727_32)[/color] - [color="#CC6600"]Stopped [Manual | Not_Stoppable | Not_Pausable][/color] - E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
[color="#0000FF"]COM+ System Application (COMSysApp)[/color] - [color="#CC6600"]Stopped [Manual | Not_Stoppable | Not_Pausable][/color] - E:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
[color="#0000FF"]CryptSvc (CryptSvc)[/color] - [color="#CC6600"]Running [Auto | Stoppable | Not_Pausable][/color] - E:\WINDOWS\system32\svchost.exe -k netsvcs
[color="#0000FF"]DCOM Server Process Launcher (DcomLaunch)[/color] - [color="#CC6600"]Running [Auto | Not_Stoppable | Not_Pausable][/color] - E:\WINDOWS\system32\svchost -k DcomLaunch
[color="#0000FF"]DHCP Client (Dhcp)[/color] - [color="#CC6600"]Running [Auto | Stoppable | Not_Pausable][/color] - E:\WINDOWS\system32\svchost.exe -k netsvcs
[color="#0000FF"]Logical Disk Manager Administrative Service (dmadmin)[/color] - [color="#CC6600"]Stopped [Manual | Not_Stoppable | Not_Pausable][/color] - E:\WINDOWS\System32\dmadmin.exe /com
[color="#0000FF"]Logical Disk Manager (dmserver)[/color] - [color="#CC6600"]Running [Auto | Stoppable | Not_Pausable][/color] - E:\WINDOWS\System32\svchost.exe -k netsvcs
[color="#0000FF"]DNS Client (Dnscache)[/color] - [color="#CC6600"]Running [Auto | Stoppable | Not_Pausable][/color] - E:\WINDOWS\system32\svchost.exe -k NetworkService
[color="#0000FF"]Error Reporting Service (ERSvc)[/color] - [color="#CC6600"]Stopped [Disabled | Not_Stoppable | Not_Pausable][/color] - E:\WINDOWS\System32\svchost.exe -k netsvcs
[color="#0000FF"]Event Log (Eventlog)[/color] - [color="#CC6600"]Running [Auto | Not_Stoppable | Not_Pausable][/color] - E:\WINDOWS\system32\services.exe
[color="#0000FF"]COM+ Event System (EventSystem)[/color] - [color="#CC6600"]Running [Manual | Stoppable | Not_Pausable][/color] - E:\WINDOWS\system32\svchost.exe -k netsvcs
[color="#0000FF"]Fast User Switching Compatibility (FastUserSwitchingCompatibility)[/color] - [color="#CC6600"]Running [Auto | Stoppable | Not_Pausable][/color] - E:\WINDOWS\System32\svchost.exe -k netsvcs
[color="#0000FF"]Windows Presentation Foundation Font Cache 3.0.0.0 (FontCache3.0.0.0)[/color] - [color="#CC6600"]Stopped [Manual | Not_Stoppable | Not_Pausable][/color] - e:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
[color="#0000FF"]Help and Support (helpsvc)[/color] - [color="#CC6600"]Running [Auto | Stoppable | Not_Pausable][/color] - E:\WINDOWS\System32\svchost.exe -k netsvcs
[color="#0000FF"]HID Input Service (HidServ)[/color] - [color="#CC6600"]Running [Auto | Stoppable | Not_Pausable][/color] - E:\WINDOWS\System32\svchost.exe -k netsvcs
[color="#0000FF"]HTTP SSL (HTTPFilter)[/color] - [color="#CC6600"]Stopped [Manual | Not_Stoppable | Not_Pausable][/color] - E:\WINDOWS\System32\svchost.exe -k HTTPFilter
[color="#0000FF"]InstallDriver Table Manager (IDriverT)[/color] - [color="#CC6600"]Stopped [Manual | Not_Stoppable | Not_Pausable][/color] - "E:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"
[color="#0000FF"]Windows CardSpace (idsvc)[/color] - [color="#CC6600"]Stopped [Manual | Not_Stoppable | Not_Pausable][/color] - "E:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
[color="#0000FF"]IMAPI CD-Burning COM Service (ImapiService)[/color] - [color="#CC6600"]Stopped [Manual | Not_Stoppable | Not_Pausable][/color] - E:\WINDOWS\system32\imapi.exe
[color="#0000FF"]Server (lanmanserver)[/color] - [color="#CC6600"]Running [Auto | Stoppable | Pausable][/color] - E:\WINDOWS\system32\svchost.exe -k netsvcs
[color="#0000FF"]Workstation (lanmanworkstation)[/color] - [color="#CC6600"]Running [Auto | Stoppable | Pausable][/color] - E:\WINDOWS\system32\svchost.exe -k netsvcs
[color="#0000FF"]TCP/IP NetBIOS Helper (LmHosts)[/color] - [color="#CC6600"]Running [Auto | Stoppable | Not_Pausable][/color] - E:\WINDOWS\system32\svchost.exe -k LocalService
[color="#0000FF"]Messenger (Messenger)[/color] - [color="#CC6600"]Stopped [Disabled | Not_Stoppable | Not_Pausable][/color] - E:\WINDOWS\system32\svchost.exe -k netsvcs
[color="#0000FF"]NetMeeting Remote Desktop Sharing (mnmsrvc)[/color] - [color="#CC6600"]Stopped [Manual | Not_Stoppable | Not_Pausable][/color] - E:\WINDOWS\system32\mnmsrvc.exe
[color="#0000FF"]Distributed Transaction Coordinator (MSDTC)[/color] - [color="#CC6600"]Stopped [Manual | Not_Stoppable | Not_Pausable][/color] - E:\WINDOWS\system32\msdtc.exe
[color="#0000FF"]Windows Installer (MSIServer)[/color] - [color="#CC6600"]Stopped [Manual | Not_Stoppable | Not_Pausable][/color] - E:\WINDOWS\system32\msiexec.exe /V
[color="#0000FF"]Network DDE (NetDDE)[/color] - [color="#CC6600"]Stopped [Disabled | Not_Stoppable | Not_Pausable][/color] - E:\WINDOWS\system32\netdde.exe
[color="#0000FF"]Network DDE DSDM (NetDDEdsdm)[/color] - [color="#CC6600"]Stopped [Disabled | Not_Stoppable | Not_Pausable][/color] - E:\WINDOWS\system32\netdde.exe
[color="#0000FF"]Net Logon (Netlogon)[/color] - [color="#CC6600"]Stopped [Manual | Not_Stoppable | Not_Pausable][/color] - E:\WINDOWS\system32\lsass.exe
[color="#0000FF"]Network Connections (Netman)[/color] - [color="#CC6600"]Running [Manual | Stoppable | Not_Pausable][/color] - E:\WINDOWS\System32\svchost.exe -k netsvcs
[color="#0000FF"]Net.Tcp Port Sharing Service (NetTcpPortSharing)[/color] - [color="#CC6600"]Stopped [Disabled | Not_Stoppable | Not_Pausable][/color] - "E:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"
[color="#0000FF"]Network Location Awareness (NLA) (Nla)[/color] - [color="#CC6600"]Running [Manual | Stoppable | Not_Pausable][/color] - E:\WINDOWS\system32\svchost.exe -k netsvcs
[color="#0000FF"]NT LM Security Support Provider (NtLmSsp)[/color] - [color="#CC6600"]Stopped [Manual | Not_Stoppable | Not_Pausable][/color] - E:\WINDOWS\system32\lsass.exe
[color="#0000FF"]Removable Storage (NtmsSvc)[/color] - [color="#CC6600"]Stopped [Manual | Not_Stoppable | Not_Pausable][/color] - E:\WINDOWS\system32\svchost.exe -k netsvcs
[color="#0000FF"]Microsoft Office Diagnostics Service (odserv)[/color] - [color="#CC6600"]Stopped [Manual | Not_Stoppable | Not_Pausable][/color] - "E:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE"
[color="#0000FF"]Office Source Engine (ose)[/color] - [color="#CC6600"]Stopped [Manual | Not_Stoppable | Not_Pausable][/color] - "E:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
[color="#0000FF"]Plug and Play (PlugPlay)[/color] - [color="#CC6600"]Running [Auto | Not_Stoppable | Not_Pausable][/color] - E:\WINDOWS\system32\services.exe
[color="#0000FF"]IPSEC Services (PolicyAgent)[/color] - [color="#CC6600"]Running [Auto | Stoppable | Not_Pausable][/color] - E:\WINDOWS\system32\lsass.exe
[color="#0000FF"]Protected Storage (ProtectedStorage)[/color] - [color="#CC6600"]Running [Auto | Stoppable | Not_Pausable][/color] - E:\WINDOWS\system32\lsass.exe
[color="#0000FF"]Remote Access Auto Connection Manager (RasAuto)[/color] - [color="#CC6600"]Stopped [Manual | Not_Stoppable | Not_Pausable][/color] - E:\WINDOWS\system32\svchost.exe -k netsvcs
[color="#0000FF"]Remote Access Connection Manager (RasMan)[/color] - [color="#CC6600"]Running [Manual | Stoppable | Not_Pausable][/color] - E:\WINDOWS\system32\svchost.exe -k netsvcs
[color="#0000FF"]Remote Desktop Help Session Manager (RDSessMgr)[/color] - [color="#CC6600"]Stopped [Manual | Not_Stoppable | Not_Pausable][/color] - E:\WINDOWS\system32\sessmgr.exe
[color="#0000FF"]Routing and Remote Access (RemoteAccess)[/color] - [color="#CC6600"]Running [Auto | Stoppable | Pausable][/color] - E:\WINDOWS\system32\svchost.exe -k netsvcs
[color="#0000FF"]Remote Registry (RemoteRegistry)[/color] - [color="#CC6600"]Running [Auto | Stoppable | Not_Pausable][/color] - E:\WINDOWS\system32\svchost.exe -k LocalService
[color="#0000FF"]Remote Procedure Call (RPC) Locator (RpcLocator)[/color] - [color="#CC6600"]Stopped [Manual | Not_Stoppable | Not_Pausable][/color] - E:\WINDOWS\system32\locator.exe
[color="#0000FF"]Remote Procedure Call (RPC) (RpcSs)[/color] - [color="#CC6600"]Running [Auto | Not_Stoppable | Not_Pausable][/color] - E:\WINDOWS\system32\svchost -k rpcss
[color="#0000FF"]QoS RSVP (RSVP)[/color] - [color="#CC6600"]Stopped [Manual | Not_Stoppable | Not_Pausable][/color] - E:\WINDOWS\system32\rsvp.exe
[color="#0000FF"]Security Accounts Manager (SamSs)[/color] - [color="#CC6600"]Running [Auto | Not_Stoppable | Not_Pausable][/color] - E:\WINDOWS\system32\lsass.exe
[color="#0000FF"]Smart Card (SCardSvr)[/color] - [color="#CC6600"]Stopped [Manual | Not_Stoppable | Not_Pausable][/color] - E:\WINDOWS\System32\SCardSvr.exe
[color="#0000FF"]Task Scheduler (Schedule)[/color] - [color="#CC6600"]Running [Auto | Stoppable | Pausable][/color] - E:\WINDOWS\System32\svchost.exe -k netsvcs
[color="#0000FF"]Secondary Logon (seclogon)[/color] - [color="#CC6600"]Running [Auto | Stoppable | Pausable][/color] - E:\WINDOWS\System32\svchost.exe -k netsvcs
[color="#0000FF"]System Event Notification (SENS)[/color] - [color="#CC6600"]Running [Auto | Stoppable | Not_Pausable][/color] - E:\WINDOWS\system32\svchost.exe -k netsvcs
[color="#0000FF"]Windows Firewall/Internet Connection Sharing (ICS) (SharedAccess)[/color] - [color="#CC6600"]Running [Auto | Stoppable | Not_Pausable][/color] - E:\WINDOWS\System32\svchost.exe -k netsvcs
[color="#0000FF"]Shell Hardware Detection (ShellHWDetection)[/color] - [color="#CC6600"]Running [Auto | Stoppable | Pausable][/color] - E:\WINDOWS\System32\svchost.exe -k netsvcs
[color="#0000FF"]Print Spooler (Spooler)[/color] - [color="#CC6600"]Running [Auto | Stoppable | Not_Pausable][/color] - E:\WINDOWS\system32\spoolsv.exe
[color="#0000FF"]System Restore Service (srservice)[/color] - [color="#CC6600"]Running [Auto | Stoppable | Not_Pausable][/color] - E:\WINDOWS\system32\svchost.exe -k netsvcs
[color="#0000FF"]SSDP Discovery Service (SSDPSRV)[/color] - [color="#CC6600"]Running [Manual | Stoppable | Not_Pausable][/color] - E:\WINDOWS\system32\svchost.exe -k LocalService
[color="#0000FF"]Windows Image Acquisition (WIA) (stisvc)[/color] - [color="#CC6600"]Running [Auto | Stoppable | Not_Pausable][/color] - E:\WINDOWS\system32\svchost.exe -k imgsvc
[color="#0000FF"]MS Software Shadow Copy Provider (SwPrv)[/color] - [color="#CC6600"]Stopped [Manual | Not_Stoppable | Not_Pausable][/color] - E:\WINDOWS\system32\dllhost.exe /Processid:{9B88F29D-FA8D-4988-A5BC-2CCF1D4D4248}
[color="#0000FF"]Performance Logs and Alerts (SysmonLog)[/color] - [color="#CC6600"]Stopped [Manual | Not_Stoppable | Not_Pausable][/color] - E:\WINDOWS\system32\smlogsvc.exe
[color="#0000FF"]Telephony (TapiSrv)[/color] - [color="#CC6600"]Running [Manual | Stoppable | Pausable][/color] - E:\WINDOWS\System32\svchost.exe -k netsvcs
[color="#0000FF"]Terminal Services (TermService)[/color] - [color="#CC6600"]Running [Auto | Not_Stoppable | Not_Pausable][/color] - E:\WINDOWS\System32\svchost -k DComLaunch
[color="#0000FF"]Themes (Themes)[/color] - [color="#CC6600"]Running [Auto | Stoppable | Not_Pausable][/color] - E:\WINDOWS\System32\svchost.exe -k netsvcs
[color="#0000FF"]Telnet (TlntSvr)[/color] - [color="#CC6600"]Stopped [Disabled | Not_Stoppable | Not_Pausable][/color] - E:\WINDOWS\system32\tlntsvr.exe
[color="#0000FF"]Distributed Link Tracking Client (TrkWks)[/color] - [color="#CC6600"]Running [Auto | Stoppable | Not_Pausable][/color] - E:\WINDOWS\system32\svchost.exe -k netsvcs
[color="#0000FF"]Universal Plug and Play Device Host (upnphost)[/color] - [color="#CC6600"]Stopped [Manual | Not_Stoppable | Not_Pausable][/color] - E:\WINDOWS\system32\svchost.exe -k LocalService
[color="#0000FF"]Uninterruptible Power Supply (UPS)[/color] - [color="#CC6600"]Stopped [Manual | Not_Stoppable | Not_Pausable][/color] - E:\WINDOWS\System32\ups.exe
[color="#0000FF"]Volume Shadow Copy (VSS)[/color] - [color="#CC6600"]Stopped [Manual | Not_Stoppable | Not_Pausable][/color] - E:\WINDOWS\System32\vssvc.exe
[color="#0000FF"]Windows Time (W32Time)[/color] - [color="#CC6600"]Running [Auto | Stoppable | Not_Pausable][/color] - E:\WINDOWS\System32\svchost.exe -k netsvcs
[color="#0000FF"]WebClient (WebClient)[/color] - [color="#CC6600"]Running [Auto | Stoppable | Not_Pausable][/color] - E:\WINDOWS\system32\svchost.exe -k LocalService
[color="#0000FF"]Windows Management Instrumentation (winmgmt)[/color] - [color="#CC6600"]Running [Auto | Stoppable | Pausable][/color] - E:\WINDOWS\system32\svchost.exe -k netsvcs
[color="#0000FF"]Portable Media Serial Number Service (WmdmPmSN)[/color] - [color="#CC6600"]Stopped [Manual | Not_Stoppable | Not_Pausable][/color] - E:\WINDOWS\System32\svchost.exe -k netsvcs
[color="#0000FF"]Windows Management Instrumentation Driver Extensions (Wmi)[/color] - [color="#CC6600"]Stopped [Manual | Not_Stoppable | Not_Pausable][/color] - E:\WINDOWS\System32\svchost.exe -k netsvcs
[color="#0000FF"]WMI Performance Adapter (WmiApSrv)[/color] - [color="#CC6600"]Stopped [Manual | Not_Stoppable | Not_Pausable][/color] - E:\WINDOWS\system32\wbem\wmiapsrv.exe
[color="#0000FF"]Windows Media Player Network Sharing Service (WMPNetworkSvc)[/color] - [color="#CC6600"]Stopped [Manual | Not_Stoppable | Not_Pausable][/color] - "E:\Program Files\Windows Media Player\WMPNetwk.exe"
[color="#0000FF"]Security Center (wscsvc)[/color] - [color="#CC6600"]Stopped [Disabled | Not_Stoppable | Not_Pausable][/color] - E:\WINDOWS\System32\svchost.exe -k netsvcs
[color="#0000FF"]Automatic Updates (wuauserv)[/color] - [color="#CC6600"]Stopped [Disabled | Not_Stoppable | Not_Pausable][/color] - E:\WINDOWS\system32\svchost.exe -k netsvcs
[color="#0000FF"]Windows Driver Foundation - User-mode Driver Framework (WudfSvc)[/color] - [color="#CC6600"]Stopped [Manual | Not_Stoppable | Not_Pausable][/color] - E:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
[color="#0000FF"]Wireless Zero Configuration (WZCSVC)[/color] - [color="#CC6600"]Running [Auto | Stoppable | Not_Pausable][/color] - E:\WINDOWS\System32\svchost.exe -k netsvcs
[color="#0000FF"]Network Provisioning Service (xmlprov)[/color] - [color="#CC6600"]Stopped [Manual | Not_Stoppable | Not_Pausable][/color] - E:\WINDOWS\System32\svchost.exe -k netsvcs

[color="#FF0000"]<<<< Non-MS Services >>>>[/color]

[color="#0000FF"]Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler)[/color] - [color="#CC6600"]Stopped [Auto | Not_Stoppable | Not_Pausable][/color] - "E:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe"
[color="#0000FF"]Avira AntiVir Personal - Free Antivirus Guard (AntiVirService)[/color] - [color="#CC6600"]Stopped [Auto | Not_Stoppable | Not_Pausable][/color] - "E:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe"
[color="#0000FF"]Apple Mobile Device (Apple Mobile Device)[/color] - [color="#CC6600"]Running [Auto | Stoppable | Not_Pausable][/color] - "E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
[color="#0000FF"]Business Contact Manager SQL Server Startup Service (BcmSqlStartupSvc)[/color] - [color="#CC6600"]Stopped [Auto | Not_Stoppable | Not_Pausable][/color] - "E:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe"
[color="#0000FF"]Bonjour Service (Bonjour Service)[/color] - [color="#CC6600"]Running [Auto | Stoppable | Not_Pausable][/color] - "E:\Program Files\Bonjour\mDNSResponder.exe"
[color="#0000FF"]Browser Defender Update Service (Browser Defender Update Service)[/color] - [color="#CC6600"]Stopped [Disabled | Not_Stoppable | Not_Pausable][/color] - "E:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe"
[color="#0000FF"]Security Windows (ctvuaz)[/color] - [color="#CC6600"]Stopped [Auto | Not_Stoppable | Not_Pausable][/color] - E:\WINDOWS\system32\svchost.exe -k netsvcs
[color="#0000FF"]ForceWare Intelligent Application Manager (IAM) (ForceWare Intelligent Application Manager (IAM))[/color] - [color="#CC6600"]Stopped [Disabled | Not_Stoppable | Not_Pausable][/color] - E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
[color="#0000FF"]Forceware Web Interface (ForcewareWebInterface)[/color] - [color="#CC6600"]Stopped [Disabled | Not_Stoppable | Not_Pausable][/color] - "E:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice
[color="#0000FF"]iPod Service (iPod Service)[/color] - [color="#CC6600"]Running [Manual | Stoppable | Not_Pausable][/color] - "E:\Program Files\iPod\bin\iPodService.exe"
[color="#0000FF"]SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ)[/color] - [color="#CC6600"]Stopped [Disabled | Not_Stoppable | Not_Pausable][/color] - "e:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ
[color="#0000FF"]SQL Server Active Directory Helper (MSSQLServerADHelper)[/color] - [color="#CC6600"]Stopped [Disabled | Not_Stoppable | Not_Pausable][/color] - "e:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe"
[color="#0000FF"]nProtect GameGuard Service (npggsvc)[/color] - [color="#CC6600"]Stopped [Manual | Not_Stoppable | Not_Pausable][/color] - E:\WINDOWS\system32\GameMon.des -service
[color="#0000FF"]npkcmsvc (npkcmsvc)[/color] - [color="#CC6600"]Stopped [Auto | Not_Stoppable | Not_Pausable][/color] - E:\Nexon\MapleStory\npkcmsvc.exe
[color="#0000FF"]ForceWare IP service (nSvcIp)[/color] - [color="#CC6600"]Stopped [Disabled | Not_Stoppable | Not_Pausable][/color] - E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
[color="#0000FF"]ForceWare user log service (nSvcLog)[/color] - [color="#CC6600"]Stopped [Disabled | Not_Stoppable | Not_Pausable][/color] - E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
[color="#0000FF"]NVIDIA Display Driver Service (NVSvc)[/color] - [color="#CC6600"]Stopped [Disabled | Not_Stoppable | Not_Pausable][/color] - E:\WINDOWS\system32\nvsvc32.exe
[color="#0000FF"]PnkBstrA (PnkBstrA)[/color] - [color="#CC6600"]Running [Auto | Stoppable | Not_Pausable][/color] - E:\WINDOWS\system32\PnkBstrA.exe
[color="#0000FF"]PC Tools Auxiliary Service (sdAuxService)[/color] - [color="#CC6600"]Running [Auto | Stoppable | Not_Pausable][/color] - E:\Program Files\Spyware Doctor\pctsAuxs.exe
[color="#0000FF"]SQL Server Browser (SQLBrowser)[/color] - [color="#CC6600"]Stopped [Disabled | Not_Stoppable | Not_Pausable][/color] - "e:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe"
[color="#0000FF"]SQL Server VSS Writer (SQLWriter)[/color] - [color="#CC6600"]Stopped [Disabled | Not_Stoppable | Not_Pausable][/color] - "e:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
[color="#0000FF"]Messenger Sharing Folders USN Journal Reader service (usnjsvc)[/color] - [color="#CC6600"]Stopped [Manual | Not_Stoppable | Not_Pausable][/color] - "E:\Program Files\Windows Live\Messenger\usnsvc.exe"
[color="#0000FF"]User Privilege Service (usprserv)[/color] - [color="#CC6600"]Stopped [Manual | Not_Stoppable | Not_Pausable][/color] - E:\WINDOWS\System32\svchost.exe -k netsvcs
[color="#0000FF"]Windows Live Setup Service (WLSetupSvc)[/color] - [color="#CC6600"]Stopped [Manual | Not_Stoppable | Not_Pausable][/color] - "E:\Program Files\Windows Live\installer\WLSetupSvc.exe"

[color="#FF0000"]<<<< Boot.ini >>>>[/color]

[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
E:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

[color="#FF0000"]<<<< Ipconfig >>>>[/color]

Windows IP Configuration

Host Name . . . . . . . . . . . . : changcor-3f77a4
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Description . . . . . . . . . . . : NVIDIA nForce Networking Controller
Physical Address. . . . . . . . . : 00-1F-C6-E3-8B-06

Ethernet adapter Local Area Connection 3:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : NVIDIA nForce Networking Controller #2
Physical Address. . . . . . . . . : 00-1F-C6-E8-09-28
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.0.101
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 192.168.0.1
Lease Obtained. . . . . . . . . . : Saturday, November 21, 2009 11:34:29 AM
Lease Expires . . . . . . . . . . : Saturday, November 28, 2009 11:34:29 AM


[color="#FF0000"]<<<< Pinging >>>>[/color]

[color="#4169E1"]OpenDNS Domain Test[/color]
Pinging to www.opendns.com [208.69.38.150]:

Response - 108ms
Response - 93ms
Response - 109ms
Response - 77ms

Packets: Sent = 4, Received = 4, Lost = 0
Minimum = 109ms - Maximum = 77ms

[color="#4169E1"]OpenDNS IP Test[/color]
Pinging to 208.67.222.222 [208.67.222.222]:

Response - 47ms
Response - 46ms
Response - 46ms
Response - 46ms

Packets: Sent = 4, Received = 4, Lost = 0
Minimum = 46ms - Maximum = 46ms

[color="#4169E1"]YouTube Domain Test[/color]
Pinging to www.youtube.com [74.125.45.139]:

Response - 30ms
Response - 31ms
Response - 30ms
Response - 46ms

Packets: Sent = 4, Received = 4, Lost = 0
Minimum = 30ms - Maximum = 46ms

[color="#4169E1"]YouTube IP Test[/color]
Pinging to 208.117.236.69 [208.117.236.69]:

Response - 125ms
Response - 125ms
Response - 125ms
Response - 141ms

Packets: Sent = 4, Received = 4, Lost = 0
Minimum = 125ms - Maximum = 141ms

[color="#4169E1"]localhost Test[/color]
Pinging to 127.0.0.1 [127.0.0.1]:

Response - 0ms
Response - 0ms
Response - 0ms
Response - 0ms

Packets: Sent = 4, Received = 4, Lost = 0
Minimum = 0ms - Maximum = 0ms


[color="#FF0000"]<<<< Netstat >>>>[/color]

Active Connections

Proto Local Address Foreign Address State PID
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 1260
[svchost.exe]

TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
[System]

TCP 0.0.0.0:1723 0.0.0.0:0 LISTENING 4
[System]

TCP 0.0.0.0:2052 0.0.0.0:0 LISTENING 1304
[svchost.exe]

TCP 0.0.0.0:2479 0.0.0.0:0 LISTENING 1032
[services.exe]

TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING 1204
-- unknown component(s) --
[svchost.exe]

TCP 0.0.0.0:3859 0.0.0.0:0 LISTENING 1032
[services.exe]

TCP 0.0.0.0:65533 0.0.0.0:0 LISTENING 1032
[services.exe]

TCP 127.0.0.1:1027 0.0.0.0:0 LISTENING 1164
[alg.exe]

TCP 127.0.0.1:1048 0.0.0.0:0 LISTENING 1404
[veohwebplayer.exe]

TCP 127.0.0.1:5354 0.0.0.0:0 LISTENING 1888
[mDNSResponder.exe]

TCP 127.0.0.1:27015 0.0.0.0:0 LISTENING 1848
[AppleMobileDeviceService.exe]

TCP 192.168.0.101:139 0.0.0.0:0 LISTENING 4
[System]

TCP 192.168.0.101:1107 192.168.0.20:445 SYN_SENT 1304
[svchost.exe]

TCP 127.0.0.1:1033 127.0.0.1:27015 ESTABLISHED 1912
[iTunesHelper.exe]

TCP 127.0.0.1:1055 127.0.0.1:1056 ESTABLISHED 3728
[firefox.exe]

TCP 127.0.0.1:1056 127.0.0.1:1055 ESTABLISHED 3728
[firefox.exe]

TCP 127.0.0.1:1072 127.0.0.1:1073 ESTABLISHED 3728
[firefox.exe]

TCP 127.0.0.1:1073 127.0.0.1:1072 ESTABLISHED 3728
[firefox.exe]

TCP 127.0.0.1:27015 127.0.0.1:1033 ESTABLISHED 1848
[AppleMobileDeviceService.exe]

TCP 192.168.0.101:1076 74.125.157.106:80 ESTABLISHED 3728
[firefox.exe]

TCP 192.168.0.101:1077 74.125.67.132:80 ESTABLISHED 3728
[firefox.exe]

TCP 192.168.0.101:1078 74.125.45.139:80 ESTABLISHED 3728
[firefox.exe]

TCP 192.168.0.101:1079 74.125.45.139:80 ESTABLISHED 3728
[firefox.exe]

TCP 192.168.0.101:1080 74.125.19.138:80 ESTABLISHED 3728
[firefox.exe]

TCP 192.168.0.101:1091 69.163.167.204:80 CLOSE_WAIT 3676
[SINO.exe]

TCP 192.168.0.101:1067 192.168.0.1:5678 TIME_WAIT 0
TCP 192.168.0.101:1068 192.168.0.1:5678 TIME_WAIT 0
TCP 192.168.0.101:1069 192.168.0.1:5678 TIME_WAIT 0
TCP 192.168.0.101:1070 192.168.0.1:5678 TIME_WAIT 0
TCP 192.168.0.101:1071 192.168.0.1:5678 TIME_WAIT 0
TCP 192.168.0.101:1074 192.168.0.1:5678 TIME_WAIT 0
TCP 192.168.0.101:1082 208.43.87.2:80 TIME_WAIT 0
TCP 192.168.0.101:1084 8.3.211.74:80 TIME_WAIT 0
TCP 192.168.0.101:1087 69.167.127.68:80 TIME_WAIT 0
UDP 0.0.0.0:500 *:* 1052
[lsass.exe]

UDP 0.0.0.0:32286 *:* 1404
[veohwebplayer.exe]

UDP 0.0.0.0:49268 *:* 1888
[mDNSResponder.exe]

UDP 0.0.0.0:37618 *:* 1396
[CurseClient.exe]

UDP 0.0.0.0:1701 *:* 4
[System]

UDP 0.0.0.0:4500 *:* 1052
[lsass.exe]

UDP 0.0.0.0:1025 *:* 1888
[mDNSResponder.exe]

UDP 0.0.0.0:1049 *:* 1404
[veohwebplayer.exe]

UDP 0.0.0.0:32285 *:* 1404
[veohwebplayer.exe]

UDP 0.0.0.0:1045 *:* 1404
[veohwebplayer.exe]

UDP 0.0.0.0:445 *:* 4
[System]

UDP 127.0.0.1:1050 *:* 1404
[veohwebplayer.exe]

UDP 127.0.0.1:44301 *:* 1956
[PnkBstrA.exe]

UDP 127.0.0.1:1031 *:* 1304
[svchost.exe]

UDP 127.0.0.1:1032 *:* 1304
[svchost.exe]

UDP 127.0.0.1:1900 *:* 1456
[svchost.exe]

UDP 127.0.0.1:123 *:* 1304
[svchost.exe]

UDP 192.168.0.101:138 *:* 4
[System]

UDP 192.168.0.101:137 *:* 4
[System]

UDP 192.168.0.101:123 *:* 1304
[svchost.exe]

UDP 192.168.0.101:5353 *:* 1888
[mDNSResponder.exe]

UDP 192.168.0.101:1900 *:* 1456
[svchost.exe]


[color="#FF0000"]<<<< Routing Table >>>>[/color]

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1f c6 e3 8b 06 ...... NVIDIA nForce Networking Controller - Packet Scheduler Miniport
0x3 ...00 1f c6 e8 09 28 ...... NVIDIA nForce Networking Controller #2 - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.101 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.0.101 192.168.0.101 20
192.168.0.0 255.255.255.0 192.168.0.101 192.168.0.101 20
192.168.0.101 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.0.255 255.255.255.255 192.168.0.101 192.168.0.101 20
224.0.0.0 240.0.0.0 192.168.0.101 192.168.0.101 20
255.255.255.255 255.255.255.255 192.168.0.101 2 1
255.255.255.255 255.255.255.255 192.168.0.101 192.168.0.101 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None

Route Table

[color="#FF0000"]<<<< Hosts File >>>>[/color]

The HOSTS file is 27 Bytes in size.

There were 0 lines not pointing to 127.0.0.1

[color="#FF0000"]<<<< Active Shares >>>>[/color]

[color="#0000FF"]Share: E$[/color] - [color="#CC6600"]Path: E:\[/color]
[color="#0000FF"]Share: IPC$[/color] - [color="#CC6600"]Path: [/color]
[color="#0000FF"]Share: ADMIN$[/color] - [color="#CC6600"]Path: E:\WINDOWS[/color]


[color="#000080"]END OF LOG FILE, Date of Completion: 1136_21-11-2009 ----------[/color]




Thank you for your time, hopefully these ares the correct logs you requested.

#4 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:11 AM

Posted 21 November 2009 - 05:01 PM

Hello again,

Please describe the current problems your experiencing.

==========

I see you have run Combofix unsupervised.....this is ill advised!!

:( This is a complex and powerful tool that should not be used except under the supervision and direction of a malware expert. It can and will render your computer unbootable permanently!! Also realize that in most circumstances a single run of Combofix is ineffective. Specialized scripts will be written specifically directing this program to clean-up based on your logs!! :(

I would like to see your most recent CF logs. You will find them @ C:\ComboFix.txt.

==========

:) P2P Warning :)

Your log indicates that you have uTorrent installed.

Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.

- They are a security risk which can make your computer susceptible to a smrgsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.

- Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.

- The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Note: It is pretty much certain that if you continue to use P2P programs, then you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel>> Add / Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.

==========

The following is referring to Free Registry Fix 5.0.
Please be aware that bleepingcomputer staff do not recommend the usage of registry cleaners / tools due to the following facts:
  • Registry tools can cause irreparable damage to your Operating System
  • Registry tools can, as a result of the above, render your pc to be inoperable.
This is done, assuming that the major audience here at this board might be inexperienced users and thus a suggested safeguard from our side.
If you feel you have the need for a registry cleaner, then you are just as welcome to keep it. This is what we refer to an "optional fix" and is up to the user, so just take this as a recommendation from my side.

I would recommend you remove Free Registry Fix 5.0 via Add/remove.

==========

Please right click and delete your current copy of Combofix.

Download and Run ComboFix (by sUBs)

You must rename it before saving it.

Posted Image

Posted Image

Please download ComboFix from one of these locations:

Link 1
Link 2

Save thcbytes.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Please refer to this link for instructions.

  • Double click on thcbytes.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


==========

With your next post please provide:

* Answer to question
* Combofix.txt from prior run
* New Combofix.txt

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#5 Highlygifted

Highlygifted
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:11 AM

Posted 21 November 2009 - 06:12 PM

My current problems consists of a slow running computer both regular and safe mode. When I try and use it outside of safe mode, it crashes every time after a few minutes. Aside from that, there is no major issue, the Antivirus System Pro is gone, but HelpAssistant refuses to be deleted and constantly reappears.


ComboFix 09-11-20.02 - Patrick 11/21/2009 0:55:40.1.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3582.2938 [GMT -5:00]
Running from: E:\Documents and Settings\Patrick\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

E:\Documents and Settings\Patrick\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat
E:\Program Files\TENCENT\SSPlus\SData.dat
E:\Program Files\TENCENT\SSPlus\stdtbh.dat
E:\WINDOWS\system32\drivers\pciide.sys
E:\WINDOWS\system32\zip32.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS


((((((((((((((((((((((((( Files Created from 2009-10-21 to 2009-11-21 )))))))))))))))))))))))))))))))
.

2009-11-21 05:55:40 . 2006-08-21 10:24:28 105344 ----a-w- E:\WINDOWS\system32\drivers\nvata.sys
2009-11-21 05:55:39 . 2006-12-06 11:41:16 44416 ----a-w- E:\WINDOWS\system32\drivers\jraid.sys
2009-11-21 05:55:39 . 2006-12-06 11:41:16 44416 ----a-r- E:\WINDOWS\system32\drivers\jraid_2.sys
2009-11-21 05:55:39 . 2006-08-21 10:24:28 105344 ----a-r- E:\WINDOWS\system32\drivers\nvata_2.sys
2009-11-21 05:55:38 . 2004-08-04 02:59:44 95360 ----a-w- E:\WINDOWS\system32\drivers\atapi.sys
2009-11-21 04:05:20 . 2009-11-21 04:05:21 0 d-----w- E:\Program Files\Unlocker
2009-11-20 21:58:14 . 2009-11-20 21:58:15 4045527 ----a-w- E:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-11-20 05:10:18 . 2009-11-20 05:10:18 117760 ----a-w- E:\Documents and Settings\Patrick\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-20 05:10:10 . 2009-11-20 05:10:10 0 d-----w- E:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-11-20 05:09:12 . 2009-11-20 05:09:16 0 d-----w- E:\Program Files\SUPERAntiSpyware
2009-11-20 05:09:12 . 2009-11-20 05:09:12 0 d-----w- E:\Documents and Settings\Patrick\Application Data\SUPERAntiSpyware.com
2009-11-20 04:12:25 . 2009-10-08 16:31:46 149456 ----a-w- E:\WINDOWS\SGDetectionTool.dll
2009-11-20 04:12:25 . 2009-10-08 16:31:14 767952 ----a-w- E:\WINDOWS\BDTSupport.dll
2009-11-20 04:12:25 . 2008-11-26 17:08:42 131 ----a-w- E:\WINDOWS\IDB.zip
2009-11-20 04:12:24 . 2009-10-08 16:31:44 165840 ----a-w- E:\WINDOWS\PCTBDRes.dll
2009-11-20 04:12:24 . 2009-10-08 16:31:44 1636304 ----a-w- E:\WINDOWS\PCTBDCore.dll
2009-11-20 04:12:24 . 2009-10-02 19:19:04 1152470 ----a-w- E:\WINDOWS\UDB.zip
2009-11-20 04:11:49 . 2009-09-24 13:55:46 229304 ----a-w- E:\WINDOWS\system32\drivers\pctgntdi.sys
2009-11-20 04:11:35 . 2009-10-06 21:31:30 87784 ----a-w- E:\WINDOWS\system32\drivers\PCTAppEvent.sys
2009-11-20 04:11:35 . 2009-09-23 21:10:06 207280 ----a-w- E:\WINDOWS\system32\drivers\PCTCore.sys
2009-11-20 04:11:29 . 2009-09-03 14:45:12 70408 ----a-w- E:\WINDOWS\system32\drivers\pctplsg.sys
2009-11-20 04:11:22 . 2009-11-20 06:01:01 0 d-----w- E:\Program Files\Spyware Doctor
2009-11-20 04:11:22 . 2009-11-20 04:11:22 0 d-----w- E:\Documents and Settings\Patrick\Application Data\PC Tools
2009-11-20 04:11:22 . 2009-11-20 04:11:22 0 d-----w- E:\Documents and Settings\All Users\Application Data\PC Tools
2009-11-20 03:11:15 . 2009-11-20 03:11:16 0 d-----w- E:\Documents and Settings\Patrick\Local Settings\Application Data\Threat Expert
2009-11-19 22:56:20 . 2009-11-21 03:54:48 0 d-----w- E:\Documents and Settings\HelpAssistant
2009-11-10 01:26:38 . 2009-11-10 01:26:38 0 d-----w- E:\WINDOWS\system32\wbem\Repository
2009-10-26 03:31:17 . 2009-10-26 03:31:17 0 d-----w- E:\Program Files\Veoh Networks

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-21 03:20:00 . 2008-09-21 00:39:31 0 d---a-w- E:\Documents and Settings\All Users\Application Data\TEMP
2009-11-20 21:58:27 . 2008-09-05 12:59:10 0 d-----w- E:\Program Files\Malwarebytes' Anti-Malware
2009-11-20 01:07:33 . 2008-09-25 20:58:44 0 d-----w- E:\Documents and Settings\Patrick\Application Data\GetRightToGo
2009-11-13 12:23:49 . 2009-04-22 03:33:54 1 ----a-w- E:\Documents and Settings\Patrick\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-11-13 00:28:08 . 2008-09-05 17:10:20 0 d-----w- E:\Program Files\World of Warcraft
2009-10-26 22:19:14 . 2008-09-09 14:11:52 0 d-----w- E:\Program Files\Steam
2009-10-16 12:15:19 . 2008-09-21 00:36:28 1036064 ----a-w- E:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-10-16 01:25:47 . 2009-10-16 01:24:50 0 d-----w- E:\Documents and Settings\All Users\Application Data\Screaming Bee
2009-10-16 01:25:19 . 2009-10-16 01:25:19 0 d-----w- E:\Documents and Settings\Patrick\Application Data\Screaming Bee
2009-10-16 01:24:50 . 2009-10-16 01:24:50 0 d-----w- E:\Program Files\Screaming Bee
2009-09-27 17:50:30 . 2008-09-27 02:37:25 0 d-----w- E:\Documents and Settings\Patrick\Application Data\ImgBurn
2009-09-27 17:24:49 . 2008-09-20 04:55:53 0 d-----w- E:\Documents and Settings\Patrick\Application Data\uTorrent
2009-09-17 04:53:35 . 2009-09-11 22:01:28 9778128225 ----a-w- E:\Documents and Settings\Patrick\AionFullInstaller_1.5.0.1.zip
2009-09-10 19:54:06 . 2008-09-05 12:59:11 38224 ----a-w- E:\WINDOWS\system32\drivers\mbamswissarmy.sys
2009-09-10 19:53:50 . 2008-09-05 12:59:11 19160 ----a-w- E:\WINDOWS\system32\drivers\mbam.sys
2009-09-04 11:35:41 . 2009-09-04 11:35:41 10134 ----a-r- E:\Documents and Settings\Patrick\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2008-08-16 15:41:04 . 2008-10-23 01:06:18 1839104 ----a-w- E:\Program Files\jeopardy.exe


You are indeed correct, I used Combofix prior, and here is the log. I'll post the new log after I download and run it.

#6 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:11 AM

Posted 21 November 2009 - 06:19 PM

Hello,
The old Combofix.txt log you posted is incomplete. Please retrieve it again in its entirety and re-post it please.
Thanks,
~ t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#7 Highlygifted

Highlygifted
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:11 AM

Posted 21 November 2009 - 07:29 PM

I believe this is a chronic problem, since it occured again.

ComboFix 09-11-20.05 - Patrick 11/21/2009 18:18:42.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3582.3222 [GMT -5:00]
Running from: E:\Documents and Settings\Patrick\Desktop\thcbytes.exe
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

E:\WINDOWS\system32\qsalvif.dll
.
---- Previous Run -------
.
E:\Documents and Settings\Patrick\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat
E:\Program Files\TENCENT\SSPlus\SData.dat
E:\Program Files\TENCENT\SSPlus\stdtbh.dat
E:\WINDOWS\system32\drivers\pciide.sys
E:\WINDOWS\system32\zip32.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS
-------\Legacy_CTVUAZ
-------\Service_ctvuaz


((((((((((((((((((((((((( Files Created from 2009-10-21 to 2009-11-21 )))))))))))))))))))))))))))))))
.

2009-11-21 23:18:41 . 2006-08-21 10:24:28 105344 ----a-w- E:\WINDOWS\system32\drivers\nvata.sys
2009-11-21 23:18:40 . 2006-12-06 11:41:16 44416 ----a-w- E:\WINDOWS\system32\drivers\jraid.sys
2009-11-21 23:18:40 . 2004-08-04 02:59:44 95360 -c--a-w- E:\WINDOWS\system32\dllcache\atapi.sys
2009-11-21 23:18:40 . 2004-08-04 02:59:44 95360 ----a-w- E:\WINDOWS\system32\drivers\atapi.sys
2009-11-21 05:55:39 . 2006-12-06 11:41:16 44416 ----a-r- E:\WINDOWS\system32\drivers\jraid_2.sys
2009-11-21 05:55:39 . 2006-08-21 10:24:28 105344 ----a-r- E:\WINDOWS\system32\drivers\nvata_2.sys
2009-11-21 05:54:45 . 2009-11-21 23:14:25 0 d-----w- E:\ComboFix
2009-11-21 04:05:20 . 2009-11-21 04:05:21 0 d-----w- E:\Program Files\Unlocker
2009-11-20 21:58:14 . 2009-11-20 21:58:15 4045527 ----a-w- E:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-11-20 05:10:18 . 2009-11-20 05:10:18 117760 ----a-w- E:\Documents and Settings\Patrick\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-20 05:10:10 . 2009-11-20 05:10:10 0 d-----w- E:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-11-20 05:09:12 . 2009-11-20 05:09:16 0 d-----w- E:\Program Files\SUPERAntiSpyware
2009-11-20 05:09:12 . 2009-11-20 05:09:12 0 d-----w- E:\Documents and Settings\Patrick\Application Data\SUPERAntiSpyware.com
2009-11-20 04:12:25 . 2009-10-08 16:31:46 149456 ----a-w- E:\WINDOWS\SGDetectionTool.dll
2009-11-20 04:12:25 . 2009-10-08 16:31:14 767952 ----a-w- E:\WINDOWS\BDTSupport.dll
2009-11-20 04:12:25 . 2008-11-26 17:08:42 131 ----a-w- E:\WINDOWS\IDB.zip
2009-11-20 04:12:24 . 2009-10-08 16:31:44 165840 ----a-w- E:\WINDOWS\PCTBDRes.dll
2009-11-20 04:12:24 . 2009-10-08 16:31:44 1636304 ----a-w- E:\WINDOWS\PCTBDCore.dll
2009-11-20 04:12:24 . 2009-10-02 19:19:04 1152470 ----a-w- E:\WINDOWS\UDB.zip
2009-11-20 04:11:49 . 2009-09-24 13:55:46 229304 ----a-w- E:\WINDOWS\system32\drivers\pctgntdi.sys
2009-11-20 04:11:35 . 2009-10-06 21:31:30 87784 ----a-w- E:\WINDOWS\system32\drivers\PCTAppEvent.sys
2009-11-20 04:11:35 . 2009-09-23 21:10:06 207280 ----a-w- E:\WINDOWS\system32\drivers\PCTCore.sys
2009-11-20 04:11:29 . 2009-09-03 14:45:12 70408 ----a-w- E:\WINDOWS\system32\drivers\pctplsg.sys
2009-11-20 04:11:22 . 2009-11-20 06:01:01 0 d-----w- E:\Program Files\Spyware Doctor
2009-11-20 04:11:22 . 2009-11-20 04:11:22 0 d-----w- E:\Documents and Settings\Patrick\Application Data\PC Tools
2009-11-20 04:11:22 . 2009-11-20 04:11:22 0 d-----w- E:\Documents and Settings\All Users\Application Data\PC Tools
2009-11-20 03:11:15 . 2009-11-20 03:11:16 0 d-----w- E:\Documents and Settings\Patrick\Local Settings\Application Data\Threat Expert
2009-11-19 22:56:20 . 2009-11-21 23:44:23 0 d-----w- E:\Documents and Settings\HelpAssistant
2009-11-10 01:26:38 . 2009-11-10 01:26:38 0 d-----w- E:\WINDOWS\system32\wbem\Repository
2009-10-26 03:31:17 . 2009-10-26 03:31:17 0 d-----w- E:\Program Files\Veoh Networks

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-21 03:20:00 . 2008-09-21 00:39:31 0 d---a-w- E:\Documents and Settings\All Users\Application Data\TEMP
2009-11-20 21:58:27 . 2008-09-05 12:59:10 0 d-----w- E:\Program Files\Malwarebytes' Anti-Malware
2009-11-20 01:07:33 . 2008-09-25 20:58:44 0 d-----w- E:\Documents and Settings\Patrick\Application Data\GetRightToGo
2009-11-13 12:23:49 . 2009-04-22 03:33:54 1 ----a-w- E:\Documents and Settings\Patrick\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-11-13 00:28:08 . 2008-09-05 17:10:20 0 d-----w- E:\Program Files\World of Warcraft
2009-10-26 22:19:14 . 2008-09-09 14:11:52 0 d-----w- E:\Program Files\Steam
2009-10-16 12:15:19 . 2008-09-21 00:36:28 1036064 ----a-w- E:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-10-16 01:25:47 . 2009-10-16 01:24:50 0 d-----w- E:\Documents and Settings\All Users\Application Data\Screaming Bee
2009-10-16 01:25:19 . 2009-10-16 01:25:19 0 d-----w- E:\Documents and Settings\Patrick\Application Data\Screaming Bee
2009-10-16 01:24:50 . 2009-10-16 01:24:50 0 d-----w- E:\Program Files\Screaming Bee
2009-09-27 17:50:30 . 2008-09-27 02:37:25 0 d-----w- E:\Documents and Settings\Patrick\Application Data\ImgBurn
2009-09-27 17:24:49 . 2008-09-20 04:55:53 0 d-----w- E:\Documents and Settings\Patrick\Application Data\uTorrent
2009-09-17 04:53:35 . 2009-09-11 22:01:28 9778128225 ----a-w- E:\Documents and Settings\Patrick\AionFullInstaller_1.5.0.1.zip
2009-09-10 19:54:06 . 2008-09-05 12:59:11 38224 ----a-w- E:\WINDOWS\system32\drivers\mbamswissarmy.sys
2009-09-10 19:53:50 . 2008-09-05 12:59:11 19160 ----a-w- E:\WINDOWS\system32\drivers\mbam.sys
2009-09-04 11:35:41 . 2009-09-04 11:35:41 10134 ----a-r- E:\Documents and Settings\Patrick\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2008-08-16 15:41:04 . 2008-10-23 01:06:18 1839104 ----a-w- E:\Program Files\jeopardy.exe
.


When it reached this point, it just stopped and the computer crashed. The last time I ran Combofix it crashed as well, at some point while compiling a log. So what should I do from here? Most likely a third Combofix will result in a crash before a log is finished.

#8 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:11 AM

Posted 21 November 2009 - 11:40 PM

Hello,

There a few reasons that Combofix might be crashing. Please make certain to read the instructions thoroughly!! If you run into troubles following my directions please stop and tell me about it.

Reason #1

AV: Avira AntiVir PersonalEdition *On-access scanning enabled*

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Please refer to this link for instructions.

Reason #2

E:\WINDOWS\system32\drivers\pciide.sys

CF is trying to delete a system file. Let's see if it is infected.

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the browse button and navigate to the files listed below in bold, then click Submit. You will only be able to have one file scanned at a time.

E:\WINDOWS\system32\drivers\pciide.sys
E:\WINDOWS\system32\drivers\atapi.sys

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal

==========

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :filefind
    *pciide.sys
    *atapi.sys
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

==========

With your next post please provide:

* Upload results
* Systemlook log

Kind regards,
~t

Edited by thcbytes, 22 November 2009 - 09:56 AM.

Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#9 Highlygifted

Highlygifted
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:11 AM

Posted 21 November 2009 - 11:46 PM

Avira is removed and does not run, but is however constantly recognized. I read into this and it was said that because it had precautions to combat harmful actions taken to it. So I'm unable to delete the Avira folder, which is relatively aside the point now. I'll get back with the logs in a few minutes.

#10 Highlygifted

Highlygifted
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:11 AM

Posted 21 November 2009 - 11:55 PM

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 23:54 on 21/11/2009 by Patrick (Administrator - Elevation successful)

No Context: *pciide.sys

No Context: *atapi.sys

-=End Of File=-


Both files were scanned, no problems found. Although pciidex was all I found, no pciide.


Redo: If this was what you intended, here it is-


SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 23:56 on 21/11/2009 by Patrick (Administrator - Elevation successful)

========== filefind ==========

Searching for "*pciide.sys"
E:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\pciide.sys --a--- 3328 bytes [17:39 31/08/2008] [17:00 23/08/2001] CCF5F451BB1A5A2A522A76E670000FF0

Searching for "*atapi.sys"
E:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\atapi.sys --a--- 96512 bytes [10:21 01/09/2008] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
E:\WINDOWS\system32\dllcache\atapi.sys --a--c 95360 bytes [23:18 21/11/2009] [02:59 04/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51
E:\WINDOWS\system32\drivers\atapi.sys --a--- 95360 bytes [23:18 21/11/2009] [02:59 04/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51
E:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys --a--- 95360 bytes [17:39 31/08/2008] [02:59 04/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51

-=End Of File=-

Edited by Highlygifted, 22 November 2009 - 12:02 AM.


#11 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:11 AM

Posted 22 November 2009 - 10:20 AM

Nice work with the SystemLook screw up. Sorry about that. :(

In regards to Avira...thanks for the clarification. Please only use that computer to visits site I recommend for now until I can get you better protected please.

Alright..please do this.

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text inside the code box below:

@Echo off
copy "E:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\pciide.sys" "E:\WINDOWS\system32\drivers" >> "%userprofile%\desktop\movefile.txt"
Notepad %userprofile%\desktop\movefile.txt

Name the file as movefile.bat, making sure save as type is set to " All Files ". It should look like Posted Image
Double click on movefile.bat & allow it to run. Copy and paste the content in your next reply (If the file does not open please check here for the file e:\movefile.txt).

==========

Please re-run SystemLook
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :filefind
    *pciide.sys
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

==========

I would like to see this file:
E:\Qoobox\ComboFix-quarantined-files.txt

==========

With your next post please provide:

* Movefile.txt
* Systemlook log
* Qoobox file
* Please do not reboot until I see the results.

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#12 Highlygifted

Highlygifted
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:11 AM

Posted 22 November 2009 - 12:26 PM

1 file(s) copied.


Was all I got from running movefile.




SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 11:48 on 22/11/2009 by Patrick (Administrator - Elevation successful)

========== filefind ==========

Searching for "*pciide.sys"
E:\WINDOWS\system32\drivers\pciide.sys --a--- 3328 bytes [16:48 22/11/2009] [17:00 23/08/2001] CCF5F451BB1A5A2A522A76E670000FF0
E:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\pciide.sys --a--- 3328 bytes [17:39 31/08/2008] [17:00 23/08/2001] CCF5F451BB1A5A2A522A76E670000FF0

-=End Of File=-


Is the result of Systemlook.



In Qoobox, there is only BackEnv, Lastrun, Quarantine, Test, and TestC folders.
In the Quarantine folder, there is a text document called catchme.



-------- 2009-11-20 - 22:57:53 -------------


-------- 2009-11-20 - 23:07:45 -------------


-------- 2009-11-21 - 00:54:46 -------------


-------- 2009-11-21 - 18:16:23 -------------

file zipped: E:\WINDOWS\system32\qsalvif.dll -> _qsalvif_.dll.zip -> qsalvif.dll ( 162487 bytes )
kill file error: E:\WINDOWS\system32\qsalvif.dll, The process cannot access the file because another process has locked a portion of the file.


That is all, I think.

Edited by Highlygifted, 22 November 2009 - 12:48 PM.


#13 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:11 AM

Posted 22 November 2009 - 05:29 PM

Good work. :(

Let's continue.......

==========

Still crashing in Safe Mode?

==========

Did you go to Add/Remove to remove Avira?

If you have not then please do so.

If you have done so and it did not work then please run this tool.

Special Note: Avira doesnt have a removal tool but they do provide a registry cleaner to remove traces of Avira so that you can reinstall and then uninstall. This tool is in German, youll have to click on the button called Keys auslesen to search the registry for any issues. Then place checkmarks next to the registry entries you wish to delete and click the Lschen button to delete the keys.

If after following these instructions you still receive a warning from Combofix that Avira is running please simply ignore the warning.

Please only use this computer to visit the sites I direct you to until I can get you cleaned up and another AV installed. :(

==========

Try this in normal mode if you can. Otherwise do it in Safe Mode.

Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

==========

RKill by Grinler

Link #1
Link #2
Link #3
Link #4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Download Link #1.
  • Save it to your Desktop.
  • Double click the RKill desktop icon.
    If you are using Vista please right click and run as Admin!
  • A black screen will briefly flash indicating a successful run.
  • If this does not occur please delete that application and download Link #2.
  • Continue process until the tool runs.
  • If the tool does not run from any of the links tell me about it.
==========

:) Warning: This script was specifically written and designed for this user only. Unsupervised use of this tool could render your computer unbootable permanently!! :)

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Folder::
E:\Documents and Settings\HelpAssistant
E:\Program Files\HelpAssistant


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

==========

With your next post please provide:

* Answer to questions
* Exehelper log
* Combofix.txt

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#14 Highlygifted

Highlygifted
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:11 AM

Posted 22 November 2009 - 09:36 PM

I'm not crashing in Regular or Safe mode now, which is progress thankfully.


exeHelper by Raktor
Build 20091122
Run at 18:06:42 on 11/22/09
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--



The foreign language Avira solution you provided was functional I presume, but it was hard to tell with the language barrier.


ComboFix 09-11-22.02 - Patrick 11/22/2009 20:07:31.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3582.3202 [GMT -5:00]
Running from: E:\Documents and Settings\Patrick\Desktop\ComboFix.exe
Command switches used :: E:\Documents and Settings\Patrick\Desktop\CFScript.txt
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
E:\WINDOWS\system32\qsalvif.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS
-------\Legacy_CTVUAZ
-------\Service_ctvuaz


((((((((((((((((((((((((( Files Created from 2009-10-23 to 2009-11-23 )))))))))))))))))))))))))))))))
.

2009-11-23 01:07:14 . 2006-08-21 10:24:28 105344 ----a-w- E:\WINDOWS\system32\drivers\nvata.sys
2009-11-23 01:07:13 . 2006-12-06 11:41:16 44416 ----a-w- E:\WINDOWS\system32\drivers\jraid.sys
2009-11-23 01:07:12 . 2004-08-04 02:59:44 95360 -c--a-w- E:\WINDOWS\system32\dllcache\atapi.sys
2009-11-23 01:07:12 . 2004-08-04 02:59:44 95360 ----a-w- E:\WINDOWS\system32\drivers\atapi.sys
2009-11-22 16:48:15 . 2001-08-23 17:00:00 3328 ----a-w- E:\WINDOWS\system32\drivers\pciide.sys
2009-11-21 05:55:39 . 2006-12-06 11:41:16 44416 ----a-r- E:\WINDOWS\system32\drivers\jraid_2.sys
2009-11-21 05:55:39 . 2006-08-21 10:24:28 105344 ----a-r- E:\WINDOWS\system32\drivers\nvata_2.sys
2009-11-21 04:05:20 . 2009-11-21 04:05:21 0 d-----w- E:\Program Files\Unlocker
2009-11-20 21:58:14 . 2009-11-20 21:58:15 4045527 ----a-w- E:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-11-20 05:10:18 . 2009-11-20 05:10:18 117760 ----a-w- E:\Documents and Settings\Patrick\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-20 05:10:10 . 2009-11-20 05:10:10 0 d-----w- E:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-11-20 05:09:12 . 2009-11-20 05:09:16 0 d-----w- E:\Program Files\SUPERAntiSpyware
2009-11-20 05:09:12 . 2009-11-20 05:09:12 0 d-----w- E:\Documents and Settings\Patrick\Application Data\SUPERAntiSpyware.com
2009-11-20 04:12:25 . 2009-10-08 16:31:46 149456 ----a-w- E:\WINDOWS\SGDetectionTool.dll
2009-11-20 04:12:25 . 2009-10-08 16:31:14 767952 ----a-w- E:\WINDOWS\BDTSupport.dll
2009-11-20 04:12:25 . 2008-11-26 17:08:42 131 ----a-w- E:\WINDOWS\IDB.zip
2009-11-20 04:12:24 . 2009-10-08 16:31:44 165840 ----a-w- E:\WINDOWS\PCTBDRes.dll
2009-11-20 04:12:24 . 2009-10-08 16:31:44 1636304 ----a-w- E:\WINDOWS\PCTBDCore.dll
2009-11-20 04:12:24 . 2009-10-02 19:19:04 1152470 ----a-w- E:\WINDOWS\UDB.zip
2009-11-20 04:11:49 . 2009-09-24 13:55:46 229304 ----a-w- E:\WINDOWS\system32\drivers\pctgntdi.sys
2009-11-20 04:11:35 . 2009-10-06 21:31:30 87784 ----a-w- E:\WINDOWS\system32\drivers\PCTAppEvent.sys
2009-11-20 04:11:35 . 2009-09-23 21:10:06 207280 ----a-w- E:\WINDOWS\system32\drivers\PCTCore.sys
2009-11-20 04:11:29 . 2009-09-03 14:45:12 70408 ----a-w- E:\WINDOWS\system32\drivers\pctplsg.sys
2009-11-20 04:11:22 . 2009-11-20 06:01:01 0 d-----w- E:\Program Files\Spyware Doctor
2009-11-20 04:11:22 . 2009-11-20 04:11:22 0 d-----w- E:\Documents and Settings\Patrick\Application Data\PC Tools
2009-11-20 04:11:22 . 2009-11-20 04:11:22 0 d-----w- E:\Documents and Settings\All Users\Application Data\PC Tools
2009-11-20 03:11:15 . 2009-11-20 03:11:16 0 d-----w- E:\Documents and Settings\Patrick\Local Settings\Application Data\Threat Expert
2009-11-19 22:56:20 . 2009-11-23 01:04:26 0 d-----w- E:\Documents and Settings\HelpAssistant
2009-11-10 01:26:38 . 2009-11-10 01:26:38 0 d-----w- E:\WINDOWS\system32\wbem\Repository
2009-10-26 03:31:17 . 2009-10-26 03:31:17 0 d-----w- E:\Program Files\Veoh Networks

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-21 03:20:00 . 2008-09-21 00:39:31 0 d---a-w- E:\Documents and Settings\All Users\Application Data\TEMP
2009-11-20 21:58:27 . 2008-09-05 12:59:10 0 d-----w- E:\Program Files\Malwarebytes' Anti-Malware
2009-11-20 01:07:33 . 2008-09-25 20:58:44 0 d-----w- E:\Documents and Settings\Patrick\Application Data\GetRightToGo
2009-11-13 12:23:49 . 2009-04-22 03:33:54 1 ----a-w- E:\Documents and Settings\Patrick\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-11-13 00:28:08 . 2008-09-05 17:10:20 0 d-----w- E:\Program Files\World of Warcraft
2009-10-26 22:19:14 . 2008-09-09 14:11:52 0 d-----w- E:\Program Files\Steam
2009-10-16 12:15:19 . 2008-09-21 00:36:28 1036064 ----a-w- E:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-10-16 01:25:47 . 2009-10-16 01:24:50 0 d-----w- E:\Documents and Settings\All Users\Application Data\Screaming Bee
2009-10-16 01:25:19 . 2009-10-16 01:25:19 0 d-----w- E:\Documents and Settings\Patrick\Application Data\Screaming Bee
2009-10-16 01:24:50 . 2009-10-16 01:24:50 0 d-----w- E:\Program Files\Screaming Bee
2009-09-27 17:50:30 . 2008-09-27 02:37:25 0 d-----w- E:\Documents and Settings\Patrick\Application Data\ImgBurn
2009-09-27 17:24:49 . 2008-09-20 04:55:53 0 d-----w- E:\Documents and Settings\Patrick\Application Data\uTorrent
2009-09-17 04:53:35 . 2009-09-11 22:01:28 9778128225 ----a-w- E:\Documents and Settings\Patrick\AionFullInstaller_1.5.0.1.zip
2009-09-10 19:54:06 . 2008-09-05 12:59:11 38224 ----a-w- E:\WINDOWS\system32\drivers\mbamswissarmy.sys
2009-09-10 19:53:50 . 2008-09-05 12:59:11 19160 ----a-w- E:\WINDOWS\system32\drivers\mbam.sys
2009-09-04 11:35:41 . 2009-09-04 11:35:41 10134 ----a-r- E:\Documents and Settings\Patrick\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2008-08-16 15:41:04 . 2008-10-23 01:06:18 1839104 ----a-w- E:\Program Files\jeopardy.exe
.

Again, it cuts off. Although everything seems functional now, I assume theres more, since HelpAssistant is still there and haunting.

Edited by Highlygifted, 22 November 2009 - 09:37 PM.


#15 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:11 AM

Posted 22 November 2009 - 10:16 PM

Some progress....

Do this please...

Re-run RKill

==========

We need to create a batch file.

:( Warning :(
This file was written specifically for this user, for use on this particular machine.
Running this on another machine may cause irreparable damage to your operating system
  • Please copy the contents of the code box below
  • Open notepad and paste the contents of the code box there
  • On the top toolbar in notepad select file
  • Then save as
  • In the box that opens type in nuke.bat for the file name
  • Right below that click the down arrow in the line for save as type and select all files
  • Save this to your desktop and close notepad
@ECHO OFF
IF EXIST log.txt DEL log.txt
ECHO Deleting folders>>log.txt
FOR %%I in (
"E:\Documents and Settings\HelpAssistant"
"E:\Program Files\HelpAssistant") DO (
IF EXIST %%I (
rmdir /S /Q %%I
DEL %%I
IF EXIST %%I (
ECHO %%I not deleted>>log.txt
) ELSE (
ECHO %%I deleted>>log.txt)
) ELSE (
ECHO %%I not found>>log.txt))
START NOTEPAD.EXE log.txt
  • Locate the nuke icon on your desktop and double click it. A box will pop up briefly on your screen and disappear, this is normal
Please post the log.txt for my review.

==========

Lets give MBAM a go...

Please rerun MBAM.

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
    • Update Malwarebytes' Anti-Malware <--- Important!!
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

==========

Right click and delete OTL.

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under "Extra Registry" please check "Use Safelist" and also check "LOP Check" and "Purity Check" as pictured.Posted Image
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
==========

With your next post please provide:

* Have any of the Combofix runs been in safe mode?
* Log.txt
* MBAM log
* OTL logs

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users