TDSS Rootkit removal help

GMER detected a suspicious modification in nvata.sys. I did some internet searches for similar problems and suspected TDL3. I downloaded and ran TDSSkiller which confirmed the presence of TDSS infection in the file but was unable to remove it, so Im posting here in hopes of further help.

logs:


DDS (Ver_10-03-17.01) - NTFSx86
Run by Mike at 17:42:51.28 on Fri 03/19/2010
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1408 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\n52te\n52teHid.exe
C:\Program Files\PIEngineering\X-keys\XKWdkApp.exe
C:\WINDOWS\system32\ctfmon.exe
c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
svchost.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Program Files\n52te\n52teTra.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Mike\Desktop\oyf154sp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Mike\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Settings,ProxyServer = http=localhost:7171
uInternet Settings,ProxyOverride = *.local;<local>
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [amd_dc_opt] "c:\program files\amd\amd_dc_opt\amd_dc_opt.exe"
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Jomantha] c:\program files\n52te\n52teHid.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Bcohume] rundll32.exe "c:\windows\anidovug.dll",Startup
mRun: [X-keys Programming] c:\program files\piengineering\x-keys\XKWdkApp.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
AppInit_DLLs: resowuki.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mike\applic~1\mozilla\firefox\profiles\nw6sb5dt.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.hotmail.com/
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\sony\media go\npmediago.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {62E3BC60-4FCC-4846-9A39-6EEE79132793} - c:\documents and settings\mike\local settings\application data\{62E3BC60-4FCC-4846-9A39-6EEE79132793}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R3 AmdTools;AMD Special Tools Driver;c:\windows\system32\drivers\AmdTools.sys [2006-7-31 31744]
R3 JmtFltr;n52te;c:\windows\system32\drivers\JmtFltr.sys [2008-12-6 48896]
S0 fbaih;fbaih; [x]
S3 bcgame;Nostromo HID Device Minidriver;c:\windows\system32\drivers\bcgame.sys [2003-7-24 22821]
S3 bcgbus;Nostromo USB Device Driver;c:\windows\system32\drivers\bcgbus.sys --> c:\windows\system32\drivers\BCGBUS.SYS [?]
S3 p17filt;p17filt;c:\windows\system32\drivers\p17filt.sys [2006-3-20 1452032]
S3 XDva007;XDva007;\??\c:\windows\system32\xdva007.sys --> c:\windows\system32\XDva007.sys [?]
S3 XDva011;XDva011;\??\c:\windows\system32\xdva011.sys --> c:\windows\system32\XDva011.sys [?]
S3 xkeysw2k;X-keys Device;c:\windows\system32\drivers\XkeysW2k.sys [2010-3-15 33519]

=============== Created Last 30 ================

2010-03-19 03:08:10 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-03-19 02:58:56 0 d--h--w- c:\windows\PIF
2010-03-19 02:41:12 0 d-----w- c:\program files\Trend Micro
2010-03-18 12:14:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-18 12:14:30 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-15 22:46:39 33519 ----a-w- c:\windows\system32\drivers\XkeysW2k.sys
2010-03-15 22:46:39 0 d-----w- c:\program files\PIEngineering
2010-03-12 04:44:15 0 d-----w- c:\program files\2K Games
2010-03-10 04:07:52 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-05 05:13:49 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-03 23:19:19 120 ----a-w- c:\windows\Cfonivebaxi.dat
2010-03-03 23:19:19 0 ----a-w- c:\windows\Aveku.bin
2010-03-03 23:15:41 116 ----a-w- c:\windows\system32\fjhdyfhsn.bat
2010-02-28 16:46:04 197632 ------w- c:\windows\eiunin2.exe
2010-02-28 16:46:03 0 d-----w- c:\program files\TRINITRON CG
2010-02-25 00:54:07 1142 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2010-02-22 02:01:36 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-02-22 02:01:36 22328 ----a-w- c:\docume~1\mike\applic~1\PnkBstrK.sys
2010-02-22 02:01:21 669184 ----a-w- c:\windows\system32\pbsvc.exe
2010-02-22 02:01:21 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-02-22 02:01:21 103736 ----a-w- c:\windows\system32\PnkBstrB.exe

==================== Find3M ====================

2010-03-19 03:08:02 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-17 12:48:32 93568 ----a-w- c:\windows\system32\drivers\nvata.sys
2010-01-26 00:36:22 39936 ----a-w- c:\windows\system32\drivers\CDAC11BA.EXE
2006-09-27 05:04:54 56 --sh--r- c:\windows\system32\E4E03A6DBD.sys
2006-09-27 05:04:54 848 --sha-w- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 17:44:45.42 ===============








GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-19 19:04:25
Windows 5.1.2600 Service Pack 3
Running: 56789.exe; Driver: C:\DOCUME~1\Mike\LOCALS~1\Temp\uxrdqpog.sys


---- Devices - GMER 1.0.15 ----

Device -> \Driver\nvata \Device\Harddisk0\DR0 8A6D5CA1

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7E 0x42 0x66 0xB5 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0x88 0x51 0xEC 0xD1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0x40 0x2D 0xF6 0x79 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq1@hdf12 0x5F 0x1F 0x24 0xA3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x52 0x1C 0xF6 0x26 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x10 0x70 0x6B 0x0F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0x88 0x51 0xEC 0xD1 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0x5D 0xBB 0x86 0xB4 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq1@hdf12 0x5F 0x1F 0x24 0xA3 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x52 0x1C 0xF6 0x26 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7E 0x42 0x66 0xB5 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0x88 0x51 0xEC 0xD1 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0x40 0x2D 0xF6 0x79 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq1@hdf12 0x5F 0x1F 0x24 0xA3 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x52 0x1C 0xF6 0x26 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D6D38D83-47E0-1D91-A091-83A967EDFC1A}

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\nvata.sys suspicious modification

---- EOF - GMER 1.0.15 ----

Hi, Vertygo

1. Download Norman TDSS Cleaner.
2. Run the downloaded program to clean the infected computer from the TDSS rootkit.
3. In some cases you may be prompted to restart the computer to completely remove an infection. Please do.
4. After the scan a report will be produced on your desktop in the for of NFix_Date_Time.txt.. Post its contents in a reply.

Thanks for the help


Norman TDSS Cleaner
Version 1.6.2
Copyright © 1990 - 2010, Norman ASA. Built 2010/03/18 07:59:07

Norman Scanner Engine Version: 6.04.03
Nvcbin.def Version: 6.04.00, Date: 2010/03/18 07:59:07, Variants: 192283

Scan started: 19/03/2010 21:46:45

Running pre-scan cleanup routine:

Running anti-TDSS module:

TDSS/TDL3 Rootkit Detected!
This system is infected with a recent version of TDSS/TDL3. Cleaning is not yet supported.

TDSS scan complete. Will now scan for related malware

Scanning bootsectors...

Number of sectors found: 1
Number of sectors scanned: 1
Number of sectors not scanned: 0
Number of infections found: 0
Number of infections removed: 0
Total scanning time: 0s 31ms


Scanning running processes and process memory...

Number of processes/threads found: 3095
Number of processes/threads scanned: 3095
Number of processes/threads not scanned: 0
Number of infected processes/threads terminated: 0
Total scanning time: 28s


Scanning file system...

Scanning: prescan

Scanning: C:\WINDOWS\system32\drivers\*

Scanning: postscan


Running post-scan cleanup routine:

Number of files found: 542
Number of archives unpacked: 0
Number of files scanned: 542
Number of files not scanned: 0
Number of files skipped due to exclude list: 0
Number of infected files found: 0
Number of infected files repaired/deleted: 0
Number of infections removed: 0
Total scanning time: 13s

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• OTL should now start. Change the following settings
  • Change Drivers to All
  • Change Standard Registry to All
  • Under File Scans, change File age to 30
• Under the Custom Scan box paste this in
  
  netsvcs
  %SYSTEMDRIVE%\*.*
  /md5start
  eventlog.dll
  scecli.dll
  netlogon.dll
  cngaudit.dll
  sceclt.dll
  ntelogon.dll
  logevent.dll
  iaStor.sys
  nvstor.sys
  atapi.sys
  IdeChnDr.sys
  viasraid.sys
  AGP440.sys
  vaxscsi.sys
  nvatabus.sys
  viamraid.sys
  nvata.sys
  nvgts.sys
  iastorv.sys
  ViPrt.sys
  eNetHook.dll
  ahcix86.sys
  KR10N.sys
  nvstor32.sys
  ahcix86s.sys
  nvrd32.sys
  /md5stop
  %systemroot%\*. /mp /s
  CREATERESTOREPOINT
  %systemroot%\System32\config\*.sav
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  
  
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt (first run only). These are saved in the same location as OTL.
  • Please post the contents of these files in your next reply.

Done

OTL logfile created on: 3/19/2010 11:40:08 PM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Mike\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 81.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.23 Gb Total Space | 31.24 Gb Free Space | 45.13% Space Free | Partition Type: NTFS
Drive D: | 6.04 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CASSANDRA
Current User Name: Mike
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/03/19 23:35:28 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
PRC - [2010/01/25 20:36:22 | 000,039,936 | ---- | M] (C-Dilla Ltd) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE
PRC - [2008/06/13 12:19:46 | 000,159,744 | ---- | M] (Razer USA Ltd.) -- C:\Program Files\n52te\n52teHid.exe
PRC - [2008/04/24 18:57:12 | 000,110,592 | ---- | M] () -- C:\Program Files\n52te\n52teTra.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/04 19:25:44 | 000,131,072 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
PRC - [2007/08/31 12:58:52 | 000,357,800 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
PRC - [2001/11/20 10:30:10 | 000,422,400 | ---- | M] (P.I. Engineering, Inc.) -- C:\Program Files\PIEngineering\X-keys\XKWdkApp.exe


========== Modules (SafeList) ==========

MOD - [2010/03/19 23:35:28 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
MOD - [2008/04/13 20:12:08 | 000,165,376 | ---- | M] () -- C:\WINDOWS\anidovug.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (Wzlnkovorknp)
SRV - [2010/01/25 20:36:22 | 000,039,936 | ---- | M] (C-Dilla Ltd) [Auto | Running] -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA)
SRV - [2007/09/04 19:25:44 | 000,131,072 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:7171

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.hotmail.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {62E3BC60-4FCC-4846-9A39-6EEE79132793}:1.9.1
FF - prefs.js..extensions.enabledItems: {239c61a8-e55f-11db-8314-0800200c9a66}:2.1.1
FF - prefs.js..extensions.enabledItems: {86FA6F53-95FE-7A69-D8C3-E1454281F8B6}:3.5.2
FF - prefs.js..extensions.enabledItems: {c1dffba0-628e-11d9-9669-0800200c9a66}:3.5.0
FF - prefs.js..extensions.enabledItems: redshift_V2@shift-themes.com:3.0


FF - HKLM\software\mozilla\Firefox\extensions\\{62E3BC60-4FCC-4846-9A39-6EEE79132793}: C:\Documents and Settings\Mike\Local Settings\Application Data\{62E3BC60-4FCC-4846-9A39-6EEE79132793} [2010/03/03 19:19:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/18 00:25:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/18 00:25:16 | 000,000,000 | ---D | M]

[2008/08/26 00:55:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Mozilla\Extensions
[2010/03/19 18:03:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\nw6sb5dt.default\extensions
[2009/12/05 10:32:05 | 000,000,000 | ---D | M] (BlackX 2) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\nw6sb5dt.default\extensions\{239c61a8-e55f-11db-8314-0800200c9a66}
[2009/12/19 01:36:04 | 000,000,000 | ---D | M] (In The Dark) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\nw6sb5dt.default\extensions\{86FA6F53-95FE-7A69-D8C3-E1454281F8B6}
[2009/12/05 10:32:05 | 000,000,000 | ---D | M] (PitchDark) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\nw6sb5dt.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}
[2010/01/13 18:41:21 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\nw6sb5dt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/12/05 10:32:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\nw6sb5dt.default\extensions\redshift_V2@shift-themes.com
[2009/12/19 01:36:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\nw6sb5dt.default\extensions\{86FA6F53-95FE-7A69-D8C3-E1454281F8B6}\chrome\mozapps\extensions
[2010/03/19 18:03:52 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/03/05 13:59:06 | 000,645,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll

O1 HOSTS File: ([2009/07/10 00:41:04 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe ()
O4 - HKLM..\Run: [Bcohume] C:\WINDOWS\anidovug.DLL ()
O4 - HKLM..\Run: [Jomantha] C:\Program Files\n52te\n52teHid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [X-keys Programming] C:\Program Files\PIEngineering\X-keys\XKWdkApp.exe (P.I. Engineering, Inc.)
O4 - HKCU..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/buxus/docs/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O20 - AppInit_DLLs: (resowuki.dll) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/05/01 14:30:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/07/20 10:41:52 | 000,000,049 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{d2aafbea-d940-11da-ac03-def45e246243}\Shell - "" = AutoRun
O33 - MountPoints2\{d2aafbea-d940-11da-ac03-def45e246243}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d2aafbea-d940-11da-ac03-def45e246243}\Shell\AutoRun\command - "" = D:\BSAutoRun.exe -- [2007/07/20 10:54:01 | 001,123,680 | R--- | M] (2K Australia)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: jviestat - (C:\WINDOWS\system32\mqbksi64.dll) - C:\WINDOWS\System32\mqbksi64.dll File not found
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2006/05/01 10:16:44 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17736316556935168)

========== Files/Folders - Created Within 14 Days ==========

[2010/03/19 23:36:24 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
[2010/03/19 21:46:32 | 003,955,768 | ---- | C] (Norman ASA) -- C:\Documents and Settings\Mike\Desktop\Norman_TDSS_Cleaner.exe
[2010/03/19 15:51:07 | 000,181,000 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Mike\Desktop\1234.com.exe
[2010/03/18 23:08:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/03/18 23:08:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/03/18 22:58:56 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010/03/18 22:41:12 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/03/18 22:41:02 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Mike\Desktop\HJTInstall.exe
[2010/03/18 08:14:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/18 08:14:30 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/18 08:11:19 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mike\Desktop\mbam-setup.exe
[2010/03/18 03:42:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/03/18 03:42:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/03/17 00:55:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/03/17 00:55:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/03/15 18:46:39 | 000,033,519 | ---- | C] (P.I. Engineering, Inc.) -- C:\WINDOWS\System32\drivers\XkeysW2k.sys
[2010/03/15 18:46:39 | 000,000,000 | ---D | C] -- C:\Program Files\PIEngineering
[2010/03/15 18:32:13 | 002,351,137 | ---- | C] (companyname) -- C:\Documents and Settings\Mike\Desktop\xkeyswxp.exe
[2010/03/12 10:52:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\My Documents\Bioshock
[2010/03/12 00:44:15 | 000,000,000 | ---D | C] -- C:\Program Files\2K Games
[2008/12/13 17:43:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/03/20 19:15:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\NVIDIA Corporation
[2006/05/01 14:30:00 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2006/05/01 14:30:00 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2002/04/11 04:41:06 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\vxNlXvo.dll
[2002/04/11 04:41:06 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\vPImen.dll
[2002/04/11 04:41:06 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\uCJHR.dll
[2002/04/11 04:41:06 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\ONyQQ.dll
[2002/04/11 04:41:06 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\NVkNOKli.dll
[2002/04/11 04:41:06 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\nbagGD.dll
[2002/04/11 04:41:06 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\eABbqqc.dll
[2002/04/11 04:41:06 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\dXaRyTKr.dll
[2002/04/11 04:41:06 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\BgEPsvT.dll
[2002/04/11 04:41:06 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\BcjlvSH.dll
[2002/04/11 04:41:06 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/03/19 23:35:28 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
[2010/03/19 23:35:09 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/19 21:45:22 | 003,955,768 | ---- | M] (Norman ASA) -- C:\Documents and Settings\Mike\Desktop\Norman_TDSS_Cleaner.exe
[2010/03/19 20:05:11 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/19 20:04:54 | 000,251,933 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/03/19 20:04:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/19 19:59:51 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2010/03/19 18:03:19 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Cfonivebaxi.dat
[2010/03/19 18:02:36 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Aveku.bin
[2010/03/19 17:54:42 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\56789.exe
[2010/03/19 17:41:24 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\dds.scr
[2010/03/19 15:49:37 | 000,181,000 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Mike\Desktop\1234.com.exe
[2010/03/18 22:58:57 | 000,363,008 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\rkill.pif
[2010/03/18 22:41:12 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\HijackThis.lnk
[2010/03/18 22:41:03 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Mike\Desktop\HJTInstall.exe
[2010/03/18 22:31:35 | 008,650,752 | -H-- | M] () -- C:\Documents and Settings\Mike\NTUSER.DAT
[2010/03/18 08:40:19 | 000,006,456 | -H-- | M] () -- C:\WINDOWS\System32\rukadusa
[2010/03/18 08:15:02 | 000,000,713 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/18 08:11:32 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mike\Desktop\mbam-setup.exe
[2010/03/17 18:33:31 | 000,524,224 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/17 18:33:31 | 000,442,694 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/17 18:33:31 | 000,071,528 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/17 18:23:52 | 000,050,176 | ---- | M] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/17 00:27:57 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/17 00:23:12 | 000,006,610 | -HS- | M] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\7tG7Er4h
[2010/03/17 00:23:12 | 000,006,610 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\7tG7Er4h
[2010/03/15 18:32:18 | 002,351,137 | ---- | M] (companyname) -- C:\Documents and Settings\Mike\Desktop\xkeyswxp.exe
[2010/03/12 01:06:18 | 000,001,916 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\BioShock.lnk
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\WINDOWS\System32\rukadusa
[2010/03/19 18:03:13 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\56789.exe
[2010/03/18 22:58:56 | 000,363,008 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\rkill.pif
[2010/03/18 22:44:35 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\dds.scr
[2010/03/18 22:41:12 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\HijackThis.lnk
[2010/03/18 08:14:34 | 000,000,713 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/17 00:21:39 | 000,006,610 | -HS- | C] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\7tG7Er4h
[2010/03/17 00:21:39 | 000,006,610 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\7tG7Er4h
[2010/03/12 01:17:51 | 000,001,916 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\BioShock.lnk
[2010/03/03 19:15:39 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\rbuwzv.dat
[2010/02/21 22:01:36 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/02/21 22:01:36 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Mike\Application Data\PnkBstrK.sys
[2008/12/24 13:30:32 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/12/06 02:31:36 | 000,048,896 | ---- | C] () -- C:\WINDOWS\System32\drivers\JmtFltr.sys
[2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,059,894 | ---- | C] () -- C:\WINDOWS\YRUYxwvlM.dll
[2008/10/07 10:13:20 | 000,059,894 | ---- | C] () -- C:\WINDOWS\System32\drivers\YdFVvd.dll
[2008/10/07 10:13:20 | 000,059,894 | ---- | C] () -- C:\WINDOWS\System32\drivers\xaCRgc.dll
[2008/10/07 10:13:20 | 000,059,894 | ---- | C] () -- C:\WINDOWS\UKnUMNVv.dll
[2008/10/07 10:13:20 | 000,059,894 | ---- | C] () -- C:\WINDOWS\System32\rhDFM.dll
[2008/10/07 10:13:20 | 000,059,894 | ---- | C] () -- C:\WINDOWS\System32\qyQgL.dll
[2008/10/07 10:13:20 | 000,059,894 | ---- | C] () -- C:\WINDOWS\System32\drivers\QruRAwNuE.dll
[2008/10/07 10:13:20 | 000,059,894 | ---- | C] () -- C:\WINDOWS\PwmkG.dll
[2008/10/07 10:13:20 | 000,059,894 | ---- | C] () -- C:\WINDOWS\System32\drivers\mhSRD.dll
[2008/10/07 10:13:20 | 000,059,894 | ---- | C] () -- C:\WINDOWS\ldWisVLgE.dll
[2008/10/07 10:13:20 | 000,059,894 | ---- | C] () -- C:\WINDOWS\JxRFCFYJE.dll
[2008/10/07 10:13:20 | 000,059,894 | ---- | C] () -- C:\WINDOWS\HLafsf.dll
[2008/10/07 10:13:20 | 000,059,894 | ---- | C] () -- C:\WINDOWS\gGfBG.dll
[2008/10/07 10:13:20 | 000,059,894 | ---- | C] () -- C:\WINDOWS\System32\drivers\gccdHau.dll
[2008/10/07 10:13:20 | 000,059,894 | ---- | C] () -- C:\WINDOWS\System32\fplmVWR.dll
[2008/10/07 10:13:20 | 000,059,894 | ---- | C] () -- C:\WINDOWS\dXeyo.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\YlOIJB.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\YcHVxxl.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\XmAwtRDH.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\xlpwNkUXN.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\wjqSaR.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\vYBYLJkPn.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\VGGbUSeEo.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\vEobUss.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\UYSWSb.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\UQSCY.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\uPoKAplJ.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\uNEYEUnf.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\TtpRhVBp.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\TSdFCLC.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\tmFQw.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\rRhMiiD.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\RNGjPyyoC.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\RKACyTLC.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\QJeQBrc.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\OPhahDJh.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\OcFtjDhfb.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\oaICBOB.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\nTQlcjvJQ.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\nQhAm.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\nlPWXmrMX.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\NjXmo.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\myyILn.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\mNHhY.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\mdbxVg.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\jNtqXEn.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\jMQXpP.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\iRSuex.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\IQaCaST.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\IJevK.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\IHlEvw.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\hxInGtjQr.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\hwHNJ.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\HkQVO.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\HcFiMXB.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\hbRDDQsFc.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\GdIIstYr.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\GcagoTWUx.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\GbrRBUlwu.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\fHaDp.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\FdsCqvmRb.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\eRwcruijd.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\EKVDeA.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\EKICOObjV.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\eKeOilXFQ.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\eJYylpexN.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\ejudTxQ.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\eCAUCQf.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\dscNQtkGT.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\dKYLfryP.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\dDcpono.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\DbAud.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\cWOystU.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\CqamRIAT.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\cFKhiUA.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\ByPItXL.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\BMRct.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\bAaRuo.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\aucIMnJF.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\APAKyvTwD.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\ADPPe.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/09/13 19:56:13 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/08/05 18:02:12 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/08/05 17:59:04 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/08/05 17:59:04 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/08/05 17:58:14 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/03/16 11:19:30 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/03/16 11:19:30 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/03/03 17:32:58 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2008/03/02 19:58:33 | 000,000,138 | ---- | C] () -- C:\WINDOWS\WinInit.Ini
[2008/01/06 17:18:29 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008/01/06 17:18:29 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008/01/06 16:58:49 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2007/07/27 16:48:48 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2007/07/27 16:48:48 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2007/07/27 16:48:48 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2007/05/23 17:07:30 | 000,000,025 | ---- | C] () -- C:\WINDOWS\TDH_Launcher.ini
[2007/05/14 16:34:52 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/04/22 02:21:15 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007/04/22 02:21:15 | 000,000,001 | ---- | C] () -- C:\WINDOWS\yedlata.dll
[2007/03/12 12:01:30 | 000,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll
[2006/12/14 23:58:50 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\fusioncache.dat
[2006/12/10 05:00:53 | 000,003,167 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/11/16 03:09:44 | 000,004,147 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2006/10/22 13:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/22 13:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/09/27 01:04:54 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\E4E03A6DBD.sys
[2006/09/27 01:04:53 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/07/28 01:15:09 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/05/03 04:13:44 | 000,050,176 | ---- | C] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/05/02 12:55:03 | 000,005,781 | ---- | C] () -- C:\WINDOWS\System32\Ludap17.ini
[2006/05/02 12:55:03 | 000,000,039 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2006/05/01 21:40:23 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2006/05/01 21:40:21 | 000,006,021 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2006/05/01 21:40:19 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2006/03/17 19:11:56 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2005/08/30 00:00:00 | 000,781,312 | ---- | C] () -- C:\WINDOWS\System32\RGSS102J.dll
[2005/08/30 00:00:00 | 000,778,752 | ---- | C] () -- C:\WINDOWS\System32\RGSS102E.dll
[2005/08/30 00:00:00 | 000,771,584 | ---- | C] () -- C:\WINDOWS\System32\RGSS100J.dll
[2004/10/08 08:01:47 | 000,165,376 | ---- | C] () -- C:\WINDOWS\anidovug.dll
[2004/10/08 08:01:47 | 000,001,152 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/03/30 03:15:02 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\ThriXXX010205PNG.dll
[2004/03/30 03:15:01 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\ThriXXX015003JP2.dll
[2004/03/30 03:15:01 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\ThriXXX010104Z.dll
[2003/10/02 21:48:18 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2003/05/23 06:08:52 | 000,107,008 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2003/05/23 06:08:52 | 000,020,992 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[1997/11/17 17:13:16 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll

========== LOP Check ==========

[2008/09/13 20:05:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
[2010/02/21 17:51:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BioWare
[2008/01/06 17:01:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2008/10/13 18:23:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kpgzgjoh
[2008/10/09 08:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pubopyfy
[2009/06/06 11:18:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Stardock
[2006/05/26 04:24:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\.bittorrent
[2009/08/05 17:57:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Azureus
[2010/03/19 20:14:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Bioshock
[2008/01/06 17:00:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\DAEMON Tools Pro
[2008/03/30 15:36:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\DisplayTune
[2007/03/08 20:53:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Electronic Arts
[2007/05/30 20:26:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\fltk.org
[2008/10/15 18:12:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\GetRightToGo
[2008/05/15 00:43:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\INTERHEART
[2007/11/05 20:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Leadertech
[2009/02/14 01:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Mount&Blade
[2008/12/06 02:31:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\n52te
[2006/05/03 01:53:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Netscape
[2010/01/11 00:45:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Sony
[2010/01/11 00:41:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Sony Setup
[2009/06/06 11:18:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Stardock
[2007/10/31 19:09:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\SystemRequirementsLab

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2007/03/26 13:28:41 | 000,056,883 | ---- | M] () -- C:\1816.jpg
[2007/07/01 20:18:02 | 000,998,977 | ---- | M] () -- C:\2007 006.jpg
[2006/05/01 14:30:02 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2007/02/20 01:38:30 | 000,029,297 | ---- | M] () -- C:\bookmarks.html
[2009/05/13 08:44:03 | 000,000,223 | ---- | M] () -- C:\Boot.bak
[2009/05/13 09:10:21 | 000,000,293 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/03/17 00:30:48 | 000,162,077 | ---- | M] () -- C:\ComboFix.txt
[2006/05/01 14:30:02 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2006/05/26 00:44:26 | 000,000,216 | ---- | M] () -- C:\DebugTrace-RockallDLL.log
[2007/05/30 20:19:37 | 000,000,746 | ---- | M] () -- C:\deltaStartup.log
[2008/01/28 02:23:47 | 000,196,405 | ---- | M] () -- C:\DunDrag [mininova].torrent
[2009/10/14 01:03:26 | 000,603,731 | ---- | M] () -- C:\Forged_by_Chaos_by_andreauderzo.jpg
[2006/12/08 20:59:35 | 000,000,272 | ---- | M] () -- C:\fudgie_no_bakes.txt
[2006/05/18 02:49:57 | 000,016,374 | ---- | M] () -- C:\Guitar_wiring.html
[2006/05/01 14:30:02 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2005/04/08 18:06:25 | 000,026,055 | ---- | M] () -- C:\kenshin.jpg
[2006/05/01 14:30:02 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/10/08 08:01:47 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/04 18:50:33 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/03/19 20:04:45 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2008/03/30 15:36:50 | 000,000,173 | ---- | M] () -- C:\pdisdk.log
[2006/07/23 23:08:25 | 029,398,885 | ---- | M] (CyberLink ) -- C:\PDVD_6_trial_9lang.exe
[2008/03/30 15:37:08 | 000,000,184 | ---- | M] () -- C:\pivot.log
[2007/02/22 12:05:36 | 000,090,112 | ---- | M] () -- C:\Progr_.dll
[2009/05/20 00:26:42 | 000,002,677 | ---- | M] () -- C:\rapport.txt
[2010/03/18 22:59:24 | 000,000,434 | ---- | M] () -- C:\rkill.log
[2007/01/17 03:02:18 | 000,115,807 | ---- | M] () -- C:\ss365.jpg
[2007/12/04 21:31:47 | 000,068,375 | ---- | M] () -- C:\ss365blue.JPG
[2007/12/04 19:55:43 | 000,031,515 | ---- | M] () -- C:\ss365edit1.JPG
[2007/12/04 19:59:06 | 000,031,438 | ---- | M] () -- C:\ss365edit2.JPG
[2008/11/18 11:00:25 | 000,103,424 | ---- | M] () -- C:\ss690.jpg
[2008/02/02 00:57:23 | 000,819,957 | ---- | M] () -- C:\sshot079.jpg
[2008/10/09 01:29:32 | 000,077,824 | ---- | M] (Task Manager Fix) -- C:\TaskManagerFix.exe
[2010/03/19 15:51:34 | 000,013,352 | ---- | M] () -- C:\TDSSKiller.2.2.8_19.03.2010_15.51.34_log.txt
[2010/03/19 16:01:14 | 000,013,352 | ---- | M] () -- C:\TDSSKiller.2.2.8_19.03.2010_16.01.14_log.txt
[2010/03/19 17:40:26 | 000,013,352 | ---- | M] () -- C:\TDSSKiller.2.2.8_19.03.2010_17.40.26_log.txt
[2007/07/07 03:30:50 | 000,000,013 | ---- | M] () -- C:\vidcard serial.txt
[2007/06/08 12:45:56 | 000,438,450 | ---- | M] () -- C:\viking_kittens.zip
[2010/03/19 20:04:53 | 000,000,000 | ---- | M] () -- C:\XkeysLog.txt


< MD5 for: AGP440.SYS >
[2004/10/08 08:01:47 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/04 18:49:19 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/09/04 18:49:19 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/10/08 08:01:47 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/04 18:49:19 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/09/04 18:49:19 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/10/08 08:01:47 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/10/08 08:01:47 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2004/10/08 08:01:47 | 000,465,280 | ---- | M] (Intel Corporation) MD5=C69AA55D8D357CF0692563AB2D43E81B -- C:\DRIVERS\006_STORAGE\INTEL\SATARAID\IASTOR.SYS

< MD5 for: IDECHNDR.SYS >
[2004/10/08 08:01:47 | 000,101,431 | ---- | M] (Intel Corporation) MD5=7D2B8BE9E89628663C1FB571F7C34062 -- C:\DRIVERS\006_STORAGE\INTEL\EIDE\IDECHNDR.SYS

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/10/08 08:01:47 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NVATA.SYS >
[2005/08/18 21:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\DRIVERS\006_STORAGE\NVIDIA\EIDE\NVATA.SYS
[2005/08/18 21:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\PNPDRIVERS\NVIDIA\CHIPSET\6.82\IDE\WIN2K\SATA_IDE\NVATA.SYS
[2005/08/18 21:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\PNPDRIVERS\NVIDIA\CHIPSET\6.82\IDE\WINXP\SATA_IDE\NVATA.SYS
[2010/03/17 08:48:32 | 000,093,568 | ---- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\WINDOWS\system32\drivers\nvata.sys

< MD5 for: NVATABUS.SYS >
[2005/08/18 21:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\DRIVERS\006_STORAGE\NVIDIA\RAID\NVATABUS.SYS
[2005/08/18 21:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\PNPDRIVERS\NVIDIA\CHIPSET\6.82\IDE\WIN2K\SATARAID\NVATABUS.SYS
[2005/08/18 21:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\PNPDRIVERS\NVIDIA\CHIPSET\6.82\IDE\WINXP\SATARAID\NVATABUS.SYS
[2006/01/10 22:43:04 | 000,093,568 | ---- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\WINDOWS\system32\drivers\nvatabus.sys
[2004/10/08 08:01:47 | 000,063,744 | ---- | M] (NVIDIA Corporation) MD5=06F86506555644CBA020CD2CFFE28668 -- C:\DRIVERS\006_STORAGE\NVIDIA\EIDE\NVATABUS.SYS

< MD5 for: SCECLI.DLL >
[2004/10/08 08:01:47 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: VIAMRAID.SYS >
[2005/04/08 15:43:26 | 000,060,928 | ---- | M] (VIA Technologies inc,.ltd) MD5=0363E216E4EB5052969C96608934DBDE -- C:\DRIVERS\006_STORAGE\64XX\VIAMRAID.SYS

< MD5 for: VIASRAID.SYS >
[2004/10/08 08:01:47 | 000,077,312 | ---- | M] (VIA Technologies inc,.ltd) MD5=EBE101C01D80A42868F57B327BE1B564 -- C:\DRIVERS\006_STORAGE\VIA\SATARAID\VIASRAID.SYS

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/05/01 10:21:10 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/05/01 10:21:10 | 000,667,648 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/05/01 10:21:09 | 000,901,120 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >
< End of report >



OTL Extras logfile created on: 3/19/2010 11:40:08 PM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Mike\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 81.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.23 Gb Total Space | 31.24 Gb Free Space | 45.13% Space Free | Partition Type: NTFS
Drive D: | 6.04 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CASSANDRA
Current User Name: Mike
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus -- (Azureus Inc)
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- ()
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0AC8162B-5175-41D7-B963-8307A40BD456}" = n52te Editor
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation®Store
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}" = RGSS-RTP Standard
"{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{886C92E6-4AF1-4290-BB86-4B5064A1BB7D}" = AMD Dual-Core Optimizer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C5FAD77-F678-4758-A296-C12F08D179E0}" = Microsoft IntelliPoint 6.2
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{B08EFBF9-7E97-44B0-A077-8B6C10C6D98A}" = X-keys
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation®Network Downloader
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BBB3F622-D848-4CDA-B282-CC53627432F0}" = Microsoft Application Compatibility Toolkit 5.5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{E280923D-C5D9-4728-8C79-AC9A0DC75875}" = BioShock
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{FBE5AA96-22F0-4C4A-8E92-4BE3498D4CCB}" = Media Go
"0D91165CEEB2095316E8A04A59CDF0AE4B957C61" = Windows Driver Package - MOTOROLA (uisp) USB (09/08/2006 1.2.0.0)
"7-Zip" = 7-Zip 4.42
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ASF-AVI-RM-WMV Repair_is1" = ASF-AVI-RM-WMV Repair 1.82
"Azureus" = Azureus
"B3F2F39D9A48AD78A74BA5D236210A6E48B1333C" = Windows Driver Package - Belkin (HidUsb) HIDClass (01/11/2007 1.0)
"Bink and Smacker" = Bink and Smacker
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2006-12-15
"Device Control" = Device Control
"Driver Cleaner Pro" = DH Driver Cleaner Professional Edition
"EAX" = Creative EAX Console
"FLVPlayer" = FLV Player 1.3.3
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PunkBusterSvc" = PunkBuster Services
"RealAlt_is1" = Real Alternative 1.52
"RER MOV Converter3.0.5" = RER MOV Converter
"SPEAKER" = Creative Speaker Settings
"Warhammer Online: Age of Reckoning" = Warhammer Online: Age of Reckoning Beta
"WinAce Archiver" = WinAce Archiver
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1" = Xvid 1.1.3 final uninstall

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/17/2008 11:12:58 AM | Computer Name = CASSANDRA | Source = Application Error | ID = 1000
Description = Faulting application wjqs.exe, version 0.0.0.0, faulting module wjqs.exe,
version 0.0.0.0, fault address 0x000010ad.

Error - 8/18/2008 7:48:12 PM | Computer Name = CASSANDRA | Source = Application Hang | ID = 1002
Description = Hanging application WAR.exe, version 0.0.2.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/29/2008 3:18:07 PM | Computer Name = CASSANDRA | Source = Application Error | ID = 1000
Description = Faulting application wjqs.exe, version 0.0.0.0, faulting module wjqs.exe,
version 0.0.0.0, fault address 0x000015fc.

Error - 8/29/2008 3:21:57 PM | Computer Name = CASSANDRA | Source = Application Error | ID = 1000
Description = Faulting application uninstall.exe, version 0.0.0.0, faulting module
uninstall.exe, version 0.0.0.0, fault address 0x0003221e.

Error - 8/29/2008 3:22:50 PM | Computer Name = CASSANDRA | Source = Application Error | ID = 1000
Description = Faulting application uninstall.exe, version 0.0.0.0, faulting module
uninstall.exe, version 0.0.0.0, fault address 0x0003221e.

Error - 9/7/2008 1:47:23 AM | Computer Name = CASSANDRA | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 9/13/2008 10:39:01 AM | Computer Name = CASSANDRA | Source = Application Hang | ID = 1002
Description = Hanging application WAR.exe, version 1.0.0.341, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/30/2008 1:11:40 PM | Computer Name = CASSANDRA | Source = Application Hang | ID = 1002
Description = Hanging application WAR.exe, version 1.0.0.361, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/30/2008 1:12:24 PM | Computer Name = CASSANDRA | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x073ccc80.

Error - 10/5/2008 2:03:28 AM | Computer Name = CASSANDRA | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3188, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 3/18/2010 10:32:39 PM | Computer Name = CASSANDRA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep

Error - 3/18/2010 10:59:21 PM | Computer Name = CASSANDRA | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 3/19/2010 5:43:23 PM | Computer Name = CASSANDRA | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the PolicyAgent service.

Error - 3/19/2010 5:44:22 PM | Computer Name = CASSANDRA | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the JavaQuickStarterService service.

Error - 3/19/2010 5:58:51 PM | Computer Name = CASSANDRA | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the dmserver service.

Error - 3/19/2010 5:59:20 PM | Computer Name = CASSANDRA | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the ShellHWDetection service.

Error - 3/19/2010 6:02:51 PM | Computer Name = CASSANDRA | Source = Service Control Manager | ID = 7000
Description = The npkcrypt service failed to start due to the following error: %%3

Error - 3/19/2010 6:02:53 PM | Computer Name = CASSANDRA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep

Error - 3/19/2010 8:05:08 PM | Computer Name = CASSANDRA | Source = Service Control Manager | ID = 7000
Description = The npkcrypt service failed to start due to the following error: %%3

Error - 3/19/2010 8:05:11 PM | Computer Name = CASSANDRA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep


< End of report >

• Please double-click OTL.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• Copy the lines in the quote below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  QUOTE
  :OTL
  O20 - AppInit_DLLs: (resowuki.dll) - File not found
  O36 - AppCertDlls: jviestat - (C:\WINDOWS\system32\mqbksi64.dll) - C:\WINDOWS\System32\mqbksi64.dll File not found
  
  :Files
  C:\Documents and Settings\Mike\Desktop\Norman_TDSS_Cleaner.exe
  C:\Documents and Settings\Mike\Desktop\1234.com.exe
  C:\DRIVERS\006_STORAGE\NVIDIA\EIDE\NVATA.SYS|C:\WINDOWS\system32\drivers\nvata.sys /replace
  
  :Commands
  [EMPTYTEMP]
  [REBOOT]
  
  
• Return to OTL, right click in the "Custom Scans/Fixes" window and choose Paste.
• Click the red Run Fix button.
• The computer will restart
• A report will be produced and saved in the C:\_OTL\MovedFiles folder. Open that report and post its contents in a reply.

Upon restart:

• Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
• OTL should now start. Change the following settings
  • Change Drivers to All
  • Change Standard Registry to All
  • Under File Scans, change File age to 30
• Under the Custom Scan box paste this in
  
  
  /md5start
  nvata.sys
  /md5stop
  
  
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, a reort will be produced, OTL.Txt. This file will be saved in the same location as OTL.
  • Please post the contents of this file in your next reply.

Sorry for how long this reply took. I needed to sleep.


Was OTL successful in cleaning it?


All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:resowuki.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\jviestat:C:\WINDOWS\system32\mqbksi64.dll deleted successfully.
========== FILES ==========
C:\Documents and Settings\Mike\Desktop\Norman_TDSS_Cleaner.exe moved successfully.
C:\Documents and Settings\Mike\Desktop\1234.com.exe moved successfully.
File C:\DRIVERS\006_STORAGE\NVIDIA\EIDE\NVATA.SYS successfully replaced with C:\WINDOWS\system32\drivers\nvata.sys
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Mike
->Temp folder emptied: 4971259 bytes
->Temporary Internet Files folder emptied: 4444637 bytes
->Java cache emptied: 56156581 bytes
->FireFox cache emptied: 42773196 bytes
->Flash cache emptied: 7856 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 48650569 bytes
->Flash cache emptied: 19219 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2162283 bytes
%systemroot%\System32 .tmp files removed: 1262609 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 39302372 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 105633 bytes
RecycleBin emptied: 1558 bytes

Total Files Cleaned = 191.00 mb


OTL by OldTimer - Version 3.1.37.3 log created on 03202010_080637

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...





OTL logfile created on: 3/20/2010 8:10:10 AM - Run 2
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Mike\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 83.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.23 Gb Total Space | 31.42 Gb Free Space | 45.38% Space Free | Partition Type: NTFS
Drive D: | 6.04 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CASSANDRA
Current User Name: Mike
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/03/19 23:35:28 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
PRC - [2010/01/25 20:36:22 | 000,039,936 | ---- | M] (C-Dilla Ltd) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE
PRC - [2008/06/13 12:19:46 | 000,159,744 | ---- | M] (Razer USA Ltd.) -- C:\Program Files\n52te\n52teHid.exe
PRC - [2008/04/24 18:57:12 | 000,110,592 | ---- | M] () -- C:\Program Files\n52te\n52teTra.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/04 19:25:44 | 000,131,072 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
PRC - [2007/08/31 12:58:52 | 000,357,800 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
PRC - [2001/11/20 10:30:10 | 000,422,400 | ---- | M] (P.I. Engineering, Inc.) -- C:\Program Files\PIEngineering\X-keys\XKWdkApp.exe


========== Modules (SafeList) ==========

MOD - [2010/03/19 23:35:28 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
MOD - [2008/04/13 20:12:08 | 000,165,376 | ---- | M] () -- C:\WINDOWS\anidovug.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (Wzlnkovorknp)
SRV - [2010/01/25 20:36:22 | 000,039,936 | ---- | M] (C-Dilla Ltd) [Auto | Running] -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA)
SRV - [2007/09/04 19:25:44 | 000,131,072 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:7171

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.hotmail.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {62E3BC60-4FCC-4846-9A39-6EEE79132793}:1.9.1
FF - prefs.js..extensions.enabledItems: {239c61a8-e55f-11db-8314-0800200c9a66}:2.1.1
FF - prefs.js..extensions.enabledItems: {86FA6F53-95FE-7A69-D8C3-E1454281F8B6}:3.5.2
FF - prefs.js..extensions.enabledItems: {c1dffba0-628e-11d9-9669-0800200c9a66}:3.5.0
FF - prefs.js..extensions.enabledItems: redshift_V2@shift-themes.com:3.0


FF - HKLM\software\mozilla\Firefox\extensions\\{62E3BC60-4FCC-4846-9A39-6EEE79132793}: C:\Documents and Settings\Mike\Local Settings\Application Data\{62E3BC60-4FCC-4846-9A39-6EEE79132793} [2010/03/03 19:19:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/18 00:25:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/18 00:25:16 | 000,000,000 | ---D | M]

[2008/08/26 00:55:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Mozilla\Extensions
[2010/03/19 18:03:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\nw6sb5dt.default\extensions
[2009/12/05 10:32:05 | 000,000,000 | ---D | M] (BlackX 2) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\nw6sb5dt.default\extensions\{239c61a8-e55f-11db-8314-0800200c9a66}
[2009/12/19 01:36:04 | 000,000,000 | ---D | M] (In The Dark) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\nw6sb5dt.default\extensions\{86FA6F53-95FE-7A69-D8C3-E1454281F8B6}
[2009/12/05 10:32:05 | 000,000,000 | ---D | M] (PitchDark) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\nw6sb5dt.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}
[2010/01/13 18:41:21 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\nw6sb5dt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/12/05 10:32:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\nw6sb5dt.default\extensions\redshift_V2@shift-themes.com
[2009/12/19 01:36:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\nw6sb5dt.default\extensions\{86FA6F53-95FE-7A69-D8C3-E1454281F8B6}\chrome\mozapps\extensions
[2010/03/19 18:03:52 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/03/05 13:59:06 | 000,645,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll

O1 HOSTS File: ([2009/07/10 00:41:04 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe ()
O4 - HKLM..\Run: [Bcohume] C:\WINDOWS\anidovug.DLL ()
O4 - HKLM..\Run: [Jomantha] C:\Program Files\n52te\n52teHid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [X-keys Programming] C:\Program Files\PIEngineering\X-keys\XKWdkApp.exe (P.I. Engineering, Inc.)
O4 - HKCU..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/buxus/docs/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 71.252.0.12 71.242.0.12
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/05/01 14:30:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/07/20 10:41:52 | 000,000,049 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{d2aafbea-d940-11da-ac03-def45e246243}\Shell - "" = AutoRun
O33 - MountPoints2\{d2aafbea-d940-11da-ac03-def45e246243}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d2aafbea-d940-11da-ac03-def45e246243}\Shell\AutoRun\command - "" = D:\BSAutoRun.exe -- [2007/07/20 10:54:01 | 001,123,680 | R--- | M] (2K Australia)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/03/20 08:06:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/03/19 23:36:24 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
[2010/03/18 23:08:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/03/18 23:08:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/03/18 22:58:56 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010/03/18 22:41:12 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/03/18 22:41:02 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Mike\Desktop\HJTInstall.exe
[2010/03/18 08:14:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/18 08:14:30 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/18 08:11:19 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mike\Desktop\mbam-setup.exe
[2010/03/18 03:42:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/03/18 03:42:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/03/17 00:55:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/03/17 00:55:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/03/15 18:46:39 | 000,033,519 | ---- | C] (P.I. Engineering, Inc.) -- C:\WINDOWS\System32\drivers\XkeysW2k.sys
[2010/03/15 18:46:39 | 000,000,000 | ---D | C] -- C:\Program Files\PIEngineering
[2010/03/15 18:32:13 | 002,351,137 | ---- | C] (companyname) -- C:\Documents and Settings\Mike\Desktop\xkeyswxp.exe
[2010/03/12 10:52:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\My Documents\Bioshock
[2010/03/12 00:44:15 | 000,000,000 | ---D | C] -- C:\Program Files\2K Games
[2008/12/13 17:43:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/03/20 19:15:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\NVIDIA Corporation
[2006/05/01 14:30:00 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2006/05/01 14:30:00 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2002/04/11 04:41:06 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\vxNlXvo.dll
[2002/04/11 04:41:06 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\vPImen.dll
[2002/04/11 04:41:06 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\uCJHR.dll
[2002/04/11 04:41:06 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\ONyQQ.dll
[2002/04/11 04:41:06 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\NVkNOKli.dll
[2002/04/11 04:41:06 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\nbagGD.dll
[2002/04/11 04:41:06 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\eABbqqc.dll
[2002/04/11 04:41:06 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\dXaRyTKr.dll
[2002/04/11 04:41:06 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\BgEPsvT.dll
[2002/04/11 04:41:06 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\BcjlvSH.dll
[2002/04/11 04:41:06 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll

========== Files - Modified Within 14 Days ==========

[2010/03/20 08:08:41 | 000,251,933 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/03/20 08:08:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Aveku.bin
[2010/03/20 08:08:08 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/20 08:07:50 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/20 08:07:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/20 08:07:00 | 008,650,752 | -H-- | M] () -- C:\Documents and Settings\Mike\NTUSER.DAT
[2010/03/19 23:35:28 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
[2010/03/19 19:59:51 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2010/03/19 18:03:19 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Cfonivebaxi.dat
[2010/03/19 17:54:42 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\56789.exe
[2010/03/19 17:41:24 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\dds.scr
[2010/03/18 22:58:57 | 000,363,008 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\rkill.pif
[2010/03/18 22:41:12 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\HijackThis.lnk
[2010/03/18 22:41:03 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Mike\Desktop\HJTInstall.exe
[2010/03/18 08:40:19 | 000,006,456 | -H-- | M] () -- C:\WINDOWS\System32\rukadusa
[2010/03/18 08:15:02 | 000,000,713 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/18 08:11:32 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mike\Desktop\mbam-setup.exe
[2010/03/17 18:33:31 | 000,524,224 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/17 18:33:31 | 000,442,694 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/17 18:33:31 | 000,071,528 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/17 18:23:52 | 000,050,176 | ---- | M] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/17 00:27:57 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/17 00:23:12 | 000,006,610 | -HS- | M] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\7tG7Er4h
[2010/03/17 00:23:12 | 000,006,610 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\7tG7Er4h
[2010/03/15 18:32:18 | 002,351,137 | ---- | M] (companyname) -- C:\Documents and Settings\Mike\Desktop\xkeyswxp.exe
[2010/03/12 01:06:18 | 000,001,916 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\BioShock.lnk

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\WINDOWS\System32\rukadusa
[2010/03/19 18:03:13 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\56789.exe
[2010/03/18 22:58:56 | 000,363,008 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\rkill.pif
[2010/03/18 22:44:35 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\dds.scr
[2010/03/18 22:41:12 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\HijackThis.lnk
[2010/03/18 08:14:34 | 000,000,713 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/17 00:21:39 | 000,006,610 | -HS- | C] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\7tG7Er4h
[2010/03/17 00:21:39 | 000,006,610 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\7tG7Er4h
[2010/03/12 01:17:51 | 000,001,916 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\BioShock.lnk
[2010/03/03 19:15:39 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\rbuwzv.dat
[2010/02/21 22:01:36 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/02/21 22:01:36 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Mike\Application Data\PnkBstrK.sys
[2008/12/24 13:30:32 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/12/06 02:31:36 | 000,048,896 | ---- | C] () -- C:\WINDOWS\System32\drivers\JmtFltr.sys
[2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,059,894 | ---- | C] () -- C:\WINDOWS\YRUYxwvlM.dll
[2008/10/07 10:13:20 | 000,059,894 | ---- | C] () -- C:\WINDOWS\System32\drivers\YdFVvd.dll
[2008/10/07 10:13:20 | 000,059,894 | ---- | C] () -- C:\WINDOWS\System32\drivers\xaCRgc.dll
[2008/10/07 10:13:20 | 000,059,894 | ---- | C] () -- C:\WINDOWS\UKnUMNVv.dll
[2008/10/07 10:13:20 | 000,059,894 | ---- | C] () -- C:\WINDOWS\System32\rhDFM.dll
[2008/10/07 10:13:20 | 000,059,894 | ---- | C] () -- C:\WINDOWS\System32\qyQgL.dll
[2008/10/07 10:13:20 | 000,059,894 | ---- | C] () -- C:\WINDOWS\System32\drivers\QruRAwNuE.dll
[2008/10/07 10:13:20 | 000,059,894 | ---- | C] () -- C:\WINDOWS\PwmkG.dll
[2008/10/07 10:13:20 | 000,059,894 | ---- | C] () -- C:\WINDOWS\System32\drivers\mhSRD.dll
[2008/10/07 10:13:20 | 000,059,894 | ---- | C] () -- C:\WINDOWS\ldWisVLgE.dll
[2008/10/07 10:13:20 | 000,059,894 | ---- | C] () -- C:\WINDOWS\JxRFCFYJE.dll
[2008/10/07 10:13:20 | 000,059,894 | ---- | C] () -- C:\WINDOWS\HLafsf.dll
[2008/10/07 10:13:20 | 000,059,894 | ---- | C] () -- C:\WINDOWS\gGfBG.dll
[2008/10/07 10:13:20 | 000,059,894 | ---- | C] () -- C:\WINDOWS\System32\drivers\gccdHau.dll
[2008/10/07 10:13:20 | 000,059,894 | ---- | C] () -- C:\WINDOWS\System32\fplmVWR.dll
[2008/10/07 10:13:20 | 000,059,894 | ---- | C] () -- C:\WINDOWS\dXeyo.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\YlOIJB.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\YcHVxxl.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\XmAwtRDH.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\xlpwNkUXN.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\wjqSaR.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\vYBYLJkPn.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\VGGbUSeEo.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\vEobUss.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\UYSWSb.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\UQSCY.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\uPoKAplJ.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\uNEYEUnf.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\TtpRhVBp.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\TSdFCLC.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\tmFQw.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\rRhMiiD.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\RNGjPyyoC.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\RKACyTLC.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\QJeQBrc.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\OPhahDJh.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\OcFtjDhfb.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\oaICBOB.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\nTQlcjvJQ.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\nQhAm.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\nlPWXmrMX.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\NjXmo.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\myyILn.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\mNHhY.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\mdbxVg.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\jNtqXEn.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\jMQXpP.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\iRSuex.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\IQaCaST.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\IJevK.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\IHlEvw.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\hxInGtjQr.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\hwHNJ.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\HkQVO.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\HcFiMXB.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\hbRDDQsFc.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\GdIIstYr.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\GcagoTWUx.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\GbrRBUlwu.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\fHaDp.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\FdsCqvmRb.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\eRwcruijd.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\EKVDeA.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\EKICOObjV.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\eKeOilXFQ.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\eJYylpexN.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\ejudTxQ.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\eCAUCQf.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\dscNQtkGT.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\dKYLfryP.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\dDcpono.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\DbAud.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\cWOystU.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\CqamRIAT.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\cFKhiUA.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\ByPItXL.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\BMRct.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\bAaRuo.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\aucIMnJF.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\APAKyvTwD.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\ADPPe.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/09/13 19:56:13 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/08/05 18:02:12 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/08/05 17:59:04 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/08/05 17:59:04 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/08/05 17:58:14 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/03/16 11:19:30 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/03/16 11:19:30 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/03/03 17:32:58 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2008/03/02 19:58:33 | 000,000,138 | ---- | C] () -- C:\WINDOWS\WinInit.Ini
[2008/01/06 17:18:29 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008/01/06 17:18:29 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008/01/06 16:58:49 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2007/07/27 16:48:48 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2007/07/27 16:48:48 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2007/07/27 16:48:48 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2007/05/23 17:07:30 | 000,000,025 | ---- | C] () -- C:\WINDOWS\TDH_Launcher.ini
[2007/05/14 16:34:52 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/04/22 02:21:15 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007/04/22 02:21:15 | 000,000,001 | ---- | C] () -- C:\WINDOWS\yedlata.dll
[2007/03/12 12:01:30 | 000,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll
[2006/12/14 23:58:50 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\fusioncache.dat
[2006/12/10 05:00:53 | 000,003,167 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/11/16 03:09:44 | 000,004,147 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2006/10/22 13:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/22 13:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/09/27 01:04:54 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\E4E03A6DBD.sys
[2006/09/27 01:04:53 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/07/28 01:15:09 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/05/03 04:13:44 | 000,050,176 | ---- | C] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/05/02 12:55:03 | 000,005,781 | ---- | C] () -- C:\WINDOWS\System32\Ludap17.ini
[2006/05/02 12:55:03 | 000,000,039 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2006/05/01 21:40:23 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2006/05/01 21:40:21 | 000,006,021 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2006/05/01 21:40:19 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2006/03/17 19:11:56 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2005/08/30 00:00:00 | 000,781,312 | ---- | C] () -- C:\WINDOWS\System32\RGSS102J.dll
[2005/08/30 00:00:00 | 000,778,752 | ---- | C] () -- C:\WINDOWS\System32\RGSS102E.dll
[2005/08/30 00:00:00 | 000,771,584 | ---- | C] () -- C:\WINDOWS\System32\RGSS100J.dll
[2004/10/08 08:01:47 | 000,165,376 | ---- | C] () -- C:\WINDOWS\anidovug.dll
[2004/10/08 08:01:47 | 000,001,152 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/03/30 03:15:02 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\ThriXXX010205PNG.dll
[2004/03/30 03:15:01 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\ThriXXX015003JP2.dll
[2004/03/30 03:15:01 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\ThriXXX010104Z.dll
[2003/10/02 21:48:18 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2003/05/23 06:08:52 | 000,107,008 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2003/05/23 06:08:52 | 000,020,992 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[1997/11/17 17:13:16 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll

========== LOP Check ==========

[2008/09/13 20:05:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
[2010/02/21 17:51:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BioWare
[2008/01/06 17:01:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2008/10/13 18:23:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kpgzgjoh
[2008/10/09 08:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pubopyfy
[2009/06/06 11:18:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Stardock
[2006/05/26 04:24:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\.bittorrent
[2009/08/05 17:57:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Azureus
[2010/03/19 20:14:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Bioshock
[2008/01/06 17:00:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\DAEMON Tools Pro
[2008/03/30 15:36:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\DisplayTune
[2007/03/08 20:53:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Electronic Arts
[2007/05/30 20:26:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\fltk.org
[2008/10/15 18:12:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\GetRightToGo
[2008/05/15 00:43:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\INTERHEART
[2007/11/05 20:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Leadertech
[2009/02/14 01:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Mount&Blade
[2008/12/06 02:31:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\n52te
[2006/05/03 01:53:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Netscape
[2010/01/11 00:45:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Sony
[2010/01/11 00:41:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Sony Setup
[2009/06/06 11:18:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Stardock
[2007/10/31 19:09:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\SystemRequirementsLab

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: NVATA.SYS >
[2010/03/17 08:48:32 | 000,093,568 | ---- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\DRIVERS\006_STORAGE\NVIDIA\EIDE\NVATA.SYS
[2005/08/18 21:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\PNPDRIVERS\NVIDIA\CHIPSET\6.82\IDE\WIN2K\SATA_IDE\NVATA.SYS
[2005/08/18 21:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\PNPDRIVERS\NVIDIA\CHIPSET\6.82\IDE\WINXP\SATA_IDE\NVATA.SYS
[2010/03/17 08:48:32 | 000,093,568 | ---- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\WINDOWS\system32\drivers\nvata.sys
< End of report >

Lets try that again.

• Please double-click OTL.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• Copy the lines in the quote below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  QUOTE
  :Files
  C:\WINDOWS\system32\drivers\nvata.sys|C:\PNPDRIVERS\NVIDIA\CHIPSET\6.82\IDE\WINXP\SATA_IDE\NVATA.SYS /replace
  C:\DRIVERS\006_STORAGE\NVIDIA\EIDE\NVATA.SYS|C:\PNPDRIVERS\NVIDIA\CHIPSET\6.82\IDE\WINXP\SATA_IDE\NVATA.SYS /replace
  
  :Commands
  [REBOOT]
  
  
• Return to OTL, right click in the "Custom Scans/Fixes" window and choose Paste.
• Click the red Run Fix button.
• The computer will restart
• A report will be produced and saved in the C:\_OTL\MovedFiles folder. Open that report and post its contents in a reply.

Upon restart:

• Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
• OTL should now start. Change the following settings
  • Change Drivers to All
  • Change Standard Registry to All
  • Under File Scans, change File age to 30
• Under the Custom Scan box paste this in
  
  
  /md5start
  nvata.sys
  /md5stop
  
  
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, a reort will be produced, OTL.Txt. This file will be saved in the same location as OTL.
  • Please post the contents of this file in your next reply.

done

notably, some of the settings in OTL appear to change when I click quick scan, is this normal?

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:resowuki.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\jviestat:C:\WINDOWS\system32\mqbksi64.dll deleted successfully.
========== FILES ==========
File\Folder C:\Documents and Settings\Mike\Desktop\Norman_TDSS_Cleaner.exe not found.
File\Folder C:\Documents and Settings\Mike\Desktop\1234.com.exe not found.
File C:\DRIVERS\006_STORAGE\NVIDIA\EIDE\NVATA.SYS successfully replaced with C:\WINDOWS\system32\drivers\nvata.sys
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Mike
->Temp folder emptied: 3923912 bytes
->Temporary Internet Files folder emptied: 38409 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 13567857 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 859247 bytes
->Flash cache emptied: 1449 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 18.00 mb


OTL by OldTimer - Version 3.1.37.3 log created on 03202010_110534

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...



OTL logfile created on: 3/20/2010 11:11:58 AM - Run 3
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Mike\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 82.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.23 Gb Total Space | 31.39 Gb Free Space | 45.34% Space Free | Partition Type: NTFS
Drive D: | 6.04 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CASSANDRA
Current User Name: Mike
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/03/19 23:35:28 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
PRC - [2010/01/25 20:36:22 | 000,039,936 | ---- | M] (C-Dilla Ltd) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE
PRC - [2008/06/13 12:19:46 | 000,159,744 | ---- | M] (Razer USA Ltd.) -- C:\Program Files\n52te\n52teHid.exe
PRC - [2008/04/24 18:57:12 | 000,110,592 | ---- | M] () -- C:\Program Files\n52te\n52teTra.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/04 19:25:44 | 000,131,072 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
PRC - [2007/08/31 12:58:52 | 000,357,800 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
PRC - [2001/11/20 10:30:10 | 000,422,400 | ---- | M] (P.I. Engineering, Inc.) -- C:\Program Files\PIEngineering\X-keys\XKWdkApp.exe


========== Modules (SafeList) ==========

MOD - [2010/03/19 23:35:28 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
MOD - [2008/04/13 20:12:08 | 000,165,376 | ---- | M] () -- C:\WINDOWS\anidovug.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (Wzlnkovorknp)
SRV - [2010/01/25 20:36:22 | 000,039,936 | ---- | M] (C-Dilla Ltd) [Auto | Running] -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA)
SRV - [2007/09/04 19:25:44 | 000,131,072 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:7171

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:7171

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.hotmail.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {62E3BC60-4FCC-4846-9A39-6EEE79132793}:1.9.1
FF - prefs.js..extensions.enabledItems: {239c61a8-e55f-11db-8314-0800200c9a66}:2.1.1
FF - prefs.js..extensions.enabledItems: {86FA6F53-95FE-7A69-D8C3-E1454281F8B6}:3.5.2
FF - prefs.js..extensions.enabledItems: {c1dffba0-628e-11d9-9669-0800200c9a66}:3.5.0
FF - prefs.js..extensions.enabledItems: redshift_V2@shift-themes.com:3.0


FF - HKLM\software\mozilla\Firefox\extensions\\{62E3BC60-4FCC-4846-9A39-6EEE79132793}: C:\Documents and Settings\Mike\Local Settings\Application Data\{62E3BC60-4FCC-4846-9A39-6EEE79132793} [2010/03/03 19:19:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/18 00:25:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/18 00:25:16 | 000,000,000 | ---D | M]

[2008/08/26 00:55:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Mozilla\Extensions
[2010/03/19 18:03:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\nw6sb5dt.default\extensions
[2009/12/05 10:32:05 | 000,000,000 | ---D | M] (BlackX 2) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\nw6sb5dt.default\extensions\{239c61a8-e55f-11db-8314-0800200c9a66}
[2009/12/19 01:36:04 | 000,000,000 | ---D | M] (In The Dark) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\nw6sb5dt.default\extensions\{86FA6F53-95FE-7A69-D8C3-E1454281F8B6}
[2009/12/05 10:32:05 | 000,000,000 | ---D | M] (PitchDark) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\nw6sb5dt.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}
[2010/01/13 18:41:21 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\nw6sb5dt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/12/05 10:32:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\nw6sb5dt.default\extensions\redshift_V2@shift-themes.com
[2009/12/19 01:36:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\nw6sb5dt.default\extensions\{86FA6F53-95FE-7A69-D8C3-E1454281F8B6}\chrome\mozapps\extensions
[2010/03/19 18:03:52 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/03/05 13:59:06 | 000,645,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll

O1 HOSTS File: ([2009/07/10 00:41:04 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe ()
O4 - HKLM..\Run: [Bcohume] C:\WINDOWS\anidovug.DLL ()
O4 - HKLM..\Run: [Jomantha] C:\Program Files\n52te\n52teHid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [X-keys Programming] C:\Program Files\PIEngineering\X-keys\XKWdkApp.exe (P.I. Engineering, Inc.)
O4 - HKCU..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/buxus/docs/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 71.252.0.12 71.242.0.12
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/05/01 14:30:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/07/20 10:41:52 | 000,000,049 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{d2aafbea-d940-11da-ac03-def45e246243}\Shell - "" = AutoRun
O33 - MountPoints2\{d2aafbea-d940-11da-ac03-def45e246243}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d2aafbea-d940-11da-ac03-def45e246243}\Shell\AutoRun\command - "" = D:\BSAutoRun.exe -- [2007/07/20 10:54:01 | 001,123,680 | R--- | M] (2K Australia)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/03/20 08:06:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/03/19 23:36:24 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
[2010/03/18 23:08:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/03/18 23:08:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/03/18 22:58:56 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010/03/18 22:41:12 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/03/18 22:41:02 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Mike\Desktop\HJTInstall.exe
[2010/03/18 08:14:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/18 08:14:30 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/18 08:11:19 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mike\Desktop\mbam-setup.exe
[2010/03/18 03:42:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/03/18 03:42:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/03/17 00:55:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/03/17 00:55:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/03/15 18:46:39 | 000,033,519 | ---- | C] (P.I. Engineering, Inc.) -- C:\WINDOWS\System32\drivers\XkeysW2k.sys
[2010/03/15 18:46:39 | 000,000,000 | ---D | C] -- C:\Program Files\PIEngineering
[2010/03/15 18:32:13 | 002,351,137 | ---- | C] (companyname) -- C:\Documents and Settings\Mike\Desktop\xkeyswxp.exe
[2010/03/12 10:52:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\My Documents\Bioshock
[2010/03/12 00:44:15 | 000,000,000 | ---D | C] -- C:\Program Files\2K Games
[2008/12/13 17:43:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/03/20 19:15:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\NVIDIA Corporation
[2006/05/01 14:30:00 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2006/05/01 14:30:00 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2002/04/11 04:41:06 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\vxNlXvo.dll
[2002/04/11 04:41:06 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\vPImen.dll
[2002/04/11 04:41:06 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\uCJHR.dll
[2002/04/11 04:41:06 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\ONyQQ.dll
[2002/04/11 04:41:06 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\NVkNOKli.dll
[2002/04/11 04:41:06 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\nbagGD.dll
[2002/04/11 04:41:06 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\eABbqqc.dll
[2002/04/11 04:41:06 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\dXaRyTKr.dll
[2002/04/11 04:41:06 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\BgEPsvT.dll
[2002/04/11 04:41:06 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\BcjlvSH.dll
[2002/04/11 04:41:06 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll

========== Files - Modified Within 14 Days ==========

[2010/03/20 11:07:31 | 008,650,752 | -H-- | M] () -- C:\Documents and Settings\Mike\NTUSER.DAT
[2010/03/20 11:07:22 | 000,251,933 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/03/20 11:06:54 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/20 11:06:35 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/20 11:06:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/20 08:08:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Aveku.bin
[2010/03/19 23:35:28 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
[2010/03/19 19:59:51 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2010/03/19 18:03:19 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Cfonivebaxi.dat
[2010/03/19 17:54:42 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\56789.exe
[2010/03/19 17:41:24 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\dds.scr
[2010/03/18 22:58:57 | 000,363,008 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\rkill.pif
[2010/03/18 22:41:12 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\HijackThis.lnk
[2010/03/18 22:41:03 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Mike\Desktop\HJTInstall.exe
[2010/03/18 08:40:19 | 000,006,456 | -H-- | M] () -- C:\WINDOWS\System32\rukadusa
[2010/03/18 08:15:02 | 000,000,713 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/18 08:11:32 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mike\Desktop\mbam-setup.exe
[2010/03/17 18:33:31 | 000,524,224 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/17 18:33:31 | 000,442,694 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/17 18:33:31 | 000,071,528 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/17 18:23:52 | 000,050,176 | ---- | M] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/17 00:27:57 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/17 00:23:12 | 000,006,610 | -HS- | M] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\7tG7Er4h
[2010/03/17 00:23:12 | 000,006,610 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\7tG7Er4h
[2010/03/15 18:32:18 | 002,351,137 | ---- | M] (companyname) -- C:\Documents and Settings\Mike\Desktop\xkeyswxp.exe
[2010/03/12 01:06:18 | 000,001,916 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\BioShock.lnk

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\WINDOWS\System32\rukadusa
[2010/03/19 18:03:13 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\56789.exe
[2010/03/18 22:58:56 | 000,363,008 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\rkill.pif
[2010/03/18 22:44:35 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\dds.scr
[2010/03/18 22:41:12 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\HijackThis.lnk
[2010/03/18 08:14:34 | 000,000,713 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/17 00:21:39 | 000,006,610 | -HS- | C] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\7tG7Er4h
[2010/03/17 00:21:39 | 000,006,610 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\7tG7Er4h
[2010/03/12 01:17:51 | 000,001,916 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\BioShock.lnk
[2010/03/03 19:15:39 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\rbuwzv.dat
[2010/02/21 22:01:36 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/02/21 22:01:36 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Mike\Application Data\PnkBstrK.sys
[2008/12/24 13:30:32 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/12/06 02:31:36 | 000,048,896 | ---- | C] () -- C:\WINDOWS\System32\drivers\JmtFltr.sys
[2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,059,894 | ---- | C] () -- C:\WINDOWS\YRUYxwvlM.dll
[2008/10/07 10:13:20 | 000,059,894 | ---- | C] () -- C:\WINDOWS\System32\drivers\YdFVvd.dll
[2008/10/07 10:13:20 | 000,059,894 | ---- | C] () -- C:\WINDOWS\System32\drivers\xaCRgc.dll
[2008/10/07 10:13:20 | 000,059,894 | ---- | C] () -- C:\WINDOWS\UKnUMNVv.dll
[2008/10/07 10:13:20 | 000,059,894 | ---- | C] () -- C:\WINDOWS\System32\rhDFM.dll
[2008/10/07 10:13:20 | 000,059,894 | ---- | C] () -- C:\WINDOWS\System32\qyQgL.dll
[2008/10/07 10:13:20 | 000,059,894 | ---- | C] () -- C:\WINDOWS\System32\drivers\QruRAwNuE.dll
[2008/10/07 10:13:20 | 000,059,894 | ---- | C] () -- C:\WINDOWS\PwmkG.dll
[2008/10/07 10:13:20 | 000,059,894 | ---- | C] () -- C:\WINDOWS\System32\drivers\mhSRD.dll
[2008/10/07 10:13:20 | 000,059,894 | ---- | C] () -- C:\WINDOWS\ldWisVLgE.dll
[2008/10/07 10:13:20 | 000,059,894 | ---- | C] () -- C:\WINDOWS\JxRFCFYJE.dll
[2008/10/07 10:13:20 | 000,059,894 | ---- | C] () -- C:\WINDOWS\HLafsf.dll
[2008/10/07 10:13:20 | 000,059,894 | ---- | C] () -- C:\WINDOWS\gGfBG.dll
[2008/10/07 10:13:20 | 000,059,894 | ---- | C] () -- C:\WINDOWS\System32\drivers\gccdHau.dll
[2008/10/07 10:13:20 | 000,059,894 | ---- | C] () -- C:\WINDOWS\System32\fplmVWR.dll
[2008/10/07 10:13:20 | 000,059,894 | ---- | C] () -- C:\WINDOWS\dXeyo.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\YlOIJB.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\YcHVxxl.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\XmAwtRDH.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\xlpwNkUXN.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\wjqSaR.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\vYBYLJkPn.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\VGGbUSeEo.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\vEobUss.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\UYSWSb.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\UQSCY.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\uPoKAplJ.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\uNEYEUnf.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\TtpRhVBp.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\TSdFCLC.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\tmFQw.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\rRhMiiD.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\RNGjPyyoC.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\RKACyTLC.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\QJeQBrc.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\OPhahDJh.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\OcFtjDhfb.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\oaICBOB.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\nTQlcjvJQ.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\nQhAm.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\nlPWXmrMX.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\NjXmo.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\myyILn.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\mNHhY.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\mdbxVg.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\jNtqXEn.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\jMQXpP.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\iRSuex.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\IQaCaST.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\IJevK.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\IHlEvw.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\hxInGtjQr.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\hwHNJ.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\HkQVO.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\HcFiMXB.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\hbRDDQsFc.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\GdIIstYr.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\GcagoTWUx.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\GbrRBUlwu.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\fHaDp.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\FdsCqvmRb.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\eRwcruijd.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\EKVDeA.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\EKICOObjV.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\eKeOilXFQ.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\eJYylpexN.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\ejudTxQ.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\eCAUCQf.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\dscNQtkGT.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\dKYLfryP.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\dDcpono.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\DbAud.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\cWOystU.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\CqamRIAT.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\cFKhiUA.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\ByPItXL.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\BMRct.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\bAaRuo.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\aucIMnJF.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\APAKyvTwD.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\ADPPe.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/09/13 19:56:13 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/08/05 18:02:12 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/08/05 17:59:04 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/08/05 17:59:04 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/08/05 17:58:14 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/03/16 11:19:30 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/03/16 11:19:30 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/03/03 17:32:58 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2008/03/02 19:58:33 | 000,000,138 | ---- | C] () -- C:\WINDOWS\WinInit.Ini
[2008/01/06 17:18:29 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008/01/06 17:18:29 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008/01/06 16:58:49 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2007/07/27 16:48:48 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2007/07/27 16:48:48 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2007/07/27 16:48:48 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2007/05/23 17:07:30 | 000,000,025 | ---- | C] () -- C:\WINDOWS\TDH_Launcher.ini
[2007/05/14 16:34:52 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/04/22 02:21:15 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007/04/22 02:21:15 | 000,000,001 | ---- | C] () -- C:\WINDOWS\yedlata.dll
[2007/03/12 12:01:30 | 000,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll
[2006/12/14 23:58:50 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\fusioncache.dat
[2006/12/10 05:00:53 | 000,003,167 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/11/16 03:09:44 | 000,004,147 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2006/10/22 13:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/22 13:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/09/27 01:04:54 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\E4E03A6DBD.sys
[2006/09/27 01:04:53 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/07/28 01:15:09 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/05/03 04:13:44 | 000,050,176 | ---- | C] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/05/02 12:55:03 | 000,005,781 | ---- | C] () -- C:\WINDOWS\System32\Ludap17.ini
[2006/05/02 12:55:03 | 000,000,039 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2006/05/01 21:40:23 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2006/05/01 21:40:21 | 000,006,021 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2006/05/01 21:40:19 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2006/03/17 19:11:56 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2005/08/30 00:00:00 | 000,781,312 | ---- | C] () -- C:\WINDOWS\System32\RGSS102J.dll
[2005/08/30 00:00:00 | 000,778,752 | ---- | C] () -- C:\WINDOWS\System32\RGSS102E.dll
[2005/08/30 00:00:00 | 000,771,584 | ---- | C] () -- C:\WINDOWS\System32\RGSS100J.dll
[2004/10/08 08:01:47 | 000,165,376 | ---- | C] () -- C:\WINDOWS\anidovug.dll
[2004/10/08 08:01:47 | 000,001,152 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/03/30 03:15:02 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\ThriXXX010205PNG.dll
[2004/03/30 03:15:01 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\ThriXXX015003JP2.dll
[2004/03/30 03:15:01 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\ThriXXX010104Z.dll
[2003/10/02 21:48:18 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2003/05/23 06:08:52 | 000,107,008 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2003/05/23 06:08:52 | 000,020,992 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[1997/11/17 17:13:16 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll

========== LOP Check ==========

[2008/09/13 20:05:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
[2010/02/21 17:51:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BioWare
[2008/01/06 17:01:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2008/10/13 18:23:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kpgzgjoh
[2008/10/09 08:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pubopyfy
[2009/06/06 11:18:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Stardock
[2006/05/26 04:24:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\.bittorrent
[2009/08/05 17:57:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Azureus
[2010/03/20 09:46:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Bioshock
[2008/01/06 17:00:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\DAEMON Tools Pro
[2008/03/30 15:36:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\DisplayTune
[2007/03/08 20:53:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Electronic Arts
[2007/05/30 20:26:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\fltk.org
[2008/10/15 18:12:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\GetRightToGo
[2008/05/15 00:43:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\INTERHEART
[2007/11/05 20:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Leadertech
[2009/02/14 01:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Mount&Blade
[2008/12/06 02:31:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\n52te
[2006/05/03 01:53:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Netscape
[2010/01/11 00:45:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Sony
[2010/01/11 00:41:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Sony Setup
[2009/06/06 11:18:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Stardock
[2007/10/31 19:09:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\SystemRequirementsLab

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: NVATA.SYS >
[2010/03/17 08:48:32 | 000,093,568 | ---- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\DRIVERS\006_STORAGE\NVIDIA\EIDE\NVATA.SYS
[2005/08/18 21:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\PNPDRIVERS\NVIDIA\CHIPSET\6.82\IDE\WIN2K\SATA_IDE\NVATA.SYS
[2005/08/18 21:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\PNPDRIVERS\NVIDIA\CHIPSET\6.82\IDE\WINXP\SATA_IDE\NVATA.SYS
[2010/03/17 08:48:32 | 000,093,568 | ---- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\WINDOWS\system32\drivers\nvata.sys
< End of report >

It happens to some users. I need to talk to the developer.

You used the wrong fix. Look at Post 8.

Please try it again.

sorry. Is the fix correct this time?

Im also noticing a thumbs.db file appearing on the desktop and in a folder on the desktop.

OTL logfile created on: 3/20/2010 11:39:24 AM - Run 4
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Mike\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 83.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.23 Gb Total Space | 31.39 Gb Free Space | 45.34% Space Free | Partition Type: NTFS
Drive D: | 6.04 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CASSANDRA
Current User Name: Mike
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/03/19 23:35:28 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
PRC - [2010/01/25 20:36:22 | 000,039,936 | ---- | M] (C-Dilla Ltd) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE
PRC - [2008/06/13 12:19:46 | 000,159,744 | ---- | M] (Razer USA Ltd.) -- C:\Program Files\n52te\n52teHid.exe
PRC - [2008/04/24 18:57:12 | 000,110,592 | ---- | M] () -- C:\Program Files\n52te\n52teTra.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/04 19:25:44 | 000,131,072 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
PRC - [2007/08/31 12:58:52 | 000,357,800 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
PRC - [2001/11/20 10:30:10 | 000,422,400 | ---- | M] (P.I. Engineering, Inc.) -- C:\Program Files\PIEngineering\X-keys\XKWdkApp.exe


========== Modules (SafeList) ==========

MOD - [2010/03/19 23:35:28 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
MOD - [2008/04/13 20:12:08 | 000,165,376 | ---- | M] () -- C:\WINDOWS\anidovug.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (Wzlnkovorknp)
SRV - [2010/01/25 20:36:22 | 000,039,936 | ---- | M] (C-Dilla Ltd) [Auto | Running] -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA)
SRV - [2007/09/04 19:25:44 | 000,131,072 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:7171

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:7171

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.hotmail.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {62E3BC60-4FCC-4846-9A39-6EEE79132793}:1.9.1
FF - prefs.js..extensions.enabledItems: {239c61a8-e55f-11db-8314-0800200c9a66}:2.1.1
FF - prefs.js..extensions.enabledItems: {86FA6F53-95FE-7A69-D8C3-E1454281F8B6}:3.5.2
FF - prefs.js..extensions.enabledItems: {c1dffba0-628e-11d9-9669-0800200c9a66}:3.5.0
FF - prefs.js..extensions.enabledItems: redshift_V2@shift-themes.com:3.0


FF - HKLM\software\mozilla\Firefox\extensions\\{62E3BC60-4FCC-4846-9A39-6EEE79132793}: C:\Documents and Settings\Mike\Local Settings\Application Data\{62E3BC60-4FCC-4846-9A39-6EEE79132793} [2010/03/03 19:19:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/18 00:25:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/18 00:25:16 | 000,000,000 | ---D | M]

[2008/08/26 00:55:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Mozilla\Extensions
[2010/03/19 18:03:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\nw6sb5dt.default\extensions
[2009/12/05 10:32:05 | 000,000,000 | ---D | M] (BlackX 2) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\nw6sb5dt.default\extensions\{239c61a8-e55f-11db-8314-0800200c9a66}
[2009/12/19 01:36:04 | 000,000,000 | ---D | M] (In The Dark) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\nw6sb5dt.default\extensions\{86FA6F53-95FE-7A69-D8C3-E1454281F8B6}
[2009/12/05 10:32:05 | 000,000,000 | ---D | M] (PitchDark) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\nw6sb5dt.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}
[2010/01/13 18:41:21 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\nw6sb5dt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/12/05 10:32:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\nw6sb5dt.default\extensions\redshift_V2@shift-themes.com
[2009/12/19 01:36:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\nw6sb5dt.default\extensions\{86FA6F53-95FE-7A69-D8C3-E1454281F8B6}\chrome\mozapps\extensions
[2010/03/19 18:03:52 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/03/05 13:59:06 | 000,645,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll

O1 HOSTS File: ([2009/07/10 00:41:04 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe ()
O4 - HKLM..\Run: [Bcohume] C:\WINDOWS\anidovug.DLL ()
O4 - HKLM..\Run: [Jomantha] C:\Program Files\n52te\n52teHid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [X-keys Programming] C:\Program Files\PIEngineering\X-keys\XKWdkApp.exe (P.I. Engineering, Inc.)
O4 - HKCU..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/buxus/docs/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 71.252.0.12 71.242.0.12
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/05/01 14:30:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/07/20 10:41:52 | 000,000,049 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/03/20 08:06:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/03/19 23:36:24 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
[2010/03/18 23:08:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/03/18 23:08:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/03/18 22:58:56 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010/03/18 22:41:12 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/03/18 22:41:02 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Mike\Desktop\HJTInstall.exe
[2010/03/18 08:14:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/18 08:14:30 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/18 08:11:19 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mike\Desktop\mbam-setup.exe
[2010/03/18 03:42:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/03/18 03:42:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/03/17 00:55:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/03/17 00:55:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/03/15 18:46:39 | 000,033,519 | ---- | C] (P.I. Engineering, Inc.) -- C:\WINDOWS\System32\drivers\XkeysW2k.sys
[2010/03/15 18:46:39 | 000,000,000 | ---D | C] -- C:\Program Files\PIEngineering
[2010/03/15 18:32:13 | 002,351,137 | ---- | C] (companyname) -- C:\Documents and Settings\Mike\Desktop\xkeyswxp.exe
[2010/03/12 10:52:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\My Documents\Bioshock
[2010/03/12 00:44:15 | 000,000,000 | ---D | C] -- C:\Program Files\2K Games
[2008/12/13 17:43:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/03/20 19:15:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\NVIDIA Corporation
[2006/05/01 14:30:00 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2006/05/01 14:30:00 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2002/04/11 04:41:06 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\vxNlXvo.dll
[2002/04/11 04:41:06 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\vPImen.dll
[2002/04/11 04:41:06 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\uCJHR.dll
[2002/04/11 04:41:06 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\ONyQQ.dll
[2002/04/11 04:41:06 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\NVkNOKli.dll
[2002/04/11 04:41:06 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\nbagGD.dll
[2002/04/11 04:41:06 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\eABbqqc.dll
[2002/04/11 04:41:06 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\dXaRyTKr.dll
[2002/04/11 04:41:06 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\BgEPsvT.dll
[2002/04/11 04:41:06 | 000,066,159 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\BcjlvSH.dll
[2002/04/11 04:41:06 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll

========== Files - Modified Within 14 Days ==========

[2010/03/20 11:38:48 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/20 11:38:30 | 000,251,933 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/03/20 11:38:26 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/20 11:38:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/20 11:37:40 | 008,650,752 | -H-- | M] () -- C:\Documents and Settings\Mike\NTUSER.DAT
[2010/03/20 08:08:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Aveku.bin
[2010/03/19 23:35:28 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
[2010/03/19 19:59:51 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2010/03/19 18:03:19 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Cfonivebaxi.dat
[2010/03/19 17:54:42 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\56789.exe
[2010/03/19 17:41:24 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\dds.scr
[2010/03/18 22:58:57 | 000,363,008 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\rkill.pif
[2010/03/18 22:41:12 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\HijackThis.lnk
[2010/03/18 22:41:03 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Mike\Desktop\HJTInstall.exe
[2010/03/18 08:40:19 | 000,006,456 | -H-- | M] () -- C:\WINDOWS\System32\rukadusa
[2010/03/18 08:15:02 | 000,000,713 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/18 08:11:32 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mike\Desktop\mbam-setup.exe
[2010/03/17 18:33:31 | 000,524,224 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/17 18:33:31 | 000,442,694 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/17 18:33:31 | 000,071,528 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/17 18:23:52 | 000,050,176 | ---- | M] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/17 00:27:57 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/17 00:23:12 | 000,006,610 | -HS- | M] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\7tG7Er4h
[2010/03/17 00:23:12 | 000,006,610 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\7tG7Er4h
[2010/03/15 18:32:18 | 002,351,137 | ---- | M] (companyname) -- C:\Documents and Settings\Mike\Desktop\xkeyswxp.exe
[2010/03/12 01:06:18 | 000,001,916 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\BioShock.lnk

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\WINDOWS\System32\rukadusa
[2010/03/19 18:03:13 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\56789.exe
[2010/03/18 22:58:56 | 000,363,008 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\rkill.pif
[2010/03/18 22:44:35 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\dds.scr
[2010/03/18 22:41:12 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\HijackThis.lnk
[2010/03/18 08:14:34 | 000,000,713 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/17 00:21:39 | 000,006,610 | -HS- | C] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\7tG7Er4h
[2010/03/17 00:21:39 | 000,006,610 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\7tG7Er4h
[2010/03/12 01:17:51 | 000,001,916 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\BioShock.lnk
[2010/03/03 19:15:39 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\rbuwzv.dat
[2010/02/21 22:01:36 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/02/21 22:01:36 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Mike\Application Data\PnkBstrK.sys
[2008/12/24 13:30:32 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/12/06 02:31:36 | 000,048,896 | ---- | C] () -- C:\WINDOWS\System32\drivers\JmtFltr.sys
[2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,059,894 | ---- | C] () -- C:\WINDOWS\YRUYxwvlM.dll
[2008/10/07 10:13:20 | 000,059,894 | ---- | C] () -- C:\WINDOWS\System32\drivers\YdFVvd.dll
[2008/10/07 10:13:20 | 000,059,894 | ---- | C] () -- C:\WINDOWS\System32\drivers\xaCRgc.dll
[2008/10/07 10:13:20 | 000,059,894 | ---- | C] () -- C:\WINDOWS\UKnUMNVv.dll
[2008/10/07 10:13:20 | 000,059,894 | ---- | C] () -- C:\WINDOWS\System32\rhDFM.dll
[2008/10/07 10:13:20 | 000,059,894 | ---- | C] () -- C:\WINDOWS\System32\qyQgL.dll
[2008/10/07 10:13:20 | 000,059,894 | ---- | C] () -- C:\WINDOWS\System32\drivers\QruRAwNuE.dll
[2008/10/07 10:13:20 | 000,059,894 | ---- | C] () -- C:\WINDOWS\PwmkG.dll
[2008/10/07 10:13:20 | 000,059,894 | ---- | C] () -- C:\WINDOWS\System32\drivers\mhSRD.dll
[2008/10/07 10:13:20 | 000,059,894 | ---- | C] () -- C:\WINDOWS\ldWisVLgE.dll
[2008/10/07 10:13:20 | 000,059,894 | ---- | C] () -- C:\WINDOWS\JxRFCFYJE.dll
[2008/10/07 10:13:20 | 000,059,894 | ---- | C] () -- C:\WINDOWS\HLafsf.dll
[2008/10/07 10:13:20 | 000,059,894 | ---- | C] () -- C:\WINDOWS\gGfBG.dll
[2008/10/07 10:13:20 | 000,059,894 | ---- | C] () -- C:\WINDOWS\System32\drivers\gccdHau.dll
[2008/10/07 10:13:20 | 000,059,894 | ---- | C] () -- C:\WINDOWS\System32\fplmVWR.dll
[2008/10/07 10:13:20 | 000,059,894 | ---- | C] () -- C:\WINDOWS\dXeyo.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\YlOIJB.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\YcHVxxl.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\XmAwtRDH.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\xlpwNkUXN.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\wjqSaR.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\vYBYLJkPn.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\VGGbUSeEo.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\vEobUss.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\UYSWSb.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\UQSCY.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\uPoKAplJ.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\uNEYEUnf.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\TtpRhVBp.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\TSdFCLC.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\tmFQw.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\rRhMiiD.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\RNGjPyyoC.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\RKACyTLC.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\QJeQBrc.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\OPhahDJh.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\OcFtjDhfb.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\oaICBOB.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\nTQlcjvJQ.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\nQhAm.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\nlPWXmrMX.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\NjXmo.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\myyILn.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\mNHhY.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\mdbxVg.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\jNtqXEn.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\jMQXpP.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\iRSuex.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\IQaCaST.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\IJevK.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\IHlEvw.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\hxInGtjQr.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\hwHNJ.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\HkQVO.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\HcFiMXB.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\hbRDDQsFc.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\GdIIstYr.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\GcagoTWUx.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\GbrRBUlwu.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\fHaDp.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\FdsCqvmRb.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\eRwcruijd.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\EKVDeA.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\EKICOObjV.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\eKeOilXFQ.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\eJYylpexN.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\ejudTxQ.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\eCAUCQf.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\dscNQtkGT.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\dKYLfryP.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\dDcpono.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\DbAud.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\cWOystU.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\CqamRIAT.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\cFKhiUA.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\ByPItXL.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\BMRct.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\bAaRuo.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\aucIMnJF.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\APAKyvTwD.dll
[2008/10/07 10:13:20 | 000,059,271 | ---- | C] () -- C:\WINDOWS\System32\ADPPe.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/09/13 19:56:13 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/08/05 18:02:12 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/08/05 17:59:04 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/08/05 17:59:04 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/08/05 17:58:14 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/03/16 11:19:30 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/03/16 11:19:30 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/03/03 17:32:58 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2008/03/02 19:58:33 | 000,000,138 | ---- | C] () -- C:\WINDOWS\WinInit.Ini
[2008/01/06 17:18:29 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008/01/06 17:18:29 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008/01/06 16:58:49 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2007/07/27 16:48:48 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2007/07/27 16:48:48 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2007/07/27 16:48:48 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2007/05/23 17:07:30 | 000,000,025 | ---- | C] () -- C:\WINDOWS\TDH_Launcher.ini
[2007/05/14 16:34:52 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/04/22 02:21:15 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007/04/22 02:21:15 | 000,000,001 | ---- | C] () -- C:\WINDOWS\yedlata.dll
[2007/03/12 12:01:30 | 000,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll
[2006/12/14 23:58:50 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\fusioncache.dat
[2006/12/10 05:00:53 | 000,003,167 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/11/16 03:09:44 | 000,004,147 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2006/10/22 13:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/22 13:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/09/27 01:04:54 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\E4E03A6DBD.sys
[2006/09/27 01:04:53 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/07/28 01:15:09 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/05/03 04:13:44 | 000,050,176 | ---- | C] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/05/02 12:55:03 | 000,005,781 | ---- | C] () -- C:\WINDOWS\System32\Ludap17.ini
[2006/05/02 12:55:03 | 000,000,039 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2006/05/01 21:40:23 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2006/05/01 21:40:21 | 000,006,021 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2006/05/01 21:40:19 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2006/03/17 19:11:56 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2005/08/30 00:00:00 | 000,781,312 | ---- | C] () -- C:\WINDOWS\System32\RGSS102J.dll
[2005/08/30 00:00:00 | 000,778,752 | ---- | C] () -- C:\WINDOWS\System32\RGSS102E.dll
[2005/08/30 00:00:00 | 000,771,584 | ---- | C] () -- C:\WINDOWS\System32\RGSS100J.dll
[2004/10/08 08:01:47 | 000,165,376 | ---- | C] () -- C:\WINDOWS\anidovug.dll
[2004/10/08 08:01:47 | 000,001,152 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/03/30 03:15:02 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\ThriXXX010205PNG.dll
[2004/03/30 03:15:01 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\ThriXXX015003JP2.dll
[2004/03/30 03:15:01 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\ThriXXX010104Z.dll
[2003/10/02 21:48:18 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2003/05/23 06:08:52 | 000,107,008 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2003/05/23 06:08:52 | 000,020,992 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[1997/11/17 17:13:16 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll

========== LOP Check ==========

[2008/09/13 20:05:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
[2010/02/21 17:51:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BioWare
[2008/01/06 17:01:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2008/10/13 18:23:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kpgzgjoh
[2008/10/09 08:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pubopyfy
[2009/06/06 11:18:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Stardock
[2006/05/26 04:24:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\.bittorrent
[2009/08/05 17:57:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Azureus
[2010/03/20 09:46:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Bioshock
[2008/01/06 17:00:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\DAEMON Tools Pro
[2008/03/30 15:36:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\DisplayTune
[2007/03/08 20:53:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Electronic Arts
[2007/05/30 20:26:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\fltk.org
[2008/10/15 18:12:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\GetRightToGo
[2008/05/15 00:43:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\INTERHEART
[2007/11/05 20:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Leadertech
[2009/02/14 01:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Mount&Blade
[2008/12/06 02:31:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\n52te
[2006/05/03 01:53:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Netscape
[2010/01/11 00:45:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Sony
[2010/01/11 00:41:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Sony Setup
[2009/06/06 11:18:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Stardock
[2007/10/31 19:09:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\SystemRequirementsLab

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: NVATA.SYS >
[2005/08/18 21:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\DRIVERS\006_STORAGE\NVIDIA\EIDE\NVATA.SYS
[2005/08/18 21:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\PNPDRIVERS\NVIDIA\CHIPSET\6.82\IDE\WIN2K\SATA_IDE\NVATA.SYS
[2005/08/18 21:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\PNPDRIVERS\NVIDIA\CHIPSET\6.82\IDE\WINXP\SATA_IDE\NVATA.SYS
[2010/03/20 11:37:29 | 000,093,568 | ---- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\WINDOWS\system32\drivers\nvata.sys
< End of report >

Seems to have made a difference. Please run GMER to confirm, and post its report.

There are some suspicious files in your system. I need you to check a few of these files:

Group One
C:\WINDOWS\YRUYxwvlM.dll
C:\WINDOWS\System32\drivers\YdFVvd.dll
C:\WINDOWS\System32\drivers\xaCRgc.dll
C:\WINDOWS\UKnUMNVv.dll
C:\WINDOWS\System32\rhDFM.dll
C:\WINDOWS\System32\qyQgL.dll
C:\WINDOWS\System32\drivers\QruRAwNuE.dll
C:\WINDOWS\PwmkG.dll
C:\WINDOWS\System32\drivers\mhSRD.dll
C:\WINDOWS\ldWisVLgE.dll
C:\WINDOWS\JxRFCFYJE.dll
C:\WINDOWS\HLafsf.dll
C:\WINDOWS\gGfBG.dll
C:\WINDOWS\System32\drivers\gccdHau.dll
C:\WINDOWS\System32\fplmVWR.dll
C:\WINDOWS\dXeyo.dll
C:\WINDOWS\System32\drivers\YlOIJB.dll
C:\WINDOWS\YcHVxxl.dll
C:\WINDOWS\System32\drivers\XmAwtRDH.dll
C:\WINDOWS\xlpwNkUXN.dll
C:\WINDOWS\wjqSaR.dll
C:\WINDOWS\System32\drivers\vYBYLJkPn.dll
C:\WINDOWS\System32\VGGbUSeEo.dll
C:\WINDOWS\System32\drivers\vEobUss.dll
C:\WINDOWS\System32\drivers\UYSWSb.dll
C:\WINDOWS\UQSCY.dll
C:\WINDOWS\System32\uPoKAplJ.dll
C:\WINDOWS\System32\drivers\uNEYEUnf.dll
C:\WINDOWS\TtpRhVBp.dll
C:\WINDOWS\System32\TSdFCLC.dll
C:\WINDOWS\System32\drivers\tmFQw.dll
C:\WINDOWS\System32\drivers\rRhMiiD.dll
C:\WINDOWS\System32\RNGjPyyoC.dll
C:\WINDOWS\RKACyTLC.dll
C:\WINDOWS\QJeQBrc.dll
C:\WINDOWS\System32\OPhahDJh.dll
C:\WINDOWS\System32\OcFtjDhfb.dll
C:\WINDOWS\System32\oaICBOB.dll
C:\WINDOWS\nTQlcjvJQ.dll
C:\WINDOWS\System32\drivers\nQhAm.dll
C:\WINDOWS\nlPWXmrMX.dll
C:\WINDOWS\NjXmo.dll
C:\WINDOWS\myyILn.dll
C:\WINDOWS\System32\mNHhY.dll
C:\WINDOWS\System32\drivers\mdbxVg.dll
C:\WINDOWS\System32\jNtqXEn.dll
C:\WINDOWS\System32\drivers\jMQXpP.dll
C:\WINDOWS\System32\drivers\iRSuex.dll
C:\WINDOWS\System32\IQaCaST.dll
C:\WINDOWS\System32\drivers\IJevK.dll
C:\WINDOWS\IHlEvw.dll
C:\WINDOWS\System32\drivers\hxInGtjQr.dll
C:\WINDOWS\System32\hwHNJ.dll
C:\WINDOWS\System32\drivers\HkQVO.dll
C:\WINDOWS\System32\HcFiMXB.dll
C:\WINDOWS\System32\hbRDDQsFc.dll
C:\WINDOWS\System32\drivers\GdIIstYr.dll
C:\WINDOWS\System32\drivers\GcagoTWUx.dll
C:\WINDOWS\System32\drivers\GbrRBUlwu.dll
C:\WINDOWS\System32\fHaDp.dll
C:\WINDOWS\System32\FdsCqvmRb.dll
C:\WINDOWS\System32\drivers\eRwcruijd.dll
C:\WINDOWS\System32\drivers\EKVDeA.dll
C:\WINDOWS\System32\drivers\EKICOObjV.dll
C:\WINDOWS\eKeOilXFQ.dll
C:\WINDOWS\System32\eJYylpexN.dll
C:\WINDOWS\ejudTxQ.dll
C:\WINDOWS\eCAUCQf.dll
C:\WINDOWS\System32\drivers\dscNQtkGT.dll
C:\WINDOWS\System32\dKYLfryP.dll
C:\WINDOWS\dDcpono.dll
C:\WINDOWS\System32\drivers\DbAud.dll
C:\WINDOWS\System32\cWOystU.dll
C:\WINDOWS\System32\CqamRIAT.dll
C:\WINDOWS\cFKhiUA.dll
C:\WINDOWS\System32\ByPItXL.dll
C:\WINDOWS\BMRct.dll
C:\WINDOWS\bAaRuo.dll
C:\WINDOWS\aucIMnJF.dll
C:\WINDOWS\APAKyvTwD.dll
C:\WINDOWS\System32\ADPPe.dll

Group Two
C:\WINDOWS\vxNlXvo.dll
C:\WINDOWS\vPImen.dll
C:\WINDOWS\uCJHR.dll
C:\WINDOWS\System32\drivers\ONyQQ.dll
C:\WINDOWS\System32\drivers\NVkNOKli.dll
C:\WINDOWS\nbagGD.dll
C:\WINDOWS\System32\drivers\eABbqqc.dll
C:\WINDOWS\dXaRyTKr.dll
C:\WINDOWS\System32\BgEPsvT.dll
C:\WINDOWS\System32\drivers\BcjlvSH.dll

Group Three
C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

Group Four
C:\WINDOWS\anidovug.DLL

This is how:

• Please go to VirSCAN.org FREE on-line scan service
• Copy and paste the following file paths into the "Suspicious files to scan"box on the top of the page one by one:
  
  One or two files from the above groups
  
  
• Click on the Upload button
• Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
• Right click on a Notepad document and select Paste. That will empty the contents of the Clipboard on the document. Continue doing this with each file, then Copy and Paste the contents of the Notepad document in your next reply.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
• Copy the content of the following codebox into the main textfield:
  
  QUOTE
  :dir
  C:\Documents and Settings\All Users\Application Data\kpgzgjoh /s
  C:\Documents and Settings\All Users\Application Data\pubopyfy /s
  
  
• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

If VirScan.org is unavailable, please try VirusTotal

Doesnt look quite as positive as Id hoped. To ensure I understood my instructions properly, I was to have Virusscan.org scan only 1 or 2 files in each Group.

GMER:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-20 13:17:58
Windows 5.1.2600 Service Pack 3
Running: 56789.exe; Driver: C:\DOCUME~1\Mike\LOCALS~1\Temp\uxrdqpog.sys


---- Devices - GMER 1.0.15 ----

Device -> \Driver\nvata \Device\Harddisk0\DR0 8A6D5CA1

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7E 0x42 0x66 0xB5 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0x88 0x51 0xEC 0xD1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0x40 0x2D 0xF6 0x79 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq1@hdf12 0x5F 0x1F 0x24 0xA3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x52 0x1C 0xF6 0x26 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x10 0x70 0x6B 0x0F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0x88 0x51 0xEC 0xD1 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0x5D 0xBB 0x86 0xB4 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq1@hdf12 0x5F 0x1F 0x24 0xA3 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x52 0x1C 0xF6 0x26 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7E 0x42 0x66 0xB5 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0x88 0x51 0xEC 0xD1 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0x40 0x2D 0xF6 0x79 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq1@hdf12 0x5F 0x1F 0x24 0xA3 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x52 0x1C 0xF6 0x26 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D6D38D83-47E0-1D91-A091-83A967EDFC1A}

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\nvata.sys suspicious modification

---- EOF - GMER 1.0.15 ----


Virusscan logs:
VirSCAN.org Scanned Report :
Scanned time : 2010/03/20 13:53:10 (EDT)
Scanner results: Scanners did not find malware!
File Name : YRUYxwvlM.dll
File Size : 59894 byte
File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
MD5 : 4b31ee73ceae42dbdd2410b9dfc4e6cc
SHA1 : 4c8dcd82ec9c8934cd91f36b22786d5c2323792b
Online report : http://virscan.org/report/b40042dabc9f13bd...0ee21087e8.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20100320063127 2010-03-20 4.82 -
AhnLab V3 2010.03.21.00 2010.03.21 2010-03-21 1.14 -
AntiVir 8.2.1.196 7.10.5.155 2010-03-19 0.47 -
Antiy 2.0.18 20100318.4019584 2010-03-18 0.12 -
Arcavir 2009 201003201026 2010-03-20 0.05 -
Authentium 5.1.1 201003191805 2010-03-19 1.42 -
AVAST! 4.7.4 100320-0 2010-03-20 0.01 -
AVG 8.5.720 271.1.1/2759 2010-03-20 0.25 -
BitDefender 7.81008.5494847 7.30856 2010-03-21 5.64 -
ClamAV 0.95.3 10601 2010-03-20 0.02 -
Comodo 3.13.579 4331 2010-03-20 0.95 -
CP Secure 1.3.0.5 2010.03.21 2010-03-21 0.05 -
Dr.Web 5.0.1.12222 2010.03.21 2010-03-21 6.08 -
F-Prot 4.4.4.56 20100319 2010-03-19 1.65 -
F-Secure 7.02.73807 2010.03.20.02 2010-03-20 0.17 -
Fortinet 4.0.14 11.603 2010-03-20 0.18 -
GData 19.10840/19.832 20100320 2010-03-20 5.16 -
ViRobot 20100319 2010.03.19 2010-03-19 0.44 -
Ikarus T3.1.01.80 2010.03.20.75442 2010-03-20 5.40 -
JiangMin 13.0.900 2010.03.20 2010-03-20 6.62 -
Kaspersky 5.5.10 2010.03.20 2010-03-20 0.13 -
KingSoft 2009.2.5.15 2010.3.20.21 2010-03-20 0.74 -
McAfee 5.3.00 5926 2010-03-20 3.73 -
Microsoft 1.5605 2010.03.20 2010-03-20 6.43 -
Norman 6.01.09 6.01.00 2010-02-10 4.01 -
Panda 9.05.01 2010.03.20 2010-03-20 1.99 -
Trend Micro 9.120-1004 6.938.09 2010-03-20 0.03 -
Quick Heal 10.00 2010.03.19 2010-03-19 1.44 -
Rising 20.0 22.39.05.02 2010-03-20 1.14 -
Sophos 3.05.4 4.51 2010-03-21 3.62 -
Sunbelt 3.9.2410.2 5988 2010-03-20 4.55 -
Symantec 1.3.0.24 20100311.002 2010-03-11 0.00 -
nProtect 20100320.01 7779920 2010-03-20 5.20 -
The Hacker 6.5.2.0 v00241 2010-03-20 0.46 -
VBA32 3.12.12.2 20100319.1007 2010-03-19 3.03 -
VirusBuster 4.5.11.10 10.122.5/2014520 2010-03-20 2.38 -

VirSCAN.org Scanned Report :
Scanned time : 2010/03/20 14:01:07 (EDT)
Scanner results: Scanners did not find malware!
File Name : YdFVvd.dll
File Size : 59894 byte
File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
MD5 : d66165024d4e83971ab99cbe14c843ea
SHA1 : 13ea9f3eb1eabb9447bfee70760d71aed8507d7c
Online report : http://virscan.org/report/7f5e2d2560f88fb2...0619846064.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20100320063127 2010-03-20 8.63 -
AhnLab V3 2010.03.21.00 2010.03.21 2010-03-21 1.19 -
AntiVir 8.2.1.196 7.10.5.155 2010-03-19 0.38 -
Antiy 2.0.18 20100318.4019584 2010-03-18 0.12 -
Arcavir 2009 201003201026 2010-03-20 0.05 -
Authentium 5.1.1 201003191805 2010-03-19 1.43 -
AVAST! 4.7.4 100320-0 2010-03-20 0.01 -
AVG 8.5.720 271.1.1/2759 2010-03-20 0.26 -
BitDefender 7.81008.5494847 7.30856 2010-03-21 5.65 -
ClamAV 0.95.3 10601 2010-03-20 0.02 -
Comodo 3.13.579 4331 2010-03-20 1.67 -
CP Secure 1.3.0.5 2010.03.21 2010-03-21 0.06 -
Dr.Web 5.0.1.12222 2010.03.21 2010-03-21 6.06 -
F-Prot 4.4.4.56 20100319 2010-03-19 1.66 -
F-Secure 7.02.73807 2010.03.20.02 2010-03-20 10.57 -
Fortinet 4.0.14 11.603 2010-03-20 0.17 -
GData 19.10840/19.832 20100320 2010-03-20 10.41 -
ViRobot 20100319 2010.03.19 2010-03-19 0.85 -
Ikarus T3.1.01.80 2010.03.20.75442 2010-03-20 5.40 -
JiangMin 13.0.900 2010.03.20 2010-03-20 20.61 -
Kaspersky 5.5.10 2010.03.20 2010-03-20 0.13 -
KingSoft 2009.2.5.15 2010.3.20.21 2010-03-20 0.81 -
McAfee 5.3.00 5926 2010-03-20 3.69 -
Microsoft 1.5605 2010.03.20 2010-03-20 6.79 -
Norman 6.01.09 6.01.00 2010-02-10 4.07 -
Panda 9.05.01 2010.03.20 2010-03-20 2.11 -
Trend Micro 9.120-1004 6.938.09 2010-03-20 0.03 -
Quick Heal 10.00 2010.03.19 2010-03-19 1.43 -
Rising 20.0 22.39.05.02 2010-03-20 1.14 -
Sophos 3.05.4 4.51 2010-03-21 3.68 -
Sunbelt 3.9.2410.2 5988 2010-03-20 3.72 -
Symantec 1.3.0.24 20100311.002 2010-03-11 0.00 -
nProtect 20100320.01 7779920 2010-03-20 4.90 -
The Hacker 6.5.2.0 v00241 2010-03-20 0.39 -
VBA32 3.12.12.2 20100319.1007 2010-03-19 3.06 -
VirusBuster 4.5.11.10 10.122.5/2014520 2010-03-20 2.35 -

VirSCAN.org Scanned Report :
Scanned time : 2010/03/20 14:04:02 (EDT)
Scanner results: 11% Scanner(s) (4/36) found malware!
File Name : ONyQQ.dll
File Size : 66159 byte
File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
MD5 : 246d2b75f984e1a8f837104944c57ea6
SHA1 : 72bc2c66df7e387af4c188aa71cfd0b857e52ea3
Online report : http://virscan.org/report/1f613fa70a4210a3...e8b3e9b352.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20100320063127 2010-03-20 5.54 -
AhnLab V3 2010.03.21.00 2010.03.21 2010-03-21 1.08 -
AntiVir 8.2.1.196 7.10.5.155 2010-03-19 0.08 -
Antiy 2.0.18 20100318.4019584 2010-03-18 0.12 -
Arcavir 2009 201003201026 2010-03-20 0.04 -
Authentium 5.1.1 201003191805 2010-03-19 1.29 W32/Patched.A!Generic (Possible)
AVAST! 4.7.4 100320-0 2010-03-20 0.01 -
AVG 8.5.720 271.1.1/2759 2010-03-20 0.24 -
BitDefender 7.81008.5494847 7.30856 2010-03-21 5.64 -
ClamAV 0.95.3 10601 2010-03-20 0.03 -
Comodo 3.13.579 4331 2010-03-20 2.19 -
CP Secure 1.3.0.5 2010.03.21 2010-03-21 0.06 -
Dr.Web 5.0.1.12222 2010.03.21 2010-03-21 6.06 -
F-Prot 4.4.4.56 20100319 2010-03-19 1.27 W32/Patched.A!Generic
F-Secure 7.02.73807 2010.03.20.02 2010-03-20 0.17 -
Fortinet 4.0.14 11.603 2010-03-20 0.28 -
GData 19.10840/19.832 20100320 2010-03-20 6.62 -
ViRobot 20100319 2010.03.19 2010-03-19 0.41 -
Ikarus T3.1.01.80 2010.03.20.75442 2010-03-20 5.43 -
JiangMin 13.0.900 2010.03.20 2010-03-20 5.75 -
Kaspersky 5.5.10 2010.03.20 2010-03-20 0.12 -
KingSoft 2009.2.5.15 2010.3.20.21 2010-03-20 0.64 -
McAfee 5.3.00 5926 2010-03-20 3.67 W32/PatchLoad.d
Microsoft 1.5605 2010.03.20 2010-03-20 6.67 -
Norman 6.01.09 6.01.00 2010-02-10 4.01 -
Panda 9.05.01 2010.03.20 2010-03-20 2.64 -
Trend Micro 9.120-1004 6.938.09 2010-03-20 0.03 -
Quick Heal 10.00 2010.03.19 2010-03-19 1.43 -
Rising 20.0 22.39.05.02 2010-03-20 1.08 -
Sophos 3.05.4 4.51 2010-03-21 3.65 -
Sunbelt 3.9.2410.2 5988 2010-03-20 3.85 -
Symantec 1.3.0.24 20100311.002 2010-03-11 0.00 -
nProtect 20100320.01 7779920 2010-03-20 4.53 -
The Hacker 6.5.2.0 v00241 2010-03-20 0.36 Trojan/Patched.gen
VBA32 3.12.12.2 20100319.1007 2010-03-19 2.80 -
VirusBuster 4.5.11.10 10.122.5/2014520 2010-03-20 2.32 -


VirSCAN.org Scanned Report :
Scanned time : 2010/03/20 14:06:31 (EDT)
Scanner results: 11% Scanner(s) (4/36) found malware!
File Name : nbagGD.dll
File Size : 66159 byte
File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
MD5 : 25539b11aa3ab45d4907cd00961a5c88
SHA1 : cd1d93afab111a92316aecfbe95944aa716a62fe
Online report : http://virscan.org/report/cf4d9e66b9ff4633...ab60143a24.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20100320063127 2010-03-20 5.28 -
AhnLab V3 2010.03.21.00 2010.03.21 2010-03-21 1.34 -
AntiVir 8.2.1.196 7.10.5.155 2010-03-19 0.07 -
Antiy 2.0.18 20100318.4019584 2010-03-18 0.13 -
Arcavir 2009 201003201026 2010-03-20 0.04 -
Authentium 5.1.1 201003191805 2010-03-19 1.39 W32/Patched.A!Generic (Possible)
AVAST! 4.7.4 100320-0 2010-03-20 0.01 -
AVG 8.5.720 271.1.1/2759 2010-03-20 0.27 -
BitDefender 7.81008.5494847 7.30856 2010-03-21 5.99 -
ClamAV 0.95.3 10601 2010-03-20 0.03 -
Comodo 3.13.579 4331 2010-03-20 0.96 -
CP Secure 1.3.0.5 2010.03.21 2010-03-21 0.06 -
Dr.Web 5.0.1.12222 2010.03.21 2010-03-21 6.13 -
F-Prot 4.4.4.56 20100319 2010-03-19 1.30 W32/Patched.A!Generic
F-Secure 7.02.73807 2010.03.20.02 2010-03-20 0.18 -
Fortinet 4.0.14 11.603 2010-03-20 0.20 -
GData 19.10840/19.832 20100320 2010-03-20 8.67 -
ViRobot 20100319 2010.03.19 2010-03-19 0.42 -
Ikarus T3.1.01.80 2010.03.20.75442 2010-03-20 5.46 -
JiangMin 13.0.900 2010.03.20 2010-03-20 9.38 -
Kaspersky 5.5.10 2010.03.20 2010-03-20 0.13 -
KingSoft 2009.2.5.15 2010.3.20.21 2010-03-20 0.66 -
McAfee 5.3.00 5926 2010-03-20 3.68 W32/PatchLoad.d
Microsoft 1.5605 2010.03.20 2010-03-20 7.28 -
Norman 6.01.09 6.01.00 2010-02-10 4.00 -
Panda 9.05.01 2010.03.20 2010-03-20 3.32 -
Trend Micro 9.120-1004 6.938.09 2010-03-20 0.03 -
Quick Heal 10.00 2010.03.19 2010-03-19 1.92 -
Rising 20.0 22.39.05.02 2010-03-20 1.08 -
Sophos 3.05.4 4.51 2010-03-21 3.66 -
Sunbelt 3.9.2410.2 5988 2010-03-20 3.81 -
Symantec 1.3.0.24 20100311.002 2010-03-11 0.00 -
nProtect 20100320.01 7779920 2010-03-20 4.53 -
The Hacker 6.5.2.0 v00241 2010-03-20 0.37 Trojan/Patched.gen
VBA32 3.12.12.2 20100319.1007 2010-03-19 2.95 -
VirusBuster 4.5.11.10 10.122.5/2014520 2010-03-20 2.35 -

VirSCAN.org Scanned Report :
Scanned time : 2010/03/20 14:09:25 (EDT)
Scanner results: Scanners did not find malware!
File Name : {789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
File Size : 262 byte
File Type : ASCII text, with CRLF line terminators
MD5 : 72dba45048da915088abd4fe00ac8fc1
SHA1 : 5c69fc9b167913d4c9911facd41857bdaad5d5f0
Online report : http://virscan.org/report/e465b260c42c8aa3...ed01108a77.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20100320063127 2010-03-20 4.63 -
AhnLab V3 2010.03.21.00 2010.03.21 2010-03-21 2.12 -
AntiVir 8.2.1.196 7.10.5.155 2010-03-19 0.20 -
Antiy 2.0.18 20100318.4019584 2010-03-18 0.13 -
Arcavir 2009 201003201026 2010-03-20 0.02 -
Authentium 5.1.1 201003191805 2010-03-19 1.28 -
AVAST! 4.7.4 100320-0 2010-03-20 0.00 -
AVG 8.5.720 271.1.1/2759 2010-03-20 0.22 -
BitDefender 7.81008.5494847 7.30856 2010-03-21 5.69 -
ClamAV 0.95.3 10601 2010-03-20 0.00 -
Comodo 3.13.579 4331 2010-03-20 0.88 -
CP Secure 1.3.0.5 2010.03.21 2010-03-21 0.01 -
Dr.Web 5.0.1.12222 2010.03.21 2010-03-21 6.07 -
F-Prot 4.4.4.56 20100319 2010-03-19 1.25 -
F-Secure 7.02.73807 2010.03.20.02 2010-03-20 10.37 -
Fortinet 4.0.14 11.603 2010-03-20 0.14 -
GData 19.10840/19.832 20100320 2010-03-20 6.42 -
ViRobot 20100319 2010.03.19 2010-03-19 0.41 -
Ikarus T3.1.01.80 2010.03.20.75442 2010-03-20 5.36 -
JiangMin 13.0.900 2010.03.20 2010-03-20 4.91 -
Kaspersky 5.5.10 2010.03.20 2010-03-20 0.03 -
KingSoft 2009.2.5.15 2010.3.20.21 2010-03-20 0.65 -
McAfee 5.3.00 5926 2010-03-20 3.68 -
Microsoft 1.5605 2010.03.20 2010-03-20 6.41 -
Norman 6.01.09 6.01.00 2010-02-10 4.01 -
Panda 9.05.01 2010.03.20 2010-03-20 2.07 -
Trend Micro 9.120-1004 6.938.09 2010-03-20 0.02 -
Quick Heal 10.00 2010.03.19 2010-03-19 1.38 -
Rising 20.0 22.39.05.02 2010-03-20 0.31 -
Sophos 3.05.4 4.51 2010-03-21 3.63 -
Sunbelt 3.9.2410.2 5988 2010-03-20 4.63 -
Symantec 1.3.0.24 20100311.002 2010-03-11 0.44 -
nProtect 20100320.01 7779920 2010-03-20 4.48 -
The Hacker 6.5.2.0 v00241 2010-03-20 0.36 -
VBA32 3.12.12.2 20100319.1007 2010-03-19 2.69 -
VirusBuster 4.5.11.10 10.122.5/2014520 2010-03-20 2.30 -

VirSCAN.org Scanned Report :
Scanned time : 2010/03/20 14:11:31 (EDT)
Scanner results: 22% Scanner(s) (8/36) found malware!
File Name : anidovug.DLL
File Size : 165376 byte
File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
MD5 : ebf9c9ad2d5670117a02480a7ba26916
SHA1 : 57bf4e8451de5cd8bbb40f5a941039ad76632f56
Online report : http://virscan.org/report/06aa3607a61ddb71...fdcfce5c53.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20100320063127 2010-03-20 4.72 Trojan.Win32.Hiloti!IK
AhnLab V3 2010.03.21.00 2010.03.21 2010-03-21 1.04 -
AntiVir 8.2.1.196 7.10.5.155 2010-03-19 0.32 -
Antiy 2.0.18 20100318.4019584 2010-03-18 0.12 -
Arcavir 2009 201003201026 2010-03-20 0.06 -
Authentium 5.1.1 201003191805 2010-03-19 1.28 -
AVAST! 4.7.4 100320-0 2010-03-20 0.01 -
AVG 8.5.720 271.1.1/2759 2010-03-20 0.22 Hiloti.Z
BitDefender 7.81008.5494847 7.30856 2010-03-21 5.65 Gen:Packed.Hiloti.1
ClamAV 0.95.3 10601 2010-03-20 0.04 -
Comodo 3.13.579 4331 2010-03-20 0.92 -
CP Secure 1.3.0.5 2010.03.21 2010-03-21 0.07 -
Dr.Web 5.0.1.12222 2010.03.21 2010-03-21 6.17 -
F-Prot 4.4.4.56 20100319 2010-03-19 1.30 -
F-Secure 7.02.73807 2010.03.20.02 2010-03-20 10.53 Packed:W32/Mufanom.A [FSE]
Fortinet 4.0.14 11.603 2010-03-20 0.22 -
GData 19.10840/19.832 20100320 2010-03-20 6.54 -
ViRobot 20100319 2010.03.19 2010-03-19 0.41 -
Ikarus T3.1.01.80 2010.03.20.75442 2010-03-20 5.39 Trojan.Win32.Hiloti
JiangMin 13.0.900 2010.03.20 2010-03-20 5.01 -
Kaspersky 5.5.10 2010.03.20 2010-03-20 0.08 -
KingSoft 2009.2.5.15 2010.3.20.21 2010-03-20 0.68 -
McAfee 5.3.00 5926 2010-03-20 3.69 -
Microsoft 1.5605 2010.03.20 2010-03-20 6.47 -
Norman 6.01.09 6.01.00 2010-02-10 4.01 -
Panda 9.05.01 2010.03.20 2010-03-20 2.01 -
Trend Micro 9.120-1004 6.938.09 2010-03-20 0.03 -
Quick Heal 10.00 2010.03.19 2010-03-19 1.48 -
Rising 20.0 22.39.05.02 2010-03-20 1.20 -
Sophos 3.05.4 4.51 2010-03-21 3.66 Mal/Hiloti-A
Sunbelt 3.9.2410.2 5992 2010-03-20 3.82 -
Symantec 1.3.0.24 20100311.002 2010-03-11 0.00 -
nProtect 20100320.01 7779920 2010-03-20 5.11 Gen:Packed.Hiloti.1
The Hacker 6.5.2.0 v00241 2010-03-20 0.38 -
VBA32 3.12.12.2 20100319.1007 2010-03-19 2.69 BScope.Trojan.Hiloti
VirusBuster 4.5.11.10 10.122.5/2014520 2010-03-20 2.36 -

Systemlook:
SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 14:15 on 20/03/2010 by Mike (Administrator - Elevation successful)

========== dir ==========

C:\Documents and Settings\All Users\Application Data\kpgzgjoh - Parameters: "/s"

---Files---
None found.

No folders found.

C:\Documents and Settings\All Users\Application Data\pubopyfy - Parameters: "/s"

---Files---
None found.

No folders found.

-=End Of File=-

Go to Sart -> Run, type CMD and click OK. At the prompt copy and paste the following command and press Enter:

Copy "C:\PNPDRIVERS\NVIDIA\CHIPSET\6.82\IDE\WINXP\SATA_IDE\NVATA.SYS" C:\

You should receive a message, 1 file copied. This is important as if this message is not received, the next set of instruction will partially fail. Type Exit at the prompt and press Enter to return to Windows.

1. Please download The Avenger by Swandog46 to your Desktop.

• Right click on the Avenger.zip folder and select "Extract All..."
• Follow the prompts and extract the avenger folder to your desktop

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):



Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, open the avenger folder and start The Avenger program by clicking on its icon.

• Right click on the window under Input script here:, and select Paste.
• You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
• Click on Execute
• Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

• It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
• On reboot, it will briefly open a black command window on your desktop, this is normal.
• After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
• The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please copy/paste the content of c:\avenger.txt into your reply, and if successful, another GMER report to confirm.