I am trying to help a coworker through their PC troubles.
Their desk background is locked-out and the IE browser is sluggish.
Where do I go from here.
I have ATF Cleaner, SmitfraudFix, AVG, and Karpersky ready to go.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:55:19, on 2/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\ASUS\AI Nap\AiNap.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,C:\WINNT\system32\twex.exe,
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program Files\ASUS\AI Booster\OverClk.exe"
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.14\AsRunHelp.exe
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\AI Nap\AiNap.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Pvalekawep] rundll32.exe "C:\WINNT\azimatoyaqogun.dll",e
O4 - HKLM\..\Run: [Vnoduyas] rundll32.exe "C:\WINNT\Rxivu.dll",e
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Antispyware] C:\Program Files\Antispyware\Antispyware.exe -boot
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINNT\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

--
End of file - 10230 bytes

hello

• Download OTListIt2 to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Under the Standard Registry box change it to All.
• Check the boxes beside LOP Check and Purity Check.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Only one window opened, Otlistit.txt, the Extra.txt didn't appear. Why was that?

OTListIt logfile created on: 2/4/2009 10:48:17 PM - Run 2
OTListIt2 by OldTimer - Version 1.0.4.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 216.65 Gb Free Space | 93.03% Space Free | Partition Type: NTFS
Drive D: | 596.17 Gb Total Space | 459.95 Gb Free Space | 77.15% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LINK
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
C:\WINNT\system32\rundll32.exe (Microsoft Corporation)
C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
C:\Program Files\Analog Devices\SoundMAX\SMax4.exe (Analog Devices, Inc.)
C:\Program Files\ASUS\AI Nap\AiNap.exe ()
C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe (Adobe Systems Inc.)
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
C:\Program Files\Winamp\winampa.exe ()
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe (Apache Software Foundation)
C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe (Apache Software Foundation)
c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe (NVIDIA Corporation)
C:\WINNT\system32\nvsvc32.exe (NVIDIA Corporation)
C:\WINNT\system32\PnkBstrA.exe ()
C:\Program Files\CyberLink\Shared files\RichVideo.exe ()
C:\WINNT\system32\wdfmgr.exe (Microsoft Corporation)
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe ()
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe (NVIDIA Corporation)
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
C:\WINNT\system32\rundll32.exe (Microsoft Corporation)
C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
C:\Documents and Settings\Administrator\Desktop\OTListIt2.exe (OldTimer Tools)

========== (O23) Win32 Services (SafeList) ==========

(Adobe LM Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
(aspnet_state [On_Demand | Stopped]) -- C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
(aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
(avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
(avast! Mail Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
(avast! Web Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
(clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
(FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINNT\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
(ForceWare Intelligent Application Manager (IAM) [Auto | Running]) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe ()
(ForcewareWebInterface [Auto | Running]) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe (Apache Software Foundation)
(helpsvc [Auto | Running]) -- C:\WINNT\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
(idsvc [Unknown | Stopped]) -- C:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
(IJPLMSVC [Auto | Running]) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
(JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
(mcmscsvc [Auto | Running]) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
(McNASvc [Auto | Running]) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
(McODS [On_Demand | Stopped]) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
(McProxy [Auto | Running]) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
(McShield [Unknown | Running]) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
(McSysmon [On_Demand | Running]) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
(Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
(MpfService [On_Demand | Running]) -- C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
(NetTcpPortSharing [Disabled | Stopped]) -- C:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
(nSvcIp [Auto | Running]) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe (NVIDIA Corporation)
(nSvcLog [Auto | Running]) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe (NVIDIA Corporation)
(NVSvc [Auto | Running]) -- C:\WINNT\system32\nvsvc32.exe (NVIDIA Corporation)
(odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
(ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
(PnkBstrA [Auto | Running]) -- C:\WINNT\system32\PnkBstrA.exe ()
(RichVideo [Auto | Running]) -- C:\Program Files\CyberLink\Shared files\RichVideo.exe ()
(UMWdf [Auto | Running]) -- C:\WINNT\system32\wdfmgr.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

(Aavmker4 [System | Running]) -- C:\WINNT\system32\drivers\aavmker4.sys (ALWIL Software)
(ADIHdAudAddService [On_Demand | Running]) -- C:\WINNT\system32\drivers\ADIHdAud.sys (Analog Devices, Inc.)
(AEAudio [On_Demand | Running]) -- C:\WINNT\system32\drivers\aeaudio.sys (Andrea Electronics Corporation)
(AnyDVD [On_Demand | Running]) -- C:\WINNT\system32\drivers\AnyDVD.sys (SlySoft, Inc.)
(AsIO [System | Running]) -- C:\WINNT\system32\drivers\AsIO.sys ()
(aswFsBlk [Auto | Running]) -- C:\WINNT\system32\drivers\aswFsBlk.sys (ALWIL Software)
(aswMon2 [Auto | Running]) -- C:\WINNT\system32\drivers\aswmon2.sys (ALWIL Software)
(aswRdr [On_Demand | Running]) -- C:\WINNT\system32\drivers\aswRdr.sys (ALWIL Software)
(aswSP [System | Running]) -- C:\WINNT\system32\drivers\aswSP.sys (ALWIL Software)
(aswTdi [System | Running]) -- C:\WINNT\system32\drivers\aswTdi.sys (ALWIL Software)
(ElbyCDIO [System | Running]) -- C:\WINNT\system32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
(ElbyDelay [On_Demand | Running]) -- C:\WINNT\system32\drivers\ElbyDelay.sys (Elaborate Bytes AG)
(Eplpdx02 [On_Demand | Running]) -- C:\WINNT\system32\drivers\EPLPDX02.SYS (MK Systems CO., LTD.)
(HDAudBus [On_Demand | Running]) -- C:\WINNT\system32\drivers\Hdaudbus.sys (Windows ® Server 2003 DDK provider)
(kbdhid [System | Stopped]) -- C:\WINNT\system32\drivers\kbdhid.sys (Microsoft Corporation)
(mfeavfk [On_Demand | Running]) -- C:\WINNT\system32\drivers\mfeavfk.sys (McAfee, Inc.)
(mfebopk [On_Demand | Running]) -- C:\WINNT\system32\drivers\mfebopk.sys (McAfee, Inc.)
(mfehidk [System | Running]) -- C:\WINNT\system32\drivers\mfehidk.sys (McAfee, Inc.)
(mferkdk [On_Demand | Stopped]) -- C:\WINNT\system32\drivers\mferkdk.sys (McAfee, Inc.)
(mfesmfk [On_Demand | Running]) -- C:\WINNT\system32\drivers\mfesmfk.sys (McAfee, Inc.)
(MPFP [System | Running]) -- C:\WINNT\system32\drivers\Mpfp.sys (McAfee, Inc.)
(MTsensor [On_Demand | Running]) -- C:\WINNT\system32\drivers\ASACPI.sys ()
(nv [On_Demand | Running]) -- C:\WINNT\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
(nvata [Boot | Running]) -- C:\WINNT\system32\drivers\nvata.sys (NVIDIA Corporation)
(NVENETFD [On_Demand | Running]) -- C:\WINNT\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
(nvnetbus [On_Demand | Running]) -- C:\WINNT\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
(NVTCP [System | Running]) -- C:\WINNT\system32\drivers\nvtcp.sys (NVIDIA Corporation)
(pfc [On_Demand | Running]) -- C:\WINNT\system32\drivers\pfc.sys (Padus, Inc.)
(Ptilink [On_Demand | Running]) -- C:\WINNT\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
(PxHelp20 [Boot | Running]) -- C:\WINNT\system32\drivers\PxHelp20.sys (Sonic Solutions)
(Secdrv [On_Demand | Stopped]) -- C:\WINNT\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(SenFiltService [On_Demand | Running]) -- C:\WINNT\system32\drivers\senfilt.sys (Sensaura)
(unafgbza [Boot | Stopped]) -- C:\WINNT\unafgbza ()
(WS2IFSL [System | Running]) -- C:\WINNT\system32\drivers\ws2ifsl.sys (Microsoft Corporation)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: (734 bytes) - C:\WINNT\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {2556DCDC-DFA0-46E8-A8D1-42C6FC088265} - Reg Error: Key does not exist or could not be opened. File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {62E34F4B-39C1-4389-93E2-D98B4F1525A6} - Reg Error: Key does not exist or could not be opened. File not found
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINNT\system32\jkkHXPIY.dll ()
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (no name) - {8186C11B-875E-4E18-9BCB-EDEE52EF0EBA} - C:\WINNT\system32\pmnlmjIx.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINNT\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINNT\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar: (no name) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINNT\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - Reg Error: Key does not exist or could not be opened. File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" (Adobe Systems Inc.)
O4 - HKLM..\Run: [Ai Nap] "C:\Program Files\ASUS\AI Nap\AiNap.exe" ()
O4 - HKLM..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.14\AsRunHelp.exe ()
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon (CANON INC.)
O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" ()
O4 - HKLM..\Run: [Launch Ai Booster] "C:\Program Files\ASUS\AI Booster\OverClk.exe" ()
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install ()
O4 - HKLM..\Run: [Pvalekawep] rundll32.exe "C:\WINNT\azimatoyaqogun.dll",e ()
O4 - HKLM..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" (Cyberlink Corp.)
O4 - HKLM..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Vnoduyas] rundll32.exe "C:\WINNT\Rxivu.dll",e File not found
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKCU..\Run: [Antispyware] C:\Program Files\Antispyware\Antispyware.exe -boot File not found
O4 - HKCU..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINNT\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Sites: 49 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINNT\Java\classes\dajava.cab (Reg Error: Key does not exist or could not be opened.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab (Reg Error: Key does not exist or could not be opened.)
O18 - Protocol\Handler: - about - C:\WINNT\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler: - cdl - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - dvd - C:\WINNT\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler: - file - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - ftp - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - gopher - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - grooveLocalGWS - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler: - http - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - httpx00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - http\oledb - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - https - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - httpsx00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - https\oledb - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - ipp - No CLSID value found
O18 - Protocol\Handler: - ippx00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - its - C:\WINNT\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler: - javascript - C:\WINNT\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler: - local - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - mailto - C:\WINNT\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler: - mhtml - C:\WINNT\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler: - mk - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp - No CLSID value found
O18 - Protocol\Handler: - msdaippx00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp\oledb - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - ms-help - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler: - ms-its - C:\WINNT\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler: - res - C:\WINNT\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler: - sysimage - C:\WINNT\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler: - tv - C:\WINNT\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler: - vbscript - C:\WINNT\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler: - wia - C:\WINNT\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/octet-stream - C:\WINNT\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\WINNT\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\WINNT\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINNT\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - See sections below for AppInitDlls and Winlogon settings
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9}C:\WINNT\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9}C:\WINNT\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153}C:\WINNT\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}C:\WINNT\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: (Browseui preloader) - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: (Component Categories cache daemon) - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\system32\browseui.dll (Microsoft Corporation)

========== HKLM Winlogon Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell" = Explorer.exe
>C:\WINNT\explorer.exe (Microsoft Corporation)

"UserInit" = C:\WINNT\system32\userinit.exe,C:\WINNT\system32\twex.exe,
>C:\WINNT\system32\userinit.exe (Microsoft Corporation)
>C:\WINNT\system32\twex.exe File not found

"UIHost" = logonui.exe
>C:\WINNT\system32\logonui.exe (Microsoft Corporation)

"VMApplet" = rundll32 shell32,Control_RunDLL "sysdm.cpl"
>C:\WINNT\system32\shell32.dll (Microsoft Corporation)
>C:\WINNT\system32\sysdm.cpl (Microsoft Corporation)


========== Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
crypt32chain: "DllName" = crypt32.dll -- C:\WINNT\system32\crypt32.dll (Microsoft Corporation)
cryptnet: "DllName" = cryptnet.dll -- C:\WINNT\system32\cryptnet.dll (Microsoft Corporation)
cscdll: "DllName" = cscdll.dll -- C:\WINNT\system32\cscdll.dll (Microsoft Corporation)
dimsntfy: "DllName" = %SystemRoot%\System32\dimsntfy.dll -- C:\WINNT\system32\dimsntfy.dll (Microsoft Corporation)
jkkHXPIY: "DllName" = jkkHXPIY.dll -- C:\WINNT\system32\jkkHXPIY.dll ()
ScCertProp: "DllName" = wlnotify.dll -- C:\WINNT\system32\wlnotify.dll (Microsoft Corporation)
Schedule: "DllName" = wlnotify.dll -- C:\WINNT\system32\wlnotify.dll (Microsoft Corporation)
sclgntfy: "DllName" = sclgntfy.dll -- C:\WINNT\system32\sclgntfy.dll (Microsoft Corporation)
SensLogn: "DllName" = WlNotify.dll -- C:\WINNT\system32\wlnotify.dll (Microsoft Corporation)
termsrv: "DllName" = wlnotify.dll -- C:\WINNT\system32\wlnotify.dll (Microsoft Corporation)
WgaLogon: "DllName" = WgaLogon.dll -- C:\WINNT\system32\WgaLogon.dll (Microsoft Corporation)
wlballoon: "DllName" = wlnotify.dll -- C:\WINNT\system32\wlnotify.dll (Microsoft Corporation)

========== IFEO "Debugger" Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\]
Your Image File Name Here without a path:"Debugger" = C:\WINNT\system32\ntsd.exe (Microsoft Corporation)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}" (HKLM) -- C:\WINNT\system32\jkkHXPIY.dll ()
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}" (HKLM) -- C:\WINNT\system32\shell32.dll (Microsoft Corporation)
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" (HKLM) -- C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

========== HKLM *SecurityProviders* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders" = msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
>C:\WINNT\system32\msapsspc.dll (Microsoft Corporation)
>C:\WINNT\system32\schannel.dll (Microsoft Corporation)
>C:\WINNT\system32\digest.dll (Microsoft Corporation)
>C:\WINNT\system32\msnsspc.dll (Microsoft Corporation)

========== LSA *Authentication Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages" = msv1_0,C:\WINNT\system32\pmnlmjIx,
>C:\WINNT\system32\msv1_0.dll (Microsoft Corporation)
>C:\WINNT\system32\pmnlmjIx.dll (Adobe Systems Incorporated)

========== LSA *Security Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Security Packages" = kerberos,msv1_0,schannel,wdigest,
>C:\WINNT\system32\kerberos.dll (Microsoft Corporation)
>C:\WINNT\system32\msv1_0.dll (Microsoft Corporation)
>C:\WINNT\system32\schannel.dll (Microsoft Corporation)
>C:\WINNT\system32\wdigest.dll (Microsoft Corporation)

========== Safeboot Options ==========

"AlternateShell" = cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
C:\AUTOEXEC.BAT () -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[5 C:\WINNT\*.tmp files]
[2009/02/04 22:44:50 | 00,419,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTListIt2.exe
[2009/02/04 10:29:12 | 00,001,396 | -HS- | C] () -- C:\WINNT\System32\xIjmlnmp.ini2
[2009/02/04 10:28:18 | 00,000,148 | ---- | C] () -- C:\WINNT\wininit.ini
[2009/02/03 22:29:53 | 00,000,000 | ---D | C] -- C:\WINNT\pss
[2009/02/03 21:42:59 | 00,035,328 | ---- | C] () -- C:\WINNT\System32\iifedccD.dll
[2009/02/03 17:57:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Hijackthis
[2009/02/02 17:32:27 | 00,289,144 | ---- | C] (S!Ri) -- C:\WINNT\System32\VCCLSID.exe
[2009/02/02 17:32:27 | 00,288,417 | ---- | C] (S!Ri) -- C:\WINNT\System32\SrchSTS.exe
[2009/02/02 17:32:27 | 00,135,168 | ---- | C] (SteelWerX) -- C:\WINNT\System32\swreg.exe
[2009/02/02 17:32:27 | 00,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINNT\System32\VACFix.exe
[2009/02/02 17:32:27 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINNT\System32\IEDFix.exe
[2009/02/02 17:32:27 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINNT\System32\IEDFix.C.exe
[2009/02/02 17:32:27 | 00,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINNT\System32\404Fix.exe
[2009/02/02 17:32:27 | 00,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINNT\System32\o4Patch.exe
[2009/02/02 17:32:27 | 00,079,360 | ---- | C] (SteelWerX) -- C:\WINNT\System32\swxcacls.exe
[2009/02/02 17:32:27 | 00,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINNT\System32\Agent.OMZ.Fix.exe
[2009/02/02 17:32:27 | 00,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINNT\System32\Process.exe
[2009/02/02 17:32:27 | 00,051,200 | ---- | C] () -- C:\WINNT\System32\dumphive.exe
[2009/02/02 17:32:27 | 00,040,960 | ---- | C] () -- C:\WINNT\System32\swsc.exe
[2009/02/02 17:32:27 | 00,025,600 | ---- | C] () -- C:\WINNT\System32\WS2Fix.exe
[2009/02/02 17:32:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\SmitfraudFix
[2009/02/02 17:30:29 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[2009/02/02 17:30:29 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/02/01 01:57:32 | 00,000,004 | ---- | C] () -- C:\WINNT\unafgbza
[2009/02/01 01:15:37 | 00,050,864 | ---- | C] (ALWIL Software) -- C:\WINNT\System32\drivers\aswTdi.sys
[2009/02/01 01:15:37 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINNT\System32\drivers\aavmker4.sys
[2009/02/01 01:15:37 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINNT\System32\drivers\aswRdr.sys
[2009/02/01 01:15:37 | 00,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/02/01 01:15:36 | 00,111,184 | ---- | C] (ALWIL Software) -- C:\WINNT\System32\drivers\aswSP.sys
[2009/02/01 01:15:36 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINNT\System32\AvastSS.scr
[2009/02/01 01:15:36 | 00,094,032 | ---- | C] (ALWIL Software) -- C:\WINNT\System32\drivers\aswmon2.sys
[2009/02/01 01:15:36 | 00,093,296 | ---- | C] (ALWIL Software) -- C:\WINNT\System32\drivers\aswmon.sys
[2009/02/01 01:15:36 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINNT\System32\drivers\aswFsBlk.sys
[2009/02/01 01:15:26 | 01,236,208 | ---- | C] (ALWIL Software) -- C:\WINNT\System32\aswBoot.exe
[2009/02/01 01:15:26 | 00,380,928 | ---- | C] () -- C:\WINNT\System32\actskin4.ocx
[2009/02/01 01:15:25 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/02/01 01:07:52 | 00,001,396 | -HS- | C] () -- C:\WINNT\System32\xIjmlnmp.ini
[2009/02/01 01:07:52 | 00,001,096 | ---- | C] () -- C:\WINNT\iphtfalj
[2009/01/31 22:04:29 | 00,000,372 | -HS- | C] () -- C:\WINNT\System32\poVvDJlm.ini
[2009/01/31 21:26:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\{91AAB759-1608-4085-8669-1B4F437E0300}
[2009/01/31 21:26:22 | 00,134,144 | ---- | C] () -- C:\WINNT\azimatoyaqogun.dll
[2009/01/31 20:59:26 | 00,001,347 | ---- | C] () -- C:\WINNT\System32\ahtn.htm
[2009/01/31 20:59:25 | 00,004,785 | ---- | C] () -- C:\WINNT\System32\warning.gif
[2009/01/31 20:59:22 | 00,000,491 | ---- | C] () -- C:\WINNT\System32\win32hlp.cnf
[2009/01/31 20:59:14 | 00,000,001 | ---- | C] () -- C:\WINNT\System32\test.ttt
[2009/01/31 20:59:11 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\frmwrk32.exe
[2009/01/31 20:59:09 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\998.exe
[2009/01/31 20:57:55 | 00,000,372 | -HS- | C] () -- C:\WINNT\System32\fNmlTvut.ini
[2009/01/31 20:52:49 | 00,000,324 | ---- | C] () -- C:\WINNT\tasks\flpnmvmt.job
[2009/01/31 20:52:44 | 00,048,640 | ---- | C] () -- C:\WINNT\System32\jkkHXPIY.dll
[2009/01/31 20:52:42 | 00,044,824 | ---- | C] () -- C:\WINNT\System32\prunnet.exe
[2009/01/29 15:02:38 | 00,103,488 | ---- | C] (SlySoft, Inc.) -- C:\WINNT\System32\drivers\AnyDVD.sys
[2009/01/29 14:57:58 | 00,023,976 | ---- | C] (Elaborate Bytes AG) -- C:\WINNT\System32\drivers\ElbyCDIO.sys
[2009/01/29 13:54:59 | 00,089,256 | ---- | C] (Elaborate Bytes AG) -- C:\WINNT\System32\ElbyCDIO.dll
[2009/01/22 17:28:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\HotRod.English.DVDRIP.DIVX.EvilSnowmen.2007
[2009/01/22 17:28:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Babylon A.D (2008) DIVX Unrated DVDRIP
[2009/01/05 23:12:30 | 00,008,999 | ---- | C] () -- C:\WINNT\System32\Config.MPF
[2009/01/05 23:12:27 | 00,000,671 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2009/01/05 23:12:21 | 00,143,360 | ---- | C] (Inner Media, Inc.) -- C:\WINNT\System32\dunzip32.dll
[2009/01/05 23:10:36 | 00,033,832 | ---- | C] (McAfee, Inc.) -- C:\WINNT\System32\drivers\mferkdk.sys
[2009/01/05 23:10:34 | 00,201,320 | ---- | C] (McAfee, Inc.) -- C:\WINNT\System32\drivers\mfehidk.sys
[2009/01/05 23:10:34 | 00,079,304 | ---- | C] (McAfee, Inc.) -- C:\WINNT\System32\drivers\mfeavfk.sys
[2009/01/05 23:10:34 | 00,040,488 | ---- | C] (McAfee, Inc.) -- C:\WINNT\System32\drivers\mfesmfk.sys
[2009/01/05 23:10:34 | 00,035,240 | ---- | C] (McAfee, Inc.) -- C:\WINNT\System32\drivers\mfebopk.sys
[2009/01/05 23:10:33 | 00,113,952 | ---- | C] (McAfee, Inc.) -- C:\WINNT\System32\drivers\Mpfp.sys
[2009/01/05 23:10:28 | 00,000,352 | ---- | C] () -- C:\WINNT\tasks\McDefragTask.job
[2009/01/05 23:10:27 | 00,000,348 | ---- | C] () -- C:\WINNT\tasks\McQcTask.job
[2009/01/05 23:10:23 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2009/01/05 23:10:21 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2009/01/05 23:10:09 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee

========== Files - Modified Within 30 Days ==========

[1 C:\WINNT\System32\*.tmp files]
[5 C:\WINNT\*.tmp files]
[2009/02/04 22:48:00 | 00,001,396 | -HS- | M] () -- C:\WINNT\System32\xIjmlnmp.ini2
[2009/02/04 22:47:41 | 00,001,396 | -HS- | M] () -- C:\WINNT\System32\xIjmlnmp.ini
[2009/02/04 22:44:51 | 00,419,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTListIt2.exe
[2009/02/04 20:57:38 | 00,002,626 | ---- | M] () -- C:\WINNT\System32\CONFIG.NT
[2009/02/04 13:00:00 | 00,000,324 | ---- | M] () -- C:\WINNT\tasks\flpnmvmt.job
[2009/02/04 12:50:00 | 00,008,999 | ---- | M] () -- C:\WINNT\System32\Config.MPF
[2009/02/04 12:48:33 | 00,000,083 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2009/02/04 12:47:44 | 00,002,331 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2009/02/04 12:47:42 | 00,000,006 | -H-- | M] () -- C:\WINNT\tasks\SA.DAT
[2009/02/04 12:47:37 | 00,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat
[2009/02/04 12:45:53 | 04,320,746 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2009/02/04 10:28:18 | 00,000,148 | ---- | M] () -- C:\WINNT\wininit.ini
[2009/02/04 01:31:21 | 00,000,004 | ---- | M] () -- C:\WINNT\unafgbza
[2009/02/03 23:00:25 | 00,000,612 | ---- | M] () -- C:\WINNT\win.ini
[2009/02/03 23:00:25 | 00,000,227 | ---- | M] () -- C:\WINNT\system.ini
[2009/02/03 23:00:25 | 00,000,207 | RHS- | M] () -- C:\boot.ini
[2009/02/03 21:42:59 | 00,035,328 | ---- | M] () -- C:\WINNT\System32\iifedccD.dll
[2009/02/02 17:30:29 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[2009/02/01 01:16:51 | 00,001,096 | ---- | M] () -- C:\WINNT\iphtfalj
[2009/02/01 01:15:37 | 00,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/02/01 01:02:37 | 00,000,491 | ---- | M] () -- C:\WINNT\System32\win32hlp.cnf
[2009/01/31 23:40:01 | 00,004,785 | ---- | M] () -- C:\WINNT\System32\warning.gif
[2009/01/31 23:40:01 | 00,001,347 | ---- | M] () -- C:\WINNT\System32\ahtn.htm
[2009/01/31 22:05:19 | 00,000,000 | ---- | M] () -- C:\WINNT\MEMORY.DMP
[2009/01/31 22:04:29 | 00,000,372 | -HS- | M] () -- C:\WINNT\System32\poVvDJlm.ini
[2009/01/31 21:26:24 | 00,134,144 | ---- | M] () -- C:\WINNT\azimatoyaqogun.dll
[2009/01/31 20:59:14 | 00,000,001 | ---- | M] () -- C:\WINNT\System32\test.ttt
[2009/01/31 20:59:11 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINNT\System32\frmwrk32.exe
[2009/01/31 20:59:11 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINNT\System32\998.exe
[2009/01/31 20:58:46 | 00,002,206 | ---- | M] () -- C:\WINNT\System32\wpa.dbl
[2009/01/31 20:57:55 | 00,000,372 | -HS- | M] () -- C:\WINNT\System32\fNmlTvut.ini
[2009/01/31 20:52:46 | 00,048,640 | ---- | M] () -- C:\WINNT\System32\jkkHXPIY.dll
[2009/01/31 20:52:42 | 00,044,824 | ---- | M] () -- C:\WINNT\System32\prunnet.exe
[2009/01/31 15:05:19 | 00,000,754 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AnyDVD.lnk
[2009/01/29 15:02:38 | 00,103,488 | ---- | M] (SlySoft, Inc.) -- C:\WINNT\System32\drivers\AnyDVD.sys
[2009/01/29 14:57:58 | 00,023,976 | ---- | M] (Elaborate Bytes AG) -- C:\WINNT\System32\drivers\ElbyCDIO.sys
[2009/01/29 13:54:59 | 00,089,256 | ---- | M] (Elaborate Bytes AG) -- C:\WINNT\System32\ElbyCDIO.dll
[2009/01/21 18:11:54 | 00,035,328 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/15 01:10:36 | 00,000,352 | ---- | M] () -- C:\WINNT\tasks\McDefragTask.job
[2009/01/12 13:32:13 | 00,138,464 | ---- | M] () -- C:\WINNT\System32\drivers\PnkBstrK.sys
[2009/01/12 13:32:06 | 00,111,928 | ---- | M] () -- C:\WINNT\System32\PnkBstrB.exe
[2009/01/09 17:35:30 | 20,853,704 | ---- | M] (Microsoft Corporation) -- C:\WINNT\System32\MRT.exe
[2009/01/05 23:12:27 | 00,000,671 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2009/01/05 23:10:27 | 00,000,348 | ---- | M] () -- C:\WINNT\tasks\McQcTask.job

========== LOP Check ==========

[2008/12/28 21:57:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data
[2008/04/11 11:03:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ACD Systems
[2008/04/09 23:06:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2008/04/11 10:54:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AdobeUM
[2008/10/09 13:34:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Antispyware
[2008/04/27 23:22:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Command & Conquer 3 Kane's Wrath
[2008/05/25 22:40:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\CyberLink
[2008/04/11 11:14:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Elaborate Bytes
[2008/04/09 22:21:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2008/07/01 12:43:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InstallShield
[2008/04/13 14:52:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
[2008/10/07 23:55:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\LimeWire
[2008/04/09 23:06:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2008/12/23 19:47:21 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2008/07/02 13:38:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Petroglyph
[2008/11/11 19:19:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Red Alert 3
[2008/07/01 12:50:16 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Administrator\Application Data\SecuROM
[2008/05/03 13:20:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sun
[2008/10/30 23:32:39 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/04/11 11:03:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2008/04/11 10:59:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2008/04/09 22:44:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe Systems
[2008/04/13 14:56:39 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/01/08 15:00:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
[2008/04/11 11:05:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2008/04/11 11:22:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
[2009/01/05 23:12:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2008/07/03 02:11:02 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/01/14 12:33:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2008/04/09 22:55:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2008/08/29 13:21:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2008/10/09 13:37:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2001/08/22 05:00:00 | 00,000,065 | RH-- | M] () -- C:\WINNT\Tasks\desktop.ini
[2009/02/04 13:00:00 | 00,000,324 | ---- | M] () -- C:\WINNT\Tasks\flpnmvmt.job
[2009/01/15 01:10:36 | 00,000,352 | ---- | M] () -- C:\WINNT\Tasks\McDefragTask.job
[2009/01/05 23:10:27 | 00,000,348 | ---- | M] () -- C:\WINNT\Tasks\McQcTask.job
[2009/02/04 12:47:42 | 00,000,006 | -H-- | M] () -- C:\WINNT\Tasks\SA.DAT

========== Purity Check ==========


========== Alternate Data Streams ==========

@Alternate Data Stream - 0 bytes -> %UserProfile%\My Documents\Thumbs.db:encryptable
< End of report >

Delete OTList2.exe and do this

• Download OTListIt2 to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Check the boxes beside LOP Check and Purity Check.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

OTListIt logfile created on: 2/5/2009 5:39:38 PM - Run 7
OTListIt2 by OldTimer - Version 2.0.0.6 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 216.71 Gb Free Space | 93.06% Space Free | Partition Type: NTFS
Drive D: | 596.17 Gb Total Space | 459.95 Gb Free Space | 77.15% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LINK
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

C:\WINNT\system32\rundll32.exe (Microsoft Corporation)
C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
C:\Program Files\Analog Devices\SoundMAX\SMax4.exe (Analog Devices, Inc.)
C:\Program Files\ASUS\AI Nap\AiNap.exe ()
C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe (Adobe Systems Inc.)
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
C:\Program Files\Winamp\winampa.exe ()
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe (Apache Software Foundation)
C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe (Apache Software Foundation)
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe (NVIDIA Corporation)
C:\WINNT\system32\nvsvc32.exe (NVIDIA Corporation)
C:\WINNT\system32\PnkBstrA.exe ()
C:\Program Files\CyberLink\Shared files\RichVideo.exe ()
C:\WINNT\system32\wdfmgr.exe (Microsoft Corporation)
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe ()
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe (NVIDIA Corporation)
C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
C:\WINNT\system32\rundll32.exe (Microsoft Corporation)
C:\WINNT\system32\drwtsn32.exe (Microsoft Corporation)
C:\WINNT\system32\drwtsn32.exe (Microsoft Corporation)
C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
C:\Documents and Settings\Administrator\Desktop\OTListIt22.exe (OldTimer Tools)
C:\WINNT\notepad.exe (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (Adobe LM Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINNT\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (ForceWare Intelligent Application Manager (IAM) [Auto | Running]) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe ()
SRV - (ForcewareWebInterface [Auto | Running]) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe (Apache Software Foundation)
SRV - (helpsvc [Auto | Running]) -- C:\WINNT\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (IJPLMSVC [Auto | Running]) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (mcmscsvc [Auto | Running]) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McNASvc [Auto | Running]) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (McODS [On_Demand | Stopped]) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McProxy [Auto | Running]) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McShield [Unknown | Running]) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon [On_Demand | Running]) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (MpfService [On_Demand | Running]) -- C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (nSvcIp [Auto | Running]) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe (NVIDIA Corporation)
SRV - (nSvcLog [Auto | Running]) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe (NVIDIA Corporation)
SRV - (NVSvc [Auto | Running]) -- C:\WINNT\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PnkBstrA [Auto | Running]) -- C:\WINNT\system32\PnkBstrA.exe ()
SRV - (RichVideo [Auto | Running]) -- C:\Program Files\CyberLink\Shared files\RichVideo.exe ()
SRV - (UMWdf [Auto | Running]) -- C:\WINNT\system32\wdfmgr.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (ADIHdAudAddService [On_Demand | Running]) -- C:\WINNT\system32\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV - (AEAudio [On_Demand | Running]) -- C:\WINNT\system32\drivers\aeaudio.sys (Andrea Electronics Corporation)
DRV - (AnyDVD [On_Demand | Running]) -- C:\WINNT\system32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (AsIO [System | Running]) -- C:\WINNT\system32\drivers\AsIO.sys ()
DRV - (ElbyCDIO [System | Running]) -- C:\WINNT\system32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (ElbyDelay [On_Demand | Running]) -- C:\WINNT\system32\drivers\ElbyDelay.sys (Elaborate Bytes AG)
DRV - (Eplpdx02 [On_Demand | Running]) -- C:\WINNT\system32\drivers\EPLPDX02.SYS (MK Systems CO., LTD.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINNT\system32\drivers\Hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (kbdhid [System | Stopped]) -- C:\WINNT\system32\drivers\kbdhid.sys (Microsoft Corporation)
DRV - (mfeavfk [On_Demand | Running]) -- C:\WINNT\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfebopk [On_Demand | Running]) -- C:\WINNT\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfehidk [System | Running]) -- C:\WINNT\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mferkdk [On_Demand | Running]) -- C:\WINNT\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (mfesmfk [On_Demand | Running]) -- C:\WINNT\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (MPFP [System | Running]) -- C:\WINNT\system32\drivers\Mpfp.sys (McAfee, Inc.)
DRV - (MTsensor [On_Demand | Running]) -- C:\WINNT\system32\drivers\ASACPI.sys ()
DRV - (nv [On_Demand | Running]) -- C:\WINNT\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (nvata [Boot | Running]) -- C:\WINNT\system32\drivers\nvata.sys (NVIDIA Corporation)
DRV - (NVENETFD [On_Demand | Running]) -- C:\WINNT\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (nvnetbus [On_Demand | Running]) -- C:\WINNT\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVTCP [System | Running]) -- C:\WINNT\system32\drivers\nvtcp.sys (NVIDIA Corporation)
DRV - (pfc [On_Demand | Running]) -- C:\WINNT\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINNT\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINNT\system32\drivers\PxHelp20.sys (Sonic Solutions)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINNT\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SenFiltService [On_Demand | Running]) -- C:\WINNT\system32\drivers\senfilt.sys (Sensaura)
DRV - (unafgbza [Boot | Stopped]) -- C:\WINNT\unafgbza ()
DRV - (WS2IFSL [System | Running]) -- C:\WINNT\system32\drivers\ws2ifsl.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: (734 bytes) - C:\WINNT\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {2556DCDC-DFA0-46E8-A8D1-42C6FC088265} - Reg Error: Key error. File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {62E34F4B-39C1-4389-93E2-D98B4F1525A6} - Reg Error: Key error. File not found
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINNT\system32\jkkHXPIY.dll ()
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {B52915A9-6403-4C82-9041-4C0BDC5BBF6E} - C:\WINNT\system32\pmnlmjIx.dll (Adobe Systems Incorporated)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" (Adobe Systems Inc.)
O4 - HKLM..\Run: [Ai Nap] "C:\Program Files\ASUS\AI Nap\AiNap.exe" ()
O4 - HKLM..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.14\AsRunHelp.exe ()
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon (CANON INC.)
O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" ()
O4 - HKLM..\Run: [Launch Ai Booster] "C:\Program Files\ASUS\AI Booster\OverClk.exe" ()
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install ()
O4 - HKLM..\Run: [Pvalekawep] rundll32.exe "C:\WINNT\azimatoyaqogun.dll",e ()
O4 - HKLM..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" (Cyberlink Corp.)
O4 - HKLM..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Vnoduyas] rundll32.exe "C:\WINNT\Rxivu.dll",e File not found
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKCU..\Run: [Antispyware] C:\Program Files\Antispyware\Antispyware.exe -boot File not found
O4 - HKCU..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINNT\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries0000000001 - C:\WINNT\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries0000000002 - C:\WINNT\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries0000000003 - C:\WINNT\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries0000000004 - C:\WINNT\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries0000000005 - C:\WINNT\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries0000000006 - C:\WINNT\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries0000000007 - C:\WINNT\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries0000000008 - C:\WINNT\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries0000000009 - C:\WINNT\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries0000000010 - C:\WINNT\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries0000000011 - C:\WINNT\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries0000000012 - C:\WINNT\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries0000000013 - C:\WINNT\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries0000000014 - C:\WINNT\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries0000000015 - C:\WINNT\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries0000000016 - C:\WINNT\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries0000000017 - C:\WINNT\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries0000000018 - C:\WINNT\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries0000000019 - C:\WINNT\system32\nvappfilter.dll (NVIDIA)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINNT\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ippx00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaippx00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - Winlogon\Notify\jkkHXPIY: DllName - jkkHXPIY.dll - C:\WINNT\system32\jkkHXPIY.dll ()
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINNT\system32\jkkHXPIY.dll ()
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (C:\WINNT\system32\pmnlmjIx) - C:\WINNT\system32\pmnlmjIx.dll (Adobe Systems Incorporated)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[5 C:\WINNT\*.tmp files]
[2009/02/05 14:21:05 | 00,489,472 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTListIt22.exe
[2009/02/05 13:12:31 | 00,000,550 | -HS- | C] () -- C:\WINNT\System32\xIjmlnmp.ini2
[2009/02/04 10:28:18 | 00,000,148 | ---- | C] () -- C:\WINNT\wininit.ini
[2009/02/03 22:29:53 | 00,000,000 | ---D | C] -- C:\WINNT\pss
[2009/02/03 21:42:59 | 00,035,328 | ---- | C] () -- C:\WINNT\System32\iifedccD.dll
[2009/02/03 17:57:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Hijackthis
[2009/02/02 17:32:27 | 00,289,144 | ---- | C] (S!Ri) -- C:\WINNT\System32\VCCLSID.exe
[2009/02/02 17:32:27 | 00,288,417 | ---- | C] (S!Ri) -- C:\WINNT\System32\SrchSTS.exe
[2009/02/02 17:32:27 | 00,135,168 | ---- | C] (SteelWerX) -- C:\WINNT\System32\swreg.exe
[2009/02/02 17:32:27 | 00,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINNT\System32\VACFix.exe
[2009/02/02 17:32:27 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINNT\System32\IEDFix.exe
[2009/02/02 17:32:27 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINNT\System32\IEDFix.C.exe
[2009/02/02 17:32:27 | 00,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINNT\System32\404Fix.exe
[2009/02/02 17:32:27 | 00,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINNT\System32\o4Patch.exe
[2009/02/02 17:32:27 | 00,079,360 | ---- | C] (SteelWerX) -- C:\WINNT\System32\swxcacls.exe
[2009/02/02 17:32:27 | 00,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINNT\System32\Agent.OMZ.Fix.exe
[2009/02/02 17:32:27 | 00,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINNT\System32\Process.exe
[2009/02/02 17:32:27 | 00,051,200 | ---- | C] () -- C:\WINNT\System32\dumphive.exe
[2009/02/02 17:32:27 | 00,040,960 | ---- | C] () -- C:\WINNT\System32\swsc.exe
[2009/02/02 17:32:27 | 00,025,600 | ---- | C] () -- C:\WINNT\System32\WS2Fix.exe
[2009/02/02 17:32:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\SmitfraudFix
[2009/02/02 17:30:29 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[2009/02/02 17:30:29 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/02/01 01:57:32 | 00,000,004 | ---- | C] () -- C:\WINNT\unafgbza
[2009/02/01 01:15:25 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/02/01 01:07:52 | 00,001,096 | ---- | C] () -- C:\WINNT\iphtfalj
[2009/02/01 01:07:52 | 00,000,550 | -HS- | C] () -- C:\WINNT\System32\xIjmlnmp.ini
[2009/01/31 22:04:29 | 00,000,372 | -HS- | C] () -- C:\WINNT\System32\poVvDJlm.ini
[2009/01/31 21:26:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\{91AAB759-1608-4085-8669-1B4F437E0300}
[2009/01/31 21:26:22 | 00,134,144 | ---- | C] () -- C:\WINNT\azimatoyaqogun.dll
[2009/01/31 20:59:26 | 00,001,347 | ---- | C] () -- C:\WINNT\System32\ahtn.htm
[2009/01/31 20:59:25 | 00,004,785 | ---- | C] () -- C:\WINNT\System32\warning.gif
[2009/01/31 20:59:22 | 00,000,491 | ---- | C] () -- C:\WINNT\System32\win32hlp.cnf
[2009/01/31 20:59:14 | 00,000,001 | ---- | C] () -- C:\WINNT\System32\test.ttt
[2009/01/31 20:59:11 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\frmwrk32.exe
[2009/01/31 20:59:09 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\998.exe
[2009/01/31 20:57:55 | 00,000,372 | -HS- | C] () -- C:\WINNT\System32\fNmlTvut.ini
[2009/01/31 20:52:49 | 00,000,324 | ---- | C] () -- C:\WINNT\tasks\flpnmvmt.job
[2009/01/31 20:52:44 | 00,048,640 | ---- | C] () -- C:\WINNT\System32\jkkHXPIY.dll
[2009/01/31 20:52:42 | 00,044,824 | ---- | C] () -- C:\WINNT\System32\prunnet.exe
[2009/01/29 15:02:38 | 00,103,488 | ---- | C] (SlySoft, Inc.) -- C:\WINNT\System32\drivers\AnyDVD.sys
[2009/01/29 14:57:58 | 00,023,976 | ---- | C] (Elaborate Bytes AG) -- C:\WINNT\System32\drivers\ElbyCDIO.sys
[2009/01/29 13:54:59 | 00,089,256 | ---- | C] (Elaborate Bytes AG) -- C:\WINNT\System32\ElbyCDIO.dll
[2009/01/22 17:28:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\HotRod.English.DVDRIP.DIVX.EvilSnowmen.2007
[2009/01/22 17:28:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Babylon A.D (2008) DIVX Unrated DVDRIP

========== Files - Modified Within 30 Days ==========

[1 C:\WINNT\System32\*.tmp files]
[5 C:\WINNT\*.tmp files]
[2009/02/05 17:39:46 | 00,000,550 | -HS- | M] () -- C:\WINNT\System32\xIjmlnmp.ini
[2009/02/05 17:37:59 | 00,000,550 | -HS- | M] () -- C:\WINNT\System32\xIjmlnmp.ini2
[2009/02/05 14:21:08 | 00,489,472 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTListIt22.exe
[2009/02/05 13:17:15 | 00,000,083 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2009/02/05 00:00:00 | 00,000,324 | ---- | M] () -- C:\WINNT\tasks\flpnmvmt.job
[2009/02/04 23:52:22 | 00,008,999 | ---- | M] () -- C:\WINNT\System32\Config.MPF
[2009/02/04 23:50:08 | 00,002,331 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2009/02/04 23:50:03 | 00,000,006 | -H-- | M] () -- C:\WINNT\tasks\SA.DAT
[2009/02/04 23:49:58 | 00,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat
[2009/02/04 23:49:07 | 00,000,004 | ---- | M] () -- C:\WINNT\unafgbza
[2009/02/04 23:11:10 | 00,002,577 | ---- | M] () -- C:\WINNT\System32\CONFIG.NT
[2009/02/04 22:53:58 | 04,322,642 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2009/02/04 10:28:18 | 00,000,148 | ---- | M] () -- C:\WINNT\wininit.ini
[2009/02/03 23:00:25 | 00,000,612 | ---- | M] () -- C:\WINNT\win.ini
[2009/02/03 23:00:25 | 00,000,227 | ---- | M] () -- C:\WINNT\system.ini
[2009/02/03 23:00:25 | 00,000,207 | RHS- | M] () -- C:\boot.ini
[2009/02/03 21:42:59 | 00,035,328 | ---- | M] () -- C:\WINNT\System32\iifedccD.dll
[2009/02/02 17:30:29 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[2009/02/01 01:16:51 | 00,001,096 | ---- | M] () -- C:\WINNT\iphtfalj
[2009/02/01 01:02:37 | 00,000,491 | ---- | M] () -- C:\WINNT\System32\win32hlp.cnf
[2009/01/31 23:40:01 | 00,004,785 | ---- | M] () -- C:\WINNT\System32\warning.gif
[2009/01/31 23:40:01 | 00,001,347 | ---- | M] () -- C:\WINNT\System32\ahtn.htm
[2009/01/31 22:05:19 | 00,000,000 | ---- | M] () -- C:\WINNT\MEMORY.DMP
[2009/01/31 22:04:29 | 00,000,372 | -HS- | M] () -- C:\WINNT\System32\poVvDJlm.ini
[2009/01/31 21:26:24 | 00,134,144 | ---- | M] () -- C:\WINNT\azimatoyaqogun.dll
[2009/01/31 20:59:14 | 00,000,001 | ---- | M] () -- C:\WINNT\System32\test.ttt
[2009/01/31 20:59:11 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINNT\System32\frmwrk32.exe
[2009/01/31 20:59:11 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINNT\System32\998.exe
[2009/01/31 20:58:46 | 00,002,206 | ---- | M] () -- C:\WINNT\System32\wpa.dbl
[2009/01/31 20:57:55 | 00,000,372 | -HS- | M] () -- C:\WINNT\System32\fNmlTvut.ini
[2009/01/31 20:52:46 | 00,048,640 | ---- | M] () -- C:\WINNT\System32\jkkHXPIY.dll
[2009/01/31 20:52:42 | 00,044,824 | ---- | M] () -- C:\WINNT\System32\prunnet.exe
[2009/01/31 15:05:19 | 00,000,754 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AnyDVD.lnk
[2009/01/29 15:02:38 | 00,103,488 | ---- | M] (SlySoft, Inc.) -- C:\WINNT\System32\drivers\AnyDVD.sys
[2009/01/29 14:57:58 | 00,023,976 | ---- | M] (Elaborate Bytes AG) -- C:\WINNT\System32\drivers\ElbyCDIO.sys
[2009/01/29 13:54:59 | 00,089,256 | ---- | M] (Elaborate Bytes AG) -- C:\WINNT\System32\ElbyCDIO.dll
[2009/01/21 18:11:54 | 00,035,328 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/15 01:10:36 | 00,000,352 | ---- | M] () -- C:\WINNT\tasks\McDefragTask.job
[2009/01/12 13:32:13 | 00,138,464 | ---- | M] () -- C:\WINNT\System32\drivers\PnkBstrK.sys
[2009/01/12 13:32:06 | 00,111,928 | ---- | M] () -- C:\WINNT\System32\PnkBstrB.exe
[2009/01/09 17:35:30 | 20,853,704 | ---- | M] (Microsoft Corporation) -- C:\WINNT\System32\MRT.exe

========== LOP Check ==========

[2008/12/28 21:57:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data
[2008/04/11 11:03:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ACD Systems
[2008/04/09 23:06:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2008/04/11 10:54:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AdobeUM
[2008/10/09 13:34:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Antispyware
[2008/04/27 23:22:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Command & Conquer 3 Kane's Wrath
[2008/05/25 22:40:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\CyberLink
[2008/04/11 11:14:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Elaborate Bytes
[2008/04/09 22:21:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2008/07/01 12:43:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InstallShield
[2008/04/13 14:52:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
[2008/10/07 23:55:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\LimeWire
[2008/04/09 23:06:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2008/12/23 19:47:21 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2008/07/02 13:38:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Petroglyph
[2008/11/11 19:19:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Red Alert 3
[2008/07/01 12:50:16 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Administrator\Application Data\SecuROM
[2008/05/03 13:20:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sun
[2008/10/30 23:32:39 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/04/11 11:03:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2008/04/11 10:59:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2008/04/09 22:44:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe Systems
[2008/04/13 14:56:39 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/01/08 15:00:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
[2008/04/11 11:05:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2008/04/11 11:22:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
[2009/01/05 23:12:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2008/07/03 02:11:02 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/01/14 12:33:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2008/04/09 22:55:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2008/08/29 13:21:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2008/10/09 13:37:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2001/08/22 05:00:00 | 00,000,065 | RH-- | M] () -- C:\WINNT\Tasks\desktop.ini
[2009/02/05 00:00:00 | 00,000,324 | ---- | M] () -- C:\WINNT\Tasks\flpnmvmt.job
[2009/01/15 01:10:36 | 00,000,352 | ---- | M] () -- C:\WINNT\Tasks\McDefragTask.job
[2009/01/05 23:10:27 | 00,000,348 | ---- | M] () -- C:\WINNT\Tasks\McQcTask.job
[2009/02/04 23:50:03 | 00,000,006 | -H-- | M] () -- C:\WINNT\Tasks\SA.DAT

========== Purity Check ==========


========== Alternate Data Streams ==========

@Alternate Data Stream - 0 bytes -> %UserProfile%\My Documents\Thumbs.db:encryptable
< End of report >

OTListIt Extras logfile created on: 2/5/2009 5:39:38 PM - Run 7
OTListIt2 by OldTimer - Version 2.0.0.6 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 216.71 Gb Free Space | 93.06% Space Free | Partition Type: NTFS
Drive D: | 596.17 Gb Total Space | 459.95 Gb Free Space | 77.15% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LINK
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINNT\hh.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\WINNT\system32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINNT\system32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINNT\system32\notepad.exe (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINNT\system32\notepad.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\WINNT\system32\wscript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINNT\system32\wscript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\WINNT\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\WINNT\system32\notepad.exe (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINNT\system32\wscript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINNT\system32\wscript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINNT\system32\wscript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINNT\system32\wscript.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook (Microsoft Corporation)
C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove (Microsoft Corporation)
C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote (Microsoft Corporation)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\WINNT\system32\PnkBstrA.exe:*:Enabled:PnkBstrA ()
C:\WINNT\system32\PnkBstrB.exe:*:Enabled:PnkBstrB ()
C:\WINNT\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test (Microsoft Corporation)
C:\WINNT\system32\rundll32.exe:*:Enabled:Run a DLL as an App (Microsoft Corporation)
D:\COD4\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™ ()
C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire (Lime Wire, LLC)
D:\WORLD IN CONFLICT\wic.exe:*:Enabled:World in Conflict (Massive Entertainment AB)
D:\WORLD IN CONFLICT\wic_online.exe:*:Enabled:World in Conflict - Online Only (Massive Entertainment AB)
D:\WORLD IN CONFLICT\wic_ds.exe:*:Enabled:World in Conflict - Dedicated Server ()
D:\Star Wars EAW\GameData\sweaw.exe:*:Enabled:Star Wars: Empire at War (Lucasfilm Entertainment Company, Ltd.)
D:\Star Wars EAW\swfoc.exe:*:Enabled:Star Wars™: Empire at War™: Forces of Corruption™ (Lucasfilm Entertainment Company, Ltd.)
D:\Spider Man\image\pc\Spider-Man Web of Shadows.exe:*:Enabled:Spider-Man™ - Web of Shadows (Activision, Inc.)
D:\CoDWaW\CoDWaWmp.exe:*:Enabled:Call of Duty® - World at War™ (Activision Blizzard, Inc.)
D:\CoDWaW\CoDWaW.exe:*:Enabled:Call of Duty® - World at War™ (Activision Blizzard, Inc.)
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent (McAfee, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{10C69612-017B-45F5-B986-7D113D5A2EA3}" = MSN Toolbar
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP1800_series" = Canon iP1800 series
"{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Red Alert™ 3
"{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1
"{2FC099BD-AC9B-33EB-809C-D332E1B27C40}" = Microsoft .NET Framework 3.5
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = AsusUpdate
"{6592FDEC-2C1A-413A-9985-25FEC2F0848D}" = Star Wars Empire at War Forces of Corruption
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74BF0A46-DF67-4D86-B038-BF0E51871B66}" = AI Booster
"{7F7E4FA7-6F32-4DE2-917E-361E034AED7A}" = Spider-Man™ - Web of Shadows
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
"{A31289C6-04EF-4437-A35B-7CC96167145C}" = Leisure Suit Larry - Magna Cum Laude
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{CC2422C9-F7B5-4175-B295-5EC2283AA674}" = Command & Conquer™ 3: Kane's Wrath
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty® - World at War™
"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3
"{E2216699-EA02-4B85-BAB1-1DF34C4BDF9D}" = AI Nap
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F11ADC64-C89E-47F4-A0B3-3665FF859397}" = World in Conflict
"{F99F74B4-972B-4B06-B893-6B3B0DB0128B}" = ACDSee Pro
"Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.0.7 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AnyDVD" = AnyDVD
"AVI Movie Player" = AVI Movie Player
"Canon iP1800 series User Registration" = Canon iP1800 series User Registration
"CANONIJPLM100" = PIXMA Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CloneDVD2" = CloneDVD2
"CloneDVDmobile" = CloneDVDmobile
"DFX for Winamp" = DFX for Winamp
"Easy-LayoutPrint" = Canon Utilities Easy-LayoutPrint
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"InstallShield_{7F7E4FA7-6F32-4DE2-917E-361E034AED7A}" = Spider-Man™ - Web of Shadows
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"InstallShield_{A31289C6-04EF-4437-A35B-7CC96167145C}" = Leisure Suit Larry - Magna Cum Laude
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty® - World at War™
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"LimeWire" = LimeWire 4.16.7
"Microsoft .NET Framework 3.5" = Microsoft .NET Framework 3.5
"MSC" = McAfee SecurityCenter
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PunkBusterSvc" = PunkBuster Services
"Uninstall_is1" = Uninstall 1.0.0.1
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/3/2009 10:02:53 PM | Computer Name = LINK | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16762, faulting
module unknown, version 0.0.0.0, fault address 0x02061b02.

Error - 2/4/2009 4:39:21 AM | Computer Name = LINK | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16762, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/4/2009 4:39:25 AM | Computer Name = LINK | Source = Application Hang | ID = 1001
Description = Fault bucket 1015682910.

Error - 2/4/2009 3:38:39 PM | Computer Name = LINK | Source = Application Hang | ID = 1002
Description = Hanging application TeaTimer.exe, version 1.6.0.20, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/4/2009 3:57:13 PM | Computer Name = LINK | Source = Application Hang | ID = 1002
Description = Hanging application CloneDVD2.exe, version 2.9.2.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/4/2009 9:57:08 PM | Computer Name = LINK | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16762, faulting
module ntdll.dll, version 5.1.2600.5512, fault address 0x00002458.

Error - 2/5/2009 4:21:17 PM | Computer Name = LINK | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16762, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

Error - 2/5/2009 4:21:22 PM | Computer Name = LINK | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 2/5/2009 4:21:44 PM | Computer Name = LINK | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16762, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/5/2009 5:11:46 PM | Computer Name = LINK | Source = Application Hang | ID = 1002
Description = Hanging application TeaTimer.exe, version 1.6.0.20, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 2/5/2009 7:50:16 PM | Computer Name = LINK | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 2/5/2009 8:02:44 PM | Computer Name = LINK | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 2/5/2009 8:09:46 PM | Computer Name = LINK | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 2/5/2009 8:22:14 PM | Computer Name = LINK | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 2/5/2009 8:29:16 PM | Computer Name = LINK | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 2/5/2009 8:41:44 PM | Computer Name = LINK | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 2/5/2009 8:48:46 PM | Computer Name = LINK | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 2/5/2009 9:01:14 PM | Computer Name = LINK | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 2/5/2009 9:08:16 PM | Computer Name = LINK | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 2/5/2009 9:20:44 PM | Computer Name = LINK | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.


< End of report >

hello


Run OTList2.exe

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  CODE
  :OTLI
  DRV - (unafgbza [Boot | Stopped]) -- C:\WINNT\unafgbza ()
  O2 - BHO: (no name) - {2556DCDC-DFA0-46E8-A8D1-42C6FC088265} - Reg Error: Key error. File not found
  O2 - BHO: (no name) - {62E34F4B-39C1-4389-93E2-D98B4F1525A6} - Reg Error: Key error. File not found
  O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINNT\system32\jkkHXPIY.dll ()
  O2 - BHO: (no name) - {B52915A9-6403-4C82-9041-4C0BDC5BBF6E} - C:\WINNT\system32\pmnlmjIx.dll (Adobe Systems Incorporated)
  O4 - HKLM..\Run: [] File not found
  O4 - HKLM..\Run: [Pvalekawep] rundll32.exe "C:\WINNT\azimatoyaqogun.dll",e ()
  O4 - HKLM..\Run: [Vnoduyas] rundll32.exe "C:\WINNT\Rxivu.dll",e File not found
  O20 - Winlogon\Notify\jkkHXPIY: DllName - jkkHXPIY.dll - C:\WINNT\system32\jkkHXPIY.dll ()
  O30 - LSA: Authentication Packages - (C:\WINNT\system32\pmnlmjIx) - C:\WINNT\system32\pmnlmjIx.dll (Adobe Systems Incorporated)
  [2009/02/05 13:12:31 | 00,000,550 | -HS- | C] () -- C:\WINNT\System32\xIjmlnmp.ini2
  [2009/02/03 21:42:59 | 00,035,328 | ---- | C] () -- C:\WINNT\System32\iifedccD.dll
  [2009/02/02 17:32:27 | 00,289,144 | ---- | C] (S!Ri) -- C:\WINNT\System32\VCCLSID.exe
  [2009/02/02 17:32:27 | 00,288,417 | ---- | C] (S!Ri) -- C:\WINNT\System32\SrchSTS.exe
  [2009/02/02 17:32:27 | 00,135,168 | ---- | C] (SteelWerX) -- C:\WINNT\System32\swreg.exe
  [2009/02/02 17:32:27 | 00,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINNT\System32\VACFix.exe
  [2009/02/02 17:32:27 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINNT\System32\IEDFix.exe
  [2009/02/02 17:32:27 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINNT\System32\IEDFix.C.exe
  [2009/02/02 17:32:27 | 00,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINNT\System32\404Fix.exe
  [2009/02/02 17:32:27 | 00,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINNT\System32\o4Patch.exe
  [2009/02/02 17:32:27 | 00,079,360 | ---- | C] (SteelWerX) -- C:\WINNT\System32\swxcacls.exe
  [2009/02/02 17:32:27 | 00,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINNT\System32\Agent.OMZ.Fix.exe
  [2009/02/02 17:32:27 | 00,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINNT\System32\Process.exe
  [2009/02/02 17:32:27 | 00,051,200 | ---- | C] () -- C:\WINNT\System32\dumphive.exe
  [2009/02/02 17:32:27 | 00,040,960 | ---- | C] () -- C:\WINNT\System32\swsc.exe
  [2009/02/02 17:32:27 | 00,025,600 | ---- | C] () -- C:\WINNT\System32\WS2Fix.exe
  [2009/02/02 17:32:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\SmitfraudFix
  [2009/02/01 01:57:32 | 00,000,004 | ---- | C] () -- C:\WINNT\unafgbza
  [2009/02/01 01:07:52 | 00,001,096 | ---- | C] () -- C:\WINNT\iphtfalj
  [2009/02/01 01:07:52 | 00,000,550 | -HS- | C] () -- C:\WINNT\System32\xIjmlnmp.ini
  [2009/01/31 22:04:29 | 00,000,372 | -HS- | C] () -- C:\WINNT\System32\poVvDJlm.ini
  [2009/01/31 21:26:22 | 00,134,144 | ---- | C] () -- C:\WINNT\azimatoyaqogun.dll
  [2009/01/31 20:59:26 | 00,001,347 | ---- | C] () -- C:\WINNT\System32\ahtn.htm
  [2009/01/31 20:59:25 | 00,004,785 | ---- | C] () -- C:\WINNT\System32\warning.gif
  [2009/01/31 20:59:22 | 00,000,491 | ---- | C] () -- C:\WINNT\System32\win32hlp.cnf
  [2009/01/31 20:59:14 | 00,000,001 | ---- | C] () -- C:\WINNT\System32\test.ttt
  [2009/01/31 20:59:11 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\frmwrk32.exe
  [2009/01/31 20:59:09 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\998.exe
  [2009/01/31 20:57:55 | 00,000,372 | -HS- | C] () -- C:\WINNT\System32\fNmlTvut.ini
  [2009/01/31 20:52:49 | 00,000,324 | ---- | C] () -- C:\WINNT\tasks\flpnmvmt.job
  [2009/01/31 20:52:44 | 00,048,640 | ---- | C] () -- C:\WINNT\System32\jkkHXPIY.dll
  [2009/01/31 20:52:42 | 00,044,824 | ---- | C] () -- C:\WINNT\System32\prunnet.exe
  [2009/02/05 00:00:00 | 00,000,324 | ---- | M] () -- C:\WINNT\Tasks\flpnmvmt.job
  
  
  :Services
  
  :Reg
  
  :Files
  
  :Commands
  [purity]
  [emptytemp]
  [start explorer]
  [Reboot]
• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done
• Then post a new OTL2 log ( don't check the boxes beside LOP Check or Purity this time )

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2

• Double-click GooredFix.exe to run it.
• Select 1. Find Goored (no fix) by typing 1 and pressing Enter.
• A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).

Note: Do not run Option #2 yet.

GooredFix v1.83 by jpshortstuff
Log created at 15:18 on 06/02/2009 running Option #1 (Administrator)
Firefox version [Unable to determine]

=====Suspect Goored Entries=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{91AAB759-1608-4085-8669-1B4F437E0300}"="C:\Documents and Settings\Administrator\Local

Settings\Application Data\{91AAB759-1608-4085-8669-1B4F437E0300}"

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{91AAB759-1608-4085-8669-1B4F437E0300}"="C:\Documents and Settings\Administrator\Local

Settings\Application Data\{91AAB759-1608-4085-8669-1B4F437E0300}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"


OTListIt Extras logfile created on: 2/6/2009 3:07:18 PM - Run 11
OTListIt2 by OldTimer - Version 2.0.0.6 Folder = C:\Documents and

Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 216.70 Gb Free Space | 93.05% Space Free | Partition

Type: NTFS
Drive D: | 596.17 Gb Total Space | 459.95 Gb Free Space | 77.15% Space Free | Partition

Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LINK
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINNT\hh.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\WINNT\system32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINNT\system32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft

Corporation)
.inf [@ = inffile] -- C:\WINNT\system32\notepad.exe (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINNT\system32\notepad.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\WINNT\system32\wscript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINNT\system32\wscript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\WINNT\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\WINNT\system32\notepad.exe (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINNT\system32\wscript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINNT\system32\wscript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINNT\system32\wscript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINNT\system32\wscript.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\

StandardProfile
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy

\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy

\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy

\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft

Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy

\StandardProfile\AuthorizedApplications\List]
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook

(Microsoft Corporation)
C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove

(Microsoft Corporation)
C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote

(Microsoft Corporation)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft

Corporation)
C:\WINNT\system32\PnkBstrA.exe:*:Enabled:PnkBstrA ()
C:\WINNT\system32\PnkBstrB.exe:*:Enabled:PnkBstrB ()
C:\WINNT\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test (Microsoft

Corporation)
C:\WINNT\system32\rundll32.exe:*:Enabled:Run a DLL as an App (Microsoft Corporation)
D:\COD4\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™ ()
C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire (Lime Wire, LLC)
D:\WORLD IN CONFLICT\wic.exe:*:Enabled:World in Conflict (Massive Entertainment AB)
D:\WORLD IN CONFLICT\wic_online.exe:*:Enabled:World in Conflict - Online Only (Massive

Entertainment AB)
D:\WORLD IN CONFLICT\wic_ds.exe:*:Enabled:World in Conflict - Dedicated Server ()
D:\Star Wars EAW\GameData\sweaw.exe:*:Enabled:Star Wars: Empire at War (Lucasfilm

Entertainment Company, Ltd.)
D:\Star Wars EAW\swfoc.exe:*:Enabled:Star Wars™: Empire at War™: Forces of

Corruption™ (Lucasfilm Entertainment Company, Ltd.)
D:\Spider Man\image\pc\Spider-Man Web of Shadows.exe:*:Enabled:Spider-Man™ - Web of

Shadows (Activision, Inc.)
D:\CoDWaW\CoDWaWmp.exe:*:Enabled:Call of Duty® - World at War™ (Activision Blizzard,

Inc.)
D:\CoDWaW\CoDWaW.exe:*:Enabled:Call of Duty® - World at War™ (Activision Blizzard,

Inc.)
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent (McAfee,

Inc.)


OTListIt logfile created on: 2/6/2009 3:07:18 PM - Run 11
OTListIt2 by OldTimer - Version 2.0.0.6 Folder = C:\Documents and

Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 216.70 Gb Free Space | 93.05% Space Free | Partition

Type: NTFS
Drive D: | 596.17 Gb Total Space | 459.95 Gb Free Space | 77.15% Space Free | Partition

Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LINK
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe

(Apache Software Foundation)
C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe

(Apache Software Foundation)
c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe (NVIDIA

Corporation)
C:\WINNT\system32\nvsvc32.exe (NVIDIA Corporation)
C:\WINNT\system32\PnkBstrA.exe ()
C:\Program Files\CyberLink\Shared files\RichVideo.exe ()
C:\WINNT\system32\wdfmgr.exe (Microsoft Corporation)
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe ()
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe (NVIDIA Corporation)
c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
C:\WINNT\system32\rundll32.exe (Microsoft Corporation)
C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
C:\Program Files\Analog Devices\SoundMAX\SMax4.exe (Analog Devices, Inc.)
C:\Program Files\ASUS\AI Nap\AiNap.exe ()
C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe (Adobe Systems Inc.)
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
C:\Program Files\Winamp\winampa.exe ()
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
C:\Documents and Settings\Administrator\Desktop\OTListIt22.exe (OldTimer Tools)
C:\WINNT\system32\wbem\wmiprvse.exe (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (Adobe LM Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Adobe

Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (aspnet_state [On_Demand | Stopped]) --

C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) --

C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) --

C:\WINNT\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (ForceWare Intelligent Application Manager (IAM) [Auto | Running]) -- C:\Program

Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe ()
SRV - (ForcewareWebInterface [Auto | Running]) -- C:\Program Files\NVIDIA

Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe (Apache Software

Foundation)
SRV - (helpsvc [Auto | Running]) -- C:\WINNT\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft

Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINNT\Microsoft.NET\Framework\v3.0\Windows

Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (IJPLMSVC [Auto | Running]) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe

(Sun Microsystems, Inc.)
SRV - (mcmscsvc [Auto | Running]) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McNASvc [Auto | Running]) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe

(McAfee, Inc.)
SRV - (McODS [On_Demand | Stopped]) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee,

Inc.)
SRV - (McProxy [Auto | Running]) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe

(McAfee, Inc.)
SRV - (McShield [Unknown | Running]) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe

(McAfee, Inc.)
SRV - (McSysmon [On_Demand | Running]) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe

(McAfee, Inc.)
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program

Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (MpfService [On_Demand | Running]) -- C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee,

Inc.)
SRV - (NetTcpPortSharing [Disabled | Stopped]) --

C:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

(Microsoft Corporation)
SRV - (nSvcIp [Auto | Running]) -- C:\Program Files\NVIDIA

Corporation\NetworkAccessManager\bin\nSvcIp.exe (NVIDIA Corporation)
SRV - (nSvcLog [Auto | Running]) -- C:\Program Files\NVIDIA

Corporation\NetworkAccessManager\bin\nSvcLog.exe (NVIDIA Corporation)
SRV - (NVSvc [Auto | Running]) -- C:\WINNT\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft

Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source

Engine\OSE.EXE (Microsoft Corporation)
SRV - (PnkBstrA [Auto | Running]) -- C:\WINNT\system32\PnkBstrA.exe ()
SRV - (RichVideo [Auto | Running]) -- C:\Program Files\CyberLink\Shared files\RichVideo.exe

()
SRV - (UMWdf [Auto | Running]) -- C:\WINNT\system32\wdfmgr.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (ADIHdAudAddService [On_Demand | Running]) -- C:\WINNT\system32\drivers\ADIHdAud.sys

(Analog Devices, Inc.)
DRV - (AEAudio [On_Demand | Running]) -- C:\WINNT\system32\drivers\aeaudio.sys (Andrea

Electronics Corporation)
DRV - (AnyDVD [On_Demand | Running]) -- C:\WINNT\system32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (AsIO [System | Running]) -- C:\WINNT\system32\drivers\AsIO.sys ()
DRV - (ElbyCDIO [System | Running]) -- C:\WINNT\system32\drivers\ElbyCDIO.sys (Elaborate

Bytes AG)
DRV - (ElbyDelay [On_Demand | Running]) -- C:\WINNT\system32\drivers\ElbyDelay.sys

(Elaborate Bytes AG)
DRV - (Eplpdx02 [On_Demand | Running]) -- C:\WINNT\system32\drivers\EPLPDX02.SYS (MK Systems

CO., LTD.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINNT\system32\drivers\Hdaudbus.sys (Windows

® Server 2003 DDK provider)
DRV - (kbdhid [System | Stopped]) -- C:\WINNT\system32\drivers\kbdhid.sys (Microsoft

Corporation)
DRV - (mfeavfk [On_Demand | Running]) -- C:\WINNT\system32\drivers\mfeavfk.sys (McAfee,

Inc.)
DRV - (mfebopk [On_Demand | Running]) -- C:\WINNT\system32\drivers\mfebopk.sys (McAfee,

Inc.)
DRV - (mfehidk [System | Running]) -- C:\WINNT\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mferkdk [On_Demand | Stopped]) -- C:\WINNT\system32\drivers\mferkdk.sys (McAfee,

Inc.)
DRV - (mfesmfk [On_Demand | Running]) -- C:\WINNT\system32\drivers\mfesmfk.sys (McAfee,

Inc.)
DRV - (MPFP [System | Running]) -- C:\WINNT\system32\drivers\Mpfp.sys (McAfee, Inc.)
DRV - (MTsensor [On_Demand | Running]) -- C:\WINNT\system32\drivers\ASACPI.sys ()
DRV - (nv [On_Demand | Running]) -- C:\WINNT\system32\drivers\nv4_mini.sys (NVIDIA

Corporation)
DRV - (nvata [Boot | Running]) -- C:\WINNT\system32\drivers\nvata.sys (NVIDIA Corporation)
DRV - (NVENETFD [On_Demand | Running]) -- C:\WINNT\system32\drivers\NVENETFD.sys (NVIDIA

Corporation)
DRV - (nvnetbus [On_Demand | Running]) -- C:\WINNT\system32\drivers\nvnetbus.sys (NVIDIA

Corporation)
DRV - (NVTCP [System | Running]) -- C:\WINNT\system32\drivers\nvtcp.sys (NVIDIA Corporation)
DRV - (pfc [On_Demand | Running]) -- C:\WINNT\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINNT\system32\drivers\ptilink.sys (Parallel

Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINNT\system32\drivers\PxHelp20.sys (Sonic

Solutions)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINNT\system32\drivers\secdrv.sys (Macrovision

Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SenFiltService [On_Demand | Running]) -- C:\WINNT\system32\drivers\senfilt.sys

(Sensaura)
DRV - (WS2IFSL [System | Running]) -- C:\WINNT\system32\drivers\ws2ifsl.sys (Microsoft

Corporation)

========== Standard Registry (SafeList) ==========

Open notepad, click Format, uncheck wordwrap

Please double-click GooredFix.exe on your Desktop to run it.

• Select "2. Fix Goored" by typing 2 and pressing Enter.
• Make sure all instances of Firefox are closed at this point.
• Type y at the prompt and press Enter again.
• A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).

Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system. Please also allow any registry changes that may be prompted by any of your security programs.



Then post a new OTL2 log

OTListIt Extras logfile created on: 2/7/2009 11:13:05 AM - Run 12
OTListIt2 by OldTimer - Version 2.0.0.6 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 216.68 Gb Free Space | 93.05% Space Free | Partition Type: NTFS
Drive D: | 596.17 Gb Total Space | 459.95 Gb Free Space | 77.15% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LINK
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINNT\hh.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\WINNT\system32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINNT\system32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINNT\system32\notepad.exe (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINNT\system32\notepad.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\WINNT\system32\wscript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINNT\system32\wscript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\WINNT\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\WINNT\system32\notepad.exe (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINNT\system32\wscript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINNT\system32\wscript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINNT\system32\wscript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINNT\system32\wscript.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook (Microsoft Corporation)
C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove (Microsoft Corporation)
C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote (Microsoft Corporation)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\WINNT\system32\PnkBstrA.exe:*:Enabled:PnkBstrA ()
C:\WINNT\system32\PnkBstrB.exe:*:Enabled:PnkBstrB ()
C:\WINNT\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test (Microsoft Corporation)
C:\WINNT\system32\rundll32.exe:*:Enabled:Run a DLL as an App (Microsoft Corporation)
D:\COD4\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™ ()
C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire (Lime Wire, LLC)
D:\WORLD IN CONFLICT\wic.exe:*:Enabled:World in Conflict (Massive Entertainment AB)
D:\WORLD IN CONFLICT\wic_online.exe:*:Enabled:World in Conflict - Online Only (Massive Entertainment AB)
D:\WORLD IN CONFLICT\wic_ds.exe:*:Enabled:World in Conflict - Dedicated Server ()
D:\Star Wars EAW\GameData\sweaw.exe:*:Enabled:Star Wars: Empire at War (Lucasfilm Entertainment Company, Ltd.)
D:\Star Wars EAW\swfoc.exe:*:Enabled:Star Wars™: Empire at War™: Forces of Corruption™ (Lucasfilm Entertainment Company, Ltd.)
D:\Spider Man\image\pc\Spider-Man Web of Shadows.exe:*:Enabled:Spider-Man™ - Web of Shadows (Activision, Inc.)
D:\CoDWaW\CoDWaWmp.exe:*:Enabled:Call of Duty® - World at War™ (Activision Blizzard, Inc.)
D:\CoDWaW\CoDWaW.exe:*:Enabled:Call of Duty® - World at War™ (Activision Blizzard, Inc.)
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent (McAfee, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{10C69612-017B-45F5-B986-7D113D5A2EA3}" = MSN Toolbar
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP1800_series" = Canon iP1800 series
"{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Red Alert™ 3
"{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1
"{2FC099BD-AC9B-33EB-809C-D332E1B27C40}" = Microsoft .NET Framework 3.5
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = AsusUpdate
"{6592FDEC-2C1A-413A-9985-25FEC2F0848D}" = Star Wars Empire at War Forces of Corruption
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74BF0A46-DF67-4D86-B038-BF0E51871B66}" = AI Booster
"{7F7E4FA7-6F32-4DE2-917E-361E034AED7A}" = Spider-Man™ - Web of Shadows
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
"{A31289C6-04EF-4437-A35B-7CC96167145C}" = Leisure Suit Larry - Magna Cum Laude
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{CC2422C9-F7B5-4175-B295-5EC2283AA674}" = Command & Conquer™ 3: Kane's Wrath
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty® - World at War™
"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3
"{E2216699-EA02-4B85-BAB1-1DF34C4BDF9D}" = AI Nap
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F11ADC64-C89E-47F4-A0B3-3665FF859397}" = World in Conflict
"{F99F74B4-972B-4B06-B893-6B3B0DB0128B}" = ACDSee Pro
"Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.0.7 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AnyDVD" = AnyDVD
"AVI Movie Player" = AVI Movie Player
"Canon iP1800 series User Registration" = Canon iP1800 series User Registration
"CANONIJPLM100" = PIXMA Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CloneDVD2" = CloneDVD2
"CloneDVDmobile" = CloneDVDmobile
"DFX for Winamp" = DFX for Winamp
"Easy-LayoutPrint" = Canon Utilities Easy-LayoutPrint
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"InstallShield_{7F7E4FA7-6F32-4DE2-917E-361E034AED7A}" = Spider-Man™ - Web of Shadows
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"InstallShield_{A31289C6-04EF-4437-A35B-7CC96167145C}" = Leisure Suit Larry - Magna Cum Laude
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty® - World at War™
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"LimeWire" = LimeWire 4.16.7
"Microsoft .NET Framework 3.5" = Microsoft .NET Framework 3.5
"MSC" = McAfee SecurityCenter
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PunkBusterSvc" = PunkBuster Services
"Uninstall_is1" = Uninstall 1.0.0.1
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/5/2009 4:21:17 PM | Computer Name = LINK | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16762, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

Error - 2/5/2009 4:21:22 PM | Computer Name = LINK | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 2/5/2009 4:21:44 PM | Computer Name = LINK | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16762, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/5/2009 5:11:46 PM | Computer Name = LINK | Source = Application Hang | ID = 1002
Description = Hanging application TeaTimer.exe, version 1.6.0.20, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/6/2009 7:02:50 PM | Computer Name = LINK | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16762, faulting
module ntdll.dll, version 5.1.2600.5512, fault address 0x00010efe.

Error - 2/6/2009 7:03:03 PM | Computer Name = LINK | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16762, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/6/2009 7:09:24 PM | Computer Name = LINK | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16762, faulting
module ntdll.dll, version 5.1.2600.5512, fault address 0x00002476.

Error - 2/6/2009 7:09:45 PM | Computer Name = LINK | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 2/6/2009 7:20:12 PM | Computer Name = LINK | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16762, faulting
module ntdll.dll, version 5.1.2600.5512, fault address 0x00002458.

Error - 2/7/2009 3:23:48 AM | Computer Name = LINK | Source = Application Hang | ID = 1002
Description = Hanging application TeaTimer.exe, version 1.6.0.20, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 2/7/2009 1:27:58 PM | Computer Name = LINK | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 2/7/2009 1:47:28 PM | Computer Name = LINK | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 2/7/2009 1:47:28 PM | Computer Name = LINK | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 2/7/2009 2:06:58 PM | Computer Name = LINK | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 2/7/2009 2:06:58 PM | Computer Name = LINK | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 2/7/2009 2:26:28 PM | Computer Name = LINK | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 2/7/2009 2:26:28 PM | Computer Name = LINK | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 2/7/2009 2:45:58 PM | Computer Name = LINK | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 2/7/2009 2:45:58 PM | Computer Name = LINK | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 2/7/2009 3:05:28 PM | Computer Name = LINK | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.


< End of report >


OTListIt logfile created on: 2/7/2009 11:13:05 AM - Run 12
OTListIt2 by OldTimer - Version 2.0.0.6 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 216.68 Gb Free Space | 93.05% Space Free | Partition Type: NTFS
Drive D: | 596.17 Gb Total Space | 459.95 Gb Free Space | 77.15% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LINK
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

C:\WINNT\system32\rundll32.exe (Microsoft Corporation)
C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
C:\Program Files\Analog Devices\SoundMAX\SMax4.exe (Analog Devices, Inc.)
C:\Program Files\ASUS\AI Nap\AiNap.exe ()
C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe (Adobe Systems Inc.)
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
C:\Program Files\Winamp\winampa.exe ()
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe (Apache Software Foundation)
C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe (Apache Software Foundation)
c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe (NVIDIA Corporation)
C:\WINNT\system32\nvsvc32.exe (NVIDIA Corporation)
C:\WINNT\system32\PnkBstrA.exe ()
C:\Program Files\CyberLink\Shared files\RichVideo.exe ()
C:\WINNT\system32\wdfmgr.exe (Microsoft Corporation)
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe ()
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe (NVIDIA Corporation)
C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
c:\Program Files\McAfee\VirusScan\mcvsshld.exe (McAfee, Inc.)
c:\Program Files\McAfee\MSC\mcshell.exe (McAfee, Inc.)
C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
C:\WINNT\system32\notepad.exe (Microsoft Corporation)
C:\Documents and Settings\Administrator\Desktop\OTListIt22.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Adobe LM Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINNT\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (ForceWare Intelligent Application Manager (IAM) [Auto | Running]) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe ()
SRV - (ForcewareWebInterface [Auto | Running]) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe (Apache Software Foundation)
SRV - (helpsvc [Auto | Running]) -- C:\WINNT\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (IJPLMSVC [Auto | Running]) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (mcmscsvc [Auto | Running]) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McNASvc [Auto | Running]) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (McODS [On_Demand | Running]) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McProxy [Auto | Running]) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McShield [Unknown | Running]) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon [On_Demand | Running]) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (MpfService [On_Demand | Running]) -- C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (nSvcIp [Auto | Running]) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe (NVIDIA Corporation)
SRV - (nSvcLog [Auto | Running]) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe (NVIDIA Corporation)
SRV - (NVSvc [Auto | Running]) -- C:\WINNT\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PnkBstrA [Auto | Running]) -- C:\WINNT\system32\PnkBstrA.exe ()
SRV - (RichVideo [Auto | Running]) -- C:\Program Files\CyberLink\Shared files\RichVideo.exe ()
SRV - (UMWdf [Auto | Running]) -- C:\WINNT\system32\wdfmgr.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (ADIHdAudAddService [On_Demand | Running]) -- C:\WINNT\system32\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV - (AEAudio [On_Demand | Running]) -- C:\WINNT\system32\drivers\aeaudio.sys (Andrea Electronics Corporation)
DRV - (AnyDVD [On_Demand | Running]) -- C:\WINNT\system32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (AsIO [System | Running]) -- C:\WINNT\system32\drivers\AsIO.sys ()
DRV - (ElbyCDIO [System | Running]) -- C:\WINNT\system32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (ElbyDelay [On_Demand | Running]) -- C:\WINNT\system32\drivers\ElbyDelay.sys (Elaborate Bytes AG)
DRV - (Eplpdx02 [On_Demand | Running]) -- C:\WINNT\system32\drivers\EPLPDX02.SYS (MK Systems CO., LTD.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINNT\system32\drivers\Hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (kbdhid [System | Stopped]) -- C:\WINNT\system32\drivers\kbdhid.sys (Microsoft Corporation)
DRV - (mfeavfk [On_Demand | Running]) -- C:\WINNT\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfebopk [On_Demand | Running]) -- C:\WINNT\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfehidk [System | Running]) -- C:\WINNT\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mferkdk [On_Demand | Running]) -- C:\WINNT\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (mfesmfk [On_Demand | Running]) -- C:\WINNT\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (MPFP [System | Running]) -- C:\WINNT\system32\drivers\Mpfp.sys (McAfee, Inc.)
DRV - (mtpeqxvu [Boot | Stopped]) -- C:\WINNT\mtpeqxvu ()
DRV - (MTsensor [On_Demand | Running]) -- C:\WINNT\system32\drivers\ASACPI.sys ()
DRV - (nv [On_Demand | Running]) -- C:\WINNT\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (nvata [Boot | Running]) -- C:\WINNT\system32\drivers\nvata.sys (NVIDIA Corporation)
DRV - (NVENETFD [On_Demand | Running]) -- C:\WINNT\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (nvnetbus [On_Demand | Running]) -- C:\WINNT\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVTCP [System | Running]) -- C:\WINNT\system32\drivers\nvtcp.sys (NVIDIA Corporation)
DRV - (pfc [On_Demand | Running]) -- C:\WINNT\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINNT\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINNT\system32\drivers\PxHelp20.sys (Sonic Solutions)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINNT\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SenFiltService [On_Demand | Running]) -- C:\WINNT\system32\drivers\senfilt.sys (Sensaura)
DRV - (WS2IFSL [System | Running]) -- C:\WINNT\system32\drivers\ws2ifsl.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: (734 bytes) - C:\WINNT\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {2556DCDC-DFA0-46E8-A8D1-42C6FC088265} - Reg Error: Key error. File not found
O2 - BHO: (no name) - {3C39A6F3-69BF-4B5A-BF61-074A91E5F22D} - Reg Error: Key error. File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {62E34F4B-39C1-4389-93E2-D98B4F1525A6} - Reg Error: Key error. File not found
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINNT\system32\jkkHXPIY.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {B52915A9-6403-4C82-9041-4C0BDC5BBF6E} - C:\WINNT\system32\pmnlmjIx.dll File not found
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (no name) - {D85CA54F-13E5-4693-96A3-2CB242110EE8} - C:\WINNT\system32\jkkIBTLf.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" (Adobe Systems Inc.)
O4 - HKLM..\Run: [Ai Nap] "C:\Program Files\ASUS\AI Nap\AiNap.exe" ()
O4 - HKLM..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.14\AsRunHelp.exe ()
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon (CANON INC.)
O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" ()
O4 - HKLM..\Run: [Launch Ai Booster] "C:\Program Files\ASUS\AI Booster\OverClk.exe" ()
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install ()
O4 - HKLM..\Run: [Pvalekawep] rundll32.exe "C:\WINNT\azimatoyaqogun.dll",e File not found
O4 - HKLM..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" (Cyberlink Corp.)
O4 - HKLM..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKCU..\Run: [Antispyware] C:\Program Files\Antispyware\Antispyware.exe -boot File not found
O4 - HKCU..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINNT\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries0000000001 - C:\WINNT\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries0000000002 - C:\WINNT\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries0000000003 - C:\WINNT\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries0000000004 - C:\WINNT\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries0000000005 - C:\WINNT\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries0000000006 - C:\WINNT\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries0000000007 - C:\WINNT\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries0000000008 - C:\WINNT\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries0000000009 - C:\WINNT\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries0000000010 - C:\WINNT\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries0000000011 - C:\WINNT\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries0000000012 - C:\WINNT\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries0000000013 - C:\WINNT\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries0000000014 - C:\WINNT\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries0000000015 - C:\WINNT\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries0000000016 - C:\WINNT\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries0000000017 - C:\WINNT\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries0000000018 - C:\WINNT\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries0000000019 - C:\WINNT\system32\nvappfilter.dll (NVIDIA)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINNT\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ippx00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaippx00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - Winlogon\Notify\jkkHXPIY: DllName - jkkHXPIY.dll - C:\WINNT\system32\jkkHXPIY.dll (Adobe Systems Incorporated)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINNT\system32\jkkHXPIY.dll (Adobe Systems Incorporated)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[5 C:\WINNT\*.tmp files]
[2009/02/07 11:11:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\GooredFixBackups
[2009/02/07 01:21:03 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/02/07 01:17:06 | 00,002,289 | -HS- | C] () -- C:\WINNT\System32\fLTBIkkj.ini2
[2009/02/07 00:35:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/02/06 16:16:28 | 00,002,289 | -HS- | C] () -- C:\WINNT\System32\fLTBIkkj.ini
[2009/02/06 16:16:28 | 00,001,096 | ---- | C] () -- C:\WINNT\mtpeqxvu
[2009/02/06 15:18:20 | 00,091,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\GooredFix.exe
[2009/02/06 15:01:59 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/02/05 14:21:05 | 00,489,472 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTListIt22.exe
[2009/02/04 10:28:18 | 00,000,148 | ---- | C] () -- C:\WINNT\wininit.ini
[2009/02/03 22:29:53 | 00,000,000 | ---D | C] -- C:\WINNT\pss
[2009/02/03 17:57:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Hijackthis
[2009/02/02 17:30:29 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[2009/02/02 17:30:29 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/02/01 01:15:25 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/01/29 15:02:38 | 00,103,488 | ---- | C] (SlySoft, Inc.) -- C:\WINNT\System32\drivers\AnyDVD.sys
[2009/01/29 14:57:58 | 00,023,976 | ---- | C] (Elaborate Bytes AG) -- C:\WINNT\System32\drivers\ElbyCDIO.sys
[2009/01/29 13:54:59 | 00,089,256 | ---- | C] (Elaborate Bytes AG) -- C:\WINNT\System32\ElbyCDIO.dll
[2009/01/22 17:28:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\HotRod.English.DVDRIP.DIVX.EvilSnowmen.2007
[2009/01/22 17:28:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Babylon A.D (2008) DIVX Unrated DVDRIP

========== Files - Modified Within 30 Days ==========

[2 C:\WINNT\System32\*.tmp files]
[5 C:\WINNT\*.tmp files]
[2009/02/07 11:13:20 | 00,002,289 | -HS- | M] () -- C:\WINNT\System32\fLTBIkkj.ini
[2009/02/07 11:11:35 | 00,002,289 | -HS- | M] () -- C:\WINNT\System32\fLTBIkkj.ini2
[2009/02/07 00:42:00 | 00,008,999 | ---- | M] () -- C:\WINNT\System32\Config.MPF
[2009/02/07 00:40:55 | 00,002,331 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2009/02/07 00:40:52 | 00,000,006 | -H-- | M] () -- C:\WINNT\tasks\SA.DAT
[2009/02/07 00:40:49 | 00,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat
[2009/02/07 00:40:01 | 00,001,096 | ---- | M] () -- C:\WINNT\mtpeqxvu
[2009/02/07 00:36:20 | 00,513,724 | ---- | M] () -- C:\WINNT\System32\PerfStringBackup.INI
[2009/02/07 00:36:20 | 00,435,760 | ---- | M] () -- C:\WINNT\System32\perfh009.dat
[2009/02/07 00:36:20 | 00,068,404 | ---- | M] () -- C:\WINNT\System32\perfc009.dat
[2009/02/06 15:18:21 | 00,091,136 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\GooredFix.exe
[2009/02/06 15:10:47 | 00,000,000 | ---- | M] () -- C:\WINNT\MEMORY.DMP
[2009/02/06 15:04:54 | 00,002,206 | ---- | M] () -- C:\WINNT\System32\wpa.dbl
[2009/02/06 12:42:50 | 00,000,083 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2009/02/05 14:21:08 | 00,489,472 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTListIt22.exe
[2009/02/04 23:11:10 | 00,002,577 | ---- | M] () -- C:\WINNT\System32\CONFIG.NT
[2009/02/04 22:53:58 | 04,322,642 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2009/02/04 10:28:18 | 00,000,148 | ---- | M] () -- C:\WINNT\wininit.ini
[2009/02/03 23:00:25 | 00,000,612 | ---- | M] () -- C:\WINNT\win.ini
[2009/02/03 23:00:25 | 00,000,227 | ---- | M] () -- C:\WINNT\system.ini
[2009/02/03 23:00:25 | 00,000,207 | RHS- | M] () -- C:\boot.ini
[2009/02/02 17:30:29 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[2009/01/31 15:05:19 | 00,000,754 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AnyDVD.lnk
[2009/01/29 15:02:38 | 00,103,488 | ---- | M] (SlySoft, Inc.) -- C:\WINNT\System32\drivers\AnyDVD.sys
[2009/01/29 14:57:58 | 00,023,976 | ---- | M] (Elaborate Bytes AG) -- C:\WINNT\System32\drivers\ElbyCDIO.sys
[2009/01/29 13:54:59 | 00,089,256 | ---- | M] (Elaborate Bytes AG) -- C:\WINNT\System32\ElbyCDIO.dll
[2009/01/21 18:11:54 | 00,035,328 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/15 01:10:36 | 00,000,352 | ---- | M] () -- C:\WINNT\tasks\McDefragTask.job
[2009/01/12 13:32:13 | 00,138,464 | ---- | M] () -- C:\WINNT\System32\drivers\PnkBstrK.sys
[2009/01/12 13:32:06 | 00,111,928 | ---- | M] () -- C:\WINNT\System32\PnkBstrB.exe
[2009/01/09 17:35:30 | 20,853,704 | ---- | M] (Microsoft Corporation) -- C:\WINNT\System32\MRT.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 48 bytes -> %SystemRoot%:9CBC4760A5544558
@Alternate Data Stream - 104 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 0 bytes -> %UserProfile%\My Documents\Thumbs.db:encryptable
< End of report >


G

hello

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

ComboFix 09-02-06.04 - Administrator 2009-02-07 16:55:39.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.3195 [GMT -8:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *enabled*
.
ADS - WINNT: deleted 48 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\winnt\system32\drivers\seneka.sys
c:\winnt\system32\drivers\senekaltlydbni.sys
c:\winnt\system32\fLTBIkkj.ini
c:\winnt\system32\fLTBIkkj.ini2
c:\winnt\system32\mcrh.tmp
c:\winnt\system32\senekaduhvfynn.dat
c:\winnt\system32\senekaemmuebfu.dll
c:\winnt\system32\senekapfiiqiha.dat
c:\winnt\system32\senekargeluktq.dll
c:\winnt\system32\senekasjxbusus.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SENEKA


((((((((((((((((((((((((( Files Created from 2009-01-08 to 2009-02-08 )))))))))))))))))))))))))))))))
.

2009-02-07 16:58 . 2009-02-07 16:58 302,080 --a------ c:\winnt\system32\vtUlIxuV.dll
2009-02-07 16:58 . 2009-02-07 16:58 48,128 --a------ c:\winnt\system32\mlJApQiF.dll
2009-02-07 01:21 . 2009-02-07 01:21 <DIR> d-------- C:\VundoFix Backups
2009-02-07 00:35 . 2009-02-07 00:38 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-02-06 16:16 . 2009-02-07 16:58 1,300 --a------ c:\winnt\mtpeqxvu
2009-02-06 15:01 . 2009-02-06 15:01 <DIR> d-------- C:\_OTListIt
2009-02-04 10:28 . 2009-02-04 10:28 148 --a------ c:\winnt\wininit.ini
2009-02-02 17:30 . 2009-02-02 17:30 <DIR> d-------- c:\program files\Trend Micro
2009-02-01 01:15 . 2009-02-01 01:15 <DIR> d-------- c:\program files\Alwil Software
2009-01-31 20:52 . 2009-01-31 20:52 48,640 --a------ c:\winnt\system32\jkkHXPIY.dll
2009-01-29 15:02 . 2009-01-29 15:02 103,488 --a------ c:\winnt\system32\drivers\AnyDVD.sys
2009-01-29 14:57 . 2009-01-29 14:57 23,976 --a------ c:\winnt\system32\drivers\ElbyCDIO.sys
2009-01-29 13:54 . 2009-01-29 13:54 89,256 --a------ c:\winnt\system32\ElbyCDIO.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-08 00:58 25,088 ----a-w c:\winnt\system32\drivers\vmgafmiu.sys
2009-02-07 22:59 --------- d-----w c:\documents and settings\All Users\Application Data\CanonIJPLM
2009-02-01 19:28 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-01-14 20:33 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-12 21:32 138,464 ----a-w c:\winnt\system32\drivers\PnkBstrK.sys
2009-01-09 22:48 --------- d-----w c:\program files\McAfee
2009-01-06 07:14 --------- d-----w c:\program files\Java
2009-01-06 07:12 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2009-01-06 07:10 --------- d-----w c:\program files\McAfee.com
2009-01-06 07:10 --------- d-----w c:\program files\Common Files\McAfee
2008-12-29 05:56 22,328 ----a-w c:\documents and settings\Administrator\Application Data\PnkBstrK.sys
2008-12-29 05:56 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-19 21:53 --------- d-----w c:\program files\DivX
2008-12-11 10:57 333,952 ----a-w c:\winnt\system32\drivers\srv.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
2009-01-31 20:52 48640 --a------ c:\winnt\system32\jkkHXPIY.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\winnt\system32\ctfmon.exe" [2008-04-13 15360]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2009-01-30 2542528]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\winnt\System32\NvCpl.dll" [2007-11-06 8523776]
"NvMediaCenter"="c:\winnt\System32\NvMcTray.dll" [2007-11-06 81920]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"Launch Ai Booster"="c:\program files\ASUS\AI Booster\OverClk.exe" [2006-11-28 3714048]
"AsusStartupHelp"="c:\program files\ASUS\AASP\1.00.14\AsRunHelp.exe" [2006-11-13 363008]
"Ai Nap"="c:\program files\ASUS\AI Nap\AiNap.exe" [2006-11-30 1419776]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 483328]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 30208]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 49152]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-11-21 35328]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-10-16 1197648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-05 136600]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"nwiz"="nwiz.exe" [2007-11-06 c:\winnt\system32\nwiz.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\winnt\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2008-04-09 25214]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"= "c:\winnt\system32\jkkHXPIY.dll" [2009-01-31 48640]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkHXPIY]
2009-01-31 20:52 48640 c:\winnt\system32\jkkHXPIY.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINNT\\system32\\PnkBstrA.exe"=
"c:\\WINNT\\system32\\PnkBstrB.exe"=
"c:\\WINNT\\system32\\dpvsetup.exe"=
"d:\\COD4\\iw3mp.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"d:\\WORLD IN CONFLICT\\wic.exe"=
"d:\\WORLD IN CONFLICT\\wic_online.exe"=
"d:\\WORLD IN CONFLICT\\wic_ds.exe"=
"d:\\Star Wars EAW\\GameData\\sweaw.exe"=
"d:\\Star Wars EAW\\swfoc.exe"=
"d:\\Spider Man\\image\\pc\\Spider-Man Web of Shadows.exe"=
"d:\\CoDWaW\\CoDWaWmp.exe"=
"d:\\CoDWaW\\CoDWaW.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

S0 kfpgrzqt;kfpgrzqt;c:\winnt\system32\drivers\vmgafmiu.sys [2009-02-07 25088]
S0 mtpeqxvu;mtpeqxvu;c:\winnt\system32\drivers\ghnddqhl.sys []
S0 xuydsjan;xuydsjan;c:\winnt\system32\drivers\jqduwwta.sys --> c:\winnt\system32\drivers\jqduwwta.sys [?]
S3 PciCon;PciCon;\??\e:\pcicon.sys --> e:\PciCon.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-01-15 c:\winnt\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2009-01-06 c:\winnt\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2009-02-08 c:\winnt\Tasks\smfggeps.job
- c:\winnt\system32\mlJApQiF.dll [2009-02-07 16:58]
.
- - - - ORPHANS REMOVED - - - -

BHO-{2556DCDC-DFA0-46E8-A8D1-42C6FC088265} - (no file)
BHO-{3C39A6F3-69BF-4B5A-BF61-074A91E5F22D} - (no file)
BHO-{4EDEADF5-B4EF-49B7-BD0C-9A6BAB73E432} - c:\winnt\system32\vtUlIxuV.dll
BHO-{62E34F4B-39C1-4389-93E2-D98B4F1525A6} - (no file)
BHO-{713E8C84-E850-4236-8669-4730F02D95A4} - c:\winnt\system32\jkkIBTLf.dll
BHO-{B52915A9-6403-4C82-9041-4C0BDC5BBF6E} - c:\winnt\system32\pmnlmjIx.dll
BHO-{D85CA54F-13E5-4693-96A3-2CB242110EE8} - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKCU-Run-Antispyware - c:\program files\Antispyware\Antispyware.exe
HKLM-Run-Pvalekawep - c:\winnt\azimatoyaqogun.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-07 16:58:38
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\winnt\system32\drivers\ghnddqhl.sys 25088 bytes executable
c:\winnt\system32\vtUlIxuV.dll 302080 bytes executable
c:\winnt\system32\VuxIlUtv.ini 372 bytes
c:\winnt\system32\VuxIlUtv.ini2 372 bytes

scan completed successfully
hidden files: 4

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\Administrator\Software\SecuROM\License information*]
"datasecu"=hex:6a,5b,87,24,29,ed,ff,52,25,64,b3,f5,56,2a,59,a1,b8,2e,87,4b,5e,
79,56,20,44,23,8a,ed,82,a1,b5,39,b1,94,0d,90,9f,6f,47,74,d1,5a,b6,d5,e9,3a,\
"rkeysecu"=hex:ab,cc,0e,46,d3,fa,ca,7c,31,24,ca,4a,a4,74,1b,d1
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(916)
c:\winnt\system32\jkkHXPIY.dll

- - - - - - - > 'lsass.exe'(972)
c:\winnt\system32\nvappfilter.dll
.
------------------------ Other Running Processes ------------------------
.
c:\winnt\system32\rundll32.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
c:\program files\Canon\IJPLM\ijplmsvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\winnt\system32\nvsvc32.exe
c:\winnt\system32\PnkBstrA.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\winnt\system32\wdfmgr.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\winnt\system32\rundll32.exe
c:\winnt\system32\wscntfy.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\progra~1\McAfee\MSC\mcuimgr.exe
.
**************************************************************************
.
Completion time: 2009-02-07 17:01:14 - machine was rebooted [Administrator]
ComboFix-quarantined-files.txt 2009-02-08 01:01:12

Pre-Run: 232,588,931,072 bytes free
Post-Run: 232,727,724,032 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINNT
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

225 --- E O F --- 2009-01-14 20:33:37

hello

Open notepad and copy/paste the text in the quotebox below into it:



Save this as CFScript.txt




Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.

• Ensure you are connected to the internet and click OK on the message box.

ComboFix 09-02-06.04 - Administrator 2009-02-08 11:32:08.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2847 [GMT -8:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *enabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\winnt\mtpeqxvu
c:\winnt\system32\jkkHXPIY.dll
c:\winnt\Tasks\dpqahkxz.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MTPEQXVU
-------\Service_kfpgrzqt
-------\Service_mtpeqxvu
-------\Service_xuydsjan


((((((((((((((((((((((((( Files Created from 2009-01-08 to 2009-02-08 )))))))))))))))))))))))))))))))
.

2009-02-07 01:21 . 2009-02-07 01:21 <DIR> d-------- C:\VundoFix Backups
2009-02-07 00:35 . 2009-02-07 00:38 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-02-06 15:09 . 2009-02-06 15:09 25,088 --a------ c:\winnt\system32\drivers\ghnddqhl.sys
2009-02-06 15:01 . 2009-02-06 15:01 <DIR> d-------- C:\_OTListIt
2009-02-04 10:28 . 2009-02-04 10:28 148 --a------ c:\winnt\wininit.ini
2009-02-02 17:30 . 2009-02-02 17:30 <DIR> d-------- c:\program files\Trend Micro
2009-02-01 01:15 . 2009-02-01 01:15 <DIR> d-------- c:\program files\Alwil Software
2009-01-29 15:02 . 2009-01-29 15:02 103,488 --a------ c:\winnt\system32\drivers\AnyDVD.sys
2009-01-29 14:57 . 2009-01-29 14:57 23,976 --a------ c:\winnt\system32\drivers\ElbyCDIO.sys
2009-01-29 13:54 . 2009-01-29 13:54 89,256 --a------ c:\winnt\system32\ElbyCDIO.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-07 22:59 --------- d-----w c:\documents and settings\All Users\Application Data\CanonIJPLM
2009-02-01 19:28 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-01-14 20:33 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-12 21:32 138,464 ----a-w c:\winnt\system32\drivers\PnkBstrK.sys
2009-01-09 22:48 --------- d-----w c:\program files\McAfee
2009-01-06 07:14 --------- d-----w c:\program files\Java
2009-01-06 07:12 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2009-01-06 07:10 --------- d-----w c:\program files\McAfee.com
2009-01-06 07:10 --------- d-----w c:\program files\Common Files\McAfee
2008-12-29 05:56 22,328 ----a-w c:\documents and settings\Administrator\Application Data\PnkBstrK.sys
2008-12-29 05:56 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-19 21:53 --------- d-----w c:\program files\DivX
2008-12-11 10:57 333,952 ----a-w c:\winnt\system32\drivers\srv.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-02-07_17.00.43.18 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-07 21:28:46 32,768 ----a-w c:\winnt\system32\config\systemprofile\Cookies\index.dat
+ 2009-02-08 15:25:14 32,768 ----a-w c:\winnt\system32\config\systemprofile\Cookies\index.dat
- 2009-02-07 21:28:46 32,768 ----a-w c:\winnt\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-02-08 15:25:14 32,768 ----a-w c:\winnt\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-02-08 19:34:20 16,384 ----atw c:\winnt\temp\Perflib_Perfdata_608.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4EDEADF5-B4EF-49B7-BD0C-9A6BAB73E432}]
c:\winnt\system32\vtUlIxuV.dll [BU]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\winnt\system32\ctfmon.exe" [2008-04-13 15360]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2009-01-30 2542528]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\winnt\System32\NvCpl.dll" [2007-11-06 8523776]
"NvMediaCenter"="c:\winnt\System32\NvMcTray.dll" [2007-11-06 81920]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"Launch Ai Booster"="c:\program files\ASUS\AI Booster\OverClk.exe" [2006-11-28 3714048]
"AsusStartupHelp"="c:\program files\ASUS\AASP\1.00.14\AsRunHelp.exe" [2006-11-13 363008]
"Ai Nap"="c:\program files\ASUS\AI Nap\AiNap.exe" [2006-11-30 1419776]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 483328]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 30208]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 49152]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-11-21 35328]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-10-16 1197648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-05 136600]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"nwiz"="nwiz.exe" [2007-11-06 c:\winnt\system32\nwiz.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\winnt\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2008-04-09 25214]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINNT\\system32\\PnkBstrA.exe"=
"c:\\WINNT\\system32\\PnkBstrB.exe"=
"c:\\WINNT\\system32\\dpvsetup.exe"=
"d:\\COD4\\iw3mp.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"d:\\WORLD IN CONFLICT\\wic.exe"=
"d:\\WORLD IN CONFLICT\\wic_online.exe"=
"d:\\WORLD IN CONFLICT\\wic_ds.exe"=
"d:\\Star Wars EAW\\GameData\\sweaw.exe"=
"d:\\Star Wars EAW\\swfoc.exe"=
"d:\\Spider Man\\image\\pc\\Spider-Man Web of Shadows.exe"=
"d:\\CoDWaW\\CoDWaWmp.exe"=
"d:\\CoDWaW\\CoDWaW.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

S0 vsfshpvo;vsfshpvo;c:\winnt\system32\drivers\eralhqwh.sys --> c:\winnt\system32\drivers\eralhqwh.sys [?]
S3 PciCon;PciCon;\??\e:\pcicon.sys --> e:\PciCon.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-01-15 c:\winnt\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2009-01-06 c:\winnt\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-08 11:35:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\Administrator\Software\SecuROM\License information*]
"datasecu"=hex:6a,5b,87,24,29,ed,ff,52,25,64,b3,f5,56,2a,59,a1,b8,2e,87,4b,5e,
79,56,20,44,23,8a,ed,82,a1,b5,39,b1,94,0d,90,9f,6f,47,74,d1,5a,b6,d5,e9,3a,\
"rkeysecu"=hex:ab,cc,0e,46,d3,fa,ca,7c,31,24,ca,4a,a4,74,1b,d1
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(968)
c:\winnt\system32\nvappfilter.dll
.
------------------------ Other Running Processes ------------------------
.
c:\winnt\system32\rundll32.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
c:\program files\Canon\IJPLM\ijplmsvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\winnt\system32\nvsvc32.exe
c:\winnt\system32\PnkBstrA.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\winnt\system32\wdfmgr.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\progra~1\McAfee\MSC\mcuimgr.exe
.
**************************************************************************
.
Completion time: 2009-02-08 11:38:42 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-08 19:38:39
ComboFix2.txt 2009-02-08 01:01:15

Pre-Run: 232,656,384,000 bytes free
Post-Run: 232,694,140,928 bytes free

193 --- E O F --- 2009-01-14 20:33:37

hello

Open notepad and copy/paste the text in the quotebox below into it:



Save this as CFScript.txt




Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.

• Ensure you are connected to the internet and click OK on the message box.

ComboFix 09-02-06.04 - Administrator 2009-02-09 11:08:29.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.3105 [GMT -8:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *enabled*
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-01-09 to 2009-02-09 )))))))))))))))))))))))))))))))
.

2009-02-07 01:21 . 2009-02-07 01:21 <DIR> d-------- C:\VundoFix Backups
2009-02-07 00:35 . 2009-02-07 00:38 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-02-06 15:01 . 2009-02-06 15:01 <DIR> d-------- C:\_OTListIt
2009-02-04 10:28 . 2009-02-04 10:28 148 --a------ c:\winnt\wininit.ini
2009-02-02 17:30 . 2009-02-02 17:30 <DIR> d-------- c:\program files\Trend Micro
2009-02-01 01:15 . 2009-02-01 01:15 <DIR> d-------- c:\program files\Alwil Software
2009-01-29 15:02 . 2009-01-29 15:02 103,488 --a------ c:\winnt\system32\drivers\AnyDVD.sys
2009-01-29 14:57 . 2009-01-29 14:57 23,976 --a------ c:\winnt\system32\drivers\ElbyCDIO.sys
2009-01-29 13:54 . 2009-01-29 13:54 89,256 --a------ c:\winnt\system32\ElbyCDIO.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-07 22:59 --------- d-----w c:\documents and settings\All Users\Application Data\CanonIJPLM
2009-02-01 19:28 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-01-14 20:33 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-12 21:32 138,464 ----a-w c:\winnt\system32\drivers\PnkBstrK.sys
2009-01-09 22:48 --------- d-----w c:\program files\McAfee
2009-01-06 07:14 --------- d-----w c:\program files\Java
2009-01-06 07:12 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2009-01-06 07:10 --------- d-----w c:\program files\McAfee.com
2009-01-06 07:10 --------- d-----w c:\program files\Common Files\McAfee
2008-12-29 05:56 22,328 ----a-w c:\documents and settings\Administrator\Application Data\PnkBstrK.sys
2008-12-29 05:56 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-19 21:53 --------- d-----w c:\program files\DivX
2008-12-11 10:57 333,952 ----a-w c:\winnt\system32\drivers\srv.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-02-07_17.00.43.18 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-07 21:28:46 32,768 ----a-w c:\winnt\system32\config\systemprofile\Cookies\index.dat
+ 2009-02-09 17:53:16 32,768 ----a-w c:\winnt\system32\config\systemprofile\Cookies\index.dat
- 2009-02-07 21:28:46 32,768 ----a-w c:\winnt\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-02-09 17:53:16 32,768 ----a-w c:\winnt\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-02-09 19:10:28 16,384 ----atw c:\winnt\temp\Perflib_Perfdata_61c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4EDEADF5-B4EF-49B7-BD0C-9A6BAB73E432}]
c:\winnt\system32\vtUlIxuV.dll [BU]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\winnt\system32\ctfmon.exe" [2008-04-13 15360]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2009-01-30 2542528]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\winnt\System32\NvCpl.dll" [2007-11-06 8523776]
"NvMediaCenter"="c:\winnt\System32\NvMcTray.dll" [2007-11-06 81920]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"Launch Ai Booster"="c:\program files\ASUS\AI Booster\OverClk.exe" [2006-11-28 3714048]
"AsusStartupHelp"="c:\program files\ASUS\AASP\1.00.14\AsRunHelp.exe" [2006-11-13 363008]
"Ai Nap"="c:\program files\ASUS\AI Nap\AiNap.exe" [2006-11-30 1419776]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 483328]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 30208]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 49152]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-11-21 35328]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-10-16 1197648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-05 136600]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"nwiz"="nwiz.exe" [2007-11-06 c:\winnt\system32\nwiz.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\winnt\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2008-04-09 25214]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINNT\\system32\\PnkBstrA.exe"=
"c:\\WINNT\\system32\\PnkBstrB.exe"=
"c:\\WINNT\\system32\\dpvsetup.exe"=
"d:\\COD4\\iw3mp.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"d:\\WORLD IN CONFLICT\\wic.exe"=
"d:\\WORLD IN CONFLICT\\wic_online.exe"=
"d:\\WORLD IN CONFLICT\\wic_ds.exe"=
"d:\\Star Wars EAW\\GameData\\sweaw.exe"=
"d:\\Star Wars EAW\\swfoc.exe"=
"d:\\Spider Man\\image\\pc\\Spider-Man Web of Shadows.exe"=
"d:\\CoDWaW\\CoDWaWmp.exe"=
"d:\\CoDWaW\\CoDWaW.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

S3 PciCon;PciCon;\??\e:\pcicon.sys --> e:\PciCon.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-01-15 c:\winnt\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2009-01-06 c:\winnt\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-09 11:10:39
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\Administrator\Software\SecuROM\License information*]
"datasecu"=hex:6a,5b,87,24,29,ed,ff,52,25,64,b3,f5,56,2a,59,a1,b8,2e,87,4b,5e,
79,56,20,44,23,8a,ed,82,a1,b5,39,b1,94,0d,90,9f,6f,47,74,d1,5a,b6,d5,e9,3a,\
"rkeysecu"=hex:ab,cc,0e,46,d3,fa,ca,7c,31,24,ca,4a,a4,74,1b,d1
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(968)
c:\winnt\system32\nvappfilter.dll
.
------------------------ Other Running Processes ------------------------
.
c:\winnt\system32\rundll32.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
c:\program files\Canon\IJPLM\ijplmsvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\winnt\system32\nvsvc32.exe
c:\winnt\system32\PnkBstrA.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\winnt\system32\wdfmgr.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\progra~1\McAfee\MSC\mcuimgr.exe
.
**************************************************************************
.
Completion time: 2009-02-09 11:13:16 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-09 19:13:14
ComboFix2.txt 2009-02-09 18:59:04
ComboFix3.txt 2009-02-08 19:38:43
ComboFix4.txt 2009-02-08 01:01:15

Pre-Run: 232,654,983,168 bytes free
Post-Run: 232,643,198,976 bytes free

181 --- E O F --- 2009-01-14 20:33:37

hello

Please download ATF Cleaner by Atribune.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.




Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Go to Kaspersky website and perform an online antivirus scan.

1. Read through the requirements and privacy statement and click on Accept button.
2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
3. When the downloads have finished, click on Settings.
4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
   Spyware, Adware, Dialers, and other potentially dangerous programs
   Archives
   Mail databases
5. Click on My Computer under Scan.
6. Once the scan is complete, it will display the results. Click on View Scan Report.
7. You will see a list of infected items there. Click on Save Report As....
8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

Malwarebytes' Anti-Malware 1.34
Database version: 1751
Windows 5.1.2600 Service Pack 3

2/11/2009 5:41:03 PM
mbam-log-2009-02-11 (17-41-03).txt

Scan type: Quick Scan
Objects scanned: 63672
Time elapsed: 2 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\AntivirusXP (Rogue.AntivirusXP) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, February 11, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, February 12, 2009 01:11:57
Records in database: 1784559
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan statistics:
Files scanned: 69197
Threat name: 4
Infected objects: 5
Suspicious objects: 0
Duration of the scan: 00:48:27


File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\WINNT\system32\drivers\seneka.sys.vir Infected: Trojan.Win32.Monderc.gex 1
C:\Qoobox\Quarantine\C\WINNT\system32\drivers\senekaltlydbni.sys.vir Infected: Trojan.Win32.Monderc.gex 1
C:\Qoobox\Quarantine\C\WINNT\system32\senekaemmuebfu.dll.vir Infected: Rootkit.Win32.Agent.hdg 1
C:\Qoobox\Quarantine\C\WINNT\system32\senekasjxbusus.dll.vir Infected: Rootkit.Win32.Agent.hdh 1
C:\_OTListIt\MovedFiles2062009_150159\WINNT\system32\prunnet.exe Infected: Trojan.Win32.Agent.bpna 1

The selected area was scanned.

post a new HJT Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:03:00, on 2/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ASUS\AI Nap\AiNap.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4EDEADF5-B4EF-49B7-BD0C-9A6BAB73E432} - C:\WINNT\system32\vtUlIxuV.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program Files\ASUS\AI Booster\OverClk.exe"
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.14\AsRunHelp.exe
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\AI Nap\AiNap.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINNT\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

--
End of file - 10443 bytes

fix this with HJT

O2 - BHO: (no name) - {4EDEADF5-B4EF-49B7-BD0C-9A6BAB73E432} - C:\WINNT\system32\vtUlIxuV.dll (file missing)


reboot and post a new HJT Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:03:40, on 2/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ASUS\AI Nap\AiNap.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program Files\ASUS\AI Booster\OverClk.exe"
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.14\AsRunHelp.exe
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\AI Nap\AiNap.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINNT\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

--
End of file - 10171 bytes

your logs are clean

Follow these steps to uninstall Combofix and tools used in the removal of malware

• Click START then RUN
• Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  

Download ToolsCleaner2 to your desktop and run it ( by de A.Rothstein & Dj Quiou )

• Click the Pt. Restauration button and press OK to the prompts.
• Click the Corbeille button and press OK to the prompt.
• Click the Fichiers temp button and press OK to the prompt.
• Click the Recherche button and let it run ( it may look like it freezes but let it continue )
• Once it is done click the Suppression button and let it remove anything it finds.
• Close the program

Below I have included a number of recommendations for how to protect your computer against malware infections.

• Keep Windows updated by regularly checking their website at :
  http://windowsupdate.microsoft.com/
  This will ensure your computer has always the latest security updates available installed on your computer.
  
  
• SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.
  
  
• SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.
  
  
• Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
• ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  
  
• MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.
  
  
• Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
  secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
  blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
  Here
  
  
  If you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure.
  • NoScript - for blocking ads and other potential website attacks
  • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling
  
  
• Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  
  
• ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
  
  
• Recovery Console - Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see This Article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.
  
  
• Please read my guide on how to prevent malware and about safe computing here

Thank you for your patience, and performing all of the procedures requested.

Thank you for the instructions and your assistance on removing and securing my co-workers computer.

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact the staff member who was helping you with your issue.

Everyone else please begin a New Topic.

Thank you !