[RESOLVED] Trojans found

I was working on this computer for a friend about a year ago, trying to get rid of some malware, and while I was working on it they decided to just get a new computer. I am now trying fix it again. I tried installing Norton 360 AV, but it made the system so slow, it was nearly impossible to use. I did an online scan using BitDefender, and it found some trojans/virus'. Installed Avira AntiVir Personal, that seems to run OK. Dont know if it was the trojans making Nortons run so slow or if I need to get more memory. Here are my logs.

BitDefender Online Scanner - Real Time Virus Report

Generated at: Thu, Jul 08, 2010 - 14:27:56

--------------------------------------------------------------------------------

Scan Info

Scanned Files
191458

Infected Files
4

Virus Detected

Trojan.Vundo.GMM
1

Trojan.Agent.AGVK
1

Trojan.Generic.1615286
1

Gen:Heur.Krypt.14
1

--------------------------------------------------------------------------------

This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-09 06:13:03
Windows 5.1.2600 Service Pack 3
Running: 7q5q9uwp.exe; Driver: C:\DOCUME~1\Paul\LOCALS~1\Temp\kwwirfog.sys

---- System - GMER 1.0.15 ----

SSDT F989706E ZwCreateKey
SSDT F9897064 ZwCreateThread
SSDT F9897073 ZwDeleteKey
SSDT F989707D ZwDeleteValueKey
SSDT spqo.sys ZwEnumerateKey [0xF9166DA4]
SSDT spqo.sys ZwEnumerateValueKey [0xF9167132]
SSDT F9897082 ZwLoadKey
SSDT spqo.sys ZwOpenKey [0xF914E0C0]
SSDT F9897050 ZwOpenProcess
SSDT F9897055 ZwOpenThread
SSDT spqo.sys ZwQueryKey [0xF916720A]
SSDT spqo.sys ZwQueryValueKey [0xF916708A]
SSDT F989708C ZwReplaceKey
SSDT F9897087 ZwRestoreKey
SSDT F9897078 ZwSetValueKey

INT 0x62 ? 8130EBF8
INT 0x82 ? 8130EBF8

---- Kernel code sections - GMER 1.0.15 ----

? spqo.sys The system cannot find the file specified. !
.text a0dpu1i0.SYS F8D01386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text a0dpu1i0.SYS F8D013AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text a0dpu1i0.SYS F8D013C4 3 Bytes [00, 80, 02]
.text a0dpu1i0.SYS F8D013C9 1 Byte [30]
.text a0dpu1i0.SYS F8D013C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 813132D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F9179DDC] spqo.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F9179E30] spqo.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F914F042] spqo.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F914F13E] spqo.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F914F0C0] spqo.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F914F800] spqo.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F914F6D6] spqo.sys
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F915EB90]

IAT \SystemRoot\System32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] FFA4F2D8
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!RtlInitUnicodeString] 8800001C
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!swprintf] 001CBA86
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!KeSetEvent] C61AEB00
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 001C8986
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!IoGetConfigurationInformation] 86C61200
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 00001C8B
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!MmFreeMappingAddress] 96868801
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 8800001C
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 001CB286
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!MmUnmapIoSpace] 88968B00
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 8900001C
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!IofCompleteRequest] 001CA496
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!RtlCompareUnicodeString] C6168B00
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!IofCallDriver] 001CC186
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 428A0A00
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] C286880C
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!IoConnectInterrupt] 8B00001C
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!IoDetachDevice] 24A48DFA
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!KeWaitForSingleObject] 00000000
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!KeInitializeEvent] 4B8BDF8B
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!KeCancelTimer] 8D3F0304
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] CB033043
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!RtlInitAnsiString] 0673C13B
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] C13B0003
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!IoQueueWorkItem] 8366FA72
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!MmMapIoSpace] 75000E7B
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 0B7D80E3
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!IoReportDetectedDevice] 307B8D00
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!IoReportResourceForDetection] 00AA840F
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 83660000
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!NlsMbCodePageTag] 6A000E7A
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!PoRequestPowerIrp] C6647400
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 001CC386
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 4F8B0200
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!sprintf] 968D5140
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 00001C98
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!ObfDereferenceObject] 22F6E852
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 478B0000
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 50016A40
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!ZwClose] 1CB48E8D
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] E8510000
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 000022E4
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 6A18538B
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 868D5200
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!IoCreateDevice] 00001CA0
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 22D2E850
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 4B8B0000
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 51016A18
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!ZwOpenKey] 1CBC968D
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!RtlFreeUnicodeString] E8520000
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!IoStartTimer] 000022C0
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!KeInitializeTimer] 8A05478A
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!IoInitializeTimer] 001CC38E
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!KeInitializeDpc] 30C48300
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!KeInitializeSpinLock] 1CC58688
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!IoInitializeIrp] 80E90000
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!ZwCreateKey] C6000000
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 001CC386
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 438B0100
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!ZwSetValueKey] 8E8D5018
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!KeInsertQueueDpc] 00001C98
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 2292E851
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!IoStartPacket] 538B0000
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 52016A18
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 1CB4868D
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!IoFreeMdl] E8500000
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!MmUnlockPages] 00002280
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 8A05478A
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 001CC38E
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 18C48300
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 1CC58688
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!KeSynchronizeExecution] 43EB0000
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!IoStartNextPacket] 320C538A
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!KeBugCheckEx] 88F93BC0
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] 001CC396
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!KeSetTimer] F6317300
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!_allmul] 74070647
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!MmProbeAndLockPages] 75C0841A
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!_except_handler3] 05578A0B
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!PoSetPowerState] 968801B0
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 00001CC5
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 57B60F66
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!RtlDeleteRegistryValue] 533B6604
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!_aulldiv] 03087408
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!strstr] 72F93B3F
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!_strupr] 8A09EBDA
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!KeQuerySystemTime] 86880547
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 00001CC5
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!KeTickCount] 88084B8A
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 001CC68E
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!IoDeleteDevice] 40578B00
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 8D52006A
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!IoAllocateWorkItem] 001CC886
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!IoAllocateIrp] 11E85000
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!IoAllocateMdl] 8B000022
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 001CC08E
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!MmLockPagableDataSection] C4968B00
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] 8900001C
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 001CCC8E
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!ExFreePoolWithTag] D0968900
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!IoFreeIrp] 8B00001C
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!IoFreeWorkItem] 016A4047
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!InitSafeBootMode] D4C68150
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!RtlCompareMemory] 5600001C
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!PoCallDriver] 0021E7E8
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!memmove] 18C48300
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!MmHighestUserAddress] 5D5B5E5F
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[HAL.dll!READ_PORT_UCHAR] 1C959E88
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[HAL.dll!KfRaiseIrql] 00001CB1
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[HAL.dll!KfLowerIrql] 0E798366
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[HAL.dll!HalTranslateBusAddress] 8986C636
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[HAL.dll!KfReleaseSpinLock] 1C8B86C6
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[HAL.dll!READ_PORT_USHORT] 001C9686
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CB2
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB99E

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8130C1F8
Device \FileSystem\Fastfat \FatCdrom FF804500
Device \Driver\NetBT \Device\NetBT_Tcpip_{273C306C-7B37-4B0C-9DC8-44542C50A181} FF8D01F8
Device \Driver\usbuhci \Device\USBPDO-0 FFA4E1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8130F1F8
Device \Driver\dmio \Device\DmControl\DmConfig 8130F1F8
Device \Driver\dmio \Device\DmControl\DmPnP 8130F1F8
Device \Driver\dmio \Device\DmControl\DmInfo 8130F1F8
Device \Driver\usbuhci \Device\USBPDO-1 FFA4E1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{1B65CF21-01CA-4A67-B243-23F763DE71D1} FF8D01F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 813101F8
Device \Driver\Cdrom \Device\CdRom0 FFA511F8
Device \Driver\Cdrom \Device\CdRom1 FFA511F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F90A2B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [F90A2B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F90A2B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [F90A2B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\sptd \Device\1493065136 spqo.sys
Device \Driver\PCI_PNP1386 \Device\0000003d spqo.sys
Device \Driver\NetBT \Device\NetBt_Wins_Export FF8D01F8
Device \Driver\NetBT \Device\NetbiosSmb FF8D01F8
Device \Driver\usbuhci \Device\USBFDO-0 FFA4E1F8
Device \Driver\usbuhci \Device\USBFDO-1 FFA4E1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver FF8B31F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector FF8B31F8
Device \Driver\Ftdisk \Device\FtControl 813101F8
Device \Driver\a0dpu1i0 \Device\Scsi\a0dpu1i01Port2Path0Target0Lun0 FFA4D1F8
Device \Driver\a0dpu1i0 \Device\Scsi\a0dpu1i01 FFA4D1F8
Device \FileSystem\Fastfat \Fat FF804500

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs FFA7E500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7E 0xFC 0x5C 0xE8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x74 0x33 0xB0 0xFD ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x98 0x91 0x80 0x50 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7E 0xFC 0x5C 0xE8 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x74 0x33 0xB0 0xFD ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x98 0x91 0x80 0x50 ...

---- EOF - GMER 1.0.15 ----

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4294

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/8/2010 7:26:53 PM
mbam-log-2010-07-08 (19-26-53).txt

Scan type: Quick scan
Objects scanned: 140843
Time elapsed: 17 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:45:10 PM, on 7/8/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-20\..\Run: [jebogobiki] Rundll32.exe "C:\WINDOWS\system32\sihiyadu.dll",s (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab55579.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab55579.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1188583180984
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1239638374406
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10...y.cab55579.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (ZPA_Backgammon Object) - http://zone.msn.com/bingame/zpagames...n.cab55579.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxcz_device - Unknown owner - C:\WINDOWS\system32\lxczcoms.exe (file missing)

--
End of file - 5982 bytes

I don't see Avira running, judging from your HJT log. What's up with that?

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

That is odd, I dont recall disabling Avira, maybe I posted the wrong HJT log. Here is a new one. I'll post combofix log when it is finished.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:30:12 PM, on 7/9/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-20\..\Run: [jebogobiki] Rundll32.exe "C:\WINDOWS\system32\sihiyadu.dll",s (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab55579.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab55579.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1188583180984
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1239638374406
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10...y.cab55579.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (ZPA_Backgammon Object) - http://zone.msn.com/bingame/zpagames...n.cab55579.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxcz_device - Unknown owner - C:\WINDOWS\system32\lxczcoms.exe (file missing)

--
End of file - 6528 bytes

The first time I ran Combofix I was informed that the recovery console was not installed. First log is without it.

ComboFix 10-07-08.02 - Paul 07/09/2010 21:48:21.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.254.109 [GMT -5:00]
Running from: c:\documents and settings\Paul\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\ogeyewag.ini
c:\windows\xpsp1hfm.log

.
((((((((((((((((((((((((( Files Created from 2010-06-10 to 2010-07-10 )))))))))))))))))))))))))))))))
.

2010-07-09 16:14 . 2010-07-09 16:14 -------- d-----w- c:\program files\Triumph Studios
2010-07-09 01:15 . 2010-07-09 01:15 -------- d-----w- c:\documents and settings\Paul\Application Data\Avira
2010-07-09 01:13 . 2010-07-09 06:04 -------- d-----w- c:\windows\system32\NtmsData
2010-07-09 01:03 . 2010-03-01 15:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-07-09 01:03 . 2010-02-16 19:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-07-09 01:03 . 2009-05-11 17:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-07-09 01:03 . 2009-05-11 17:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-07-09 01:03 . 2010-07-09 01:03 -------- d-----w- c:\program files\Avira
2010-07-09 01:03 . 2010-07-09 01:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-07-09 00:37 . 2010-07-09 00:37 388096 ----a-r- c:\documents and settings\Paul\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-09 00:37 . 2010-07-09 00:37 -------- d-----w- c:\program files\Trend Micro
2010-07-08 16:43 . 2010-07-08 19:27 -------- d-----w- c:\windows\BDOSCAN8
2010-07-08 02:48 . 2010-07-08 02:48 -------- d-----w- c:\program files\Ascaron Entertainment
2010-07-08 02:32 . 2010-07-08 02:33 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-07-08 02:32 . 2010-07-08 02:40 -------- d-----w- c:\documents and settings\Paul\Application Data\DAEMON Tools Lite
2010-07-08 02:31 . 2010-07-08 02:32 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2010-07-08 02:11 . 2008-04-13 18:45 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-07-07 19:05 . 2010-07-07 19:05 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-07-07 18:59 . 2010-07-07 22:15 -------- d-----w- c:\program files\Cossacks
2010-07-07 18:59 . 2010-07-07 18:57 4358144 ----a-w- c:\windows\uncsetup.exe
2010-07-07 18:45 . 2010-07-08 01:17 -------- d-----w- c:\documents and settings\Paul\Application Data\BitTorrent
2010-07-07 18:45 . 2010-07-07 18:45 -------- d-----w- c:\program files\BitTorrent
2010-07-06 17:24 . 2010-07-06 17:24 -------- d-----w- c:\program files\Take2 Interactive
2010-07-06 10:09 . 2010-07-06 10:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-07-06 01:12 . 2010-07-06 01:12 -------- d-----w- c:\program files\Atari
2010-07-05 19:33 . 2007-12-20 15:43 248448 ----a-w- c:\windows\system32\PROUnstl.exe
2010-07-05 19:18 . 2010-07-05 19:18 -------- d-sh--w- c:\documents and settings\Paul\IECompatCache
2010-07-05 18:55 . 2010-07-05 18:55 -------- d-sh--w- c:\documents and settings\Paul\PrivacIE
2010-07-05 18:49 . 2010-07-05 18:49 -------- d-sh--w- c:\documents and settings\Paul\IETldCache
2010-07-05 18:25 . 2010-05-06 10:41 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-07-05 18:25 . 2010-05-06 10:41 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-07-05 18:25 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-07-05 18:24 . 2010-07-05 19:10 -------- d-----w- c:\windows\ie8updates
2010-07-05 18:24 . 2010-04-16 11:43 41984 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-07-05 18:20 . 2010-07-05 18:24 -------- dc-h--w- c:\windows\ie8
2010-07-05 18:05 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-07-05 18:05 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-07-05 17:40 . 2010-07-05 17:40 -------- d-----w- c:\program files\Common Files\Java
2010-07-05 17:38 . 2010-07-05 17:38 503808 ----a-w- c:\documents and settings\Paul\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-51158460-n\msvcp71.dll
2010-07-05 17:38 . 2010-07-05 17:38 499712 ----a-w- c:\documents and settings\Paul\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-51158460-n\jmc.dll
2010-07-05 17:38 . 2010-07-05 17:38 348160 ----a-w- c:\documents and settings\Paul\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-51158460-n\msvcr71.dll
2010-07-05 17:38 . 2010-07-05 17:38 61440 ----a-w- c:\documents and settings\Paul\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-44fa989a-n\decora-sse.dll
2010-07-05 17:38 . 2010-07-05 17:38 12800 ----a-w- c:\documents and settings\Paul\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-44fa989a-n\decora-d3d.dll
2010-07-05 17:37 . 2010-04-12 22:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-05 17:27 . 2010-07-05 17:27 503808 ----a-w- c:\documents and settings\Paul\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-552a14fc-n\msvcp71.dll
2010-07-05 17:27 . 2010-07-05 17:27 348160 ----a-w- c:\documents and settings\Paul\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-552a14fc-n\msvcr71.dll
2010-07-05 17:27 . 2010-07-05 17:27 499712 ----a-w- c:\documents and settings\Paul\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-552a14fc-n\jmc.dll
2010-07-05 16:39 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-05 16:39 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-05 16:39 . 2010-07-05 16:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-05 16:24 . 2006-08-17 02:04 402944 ----a-r- c:\windows\system32\drivers\WlanGZXP.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-08 04:37 . 2007-07-01 03:55 43520 -c--a-w- c:\windows\system32\CmdLineExt03.dll
2010-07-08 02:32 . 2009-03-24 00:20 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-07-06 10:29 . 2007-06-29 16:07 -------- d-----w- c:\program files\Age of Wonders II
2010-07-06 01:12 . 2007-06-13 05:54 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-06 01:10 . 2007-06-13 05:51 -------- d-----w- c:\program files\Common Files\InstallShield
2010-07-06 00:48 . 2007-07-19 20:33 -------- d-----w- c:\program files\Steam
2010-07-05 19:40 . 2007-06-21 19:26 -------- d-----w- c:\program files\Lavasoft
2010-07-05 17:36 . 2009-03-16 18:07 -------- d-----w- c:\program files\Java
2010-07-05 15:55 . 2009-06-11 16:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-07-05 15:55 . 2009-06-11 16:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-07-05 15:54 . 2009-06-11 16:07 -------- d-----w- c:\documents and settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2010-05-06 10:41 . 2002-09-03 13:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:20 . 2010-05-04 17:20 78336 ------w- c:\windows\system32\ieencode.dll
2010-05-02 05:22 . 2002-09-03 13:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2002-09-03 13:00 285696 ----a-w- c:\windows\system32\atmfd.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Mythology\\aom.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Sierra On-Line\\SIGSPat.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/8/2010 8:03 PM 135336]
R3 ZG760_XP;ZyXEL 802.11g XG762 1211 Driver;c:\windows\system32\drivers\WlanGZXP.sys [7/5/2010 11:24 AM 402944]
S3 Fadpu16E;Fadpu16E;\??\c:\docume~1\Paul\LOCALS~1\Temp\Fadpu16E.sys --> c:\docume~1\Paul\LOCALS~1\Temp\Fadpu16E.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/23/2009 7:20 PM 691696]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - SSMDRV
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKCU-Run-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
HKLM-Run-FaxCenterServer - c:\program files\Lexmark Fax Solutions\fm3032.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-09 22:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-07-09 22:11:21
ComboFix-quarantined-files.txt 2010-07-10 03:11

Pre-Run: 26,782,117,888 bytes free
Post-Run: 27,340,292,096 bytes free

- - End Of File - - CFBD14F925983CCF71672C95BDE5F98A

ComboFix 10-07-08.02 - Paul 07/09/2010 22:29:09.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.254.21 [GMT -5:00]
Running from: c:\documents and settings\Paul\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((( Files Created from 2010-06-10 to 2010-07-10 )))))))))))))))))))))))))))))))
.

2010-07-09 16:14 . 2010-07-09 16:14 -------- d-----w- c:\program files\Triumph Studios
2010-07-09 01:15 . 2010-07-09 01:15 -------- d-----w- c:\documents and settings\Paul\Application Data\Avira
2010-07-09 01:13 . 2010-07-09 06:04 -------- d-----w- c:\windows\system32\NtmsData
2010-07-09 01:03 . 2010-03-01 15:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-07-09 01:03 . 2010-02-16 19:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-07-09 01:03 . 2009-05-11 17:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-07-09 01:03 . 2009-05-11 17:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-07-09 01:03 . 2010-07-09 01:03 -------- d-----w- c:\program files\Avira
2010-07-09 01:03 . 2010-07-09 01:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-07-09 00:37 . 2010-07-09 00:37 388096 ----a-r- c:\documents and settings\Paul\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-09 00:37 . 2010-07-09 00:37 -------- d-----w- c:\program files\Trend Micro
2010-07-08 16:43 . 2010-07-08 19:27 -------- d-----w- c:\windows\BDOSCAN8
2010-07-08 02:48 . 2010-07-08 02:48 -------- d-----w- c:\program files\Ascaron Entertainment
2010-07-08 02:32 . 2010-07-08 02:33 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-07-08 02:32 . 2010-07-08 02:40 -------- d-----w- c:\documents and settings\Paul\Application Data\DAEMON Tools Lite
2010-07-08 02:31 . 2010-07-08 02:32 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2010-07-08 02:11 . 2008-04-13 18:45 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-07-07 19:05 . 2010-07-07 19:05 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-07-07 18:59 . 2010-07-07 22:15 -------- d-----w- c:\program files\Cossacks
2010-07-07 18:59 . 2010-07-07 18:57 4358144 ----a-w- c:\windows\uncsetup.exe
2010-07-07 18:45 . 2010-07-08 01:17 -------- d-----w- c:\documents and settings\Paul\Application Data\BitTorrent
2010-07-07 18:45 . 2010-07-07 18:45 -------- d-----w- c:\program files\BitTorrent
2010-07-06 17:24 . 2010-07-06 17:24 -------- d-----w- c:\program files\Take2 Interactive
2010-07-06 10:09 . 2010-07-06 10:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-07-06 01:12 . 2010-07-06 01:12 -------- d-----w- c:\program files\Atari
2010-07-05 19:33 . 2007-12-20 15:43 248448 ----a-w- c:\windows\system32\PROUnstl.exe
2010-07-05 19:18 . 2010-07-05 19:18 -------- d-sh--w- c:\documents and settings\Paul\IECompatCache
2010-07-05 18:55 . 2010-07-05 18:55 -------- d-sh--w- c:\documents and settings\Paul\PrivacIE
2010-07-05 18:49 . 2010-07-05 18:49 -------- d-sh--w- c:\documents and settings\Paul\IETldCache
2010-07-05 18:25 . 2010-05-06 10:41 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-07-05 18:25 . 2010-05-06 10:41 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-07-05 18:25 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-07-05 18:24 . 2010-07-05 19:10 -------- d-----w- c:\windows\ie8updates
2010-07-05 18:24 . 2010-04-16 11:43 41984 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-07-05 18:20 . 2010-07-05 18:24 -------- dc-h--w- c:\windows\ie8
2010-07-05 18:05 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-07-05 18:05 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-07-05 17:40 . 2010-07-05 17:40 -------- d-----w- c:\program files\Common Files\Java
2010-07-05 17:38 . 2010-07-05 17:38 503808 ----a-w- c:\documents and settings\Paul\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-51158460-n\msvcp71.dll
2010-07-05 17:38 . 2010-07-05 17:38 499712 ----a-w- c:\documents and settings\Paul\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-51158460-n\jmc.dll
2010-07-05 17:38 . 2010-07-05 17:38 348160 ----a-w- c:\documents and settings\Paul\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-51158460-n\msvcr71.dll
2010-07-05 17:38 . 2010-07-05 17:38 61440 ----a-w- c:\documents and settings\Paul\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-44fa989a-n\decora-sse.dll
2010-07-05 17:38 . 2010-07-05 17:38 12800 ----a-w- c:\documents and settings\Paul\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-44fa989a-n\decora-d3d.dll
2010-07-05 17:37 . 2010-04-12 22:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-05 17:27 . 2010-07-05 17:27 503808 ----a-w- c:\documents and settings\Paul\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-552a14fc-n\msvcp71.dll
2010-07-05 17:27 . 2010-07-05 17:27 348160 ----a-w- c:\documents and settings\Paul\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-552a14fc-n\msvcr71.dll
2010-07-05 17:27 . 2010-07-05 17:27 499712 ----a-w- c:\documents and settings\Paul\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-552a14fc-n\jmc.dll
2010-07-05 16:39 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-05 16:39 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-05 16:39 . 2010-07-05 16:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-05 16:24 . 2006-08-17 02:04 402944 ----a-r- c:\windows\system32\drivers\WlanGZXP.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-08 04:37 . 2007-07-01 03:55 43520 -c--a-w- c:\windows\system32\CmdLineExt03.dll
2010-07-08 02:32 . 2009-03-24 00:20 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-07-06 10:29 . 2007-06-29 16:07 -------- d-----w- c:\program files\Age of Wonders II
2010-07-06 01:12 . 2007-06-13 05:54 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-06 01:10 . 2007-06-13 05:51 -------- d-----w- c:\program files\Common Files\InstallShield
2010-07-06 00:48 . 2007-07-19 20:33 -------- d-----w- c:\program files\Steam
2010-07-05 19:40 . 2007-06-21 19:26 -------- d-----w- c:\program files\Lavasoft
2010-07-05 17:36 . 2009-03-16 18:07 -------- d-----w- c:\program files\Java
2010-07-05 15:55 . 2009-06-11 16:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-07-05 15:55 . 2009-06-11 16:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-07-05 15:54 . 2009-06-11 16:07 -------- d-----w- c:\documents and settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2010-05-06 10:41 . 2002-09-03 13:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:20 . 2010-05-04 17:20 78336 ------w- c:\windows\system32\ieencode.dll
2010-05-02 05:22 . 2002-09-03 13:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2002-09-03 13:00 285696 ----a-w- c:\windows\system32\atmfd.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Mythology\\aom.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Sierra On-Line\\SIGSPat.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/8/2010 8:03 PM 135336]
R3 ZG760_XP;ZyXEL 802.11g XG762 1211 Driver;c:\windows\system32\drivers\WlanGZXP.sys [7/5/2010 11:24 AM 402944]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/23/2009 7:20 PM 691696]
S3 Fadpu16E;Fadpu16E;\??\c:\docume~1\Paul\LOCALS~1\Temp\Fadpu16E.sys --> c:\docume~1\Paul\LOCALS~1\Temp\Fadpu16E.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - SSMDRV
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-09 22:39
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3592)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-07-09 22:47:10
ComboFix-quarantined-files.txt 2010-07-10 03:47
ComboFix2.txt 2010-07-10 03:11

Pre-Run: 27,342,172,160 bytes free
Post-Run: 27,336,564,736 bytes free

- - End Of File - - 516C50A5A189F0B50A443144652355A2

Combofix reports:
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
Please, allow recovery console installation on next Combofix run.

1. Please open Notepad
Click Start , then Run
Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:

File:: c:\docume~1\Paul\LOCALS~1\Temp\Fadpu16E.sys Folder:: c:\documents and settings\All Users\Application Data\Symantec c:\documents and settings\All Users\Application Data\Norton Driver:: Fadpu16E

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

https://discussions.virtualdr.com/im.../2016/03/2.gif

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
Combofix.txt

ComboFix 10-07-08.02 - Paul 07/10/2010 2:26.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.254.117 [GMT -5:00]
Running from: c:\documents and settings\Paul\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Paul\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::
"c:\docume~1\Paul\LOCALS~1\Temp\Fadpu16E.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Norton
c:\documents and settings\All Users\Application Data\Norton\00000082\00000105\0000034c\cltLMS1.dat
c:\documents and settings\All Users\Application Data\Norton\00000082\00000105\0000034c\cltLMS2.dat
c:\documents and settings\All Users\Application Data\Norton\00000082\00000105\cltupgrade.dat
c:\documents and settings\All Users\Application Data\Norton\00000082\00000105\key.txt
c:\documents and settings\All Users\Application Data\Norton\symdata.xml
c:\documents and settings\All Users\Application Data\Symantec
c:\documents and settings\All Users\Application Data\Symantec\SubEng\platformid.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FADPU16E
-------\Service_Fadpu16E

((((((((((((((((((((((((( Files Created from 2010-06-10 to 2010-07-10 )))))))))))))))))))))))))))))))
.

2010-07-09 16:14 . 2010-07-09 16:14 -------- d-----w- c:\program files\Triumph Studios
2010-07-09 01:15 . 2010-07-09 01:15 -------- d-----w- c:\documents and settings\Paul\Application Data\Avira
2010-07-09 01:13 . 2010-07-09 06:04 -------- d-----w- c:\windows\system32\NtmsData
2010-07-09 01:03 . 2010-03-01 15:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-07-09 01:03 . 2010-02-16 19:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-07-09 01:03 . 2009-05-11 17:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-07-09 01:03 . 2009-05-11 17:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-07-09 01:03 . 2010-07-09 01:03 -------- d-----w- c:\program files\Avira
2010-07-09 01:03 . 2010-07-09 01:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-07-09 00:37 . 2010-07-09 00:37 -------- d-----w- c:\program files\Trend Micro
2010-07-08 16:43 . 2010-07-08 19:27 -------- d-----w- c:\windows\BDOSCAN8
2010-07-08 02:48 . 2010-07-08 02:48 -------- d-----w- c:\program files\Ascaron Entertainment
2010-07-08 02:32 . 2010-07-08 02:33 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-07-08 02:32 . 2010-07-08 02:40 -------- d-----w- c:\documents and settings\Paul\Application Data\DAEMON Tools Lite
2010-07-08 02:31 . 2010-07-08 02:32 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2010-07-08 02:11 . 2008-04-13 18:45 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-07-07 19:05 . 2010-07-07 19:05 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-07-07 18:59 . 2010-07-07 22:15 -------- d-----w- c:\program files\Cossacks
2010-07-07 18:59 . 2010-07-07 18:57 4358144 ----a-w- c:\windows\uncsetup.exe
2010-07-07 18:45 . 2010-07-08 01:17 -------- d-----w- c:\documents and settings\Paul\Application Data\BitTorrent
2010-07-07 18:45 . 2010-07-07 18:45 -------- d-----w- c:\program files\BitTorrent
2010-07-06 17:24 . 2010-07-06 17:24 -------- d-----w- c:\program files\Take2 Interactive
2010-07-06 10:09 . 2010-07-06 10:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-07-06 01:12 . 2010-07-06 01:12 -------- d-----w- c:\program files\Atari
2010-07-05 19:33 . 2007-12-20 15:43 248448 ----a-w- c:\windows\system32\PROUnstl.exe
2010-07-05 19:18 . 2010-07-05 19:18 -------- d-sh--w- c:\documents and settings\Paul\IECompatCache
2010-07-05 18:55 . 2010-07-05 18:55 -------- d-sh--w- c:\documents and settings\Paul\PrivacIE
2010-07-05 18:49 . 2010-07-05 18:49 -------- d-sh--w- c:\documents and settings\Paul\IETldCache
2010-07-05 18:25 . 2010-05-06 10:41 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-07-05 18:25 . 2010-05-06 10:41 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-07-05 18:25 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-07-05 18:24 . 2010-07-05 19:10 -------- d-----w- c:\windows\ie8updates
2010-07-05 18:24 . 2010-04-16 11:43 41984 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-07-05 18:20 . 2010-07-05 18:24 -------- dc-h--w- c:\windows\ie8
2010-07-05 18:05 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-07-05 18:05 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-07-05 17:40 . 2010-07-05 17:40 -------- d-----w- c:\program files\Common Files\Java
2010-07-05 17:37 . 2010-04-12 22:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-05 16:39 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-05 16:39 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-05 16:39 . 2010-07-05 16:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-05 16:24 . 2006-08-17 02:04 402944 ----a-r- c:\windows\system32\drivers\WlanGZXP.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-09 00:37 . 2010-07-09 00:37 388096 ----a-r- c:\documents and settings\Paul\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-08 04:37 . 2007-07-01 03:55 43520 -c--a-w- c:\windows\system32\CmdLineExt03.dll
2010-07-08 02:32 . 2009-03-24 00:20 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-07-06 10:29 . 2007-06-29 16:07 -------- d-----w- c:\program files\Age of Wonders II
2010-07-06 01:12 . 2007-06-13 05:54 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-06 01:10 . 2007-06-13 05:51 -------- d-----w- c:\program files\Common Files\InstallShield
2010-07-06 00:48 . 2007-07-19 20:33 -------- d-----w- c:\program files\Steam
2010-07-05 19:40 . 2007-06-21 19:26 -------- d-----w- c:\program files\Lavasoft
2010-07-05 17:38 . 2010-07-05 17:38 503808 ----a-w- c:\documents and settings\Paul\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-51158460-n\msvcp71.dll
2010-07-05 17:38 . 2010-07-05 17:38 499712 ----a-w- c:\documents and settings\Paul\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-51158460-n\jmc.dll
2010-07-05 17:38 . 2010-07-05 17:38 348160 ----a-w- c:\documents and settings\Paul\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-51158460-n\msvcr71.dll
2010-07-05 17:38 . 2010-07-05 17:38 61440 ----a-w- c:\documents and settings\Paul\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-44fa989a-n\decora-sse.dll
2010-07-05 17:38 . 2010-07-05 17:38 12800 ----a-w- c:\documents and settings\Paul\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-44fa989a-n\decora-d3d.dll
2010-07-05 17:36 . 2009-03-16 18:07 -------- d-----w- c:\program files\Java
2010-07-05 17:27 . 2010-07-05 17:27 503808 ----a-w- c:\documents and settings\Paul\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-552a14fc-n\msvcp71.dll
2010-07-05 17:27 . 2010-07-05 17:27 348160 ----a-w- c:\documents and settings\Paul\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-552a14fc-n\msvcr71.dll
2010-07-05 17:27 . 2010-07-05 17:27 499712 ----a-w- c:\documents and settings\Paul\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-552a14fc-n\jmc.dll
2010-07-05 15:54 . 2009-06-11 16:07 -------- d-----w- c:\documents and settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2010-05-06 10:41 . 2002-09-03 13:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:20 . 2010-05-04 17:20 78336 ------w- c:\windows\system32\ieencode.dll
2010-05-02 05:22 . 2002-09-03 13:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2002-09-03 13:00 285696 ----a-w- c:\windows\system32\atmfd.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Mythology\\aom.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Sierra On-Line\\SIGSPat.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/8/2010 8:03 PM 135336]
R3 ZG760_XP;ZyXEL 802.11g XG762 1211 Driver;c:\windows\system32\drivers\WlanGZXP.sys [7/5/2010 11:24 AM 402944]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/23/2009 7:20 PM 691696]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-10 02:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2204)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
.
**************************************************************************
.
Completion time: 2010-07-10 02:53:02 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-10 07:52
ComboFix2.txt 2010-07-10 03:47
ComboFix3.txt 2010-07-10 03:11

Pre-Run: 27,275,943,936 bytes free
Post-Run: 27,283,664,896 bytes free

- - End Of File - - AF989BAFF12D835B0E3E1B0620431F93

Good :)

Uninstall Combofix:
Go Start > Run [Vista users, go Start>"Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall"
Click OK (Vista users - press Enter).
Restart computer.

=============================================================

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:

netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\*. /mp /s
/md5start
/md5stop
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

OTL logfile created on: 7/10/2010 12:23:05 PM - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\Paul\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

254.00 Mb Total Physical Memory | 83.00 Mb Available Physical Memory | 33.00% Memory free
625.00 Mb Paging File | 370.00 Mb Available in Paging File | 59.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.28 Gb Total Space | 26.69 Gb Free Space | 69.72% Space Free | Partition Type: NTFS
Drive D: | 310.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VALUED-B3D9B0B0
Current User Name: Paul
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/10 12:22:00 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\OTL.exe
PRC - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/11 22:16:38 | 000,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

========== Modules (SafeList) ==========

MOD - [2010/07/10 12:22:00 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\OTL.exe
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\lxczcoms.exe -- (lxcz_device)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wATV03nt.sys -- (iAimTV2)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NSDriver.sys -- (Ad-Watch Connect Filter)
DRV - [2010/07/07 21:32:58 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2010/03/01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/02 06:41:49 | 000,029,184 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VClone.sys -- (VClone)
DRV - [2006/08/17 10:03:30 | 000,019,072 | ---- | M] (ZDC., Inc. (ZDC)) [Kernel | Auto | Running] -- C:\WINDOWS\system32\ZDCndis5.sys -- (ZDCNDIS5)
DRV - [2006/08/16 21:04:24 | 000,402,944 | R--- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WlanGZXP.sys -- (ZG760_XP)
DRV - [2004/08/03 22:29:50 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/03 22:29:48 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/03 22:29:46 | 000,025,471 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv10nt.sys -- (iAimTV5)
DRV - [2004/08/03 22:29:46 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/03 22:29:46 | 000,022,271 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv06nt.sys -- (iAimTV6)
DRV - [2004/08/03 22:29:44 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/03 22:29:44 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/03 22:29:42 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/03 22:29:42 | 000,011,871 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv09nt.sys -- (iAimFP7)
DRV - [2004/08/03 22:29:40 | 000,011,807 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv07nt.sys -- (iAimFP5)
DRV - [2004/08/03 22:29:40 | 000,011,295 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv08nt.sys -- (iAimFP6)
DRV - [2004/08/03 22:29:38 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2004/08/03 22:29:38 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/03 22:29:38 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/03 22:29:38 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv05nt.sys -- (iAimFP2)
DRV - [2001/08/17 08:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 08:28:00 | 000,871,388 | ---- | M] (BCM) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMDM.sys -- (BCMModem)
DRV - [2001/08/17 07:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel(r) 82801 Audio Driver Install Service (WDM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: ([2010/07/10 02:40:23 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found.
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found.
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://zone.msn.com/binFrameWork/v10...I.cab55579.cab (StagingUI Object)
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab (MSN Games – Buddy Invite)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} http://zone.msn.com/binframework/v10...t.cab55579.cab (ZonePAChat Object)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/reso...an8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/wind...?1188583180984 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsof...?1239638374406 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab (MSN Games - Installer)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/s...sh/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} http://zone.msn.com/binframework/v10...y.cab55579.cab (MSN Games – Game Communicator)
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} http://zone.msn.com/bingame/zpagames...n.cab55579.cab (ZPA_Backgammon Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/06/01 13:23:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [1999/10/21 10:11:40 | 000,000,042 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.dll (Intel(R) Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\iyvu9_32.dll ()
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

========== Files/Folders - Created Within 90 Days ==========

[2010/07/10 12:21:56 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\OTL.exe
[2010/07/10 03:03:50 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/07/09 22:24:46 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/07/09 22:24:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\setup.pss
[2010/07/09 22:24:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\setupupd
[2010/07/09 21:41:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/09 14:07:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Desktop\New Folder
[2010/07/09 11:14:25 | 000,000,000 | ---D | C] -- C:\Program Files\Triumph Studios
[2010/07/08 20:15:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\Avira
[2010/07/08 20:13:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/07/08 20:03:47 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/07/08 20:03:45 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/07/08 20:03:45 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/07/08 20:03:45 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/07/08 20:03:45 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/07/08 20:03:39 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/07/08 20:03:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/07/08 19:37:48 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/07/08 11:43:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2010/07/08 11:28:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Desktop\backups
[2010/07/07 21:48:31 | 000,000,000 | ---D | C] -- C:\Program Files\Ascaron Entertainment
[2010/07/07 21:32:34 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2010/07/07 21:32:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\DAEMON Tools Lite
[2010/07/07 21:31:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/07/07 13:59:22 | 000,000,000 | ---D | C] -- C:\Program Files\Cossacks
[2010/07/07 13:59:02 | 004,358,144 | ---- | C] (GSC Game World) -- C:\WINDOWS\uncsetup.exe
[2010/07/07 13:45:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\BitTorrent
[2010/07/07 13:45:49 | 000,000,000 | ---D | C] -- C:\Program Files\BitTorrent
[2010/07/06 12:24:57 | 000,000,000 | ---D | C] -- C:\Program Files\Take2 Interactive
[2010/07/06 05:09:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2010/07/05 20:12:04 | 000,000,000 | ---D | C] -- C:\Program Files\Atari
[2010/07/05 14:18:44 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Paul\IECompatCache
[2010/07/05 13:55:15 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Paul\PrivacIE
[2010/07/05 13:49:02 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Paul\IETldCache
[2010/07/05 13:24:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/07/05 13:20:27 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/07/05 13:15:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-TW
[2010/07/05 13:15:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-HK
[2010/07/05 13:15:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\tr-TR
[2010/07/05 13:15:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\sv-SE
[2010/07/05 13:15:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pt-BR
[2010/07/05 13:15:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nl-NL
[2010/07/05 13:15:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nb-NO
[2010/07/05 13:15:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ko-KR
[2010/07/05 13:15:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\it-IT
[2010/07/05 13:15:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\he-IL
[2010/07/05 13:15:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fr-FR
[2010/07/05 13:15:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fi-FI
[2010/07/05 13:15:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\es-ES
[2010/07/05 13:15:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\el-GR
[2010/07/05 13:15:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de-DE
[2010/07/05 13:15:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\da-DK
[2010/07/05 13:15:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ar-SA
[2010/07/05 12:41:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/07/05 12:40:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/07/05 11:39:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/05 11:39:15 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/05 11:39:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/05 11:24:14 | 000,402,944 | R--- | C] (ZyDAS Technology Corporation) -- C:\WINDOWS\System32\drivers\WlanGZXP.sys
[2010/07/02 08:24:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\My Documents\Symantec
[20 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/07/10 12:22:00 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\OTL.exe
[2010/07/10 12:15:26 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/10 12:15:05 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/10 12:14:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/10 12:14:51 | 266,719,232 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/10 12:13:29 | 005,767,168 | -H-- | M] () -- C:\Documents and Settings\Paul\NTUSER.DAT
[2010/07/10 12:13:29 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Paul\ntuser.ini
[2010/07/10 12:13:17 | 001,578,260 | -H-- | M] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\IconCache.db
[2010/07/10 09:45:27 | 000,043,520 | ---- | M] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2010/07/10 02:41:41 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/10 02:40:23 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/07/09 22:25:11 | 000,000,282 | RHS- | M] () -- C:\boot.ini
[2010/07/09 21:28:19 | 000,002,445 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\HiJackThis.lnk
[2010/07/09 11:18:47 | 000,000,851 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Age of Wonders.lnk
[2010/07/08 20:04:14 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/07/08 19:37:11 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\HiJackThis.msi
[2010/07/08 15:36:32 | 000,000,658 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\Cossacks EU.lnk
[2010/07/08 14:56:18 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\7q5q9uwp.exe
[2010/07/07 21:33:01 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk
[2010/07/07 21:32:58 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/07/07 18:49:20 | 000,011,264 | ---- | M] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/07 13:57:53 | 004,358,144 | ---- | M] (GSC Game World) -- C:\WINDOWS\uncsetup.exe
[2010/07/07 13:45:58 | 000,000,728 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BitTorrent.lnk
[2010/07/06 05:37:12 | 000,000,721 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\American Conquest.lnk
[2010/07/05 20:16:01 | 000,001,630 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Locomotion.lnk
[2010/07/05 14:38:58 | 000,000,669 | ---- | M] () -- C:\WINDOWS\SIERRA.INI
[2010/07/05 14:34:22 | 000,356,120 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/05 14:34:22 | 000,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/05 14:34:22 | 000,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/05 14:10:15 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/07/05 13:49:38 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/05 13:48:32 | 000,106,216 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/05 11:40:15 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[20 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/09 22:25:11 | 000,000,211 | -HS- | C] () -- C:\BOOT.BAK
[2010/07/09 22:25:04 | 000,260,288 | RHS- | C] () -- C:\cmldr
[2010/07/09 11:18:46 | 000,000,851 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Age of Wonders.lnk
[2010/07/08 20:04:13 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/07/08 19:37:49 | 000,002,445 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\HiJackThis.lnk
[2010/07/08 19:37:07 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\HiJackThis.msi
[2010/07/08 15:35:15 | 000,000,658 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\Cossacks EU.lnk
[2010/07/08 14:56:15 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\7q5q9uwp.exe
[2010/07/07 21:33:01 | 000,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk
[2010/07/07 13:45:58 | 000,000,728 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BitTorrent.lnk
[2010/07/06 05:35:48 | 000,000,721 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\American Conquest.lnk
[2010/07/05 20:16:01 | 000,001,630 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Locomotion.lnk
[2010/07/05 11:40:15 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/06/13 13:20:31 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2009/06/13 13:20:30 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2009/06/13 13:20:29 | 000,001,162 | ---- | C] () -- C:\WINDOWS\System32\W32N55.INI
[2009/06/13 13:20:27 | 000,000,008 | -HS- | C] () -- C:\WINDOWS\System32\_desktop.ini
[2009/06/13 13:20:26 | 000,000,008 | -HS- | C] () -- C:\WINDOWS\System32\drivers\_desktop.ini
[2009/01/31 15:03:10 | 000,000,024 | ---- | C] () -- C:\WINDOWS\qfnonl.ini
[2009/01/31 14:50:32 | 000,000,659 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2009/01/31 14:50:28 | 000,000,185 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008/11/10 07:43:51 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/10/30 11:17:30 | 000,000,158 | ---- | C] () -- C:\WINDOWS\civ.ini
[2008/06/05 12:05:42 | 000,000,026 | ---- | C] () -- C:\WINDOWS\ms_games.ini
[2007/08/28 22:23:19 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2007/07/04 21:13:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXPRMON.DLL
[2007/07/04 21:13:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXPMONUI.DLL
[2007/07/04 21:09:04 | 000,000,302 | ---- | C] () -- C:\WINDOWS\Lexstat.ini
[2007/07/04 21:08:10 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxczcnv7.dll
[2007/07/04 21:08:10 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxczcnv6.dll
[2007/07/04 21:08:10 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxczcnv5.dll
[2007/07/04 21:08:10 | 000,039,899 | ---- | C] () -- C:\WINDOWS\System32\rtsicis.ini
[2007/06/30 22:55:56 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/06/28 19:36:39 | 000,000,218 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007/06/20 16:16:09 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2007/06/20 16:16:09 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2007/06/20 16:16:09 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2007/06/16 03:26:37 | 000,000,669 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[1997/06/13 21:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== LOP Check ==========

[2010/07/07 21:32:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/03/23 19:33:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2008/06/12 14:44:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2008/06/12 14:41:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/05/05 13:17:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/07/05 10:54:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
[2010/07/07 20:17:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\BitTorrent
[2010/07/07 21:40:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\DAEMON Tools Lite
[2009/03/23 19:19:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\DAEMON Tools Pro
[2009/02/21 23:20:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\GetRightToGo
[2007/06/13 02:31:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Leadertech

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2007/06/19 15:33:38 | 000,205,856 | ---- | M] () -- C:\AnalysisLog.sr0
[2007/06/01 13:23:22 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2007/06/01 13:57:54 | 000,000,211 | -HS- | M] () -- C:\BOOT.BAK
[2010/07/09 22:25:11 | 000,000,282 | RHS- | M] () -- C:\boot.ini
[2008/04/13 18:02:08 | 000,260,288 | RHS- | M] () -- C:\cmldr
[2010/07/10 02:53:04 | 000,011,345 | ---- | M] () -- C:\ComboFix.txt
[2007/06/01 13:23:22 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/07/10 12:14:51 | 266,719,232 | -HS- | M] () -- C:\hiberfil.sys
[2007/06/01 13:23:22 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/05/07 08:41:10 | 000,000,167 | ---- | M] () -- C:\JANUS.ERR
[2009/06/11 16:49:04 | 000,000,385 | ---- | M] () -- C:\lxcz.log
[2007/06/01 13:23:22 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/13 16:13:04 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/13 18:01:44 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/07/10 12:14:51 | 402,653,184 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2010/05/06 05:41:50 | 000,184,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iepeers.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2007/05/31 16:24:27 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007/05/31 16:24:27 | 000,626,688 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007/05/31 16:24:27 | 000,397,312 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 19:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 19:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/13 19:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2009-05-22 06:19:46

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D9F6664C
< End of report >

OTL Extras logfile created on: 7/10/2010 12:23:05 PM - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\Paul\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

254.00 Mb Total Physical Memory | 83.00 Mb Available Physical Memory | 33.00% Memory free
625.00 Mb Paging File | 370.00 Mb Available in Paging File | 59.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.28 Gb Total Space | 26.69 Gb Free Space | 69.72% Space Free | Partition Type: NTFS
Drive D: | 310.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VALUED-B3D9B0B0
Current User Name: Paul
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Games\Age of Mythology\aom.exe" = C:\Program Files\Microsoft Games\Age of Mythology\aom.exe:*:Disabled:Age of Mythology -- (Ensemble Studios)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam Client -- (Valve Corporation)
"C:\Program Files\Sierra On-Line\SIGSPat.exe" = C:\Program Files\Sierra On-Line\SIGSPat.exe:*:Disabled:SIGSPat -- (Havas Interactive)
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Disabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}" = Civilization III
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 20
"{31E2413D-8AA1-43EC-8B8D-77B65ADA4611}" = Civilization III v1.29f
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{77F45E76-E897-42CA-A9FE-5F56817D875C}" = Locomotion
"{90840409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"Age of Wonders" = Age of Wonders
"American Conquest" = American Conquest
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BitTorrent" = BitTorrent
"Cossacks : Back To War" = Cossacks - Back To War
"EW : Cossacks" = EW : Cossacks
"ft_Transport Tycoon Deluxe" = Transport Tycoon Deluxe
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Mall Tycoon" = Mall Tycoon
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROSet" = Intel(R) Network Connections Drivers
"Sierra Utilities" = Sierra Utilities
"Steam App 50" = Opposing Force
"WinAce Archiver" = WinAce Archiver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Steam App 10" = Counter-Strike
"Steam App 130" = Half-Life: Blue Shift
"Steam App 20" = Team Fortress Classic
"Steam App 30" = Day of Defeat
"Steam App 40" = Deathmatch Classic
"Steam App 50" = Opposing Force
"Steam App 60" = Ricochet
"Steam App 70" = Half-Life

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/11/2009 12:27:26 PM | Computer Name = VALUED-B3D9B0B0 | Source = MsiInstaller | ID = 11905
Description = Product: URGE -- Error 1905.Module C:\WINDOWS\system32\Macromed\Flash\Flash8c.ocx
failed to unregister. HRESULT -2147220472. Contact your support personnel.

Error - 6/11/2009 5:42:57 PM | Computer Name = VALUED-B3D9B0B0 | Source = MsiInstaller | ID = 1008
Description = The installation of C:\WINDOWS\Installer\176cb591.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.

Error - 6/11/2009 5:43:00 PM | Computer Name = VALUED-B3D9B0B0 | Source = MsiInstaller | ID = 1008
Description = The installation of C:\WINDOWS\Installer\176cb591.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.

Error - 6/11/2009 5:43:54 PM | Computer Name = VALUED-B3D9B0B0 | Source = MsiInstaller | ID = 1008
Description = The installation of C:\WINDOWS\Installer\e63f598.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.

Error - 6/11/2009 5:44:42 PM | Computer Name = VALUED-B3D9B0B0 | Source = MsiInstaller | ID = 1008
Description = The installation of C:\WINDOWS\Installer\e63f598.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.

Error - 6/11/2009 5:50:06 PM | Computer Name = VALUED-B3D9B0B0 | Source = MsiInstaller | ID = 1008
Description = The installation of C:\WINDOWS\Installer\176cb591.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.

Error - 6/11/2009 5:50:16 PM | Computer Name = VALUED-B3D9B0B0 | Source = MsiInstaller | ID = 1008
Description = The installation of C:\WINDOWS\Installer\e63f598.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.

Error - 6/13/2009 2:51:05 PM | Computer Name = VALUED-B3D9B0B0 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16827, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/13/2009 2:52:52 PM | Computer Name = VALUED-B3D9B0B0 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16827, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/13/2009 2:53:21 PM | Computer Name = VALUED-B3D9B0B0 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16827, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 7/8/2010 9:01:31 PM | Computer Name = VALUED-B3D9B0B0 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error
message: The referenced assembly is not installed on your system. .

Error - 7/8/2010 9:01:31 PM | Computer Name = VALUED-B3D9B0B0 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\DOCUME~1\Paul\LOCALS~1\Temp\RarSFX0\redist.dll.
Reference
error message: The operation completed successfully. .

Error - 7/8/2010 9:35:07 PM | Computer Name = VALUED-B3D9B0B0 | Source = Service Control Manager | ID = 7034
Description = The Distributed Transaction Coordinator service terminated unexpectedly.
It has done this 1 time(s).

Error - 7/9/2010 10:41:10 PM | Computer Name = VALUED-B3D9B0B0 | Source = Service Control Manager | ID = 7000
Description = The lxcz_device service failed to start due to the following error:
%%2

Error - 7/10/2010 12:08:24 AM | Computer Name = VALUED-B3D9B0B0 | Source = Service Control Manager | ID = 7000
Description = The lxcz_device service failed to start due to the following error:
%%2

Error - 7/10/2010 1:10:15 AM | Computer Name = VALUED-B3D9B0B0 | Source = Service Control Manager | ID = 7000
Description = The lxcz_device service failed to start due to the following error:
%%2

Error - 7/10/2010 3:21:50 AM | Computer Name = VALUED-B3D9B0B0 | Source = Service Control Manager | ID = 7000
Description = The lxcz_device service failed to start due to the following error:
%%2

Error - 7/10/2010 3:39:20 AM | Computer Name = VALUED-B3D9B0B0 | Source = Service Control Manager | ID = 7000
Description = The lxcz_device service failed to start due to the following error:
%%2

Error - 7/10/2010 9:40:11 AM | Computer Name = VALUED-B3D9B0B0 | Source = Service Control Manager | ID = 7000
Description = The lxcz_device service failed to start due to the following error:
%%2

Error - 7/10/2010 1:15:19 PM | Computer Name = VALUED-B3D9B0B0 | Source = Service Control Manager | ID = 7000
Description = The lxcz_device service failed to start due to the following error:
%%2

< End of report >

I believe that the lxcz_device may be for a printer no loger used

How is your computer doing at the moment?

You have a very little RAM:

Quote:

254.00 Mb Total Physical Memory

I strongly suggest adding more RAM.

Is there any reason, your system restore is disabled, or you're not aware of it?

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\lxczcoms.exe -- (lxcz_device) SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ) SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wATV03nt.sys -- (iAimTV2) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NSDriver.sys -- (Ad-Watch Connect Filter) O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found. O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found. O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.) O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) @Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D9F6664C :Services :Reg :Files :Commands [purity] [emptytemp] [emptyflash] [resethosts] [Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

The computer is running well at the moment, this is an old Gateway a friend gave to me over a year ago, I will probably put more memory in it now. I wasnt aware that system restore wasn't on, the check box to turn it off isnt checked.

All processes killed
========== OTL ==========
Service lxcz_device stopped successfully!
Service lxcz_device deleted successfully!
File C:\WINDOWS\System32\lxczcoms.exe not found.
Service HidServ stopped successfully!
Service HidServ deleted successfully!
File C:\WINDOWS\System32\hidserv.dll not found.
Service gusvc stopped successfully!
Service gusvc deleted successfully!
File C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe not found.
Service iAimTV2 stopped successfully!
Service iAimTV2 deleted successfully!
File C:\WINDOWS\System32\DRIVERS\wATV03nt.sys not found.
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\ComboFix\catchme.sys not found.
Service Ad-Watch Connect Filter stopped successfully!
Service Ad-Watch Connect Filter deleted successfully!
File C:\WINDOWS\System32\drivers\NSDriver.sys not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
File Animation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab not found.
Starting removal of ActiveX control DirectAnimation Java Classes
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\DirectAnimation Java Classes\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D9F6664C deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 3847632 bytes
->Temporary Internet Files folder emptied: 120323 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Paul
->Temp folder emptied: 78775 bytes
->Temporary Internet Files folder emptied: 13799036 bytes
->Java cache emptied: 63383532 bytes
->Flash cache emptied: 17855 bytes

User: Valued customer
->Temp folder emptied: 340866 bytes
->Temporary Internet Files folder emptied: 1206 bytes
->Java cache emptied: 45053110 bytes
->Flash cache emptied: 12579 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1268199 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 122.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Paul
->Flash cache emptied: 0 bytes

User: Valued customer
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.9.0 log created on 07102010_152214

Files\Folders moved on Reboot...
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\EC0CUH4G\iepngfix[1].htc moved successfully.
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\5XX92NAR\7255722b6f307732635a454143734268[8].htm moved successfully.
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\5XX92NAR\7255722b6f307732635a454143734268[9].htm moved successfully.
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\5XX92NAR\showthread[3].htm moved successfully.

Registry entries deleted on Reboot...

Good :)

1. Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

2. Go to Kaspersky website and perform an online antivirus scan.

1. Disable your active antivirus program.
2. Read through the requirements and privacy statement and click on Accept button.
3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
4. When the downloads have finished, click on Settings.
5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases

6. Click on My Computer under Scan.
7. Once the scan is complete, it will display the results. Click on View Scan Report.
8. You will see a list of infected items there. Click on Save Report As....
9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, July 12, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, July 11, 2010 21:02:59
Records in database: 4232635
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\

Scan statistics:
Objects scanned: 64588
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 18:00:23

No threats found. Scanned area is clean.

Selected area has been scanned.

Cool :)

OTL Clean-Up
Clean up with OTL:

* Double-click OTL.exe to start the program.
* Close all other programs apart from OTL as this step will require a reboot
* On the OTL main screen, press the CLEANUP button
* Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

=============================================================

Your computer is clean https://discussions.virtualdr.com/

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point.

Turn off System Restore:

- Windows XP:
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore".
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
- Windows Vista and 7:
1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:")
7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
8. Click OK

2. Restart computer.

3. Turn System Restore on.

4. Make sure, Windows Updates are current.

5. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run defrag at your convenience.

8. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

9. Please, let me know, how is your computer doing.

The computer is running good. Thanks for your help.

You're very welcome https://discussions.virtualdr.com/
Good luck and stay safe :)