Buddylist Trojan. Completed sticky, am I clean?

Also, would you like the uninstall list?
Many a thanks

Let me see the Malwarebytes log,superantispyware log and the bitdefender log.

Please do not use the code function when posting logs.

**BITDEFENDER
BitDefender Online Scanner
Scan report generated at: Sun, Jun 08, 2008 - 04:39:29
Scan path: A:\;C:\;D:\;E:\;

Statistics

Time
06:59:18

Files
465172

Folders
7666

Boot Sectors
2

Archives
6479

Packed Files
9111




Results

Identified Viruses
11

Infected Files
18

Suspect Files
1

Warnings
0

Disinfected
0

Deleted Files
19




Engines Info

Virus Definitions
1256885

Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins
16

Archive plugins
42

Unpack plugins
7

E-mail plugins
6

System plugins
5




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Documents and Settings\Administrator\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.13269
Infected with: Trojan.Generic.107114

C:\Documents and Settings\Administrator\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.13269
Deleted

C:\Documents and Settings\Administrator\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.57082
Infected with: Trojan.Agent.AFSZ

C:\Documents and Settings\Administrator\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.57082
Deleted

C:\Documents and Settings\Administrator\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.67991
Detected with: Adware.CommAd.A

C:\Documents and Settings\Administrator\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.67991
Deleted

C:\Program Files (x86)\Internet Explorer\lavumadev209.dll
Infected with: Trojan.BHO.AW

C:\Program Files (x86)\Internet Explorer\lavumadev209.dll
Deleted

C:\System Volume Information\_restore{1FBC4959-1CB6-4998-BF93-5D400E9E4D45}\RP92\A0210745.exe
Detected with: Adware.CommAd.A

C:\System Volume Information\_restore{1FBC4959-1CB6-4998-BF93-5D400E9E4D45}\RP92\A0210745.exe
Deleted

C:\System Volume Information\_restore{1FBC4959-1CB6-4998-BF93-5D400E9E4D45}\RP92\A0210748.dll
Infected with: MemScan:Adware.Rotator.B

C:\System Volume Information\_restore{1FBC4959-1CB6-4998-BF93-5D400E9E4D45}\RP92\A0210748.dll
Deleted

C:\System Volume Information\_restore{1FBC4959-1CB6-4998-BF93-5D400E9E4D45}\RP92\A0210749.dll
Detected with: Adware.CommAd.A

C:\System Volume Information\_restore{1FBC4959-1CB6-4998-BF93-5D400E9E4D45}\RP92\A0210749.dll
Deleted

C:\System Volume Information\_restore{1FBC4959-1CB6-4998-BF93-5D400E9E4D45}\RP92\A0210750.dll
Infected with: Trojan.Generic.241118

C:\System Volume Information\_restore{1FBC4959-1CB6-4998-BF93-5D400E9E4D45}\RP92\A0210750.dll
Deleted

C:\System Volume Information\_restore{1FBC4959-1CB6-4998-BF93-5D400E9E4D45}\RP93\A0210760.dll
Infected with: Trojan.BHO.AW

C:\System Volume Information\_restore{1FBC4959-1CB6-4998-BF93-5D400E9E4D45}\RP93\A0210760.dll
Deleted

C:\System Volume Information\_restore{1FBC4959-1CB6-4998-BF93-5D400E9E4D45}\RP93\A0210771.dll
Infected with: Trojan.BHO.AW

C:\System Volume Information\_restore{1FBC4959-1CB6-4998-BF93-5D400E9E4D45}\RP93\A0210771.dll
Deleted

C:\WINDOWS\system32\105772\dllsockt.exe
Infected with: Generic.Zeno.0100E940

C:\WINDOWS\system32\105772\dllsockt.exe
Disinfection failed

C:\WINDOWS\system32\105772\dllsockt.exe
Deleted

C:\WINDOWS\system32\btz\L3pars2.exe
Infected with: Trojan.Downloader.Small.BUY

C:\WINDOWS\system32\btz\L3pars2.exe
Deleted

C:\WINDOWS\system32\expo\mtcon66225.exe
Detected with: Application.Generic.9344

C:\WINDOWS\system32\expo\mtcon66225.exe
Disinfection failed

C:\WINDOWS\system32\expo\mtcon66225.exe
Deleted

C:\WINDOWS\system32\g58.exe=>(NSIS o)=>lzma_solid_nsis0002
Infected with: MemScan:Adware.Rotator.B

C:\WINDOWS\system32\g58.exe=>(NSIS o)=>lzma_solid_nsis0002
Deleted

C:\WINDOWS\system32\g58.exe=>(NSIS o)
Update failed

C:\WINDOWS\system32\vntiho18\vntiho182328.exe
Infected with: Trojan.Generic.273323

C:\WINDOWS\system32\vntiho18\vntiho182328.exe
Deleted

C:\WINDOWS\system32\xrem\imapIP95.exe
Suspected of: Generic.Malware.dld!.E3CE2DE4

C:\WINDOWS\system32\xrem\imapIP95.exe
Disinfection failed

C:\WINDOWS\system32\xrem\imapIP95.exe
Deleted

C:\WINDOWS\SysWOW64\g58.exe=>(NSIS o)=>lzma_solid_nsis0002
Infected with: MemScan:Adware.Rotator.B

C:\WINDOWS\SysWOW64\g58.exe=>(NSIS o)=>lzma_solid_nsis0002
Deleted

C:\WINDOWS\SysWOW64\g58.exe=>(NSIS o)
Update failed

C:\WINDOWS\TEK76.exe
Infected with: Trojan.BHO.AW

C:\WINDOWS\TEK76.exe
Deleted

C:\WINDOWS\U3RldmUgS2Fycg\oal5xAo0mZIVw0.vbs
Detected with: Adware.Isearch.D

C:\WINDOWS\U3RldmUgS2Fycg\oal5xAo0mZIVw0.vbs
Deleted




**MALWAREBYTES LOG

Malwarebytes' Anti-Malware 1.15
Database version: 839

9:10:45 PM 6/7/2008
mbam-log-6-7-2008 (21-10-45).txt

Scan type: Quick Scan
Objects scanned: 31741
Time elapsed: 1 minute(s), 39 second(s)

Memory Processes Infected: 3
Memory Modules Infected: 2
Registry Keys Infected: 9
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 25

Memory Processes Infected:
C:\WINDOWS\U3RldmUgS2Fycg\command.exe (AdWare.CommAd) -> Unloaded process successfully.
C:\WINDOWS\Fonts\svchost.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\Fonts\svchost.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\U3RldmUgS2Fycg\asappsrv.dll (AdWare.CommAd) -> Unloaded module successfully.
C:\Program Files (x86)\NetMeeting\bidamivog66225.dll (Adware.TTC) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{98de257f-a74a-4362-8b7c-e7638d4fd847} (Adware.TTC) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{98de257f-a74a-4362-8b7c-e7638d4fd847} (Adware.TTC) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdservice (AdWare.CommAd) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdservice (AdWare.CommAd) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be} (Trojan.Network.Monitor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920} (Trojan.Downloader) -> Quarantined and deleted successfully.
\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gooochi (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Deewoo Network Manager (Adware.Radio) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor (Trojan.Service) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{98-8E-EF-F4-DW} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{546e69ad-1c87-c080-ad7d-a952446630ec} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ExploreUpdSched (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Host Process (Worm.IRCBot) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Default User\Application Data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\U3RldmUgS2Fycg\asappsrv.dll (AdWare.CommAd) -> Delete on reboot.
C:\Program Files (x86)\NetMeeting\bidamivog66225.dll (Adware.TTC) -> Delete on reboot.
C:\WINDOWS\U3RldmUgS2Fycg\command.exe (AdWare.CommAd) -> Quarantined and deleted successfully.
c:\WINDOWS\SysWOW64\rwwnw64d.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\atmtd.dll (Adware.TargetSaver) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\atmtd.dll._ (Adware.TargetSaver) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ljJDTMdd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rwwnw64d.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\_{c2a5bb54-c406-c789-0605-0bafb5b2079c}.dll (Adware.Vapsup) -> Delete on reboot.
C:\WINDOWS\17PHolmes1000106.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\17PHolmes1188.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\uninstall_nmon.vbs (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Application Data\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winpfz33.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\{c2a5bb54-c406-c789-0605-0bafb5b2079c}.dll-uninst.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\{c2a5bb54-c406-c789-0605-0bafb5b2079c}.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Deewoo.lnk (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\DW_Start.lnk (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SysWOW64\pcntlkdm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zxdnt3d.cfg. (Adware.ZenoSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\svchost.exe (Worm.IRCBot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msnav32.ax (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zxdnt3d.cfg (Malware.Trace) -> Quarantined and deleted successfully.


**SUPERANTISPYWARE

SUPERAntiSpyware Scan Log

Generated 06/07/2008 at 09:31 PM

Application Version : 4.15.1000

Core Rules Database Version : 3477
Trace Rules Database Version: 1468

Scan type : Complete Scan
Total Scan Time : 00:13:31

Memory items scanned : 219
Memory threats detected : 1
Registry items scanned : 3937
Registry threats detected : 22
File items scanned : 6718
File threats detected : 155

Trojan.ZQuest
C:\PROGRAM FILES (X86)\INTERNET EXPLORER\LAVUMADEV209.DLL
C:\PROGRAM FILES (X86)\INTERNET EXPLORER\LAVUMADEV209.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E39B2630-589D-4113-B782-6F15EED91E67}
HKCR\CLSID\{E39B2630-589D-4113-B782-6F15EED91E67}
HKCR\CLSID\{E39B2630-589D-4113-B782-6F15EED91E67}\InProcServer32
HKCR\CLSID\{E39B2630-589D-4113-B782-6F15EED91E67}\InProcServer32#ThreadingModel
C:\PROGRAM FILES (X86)\INTERNET EXPLORER\LAVUMADEV.DLL

Adware.Tracking Cookie
C:\Documents and Settings\Administrator\Cookies\administrator@ehg-tigerdirect2.hitbox[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adlegend[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@mediaplex[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@banners.searchingbooth[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@hitbox[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.adtrak[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@yadro[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ylwbook.findlinks.addresses[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@media6degrees[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@hitbox[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adserver.mommo[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@multiply.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@insightexpressai[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.googleadservices[4].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.googleadservices[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.googleadservices[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@partner2profit[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@server.cpmstar[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.think-adz[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@interclick[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@counter13.sextracker[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@counter12.sextracker[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@blogforadults[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@findwhat[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.addynamix[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.domainsuite[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.penis[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.warcraftmovies[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.mousesports[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@wildpornreview[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@clicknotes[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@counter14.sextracker[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@as1.falkag[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adopt.euroclick[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@hg1.hitbox[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@burstnet[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@counter8.sextracker[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@cgm.adbureau[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@server.iad.liveperson[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ehg-tigerdirect2.hitbox[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@media.adrevolver[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@media.adrevolver[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@precisionclick[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.expotv[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.madisonavenue[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@elitewowgoldfarming[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@pornput[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@bs.serving-sys[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adserver.71i[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@msnaccountservices.112.2o7[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@toplist[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adopt.specificclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@trafficmp[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.pointroll[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@counter.hitslink[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@googleadservices[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@xiti[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@****thebabysitter[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@statcounter[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@banners.searchingbooth[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@imrworldwide[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@teensexmovs[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.revsci[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@zedo[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ehg-telecomitalia.hitbox[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adrevolver[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adserver.incgamers[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.warcraftmovies[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@crackle[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ehg-veohnetworksinc.hitbox[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@elitepvpers[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@enhance[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@bravenet[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@questionmarket[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adbrite[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@galleries.teensexmovs[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@overture[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@associatedcontent.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ehg-groupernetworks.hitbox[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.flux[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tacoda[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tremor.adbureau[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@revsci[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@specificclick[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@edge.ru4[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@pornotube[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.burstnet[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@advertising[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@aimfar.solution.weborama[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.zanox[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@realmedia[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tns-counter[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@clicksor[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@fastclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@audit.median[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.k8l[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@valueclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@weborama[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@click.zoopartners[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@rotator.adjuggler[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.elitepvpers[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@clickbank[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@findlinks.addresses[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@mediaplex[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@247realmedia[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@crackserialkeygen[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@sextracker[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tradedoubler[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@divx.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@atwola[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@casalemedia[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@apmebf[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adserver.mediaengine[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@videoegg.adbureau[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@revenue[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.burstbeacon[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.associatedcontent[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@sex.magicmovies[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.cooperhosting[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@dynamic.media.adrevolver[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.wowps[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@xxxcounter[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@clickarrows[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@serving-sys[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@r-kimedia.co[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@qnsr[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.pstats[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@heavycom.122.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@wowwebstats[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.sup[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@anad.tacoda[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@anat.tacoda[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.gamelink[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@network.realmedia[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@stat.youku[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adlegend[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@login.revenueloop[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@metacafe.122.2o7[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@hc2.humanclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@promo.elitepvpers[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@eyewonder[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adserver.mmoga[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adsby.zwoops[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@rocku.adbureau[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@kontera[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@msnportal.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@hc2.humanclick[3].txt

Trojan.NetMon/DNSChange
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#DeviceDesc

Trojan.cmdService
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#DeviceDesc

Looks like those too out a lot. Problem is I do not know what effect the Advanced tools I use will have on a 64bit Windows so at this time I am reluctant to use them till I check with others on that.

Here is a scan that will do no harm...

Lets take a closer look at you system.

Download Deckard's System Scanner. HERE

1. Close all applications and windows.
2. Double-click on dss.exe to run it, and follow the prompts.
3. When the scan is complete, a text file will open - Main.txt
4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of Main.txt in your thread here.
5. A folder, C:\Deckard, will also open. In it will be another text file, Extra.txt.
6. Attach Extra.txt to your post.

Note: some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.

What Deckard's System Scanner will do:

* create a new System Restore point in Windows XP and Vista.
* clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
* check some important areas of your system and produce a report for your analyst to review. Deckard's System Scanner automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.


When you get the two notepad documents, click somewhere inside the notepad document and hold CTRL/Control and press A then C. This will "select all" and "copy" the text.

Please post both of the logs.

Main.txt

Deckard's System Scanner v20071014.68
Run by Administrator on 2008-06-08 18:51:57
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:55:06 PM, on 6/8/2008
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\WINDOWS\SysWOW64\CTsvcCDA.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Razer\Copperhead\razerhid.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files (x86)\Razer\Copperhead\razerofa.exe
C:\WINDOWS\SysWOW64\CTXFISPI.EXE
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\AIDWS5G8\dss[1].exe
C:\PROGRA~2\TRENDM~1\HIJACK~1\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = URL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = URL =69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = URL=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = URL =54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = URL =69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: gooochi browser optimizer - {ace42305-f36f-65fe-1790-cd0056d75654} - C:\WINDOWS\SysWow64\{c2a5bb54-c406-c789-0605-0bafb5b2079c}.dll (file missing)
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [razer] "C:\Program Files (x86)\Razer\Copperhead\razerhid.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] "C:\Program Files (x86)\PCPitstop\Optimize\PCPOptimize.exe" -boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files (x86)\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files (x86)\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files (x86)\OpenOffice.org 2.4\program\quickstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files (x86)\Internet Explorer\Plugins\NPDocBox.dll
O15 - ESC Trusted Zone: URL
O16 - DPF: {01016526-5E80-11D8-9E86-0007E96C65AE} (SmartAccess Ctl Class) - URL
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - URL
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - URL
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - URL
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - URL
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - URL
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - URL
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - URL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - URL
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - URL /files/driveragent.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc64.exe (file missing)
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)
O23 - Service: Windows Service Pack Installer update service (spupdsvc) - Unknown owner - C:\WINDOWS\system32\spupdsvc.exe (file missing)
O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)

--
End of file - 7661 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*
.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 ACPI (Microsoft ACPI Driver) - c:\windows\system32\drivers\acpi.sys (file missing)
R0 atapi (Standard IDE/ESDI Hard Disk Controller) - c:\windows\system32\drivers\atapi.sys (file missing)
R0 crcdisk (CRC Disk Filter Driver) - c:\windows\system32\drivers\crcdisk.sys (file missing)
R0 Disk (Disk Driver) - c:\windows\system32\drivers\disk.sys (file missing)
R0 dmio (Logical Disk Manager Driver) - c:\windows\system32\drivers\dmio.sys (file missing)
R0 dmload - c:\windows\system32\drivers\dmload.sys (file missing)
R0 FltMgr - c:\windows\system32\drivers\fltmgr.sys (file missing)
R0 Ftdisk (Volume Manager Driver) - c:\windows\system32\drivers\ftdisk.sys (file missing)
R0 isapnp (PnP ISA/EISA Bus Driver) - c:\windows\system32\drivers\isapnp.sys (file missing)
R0 KSecDD - c:\windows\system32\drivers\ksecdd.sys (file missing)
R0 MountMgr (Mount Point Manager) - c:\windows\system32\drivers\mountmgr.sys (file missing)
R0 Mup - c:\windows\system32\drivers\mup.sys (file missing)
R0 NDIS (NDIS System Driver) - c:\windows\system32\drivers\ndis.sys (file missing)
R0 PartMgr (Partition Manager) - c:\windows\system32\drivers\partmgr.sys (file missing)
R0 PCI (PCI Bus Driver) - c:\windows\system32\drivers\pci.sys (file missing)
R0 PCIIde - c:\windows\system32\drivers\pciide.sys (file missing)
R0 PxHlpa64 - c:\windows\system32\drivers\pxhlpa64.sys (file missing)
R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys (file missing)
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys (file missing)
R0 sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - c:\windows\system32\drivers\sfsync02.sys (file missing)
R0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - c:\windows\system32\drivers\sfvfs02.sys (file missing)
R0 SI3112r (ATI 4379 SATARaid Controller) - c:\windows\system32\drivers\si3112r.sys (file missing)
R0 SiFilter (SATALink driver accelerator) - c:\windows\system32\drivers\siwinacc.sys (file missing)
R0 sr (System Restore Filter Driver) - c:\windows\system32\drivers\sr.sys (file missing)
R0 VolSnap (Storage volumes) - c:\windows\system32\drivers\volsnap.sys (file missing)
R1 AFD - c:\windows\system32\drivers\afd.sys (file missing)
R1 AmdK8 (AMD Processor Driver) - c:\windows\system32\drivers\amdk8.sys (file missing)
R1 Beep - c:\windows\system32\drivers\beep.sys (file missing)
R1 Cdrom (CD-ROM Driver) - c:\windows\system32\drivers\cdrom.sys (file missing)
R1 Fips - c:\windows\system32\drivers\fips.sys (file missing)
R1 i8042prt (i8042 Keyboard and PS/2 Mouse Port Driver) - c:\windows\system32\drivers\i8042prt.sys (file missing)
R1 imapi (CD-Burning Filter Driver) - c:\windows\system32\drivers\imapi.sys (file missing)
R1 IPSec (IPSEC driver) - c:\windows\system32\drivers\ipsec.sys (file missing)
R1 Kbdclass (Keyboard Class Driver) - c:\windows\system32\drivers\kbdclass.sys (file missing)
R1 kbdhid (Keyboard HID Driver) - c:\windows\system32\drivers\kbdhid.sys (file missing)
R1 mnmdd - c:\windows\system32\drivers\mnmdd.sys (file missing)
R1 Mouclass (Mouse Class Driver) - c:\windows\system32\drivers\mouclass.sys (file missing)
R1 MRxSmb - c:\windows\system32\drivers\mrxsmb.sys (file missing)
R1 Msfs - c:\windows\system32\drivers\msfs.sys (file missing)
R1 NetBIOS (NetBIOS Interface) - c:\windows\system32\drivers\netbios.sys (file missing)
R1 NetBT (NetBios over Tcpip) - c:\windows\system32\drivers\netbt.sys (file missing)
R1 Npfs - c:\windows\system32\drivers\npfs.sys (file missing)
R1 Null - c:\windows\system32\drivers\null.sys (file missing)
R1 RasAcd (Remote Access Auto Connection Driver) - c:\windows\system32\drivers\rasacd.sys (file missing)
R1 Rdbss - c:\windows\system32\drivers\rdbss.sys (file missing)
R1 RDPCDD - c:\windows\system32\drivers\rdpcdd.sys (file missing)
R1 redbook (Digital CD Audio Playback Filter Driver) - c:\windows\system32\drivers\redbook.sys (file missing)
R1 Serial (Serial port driver) - c:\windows\system32\drivers\serial.sys (file missing)
R1 Tcpip (TCP/IP Protocol Driver) - c:\windows\system32\drivers\tcpip.sys (file missing)
R1 TermDD (Terminal Device Driver) - c:\windows\system32\drivers\termdd.sys (file missing)
R1 VgaSave (VGA Display Controller.) - c:\windows\system32\drivers\vga.sys (file missing)
R2 atksgt - c:\windows\system32\drivers\atksgt.sys (file missing)
R2 CdaC15BA - c:\windows\system32\drivers\cdac15ba.sys (file missing)
R2 CdaD10BA - c:\windows\system32\drivers\cdad10ba.sys (file missing)
R2 lirsgt - c:\windows\system32\drivers\lirsgt.sys (file missing)
R2 Secdrv (Security Driver) - c:\windows\system32\drivers\secdrv.sys (file missing)
R3 audstub (Audio Stub Driver) - c:\windows\system32\drivers\audstub.sys (file missing)
R3 copperhd (Razer Copperhead Driver) - c:\windows\system32\drivers\copperhd.sys (file missing)
R3 CT20XUT.DLL - c:\windows\system32\ct20xut.dll (file missing)
R3 ctac32k (Creative AC3 Software Decoder) - c:\windows\system32\drivers\ctac32k.sys (file missing)
R3 ctaud2k (Creative Audio Driver (WDM)) - c:\windows\system32\drivers\ctaud2k.sys (file missing)
R3 CTEXFIFX.DLL - c:\windows\system32\ctexfifx.dll (file missing)
R3 CTHWIUT.DLL - c:\windows\system32\cthwiut.dll (file missing)
R3 ctprxy2k (Creative Proxy Driver) - c:\windows\system32\drivers\ctprxy2k.sys (file missing)
R3 ctsfm2k (Creative SoundFont Management Device Driver) - c:\windows\system32\drivers\ctsfm2k.sys (file missing)
R3 emupia (E-mu Plug-in Architecture Driver) - c:\windows\system32\drivers\emupia2k.sys (file missing)
R3 Fdc (Floppy Disk Controller Driver) - c:\windows\system32\drivers\fdc.sys (file missing)
R3 Flpydisk (Floppy Disk Driver) - c:\windows\system32\drivers\flpydisk.sys (file missing)
R3 Gpc (Generic Packet Classifier) - c:\windows\system32\drivers\msgpc.sys (file missing)
R3 ha20x2k (Creative 20X HAL Driver) - c:\windows\system32\drivers\ha20x2k.sys (file missing)
R3 HidUsb (Microsoft HID Class Driver) - c:\windows\system32\drivers\hidusb.sys (file missing)
R3 ksthunk (Kernel Streaming WOW64 Thunk Service) - c:\windows\system32\drivers\ksthunk.sys (file missing)
R3 L8042Kbd (SetPoint Keyboard Driver) - c:\windows\system32\drivers\l8042kbd.sys (file missing)
R3 mouhid (Mouse HID Driver) - c:\windows\system32\drivers\mouhid.sys (file missing)
R3 mssmbios (Microsoft System Management BIOS Driver) - c:\windows\system32\drivers\mssmbios.sys (file missing)
R3 NdisTapi (Remote Access NDIS TAPI Driver) - c:\windows\system32\drivers\ndistapi.sys (file missing)
R3 NdisWan (Remote Access NDIS WAN Driver) - c:\windows\system32\drivers\ndiswan.sys (file missing)
R3 NDProxy (NDIS Proxy) - c:\windows\system32\drivers\ndproxy.sys (file missing)
R3 nv - c:\windows\system32\drivers\nv4_mini.sys (file missing)
R3 ossrv (Creative OS Services Driver) - c:\windows\system32\drivers\ctoss2k.sys (file missing)
R3 Parport (Parallel port driver) - c:\windows\system32\drivers\parport.sys (file missing)
R3 PptpMiniport (WAN Miniport (PPTP)) - c:\windows\system32\drivers\raspptp.sys (file missing)
R3 PSched (QoS Packet Scheduler) - c:\windows\system32\drivers\psched.sys (file missing)
R3 Ptilink (Direct Parallel Link Driver) - c:\windows\system32\drivers\ptilink.sys (file missing)
R3 Rasl2tp (WAN Miniport (L2TP)) - c:\windows\system32\drivers\rasl2tp.sys (file missing)
R3 RasPppoe (Remote Access PPPOE Driver) - c:\windows\system32\drivers\raspppoe.sys (file missing)
R3 Raspti (Direct Parallel) - c:\windows\system32\drivers\raspti.sys (file missing)
R3 rdpdr (Terminal Server Device Redirector Driver) - c:\windows\system32\drivers\rdpdr.sys (file missing)
R3 RTL8023x64 (Dynex DX-E102/E202 10/100Mb NDIS XP(x64) Driver) - c:\windows\system32\drivers\rtnic64.sys (file missing)
R3 serenum (Serenum Filter Driver) - c:\windows\system32\drivers\serenum.sys (file missing)
R3 Srv - c:\windows\system32\drivers\srv.sys (file missing)
R3 swenum (Software Bus Driver) - c:\windows\system32\drivers\swenum.sys (file missing)
R3 sysaudio (Microsoft Kernel System Audio Device) - c:\windows\system32\drivers\sysaudio.sys (file missing)
R3 Update (Microcode Update Driver) - c:\windows\system32\drivers\update.sys (file missing)
R3 usbaudio (USB Audio Driver (WDM)) - c:\windows\system32\drivers\usbaudio.sys (file missing)
R3 usbccgp (Microsoft USB Generic Parent Driver) - c:\windows\system32\drivers\usbccgp.sys (file missing)
R3 usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - c:\windows\system32\drivers\usbehci.sys (file missing)
R3 usbhub (USB2 Enabled Hub) - c:\windows\system32\drivers\usbhub.sys (file missing)
R3 usbohci (Microsoft USB Open Host Controller Miniport Driver) - c:\windows\system32\drivers\usbohci.sys (file missing)
R3 Wanarp (Remote Access IP ARP Driver) - c:\windows\system32\drivers\wanarp.sys (file missing)
R3 wdmaud (Microsoft WINMM WDM Audio Compatibility Driver) - c:\windows\system32\drivers\wdmaud.sys (file missing)
R4 Cdfs - c:\windows\system32\drivers\cdfs.sys (file missing)
R4 Ntfs - c:\windows\system32\drivers\ntfs.sys (file missing)

S1 Sfloppy - c:\windows\system32\drivers\sfloppy.sys (file missing)
S3 aec (Microsoft Kernel Acoustic Echo Canceller) - c:\windows\system32\drivers\aec.sys (file missing)
S3 ALCXWDM (Service for Realtek AC97 Audio (WDM)) - c:\windows\system32\drivers\alcwdm64.sys (file missing)
S3 AmdLLD64 (AMD Low Level Device Driver) - c:\windows\system32\drivers\amdlld64.sys (file missing)
S3 AsyncMac (RAS Asynchronous Media Driver) - c:\windows\system32\drivers\asyncmac.sys (file missing)
S3 Atmarpc (ATM ARP Client Protocol) - c:\windows\system32\drivers\atmarpc.sys (file missing)
S3 COMMONFX.DLL - c:\windows\system32\commonfx.dll (file missing)
S3 CTAUDFX.DLL - c:\windows\system32\ctaudfx.dll (file missing)
S3 CTEAPSFX.DLL - c:\windows\system32\cteapsfx.dll (file missing)
S3 CTEDSPFX.DLL - c:\windows\system32\ctedspfx.dll (file missing)
S3 CTEDSPIO.DLL - c:\windows\system32\ctedspio.dll (file missing)
S3 CTEDSPSY.DLL - c:\windows\system32\ctedspsy.dll (file missing)
S3 CTERFXFX.DLL - c:\windows\system32\cterfxfx.dll (file missing)
S3 CTSBLFX.DLL - c:\windows\system32\ctsblfx.dll (file missing)
S3 HTTP - c:\windows\system32\drivers\http.sys (file missing)
S3 Ip6Fw (IPv6 Windows Firewall Driver) - c:\windows\system32\drivers\ip6fw.sys (file missing)
S3 IpFilterDriver (IP Traffic Filter Driver) - c:\windows\system32\drivers\ipfltdrv.sys (file missing)
S3 IpInIp (IP in IP Tunnel Driver) - c:\windows\system32\drivers\ipinip.sys (file missing)
S3 IpNat (IP Network Address Translator) - c:\windows\system32\drivers\ipnat.sys (file missing)
S3 IRENUM (IR Enumerator Service) - c:\windows\system32\drivers\irenum.sys (file missing)
S3 kmixer (Microsoft Kernel Wave Audio Mixer) - c:\windows\system32\drivers\kmixer.sys (file missing)
S3 L8042mou (SetPoint PS/2 Mouse Filter Driver) - c:\windows\system32\drivers\l8042mou.sys (file missing)
S3 LHidFilt (Logitech SetPoint KMDF HID Filter Driver) - c:\windows\system32\drivers\lhidfilt.sys (file missing)
S3 LMouFilt (Logitech SetPoint KMDF Mouse Filter Driver) - c:\windows\system32\drivers\lmoufilt.sys (file missing)
S3 LMouKE (SetPoint Mouse Filter Driver) - c:\windows\system32\drivers\lmouke.sys (file missing)
S3 LUsbFilt (Logitech SetPoint KMDF USB Filter) - c:\windows\system32\drivers\lusbfilt.sys (file missing)
S3 Modem - c:\windows\system32\drivers\modem.sys (file missing)
S3 MRxDAV (WebDav Client Redirector) - c:\windows\system32\drivers\mrxdav.sys (file missing)
S3 MSKSSRV (Microsoft Streaming Service Proxy) - c:\windows\system32\drivers\mskssrv.sys (file missing)
S3 MSPCLOCK (Microsoft Streaming Clock Proxy) - c:\windows\system32\drivers\mspclock.sys (file missing)
S3 MSPQM (Microsoft Streaming Quality Manager Proxy) - c:\windows\system32\drivers\mspqm.sys (file missing)
S3 Ndisuio (NDIS Usermode I/O Protocol) - c:\windows\system32\drivers\ndisuio.sys (file missing)
S3 NwlnkFlt (IPX Traffic Filter Driver) - c:\windows\system32\drivers\nwlnkflt.sys (file missing)
S3 NwlnkFwd (IPX Traffic Forwarder Driver) - c:\windows\system32\drivers\nwlnkfwd.sys (file missing)
S3 Processor (Processor Driver) - c:\windows\system32\drivers\processr.sys (file missing)
S3 RDPWD - c:\windows\system32\drivers\rdpwd.sys (file missing)
S3 rtl8139 (Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver) - c:\windows\system32\drivers\rtl39a64.sys (file missing)
S3 RTL8169 (Realtek RTL8169/8110 Family Gigabit Ethernet NIC NT Driver) - c:\windows\system32\drivers\rtl69a64.sys (file missing)
S3 splitter (Microsoft Kernel Audio Splitter) - c:\windows\system32\drivers\splitter.sys (file missing)
S3 swmidi (Microsoft Kernel GS Wavetable Synthesizer) - c:\windows\system32\drivers\swmidi.sys (file missing)
S3 TDPIPE - c:\windows\system32\drivers\tdpipe.sys (file missing)
S3 TDTCP - c:\windows\system32\drivers\tdtcp.sys (file missing)
S3 TnIDriver - c:\docume~1\admini~1\locals~1\temp\tni2c.tmp (file missing)
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys (file missing)
S3 USBSTOR (USB Mass Storage Driver) - c:\windows\system32\drivers\usbstor.sys (file missing)
S3 vga - c:\windows\system32\drivers\vgapnp.sys (file missing)
S3 Wdf01000 - c:\windows\system32\drivers\wdf01000.sys (file missing)
S4 ACPIEC - c:\windows\system32\drivers\acpiec.sys (file missing)
S4 dmboot - c:\windows\system32\drivers\dmboot.sys (file missing)
S4 Fastfat - c:\windows\system32\drivers\fastfat.sys (file missing)
S4 Pcmcia - c:\windows\system32\drivers\pcmcia.sys (file missing)
S4 Udfs - c:\windows\system32\drivers\udfs.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 CTAudSvcService (Creative Audio Service) - c:\program files (x86)\creative\shared files\ctaudsvc.exe
R2 NVSvc (NVIDIA Display Driver Service) - c:\windows\system32\nvsvc64.exe (file missing)
R2 PlugPlay (Plug and Play) - c:\windows\system32\services.exe (file missing)
R2 ProtectedStorage (Protected Storage) - c:\windows\system32\lsass.exe (file missing)

S2 spupdsvc (Windows Service Pack Installer update service) - c:\windows\system32\spupdsvc.exe (file missing)
S3 dmadmin (Logical Disk Manager Administrative Service) - c:\windows\system32\dmadmin.exe /com (file missing)
S3 HTTPFilter (HTTP SSL) - c:\windows\system32\lsass.exe (file missing)
S3 ImapiService (IMAPI CD-Burning COM Service) - c:\windows\system32\imapi.exe (file missing)
S3 MSDTC (Distributed Transaction Coordinator) - c:\windows\system32\msdtc.exe (file missing)
S3 NtLmSsp (NT LM Security Support Provider) - c:\windows\system32\lsass.exe (file missing)
S3 RDSessMgr (Remote Desktop Help Session Manager) - c:\windows\system32\sessmgr.exe (file missing)
S3 vds (Virtual Disk Service) - c:\windows\system32\vds.exe (file missing)
S3 WmiApSrv (WMI Performance Adapter) - c:\windows\system32\wbem\wmiapsrv.exe (file missing)
S4 Eventlog (Event Log) - c:\windows\system32\services.exe (file missing)
S4 Netlogon (Net Logon) - c:\windows\system32\lsass.exe (file missing)
S4 PolicyAgent (IPSEC Services) - c:\windows\system32\lsass.exe (file missing)
S4 SamSs (Security Accounts Manager) - c:\windows\system32\lsass.exe (file missing)
S4 TlntSvr (Telnet) - c:\windows\system32\tlntsvr.exe (file missing)
S4 VSS (Volume Shadow Copy) - c:\windows\system32\vssvc.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: Realtek AC'97 Audio
Device ID: PCI\VEN_1002&DEV_4370&SUBSYS_71511462&REV_02\3&267A616A&0&A5
Manufacturer: Realtek
Name: Realtek AC'97 Audio
PNP Device ID: PCI\VEN_1002&DEV_4370&SUBSYS_71511462&REV_02\3&267A616A&0&A5
Service: ALCXWDM

Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ROOT\LEGACY_VGA\0000
Manufacturer:
Name:
PNP Device ID: ROOT\LEGACY_VGA\0000
Service: vga


-- Scheduled Tasks -------------------------------------------------------------

2007-08-22 20:43:34 330 --ah---c- C:\WINDOWS\Tasks\MP Scheduled Scan.job


-- Files created between 2008-05-08 and 2008-06-08 -----------------------------

2008-06-07 21:47:26 0 d-------- C:\Program Files (x86)\Trend Micro
2008-06-07 21:37:55 0 d-------- C:\WINDOWS\BDOSCAN8
2008-06-07 21:16:48 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-07 21:16:39 0 d-------- C:\Program Files (x86)\SUPERAntiSpyware
2008-06-07 21:16:39 0 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-06-07 21:08:15 0 d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-06-07 21:08:13 0 d-------- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2008-06-07 21:08:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-07 21:03:36 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-06-07 20:59:19 0 d-------- C:\Program Files (x86)\CCleaner
2008-06-07 20:02:57 0 d--hs---- C:\WINDOWS\U3RldmUgS2Fycg
2008-06-07 20:02:57 401972 --a------ C:\WINDOWS\system32\g58.exe
2008-06-07 20:02:50 0 d-------- C:\WINDOWS\system32\xrem
2008-06-07 20:02:50 0 d-------- C:\WINDOWS\system32\inet2
2008-06-07 20:02:50 0 d-------- C:\WINDOWS\system32\expo
2008-06-07 20:02:50 0 d-------- C:\WINDOWS\system32\btz
2008-06-07 20:02:50 0 d-------- C:\WINDOWS\system32\105772
2008-06-07 20:02:49 0 d-------- C:\WINDOWS\system32\vntiho18
2008-06-07 20:02:49 0 d-------- C:\Temp
2008-06-07 19:56:33 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-07 19:56:31 0 d-------- C:\Fraps
2008-06-07 19:30:27 0 d-------- C:\Program Files (x86)\Game Cam V2
2008-06-01 22:53:56 0 d-------- C:\Documents and Settings\Administrator\Application Data\DivX
2008-06-01 19:56:35 0 d-------- C:\Program Files (x86)\Tortun
2008-05-26 23:43:04 0 d-------- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org2
2008-05-26 23:41:25 0 d-------- C:\Program Files (x86)\OpenOffice.org 2.4
2008-05-26 23:40:26 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-05-12 20:53:16 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-12 20:50:16 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-12 20:50:16 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-12 20:50:08 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-12 20:50:08 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-12 20:50:08 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-05-12 20:50:08 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-12 20:50:06 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-12 20:49:02 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-12 03:44:49 1970176 --a------ C:\WINDOWS\system32\d3dx9.dll
2008-05-12 03:44:49 679936 --a------ C:\WINDOWS\system32\D3DX81ab.dll <Not Verified; Generated by JEDI; D3DX81>
2008-05-12 03:44:48 0 d-------- C:\Program Files (x86)\Cheat Engine


-- Find3M Report ---------------------------------------------------------------

2008-06-08 15:27:50 0 d-------- C:\Program Files (x86)\Steam
2008-06-07 22:23:17 0 d-------- C:\Program Files (x86)\World of Warcraft
2008-06-07 21:16:24 0 d-------- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2008-06-07 12:25:16 0 d-------- C:\Program Files (x86)\Warcraft III
2008-06-01 22:52:37 0 d-------- C:\Program Files (x86)\DivX
2008-05-26 23:41:11 0 d-------- C:\Program Files (x86)\Java
2008-05-03 23:10:37 0 d-------- C:\Program Files (x86)\Common Files\SupportSoft
2008-05-03 23:10:33 0 d-------- C:\Program Files (x86)\CHARTER
2008-04-28 14:42:39 0 d-------- C:\Documents and Settings\Administrator\Application Data\LimeWire
2008-03-16 21:52:15 413696 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2008-03-16 21:52:15 110592 --a------ C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions (C) Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL(TM) Library>


-- Registry Dump ---------------------------------------------------------------



-- End of Deckard's System Scanner: finished at 2008-06-08 18:55:37 ------------


Character limit restricts me from posting both Main & Extra in one post, so I will extend to two.

Extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft(R) Windows(R) XP Professional x64 Edition (build 3790) SP 2.0
Architecture: X64; Language: English

CPU 0: AMD Processor model unknown
CPU 1: AMD Processor model unknown
Percentage of Memory in Use: 19%
Physical Memory (total/avail): 2047.27 MiB / 1639.11 MiB
Pagefile Memory (total/avail): 4993.02 MiB / 4710.62 MiB
Virtual Memory (total/avail): 4095.88 MiB / 3951.96 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 233.75 GiB total, 103.3 GiB free.
D: is CDROM (CDFS)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Maxtor 6 L250S0 SCSI Disk Device - 233.76 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 233.75 GiB - C:



-- Security Center -------------------------------------------------------------

Windows Internal Firewall is disabled.

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Authoriz edApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files (x86)\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files (x86)\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files (x86)\\MSN Messenger\\livecall.exe"="C:\\Program Files (x86)\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files (x86)\\Sierra\\FEAR\\fpupdate.exe"="C:\\Program Files (x86)\\Sierra\\FEAR\\fpupdate.exe:*:Enabled:fpupdate"
"C:\\Program Files (x86)\\Sierra\\FEAR\\FEAR.exe"="C:\\Program Files (x86)\\Sierra\\FEAR\\FEAR.exe:*:Enabled:FEAR"
"C:\\Program Files (x86)\\Sierra\\FEAR\\FEARMP.exe"="C:\\Program Files (x86)\\Sierra\\FEAR\\FEARMP.exe:*:Enabled:FEAR"
"C:\\Program Files (x86)\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"="C:\\Program Files (x86)\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe:*:Enabled:XR_3DA"
"C:\\Program Files (x86)\\Steam\\SteamApps\\marik_ishtar893\\sin episodes emergence\\SinEpisodes.exe"="C:\\Program Files (x86)\\Steam\\SteamApps\\marik_ishtar893\\sin episodes emergence\\SinEpisodes.exe:*:Enabled:SinEpisodes"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files (x86)\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files (x86)\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files (x86)\\MSN Messenger\\livecall.exe"="C:\\Program Files (x86)\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrator\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files (x86)\Common Files
CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
CommonProgramW6432=C:\Program Files\Common Files
COMPUTERNAME=KOALA-T
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator
LOGONSERVER=\\KOALA-T
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_ARCHITEW6432=AMD64
PROCESSOR_IDENTIFIER=AMD64 Family 15 Model 35 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2302
ProgramFiles=C:\Program Files (x86)
ProgramFiles(x86)=C:\Program Files (x86)
ProgramW6432=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
USERDOMAIN=KOALA-T
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
--> "C:\Program Files (x86)\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /nolog/l0x0009
--> "C:\Program Files (x86)\Creative Installation Information\CTCMSGO\Setup.exe" /remove /nolog/l0x0009
--> "C:\Program Files (x86)\Creative Installation Information\E-CENTER_NET_CONTENT_U\Setup.exe" /remove /nolog/l0x0009
--> "C:\Program Files (x86)\Creative Installation Information\E-CENTER_PLUGIN_CDBURNER_U\Setup.exe" /remove /nolog/l0x0009
--> "C:\Program Files (x86)\Creative Installation Information\E-CENTER_PLUGIN_MINIDISC_U\Setup.exe" /remove /nolog/l0x0009
--> "C:\Program Files (x86)\Creative Installation Information\E-CENTER_PLUGIN_ONLINESTORE_U\Setup.exe" /remove /nolog/l0x0009
--> "C:\Program Files (x86)\Creative Installation Information\MEDIASOURCE_PLAYER_SKINPACK_U\Setup.exe" /remove /nolog/l0x0009
--> "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Program\SETUP.EXE" /S /U /W
--> C:\Program Files (x86)\DivX\DivXConverterUninstall.exe /CONVERTER
--> MsiExec /X{82D8304F-73D7-4EE6-8472-D0684BAA2865}
--> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{888347B3-AEC5-4BB5-8BAB-781D72A57C73}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{888347B3-AEC5-4BB5-8BAB-781D72A57C73}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9
--> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{FBFF2411-D066-4D24-BCE0-893086009E1B}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{FBFF2411-D066-4D24-BCE0-893086009E1B}\setup.exe" -l0x9 /remove
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files (x86)\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files (x86)\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX --> C:\WINDOWS\SysWOW64\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
AGEIA PhysX v7.05.06 --> MsiExec.exe /X{82D8304F-73D7-4EE6-8472-D0684BAA2865}
AMD Processor Driver --> C:\Program Files (x86)\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe -runfromtemp -l0x0009 -removeonly
Beowulf TM -->
Beowulf TM --> "C:\Program Files (x86)\InstallShield Installation Information\{477AB6F3-0907-4E90-ABC2-9525CC6AA356}\setup.exe" -runfromtemp -l0x0009 -removeonly
Bioshock Demo --> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/7710
BloodRayne 2 --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{04CB9967-A8BB-468C-ABA6-CE87328712BE}\setup.exe" -l0x9
Call of Duty(R) 4 - Modern Warfare(TM) -->
Call of Duty(R) 4 - Modern Warfare(TM) --> C:\Program Files (x86)\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch -->
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch --> C:\Program Files (x86)\InstallShield Installation Information\{3BD633E0-4BF8-4499-9149-88F0767D449C}\setup.exe -runfromtemp -l0x0409
CCleaner (remove only) --> "C:\Program Files (x86)\CCleaner\uninst.exe"
Charter High Speed Internet Self-Installation Wizard --> MsiExec.exe /I{5AF8C46D-A141-4E69-9EB5-76A43ED29281}
Cheat Engine 5.4 --> "C:\Program Files (x86)\Cheat Engine\unins000.exe"
Clive Barker's Jericho --> "C:\Program Files (x86)\InstallShield Installation Information\{BE9A67F1-BDD3-4259-9F5C-2EFCE6B3A6C5}\Setup.exe" -runfromtemp -l0x0009 -removeonly
Continuum 0.40 --> "C:\Program Files (x86)\Continuum\unins000.exe"
Counter-Strike: Source --> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/240
Creative Audio Console --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9 /remove
Creative MediaSource 5 --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\SETUP.EXE" -l0x9 /remove
Creative Software AutoUpdate --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9 /remove
Creative System Information --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Dark Messiah --> C:\Program Files (x86)\InstallShield Installation Information\{A8E2EF8F-73EF-4DD8-BB38-31FCCAF50103}\setup.exe -runfromtemp -l0x0009 -removeonly
Dark Messiah Might and Magic Multi-Player --> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/2130
Dark Messiah Might and Magic Single Player --> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/2100
Day of Defeat --> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/30
Day of Defeat: Source --> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/300
DB Viewer 7.2.0661 --> C:\Program Files (x86)\xBaseView\uninst.exe
DivX Codec --> C:\Program Files (x86)\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files (x86)\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files (x86)\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files (x86)\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Doom 3 -->
Doom 3 -->
Doom 3 --> C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{584267B8-0BB0-4D18-9FFA-726576619E9A} /l1033 /x
Enclave --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{8AC01A0D-42B6-4A55-AD7A-A545A7AE5364}\Setup.exe" -l0x9
Enemy Territory: QUAKE Wars Demo --> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/10010
Enhancement Browser Tools Gooochi --> C:\WINDOWS\system32\{c2a5bb54-c406-c789-0605-0bafb5b2079c}.dll-uninst.exe
Fable - The Lost Chapters -->
Fable - The Lost Chapters --> C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}
FEAR --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{2B653229-9854-4989-B780-D978F5F13EAB}\setup.exe" -l0x9 /zU -removeonly
Fraps --> "C:\Fraps\uninstall.exe"
GameSpy Arcade --> C:\PROGRA~2\GAMESP~1\UNWISE.EXE C:\PROGRA~2\GAMESP~1\INSTALL.LOG
Garry's Mod --> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/4000
Half-Life 2 --> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/220
Half-Life 2: Episode One --> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/380
Hermit's Reticles 2 --> C:\Program Files (x86)\Hermit's Reticles 2\uninstall.exe
HijackThis 2.0.2 --> "C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Infernal Demo --> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/7080
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Knights of The Temple II --> C:\PROGRA~2\PLAYLO~1\KOTT2\UNWISE.EXE C:\PROGRA~2\PLAYLO~1\KOTT2\INSTALL.LOG
LimeWire 4.14.12 --> "C:\Program Files (x86)\LimeWire\uninstall.exe"
Malwarebytes' Anti-Malware --> "C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 --> MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8}
Oblivion --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x9 -removeonly
Oblivion - Horse Armor Pack --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{3ABEBD00-299D-4DCA-967F-B912163AB5EA}\setup.exe" -l0x9 -removeonly
Oblivion - Knights of the Nine --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{14C87AA7-08E6-419F-A165-998EBE5023D7}\setup.exe" -l0x9 -removeonly
Oblivion - Mehrunes Razor --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{EF295F5C-7B57-47AA-8889-6B3E8E214E89}\setup.exe" -l0x9 -removeonly
Oblivion - Orrery --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{EC425CFC-EE78-4A91-AA25-3BFA65B75364}\setup.exe" -l0x9 -removeonly
Oblivion - Spell Tomes --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{16D919E6-F019-4E15-BFBE-4A85EF19DA57}\setup.exe" -l0x9 -removeonly
Oblivion - Thieves Den --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{FFFFFD17-B460-41EB-93F1-C48ABAD63828}\setup.exe" -l0x9 -removeonly
Oblivion - Vile Lair --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{520F4B09-3A51-47A2-82B0-9FF1DC2D20FA}\setup.exe" -l0x9 -removeonly
Oblivion - Wizard's Tower --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{2F2E3D62-8B8C-448F-8900-451325E50948}\setup.exe" -l0x9 -removeonly
OpenOffice.org 2.4 --> MsiExec.exe /I{F87A8E11-02A4-4875-A3A5-5961081B0E4E}
Painkiller --> C:\WINDOWS\unvise32.exe C:\Program Files (x86)\DreamCatcher\Painkiller\uninstal.log
PC Pitstop Optimize 1.5 --> "C:\Program Files (x86)\PCPitstop\Optimize\unins000.exe"
PlayLinc --> MsiExec.exe /I{2158685C-E2B3-4026-B0A1-0FFE31837AFD}
PowerDVD --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Prince of Persia T2T --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{DFFE2B1F-07E0-45A9-8801-CD8514CAA876}\setup.exe" -l0x9 -removeonly
Prince of Persia The Two Thrones -->
Quake 4(TM) -->
Quake 4(TM) --> C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{152B782A-05F3-48EC-9AAC-4D3EB68D9E20}
Razer Copperhead --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{D6D5CFB3-7095-4073-B6B7-B7E909838C57}\setup.exe"
Red Faction --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{47E6B460-04BA-4215-9F5D-3858BF920D07}\setup.exe" anything
resident evil 4 --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{E07F4F90-2BC6-4843-B62D-309D9170986E}\install.exe" -l0x9 -removeonly
S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0003] --> "C:\Program Files (x86)\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\unins000.exe"
Security Update for Windows XP (KB923789) --> C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Serious Sam 2 --> C:\Program Files (x86)\Serious Sam 2\Bin\Uninstall.exe
SiN Episodes: Emergence --> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/1300
Sound Blaster X-Fi --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}\SETUP.EXE" -l0x9 /remove
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
System Requirements Lab --> C:\Program Files (x86)\SystemRequirementsLab\Uninstall.exe
Tortun 0.76 --> "C:\Program Files (x86)\Tortun\unins000.exe"
Tron 2.0 --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\Buena Vista Interactive\Tron 2.0\Setup.EXE" -l0x9
Two Worlds --> C:\Program Files (x86)\InstallShield Installation Information\{D166F9A2-C6E5-4BB1-AD66-CD0F9953089F}\setup.exe -runfromtemp -l0x0009 -removeonly
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Warkeys 1.7.0.0b --> C:\Program Files (x86)\Warkeys\uninst.exe
Will Rock --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{58DB5417-E1FF-4EF6-A93C-592D35F01E84}\setup.exe" -l0x9
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Video 9 Advanced Profile Codec --> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wvc1dmo.inf,Uninstall
WinRAR archiver --> C:\Program Files (x86)\WinRAR\uninstall.exe
World of Warcraft --> C:\Program Files (x86)\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
WowAceUpdater --> rundll32.exe dfshim.dll,ShArpMaintain WowAceUpdater.application, Culture=neutral, PublicKeyToken=4d89fb8d52541cc9, processorArchitecture=msil
Xfire (remove only) --> "C:\Program Files (x86)\Xfire\uninst.exe"


-- Application Event Log -------------------------------------------------------

No Errors/Warnings found.


-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

No Errors/Warnings found.


-- End of Deckard's System Scanner: finished at 2008-06-08 18:55:37 ------------


Thank you very much for your time!

After checking things out lets bring out the big guns.


Please download ComboFix by sUBs from HERE or HERE directly to your Desktop.


Make sure any antivirus or protective software is disabled.
Here is a tutorial for most programs.
http://www.bleepingcomputer.com/forums/topic114351.html


Go to -> Run -> copy/paste the following single line command in the runbox & click OK

"%userprofile%\desktop\combofix.exe" /killall



* ComboFix will automatically start. Any monitoring programs will be shut down like your antivirus, antispyware programs for example.
* ComboFix may restart your computer, this is normal.
* When finished, it will produce a log, ComboFix.txt.
* Please post ComboFix.txt in your next reply along with a new HijackThis log.



Notes:
When starting ComboFix will cause your computer's internal speakers to produce two beeps, and during the start process display two warnings. These are intended to discourage people who are not getting help in the forum from just experimenting with tools they do not understand. Just to inform you so you will understand that the procedures are expected, and okay.

ComboFix will also disable any screensaver settings made, so know that at some point when we complete repairs you will need to reset your screensaver

Do not mouse-click Combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.


Post this log in your next reply together with a hijackthislog.

The title of a window is called "Error - Win32 Only"

"Incompatible OS. ComboFix only works for Windows 2000 and XP."

This happens right after the initialization on starting it up.

To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.


Download Otmoveit2 by OldTimer to your desktop.

Then click OTMoveIt2.exe to run it (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator").

Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C, or right-click and choose Copy):




Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window and select Paste. Then click the red MoveIt! button. A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder, in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose "Yes".

-----------------------------

Then Go HERE and download ATF cleaner. Close all open browsers, then click on the downloaded file to run it, and select "Select All", then click Empty Selected (and close ATF).

If you have them, you can also click on Firefox/Opera at the top and repeat the steps (and close ATF). Firefox/Opera will need to be closed first for the cleaning to be effective.

Go HERE for an online AV scan. Follow all prompts to Allow all ActiveX objects to install. If your AV alerts you while the scan installs ignore this - Panda's Active Scan method is often mistaken for infection activity. The scan suggests you can use another window and continue to browse, but please do not use the computer while the scan runs.

When the scan completes do not click any of the disinfection links provided. Click the small "Export to:" button and save the log file to your desktop. Then copy the contents of that ActiveScan.txt file back here for review please.

----------------------------

Still making sure dss.exe is directly on your desktop, go to Start - Run, and copy/paste the following (then press OK):

"%userprofile%\desktop\dss.exe" /config

When the DSS Configuration display opens click the "Check All" button. Next, under Main Log, again uncheck the following:

System Restore
Temp Cleanup
Process Modules

Then under Extra Log, uncheck all the boxes.

Don't make any other changes at this time. Then click the "Scan!" button to start the scan.

Once the scan has completed a textbox will appear - copy/paste those contents back here please (main.txt). (The logs can also be found in the C:\Deckard\System Scanner folder)

Post that along with the OTMoveIt log and the Panda log please.

C:\WINDOWS\U3RldmUgS2Fycg moved successfully.
C:\WINDOWS\system32\g58.exe moved successfully.
C:\WINDOWS\system32\xrem moved successfully.
C:\WINDOWS\system32\inet2 moved successfully.
C:\WINDOWS\system32\expo moved successfully.
C:\WINDOWS\system32\btz moved successfully.
C:\WINDOWS\system32\105772 moved successfully.
C:\WINDOWS\system32\vntiho18 moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06092008_013924




Deckard's System Scanner v20071014.68
Run by Administrator on 2008-06-09 02:22:28
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:22:28 AM, on 6/9/2008
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\WINDOWS\SysWOW64\CTsvcCDA.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Razer\Copperhead\razerhid.exe
C:\Program Files (x86)\Razer\Copperhead\razerofa.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Ventrilo\Ventrilo.exe
C:\Documents and Settings\Administrator\Desktop\dss.exe
C:\PROGRA~2\TRENDM~1\HIJACK~1\ADMINI~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tigerdirect.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: gooochi browser optimizer - {ace42305-f36f-65fe-1790-cd0056d75654} - C:\WINDOWS\SysWow64\{c2a5bb54-c406-c789-0605-0bafb5b2079c}.dll (file missing)
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [razer] "C:\Program Files (x86)\Razer\Copperhead\razerhid.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] "C:\Program Files (x86)\PCPitstop\Optimize\PCPOptimize.exe" -boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files (x86)\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files (x86)\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files (x86)\OpenOffice.org 2.4\program\quickstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files (x86)\Internet Explorer\Plugins\NPDocBox.dll
O15 - ESC Trusted Zone: http://runonce.msn.com
O16 - DPF: {01016526-5E80-11D8-9E86-0007E96C65AE} (SmartAccess Ctl Class) - https://install.charter.com/diskless/bin/ssctlsma.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15031/CTSUEng.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188223290093
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1206068375765
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc64.exe (file missing)
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)
O23 - Service: Windows Service Pack Installer update service (spupdsvc) - Unknown owner - C:\WINDOWS\system32\spupdsvc.exe (file missing)
O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)

--
End of file - 7657 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*
.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 ACPI (Microsoft ACPI Driver) - c:\windows\system32\drivers\acpi.sys (file missing)
R0 atapi (Standard IDE/ESDI Hard Disk Controller) - c:\windows\system32\drivers\atapi.sys (file missing)
R0 crcdisk (CRC Disk Filter Driver) - c:\windows\system32\drivers\crcdisk.sys (file missing)
R0 Disk (Disk Driver) - c:\windows\system32\drivers\disk.sys (file missing)
R0 dmio (Logical Disk Manager Driver) - c:\windows\system32\drivers\dmio.sys (file missing)
R0 dmload - c:\windows\system32\drivers\dmload.sys (file missing)
R0 FltMgr - c:\windows\system32\drivers\fltmgr.sys (file missing)
R0 Ftdisk (Volume Manager Driver) - c:\windows\system32\drivers\ftdisk.sys (file missing)
R0 isapnp (PnP ISA/EISA Bus Driver) - c:\windows\system32\drivers\isapnp.sys (file missing)
R0 KSecDD - c:\windows\system32\drivers\ksecdd.sys (file missing)
R0 MountMgr (Mount Point Manager) - c:\windows\system32\drivers\mountmgr.sys (file missing)
R0 Mup - c:\windows\system32\drivers\mup.sys (file missing)
R0 NDIS (NDIS System Driver) - c:\windows\system32\drivers\ndis.sys (file missing)
R0 PartMgr (Partition Manager) - c:\windows\system32\drivers\partmgr.sys (file missing)
R0 PCI (PCI Bus Driver) - c:\windows\system32\drivers\pci.sys (file missing)
R0 PCIIde - c:\windows\system32\drivers\pciide.sys (file missing)
R0 PxHlpa64 - c:\windows\system32\drivers\pxhlpa64.sys (file missing)
R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys (file missing)
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys (file missing)
R0 sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - c:\windows\system32\drivers\sfsync02.sys (file missing)
R0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - c:\windows\system32\drivers\sfvfs02.sys (file missing)
R0 SI3112r (ATI 4379 SATARaid Controller) - c:\windows\system32\drivers\si3112r.sys (file missing)
R0 SiFilter (SATALink driver accelerator) - c:\windows\system32\drivers\siwinacc.sys (file missing)
R0 sr (System Restore Filter Driver) - c:\windows\system32\drivers\sr.sys (file missing)
R0 VolSnap (Storage volumes) - c:\windows\system32\drivers\volsnap.sys (file missing)
R1 AFD - c:\windows\system32\drivers\afd.sys (file missing)
R1 AmdK8 (AMD Processor Driver) - c:\windows\system32\drivers\amdk8.sys (file missing)
R1 Beep - c:\windows\system32\drivers\beep.sys (file missing)
R1 Cdrom (CD-ROM Driver) - c:\windows\system32\drivers\cdrom.sys (file missing)
R1 Fips - c:\windows\system32\drivers\fips.sys (file missing)
R1 i8042prt (i8042 Keyboard and PS/2 Mouse Port Driver) - c:\windows\system32\drivers\i8042prt.sys (file missing)
R1 imapi (CD-Burning Filter Driver) - c:\windows\system32\drivers\imapi.sys (file missing)
R1 IPSec (IPSEC driver) - c:\windows\system32\drivers\ipsec.sys (file missing)
R1 Kbdclass (Keyboard Class Driver) - c:\windows\system32\drivers\kbdclass.sys (file missing)
R1 kbdhid (Keyboard HID Driver) - c:\windows\system32\drivers\kbdhid.sys (file missing)
R1 mnmdd - c:\windows\system32\drivers\mnmdd.sys (file missing)
R1 Mouclass (Mouse Class Driver) - c:\windows\system32\drivers\mouclass.sys (file missing)
R1 MRxSmb - c:\windows\system32\drivers\mrxsmb.sys (file missing)
R1 Msfs - c:\windows\system32\drivers\msfs.sys (file missing)
R1 NetBIOS (NetBIOS Interface) - c:\windows\system32\drivers\netbios.sys (file missing)
R1 NetBT (NetBios over Tcpip) - c:\windows\system32\drivers\netbt.sys (file missing)
R1 Npfs - c:\windows\system32\drivers\npfs.sys (file missing)
R1 Null - c:\windows\system32\drivers\null.sys (file missing)
R1 RasAcd (Remote Access Auto Connection Driver) - c:\windows\system32\drivers\rasacd.sys (file missing)
R1 Rdbss - c:\windows\system32\drivers\rdbss.sys (file missing)
R1 RDPCDD - c:\windows\system32\drivers\rdpcdd.sys (file missing)
R1 redbook (Digital CD Audio Playback Filter Driver) - c:\windows\system32\drivers\redbook.sys (file missing)
R1 Serial (Serial port driver) - c:\windows\system32\drivers\serial.sys (file missing)
R1 Tcpip (TCP/IP Protocol Driver) - c:\windows\system32\drivers\tcpip.sys (file missing)
R1 TermDD (Terminal Device Driver) - c:\windows\system32\drivers\termdd.sys (file missing)
R1 VgaSave (VGA Display Controller.) - c:\windows\system32\drivers\vga.sys (file missing)
R2 atksgt - c:\windows\system32\drivers\atksgt.sys (file missing)
R2 CdaC15BA - c:\windows\system32\drivers\cdac15ba.sys (file missing)
R2 CdaD10BA - c:\windows\system32\drivers\cdad10ba.sys (file missing)
R2 lirsgt - c:\windows\system32\drivers\lirsgt.sys (file missing)
R2 Secdrv (Security Driver) - c:\windows\system32\drivers\secdrv.sys (file missing)
R3 audstub (Audio Stub Driver) - c:\windows\system32\drivers\audstub.sys (file missing)
R3 copperhd (Razer Copperhead Driver) - c:\windows\system32\drivers\copperhd.sys (file missing)
R3 CT20XUT.DLL - c:\windows\system32\ct20xut.dll (file missing)
R3 ctac32k (Creative AC3 Software Decoder) - c:\windows\system32\drivers\ctac32k.sys (file missing)
R3 ctaud2k (Creative Audio Driver (WDM)) - c:\windows\system32\drivers\ctaud2k.sys (file missing)
R3 CTEXFIFX.DLL - c:\windows\system32\ctexfifx.dll (file missing)
R3 CTHWIUT.DLL - c:\windows\system32\cthwiut.dll (file missing)
R3 ctprxy2k (Creative Proxy Driver) - c:\windows\system32\drivers\ctprxy2k.sys (file missing)
R3 ctsfm2k (Creative SoundFont Management Device Driver) - c:\windows\system32\drivers\ctsfm2k.sys (file missing)
R3 emupia (E-mu Plug-in Architecture Driver) - c:\windows\system32\drivers\emupia2k.sys (file missing)
R3 Fdc (Floppy Disk Controller Driver) - c:\windows\system32\drivers\fdc.sys (file missing)
R3 Flpydisk (Floppy Disk Driver) - c:\windows\system32\drivers\flpydisk.sys (file missing)
R3 Gpc (Generic Packet Classifier) - c:\windows\system32\drivers\msgpc.sys (file missing)
R3 ha20x2k (Creative 20X HAL Driver) - c:\windows\system32\drivers\ha20x2k.sys (file missing)
R3 HidUsb (Microsoft HID Class Driver) - c:\windows\system32\drivers\hidusb.sys (file missing)
R3 kmixer (Microsoft Kernel Wave Audio Mixer) - c:\windows\system32\drivers\kmixer.sys (file missing)
R3 ksthunk (Kernel Streaming WOW64 Thunk Service) - c:\windows\system32\drivers\ksthunk.sys (file missing)
R3 L8042Kbd (SetPoint Keyboard Driver) - c:\windows\system32\drivers\l8042kbd.sys (file missing)
R3 mouhid (Mouse HID Driver) - c:\windows\system32\drivers\mouhid.sys (file missing)
R3 mssmbios (Microsoft System Management BIOS Driver) - c:\windows\system32\drivers\mssmbios.sys (file missing)
R3 NdisTapi (Remote Access NDIS TAPI Driver) - c:\windows\system32\drivers\ndistapi.sys (file missing)
R3 NdisWan (Remote Access NDIS WAN Driver) - c:\windows\system32\drivers\ndiswan.sys (file missing)
R3 NDProxy (NDIS Proxy) - c:\windows\system32\drivers\ndproxy.sys (file missing)
R3 nv - c:\windows\system32\drivers\nv4_mini.sys (file missing)
R3 ossrv (Creative OS Services Driver) - c:\windows\system32\drivers\ctoss2k.sys (file missing)
R3 Parport (Parallel port driver) - c:\windows\system32\drivers\parport.sys (file missing)
R3 PptpMiniport (WAN Miniport (PPTP)) - c:\windows\system32\drivers\raspptp.sys (file missing)
R3 PSched (QoS Packet Scheduler) - c:\windows\system32\drivers\psched.sys (file missing)
R3 Ptilink (Direct Parallel Link Driver) - c:\windows\system32\drivers\ptilink.sys (file missing)
R3 Rasl2tp (WAN Miniport (L2TP)) - c:\windows\system32\drivers\rasl2tp.sys (file missing)
R3 RasPppoe (Remote Access PPPOE Driver) - c:\windows\system32\drivers\raspppoe.sys (file missing)
R3 Raspti (Direct Parallel) - c:\windows\system32\drivers\raspti.sys (file missing)
R3 rdpdr (Terminal Server Device Redirector Driver) - c:\windows\system32\drivers\rdpdr.sys (file missing)
R3 RTL8023x64 (Dynex DX-E102/E202 10/100Mb NDIS XP(x64) Driver) - c:\windows\system32\drivers\rtnic64.sys (file missing)
R3 serenum (Serenum Filter Driver) - c:\windows\system32\drivers\serenum.sys (file missing)
R3 splitter (Microsoft Kernel Audio Splitter) - c:\windows\system32\drivers\splitter.sys (file missing)
R3 Srv - c:\windows\system32\drivers\srv.sys (file missing)
R3 swenum (Software Bus Driver) - c:\windows\system32\drivers\swenum.sys (file missing)
R3 sysaudio (Microsoft Kernel System Audio Device) - c:\windows\system32\drivers\sysaudio.sys (file missing)
R3 Update (Microcode Update Driver) - c:\windows\system32\drivers\update.sys (file missing)
R3 usbaudio (USB Audio Driver (WDM)) - c:\windows\system32\drivers\usbaudio.sys (file missing)
R3 usbccgp (Microsoft USB Generic Parent Driver) - c:\windows\system32\drivers\usbccgp.sys (file missing)
R3 usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - c:\windows\system32\drivers\usbehci.sys (file missing)
R3 usbhub (USB2 Enabled Hub) - c:\windows\system32\drivers\usbhub.sys (file missing)
R3 usbohci (Microsoft USB Open Host Controller Miniport Driver) - c:\windows\system32\drivers\usbohci.sys (file missing)
R3 Wanarp (Remote Access IP ARP Driver) - c:\windows\system32\drivers\wanarp.sys (file missing)
R3 wdmaud (Microsoft WINMM WDM Audio Compatibility Driver) - c:\windows\system32\drivers\wdmaud.sys (file missing)
R4 Cdfs - c:\windows\system32\drivers\cdfs.sys (file missing)
R4 Ntfs - c:\windows\system32\drivers\ntfs.sys (file missing)

S1 Sfloppy - c:\windows\system32\drivers\sfloppy.sys (file missing)
S3 aec (Microsoft Kernel Acoustic Echo Canceller) - c:\windows\system32\drivers\aec.sys (file missing)
S3 ALCXWDM (Service for Realtek AC97 Audio (WDM)) - c:\windows\system32\drivers\alcwdm64.sys (file missing)
S3 AmdLLD64 (AMD Low Level Device Driver) - c:\windows\system32\drivers\amdlld64.sys (file missing)
S3 AsyncMac (RAS Asynchronous Media Driver) - c:\windows\system32\drivers\asyncmac.sys (file missing)
S3 Atmarpc (ATM ARP Client Protocol) - c:\windows\system32\drivers\atmarpc.sys (file missing)
S3 COMMONFX.DLL - c:\windows\system32\commonfx.dll (file missing)
S3 CTAUDFX.DLL - c:\windows\system32\ctaudfx.dll (file missing)
S3 CTEAPSFX.DLL - c:\windows\system32\cteapsfx.dll (file missing)
S3 CTEDSPFX.DLL - c:\windows\system32\ctedspfx.dll (file missing)
S3 CTEDSPIO.DLL - c:\windows\system32\ctedspio.dll (file missing)
S3 CTEDSPSY.DLL - c:\windows\system32\ctedspsy.dll (file missing)
S3 CTERFXFX.DLL - c:\windows\system32\cterfxfx.dll (file missing)
S3 CTSBLFX.DLL - c:\windows\system32\ctsblfx.dll (file missing)
S3 HTTP - c:\windows\system32\drivers\http.sys (file missing)
S3 Ip6Fw (IPv6 Windows Firewall Driver) - c:\windows\system32\drivers\ip6fw.sys (file missing)
S3 IpFilterDriver (IP Traffic Filter Driver) - c:\windows\system32\drivers\ipfltdrv.sys (file missing)
S3 IpInIp (IP in IP Tunnel Driver) - c:\windows\system32\drivers\ipinip.sys (file missing)
S3 IpNat (IP Network Address Translator) - c:\windows\system32\drivers\ipnat.sys (file missing)
S3 IRENUM (IR Enumerator Service) - c:\windows\system32\drivers\irenum.sys (file missing)
S3 L8042mou (SetPoint PS/2 Mouse Filter Driver) - c:\windows\system32\drivers\l8042mou.sys (file missing)
S3 LHidFilt (Logitech SetPoint KMDF HID Filter Driver) - c:\windows\system32\drivers\lhidfilt.sys (file missing)
S3 LMouFilt (Logitech SetPoint KMDF Mouse Filter Driver) - c:\windows\system32\drivers\lmoufilt.sys (file missing)
S3 LMouKE (SetPoint Mouse Filter Driver) - c:\windows\system32\drivers\lmouke.sys (file missing)
S3 LUsbFilt (Logitech SetPoint KMDF USB Filter) - c:\windows\system32\drivers\lusbfilt.sys (file missing)
S3 Modem - c:\windows\system32\drivers\modem.sys (file missing)
S3 MRxDAV (WebDav Client Redirector) - c:\windows\system32\drivers\mrxdav.sys (file missing)
S3 MSKSSRV (Microsoft Streaming Service Proxy) - c:\windows\system32\drivers\mskssrv.sys (file missing)
S3 MSPCLOCK (Microsoft Streaming Clock Proxy) - c:\windows\system32\drivers\mspclock.sys (file missing)
S3 MSPQM (Microsoft Streaming Quality Manager Proxy) - c:\windows\system32\drivers\mspqm.sys (file missing)
S3 Ndisuio (NDIS Usermode I/O Protocol) - c:\windows\system32\drivers\ndisuio.sys (file missing)
S3 NwlnkFlt (IPX Traffic Filter Driver) - c:\windows\system32\drivers\nwlnkflt.sys (file missing)
S3 NwlnkFwd (IPX Traffic Forwarder Driver) - c:\windows\system32\drivers\nwlnkfwd.sys (file missing)
S3 Processor (Processor Driver) - c:\windows\system32\drivers\processr.sys (file missing)
S3 RDPWD - c:\windows\system32\drivers\rdpwd.sys (file missing)
S3 rtl8139 (Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver) - c:\windows\system32\drivers\rtl39a64.sys (file missing)
S3 RTL8169 (Realtek RTL8169/8110 Family Gigabit Ethernet NIC NT Driver) - c:\windows\system32\drivers\rtl69a64.sys (file missing)
S3 swmidi (Microsoft Kernel GS Wavetable Synthesizer) - c:\windows\system32\drivers\swmidi.sys (file missing)
S3 TDPIPE - c:\windows\system32\drivers\tdpipe.sys (file missing)
S3 TDTCP - c:\windows\system32\drivers\tdtcp.sys (file missing)
S3 TnIDriver - c:\docume~1\admini~1\locals~1\temp\tni2c.tmp (file missing)
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys (file missing)
S3 USBSTOR (USB Mass Storage Driver) - c:\windows\system32\drivers\usbstor.sys (file missing)
S3 vga - c:\windows\system32\drivers\vgapnp.sys (file missing)
S3 Wdf01000 - c:\windows\system32\drivers\wdf01000.sys (file missing)
S4 ACPIEC - c:\windows\system32\drivers\acpiec.sys (file missing)
S4 dmboot - c:\windows\system32\drivers\dmboot.sys (file missing)
S4 Fastfat - c:\windows\system32\drivers\fastfat.sys (file missing)
S4 Pcmcia - c:\windows\system32\drivers\pcmcia.sys (file missing)
S4 Udfs - c:\windows\system32\drivers\udfs.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 CTAudSvcService (Creative Audio Service) - c:\program files (x86)\creative\shared files\ctaudsvc.exe
R2 NVSvc (NVIDIA Display Driver Service) - c:\windows\system32\nvsvc64.exe (file missing)
R2 PlugPlay (Plug and Play) - c:\windows\system32\services.exe (file missing)
R2 ProtectedStorage (Protected Storage) - c:\windows\system32\lsass.exe (file missing)

S2 spupdsvc (Windows Service Pack Installer update service) - c:\windows\system32\spupdsvc.exe (file missing)
S3 dmadmin (Logical Disk Manager Administrative Service) - c:\windows\system32\dmadmin.exe /com (file missing)
S3 HTTPFilter (HTTP SSL) - c:\windows\system32\lsass.exe (file missing)
S3 ImapiService (IMAPI CD-Burning COM Service) - c:\windows\system32\imapi.exe (file missing)
S3 MSDTC (Distributed Transaction Coordinator) - c:\windows\system32\msdtc.exe (file missing)
S3 NtLmSsp (NT LM Security Support Provider) - c:\windows\system32\lsass.exe (file missing)
S3 RDSessMgr (Remote Desktop Help Session Manager) - c:\windows\system32\sessmgr.exe (file missing)
S3 vds (Virtual Disk Service) - c:\windows\system32\vds.exe (file missing)
S3 WmiApSrv (WMI Performance Adapter) - c:\windows\system32\wbem\wmiapsrv.exe (file missing)
S4 Eventlog (Event Log) - c:\windows\system32\services.exe (file missing)
S4 Netlogon (Net Logon) - c:\windows\system32\lsass.exe (file missing)
S4 PolicyAgent (IPSEC Services) - c:\windows\system32\lsass.exe (file missing)
S4 SamSs (Security Accounts Manager) - c:\windows\system32\lsass.exe (file missing)
S4 TlntSvr (Telnet) - c:\windows\system32\tlntsvr.exe (file missing)
S4 VSS (Volume Shadow Copy) - c:\windows\system32\vssvc.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: Realtek AC'97 Audio
Device ID: PCI\VEN_1002&DEV_4370&SUBSYS_71511462&REV_02\3&267A616A&0&A5
Manufacturer: Realtek
Name: Realtek AC'97 Audio
PNP Device ID: PCI\VEN_1002&DEV_4370&SUBSYS_71511462&REV_02\3&267A616A&0&A5
Service: ALCXWDM

Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ROOT\LEGACY_VGA\0000
Manufacturer:
Name:
PNP Device ID: ROOT\LEGACY_VGA\0000
Service: vga


-- Scheduled Tasks -------------------------------------------------------------

2007-08-22 20:43:34 330 --ah---c- C:\WINDOWS\Tasks\MP Scheduled Scan.job


-- Files created between 2008-05-09 and 2008-06-09 -----------------------------

2008-06-09 01:33:23 0 d-------- C:\WINDOWS\LastGood
2008-06-08 23:47:32 169 --a------ C:\Start_.cmd
2008-06-07 21:47:26 0 d-------- C:\Program Files (x86)\Trend Micro
2008-06-07 21:37:55 0 d-------- C:\WINDOWS\BDOSCAN8
2008-06-07 21:16:48 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-07 21:16:39 0 d-------- C:\Program Files (x86)\SUPERAntiSpyware
2008-06-07 21:16:39 0 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-06-07 21:08:15 0 d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-06-07 21:08:13 0 d-------- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2008-06-07 21:08:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-07 21:03:36 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-06-07 20:59:19 0 d-------- C:\Program Files (x86)\CCleaner
2008-06-07 20:02:49 0 d-------- C:\Temp
2008-06-07 19:56:33 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-07 19:56:31 0 d-------- C:\Fraps
2008-06-07 19:30:27 0 d-------- C:\Program Files (x86)\Game Cam V2
2008-06-01 22:53:56 0 d-------- C:\Documents and Settings\Administrator\Application Data\DivX
2008-06-01 19:56:35 0 d-------- C:\Program Files (x86)\Tortun
2008-05-26 23:43:04 0 d-------- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org2
2008-05-26 23:41:25 0 d-------- C:\Program Files (x86)\OpenOffice.org 2.4
2008-05-26 23:40:26 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-05-12 20:53:16 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-12 20:50:16 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-12 20:50:16 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-12 20:50:08 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-12 20:50:08 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-12 20:50:08 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-05-12 20:50:08 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-12 20:50:06 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-12 20:49:02 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-12 03:44:49 1970176 --a------ C:\WINDOWS\system32\d3dx9.dll
2008-05-12 03:44:49 679936 --a------ C:\WINDOWS\system32\D3DX81ab.dll <Not Verified; Generated by JEDI; D3DX81>
2008-05-12 03:44:48 0 d-------- C:\Program Files (x86)\Cheat Engine


-- Find3M Report ---------------------------------------------------------------

2008-06-08 22:45:22 0 d-------- C:\Program Files (x86)\Steam
2008-06-07 22:23:17 0 d-------- C:\Program Files (x86)\World of Warcraft
2008-06-07 21:16:24 0 d-------- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2008-06-07 12:25:16 0 d-------- C:\Program Files (x86)\Warcraft III
2008-06-01 22:52:37 0 d-------- C:\Program Files (x86)\DivX
2008-05-26 23:41:11 0 d-------- C:\Program Files (x86)\Java
2008-05-03 23:10:37 0 d-------- C:\Program Files (x86)\Common Files\SupportSoft
2008-05-03 23:10:33 0 d-------- C:\Program Files (x86)\CHARTER
2008-04-28 14:42:39 0 d-------- C:\Documents and Settings\Administrator\Application Data\LimeWire
2008-03-16 21:52:15 413696 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2008-03-16 21:52:15 110592 --a------ C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions (C) Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL(TM) Library>


-- Registry Dump ---------------------------------------------------------------



-- End of Deckard's System Scanner: finished at 2008-06-09 02:22:43 ------------




I am getting operating system errors with both ComboFix and the AV scan. I am currently running Windows XP Professional - 64 bit.

Delete combofix. Seems the AV scan is not 64bit ready yet.

Let me do some more research.

While Wait lets fix those file associations.

Please run Deckard’s System Scanner again, as follows:

Go to Start > Run, and copy/paste the following in the Open box:

"%userprofile%\desktop\dss.exe" /daft

* Read the disclaimer and click OK.
* Next, click Scan
* Place a checkmark next to the entries displayed.
* Click on Fix to restore the default file associations.

Now, do another scan with DAFT
This time it should say: All associations OK!.

This scan says 64bit ready

Nod32 Online Scanner (Win 98/ME/NT 4.0/2000/XP/Vista)

* 64 bit versions of Windows are supported.
* The scan report is saved by default in C:\Program Files\EsetOnlineScanner\log.txt


Lets run THIS online scanner. You will need to use Internet Explorer for this scan and accept the ActiveX control.


You will get a screen like this, Check mark both boxes.



And grab a snack.

Post the log from C:\Program Files\EsetOnlineScanner\log.txt

There's something that remains regardless of scanning (so I do not see "All associations OK"):

.cp cplfile shell\runas\command %SystemRoot%\SysWow64\rundll32.exe Shell32.dll,Control_RunDLLAsUser "%1",%*


Eset log:

# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3169 (20080609)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=c977fb4c5cc713458e93bedd9578165c
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-06-09 08:07:16
# local_time=2008-06-09 03:07:16 (-0600, Central Daylight Time)
# country="United States"
# osver=5.2.3790 NT Service Pack 2
# scanned=469156
# found=7
# scan_time=7808
C:\System Volume Information\_restore{1FBC4959-1CB6-4998-BF93-5D400E9E4D45}\RP93\A0210773.exe Win32/Adware.ZenoSearch application (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{1FBC4959-1CB6-4998-BF93-5D400E9E4D45}\RP93\A0210774.exe Win32/TrojanDownloader.Small.BUY trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{1FBC4959-1CB6-4998-BF93-5D400E9E4D45}\RP93\A0210776.exe Win32/TrojanDownloader.VB.AWJ trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{1FBC4959-1CB6-4998-BF93-5D400E9E4D45}\RP93\A0210777.exe Win32/TrojanDownloader.Agent.NZJ trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{1FBC4959-1CB6-4998-BF93-5D400E9E4D45}\RP93\A0210778.exe Win32/Adware.ZQuest application (unable to clean - deleted) 00000000000000000000000000000000
C:\_OTMoveIt\MovedFiles\06092008_013924\WINDOWS\system32\g58.exe Win32/Adware.GooochiBiz application (deleted) 00000000000000000000000000000000
C:\_OTMoveIt\MovedFiles\06092008_013924\WINDOWS\system32\g58.exe »NSIS »ýª€ Win32/Adware.GooochiBiz application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

The eset log was good only things found were in restore which will be fixed later and the stuff in the otmove it quarantined folder



This could be a 64bit glitch. Will do some checking.

How are things running now??

Do you mean you want me to do a system restore?

Things are running at a better rate, still not so sure I'm running at full speed though. Definitely

Thanks a lot for the help so far, by the way .