Slow computer

krieztah · #1 March 10th, 2010, 06:51 AM

My computer is suddenly acting up its super slow these past few days.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:42:00 PM, on 3/10/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Vtune\TBPanel.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\GetRight\GetRight.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Kinzzey\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kinzzey\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kinzzey\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingle Instance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [TBPanel] C:\Program Files\Vtune\TBPanel.exe /A
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Kinzzey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.e xe" -quiet
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - Global Startup: GetRight.lnk = C:\Program Files\GetRight\GetRight.exe
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 6614 bytes

**schrauber** · #2 March 12th, 2010, 08:02 PM

Hello, krieztah
Welcome to the CyberTechHelp Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

Please take note of some guidelines for this fix:

Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
Please set your system to show all files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Please download OTL from one of the following mirrors:
- This is THE Mirror
Save it to your desktop.
Double click on the icon on your desktop.
Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
Push the Quick Scan button.
Two reports will open, copy and paste them in a reply here:
- OTL.txt <-- Will be opened
- Extra.txt <-- Will be minimized

krieztah · #3 March 12th, 2010, 11:15 PM

OTL logfile created on: 3/13/2010 6:59:04 AM - Run 1
OTL by OldTimer - Version 3.1.37.0 Folder = C:\Documents and Settings\Kinzzey\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 82.00% Memory free
7.00 Gb Paging File | 7.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): C:\pagefile.sys 4092 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 195.22 Gb Free Space | 83.83% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KINZZEY-107A177
Current User Name: Kinzzey
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/03/13 06:58:44 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kinzzey\Desktop\OTL.exe
PRC - [2010/01/28 14:09:31 | 002,757,512 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/01/28 14:09:28 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/01/15 19:09:37 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/02/23 05:05:34 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2008/12/03 14:55:44 | 002,158,592 | ---- | M] () -- C:\Program Files\Vtune\TBPANEL.exe
PRC - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/06/23 14:47:18 | 004,628,752 | ---- | M] (Headlight Software, Inc.) -- C:\Program Files\GetRight\GetRight.exe
PRC - [2007/06/01 10:21:30 | 001,209,904 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007/06/01 10:21:08 | 000,153,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2004/08/03 14:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2010/03/13 06:58:44 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kinzzey\Desktop\OTL.exe
MOD - [2004/08/03 14:57:02 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/02/15 11:48:28 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/01/28 14:09:28 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/01/28 14:09:28 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/01/28 14:09:28 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/12/16 09:16:00 | 003,580,880 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = *.local

krieztah · #4 March 12th, 2010, 11:16 PM

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.5.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/05 19:23:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/27 08:50:01 | 000,000,000 | ---D | M]

[2010/02/05 19:23:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kinzzey\Application Data\Mozilla\Extensions
[2010/03/12 12:54:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kinzzey\Application Data\Mozilla\Firefox\Profiles\a5uao1wm.default\ext ensions
[2010/02/10 14:38:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kinzzey\Application Data\Mozilla\Firefox\Profiles\a5uao1wm.default\ext ensions\searchrecs@veoh.com
[2010/03/12 12:54:50 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/02/11 02:58:20 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (IE to GetRight Helper) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll (Headlight Software, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstan ce.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [TBPanel] C:\Program Files\Vtune\TBPanel.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GetRight.lnk = C:\Program Files\GetRight\GetRight.exe (Headlight Software, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRDownload.htm ()
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRBrowse.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/01 20:01:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{89be934a-28e1-11df-bd37-002197efc230}\Shell - "" = AutoRun
O33 - MountPoints2\{89be934a-28e1-11df-bd37-002197efc230}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{89be934a-28e1-11df-bd37-002197efc230}\Shell\AutoRun\command - "" = E:\Autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2010/02/01 11:44:32 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (54046588552609792)

========== Files/Folders - Created Within 14 Days ==========

[2010/03/13 06:58:07 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kinzzey\Desktop\OTL.exe
[2010/03/10 14:41:38 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/03/10 14:40:05 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Kinzzey\Desktop\hijackthis.exe
[2010/03/09 03:28:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\GameGuard
[2010/03/06 12:05:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kinzzey\My Documents\NeroVision
[2010/03/05 22:39:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kinzzey\My Documents\My Games
[2010/03/05 22:29:22 | 000,000,000 | ---D | C] -- C:\Program Files\Ubisoft
[2010/03/04 15:06:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kinzzey\Desktop\Unused Desktop Shortcuts
[2010/02/28 03:00:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kinzzey\Desktop\NeYo
[2010/02/27 08:50:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/02/27 08:50:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/02/27 08:50:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/02/27 08:49:19 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/02/27 08:46:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kinzzey\Application Data\Sun
[2010/02/01 20:09:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/02/01 20:09:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/02/01 20:01:45 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/02/01 20:01:45 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

krieztah · #5 March 12th, 2010, 11:17 PM

========== Files - Modified Within 14 Days ==========

[2010/03/13 06:58:44 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kinzzey\Desktop\OTL.exe
[2010/03/13 06:51:00 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-1220945662-725345543-1003UA.job
[2010/03/12 20:54:40 | 000,020,959 | ---- | M] () -- C:\romini.dmp
[2010/03/12 08:51:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-1220945662-725345543-1003Core.job
[2010/03/11 22:21:46 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/11 22:21:30 | 000,203,937 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/03/11 22:21:26 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/11 22:21:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/11 22:19:45 | 002,883,584 | -H-- | M] () -- C:\Documents and Settings\Kinzzey\NTUSER.DAT
[2010/03/11 22:11:28 | 003,768,068 | -H-- | M] () -- C:\Documents and Settings\Kinzzey\Local Settings\Application Data\IconCache.db
[2010/03/11 20:41:39 | 000,124,556 | ---- | M] () -- C:\Documents and Settings\Kinzzey\Desktop\rohan0311204203085.jpg
[2010/03/11 20:41:25 | 000,102,466 | ---- | M] () -- C:\Documents and Settings\Kinzzey\Desktop\rohan0311203932463.jpg
[2010/03/10 14:41:39 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Kinzzey\Desktop\HijackThis.lnk
[2010/03/10 14:40:20 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Kinzzey\Desktop\hijackthis.exe
[2010/03/08 07:05:09 | 002,883,713 | ---- | M] () -- C:\Documents and Settings\Kinzzey\Desktop\WNR2000-V1.2.3.7NA.img
[2010/03/08 06:11:16 | 000,000,161 | ---- | M] () -- C:\Documents and Settings\Kinzzey\default.pls
[2010/03/08 06:11:16 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/03/07 07:14:57 | 000,023,222 | ---- | M] () -- C:\Documents and Settings\Kinzzey\Desktop\23800_1214762973093_13493 84948_30528727_3444053_n.jpg
[2010/03/06 21:21:10 | 000,031,309 | ---- | M] () -- C:\Documents and Settings\Kinzzey\Desktop\11b6w55jpg.png
[2010/03/05 22:38:19 | 000,001,123 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Heroes of Might and Magic V - Tribes of the East.lnk
[2010/03/05 21:28:34 | 000,611,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/11 20:44:56 | 000,102,466 | ---- | C] () -- C:\Documents and Settings\Kinzzey\Desktop\rohan0311203932463.jpg
[2010/03/11 20:44:50 | 000,124,556 | ---- | C] () -- C:\Documents and Settings\Kinzzey\Desktop\rohan0311204203085.jpg
[2010/03/10 14:41:39 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Kinzzey\Desktop\HijackThis.lnk
[2010/03/08 15:42:20 | 000,020,959 | ---- | C] () -- C:\romini.dmp
[2010/03/08 07:01:58 | 002,883,713 | ---- | C] () -- C:\Documents and Settings\Kinzzey\Desktop\WNR2000-V1.2.3.7NA.img
[2010/03/07 07:14:57 | 000,023,222 | ---- | C] () -- C:\Documents and Settings\Kinzzey\Desktop\23800_1214762973093_13493 84948_30528727_3444053_n.jpg
[2010/03/06 21:21:09 | 000,031,309 | ---- | C] () -- C:\Documents and Settings\Kinzzey\Desktop\11b6w55jpg.png
[2010/03/05 22:38:19 | 000,001,123 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Heroes of Might and Magic V - Tribes of the East.lnk
[2010/03/05 21:28:34 | 000,611,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/02/26 22:28:28 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Kinzzey\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/19 17:34:59 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/12/02 23:35:49 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/12/02 23:35:49 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/12/02 23:35:49 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/12/02 23:35:49 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2005/12/07 23:19:22 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\EGamesPlugin.dll
[2005/12/07 23:19:22 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\EGameEncrypt.dll
[2004/08/03 14:56:44 | 000,421,919 | ---- | C] () -- C:\WINDOWS\System32\msrd2x40.dll
[2004/08/03 14:56:44 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/07/17 01:36:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

========== LOP Check ==========

[2010/02/03 22:42:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/03/10 15:25:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/02/26 03:23:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kinzzey\Application Data\GetRight

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2004/08/03 15:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2004/08/03 15:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 12:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFi les\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFi les\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2004/08/03 14:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2004/08/03 14:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004/08/03 14:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2004/08/03 14:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2004/08/03 14:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004/08/03 14:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/03 14:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2004/08/03 14:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004/08/03 14:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >

krieztah · #6 March 12th, 2010, 11:18 PM

OTL Extras logfile created on: 3/13/2010 6:59:04 AM - Run 1
OTL by OldTimer - Version 3.1.37.0 Folder = C:\Documents and Settings\Kinzzey\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 82.00% Memory free
7.00 Gb Paging File | 7.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): C:\pagefile.sys 4092 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 195.22 Gb Free Space | 83.83% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KINZZEY-107A177
Current User Name: Kinzzey
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

krieztah · #7 March 12th, 2010, 11:18 PM

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enable d:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microso ft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Heroes of Newerth\hon.exe" = C:\Program Files\Heroes of Newerth\hon.exe:*:Enabled:Heroes of Newerth -- (S2 Games)
"C:\Documents and Settings\Kinzzey\My Documents\Rohan Dual\Rohan\Rohan\RohanOnline\rohanclient.exe" = C:\Documents and Settings\Kinzzey\My Documents\Rohan Dual\Rohan\Rohan\RohanOnline\rohanclient.exe:*:Ena bled:Rohan Online Game -- (YNK Games)
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled :Veoh Web Player -- (Veoh Networks)
"C:\Rohan Giants\Rohan Giants\rohanclient.exe" = C:\Rohan Giants\Rohan Giants\rohanclient.exe:*:Enabled:Rohan Online Game -- (YNK Games)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Ubisoft\Heroes of Might and Magic V - Tribes of the East\bin\H5_Game.exe" = C:\Program Files\Ubisoft\Heroes of Might and Magic V - Tribes of the East\bin\H5_Game.exe:*:Enabled:Heroes of Might and Magic V -- ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2B21DEAC-4EB7-4516-8E0C-F1F3A29FF2AE}" = Gothic III - Forsaken Gods Patch
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{66FF4C48-0083-4E60-8556-B883AB200092}" = Heroes of Might and Magic V - Tribes of the East
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9F5AFBD2-AF6D-41E9-AFE8-F67AD7AF1033}" = Nero 7 Essentials
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{AC54E544-3E42-443C-A91D-A00A6974C592}" = NVIDIA PhysX v8.10.13
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{B023185F-F1EF-4F97-B0BD-AE6D802226D1}" = NVIDIA WDM Drivers
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"avast5" = avast! Free Antivirus
"GetRight_is1" = GetRight
"HijackThis" = HijackThis 2.0.2
"hon" = Heroes of Newerth
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"NVIDIA Drivers" = NVIDIA Drivers
"SpywareBlaster_is1" = SpywareBlaster 4.2
"Veoh Web Player Beta" = Veoh Web Player
"Vtune_is1" = Vtune 7.0
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinRAR archiver" = WinRAR archiver
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Uninstall]
"Google Chrome" = Google Chrome

krieztah · #8 March 12th, 2010, 11:19 PM

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/19/2010 8:34:29 PM | Computer Name = KINZZEY-107A177 | Source = Application Error | ID = 1000
Description = Faulting application rohanclient.exe, version 6.1.0.114, faulting
module , version 0.0.0.0, fault address 0x00000000.

Error - 2/21/2010 6:27:44 AM | Computer Name = KINZZEY-107A177 | Source = Application Error | ID = 1000
Description = Faulting application rohanclient.exe, version 6.1.0.114, faulting
module rohanclient.exe, version 6.1.0.114, fault address 0x004fe8dc.

Error - 2/21/2010 9:11:22 AM | Computer Name = KINZZEY-107A177 | Source = Application Error | ID = 1000
Description = Faulting application rohanclient.exe, version 6.1.0.114, faulting
module rohanclient.exe, version 6.1.0.114, fault address 0x00314754.

Error - 2/24/2010 9:28:00 PM | Computer Name = KINZZEY-107A177 | Source = Application Hang | ID = 1002
Description = Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/25/2010 2:49:26 PM | Computer Name = KINZZEY-107A177 | Source = Application Error | ID = 1000
Description = Faulting application rohanclient.exe, version 6.1.0.114, faulting
module rohanclient.exe, version 6.1.0.114, fault address 0x004fe8dc.

Error - 2/26/2010 3:50:33 AM | Computer Name = KINZZEY-107A177 | Source = Google Update | ID = 20
Description =

Error - 2/27/2010 1:10:22 PM | Computer Name = KINZZEY-107A177 | Source = Application Error | ID = 1000
Description = Faulting application java.exe, version 6.0.180.7, faulting module
java.dll, version 6.0.180.7, fault address 0x00005875.

Error - 2/27/2010 1:40:27 PM | Computer Name = KINZZEY-107A177 | Source = Application Error | ID = 1000
Description = Faulting application javaw.exe, version 6.0.180.7, faulting module
java.dll, version 6.0.180.7, fault address 0x00005875.

Error - 2/27/2010 1:40:44 PM | Computer Name = KINZZEY-107A177 | Source = Application Error | ID = 1001
Description = Fault bucket 1659311448.

Error - 2/28/2010 5:55:23 AM | Computer Name = KINZZEY-107A177 | Source = Application Error | ID = 1000
Description = Faulting application rohanclient.exe, version 6.1.0.114, faulting
module rohanclient.exe, version 6.1.0.114, fault address 0x004e213a.

[ System Events ]
Error - 2/23/2010 3:19:30 PM | Computer Name = KINZZEY-107A177 | Source = Service Control Manager | ID = 7000
Description = The Cardex service failed to start due to the following error: %%183

Error - 2/23/2010 7:41:02 PM | Computer Name = KINZZEY-107A177 | Source = Service Control Manager | ID = 7000
Description = The Cardex service failed to start due to the following error: %%183

Error - 2/23/2010 8:43:20 PM | Computer Name = KINZZEY-107A177 | Source = W32Time | ID = 39452706
Description = The time service has detected that the system time needs to be changed
by -57156 seconds. The time service will not change the system time by more than
-54000 seconds. Verify that your time and time zone are correct, and that the time
source time.windows.com (ntp.m|0x1|192.168.1.3:123->207.46.232.182:123) is working
properly.

Error - 2/24/2010 1:08:07 AM | Computer Name = KINZZEY-107A177 | Source = Service Control Manager | ID = 7000
Description = The Cardex service failed to start due to the following error: %%183

Error - 2/25/2010 9:15:32 PM | Computer Name = KINZZEY-107A177 | Source = Service Control Manager | ID = 7000
Description = The Cardex service failed to start due to the following error: %%183

Error - 2/26/2010 3:50:45 AM | Computer Name = KINZZEY-107A177 | Source = Service Control Manager | ID = 7000
Description = The Cardex service failed to start due to the following error: %%183

Error - 2/26/2010 9:17:28 PM | Computer Name = KINZZEY-107A177 | Source = Service Control Manager | ID = 7000
Description = The Cardex service failed to start due to the following error: %%183

Error - 2/26/2010 11:00:03 PM | Computer Name = KINZZEY-107A177 | Source = Service Control Manager | ID = 7000
Description = The Cardex service failed to start due to the following error: %%183

Error - 2/27/2010 1:36:07 AM | Computer Name = KINZZEY-107A177 | Source = Service Control Manager | ID = 7000
Description = The Cardex service failed to start due to the following error: %%183

Error - 2/27/2010 5:20:49 AM | Computer Name = KINZZEY-107A177 | Source = Service Control Manager | ID = 7000
Description = The Cardex service failed to start due to the following error: %%183

< End of report >

**schrauber** · #9 March 13th, 2010, 08:47 PM

Hi,

Download GMER from Here. Note the file's name and save it to your root folder, such as C:\.

Disconnect from the Internet and close all running programs.
Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
Click on this link to see a list of programs that should be disabled.
Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
Allow the driver to load if asked.
You may be prompted to scan immediately if it detects rootkit activity.
If you are prompted to scan your system click "No", save the log and post back the results.
If not prompted, click the "Rootkit/Malware" tab.
On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
Select all drives that are connected to your system to be scanned.
Click the Scan button to begin. (Please be patient as it can take some time to complete)
When the scan is finished, click Save to save the scan results to your Desktop.
Save the file as Results.log and copy/paste the contents in your next reply.
Exit the program and re-enable all active protection when done.

krieztah · #10 March 14th, 2010, 02:58 PM

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-14 22:44:02
Windows 5.1.2600 Service Pack 2
Running: wrscbqq0.exe; Driver: C:\DOCUME~1\Kinzzey\LOCALS~1\Temp\kgeiafob.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xACD04C78]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xACD04B34]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xACD050E8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xACD05012]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xACD0470A]
SSDT sptd.sys ZwEnumerateKey [0xF7513D1C]
SSDT sptd.sys ZwEnumerateValueKey [0xF75140BC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xACD04C0E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xACD0464A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xACD046AE]
SSDT sptd.sys ZwQueryKey [0xF7514194]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xACD04D2E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xACD051B6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xACD04CEE]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xACD04E6E]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xACD1152A]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xACD1134E]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xACD11488]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution + 17B 804E503C 4 Bytes CALL 61FB2091
PAGE ntoskrnl.exe!ObInsertObject 8056EBBF 5 Bytes JMP ACD0E99E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!NtCreateSection 8056EE25 7 Bytes JMP ACD11352 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8058B5EC 7 Bytes JMP ACD1152E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 805A9184 5 Bytes JMP ACD0D4E6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!ZwLoadDriver 805AD35E 7 Bytes JMP ACD1148C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xAF360360, 0x34CDBF, 0xE8000020]
.text USBPORT.SYS!DllUnload AF31C62C 5 Bytes JMP 8A12B510
init C:\WINDOWS\system32\drivers\monfilt.sys entry point in "init" section [0xACFB0280]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SPTDDRV1.SYS[ntoskrnl.exe!IoConnectInterrupt] [F751F718] sptd.sys
IAT \WINDOWS\System32\Drivers\SPTDDRV1.SYS[ntoskrnl.exe!IofCompleteRequest] [F7534656] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F751F6C4] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7535394] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F751F718] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F750FAB6] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F750FBEE] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F750FB76] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F751071C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F75105F2] sptd.sys
IAT disk.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F75354E8] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F75347AE] sptd.sys
IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F75354E8] sptd.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[768] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00370002
IAT C:\WINDOWS\system32\services.exe[768] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00370000
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[1660] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6144AE77] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[1660] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6144ADA9] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[1660] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [6144A7A3] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[1660] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6144ADE9] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[1660] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6144AE77] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[1660] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6144ADA9] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[1660] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [6144A7A3] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[1660] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6144ADE9] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[1660] @ C:\WINDOWS\system32\USER32.dll [GDI32.dll!GetStockObject] [61449CEC] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[1660] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [61449CEC] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[1660] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6144AE29] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[1660] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6144AE77] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[1660] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6144ADE9] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[1660] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6144ADA9] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[1660] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [6144A7A3] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[1660] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [6144A3BA] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[1660] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [6144A3BA] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[1660] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [61449C27] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[1660] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [61449B56] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[1660] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [61449B94] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[1660] @ C:\WINDOWS\system32\SHELL32.dll [GDI32.dll!GetStockObject] [61449CEC] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[1660] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [61449D87] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[1660] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [61449B94] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[1660] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [6144A3BA] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[1660] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [61449C27] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[1660] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [6144A3BA] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[1660] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [61449CF2] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[1660] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [61449B56] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[1660] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6144ADA9] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[1660] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6144ADE9] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[1660] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [6144A7A3] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll

krieztah · #11 March 14th, 2010, 03:00 PM

IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[1660] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6144AE77] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[1660] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6144AE29] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\Program Files\GetRight\GetRight.exe[1964] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 02288680
IAT C:\Program Files\GetRight\GetRight.exe[1964] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 022898F0
IAT C:\Program Files\GetRight\GetRight.exe[1964] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CloseHandle] 0228B200
IAT C:\Program Files\GetRight\GetRight.exe[1964] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 02289B60
IAT C:\Program Files\GetRight\GetRight.exe[1964] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 02289970
IAT C:\Program Files\GetRight\GetRight.exe[1964] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] 0228C140
IAT C:\Program Files\GetRight\GetRight.exe[1964] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalLock] 0228C180
IAT C:\Program Files\GetRight\GetRight.exe[1964] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcessHeap] 0228C520
IAT C:\Program Files\GetRight\GetRight.exe[1964] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] 0228C000
IAT C:\Program Files\GetRight\GetRight.exe[1964] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!DuplicateHandle] 0228B160
IAT C:\Program Files\GetRight\GetRight.exe[1964] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 0228A120
IAT C:\Program Files\GetRight\GetRight.exe[1964] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 02289AD0
IAT C:\Program Files\GetRight\GetRight.exe[1964] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetEnvironmentStringsW] 02289E50
IAT C:\Program Files\GetRight\GetRight.exe[1964] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!IsDebuggerPresent] 0228CAA0
IAT C:\Program Files\GetRight\GetRight.exe[1964] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!ReadFile] 0228AB50
IAT C:\Program Files\GetRight\GetRight.exe[1964] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetFilePointer] 0228AFC0
IAT C:\Program Files\GetRight\GetRight.exe[1964] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFileEx] 0228B680
IAT C:\Program Files\GetRight\GetRight.exe[1964] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingW] 0228B410
IAT C:\Program Files\GetRight\GetRight.exe[1964] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFile] 0228B600
IAT C:\Program Files\GetRight\GetRight.exe[1964] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!OpenFileMappingW] 0228BAE0
IAT C:\Program Files\GetRight\GetRight.exe[1964] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!UnmapViewOfFile] 0228B7F0
IAT C:\Program Files\GetRight\GetRight.exe[1964] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] 02289A40
IAT C:\Program Files\GetRight\GetRight.exe[1964] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!TerminateProcess] 02289FD0
IAT C:\Program Files\GetRight\GetRight.exe[1964] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalAlloc] 0228C260
IAT C:\Program Files\GetRight\GetRight.exe[1964] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FlushViewOfFile] 0228B550
IAT C:\Program Files\GetRight\GetRight.exe[1964] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileSize] 0228B100
IAT C:\Program Files\GetRight\GetRight.exe[1964] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!WriteFile] 0228AF80
IAT C:\Program Files\GetRight\GetRight.exe[1964] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileType] 0228B310
IAT C:\Program Files\GetRight\GetRight.exe[1964] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetACP] 0228C540
IAT C:\Program Files\GetRight\GetRight.exe[1964] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingA] 0228B350
IAT C:\Program Files\GetRight\GetRight.exe[1964] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 0228A800
IAT C:\Program Files\GetRight\GetRight.exe[1964] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadIconW] 0228C7E0
IAT C:\Program Files\GetRight\GetRight.exe[1964] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadCursorW] 0228C780
IAT C:\Program Files\GetRight\GetRight.exe[1964] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CreateDialogParamW] 0228C9D0
IAT C:\Program Files\GetRight\GetRight.exe[1964] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DialogBoxParamW] 0228CA70
IAT C:\Program Files\GetRight\GetRight.exe[1964] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadStringW] 0228C8A0
IAT C:\Program Files\GetRight\GetRight.exe[1964] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 0228C490
IAT C:\Program Files\GetRight\GetRight.exe[1964] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] 0228C440

krieztah · #12 March 14th, 2010, 03:01 PM

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)
Device \FileSystem\Ntfs \Ntfs 8A3121D8

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbuhci \Device\USBPDO-0 89FE35A8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A3821D8
Device \Driver\dmio \Device\DmControl\DmConfig 8A3821D8
Device \Driver\dmio \Device\DmControl\DmPnP 8A3821D8
Device \Driver\dmio \Device\DmControl\DmInfo 8A3821D8
Device \Driver\usbuhci \Device\USBPDO-1 89FE35A8
Device \Driver\usbuhci \Device\USBPDO-2 89FE35A8
Device \Driver\usbuhci \Device\USBPDO-3 89FE35A8
Device \Driver\usbehci \Device\USBPDO-4 8A0D41D8

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Ftdisk \Device\HarddiskVolume1 8A3141D8
Device \Driver\Cdrom \Device\CdRom0 89FE1990
Device \Driver\atapi \Device\Ide\IdePort0 8A3131D8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-5 8A3131D8
Device \Driver\atapi \Device\Ide\IdePort1 8A3131D8
Device \Driver\atapi \Device\Ide\IdePort2 8A3131D8
Device \Driver\atapi \Device\Ide\IdePort3 8A3131D8
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-10 8A3131D8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A0D71D8
Device \Driver\NetBT \Device\NetbiosSmb 8A0D71D8

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbuhci \Device\USBFDO-0 89FE35A8
Device \Driver\usbuhci \Device\USBFDO-1 89FE35A8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89FE9990
Device \Driver\usbuhci \Device\USBFDO-2 89FE35A8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 89FE9990
Device \Driver\usbuhci \Device\USBFDO-3 89FE35A8
Device \Driver\usbehci \Device\USBFDO-4 8A0D41D8
Device \Driver\Ftdisk \Device\FtControl 8A3141D8
Device \FileSystem\Cdfs \Cdfs 89FE8990

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -1155007528
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -1152114613
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4@khjeh 0x29 0xBC 0xBE 0xFC ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4@khjeh 0x29 0xBC 0xBE 0xFC ...

---- EOF - GMER 1.0.15 ----

**schrauber** · #13 March 15th, 2010, 06:58 PM

Hi,

Download and Run StartupLite

This program will identify startup entries that are unnecessary to be started at bootup. This will help free some memory.

Download StartupLite.exe by MalwareBytes to your desktop.
Double click on StartUpLite.exe to run it. If you are using Windows Vista, right click the icon and select Run As Administrator.
A list of unecessary startup entries will be compiled.
Take a read at the description of each and for most of them you probably won't need it please make sure there is a checkmark next to Disable.
Leave all the items as Disabled and click Continue.
Restart your computer once it's done.

Please download TFC by Old Timer and save it to your desktop.
alternate download link

Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder. It also cleans out the %systemroot%\temp folder and checks for .tmp files in the %systemdrive% root folder, %systemroot%, and the system32 folder (both 32bit and 64bit on 64bit OSs). It shows the amount removed for each location found (in bytes) and the total removed (in MB). Before running, it will stop Explorer and all other running apps. When finished, if a reboot is required the user must reboot to finish clearing any in-use temp files.

TFC only cleans temp folders. TFC will not clean URL history, prefetch, or cookies. Depending on how often someone cleans their temp folders, their system hardware, and how many accounts are present, it can take anywhere from a few seconds to a minute or more. TFC will completely clear all temp files where other temp file cleaners may fail. TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.

Please post back with a fresh OTL logfile.

krieztah · #14 March 16th, 2010, 02:19 AM

OTL logfile created on: 3/16/2010 10:07:20 AM - Run 2
OTL by OldTimer - Version 3.1.37.0 Folder = C:\Documents and Settings\Kinzzey\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 86.00% Memory free
7.00 Gb Paging File | 7.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): C:\pagefile.sys 4092 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 198.52 Gb Free Space | 85.25% Space Free | Partition Type: NTFS
Drive D: | 564.43 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KINZZEY-107A177
Current User Name: Kinzzey
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/13 06:58:44 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kinzzey\Desktop\OTL.exe
PRC - [2010/01/28 14:09:31 | 002,757,512 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/01/28 14:09:28 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/01/15 19:09:37 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/02/23 05:05:34 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2008/12/03 14:55:44 | 002,158,592 | ---- | M] () -- C:\Program Files\Vtune\TBPANEL.exe
PRC - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/06/01 10:21:30 | 001,209,904 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007/06/01 10:21:08 | 000,153,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2004/08/03 14:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2010/03/13 06:58:44 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kinzzey\Desktop\OTL.exe
MOD - [2004/08/03 14:57:02 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/02/15 11:48:28 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/01/28 14:09:28 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/01/28 14:09:28 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/01/28 14:09:28 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/12/16 09:16:00 | 003,580,880 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

========== Driver Services (SafeList) ==========

DRV - [2010/03/05 21:28:34 | 000,611,064 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/01/28 13:57:55 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/01/28 13:57:34 | 000,163,280 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/01/28 13:54:42 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/01/28 13:54:16 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/01/28 13:54:05 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/01/28 13:53:50 | 000,028,240 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/09/27 15:12:22 | 007,655,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/12/02 23:35:49 | 000,141,246 | ---- | M] (NVIDIA Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\NVCAP.SYS -- (nvcap) nVidia WDM Video Capture (universal)
DRV - [2008/12/02 23:35:49 | 000,016,176 | ---- | M] (NVIDIA Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\NVXBAR.SYS -- (NVXBAR)
DRV - [2008/09/16 20:20:56 | 000,874,880 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2008/04/17 08:16:00 | 000,030,720 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l251x86.sys -- (AtcL002)
DRV - [2008/02/14 14:12:00 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)
DRV - [2007/03/16 10:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\TBPanel.sys -- (TBPanel)
DRV - [2007/03/16 10:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TBPanel.sys -- (Cardex)
DRV - [2005/01/07 17:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)

krieztah · #15 March 16th, 2010, 02:20 AM

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.5.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/05 19:23:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/15 07:07:19 | 000,000,000 | ---D | M]

[2010/02/05 19:23:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kinzzey\Application Data\Mozilla\Extensions
[2010/03/15 23:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kinzzey\Application Data\Mozilla\Firefox\Profiles\a5uao1wm.default\ext ensions
[2010/02/10 14:38:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kinzzey\Application Data\Mozilla\Firefox\Profiles\a5uao1wm.default\ext ensions\searchrecs@veoh.com
[2010/03/15 23:23:48 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/06/06 18:44:12 | 000,108,544 | ---- | M] (Headlight Software, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\NPGetRt.dll

O1 HOSTS File: ([2010/02/11 02:58:20 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (IE to GetRight Helper) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll (Headlight Software, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstan ce.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [TBPanel] C:\Program Files\Vtune\TBPanel.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRDownload.htm ()
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRBrowse.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/01 20:01:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2002/02/01 06:49:26 | 000,000,045 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2006/08/05 02:30:06 | 000,017,542 | R--- | M] () - D:\AUTORUN.ico -- [ CDFS ]
O33 - MountPoints2\{89be934a-28e1-11df-bd37-002197efc230}\Shell - "" = AutoRun
O33 - MountPoints2\{89be934a-28e1-11df-bd37-002197efc230}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{89be934a-28e1-11df-bd37-002197efc230}\Shell\AutoRun\command - "" = E:\Autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2010/02/01 11:44:32 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.