Hi Cypher, may i start by thanking you VERY much for all your invaluable help, and im sorry for taking up your time.
Here is the Combofix log:
ComboFix 10-01-04.01 - Ktardin 06/01/2010 18:50:49.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3326.2289 [GMT 0:00]
Running from: c:\users\Ktardin\Desktop\ComboFix.exe
Command switches used :: c:\users\Ktardin\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FILE ::
"C:\timestmp.tmp"
"c:\windows\45235788142C44BE8A4DDDE9A84492E5.TMP"
"c:\windows\system32\pbsvc.exe"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programdata\PopCap Games
c:\programdata\PopCap Games\Peggle\cached\sounds\aah.wav
c:\programdata\PopCap Games\Peggle\cached\sounds\applause.wav
c:\programdata\PopCap Games\Peggle\cached\sounds\approval.wav
c:\programdata\PopCap Games\Peggle\cached\sounds\AwardFanfareV2.wav
c:\programdata\PopCap Games\Peggle\cached\sounds\ball_add.wav
c:\programdata\PopCap Games\Peggle\cached\sounds\bubbles.wav
c:\programdata\PopCap Games\Peggle\cached\sounds\buckethit.wav
c:\programdata\PopCap Games\Peggle\cached\sounds\button.wav
c:\programdata\PopCap Games\Peggle\cached\sounds\button2.wav
c:\programdata\PopCap Games\Peggle\cached\sounds\cannonshot.wav
c:\programdata\PopCap Games\Peggle\cached\sounds\coin_freeball_denied.wav
c:\programdata\PopCap Games\Peggle\cached\sounds\coin_spin.wav
c:\programdata\PopCap Games\Peggle\cached\sounds\cymbal.wav
c:\programdata\PopCap Games\Peggle\cached\sounds\dinghi.wav
c:\programdata\PopCap Games\Peggle\cached\sounds\explode.wav
c:\programdata\PopCap Games\Peggle\cached\sounds\extraball.wav
c:\programdata\PopCap Games\Peggle\cached\sounds\extraball2.wav
c:\programdata\PopCap Games\Peggle\cached\sounds\extraball3.wav
c:\programdata\PopCap Games\Peggle\cached\sounds\extremefever2.wav
c:\programdata\PopCap Games\Peggle\cached\sounds\feverhit.wav
c:\programdata\PopCap Games\Peggle\cached\sounds\fireballbounce.wav
c:\programdata\PopCap Games\Peggle\cached\sounds\FireBallLoopV4.wav
c:\programdata\PopCap Games\Peggle\cached\sounds\fireballshoot.wav
c:\programdata\PopCap Games\Peggle\cached\sounds\FireworkPop.wav
c:\programdata\PopCap Games\Peggle\cached\sounds\fireworks1.wav
c:\programdata\PopCap Games\Peggle\cached\sounds\fireworks2.wav
c:\programdata\PopCap Games\Peggle\cached\sounds\flip.wav
c:\programdata\PopCap Games\Peggle\cached\sounds\flip2.wav
c:\programdata\PopCap Games\Peggle\cached\sounds\flipperbounce.wav
c:\programdata\PopCap Games\Peggle\cached\sounds\flipperdown.wav
c:\programdata\PopCap Games\Peggle\cached\sounds\flipperup.wav
c:\programdata\PopCap Games\Peggle\cached\sounds\freeball2.wav
c:\programdata\PopCap Games\Peggle\cached\sounds\gapbonus1.wav
c:\programdata\PopCap Games\Peggle\cached\sounds\gong.wav
c:\programdata\PopCap Games\Peggle\cached\sounds\guncock.wav
c:\programdata\PopCap Games\Peggle\cached\sounds\Koka_morning_finaledit.wav
c:\programdata\PopCap Games\Peggle\cached\sounds\miss.wav
c:\programdata\PopCap Games\Peggle\cached\sounds\missile.wav
c:\programdata\PopCap Games\Peggle\cached\sounds\MnE_Dia_n.wav
c:\programdata\PopCap Games\Peggle\cached\sounds\MnE_Dia_neg.wav
c:\programdata\PopCap Games\Peggle\cached\sounds\MnE_Dia_pos.wav
c:\programdata\PopCap Games\Peggle\cached\sounds\mouseoverV1.wav
c:\programdata\PopCap Games\Peggle\cached\sounds\multiball.wav
c:\programdata\PopCap Games\Peggle\cached\sounds\peghit.wav
c:\programdata\PopCap Games\Peggle\cached\sounds\peghit_low.wav
c:\programdata\PopCap Games\Peggle\cached\sounds\peghit_plus_mega9.wav
c:\programdata\PopCap Games\Peggle\cached\sounds\peghit_plus4b.wav
c:\programdata\PopCap Games\Peggle\cached\sounds\pegpop.wav
c:\programdata\PopCap Games\Peggle\cached\sounds\penalty.wav
c:\programdata\PopCap Games\Peggle\cached\sounds\powerup.wav
c:\programdata\PopCap Games\Peggle\cached\sounds\powerup_fireball3.wav
c:\programdata\PopCap Games\Peggle\cached\sounds\powerup_flippers_4.wav
c:\programdata\PopCap Games\Peggle\cached\sounds\powerup_flowerpower2.wav
c:\programdata\PopCap Games\Peggle\cached\sounds\powerup_guide.wav
c:\programdata\PopCap Games\Peggle\cached\sounds\powerup_luckyspin.wav
c:\programdata\PopCap Games\Peggle\cached\sounds\powerup_multiball.wav
c:\programdata\PopCap Games\Peggle\cached\sounds\powerup_pyramid.wav
c:\programdata\PopCap Games\Peggle\cached\sounds\powerup_spaceblast.wav
c:\programdata\PopCap Games\Peggle\cached\sounds\powerup_spooky1.wav
c:\programdata\PopCap Games\Peggle\cached\sounds\powerup_spooky2.wav
c:\programdata\PopCap Games\Peggle\cached\sounds\powerup_spooky3.wav
c:\programdata\PopCap Games\Peggle\cached\sounds\powerup_spooky4.wav
c:\programdata\PopCap Games\Peggle\cached\sounds\powerup_zen3.wav
c:\programdata\PopCap Games\Peggle\cached\sounds\rainbow.wav
c:\programdata\PopCap Games\Peggle\cached\sounds\scorecounter.wav
c:\programdata\PopCap Games\Peggle\cached\sounds\sigh.wav
c:\programdata\PopCap Games\Peggle\cached\sounds\timpaniroll.wav
c:\programdata\PopCap Games\Peggle\cached\sounds\ting.wav
c:\programdata\PopCap Games\Peggle\cached\sounds\tone.wav
c:\programdata\PopCap Games\Peggle\cached\sounds\tonehi.wav
c:\programdata\PopCap Games\Peggle\cached\sounds\tonelo.wav
c:\programdata\PopCap Games\Peggle\cached\sounds\tonesuperhi.wav
c:\programdata\PopCap Games\Peggle\cached\sounds\typing2.wav
c:\programdata\PopCap Games\Peggle\cached\sounds\ultra2.wav
c:\programdata\PopCap Games\Peggle\cached\sounds\xbump_mod2.wav
c:\programdata\PopCap Games\Peggle\userdata\arcade1.sav
c:\programdata\PopCap Games\Peggle\userdata\highscores.dat
c:\programdata\PopCap Games\Peggle\userdata\stat_Jamie_4b144c4d.dat
c:\programdata\PopCap Games\Peggle\userdata\user1.dat
c:\programdata\PopCap Games\Peggle\userdata\users.dat
c:\programdata\PopCap Games\PeggleNights\cached\sounds\aah.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\applause.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\applause_long.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\approval.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\AwardFanfareV2.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\ball_add.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\BoardLevelTitleWoosh.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\BoardLevelTitleWooshOut.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\bubbles.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\buckethit.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\button.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\button2.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\cannonshot.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\coin_freeball_denied.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\coin_spin.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\CreditsSpotlightOn.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\cymbal.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\DeLune.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\dinghi.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\drumroll.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\explode.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\extraball.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\extraball2.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\extraball3.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\extremefever2.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\FairyPop.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\fanfare.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\feverhit.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\fireballbounce.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\FireBallLoopV4.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\fireballshoot.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\FireworkPop.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\fireworks1.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\fireworks2.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\flip.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\flip2.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\flipperbounce.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\flipperdown.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\flipperup.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\freeball2.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\gapbonus1.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\gong.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\guncock.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\lightning_shockstart.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\lightning_shockwave.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\LoadLogoBuzzOn.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\miss.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\missile.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\MnE_Dia_n.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\MnE_Dia_neg.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\MnE_Dia_pos.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\mouseoverV1.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\multiball.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\peghit.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\peghit_low.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\peghit_plus_mega9.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\peghit_plus4b.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\pegpop.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\pegspark.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\penalty.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\powerup.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\powerup_fireball3.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\powerup_flippers_4.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\powerup_flowerpower2.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\powerup_guide.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\powerup_lightning.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\powerup_luckyspin.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\powerup_multiball.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\powerup_pyramid.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\powerup_spaceblast.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\powerup_spooky1.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\powerup_spooky2.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\powerup_spooky3.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\powerup_spooky4.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\powerup_zen3.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\PowerupLightningHit.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\rainbow.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\scorecounter.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\sigh.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\SpeechBubblePopup.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\StageDreamyIn.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\StageDreamyOut.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\timpani_long.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\timpaniroll.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\ting.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\tone.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\tonehi.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\tonelo.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\tonesuperhi.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\TrophyCurtains.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\TrophyPhotoIn.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\typing2.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\ultra2.wav
c:\programdata\PopCap Games\PeggleNights\cached\sounds\xbump_mod2.wav
c:\programdata\PopCap Games\PeggleNights\userdata\highscores.dat
c:\programdata\PopCap Games\PeggleNights\userdata\replays\awesome.pegn
c:\programdata\PopCap Games\PeggleNights\userdata\replays\Seasickk.pegn
c:\programdata\PopCap Games\PeggleNights\userdata\replays\Seasickkk2.pegn
c:\programdata\PopCap Games\PeggleNights\userdata\replays\Seasickkkk3.pegn
c:\programdata\PopCap Games\PeggleNights\userdata\stat_Jamie_4b297678.dat
c:\programdata\PopCap Games\PeggleNights\userdata\user1.dat
c:\programdata\PopCap Games\PeggleNights\userdata\users.dat
c:\programdata\PopCap Games\popcinfot.dat
c:\programdata\PopCap Games\popcreg.dat
C:\timestmp.tmp
c:\users\Ktardin\AppData\Roaming\uTorrent
c:\users\Ktardin\AppData\Roaming\uTorrent\100 Anthems Drum & Bass.torrent
c:\users\Ktardin\AppData\Roaming\uTorrent\Bassnectar - Underground Communication [2007] VBR 220kbit.torrent
c:\users\Ktardin\AppData\Roaming\uTorrent\dht.dat
c:\users\Ktardin\AppData\Roaming\uTorrent\dht.dat.old
c:\users\Ktardin\AppData\Roaming\uTorrent\Peggle Nights from PopCap Games.zip.torrent
c:\users\Ktardin\AppData\Roaming\uTorrent\Peggle.7z.torrent
c:\users\Ktardin\AppData\Roaming\uTorrent\portableadobephshopcs4.torrent
c:\users\Ktardin\AppData\Roaming\uTorrent\resume.dat
c:\users\Ktardin\AppData\Roaming\uTorrent\resume.dat.old
c:\users\Ktardin\AppData\Roaming\uTorrent\rss.dat
c:\users\Ktardin\AppData\Roaming\uTorrent\rss.dat.old
c:\users\Ktardin\AppData\Roaming\uTorrent\settings.dat
c:\users\Ktardin\AppData\Roaming\uTorrent\settings.dat.old
c:\users\Ktardin\AppData\Roaming\uTorrent\Sub Focus - Sub Focus (Ram Records 2009).torrent
c:\users\Ktardin\AppData\Roaming\uTorrent\utorrent.lng
c:\users\Ktardin\AppData\Roaming\uTorrent\VA--Drum_and_Bass_Arena_Presents_Summer_Selection-WEB-2009-OMA.torrent
c:\windows\system32\pbsvc.exe
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
--------------- FCopy ---------------
c:\windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys --> c:\windows\system32\drivers\atapi.sys
.
((((((((((((((((((((((((( Files Created from 2009-12-06 to 2010-01-06 )))))))))))))))))))))))))))))))
.
2010-01-06 18:58 . 2010-01-06 19:00 -------- d-----w- c:\users\Ktardin\AppData\Local\temp
2010-01-06 18:58 . 2010-01-06 18:58 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-01-06 18:58 . 2010-01-06 18:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-04 17:07 . 2010-01-04 17:08 -------- d-----w- C:\rsit
2010-01-03 19:34 . 2010-01-03 19:34 -------- d-----w- c:\users\Ktardin\AppData\Roaming\Electronic Arts
2010-01-01 19:47 . 2010-01-01 20:26 -------- d-----w- c:\users\Ktardin\AppData\Roaming\Mount&Blade
2009-12-28 22:56 . 2009-12-28 22:56 -------- d-----w- C:\ATI
2009-12-28 20:46 . 2009-12-28 20:46 -------- d-----w- c:\program files\Trend Micro
2009-12-26 21:20 . 2009-12-26 21:20 -------- d-----w- c:\users\Ktardin\AppData\Roaming\InstallShield Installation Information
2009-12-26 21:03 . 2009-12-26 21:03 -------- d-----w- c:\windows\45235788142C44BE8A4DDDE9A84492E5.TMP
2009-12-26 18:22 . 2009-12-26 18:22 -------- d-----w- c:\users\Ktardin\AppData\Roaming\ATI
2009-12-26 18:22 . 2009-12-26 18:22 -------- d-----w- c:\users\Ktardin\AppData\Local\ATI
2009-12-26 18:22 . 2009-12-26 18:22 -------- d-----w- c:\programdata\ATI
2009-12-26 18:17 . 2009-12-26 18:17 -------- d-----w- c:\program files\My Company Name
2009-12-26 18:15 . 2009-12-26 18:15 -------- d-----w- c:\program files\Common Files\ATI Technologies
2009-12-26 18:15 . 2009-12-26 18:15 0 ----a-w- c:\windows\ativpsrm.bin
2009-12-26 18:15 . 2009-11-25 03:18 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-12-22 17:59 . 2009-12-22 17:59 95 ----a-w- c:\users\Ktardin\AppData\Local\fusioncache.dat
2009-12-22 17:59 . 2009-12-23 12:40 -------- d-----w- c:\users\Ktardin\AppData\Local\Turbine
2009-12-22 17:30 . 2009-12-22 17:30 -------- d-----w- c:\users\Ktardin\AppData\Local\Turbine,_Inc
2009-12-22 17:29 . 2009-12-22 17:29 -------- d-----w- c:\programdata\Turbine
2009-12-22 17:28 . 2009-12-26 19:04 -------- d-----w- c:\users\Ktardin\AppData\Local\ApplicationHistory
2009-12-22 17:26 . 2009-12-22 17:26 -------- d-----w- c:\windows\system32\URTTEMP
2009-12-18 13:56 . 2009-12-18 13:56 -------- d-----w- c:\users\Ktardin\AppData\Local\Freelancer
2009-12-17 00:06 . 2009-12-17 00:06 -------- d-----w- c:\programdata\Trymedia
2009-12-14 17:53 . 2009-12-14 17:53 -------- d-----w- c:\users\Ktardin\AppData\Roaming\acccore
2009-12-14 17:48 . 2009-12-14 17:48 -------- d-----w- c:\program files\PlayLinc
2009-12-14 17:48 . 2009-12-14 17:48 -------- d-----w- c:\windows\system32\PlayLinc
2009-12-11 16:33 . 2009-12-11 16:33 -------- d-----w- c:\users\Ktardin\AppData\Roaming\FOG Downloader
2009-12-11 12:47 . 2009-11-09 13:22 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-11 12:47 . 2009-11-09 13:20 31232 ----a-w- c:\windows\system32\httpapi.dll
2009-12-11 12:47 . 2009-11-09 11:04 411136 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-09 16:56 . 2009-08-24 12:16 378368 ----a-w- c:\windows\system32\winhttp.dll
2009-12-09 16:52 . 2009-10-07 12:41 244224 ----a-w- c:\windows\system32\rastls.dll
2009-12-09 16:52 . 2009-10-07 12:41 281600 ----a-w- c:\windows\system32\raschap.dll
2009-12-07 19:32 . 2009-12-07 19:32 -------- d-----w- c:\users\Ktardin\AppData\Local\Aspyr
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-06 11:17 . 2009-11-26 20:24 -------- d-----w- c:\program files\Cheat Engine
2010-01-04 21:44 . 2009-09-30 18:30 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-01 18:25 . 2009-09-19 21:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-31 21:24 . 2009-11-09 19:01 -------- d-----w- c:\program files\DivX
2009-12-31 21:24 . 2009-11-09 19:01 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-12-30 18:32 . 2009-11-09 19:05 -------- d-----w- c:\users\Ktardin\AppData\Roaming\vlc
2009-12-29 23:00 . 2009-09-20 19:38 1 ----a-w- c:\users\Ktardin\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-12-26 21:03 . 2009-09-19 22:54 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-26 20:59 . 2009-12-26 21:20 331776 ----a-w- c:\users\Ktardin\AppData\Roaming\InstallShield Installation Information\{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}\SetupUT3.exe
2009-12-26 18:44 . 2009-11-14 18:39 -------- d-----w- c:\program files\Common Files\BioWare
2009-12-26 18:43 . 2009-11-14 19:02 -------- d-----w- c:\programdata\Media Center Programs
2009-12-26 18:35 . 2009-09-22 18:22 -------- d-----w- c:\program files\Common Files\Steam
2009-12-26 18:16 . 2009-09-19 21:22 -------- d-----w- c:\program files\ATI Technologies
2009-12-26 18:12 . 2009-09-19 21:16 1356 ----a-w- c:\users\Ktardin\AppData\Local\d3d9caps.dat
2009-12-22 12:29 . 2009-12-22 12:29 4043544 ----a-w- c:\programdata\avg9\update\backup\avgui.exe
2009-12-22 12:28 . 2009-12-22 12:29 3966744 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll
2009-12-19 10:13 . 2009-12-22 12:29 294656 ----a-w- c:\programdata\avg9\update\backup\avglngx.dll
2009-12-18 13:54 . 2009-09-19 21:16 106472 ----a-w- c:\users\Ktardin\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-13 21:55 . 2009-09-20 18:16 -------- d-----w- c:\programdata\Messenger Plus!
2009-12-12 11:39 . 2010-01-01 13:19 2033432 ----a-w- c:\programdata\avg9\update\backup\avgtray.exe
2009-12-12 11:39 . 2009-12-22 12:29 3776280 ----a-w- c:\programdata\avg9\update\backup\setup.exe
2009-12-12 11:38 . 2009-12-19 10:13 2352920 ----a-w- c:\programdata\avg9\update\backup\avgresf.dll
2009-12-11 12:44 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-06 15:35 . 2009-12-06 15:35 -------- d-----w- c:\program files\MSXML 4.0
2009-12-04 20:30 . 2009-12-04 20:30 -------- d-----w- c:\users\Ktardin\AppData\Roaming\Samsung
2009-12-04 20:15 . 2009-12-04 20:15 -------- d-----w- c:\program files\Samsung
2009-11-30 16:59 . 2009-11-19 21:37 -------- d-----w- c:\program files\Spyware Doctor
2009-11-28 19:29 . 2009-11-27 21:21 -------- d-----w- c:\program files\Silkroad
2009-11-26 20:24 . 2009-11-26 20:24 -------- d-----w- c:\users\Ktardin\AppData\Roaming\Mael
2009-11-26 20:17 . 2009-11-26 20:17 -------- d-----w- c:\program files\HxD
2009-11-25 03:51 . 2009-11-25 03:51 5143552 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2009-11-25 03:17 . 2009-11-25 03:17 368640 ----a-w- c:\windows\system32\atieclxx.exe
2009-11-25 03:17 . 2009-11-25 03:17 172032 ----a-w- c:\windows\system32\atiesrxx.exe
2009-11-25 03:15 . 2009-09-18 14:16 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2009-11-25 03:15 . 2009-09-18 14:15 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2009-11-25 03:15 . 2009-11-25 03:15 274432 ----a-w- c:\windows\system32\Oemdspif.dll
2009-11-25 03:15 . 2009-11-25 03:15 11776 ----a-w- c:\windows\system32\atimuixx.dll
2009-11-25 03:14 . 2009-11-25 03:14 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2009-11-25 03:12 . 2009-11-25 03:12 3055616 ----a-w- c:\windows\system32\atidxx32.dll
2009-11-25 02:55 . 2009-09-18 13:56 3617792 ----a-w- c:\windows\system32\atiumdag.dll
2009-11-25 02:44 . 2009-11-25 02:44 13487616 ----a-w- c:\windows\system32\atioglxx.dll
2009-11-25 02:37 . 2009-09-18 13:38 2899968 ----a-w- c:\windows\system32\atiumdva.dll
2009-11-25 02:25 . 2009-11-25 02:25 52224 ----a-w- c:\windows\system32\atimpc32.dll
2009-11-25 02:25 . 2009-11-25 02:25 52224 ----a-w- c:\windows\system32\amdpcom32.dll
2009-11-25 02:25 . 2009-09-18 13:25 225280 ----a-w- c:\windows\system32\atiadlxx.dll
2009-11-25 02:21 . 2009-11-25 02:21 53248 ----a-w- c:\windows\system32\aticalrt.dll
2009-11-25 02:21 . 2009-11-25 02:21 53248 ----a-w- c:\windows\system32\aticalcl.dll
2009-11-25 02:20 . 2009-11-25 02:20 3629056 ----a-w- c:\windows\system32\aticaldd.dll
2009-11-25 02:10 . 2009-11-25 02:10 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2009-11-24 19:31 . 2009-11-09 19:06 -------- d-----w- c:\users\Ktardin\AppData\Roaming\dvdcss
2009-11-21 06:40 . 2009-12-09 16:55 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-09 16:55 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-09 16:55 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-09 16:55 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-20 22:12 . 2009-10-08 19:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-19 21:38 . 2009-11-19 21:37 -------- d-----w- c:\program files\Common Files\PC Tools
2009-11-19 21:37 . 2009-11-19 21:37 -------- d-----w- c:\users\Ktardin\AppData\Roaming\PC Tools
2009-11-19 21:37 . 2009-11-19 21:37 -------- d-----w- c:\programdata\PC Tools
2009-11-19 16:54 . 2009-11-19 16:54 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-11-19 16:53 . 2009-11-17 22:09 -------- d-----w- c:\programdata\LogiShrd
2009-11-18 20:19 . 2009-11-18 20:19 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-11-18 20:16 . 2009-11-18 20:16 -------- d-----w- c:\program files\Microsoft.NET
2009-11-17 22:12 . 2009-11-17 22:12 -------- d-----w- c:\users\Ktardin\AppData\Roaming\Leadertech
2009-11-17 22:10 . 2009-09-24 17:55 -------- d-----w- c:\program files\Common Files\logishrd
2009-11-17 22:09 . 2009-11-17 22:09 -------- d-----w- c:\program files\Logitech
2009-11-17 21:56 . 2009-11-17 21:55 -------- d-----w- c:\program files\VirtualDJ
2009-11-14 19:04 . 2009-11-14 19:04 -------- d-----w- c:\programdata\BioWare
2009-11-14 17:25 . 2009-09-19 21:57 -------- d-----w- c:\program files\AVG
2009-11-14 17:25 . 2009-09-19 23:14 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-14 17:25 . 2009-09-19 23:14 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-14 17:25 . 2009-09-19 23:14 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-14 17:25 . 2009-09-19 23:14 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-11-14 17:25 . 2009-11-14 17:25 -------- d-----w- c:\programdata\avg9
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
2009-11-09 19:05 . 2009-11-09 19:05 -------- d-----w- c:\program files\VideoLAN
2009-11-09 19:02 . 2009-11-09 19:02 -------- d-----w- c:\users\Ktardin\AppData\Roaming\DivX
2009-11-09 19:01 . 2009-11-09 19:01 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-11-08 16:41 . 2009-11-08 16:41 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-11-02 20:42 . 2009-10-03 12:02 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 09:41 . 2009-11-26 17:06 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-22 15:59 . 2009-10-22 15:59 196565 ----a-w- c:\windows\system32\atiicdxx.dat
2009-10-14 13:40 . 2009-10-14 13:40 296280 ----a-w- c:\programdata\LogiShrd\LQCVFX\Filters\VMSEF.dll
2009-10-14 13:37 . 2009-10-14 13:37 6781272 ----a-w- c:\programdata\LogiShrd\LQCVFX\Filters\MMSEF.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"CurseClient"="c:\program files\Curse\CurseClient.exe" [2009-06-08 1934336]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"snpstd"="c:\windows\vsnpstd.exe" [2005-10-11 339968]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-07-27 180224]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-01-01 2033432]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"Turbine Download Manager Tray Icon"="d:\games\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe" [2009-11-05 472568]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-18 98304]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux6"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^Users^Ktardin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\users\Ktardin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo R220 Series]
2006-12-25 04:00 177664 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIAIE.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-09-21 15:36 305440 ----a-w- d:\apps\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 00:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2008-01-21 02:23 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2009-10-25 21:45 1217808 ----a-w- d:\games\steam1\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-09-20 19:32 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [19/11/2009 21:37 206256]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [19/09/2009 23:14 333192]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [19/09/2009 23:14 360584]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [25/11/2009 03:17 172032]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [14/11/2009 17:25 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [14/11/2009 17:25 285392]
R2 LiveTurbineMessageService;Turbine Message Service - Live;d:\games\Turbine\Turbine Download Manager\TurbineMessageService.exe [22/12/2009 17:29 271856]
R3 LiveTurbineNetworkService;Turbine Network Service - Live;d:\games\Turbine\Turbine Download Manager\TurbineNetworkService.exe [22/12/2009 17:29 218608]
R3 netr73;Belkin Wireless 54G USB Network Adapter Driver for Vista;c:\windows\System32\drivers\netr73.sys [20/09/2009 18:52 464384]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;d:\games\Dragon Age\bin_ship\daupdatersvc.service.exe [14/11/2009 18:53 25832]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\System32\drivers\gan_adapter.sys [28/08/2006 23:54 10664]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [19/11/2009 21:37 348824]
S4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [17/08/2009 00:32 239648]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.co.uk/uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Ktardin\AppData\Roaming\Mozilla\Firefox\Profiles\vsgdaxkk.default\
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: d:\apps\iTunes\Mozilla Plugins\npitunes.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1480507214-855840707-331760698-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:68,c5,9e,e9,52,c8,9f,f6,cb,f4,a3,28,80,05,bf,5a,34,a2,b7,2e,72,d2,59,
8e,95,5c,82,ae,00,e5,c4,76,ea,3f,fd,e3,b1,1a,04,25,72,78,fb,36,43,f7,8d,82,\
"??"=hex:ec,7f,62,96,57,2c,d6,08,cc,a5,1f,55,b4,c4,7c,48
[HKEY_USERS\S-1-5-21-1480507214-855840707-331760698-1000\Software\SecuROM\License information*]
"datasecu"=hex:a2,93,7b,fe,05,55,55,a4,35,ca,f2,bd,82,f3,92,49,fe,0e,c0,2b,87,
b1,8a,a9,5c,c8,0a,48,cc,f8,40,db,74,05,e6,1f,48,f9,37,59,44,76,64,b4,0d,f3,\
"rkeysecu"=hex:0e,82,4a,75,98,b4,83,9d,e8,ae,1a,8f,39,8d,46,ed
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\AVG\AVG9\avgtray.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2010-01-06 19:07:42 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-06 19:07
ComboFix2.txt 2010-01-06 12:55
Pre-Run: 1,139,077,120 bytes free
Post-Run: 1,218,613,248 bytes free
Current=1 Default=1 Failed=0 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8
- - End Of File - - 716B67AC49E15A81F472CD8F981A53F5