Bad image popups C:\windows\system32\smtens.dll is not a valid windows image

Solved
By Rotten Rebel
Dec 5, 2010
Topic Status:
Not open for further replies.
  1. Hi,
    This is my first time posting and I hope I'm in the right place and someone can help me get rid of the pop ups.
    I searched for the error message and came up with nothing that matches the "smtens" part of my error message.

    I followed the first 8 steps you have listed and will paste the logs.

    Thank you for any help you may be able to provide.

    Rotten Rebel

    Malwarebytes' Anti-Malware 1.50
    www.malwarebytes.org

    Database version: 5248

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    12/5/2010 5:49:02 PM
    mbam-log-2010-12-05 (17-49-02).txt

    Scan type: Quick scan
    Objects scanned: 153314
    Time elapsed: 6 minute(s), 2 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)



    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2010-12-05 22:23:19
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\0000007c NVIDIA__ rev.
    Running: ou16uugo.exe; Driver: C:\DOCUME~1\XPS600~1\LOCALS~1\Temp\ugryrpog.sys


    ---- System - GMER 1.0.15 ----

    SSDT 8A550100 ZwConnectPort
    SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xB7EA2112]
    SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xB7E812D6]
    SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xB7E814C8]
    SSDT B86EA58C ZwCreateThread
    SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xB7EA2900]
    SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xB7EA2BB4]
    SSDT B86EA5AA ZwLoadKey
    SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xB7EA0E12]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xA9F5B6C0]
    SSDT B86EA57D ZwOpenThread
    SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xB7EA3020]
    SSDT B86EA5B4 ZwReplaceKey
    SSDT B86EA5AF ZwRestoreKey
    SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xB7EA23D2]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xA9F5B770]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xA9F5B810]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xA9F5B8B0]

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwCallbackReturn + 2CA0 8050453C 8 Bytes CALL 68650DF8
    .text ntkrnlpa.exe!ZwCallbackReturn + 2EE4 80504780 8 Bytes JMP 6EA5B4B7
    .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB685D380, 0x550AF5, 0xE8000020]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Spyware Doctor\pctsSvc.exe[2892] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 0044BC05 C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools)
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[3588] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 0044B8D9 C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools Tray Application/PC Tools)

    ---- Devices - GMER 1.0.15 ----

    Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
    Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

    AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Ip Lbd.sys (Boot Driver/Lavasoft AB)
    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Udp Lbd.sys (Boot Driver/Lavasoft AB)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp Lbd.sys (Boot Driver/Lavasoft AB)

    Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

    AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio)

    ---- EOF - GMER 1.0.15 ----




    DDS (Ver_10-12-05.01) - NTFSx86
    Run by XPS 600 at 22:30:45.20 on Sun 12/05/2010
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2045.1097 [GMT -5:00]

    AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
    AV: AVG Anti-Virus Free Edition 2011 *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
    AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
    FW: Norton AntiVirus *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

    ============== Running Processes ===============

    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\Windows SteadyState\SCTSvc.exe
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    svchost.exe
    C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files\AVG\AVG10\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files\Windows SteadyState\Bubble.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\AVG\AVG10\avgtray.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Documents and Settings\XPS 600\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\Program Files\AVG\AVG10\avgemcx.exe
    C:\Program Files\AVG\AVG10\avgnsx.exe
    C:\Program Files\AVG\AVG10\avgchsvx.exe
    C:\Program Files\AVG\AVG10\avgrsx.exe
    C:\Program Files\AVG\AVG10\avgcsrvx.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Documents and Settings\XPS 600\My Documents\Downloads\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://my.yahoo.com/
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Connection Wizard,ShellNext = hxxp://us.mcafee.com/root/campaign.asp?cid=15734
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
    BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
    TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
    TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
    uRun: [RemoteCenter] c:\program files\creative\mediasource\remotecontrol\RCMan.EXE
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Google Update] "c:\documents and settings\xps 600\local settings\application data\google\update\GoogleUpdate.exe" /c
    mRun: [CTHelper] CTHELPER.EXE
    mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
    mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe
    mRun: [Bubble] c:\program files\windows steadystate\Bubble.exe
    mRun: [Logoff] c:\program files\windows steadystate\SCTUINotify.exe
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
    mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    dRunOnce: [RealUpgradeHelper] "c:\program files\common files\real\update_ob\upgrdhlp.exe" "RealNetworks|RealPlayer|12.0"
    StartupFolder: c:\docume~1\xps600~1\startm~1\programs\startup\eventr~1.lnk - c:\pmw\PMREMIND.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\eventr~1.lnk - c:\program files\broderbund\printmaster\PMremind.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\scanne~1.lnk - c:\program files\scansuite\SDetect.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
    mPolicies-system: HideFastUserSwitching = 1 (0x1)
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
    IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
    IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
    IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    Trusted Zone: aol.com\free
    DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
    DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
    DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
    DPF: {38A5F6F0-0B64-421B-A553-3D49A76ECDCD} - hxxp://cdn.ll.neoedge.com/webgames/MythicMarbles/MythicMarbles.1.0.0.2.cab
    DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
    DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-24-0.cab
    DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cab
    DPF: {555F1BBC-6EC2-474F-84AF-633EF097FF54} - hxxp://www.worldwinner.com/games/v52/wwhearts/wwhearts.cab
    DPF: {56393399-041A-4650-94C7-13DFCB1F4665} - hxxp://www.ca.com/us/securityadvisor/pestscan/pestscan.cab
    DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
    DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
    DPF: {61900274-3323-4446-BDCD-91548D32AF1B} - hxxp://www.worldwinner.com/games/v56/spidersolitaire/spidersolitaire.cab
    DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1169378728031
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - hxxp://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
    DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://zone.msn.com/bingame/amun/default/mjolauncher.cab
    DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} - hxxp://zone.msn.com/bingame/zpagames/zpa_dmno.cab55579.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {8C63DABA-CBA8-4B5D-A0F7-AE00F2920929} - hxxp://cdn2.zone.msn.com/Bingame/BRDG/dataFiles/heartbeat.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} - hxxp://zone.msn.com/bingame/zpagames/zpa_hrtz.cab58570.cab
    DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} - hxxp://www.worldwinner.com/games/v46/sol/sol.cab
    DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} - hxxp://www.worldwinner.com/games/v49/luxor/luxor.cab
    DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
    DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} - hxxp://www.worldwinner.com/games/v42/tilecity/tilecity.cab
    DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} - hxxp://www.worldwinner.com/games/v45/royal/royal.cab
    DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} - hxxp://diy.view22.com/view22/diyapp/View22RTE.cab
    DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://support.f-secure.com/ols/fscax.cab
    DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} - hxxp://www.worldwinner.com/games/v47/familyfeud/familyfeud.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
    DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} - hxxp://zone.msn.com/bingame/gold/UnSkin/gf.cab
    DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab55579.cab
    DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} - hxxp://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab
    DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5257/mcfscan.cab
    Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
    AppInit_DLLs: smtens.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    LSA: Authentication Packages = msv1_0 c:\windows\system32\mlJAsTjk

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\xps600~1\applic~1\mozilla\firefox\profiles\thy8db67.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
    FF - prefs.js: keyword.URL - hxxp://ws.infospace.com/gamers_tbar/ws/redir?_iceUrl=true&user_id=38549313&tool_id=60531&qkw=
    FF - component: c:\documents and settings\xps 600\application data\mozilla\firefox\profiles\thy8db67.default\extensions\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\components\Engine.dll
    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\documents and settings\xps 600\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Extension: Gamers Unite! Snag Bar: {afe43e80-0abc-4df2-81a0-3fe44b74abe8} - c:\docume~1\xps600~1\applic~1\mozilla\firefox\profiles\thy8db67.default\extensions\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    ============= SERVICES / DRIVERS ===============

    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
    R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [2008-6-24 9344]
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-11-9 64288]
    R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-11-28 218592]
    R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-12-5 11608]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 249424]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 299984]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-12-5 135336]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-12-5 267944]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-11-10 6127184]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-12-5 60936]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
    R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2010-12-4 632792]
    R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\pfmodnt.sys [2006-12-16 16168]
    R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-11-28 366840]
    R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-11-28 1142224]
    R2 Windows SteadyState;Windows SteadyState Service;c:\program files\windows steadystate\SCTSvc.exe [2008-5-30 115728]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
    R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-9-23 1375992]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-28 136176]
    S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2010-10-22 517448]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\common files\symantec shared\eengine\eraserutilrebootdrv.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [?]
    S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-21 18688]
    S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-21 8320]
    S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-6-18 23680]
    S3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2008-8-14 1245064]
    S4 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\bsudf.sys [2008-6-24 448640]

    =============== File Associations ===============

    regfile=regedit.exe "%1" %*
    scrfile="%1" %*

    =============== Created Last 30 ================

    2010-12-05 21:35:45 -------- d-----w- c:\docume~1\xps600~1\applic~1\Avira
    2010-12-05 21:32:33 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2010-12-05 21:32:31 -------- d-----w- c:\program files\Avira
    2010-12-05 21:32:31 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira
    2010-12-05 03:32:15 -------- d-----w- c:\program files\ESET
    2010-12-04 21:26:03 -------- d-----w- c:\docume~1\xps600~1\applic~1\ErrorTeck
    2010-12-04 21:13:43 -------- d-----w- c:\docume~1\xps600~1\applic~1\PCFix
    2010-12-04 21:08:14 -------- d-----w- c:\docume~1\alluse~1\applic~1\STOPzilla!
    2010-12-04 20:05:05 880640 ----a-w- c:\windows\system32\UniBox10.ocx
    2010-12-04 20:05:05 37336 ----a-w- c:\windows\system32\CleanMFT32.exe
    2010-12-04 20:05:05 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
    2010-12-04 20:05:05 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
    2010-12-04 19:49:50 -------- d-----w- c:\docume~1\alluse~1\applic~1\RegSERVO
    2010-12-04 19:26:41 -------- d-----w- c:\docume~1\xps600~1\locals~1\applic~1\PackageAware
    2010-12-04 19:08:57 -------- d-----w- c:\docume~1\xps600~1\applic~1\FixCleaner
    2010-12-04 19:08:39 -------- d-----w- c:\program files\FixCleaner
    2010-12-04 16:54:44 20 ----a-w- c:\windows\system32\SMTENS.DLL
    2010-11-28 12:07:26 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
    2010-11-28 12:07:16 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
    2010-11-28 12:07:16 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
    2010-11-28 12:07:11 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
    2010-11-28 12:06:49 -------- d-----w- c:\program files\Spyware Doctor
    2010-11-28 12:06:49 -------- d-----w- c:\program files\common files\PC Tools
    2010-11-28 12:06:49 -------- d-----w- c:\docume~1\xps600~1\applic~1\PC Tools
    2010-11-28 12:06:49 -------- d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
    2010-11-23 16:48:19 -------- d-----w- c:\program files\Cell Phone Manager
    2010-11-23 01:04:54 -------- d-----w- C:\WINNT
    2010-11-22 23:28:18 -------- d-----w- c:\program files\BitPim
    2010-11-15 14:07:57 11776 ----a-w- c:\program files\mozilla firefox\plugins\nprjplug.dll
    2010-11-15 14:07:48 -------- d-----w- c:\program files\common files\xing shared
    2010-11-15 14:07:40 151776 ----a-w- c:\program files\mozilla firefox\plugins\nppl3260.dll
    2010-11-15 14:07:32 100352 ----a-w- c:\program files\mozilla firefox\plugins\nprpjplug.dll
    2010-11-10 15:13:03 388096 ----a-r- c:\docume~1\xps600~1\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2010-11-10 15:12:37 1402880 ----a-w- c:\program files\HiJackThis.msi
    2010-11-10 14:13:51 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-11-10 14:13:50 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-11-10 06:40:07 15880 ----a-w- c:\windows\system32\lsdelete.exe
    2010-11-10 04:50:07 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2010-11-10 04:50:05 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-11-10 04:47:22 -------- d-----w- c:\docume~1\xps600~1\locals~1\applic~1\Sunbelt Software
    2010-11-10 04:46:27 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{E961CE1B-C3EA-4882-9F67-F859B555D097}
    2010-11-10 04:46:08 -------- d-----w- c:\program files\Lavasoft
    2010-11-06 16:37:34 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
    2010-11-06 16:37:34 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

    ==================== Find3M ====================

    2010-10-14 23:44:02 4280320 ----a-w- c:\windows\system32\GPhotos.scr
    2010-09-28 15:32:45 2098 --sha-w- c:\windows\system32\KGyGaAvL.sys
    2010-09-18 16:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
    2010-09-15 08:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-09-15 06:29:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl

    ============= FINISH: 22:34:02.21 ===============
  2. Rotten Rebel

    Rotten Rebel Newcomer, in training Topic Starter Posts: 34

    DDS (Ver_10-12-05.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 1/9/2007 12:00:19 AM
    System Uptime: 12/5/2010 5:37:27 PM (5 hours ago)

    Motherboard: Dell Inc. | | 0XH241
    Processor: Intel(R) Pentium(R) D CPU 3.46GHz | Microprocessor | 3990/1066mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 466 GiB total, 427.448 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    F: is Removable
    G: is Removable

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP1359: 9/6/2010 11:49:56 PM - System Checkpoint
    RP1360: 9/10/2010 4:55:47 PM - System Checkpoint
    RP1361: 9/11/2010 4:26:26 PM - Avg Update
    RP1362: 9/13/2010 8:31:44 AM - System Checkpoint
    RP1363: 9/14/2010 3:59:29 PM - Software Distribution Service 3.0
    RP1364: 9/15/2010 9:28:28 AM - Software Distribution Service 3.0
    RP1365: 9/17/2010 12:30:08 PM - System Checkpoint
    RP1366: 9/18/2010 1:59:30 PM - System Checkpoint
    RP1367: 9/19/2010 3:27:29 PM - System Checkpoint
    RP1368: 9/20/2010 5:25:09 PM - System Checkpoint
    RP1369: 9/21/2010 9:08:05 PM - System Checkpoint
    RP1370: 9/22/2010 10:24:23 PM - System Checkpoint
    RP1371: 9/23/2010 7:54:43 AM - Avg Update
    RP1372: 9/23/2010 7:56:45 AM - Avg Update
    RP1373: 9/24/2010 8:17:03 AM - System Checkpoint
    RP1374: 9/25/2010 8:16:26 AM - Installed Java(TM) 6 Update 21
    RP1375: 9/26/2010 1:19:38 PM - System Checkpoint
    RP1376: 9/27/2010 2:13:10 PM - System Checkpoint
    RP1377: 9/28/2010 9:28:15 PM - System Checkpoint
    RP1378: 9/29/2010 9:50:52 PM - System Checkpoint
    RP1379: 9/30/2010 7:55:04 AM - Software Distribution Service 3.0
    RP1380: 10/1/2010 10:18:50 AM - System Checkpoint
    RP1381: 10/2/2010 12:57:42 PM - System Checkpoint
    RP1382: 10/3/2010 10:10:54 PM - System Checkpoint
    RP1383: 10/4/2010 10:13:47 PM - System Checkpoint
    RP1384: 10/5/2010 8:03:40 AM - Avg Update
    RP1385: 10/6/2010 8:43:22 AM - Software Distribution Service 3.0
    RP1386: 10/7/2010 8:46:25 AM - System Checkpoint
    RP1387: 10/8/2010 9:23:44 AM - System Checkpoint
    RP1388: 10/9/2010 10:25:34 AM - System Checkpoint
    RP1389: 10/10/2010 2:01:03 PM - System Checkpoint
    RP1390: 10/11/2010 8:10:31 PM - System Checkpoint
    RP1391: 10/13/2010 8:35:41 AM - System Checkpoint
    RP1392: 10/14/2010 7:54:04 AM - Software Distribution Service 3.0
    RP1393: 10/15/2010 12:07:56 PM - System Checkpoint
    RP1394: 10/16/2010 12:29:03 PM - System Checkpoint
    RP1395: 10/17/2010 9:28:10 PM - System Checkpoint
    RP1396: 10/18/2010 10:28:49 PM - System Checkpoint
    RP1397: 10/20/2010 12:06:47 AM - System Checkpoint
    RP1398: 10/21/2010 11:29:21 AM - System Checkpoint
    RP1399: 10/22/2010 8:51:39 AM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    RP1400: 10/22/2010 8:51:47 AM - Installed AVG 2011
    RP1401: 10/22/2010 8:52:17 AM - Removed AVG Free 9.0
    RP1402: 10/22/2010 8:55:44 AM - Installed AVG 2011
    RP1403: 10/22/2010 9:16:44 AM - Installed Java(TM) 6 Update 22
    RP1404: 10/23/2010 11:10:25 AM - System Checkpoint
    RP1405: 10/24/2010 1:30:17 PM - System Checkpoint
    RP1406: 10/25/2010 1:42:23 PM - System Checkpoint
    RP1407: 10/26/2010 3:57:31 PM - System Checkpoint
    RP1408: 10/27/2010 6:23:33 PM - System Checkpoint
    RP1409: 10/28/2010 7:13:39 PM - System Checkpoint
    RP1410: 10/29/2010 8:51:42 PM - System Checkpoint
    RP1411: 10/31/2010 11:30:17 AM - System Checkpoint
    RP1412: 11/1/2010 11:36:33 AM - System Checkpoint
    RP1413: 11/2/2010 12:52:10 PM - System Checkpoint
    RP1414: 11/3/2010 10:13:46 PM - System Checkpoint
    RP1415: 11/4/2010 10:41:30 PM - System Checkpoint
    RP1416: 11/6/2010 5:47:08 AM - System Checkpoint
    RP1417: 11/7/2010 2:14:07 PM - System Checkpoint
    RP1418: 11/8/2010 8:41:57 PM - System Checkpoint
    RP1419: 11/9/2010 11:29:10 AM - Installed HiJackThis
    RP1420: 11/10/2010 9:11:20 AM - Removed HiJackThis
    RP1421: 11/10/2010 9:38:55 AM - Software Distribution Service 3.0
    RP1422: 11/10/2010 10:13:02 AM - Installed HiJackThis
    RP1423: 11/10/2010 4:27:21 PM - Installed Windows XP -- Software Updates KB952011.
    RP1424: 11/11/2010 5:26:19 PM - System Checkpoint
    RP1425: 11/12/2010 5:37:42 PM - System Checkpoint
    RP1426: 11/13/2010 9:02:34 PM - System Checkpoint
    RP1427: 11/14/2010 9:05:23 PM - System Checkpoint
    RP1428: 11/15/2010 9:22:03 PM - System Checkpoint
    RP1429: 11/16/2010 10:02:22 PM - System Checkpoint
    RP1430: 11/17/2010 10:02:39 PM - System Checkpoint
    RP1431: 11/18/2010 10:05:00 PM - System Checkpoint
    RP1432: 11/19/2010 11:26:50 PM - System Checkpoint
    RP1433: 11/21/2010 6:08:53 AM - System Checkpoint
    RP1434: 11/22/2010 9:53:02 AM - System Checkpoint
    RP1435: 11/22/2010 7:58:51 PM - Installed DataPilot Trial
    RP1436: 11/23/2010 9:05:38 PM - System Checkpoint
    RP1437: 11/24/2010 9:27:18 PM - System Checkpoint
    RP1438: 11/25/2010 10:16:52 PM - System Checkpoint
    RP1439: 11/26/2010 10:17:59 PM - System Checkpoint
    RP1440: 11/27/2010 10:46:06 PM - System Checkpoint
    RP1441: 11/28/2010 8:34:28 AM - Removed Google Apps
    RP1442: 11/28/2010 6:07:51 PM - Spyware Doctor: Cleaning Threats
    RP1443: 11/29/2010 6:05:21 PM - Spyware Doctor: Cleaning Threats
    RP1444: 11/30/2010 7:52:19 PM - System Checkpoint
    RP1445: 11/30/2010 8:25:23 PM - Spyware Doctor: Cleaning Threats
    RP1446: 12/1/2010 6:49:46 PM - Spyware Doctor: Cleaning Threats
    RP1447: 12/2/2010 9:41:58 PM - Spyware Doctor: Cleaning Threats
    RP1448: 12/2/2010 11:27:08 PM - Spyware Doctor: Cleaning Threats
    RP1449: 12/3/2010 8:01:52 PM - Spyware Doctor: Cleaning Threats
    RP1450: 12/4/2010 2:08:39 PM - Installed FixCleaner
    RP1451: 12/4/2010 2:35:51 PM - Removed FixCleaner
    RP1452: 12/4/2010 2:39:06 PM - Spyware Doctor: Cleaning Threats
    RP1453: 12/4/2010 2:39:39 PM - Installed FixCleaner
    RP1454: 12/4/2010 3:22:41 PM - Made by Registry Mechanic O
    RP1455: 12/4/2010 3:38:35 PM - Removed FixCleaner
    RP1456: 12/4/2010 3:45:41 PM - Made by Registry Mechanic O
    RP1457: 12/4/2010 4:08:06 PM - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
    RP1458: 12/4/2010 4:16:41 PM - Configured DataPilot Trial
    RP1459: 12/4/2010 4:30:02 PM - ErrorTeck Restore point
    RP1460: 12/4/2010 7:08:58 PM - Made by Registry Mechanic O
    RP1461: 12/4/2010 8:01:35 PM - Spyware Doctor: Cleaning Threats
    RP1462: 12/5/2010 12:33:00 PM - Spyware Doctor: Cleaning Threats
    RP1463: 12/5/2010 4:16:41 PM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
    RP1464: 12/5/2010 4:32:31 PM - Avira AntiVir Personal - 12/5/2010 16:30

    ==== Installed Programs ======================

    Acrobat.com
    Ad-Aware
    Adobe Acrobat 6.0 Standard
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Photoshop CS
    Adobe Reader 9.4.1
    Adobe Shockwave Player 11.5
    Aloha Solitaire
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Ares 2.0.9
    Art Explosion T-Shirt Factory Deluxe
    AVG 2011
    Avira AntiVir Personal - Free Antivirus
    BitPim 1.0.7
    Bonjour
    Bounce Out Blitz
    Camera Window DS
    Canon Camera Access Library
    Canon Camera Support Core Library
    Canon Camera Window DSLR 5 for ZoomBrowser EX
    Canon G.726 WMP-Decoder
    Canon i9900
    Canon MovieEdit Task for ZoomBrowser EX
    Canon PhotoRecord
    Canon PowerShot A40 WIA Driver
    Canon RAW Image Task for ZoomBrowser EX
    Canon Utilities CameraWindow
    Canon Utilities CameraWindow DC
    Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
    Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
    Canon Utilities Easy-PhotoPrint
    Canon Utilities Easy-PhotoPrint Plus
    Canon Utilities MyCamera
    Canon Utilities MyCamera DC
    Canon Utilities PhotoStitch 3.1
    Canon Utilities RemoteCapture DC
    Canon Utilities RemoteCapture Task for ZoomBrowser EX
    Canon Utilities ZoomBrowser EX
    Canon ZoomBrowser EX Memory Card Utility
    CCleaner
    Corel Paint Shop Pro Photo XI
    Corel Snapfire Plus
    Coupon Printer for Windows
    Creative MediaSource
    Creative System Information
    DrawPlus 3.0
    Driver Detective
    Easy-WebPrint
    ESET Online Scanner v3
    Express Rip
    GameHouse Sudoku
    Golden Records
    Google Chrome
    Google Earth
    Google Photos Screensaver
    Google Update Helper
    HiJackThis
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    HyperLoad - Mah Jongg
    InCD (Ahead Software)
    Indeo® software
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 2
    Java(TM) 6 Update 22
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    LimeWire 5.4.6
    Little Shop of Treasures
    LiveUpdate (Symantec Corporation)
    Mah Jong Medley
    Mahjong Fortuna 2
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Professional Edition 2003
    Microsoft Silverlight
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Web Publishing Wizard 1.52
    Microtek ScanSuite 1.2
    Microtek ScanWizard
    Mozilla Firefox (3.6.12)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nero - Burning Rom
    NVIDIA Display Control Panel
    NVIDIA Drivers
    NVIDIA nView Desktop Manager
    OGA Notifier 2.0.0048.0
    Photo Explosion Deluxe
    PhotoStitch
    Picasa 3
    Pixillion Image Converter
    PowerDVD
    PrintMaster
    PrintMaster Gold 4.00
    Prism Video Converter
    QuickTime
    RadarSync
    RealArcade
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    RealUpgrade 1.1
    Registry Mechanic 10.0
    Roxio Creator Audio
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator Premier
    Roxio Creator Tools
    Roxio Drag-to-Disc
    Roxio EasyArchive
    Roxio Express Labeler
    Roxio Update Manager
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 7 (KB974455)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows XP (KB923789)
    Shape Shifter
    Sierra Garden Encyclopedia
    Sierra Photo Garden Designer
    Slingo Supreme
    Sound Blaster Audigy 2 ZS
    SoundTap Streaming Audio Recorder
    Splash
    Spring Sprang Sprung
    Spyware Doctor 7.0
    Super Collapse! 3
    Super Gem Drop
    Switch Sound File Converter
    SymNet
    System Requirements Lab
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 7 (KB976749)
    Update for Windows Internet Explorer 8 (KB975364)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows Internet Explorer 8 (KB980302)
    URGE
    USB-IrDA Adapter
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    VueScan
    WebFldrs XP
    Windows Defender
    Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live OneCare safety scanner
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Rights Management Client Backwards Compatibility SP2
    Windows Rights Management Client with Service Pack 2
    Windows SteadyState
    Windows XP Service Pack 3
    XML Paper Specification Shared Components Pack 1.0
    Xvid 1.1.3 final uninstall
    Yahoo! Music Jukebox
    Yahoo! Software Update
    Zuma Deluxe

    ==== Event Viewer Messages From Past Week ========

    12/5/2010 5:35:11 PM, error: Service Control Manager [7034] - The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s).
    12/5/2010 5:35:11 PM, error: Service Control Manager [7034] - The PC Tools Startup and Shutdown Monitor service service terminated unexpectedly. It has done this 1 time(s).
    12/5/2010 5:35:11 PM, error: Service Control Manager [7034] - The PC Tools Auxiliary Service service terminated unexpectedly. It has done this 1 time(s).
    12/5/2010 5:35:11 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    12/5/2010 5:35:11 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
    12/5/2010 5:35:11 PM, error: Service Control Manager [7034] - The Canon Camera Access Library 8 service terminated unexpectedly. It has done this 1 time(s).
    12/5/2010 5:35:11 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
    12/5/2010 5:35:11 PM, error: Service Control Manager [7034] - The Automatic LiveUpdate Scheduler service terminated unexpectedly. It has done this 1 time(s).
    12/5/2010 5:35:11 PM, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    12/5/2010 5:35:11 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    12/5/2010 5:35:00 PM, error: Service Control Manager [7034] - The Windows SteadyState Service service terminated unexpectedly. It has done this 1 time(s).
    12/5/2010 4:16:25 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the szserver service.
    12/4/2010 6:23:13 AM, error: System Error [1003] - Error code 1000000a, parameter1 01600104, parameter2 00000002, parameter3 00000001, parameter4 806e6a2a.
    12/4/2010 4:07:35 PM, error: Service Control Manager [7034] - The WMDM PMSP Service service terminated unexpectedly. It has done this 1 time(s).
    12/4/2010 4:07:35 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
    12/4/2010 4:07:35 PM, error: Service Control Manager [7034] - The Creative Service for CDROM Access service terminated unexpectedly. It has done this 1 time(s).
    12/4/2010 3:29:12 PM, error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
    12/4/2010 3:28:35 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Windows SteadyState service.
    11/30/2010 7:07:17 AM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).

    ==== End Of File ===========================
  3. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ======================================================================

    You're running two AV programs, Avira and AVG.
    One of them has to go.
    If AVG (preferably; it has to be uninstalled anyway to run one of the tools, which will follow), use this tool to uninstall it: http://www.avg.com/us-en/download-tools

    When done....

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    ======================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AVG Remover to uninstall it: http://www.avg.com/us-en/download-tools
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.pif
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  4. Rotten Rebel

    Rotten Rebel Newcomer, in training Topic Starter Posts: 34

    Hi Broni,

    Thank you for the welcome and also your quick response to my rescue.

    I removed the AVG as recommended and disabled the other AV running and downloaded the MBRCheck and Combofix. I ran both scans and here are the results.

    I'm certain there are more things you want done after reviewing these logs, so I will await your reply.

    Thanks again,

    Rotten Rebel



    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Professional
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x0000007d

    Kernel Drivers (total 164):
    0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
    0x806E4000 \WINDOWS\system32\hal.dll
    0xB85A8000 \WINDOWS\system32\KDCOM.DLL
    0xB84B8000 \WINDOWS\system32\BOOTVID.dll
    0xB7F87000 fltmgr.sys
    0xB7F59000 ACPI.sys
    0xB85AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xB7F48000 pci.sys
    0xB80A8000 isapnp.sys
    0xB80B8000 ohci1394.sys
    0xB80C8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
    0xB8670000 pciide.sys
    0xB8328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xB80D8000 MountMgr.sys
    0xB7F29000 ftdisk.sys
    0xB85AC000 dmload.sys
    0xB7F03000 dmio.sys
    0xB7EF0000 nvraid.sys
    0xB80E8000 \WINDOWS\system32\drivers\CLASSPNP.SYS
    0xB8330000 PartMgr.sys
    0xB80F8000 VolSnap.sys
    0xB7ED8000 atapi.sys
    0xB7EC1000 nvatabus.sys
    0xB8108000 disk.sys
    0xB7EAF000 sr.sys
    0xB7E76000 PCTCore.sys
    0xB8118000 Lbd.sys
    0xB7E5F000 DRVMCDB.SYS
    0xB84BC000 bsstor.sys
    0xB8128000 PxHelp20.sys
    0xB7E48000 KSecDD.sys
    0xB7E35000 WudfPf.sys
    0xB7DA8000 Ntfs.sys
    0xB7D7B000 NDIS.sys
    0xB7D61000 Mup.sys
    0xB8148000 \SystemRoot\system32\DRIVERS\nic1394.sys
    0xB82D8000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0xB61B7000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
    0xB6084000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xB8408000 \SystemRoot\system32\DRIVERS\fdc.sys
    0xB8218000 \SystemRoot\system32\DRIVERS\serial.sys
    0xB7D35000 \SystemRoot\system32\DRIVERS\serenum.sys
    0xB8410000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0xB5FE8000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xB8418000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xB7518000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xB85C8000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
    0xB8258000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xB8268000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xB5FC5000 \SystemRoot\system32\DRIVERS\ks.sys
    0xB84B0000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0xB5F47000 \SystemRoot\system32\drivers\ctaud2k.sys
    0xB5F23000 \SystemRoot\system32\drivers\portcls.sys
    0xB8278000 \SystemRoot\system32\drivers\drmk.sys
    0xB5EEF000 \SystemRoot\system32\drivers\ctoss2k.sys
    0xB8480000 \SystemRoot\system32\drivers\ctprxy2k.sys
    0xB7A54000 \SystemRoot\system32\DRIVERS\gameenum.sys
    0xB82C8000 \SystemRoot\system32\DRIVERS\nvnetbus.sys
    0xB5E05000 \SystemRoot\system32\DRIVERS\NVNRM.SYS
    0xB82E8000 \SystemRoot\system32\drivers\nchssvad.sys
    0xB87B5000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xB82F8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xB7A50000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xB5DEE000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xB8308000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xB8318000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xB8488000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xB5DDD000 \SystemRoot\system32\DRIVERS\psched.sys
    0xB8158000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xB8490000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xB8498000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xB5DAD000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0xB8168000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xB84A0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xB84A8000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xB8350000 \SystemRoot\system32\DRIVERS\SymIM.sys
    0xB860A000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xB5D4F000 \SystemRoot\system32\DRIVERS\update.sys
    0xB8584000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xB8198000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xB81A8000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xB8612000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xB81B8000 \SystemRoot\system32\DRIVERS\NVENETFD.sys
    0xB1A85000 \SystemRoot\system32\drivers\hap16v2k.sys
    0xB197B000 \SystemRoot\system32\drivers\ha10kx2k.sys
    0xB194C000 \SystemRoot\system32\drivers\emupia2k.sys
    0xB1923000 \SystemRoot\system32\drivers\ctsfm2k.sys
    0xB1887000 \SystemRoot\system32\drivers\ctac32k.sys
    0xB1705000 \SystemRoot\system32\COMMONFX.DLL
    0xB167A000 \SystemRoot\system32\CTAUDFX.DLL
    0xB15EC000 \SystemRoot\system32\CTSBLFX.DLL
    0xB8388000 \SystemRoot\system32\DRIVERS\flpydisk.sys
    0xB7D1D000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0xB74D8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0xB8390000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0xB83A0000 \SystemRoot\system32\DRIVERS\usbprint.sys
    0xB83A8000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0xB7CD8000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0xB83B0000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0xB7CCC000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0xB83B8000 \SystemRoot\system32\DRIVERS\NuidFltr.sys
    0xB7488000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
    0xB1571000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
    0xB8620000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xB86D1000 \SystemRoot\System32\Drivers\Null.SYS
    0xB8622000 \SystemRoot\System32\Drivers\Beep.SYS
    0xB83C8000 \SystemRoot\System32\Drivers\DLARTL_M.SYS
    0xB83D0000 \SystemRoot\System32\drivers\vga.sys
    0xB8624000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xB8626000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xB83D8000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xB83E0000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xB7CB4000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xB153E000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xB14E5000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xB1495000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xB146F000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xB8238000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xB1442000 \SystemRoot\System32\Drivers\SYMTDI.SYS
    0xB141D000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
    0xB8248000 \SystemRoot\system32\DRIVERS\arp1394.sys
    0xB3C4B000 \SystemRoot\System32\Drivers\SYMREDRV.SYS
    0xB8628000 \SystemRoot\System32\Drivers\SYMDNS.SYS
    0xB83E8000 \SystemRoot\System32\Drivers\SYMNDIS.SYS
    0xB1317000 \SystemRoot\System32\Drivers\SYMFW.SYS
    0xB83F0000 \SystemRoot\System32\Drivers\SYMIDS.SYS
    0xB12F5000 \SystemRoot\System32\drivers\afd.sys
    0xB8288000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xB8400000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
    0xB12CA000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xB125A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xB8298000 \SystemRoot\System32\Drivers\Fips.SYS
    0xB1237000 \SystemRoot\system32\DRIVERS\avipbb.sys
    0xB8634000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
    0xB17D8000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xB11FC000 \SystemRoot\System32\Drivers\dump_nvraid.sys
    0xB17C8000 \SystemRoot\System32\Drivers\dump_CLASSPNP.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xB7D19000 \SystemRoot\System32\drivers\Dxapi.sys
    0xB133D000 \SystemRoot\System32\watchdog.sys
    0xBD000000 \SystemRoot\System32\drivers\dxg.sys
    0xB8768000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBD012000 \SystemRoot\System32\nv4_disp.dll
    0xB0E0D000 \SystemRoot\system32\DRIVERS\avgntflt.sys
    0xB1848000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
    0xB87EC000 \SystemRoot\System32\DLA\DLADResM.SYS
    0xB0DCD000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
    0xB8470000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
    0xB860C000 \SystemRoot\System32\DLA\DLAPoolM.SYS
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0xB1355000 \SystemRoot\System32\DLA\DLABMFSM.SYS
    0xB1335000 \SystemRoot\System32\DLA\DLABOIOM.SYS
    0xB0CEF000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
    0xB0CD8000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
    0xB0D19000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xB09B3000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xB08D6000 \SystemRoot\system32\drivers\wdmaud.sys
    0xB0C50000 \SystemRoot\system32\drivers\sysaudio.sys
    0xB059F000 \SystemRoot\System32\Drivers\HTTP.sys
    0xB0738000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
    0xB0457000 \SystemRoot\system32\DRIVERS\srv.sys
    0xB0440000 \??\C:\WINDOWS\system32\drivers\PfModNT.sys
    0xB0CB8000 \??\C:\Program Files\Spyware Doctor\PCTSDInj32.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 53):
    0 System Idle Process
    4 System
    932 C:\WINDOWS\system32\smss.exe
    988 csrss.exe
    1012 C:\WINDOWS\system32\winlogon.exe
    1064 C:\WINDOWS\system32\services.exe
    1076 C:\WINDOWS\system32\lsass.exe
    1304 C:\WINDOWS\system32\nvsvc32.exe
    1356 C:\WINDOWS\system32\svchost.exe
    1428 svchost.exe
    1612 C:\WINDOWS\system32\svchost.exe
    1636 C:\Program Files\Windows SteadyState\SCTSvc.exe
    1700 C:\WINDOWS\system32\svchost.exe
    1828 svchost.exe
    1980 svchost.exe
    268 C:\WINDOWS\system32\spoolsv.exe
    316 C:\Program Files\Avira\AntiVir Desktop\sched.exe
    460 svchost.exe
    740 C:\WINDOWS\explorer.exe
    1348 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    1508 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    1548 C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    1580 C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    1860 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    1904 C:\Program Files\Bonjour\mDNSResponder.exe
    1944 C:\WINDOWS\system32\CTSVCCDA.EXE
    580 C:\Program Files\Java\jre6\bin\jqs.exe
    296 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    888 C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
    1372 C:\Program Files\Spyware Doctor\pctsAuxs.exe
    1856 C:\Program Files\Spyware Doctor\pctsSvc.exe
    2216 C:\Program Files\Spyware Doctor\pctsTray.exe
    2228 C:\WINDOWS\system32\svchost.exe
    2368 C:\WINDOWS\system32\MsPMSPSv.exe
    2416 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    3148 C:\Program Files\Canon\CAL\CALMAIN.exe
    4068 alg.exe
    3140 C:\WINDOWS\system32\CtHelper.exe
    3424 C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    3444 C:\Program Files\Windows SteadyState\Bubble.exe
    3484 C:\Program Files\iTunes\iTunesHelper.exe
    3192 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    3528 C:\WINDOWS\system32\wbem\unsecapp.exe
    3604 wmiprvse.exe
    1148 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    1584 C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
    188 C:\WINDOWS\system32\ctfmon.exe
    1576 C:\Documents and Settings\XPS 600\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    1592 C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    2900 C:\WINDOWS\system32\ntvdm.exe
    2648 C:\Program Files\iPod\bin\iPodService.exe
    2724 C:\Program Files\Mozilla Firefox\firefox.exe
    2040 C:\Documents and Settings\XPS 600\My Documents\Downloads\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

    PhysicalDrive0 Model Number: NVIDIASTRIPE 465.77G, Rev:

    Size Device Name MBR Status
    --------------------------------------------
    465 GB \\.\PhysicalDrive0 RE: Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


    Done!



    ComboFix 10-12-04.06 - XPS 600 12/06/2010 10:57:06.1.4 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2045.1574 [GMT -5:00]
    Running from: c:\documents and settings\XPS 600\Desktop\ComboFix.exe
    AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
    AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
    AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
    FW: Norton AntiVirus *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\drivers\core.cache(2).dsk
    c:\windows\system32\drivers\core.cache(3).dsk
    c:\windows\system32\eventmgr.exe
    c:\windows\system32\SMTENS.DLL

    .
    ((((((((((((((((((((((((( Files Created from 2010-11-06 to 2010-12-06 )))))))))))))))))))))))))))))))
    .

    2010-12-05 21:35 . 2010-12-05 21:35 -------- d-----w- c:\documents and settings\XPS 600\Application Data\Avira
    2010-12-05 21:32 . 2010-08-02 21:10 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2010-12-05 21:32 . 2010-08-02 21:10 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2010-12-05 21:32 . 2010-06-17 20:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
    2010-12-05 21:32 . 2010-06-17 20:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
    2010-12-05 21:32 . 2010-12-05 21:32 -------- d-----w- c:\program files\Avira
    2010-12-05 21:32 . 2010-12-05 21:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
    2010-12-05 03:32 . 2010-12-05 03:32 -------- d-----w- c:\program files\ESET
    2010-12-04 21:26 . 2010-12-04 21:30 -------- d-----w- c:\documents and settings\XPS 600\Application Data\ErrorTeck
    2010-12-04 21:13 . 2010-12-04 21:14 -------- d-----w- c:\documents and settings\XPS 600\Application Data\PCFix
    2010-12-04 21:08 . 2010-12-05 21:16 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
    2010-12-04 20:05 . 2010-09-16 17:26 37336 ----a-w- c:\windows\system32\CleanMFT32.exe
    2010-12-04 20:05 . 2008-04-02 21:54 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
    2010-12-04 20:05 . 2008-04-02 21:53 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
    2010-12-04 20:05 . 2008-04-02 21:53 880640 ----a-w- c:\windows\system32\UniBox10.ocx
    2010-12-04 19:49 . 2010-12-04 19:50 -------- d-----w- c:\documents and settings\All Users\Application Data\RegSERVO
    2010-12-04 19:26 . 2010-12-04 19:26 -------- d-----w- c:\documents and settings\XPS 600\Local Settings\Application Data\PackageAware
    2010-12-04 19:08 . 2010-12-04 19:37 -------- d-----w- c:\documents and settings\XPS 600\Application Data\FixCleaner
    2010-12-04 19:08 . 2010-12-04 20:38 -------- d-----w- c:\program files\FixCleaner
    2010-12-03 04:26 . 2010-12-03 04:26 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\AVG Security Toolbar
    2010-11-28 12:10 . 2010-11-28 12:10 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
    2010-11-28 12:07 . 2010-02-05 14:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
    2010-11-28 12:07 . 2010-03-29 15:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
    2010-11-28 12:07 . 2009-11-23 18:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
    2010-11-28 12:07 . 2010-04-08 19:29 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
    2010-11-28 12:06 . 2010-12-06 15:43 -------- d-----w- c:\program files\Spyware Doctor
    2010-11-28 12:06 . 2010-12-04 20:05 -------- d-----w- c:\program files\Common Files\PC Tools
    2010-11-28 12:06 . 2010-11-28 12:06 -------- d-----w- c:\documents and settings\XPS 600\Application Data\PC Tools
    2010-11-28 12:06 . 2010-11-28 12:06 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
    2010-11-23 16:48 . 2010-12-05 21:15 -------- d-----w- c:\program files\Cell Phone Manager
    2010-11-23 01:04 . 2010-11-23 01:04 -------- d-----w- C:\WINNT
    2010-11-22 23:28 . 2010-11-22 23:28 -------- d-----w- c:\program files\BitPim
    2010-11-15 14:07 . 2010-11-15 14:07 11776 ----a-w- c:\program files\Mozilla Firefox\plugins\nprjplug.dll
    2010-11-15 14:07 . 2010-11-15 14:07 -------- d-----w- c:\program files\Common Files\xing shared
    2010-11-15 14:07 . 2010-11-15 14:07 151776 ----a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll
    2010-11-15 14:07 . 2010-11-15 14:07 100352 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpjplug.dll
    2010-11-10 15:13 . 2010-11-10 15:13 388096 ----a-r- c:\documents and settings\XPS 600\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2010-11-10 15:12 . 2010-11-10 15:12 1402880 ----a-w- c:\program files\HiJackThis.msi
    2010-11-10 14:13 . 2010-11-29 22:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-11-10 14:13 . 2010-11-29 22:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-11-10 06:40 . 2010-09-23 07:46 15880 ----a-w- c:\windows\system32\lsdelete.exe
    2010-11-10 04:50 . 2010-09-23 07:46 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2010-11-10 04:50 . 2010-11-10 04:50 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-11-10 04:47 . 2010-11-10 04:47 -------- d-----w- c:\documents and settings\XPS 600\Local Settings\Application Data\Sunbelt Software
    2010-11-10 04:46 . 2010-11-10 04:46 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{E961CE1B-C3EA-4882-9F67-F859B555D097}
    2010-11-10 04:46 . 2010-11-10 04:46 -------- d-----w- c:\program files\Lavasoft
    2010-11-06 16:37 . 2010-11-06 16:37 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
    2010-11-06 16:37 . 2010-11-06 16:37 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-10-14 23:44 . 2010-10-14 23:44 4280320 ----a-w- c:\windows\system32\GPhotos.scr
    2010-09-18 16:23 . 2004-08-12 13:21 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53 . 2004-08-12 13:21 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53 . 2004-08-12 13:21 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53 . 2004-08-12 13:21 953856 ----a-w- c:\windows\system32\mfc40u.dll
    2010-09-15 08:50 . 2010-04-15 14:26 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-09-15 06:29 . 2007-04-21 20:40 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2010-09-10 05:58 . 2004-08-12 13:33 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-09-10 05:58 . 2004-08-12 13:21 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-09-10 05:58 . 2004-08-12 13:20 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2004-06-08 20:51 . 2004-06-08 20:51 278528 ----a-w- c:\program files\internet explorer\plugins\PanoViewer.dll
    2004-06-08 20:51 . 2004-06-08 20:51 143360 ----a-w- c:\program files\internet explorer\plugins\UPjpeg.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RemoteCenter"="c:\program files\Creative\MediaSource\RemoteControl\RCMan.EXE" [2003-10-08 139264]
    "Google Update"="c:\documents and settings\XPS 600\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-01-22 133104]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTHelper"="CTHELPER.EXE" [2007-04-09 19456]
    "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
    "NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "Bubble"="c:\program files\Windows SteadyState\Bubble.exe" [2008-05-30 182288]
    "Logoff"="c:\program files\Windows SteadyState\SCTUINotify.exe" [2008-05-30 163856]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-12 13666408]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]

    c:\documents and settings\XPS 600\Start Menu\Programs\Startup\
    Event Reminder.lnk - c:\pmw\PMREMIND.EXE [1998-5-18 255408]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
    Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-4-25 113664]
    Event Reminder.lnk - c:\program files\Broderbund\PrintMaster\PMremind.exe [2008-6-3 442368]
    Scanner Detector.lnk - c:\program files\ScanSuite\SDetect.exe [2009-3-15 29184]
    Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "HideFastUserSwitching"= 1 (0x1)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windows SteadyState]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
    "c:\\Documents and Settings\\XPS 600\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Ares\\Ares.exe"=
    "c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
    "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

    R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [6/24/2008 9:48 AM 9344]
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [11/9/2010 11:50 PM 64288]
    R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [11/28/2010 7:07 AM 218592]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/5/2010 4:32 PM 135336]
    R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [12/4/2010 3:05 PM 632792]
    R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\pfmodnt.sys [12/16/2006 10:26 PM 16168]
    R2 Windows SteadyState;Windows SteadyState Service;c:\program files\Windows SteadyState\SCTSvc.exe [5/30/2008 1:41 PM 115728]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/28/2010 7:04 AM 136176]
    S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe --> c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [?]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [?]
    S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/23/2010 2:46 AM 1375992]
    S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [8/21/2008 11:49 PM 18688]
    S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [8/21/2008 11:49 PM 8320]
    S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [6/18/2007 8:18 PM 23680]
    S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [11/28/2010 7:06 AM 366840]
    S4 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\bsudf.sys [6/24/2008 9:48 AM 448640]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-12-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-09-23 01:05]

    2010-12-01 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

    2010-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-28 12:04]

    2010-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-28 12:04]

    2010-12-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3195425923-1285657760-1615779363-1003Core.job
    - c:\documents and settings\XPS 600\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-22 21:15]

    2010-12-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3195425923-1285657760-1615779363-1003UA.job
    - c:\documents and settings\XPS 600\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-22 21:15]

    2010-12-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3195425923-1285657760-1615779363-1008Core.job
    - c:\documents and settings\Diane\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-24 19:08]

    2010-12-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3195425923-1285657760-1615779363-1008UA.job
    - c:\documents and settings\Diane\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-24 19:08]

    2010-12-06 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3195425923-1285657760-1615779363-1003.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]

    2010-12-05 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3195425923-1285657760-1615779363-1003.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]

    2010-12-06 c:\windows\Tasks\RMSchedule.job
    - c:\program files\Registry Mechanic\RegMech.exe [2010-12-04 22:05]

    2010-12-06 c:\windows\Tasks\RMSmartUpdate.job
    - c:\program files\Registry Mechanic\Update.exe [2010-12-04 17:26]

    2010-12-06 c:\windows\Tasks\User_Feed_Synchronization-{876214DB-76CA-4704-8B18-8DC38E3EA59F}.job
    - c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://my.yahoo.com/
    uDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Connection Wizard,ShellNext = hxxp://us.mcafee.com/root/campaign.asp?cid=15734
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    Trusted Zone: aol.com\free
    Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
    DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
    FF - ProfilePath - c:\documents and settings\XPS 600\Application Data\Mozilla\Firefox\Profiles\thy8db67.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
    FF - prefs.js: keyword.URL - hxxp://ws.infospace.com/gamers_tbar/ws/redir?_iceUrl=true&user_id=38549313&tool_id=60531&qkw=
    FF - component: c:\documents and settings\XPS 600\Application Data\Mozilla\Firefox\Profiles\thy8db67.default\extensions\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\components\Engine.dll
    FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    FF - plugin: c:\documents and settings\XPS 600\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Extension: Gamers Unite! Snag Bar: {afe43e80-0abc-4df2-81a0-3fe44b74abe8} - c:\documents and settings\XPS 600\Application Data\Mozilla\Firefox\Profiles\thy8db67.default\extensions\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    .
    - - - - ORPHANS REMOVED - - - -

    HKU-Default-RunOnce-RealUpgradeHelper - c:\program files\Common Files\Real\Update_OB\upgrdhlp.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-12-06 11:03
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-3195425923-1285657760-1615779363-1003\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(3548)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ctagent.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\program files\Roxio\Drag-to-Disc\Shellex.dll
    c:\windows\system32\DLAAPI_W.DLL
    c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\nvsvc32.exe
    c:\program files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    c:\program files\Avira\AntiVir Desktop\avshadow.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\system32\CTsvcCDA.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\CTHELPER.EXE
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\windows\system32\wbem\unsecapp.exe
    c:\windows\system32\MsPMSPSv.exe
    c:\windows\system32\wscntfy.exe
    c:\documents and settings\XPS 600\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\program files\Canon\CAL\CALMAIN.exe
    c:\program files\iPod\bin\iPodService.exe
    .
    **************************************************************************
    .
    Completion time: 2010-12-06 11:05:49 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-12-06 16:05

    Pre-Run: 459,250,892,800 bytes free
    Post-Run: 459,081,187,328 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

    Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
    - - End Of File - - AEDA022072D46112A0F478C05F16AE14
  5. Rotten Rebel

    Rotten Rebel Newcomer, in training Topic Starter Posts: 34

    Broni,

    I also noticed the log states Norton AV but that has been removed at an earlier date and nothing of it shows in add/remove programs under Norton or Symantec. Please advise.

    Thanks,

    Rotten Rebel
  6. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    We'll remove Norton's leftovers manually...

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    
    Folder::
    c:\documents and settings\All Users\Application Data\STOPzilla!
    c:\documents and settings\XPS 600\Application Data\ErrorTeck
    c:\documents and settings\XPS 600\Application Data\PCFix
    c:\documents and settings\All Users\Application Data\RegSERVO
    c:\documents and settings\XPS 600\Application Data\FixCleaner
    c:\program files\FixCleaner
    c:\documents and settings\LocalService\Local Settings\Application Data\AVG Security Toolbar
    c:\program files\AVG
    c:\program files\Common Files\Symantec Shared
    
    
    Driver::
    AVG Security Toolbar Service
    EraserUtilRebootDrv
    
    
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=-
    
    
    SecCenter::
    {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
    
    
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
  7. Rotten Rebel

    Rotten Rebel Newcomer, in training Topic Starter Posts: 34

    I have not seen any more bad image popups since I ran combofix this morning. Yay. Thank you so much.
    I know there are more thing for me to do so I will again wait for further instruction.
    Here is the new log.

    ComboFix 10-12-06.01 - XPS 600 12/06/2010 21:34:54.2.4 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2045.1532 [GMT -5:00]
    Running from: c:\documents and settings\XPS 600\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\XPS 600\Desktop\CFScript.txt
    AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
    AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
    AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users\Application Data\RegSERVO
    c:\documents and settings\All Users\Application Data\RegSERVO\LOGS\LOGS_12_04_2010_14_50_04_PM.log
    c:\documents and settings\All Users\Application Data\RegSERVO\LOGS\LOGS_12_04_2010_15_39_42_PM.log
    c:\documents and settings\All Users\Application Data\RegSERVO\LOGS\LOGS_12_04_2010_20_58_35_PM.log
    c:\documents and settings\All Users\Application Data\STOPzilla!
    c:\documents and settings\All Users\Application Data\STOPzilla!\modules_scanned.db
    c:\documents and settings\All Users\Application Data\STOPzilla!\modules_scanned.db.bak
    c:\documents and settings\All Users\Application Data\STOPzilla!\scanner.log
    c:\documents and settings\All Users\Application Data\STOPzilla!\userdata.db
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-000.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-001.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-002.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-003.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-004.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-005.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-006.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-007.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-008.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-009.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-010.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-011.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-012.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-013.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-014.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-015.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-016.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-017.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-018.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-019.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-020.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-021.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-022.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-023.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-024.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-025.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-026.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-027.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-028.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-029.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-030.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-031.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-032.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-033.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-034.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-035.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-036.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-037.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-038.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-039.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-040.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-041.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-042.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-043.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-044.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-045.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-046.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-047.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-048.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-049.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-050.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-051.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-052.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-053.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-054.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-055.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-056.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-057.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-058.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-059.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-060.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-061.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-062.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-063.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-064.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-065.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-066.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-067.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-068.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-069.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-070.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-071.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-072.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-073.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-074.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-075.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-076.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-077.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-078.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-079.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-080.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-081.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-082.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-083.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-084.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-085.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-086.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-087.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-088.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-089.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-090.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-091.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-092.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-093.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-094.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-095.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-096.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-daily.vdb
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vbcorent.dll
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vdb.xml
    c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\xml_edk.log
    c:\documents and settings\All Users\Application Data\STOPzilla!\zilla5.log
    c:\documents and settings\LocalService\Local Settings\Application Data\AVG Security Toolbar
    c:\documents and settings\LocalService\Local Settings\Application Data\AVG Security Toolbar\cache\2eaaaaa8.xml
    c:\documents and settings\LocalService\Local Settings\Application Data\AVG Security Toolbar\cache\overlay.xml
    c:\documents and settings\LocalService\Local Settings\Application Data\AVG Security Toolbar\cache\wea_26.png
    c:\documents and settings\XPS 600\Application Data\ErrorTeck
    c:\documents and settings\XPS 600\Application Data\ErrorTeck\Backup\Automatic Backup_12-04-2010_16-30-02.reg
    c:\documents and settings\XPS 600\Application Data\ErrorTeck\settings.ini
    c:\documents and settings\XPS 600\Application Data\FixCleaner
    c:\documents and settings\XPS 600\Application Data\FixCleaner\Logs\2010-12-04 14-08-570.log
    c:\documents and settings\XPS 600\Application Data\FixCleaner\Logs\2010-12-04 14-39-460.log
    c:\documents and settings\XPS 600\Application Data\FixCleaner\Logs\2010-12-04 15-30-050.log
    c:\documents and settings\XPS 600\Application Data\FixCleaner\PCOBackups\2010-12-04 14-18-23.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\PCOBackups\2010-12-04 14-18-48.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\PCOBackups\2010-12-04 14-19-27.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\PCOBackups\2010-12-04 14-19-55.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\PCOBackups\2010-12-04 14-20-12.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\PCOBackups\2010-12-04 14-21-33.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\PCOBackups\2010-12-04 14-40-04.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\filelist.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-0.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-1.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-10.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-100.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-101.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-102.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-103.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-104.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-105.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-106.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-107.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-108.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-109.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-11.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-110.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-111.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-112.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-113.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-114.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-115.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-116.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-117.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-118.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-119.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-12.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-120.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-121.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-122.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-123.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-124.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-125.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-126.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-127.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-128.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-129.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-13.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-130.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-131.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-132.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-133.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-134.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-135.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-136.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-137.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-138.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-139.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-14.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-140.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-141.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-142.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-143.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-144.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-145.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-146.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-147.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-148.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-149.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-15.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-150.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-151.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-152.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-153.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-154.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-155.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-156.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-157.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-158.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-159.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-16.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-160.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-161.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-162.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-163.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-164.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-165.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-166.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-167.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-168.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-169.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-17.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-170.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-171.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-172.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-173.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-174.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-175.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-176.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-177.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-178.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-179.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-18.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-180.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-181.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-182.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-183.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-184.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-185.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-186.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-187.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-188.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-189.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-19.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-190.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-191.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-192.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-193.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-194.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-195.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-196.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-197.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-198.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-199.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-2.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-20.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-200.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-201.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-202.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-203.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-204.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-205.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-206.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-207.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-208.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-209.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-21.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-210.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-211.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-212.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-213.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-214.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-215.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-216.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-217.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-218.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-219.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-22.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-220.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-221.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-23.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-24.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-25.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-26.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-27.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-28.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-29.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-3.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-30.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-31.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-32.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-33.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-34.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-35.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-36.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-37.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-38.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-39.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-4.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-40.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-41.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-42.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-43.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-44.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-45.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-46.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-47.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-48.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-49.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-5.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-50.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-51.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-52.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-53.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-54.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-55.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-56.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-57.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-58.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-59.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-6.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-60.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-61.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-62.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-63.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-64.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-65.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-66.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-67.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-68.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-69.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-7.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-70.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-71.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-72.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-73.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-74.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-75.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-76.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-77.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-78.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-79.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-8.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-80.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-81.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-82.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-83.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-84.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-85.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-86.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-87.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-88.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-89.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-9.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-90.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-91.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-92.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-93.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-94.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-95.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-96.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-97.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-98.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-99.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-480\filelist.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-19-270\filelist.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-19-540\filelist.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-20-120\filelist.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-21-330\filelist.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-40-030\filelist.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\Results\Evidence.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\Results\Junk.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\Results\MSUpdate.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\Results\Registry.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\Results\Update.db
    c:\documents and settings\XPS 600\Application Data\FixCleaner\spy_ignore.db
    c:\documents and settings\XPS 600\Application Data\PCFix
    c:\documents and settings\XPS 600\Application Data\PCFix\log.dat
    c:\documents and settings\XPS 600\Application Data\PCFix\unresolvederrors.dat
  8. Rotten Rebel

    Rotten Rebel Newcomer, in training Topic Starter Posts: 34

    c:\program files\AVG
    c:\program files\Common Files\Symantec Shared
    c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcnet.dll
    c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
    c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    c:\program files\Common Files\Symantec Shared\CCPD-LC\symlctnk.dll
    c:\program files\Common Files\Symantec Shared\CF\Manifests\cltCFRg8.dll
    c:\program files\Common Files\Symantec Shared\Default.rul
    c:\program files\Common Files\Symantec Shared\Firewall.BAK
    c:\program files\Common Files\Symantec Shared\Firewall.rul
    c:\program files\Common Files\Symantec Shared\Help\LuMuiHelp\09\01\LUALL.chm
    c:\program files\Common Files\Symantec Shared\Help\LuMuiHelp\fallback.dat
    c:\program files\Common Files\Symantec Shared\LocationMap.dat
    c:\program files\Common Files\Symantec Shared\NPC\2.0\09\01\NPCEXT.loc
    c:\program files\Common Files\Symantec Shared\NPC\2.0\09\01\WSCRMain.loc
    c:\program files\Common Files\Symantec Shared\NPC\2.0\NPCEXT.dll
    c:\program files\Common Files\Symantec Shared\NPC\2.0\suphtml.dll
    c:\program files\Common Files\Symantec Shared\NPC\2.0\WmiClnt.dll
    c:\program files\Common Files\Symantec Shared\NPC\2.0\WmiData.dll
    c:\program files\Common Files\Symantec Shared\NPC\2.0\WmiMontr.dll
    c:\program files\Common Files\Symantec Shared\NPC\2.0\WSCR_Fix.dll
    c:\program files\Common Files\Symantec Shared\NPC\2.0\WSCRHlpr.dll
    c:\program files\Common Files\Symantec Shared\NPC\2.0\WSCRMain.dll
    c:\program files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\CLTSComp.dll
    c:\program files\Common Files\Symantec Shared\Persist.BAK
    c:\program files\Common Files\Symantec Shared\Persist.Dat
    c:\program files\Common Files\Symantec Shared\SEVINST.EXE
    c:\program files\Common Files\Symantec Shared\SNDALRT.log
    c:\program files\Common Files\Symantec Shared\SNDCON.log
    c:\program files\Common Files\Symantec Shared\SNDDBG.log
    c:\program files\Common Files\Symantec Shared\SNDFW.log
    c:\program files\Common Files\Symantec Shared\SNDIDS.log
    c:\program files\Common Files\Symantec Shared\SNDSvc.dll
    c:\program files\Common Files\Symantec Shared\SNDSYS.log
    c:\program files\Common Files\Symantec Shared\SNDunin.dll
    c:\program files\Common Files\Symantec Shared\SPManifests\LuSymProtect.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\LuSymProtect.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\LuSymProtect.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\npc2008.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\npc2008.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\npc2008.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\Snd.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\Snd.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\Snd.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\SYMEVNT.GRD
    c:\program files\Common Files\Symantec Shared\SPManifests\SYMEVNT.SIG
    c:\program files\Common Files\Symantec Shared\SPManifests\SYMEVNT.SPM
    c:\program files\Common Files\Symantec Shared\Support Controls\ssctlbr.dll
    c:\program files\Common Files\Symantec Shared\Support Controls\ssctlln.dll
    c:\program files\Common Files\Symantec Shared\Support Controls\ssctlwmi.dll
    c:\program files\Common Files\Symantec Shared\Support Controls\sshelper.exe
    c:\program files\Common Files\Symantec Shared\Support Controls\SymSupCC.dll
    c:\program files\Common Files\Symantec Shared\Support Controls\tgctlcm.dll
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100212.003\CCERASER.DLL
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100212.003\ECMSVR32.DLL
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100212.003\EECTRL.SYS
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100212.003\ERASER.SPM
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100212.003\ERASER.SYS
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100212.003\NAVENG.SYS
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100212.003\NAVENG32.DLL
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100212.003\NAVEX15.SYS
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100212.003\NAVEX32A.DLL
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100212.003\SYMAVENG.CAT
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100212.003\SYMAVENG.INF
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100212.003\SYMERASE.CAT
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100212.003\SYMERASE.INF
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100212.003\VIRSCAN.INF
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\CATALOG.DAT
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\CCERASER.DLL
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\ECMSVR32.DLL
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\EECTRL.SYS
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\ERASER.GRD
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\ERASER.SIG
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\ERASER.SPM
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\ERASER.SYS
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\ESRDEF.BIN
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\HH
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\NAVENG.SYS
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\NAVENG32.DLL
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\NAVEX15.SYS
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\NAVEX32A.DLL
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\NCSACERT.TXT
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\SCRAUTH.DAT
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\SYMAVENG.CAT
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\SYMAVENG.INF
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\SYMERASE.CAT
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\SYMERASE.INF
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\TCDEFS.DAT
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\TCSCAN7.DAT
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\TCSCAN8.DAT
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\TCSCAN9.DAT
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\TECHNOTE.TXT
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\TINF.DAT
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\TINFIDX.DAT
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\TINFL.DAT
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\TSCAN1.DAT
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\TSCAN1HD.DAT
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\V.GRD
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\V.SIG
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\VIRSCAN.INF
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\VIRSCAN1.DAT
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\VIRSCAN2.DAT
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\VIRSCAN3.DAT
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\VIRSCAN4.DAT
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\VIRSCAN5.DAT
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\VIRSCAN6.DAT
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\VIRSCAN7.DAT
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\VIRSCAN8.DAT
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\VIRSCAN9.DAT
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\WHATSNEW.TXT
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\ZDONE.DAT
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\catalog.dat
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\CCERASER.DLL
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\ECMSVR32.DLL
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\EECTRL.SYS
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\ERASER.GRD
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\ERASER.SIG
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\ERASER.SPM
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\ERASER.SYS
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\ESRDEF.BIN
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\HH
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\NAVENG.SYS
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\NAVENG32.DLL
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\NAVEX15.SYS
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\NAVEX32A.DLL
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\ncsacert.txt
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\SCRAUTH.DAT
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\SYMAVENG.CAT
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\SYMAVENG.INF
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\SYMERASE.CAT
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\SYMERASE.INF
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\TCDEFS.DAT
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\TCSCAN7.DAT
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\TCSCAN8.DAT
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\TCSCAN9.DAT
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\technote.txt
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\TINF.DAT
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\tinfidx.dat
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\TINFL.DAT
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\TSCAN1.DAT
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\TSCAN1HD.DAT
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\V.GRD
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\V.SIG
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\VIRSCAN.INF
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\VIRSCAN1.DAT
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\VIRSCAN2.DAT
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\VIRSCAN3.DAT
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\VIRSCAN4.DAT
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\VIRSCAN5.DAT
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\VIRSCAN6.DAT
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\VIRSCAN7.DAT
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\VIRSCAN8.DAT
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\VIRSCAN9.DAT
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\WHATSNEW.TXT
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\zdone.dat
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\definfo.dat
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp64dd.tmp\CATALOG.DAT
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp64dd.tmp\ERASER.GRD
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp64dd.tmp\ERASER.SIG
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp64dd.tmp\ESRDEF.BIN
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp64dd.tmp\HH
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp64dd.tmp\ncsacert.txt
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp64dd.tmp\SCRAUTH.DAT
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp64dd.tmp\TCDEFS.DAT
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp64dd.tmp\TCSCAN7.DAT
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp64dd.tmp\TCSCAN8.DAT
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp64dd.tmp\TCSCAN9.DAT
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp64dd.tmp\technote.txt
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp64dd.tmp\TINF.DAT
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp64dd.tmp\tinfidx.dat
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp64dd.tmp\TINFL.DAT
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp64dd.tmp\TSCAN1.DAT
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp64dd.tmp\TSCAN1HD.DAT
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp64dd.tmp\V.GRD
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp64dd.tmp\V.SIG
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp64dd.tmp\VIRSCAN1.DAT
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp64dd.tmp\VIRSCAN2.DAT
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp64dd.tmp\VIRSCAN3.DAT
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp64dd.tmp\VIRSCAN4.DAT
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp64dd.tmp\VIRSCAN5.DAT
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp64dd.tmp\VIRSCAN6.DAT
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp64dd.tmp\VIRSCAN7.DAT
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp64dd.tmp\VIRSCAN8.DAT
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp64dd.tmp\VIRSCAN9.DAT
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp64dd.tmp\virscant.dat
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp64dd.tmp\WHATSNEW.TXT
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp64dd.tmp\zdone.dat
    c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\usage.dat
    c:\program files\Common Files\Symantec Shared\SymNetDrv\symIM.cat
    c:\program files\Common Files\Symantec Shared\SymNetDrv\SymIM.sys
    c:\program files\Common Files\Symantec Shared\SymNetDrv\SymIM_m.inf
    c:\program files\Common Files\Symantec Shared\SymNetDrv\SymIM_p.inf
    c:\program files\Common Files\Symantec Shared\SymNetDrv\symIMv.cat
    c:\program files\Common Files\Symantec Shared\SymNetDrv\SymIMv.inf
    c:\program files\Common Files\Symantec Shared\SymNetDrv\SymIMv.sys
    c:\program files\Common Files\Symantec Shared\TModule.dat
    c:\program files\Common Files\Symantec Shared\TParent.dat
    c:\program files\FixCleaner
    c:\program files\FixCleaner\PW\general.html
    c:\program files\FixCleaner\PW\optimizations.html
    c:\program files\FixCleaner\PW\privacy.html
    c:\program files\FixCleaner\PW\scheduler.html
    c:\program files\FixCleaner\PW\startup.html
    c:\program files\FixCleaner\PW\wizard.css


    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_ERASERUTILREBOOTDRV
    -------\Service_AVG Security Toolbar Service
    -------\Service_EraserUtilRebootDrv


    ((((((((((((((((((((((((( Files Created from 2010-11-07 to 2010-12-07 )))))))))))))))))))))))))))))))
    .

    2010-12-05 21:35 . 2010-12-05 21:35 -------- d-----w- c:\documents and settings\XPS 600\Application Data\Avira
    2010-12-05 21:32 . 2010-12-06 16:45 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2010-12-05 21:32 . 2010-08-02 21:10 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2010-12-05 21:32 . 2010-06-17 20:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
    2010-12-05 21:32 . 2010-06-17 20:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
    2010-12-05 21:32 . 2010-12-05 21:32 -------- d-----w- c:\program files\Avira
    2010-12-05 21:32 . 2010-12-05 21:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
    2010-12-05 03:32 . 2010-12-05 03:32 -------- d-----w- c:\program files\ESET
    2010-11-28 12:06 . 2010-11-28 12:06 -------- d-----w- c:\documents and settings\XPS 600\Application Data\PC Tools
    2010-11-28 12:06 . 2010-11-28 12:06 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
    2010-11-23 16:48 . 2010-12-05 21:15 -------- d-----w- c:\program files\Cell Phone Manager
    2010-11-23 01:04 . 2010-11-23 01:04 -------- d-----w- C:\WINNT
    2010-11-22 23:28 . 2010-11-22 23:28 -------- d-----w- c:\program files\BitPim
    2010-11-15 14:07 . 2010-11-15 14:07 11776 ----a-w- c:\program files\Mozilla Firefox\plugins\nprjplug.dll
    2010-11-15 14:07 . 2010-11-15 14:07 -------- d-----w- c:\program files\Common Files\xing shared
    2010-11-15 14:07 . 2010-11-15 14:07 151776 ----a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll
    2010-11-15 14:07 . 2010-11-15 14:07 100352 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpjplug.dll
    2010-11-10 15:13 . 2010-11-10 15:13 388096 ----a-r- c:\documents and settings\XPS 600\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2010-11-10 15:12 . 2010-11-10 15:12 1402880 ----a-w- c:\program files\HiJackThis.msi
    2010-11-10 14:13 . 2010-11-29 22:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-11-10 14:13 . 2010-11-29 22:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-11-10 06:40 . 2010-09-23 07:46 15880 ----a-w- c:\windows\system32\lsdelete.exe
    2010-11-10 04:50 . 2010-09-23 07:46 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2010-11-10 04:50 . 2010-11-10 04:50 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-11-10 04:47 . 2010-11-10 04:47 -------- d-----w- c:\documents and settings\XPS 600\Local Settings\Application Data\Sunbelt Software
    2010-11-10 04:46 . 2010-11-10 04:46 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{E961CE1B-C3EA-4882-9F67-F859B555D097}
    2010-11-10 04:46 . 2010-11-10 04:46 -------- d-----w- c:\program files\Lavasoft

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-10-14 23:44 . 2010-10-14 23:44 4280320 ----a-w- c:\windows\system32\GPhotos.scr
    2010-09-18 16:23 . 2004-08-12 13:21 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53 . 2004-08-12 13:21 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53 . 2004-08-12 13:21 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53 . 2004-08-12 13:21 953856 ----a-w- c:\windows\system32\mfc40u.dll
    2010-09-15 08:50 . 2010-04-15 14:26 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-09-15 06:29 . 2007-04-21 20:40 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2010-09-10 05:58 . 2004-08-12 13:33 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-09-10 05:58 . 2004-08-12 13:21 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-09-10 05:58 . 2004-08-12 13:20 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2004-06-08 20:51 . 2004-06-08 20:51 278528 ----a-w- c:\program files\internet explorer\plugins\PanoViewer.dll
    2004-06-08 20:51 . 2004-06-08 20:51 143360 ----a-w- c:\program files\internet explorer\plugins\UPjpeg.dll
    .

    ((((((((((((((((((((((((((((( SnapShot@2010-12-06_16.01.56 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-12-07 02:44 . 2010-12-07 02:44 16384 c:\windows\Temp\Perflib_Perfdata_22c.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RemoteCenter"="c:\program files\Creative\MediaSource\RemoteControl\RCMan.EXE" [2003-10-08 139264]
    "Google Update"="c:\documents and settings\XPS 600\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-01-22 133104]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTHelper"="CTHELPER.EXE" [2007-04-09 19456]
    "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
    "NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "Bubble"="c:\program files\Windows SteadyState\Bubble.exe" [2008-05-30 182288]
    "Logoff"="c:\program files\Windows SteadyState\SCTUINotify.exe" [2008-05-30 163856]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-12 13666408]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]

    c:\documents and settings\XPS 600\Start Menu\Programs\Startup\
    Event Reminder.lnk - c:\pmw\PMREMIND.EXE [1998-5-18 255408]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
    Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-4-25 113664]
    Event Reminder.lnk - c:\program files\Broderbund\PrintMaster\PMremind.exe [2008-6-3 442368]
    Scanner Detector.lnk - c:\program files\ScanSuite\SDetect.exe [2009-3-15 29184]
    Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "HideFastUserSwitching"= 1 (0x1)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windows SteadyState]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
    "c:\\Documents and Settings\\XPS 600\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Ares\\Ares.exe"=
    "c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
    "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

    R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [6/24/2008 9:48 AM 9344]
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [11/9/2010 11:50 PM 64288]
    R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [11/28/2010 7:07 AM 218592]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/5/2010 4:32 PM 135336]
    R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [12/4/2010 3:05 PM 632792]
    R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\pfmodnt.sys [12/16/2006 10:26 PM 16168]
    R2 Windows SteadyState;Windows SteadyState Service;c:\program files\Windows SteadyState\SCTSvc.exe [5/30/2008 1:41 PM 115728]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/28/2010 7:04 AM 136176]
    S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
    S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/23/2010 2:46 AM 1375992]
    S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [8/21/2008 11:49 PM 18688]
    S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [8/21/2008 11:49 PM 8320]
    S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [6/18/2007 8:18 PM 23680]
    S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [11/28/2010 7:06 AM 366840]
    S4 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\bsudf.sys [6/24/2008 9:48 AM 448640]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-12-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-09-23 01:05]

    2010-12-01 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

    2010-12-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-28 12:04]

    2010-12-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-28 12:04]

    2010-12-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3195425923-1285657760-1615779363-1003Core.job
    - c:\documents and settings\XPS 600\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-22 21:15]

    2010-12-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3195425923-1285657760-1615779363-1003UA.job
    - c:\documents and settings\XPS 600\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-22 21:15]

    2010-12-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3195425923-1285657760-1615779363-1008Core.job
    - c:\documents and settings\Diane\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-24 19:08]

    2010-12-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3195425923-1285657760-1615779363-1008UA.job
    - c:\documents and settings\Diane\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-24 19:08]

    2010-12-07 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3195425923-1285657760-1615779363-1003.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]

    2010-12-05 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3195425923-1285657760-1615779363-1003.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]

    2010-12-07 c:\windows\Tasks\RMSchedule.job
    - c:\program files\Registry Mechanic\RegMech.exe [2010-12-04 22:05]

    2010-12-06 c:\windows\Tasks\RMSmartUpdate.job
    - c:\program files\Registry Mechanic\Update.exe [2010-12-04 17:26]

    2010-12-06 c:\windows\Tasks\User_Feed_Synchronization-{876214DB-76CA-4704-8B18-8DC38E3EA59F}.job
    - c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://my.yahoo.com/
    uDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Connection Wizard,ShellNext = hxxp://us.mcafee.com/root/campaign.asp?cid=15734
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    Trusted Zone: aol.com\free
    Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
    DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
    FF - ProfilePath - c:\documents and settings\XPS 600\Application Data\Mozilla\Firefox\Profiles\thy8db67.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
    FF - prefs.js: keyword.URL - hxxp://ws.infospace.com/gamers_tbar/ws/redir?_iceUrl=true&user_id=38549313&tool_id=60531&qkw=
    FF - component: c:\documents and settings\XPS 600\Application Data\Mozilla\Firefox\Profiles\thy8db67.default\extensions\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\components\Engine.dll
    FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    FF - plugin: c:\documents and settings\XPS 600\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Extension: Gamers Unite! Snag Bar: {afe43e80-0abc-4df2-81a0-3fe44b74abe8} - c:\documents and settings\XPS 600\Application Data\Mozilla\Firefox\Profiles\thy8db67.default\extensions\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-12-06 21:44
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-3195425923-1285657760-1615779363-1003\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(152)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ctagent.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\program files\Roxio\Drag-to-Disc\Shellex.dll
    c:\windows\system32\DLAAPI_W.DLL
    c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\nvsvc32.exe
    c:\program files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\system32\CTsvcCDA.exe
    c:\program files\Avira\AntiVir Desktop\avshadow.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\windows\system32\MsPMSPSv.exe
    c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\program files\Canon\CAL\CALMAIN.exe
    c:\windows\system32\CTHELPER.EXE
    c:\windows\system32\wbem\unsecapp.exe
    c:\documents and settings\XPS 600\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    c:\program files\iPod\bin\iPodService.exe
    .
    **************************************************************************
    .
    Completion time: 2010-12-06 21:47:42 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-12-07 02:47
    ComboFix2.txt 2010-12-06 16:05

    Pre-Run: 459,032,719,360 bytes free
    Post-Run: 458,899,275,776 bytes free

    Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
    - - End Of File - - 96D2C9316ACE0CC5B519DF934B8720D1
  9. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Good news :)

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  10. Rotten Rebel

    Rotten Rebel Newcomer, in training Topic Starter Posts: 34

    Broni,

    Here are the next 2 logs requested: extra.txt & otl.txt

    Rotten Rebel


    OTL Extras logfile created on: 12/7/2010 12:09:48 AM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\XPS 600\My Documents\Downloads
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 465.76 Gb Total Space | 427.38 Gb Free Space | 91.76% Space Free | Partition Type: NTFS

    Computer Name: DIANE-DAVID | User Name: XPS 600 | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .exe [@ = exefile] -- Reg Error: Key error. File not found
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
    "C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe" = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox -- (Yahoo! Inc.)
    "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
    "C:\Program Files\Ares\Ares.exe" = C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows -- (Ares Development Group)
    "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware -- (Malwarebytes Corporation)
    "C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
    "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
    "{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Camera Window DS
    "{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
    "{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
    "{10F5D9BB-E2F2-4B18-A65D-928B73D22E6F}" = USB-IrDA Adapter
    "{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio EasyArchive
    "{17A7779A-D23F-11D3-8753-0050BABE1202}" = Microtek ScanWizard
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
    "{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
    "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
    "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{481E9852-DA0C-403B-ADA4-05D86C8BF9A9}" = Google Photos Screensaver
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{5360DF11-A876-460B-9953-6817AA2BF9D5}" = Photo Explosion Deluxe
    "{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
    "{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
    "{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
    "{62BFB4C2-8C4E-4D91-BD7D-81C06EAAC3C0}" = Windows Rights Management Client with Service Pack 2
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{71F6261F-C0EC-46EF-85D6-67EDEEE2EF89}" = Corel Snapfire Plus
    "{7395D650-AE5D-4D68-B8FE-D3FA6B51467F}" = Driver Detective
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
    "{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}" = PhotoStitch
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}" = URGE
    "{8CD3B114-4A47-4F2B-ACBB-BFF7120E1C82}" = Art Explosion T-Shirt Factory Deluxe
    "{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9E2514D9-DC24-4634-B348-61F3EF0F1628}" = Sound Blaster Audigy 2 ZS
    "{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
    "{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
    "{AC76BA86-1033-0000-BA7E-000000000001}" = Adobe Acrobat 6.0 Standard
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
    "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B314244C-753A-413B-B0F1-30972D6B58A0}" = HyperLoad - Mah Jongg
    "{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}" = Canon PhotoRecord
    "{BCCB6326-C2C5-47E5-8DEC-2AB9FDB661F2}" = SymNet
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Premier
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D3880A64-6112-47b7-8BFE-70EEA07B43E0}" = Windows SteadyState
    "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
    "{E1C7EF5E-3A7B-4ED4-A48B-F70F1B36EAB4}" = Corel Paint Shop Pro Photo XI
    "{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}" = Acrobat.com
    "{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
    "{EC2A8F27-4FBF-4E41-B27B-FE822511B761}" = iTunes
    "{EC3B8CA2-49B8-4D38-BE9C-ABD0F6029168}" = Yahoo! Music Jukebox
    "{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
    "{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 1.0.7
    "Ad-Aware" = Ad-Aware
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Aloha Solitaire" = Aloha Solitaire
    "Ares" = Ares 2.0.9
    "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
    "Bounce Out Blitz" = Bounce Out Blitz
    "CAL" = Canon Camera Access Library
    "CameraWindowDC" = Canon Utilities CameraWindow DC
    "CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
    "CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
    "CameraWindowLauncher" = Canon Utilities CameraWindow
    "Canon Camera WIA Driver PowerShot A40" = Canon PowerShot A40 WIA Driver
    "Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
    "CANONBJ_Deinstall_CNMCP5p.DLL" = Canon i9900
    "CCleaner" = CCleaner
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "Coupon Printer for Windows4.0" = Coupon Printer for Windows
    "CSCLIB" = Canon Camera Support Core Library
    "DrawPlus 3.0" = DrawPlus 3.0
    "Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
    "Easy-PhotoPrint Plus" = Canon Utilities Easy-PhotoPrint Plus
    "Easy-WebPrint" = Easy-WebPrint
    "ESET Online Scanner" = ESET Online Scanner v3
    "ExpressRip" = Express Rip
    "GameHouse Sudoku" = GameHouse Sudoku
    "Garden Encyclopedia" = Sierra Garden Encyclopedia
    "Golden" = Golden Records
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "InCD!UninstallKey" = InCD (Ahead Software)
    "Indeo® software" = Indeo® software
    "InstallShield_{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Canon Camera Window DSLR 5 for ZoomBrowser EX
    "InstallShield_{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
    "InstallShield_{7395D650-AE5D-4D68-B8FE-D3FA6B51467F}" = Driver Detective
    "InstallShield_{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}" = Canon Utilities PhotoStitch 3.1
    "LimeWire" = LimeWire 5.4.6
    "Little Shop of Treasures" = Little Shop of Treasures
    "Mah Jong Medley" = Mah Jong Medley
    "Mahjong Fortuna 2" = Mahjong Fortuna 2
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
    "Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "MyCamera" = Canon Utilities MyCamera
    "MyCameraDC" = Canon Utilities MyCamera DC
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "NVIDIA Display Control Panel" = NVIDIA Display Control Panel
    "NVIDIA Drivers" = NVIDIA Drivers
    "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
    "Picasa 3" = Picasa 3
    "Pixillion" = Pixillion Image Converter
    "PrintMaster 10" = PrintMaster
    "PrintMaster Gold 4.00" = PrintMaster Gold 4.00
    "Prism" = Prism Video Converter
    "PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
    "RadarSync" = RadarSync
    "RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
    "RealArcade" = RealArcade
    "RealPlayer 12.0" = RealPlayer
    "Registry Mechanic_is1" = Registry Mechanic 10.0
    "RemoteCaptureDC" = Canon Utilities RemoteCapture DC
    "RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
    "ScanSuite" = Microtek ScanSuite 1.2
    "Shape Shifter" = Shape Shifter
    "Sierra Photo Garden Designer" = Sierra Photo Garden Designer
    "Slingo Supreme" = Slingo Supreme
    "SoundTap" = SoundTap Streaming Audio Recorder
    "Splash" = Splash
    "Spring Sprang Sprung" = Spring Sprang Sprung
    "Spyware Doctor" = Spyware Doctor 7.0
    "Super Collapse! 3" = Super Collapse! 3
    "Super Gem Drop" = Super Gem Drop
    "Switch" = Switch Sound File Converter
    "SysInfo" = Creative System Information
    "SystemRequirementsLab" = System Requirements Lab
    "VueScan" = VueScan
    "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    "WebPost" = Microsoft Web Publishing Wizard 1.52
    "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
    "Xvid_is1" = Xvid 1.1.3 final uninstall
    "Yahoo! Software Update" = Yahoo! Software Update
    "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
    "ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
    "Zuma Deluxe" = Zuma Deluxe

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 12/4/2010 4:29:12 PM | Computer Name = DIANE-DAVID | Source = Windows Search Service | ID = 1006
    Description =

    Error - 12/4/2010 4:29:12 PM | Computer Name = DIANE-DAVID | Source = Windows Search Service | ID = 3026
    Description =

    Error - 12/4/2010 5:00:46 PM | Computer Name = DIANE-DAVID | Source = Windows Search Service | ID = 1006
    Description =

    Error - 12/4/2010 5:00:46 PM | Computer Name = DIANE-DAVID | Source = Windows Search Service | ID = 3026
    Description =

    Error - 12/4/2010 5:55:02 PM | Computer Name = DIANE-DAVID | Source = Windows Search Service | ID = 1006
    Description =

    Error - 12/5/2010 10:39:37 AM | Computer Name = DIANE-DAVID | Source = MsiInstaller | ID = 11722
    Description = Product: STOPzilla -- Message 1722. STOPzilla has canceled the removal
    process!

    Error - 12/5/2010 11:40:07 AM | Computer Name = DIANE-DAVID | Source = Windows Search Service | ID = 1006
    Description =

    Error - 12/5/2010 11:40:07 AM | Computer Name = DIANE-DAVID | Source = Windows Search Service | ID = 3026
    Description =

    Error - 12/5/2010 1:13:02 PM | Computer Name = DIANE-DAVID | Source = Windows Search Service | ID = 1006
    Description =

    Error - 12/5/2010 6:39:19 PM | Computer Name = DIANE-DAVID | Source = Windows Search Service | ID = 1006
    Description =

    [ System Events ]
    Error - 12/5/2010 6:35:11 PM | Computer Name = DIANE-DAVID | Source = Service Control Manager | ID = 7034
    Description = The Java Quick Starter service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 12/5/2010 6:35:11 PM | Computer Name = DIANE-DAVID | Source = Service Control Manager | ID = 7034
    Description = The Automatic LiveUpdate Scheduler service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 12/5/2010 6:35:11 PM | Computer Name = DIANE-DAVID | Source = Service Control Manager | ID = 7034
    Description = The PC Tools Security Service service terminated unexpectedly. It
    has done this 1 time(s).

    Error - 12/5/2010 6:35:11 PM | Computer Name = DIANE-DAVID | Source = Service Control Manager | ID = 7031
    Description = The Lavasoft Ad-Aware Service service terminated unexpectedly. It
    has done this 1 time(s). The following corrective action will be taken in 5000
    milliseconds: Restart the service.

    Error - 12/5/2010 6:38:28 PM | Computer Name = DIANE-DAVID | Source = Service Control Manager | ID = 7011
    Description = Timeout (30000 milliseconds) waiting for a transaction response from
    the Windows SteadyState service.

    Error - 12/5/2010 6:39:21 PM | Computer Name = DIANE-DAVID | Source = Service Control Manager | ID = 7024
    Description = The Windows Search service terminated with service-specific error
    2147749155 (0x80040D23).

    Error - 12/6/2010 8:20:56 AM | Computer Name = DIANE-DAVID | Source = Service Control Manager | ID = 7011
    Description = Timeout (30000 milliseconds) waiting for a transaction response from
    the Windows SteadyState service.

    Error - 12/6/2010 8:22:00 AM | Computer Name = DIANE-DAVID | Source = Service Control Manager | ID = 7024
    Description = The Windows Search service terminated with service-specific error
    2147749155 (0x80040D23).

    Error - 12/6/2010 11:11:55 AM | Computer Name = DIANE-DAVID | Source = Service Control Manager | ID = 7011
    Description = Timeout (30000 milliseconds) waiting for a transaction response from
    the Windows SteadyState service.

    Error - 12/6/2010 11:12:03 AM | Computer Name = DIANE-DAVID | Source = Service Control Manager | ID = 7024
    Description = The Windows Search service terminated with service-specific error
    2147749155 (0x80040D23).


    < End of report >
  11. Rotten Rebel

    Rotten Rebel Newcomer, in training Topic Starter Posts: 34

    first half of OTL log posted twice so I deleted one of them.
  12. Rotten Rebel

    Rotten Rebel Newcomer, in training Topic Starter Posts: 34

    ========== Files - Modified Within 30 Days ==========

    [2010/12/06 23:34:00 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3195425923-1285657760-1615779363-1003UA.job
    [2010/12/06 23:34:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3195425923-1285657760-1615779363-1003Core.job
    [2010/12/06 23:15:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2010/12/06 23:13:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3195425923-1285657760-1615779363-1008UA.job
    [2010/12/06 21:45:32 | 000,267,725 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
    [2010/12/06 21:45:30 | 004,958,588 | ---- | M] () -- C:\WINDOWS\{00000003-00000000-00000005-00001102-00000004-20021102}.CDF
    [2010/12/06 21:43:57 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010/12/06 21:43:57 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3195425923-1285657760-1615779363-1003.job
    [2010/12/06 21:43:31 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010/12/06 21:43:25 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/12/06 21:43:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/12/06 21:42:38 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000005-00001102-00000004-20021102}.rfx
    [2010/12/06 21:42:38 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000005-00001102-00000004-20021102}.rfx
    [2010/12/06 21:42:38 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000003-00000000-00000005-00001102-00000004-20021102}.rfx
    [2010/12/06 21:42:38 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000003-00000000-00000005-00001102-00000004-20021102}.rfx
    [2010/12/06 21:42:38 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000005-00001102-00000004-20021102}.rfx
    [2010/12/06 21:32:59 | 003,985,732 | R--- | M] () -- C:\Documents and Settings\XPS 600\Desktop\ComboFix.exe
    [2010/12/06 21:32:19 | 004,958,588 | ---- | M] () -- C:\WINDOWS\{00000003-00000000-00000005-00001102-00000004-20021102}.BAK
    [2010/12/06 20:45:15 | 000,000,258 | ---- | M] () -- C:\WINDOWS\tasks\RMSchedule.job
    [2010/12/06 17:49:40 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{876214DB-76CA-4704-8B18-8DC38E3EA59F}.job
    [2010/12/06 15:05:04 | 000,000,448 | ---- | M] () -- C:\WINDOWS\tasks\RMSmartUpdate.job
    [2010/12/06 14:13:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3195425923-1285657760-1615779363-1008Core.job
    [2010/12/06 11:45:15 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
    [2010/12/06 10:55:50 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2010/12/05 17:55:45 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
    [2010/12/05 16:32:46 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
    [2010/12/05 12:14:06 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
    [2010/12/05 10:45:40 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3195425923-1285657760-1615779363-1003.job
    [2010/12/04 16:11:49 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\XPS 600\Local Settings\Application Data\prvlcl.dat
    [2010/12/04 15:05:06 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk
    [2010/12/03 21:34:56 | 000,002,302 | ---- | M] () -- C:\Documents and Settings\XPS 600\Desktop\Google Chrome.lnk
    [2010/12/03 21:34:56 | 000,002,280 | ---- | M] () -- C:\Documents and Settings\XPS 600\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2010/11/30 20:07:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/11/28 07:57:54 | 000,008,704 | ---- | M] () -- C:\Documents and Settings\XPS 600\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/11/28 07:06:16 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
    [2010/11/23 19:49:32 | 000,447,706 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/11/23 19:49:31 | 000,073,330 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/11/23 11:52:14 | 000,052,947 | ---- | M] () -- C:\Documents and Settings\XPS 600\My Documents\090920_133119.jpg
    [2010/11/15 21:07:13 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motport_01005.Wdf
    [2010/11/15 21:06:50 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motmodem_01005.Wdf
    [2010/11/15 21:06:20 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
    [2010/11/15 21:06:20 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motccgp_01005.Wdf
    [2010/11/15 09:07:53 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
    [2010/11/15 09:07:28 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
    [2010/11/10 16:27:53 | 000,000,759 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Picasa 3.lnk
    [2010/11/10 10:12:49 | 001,402,880 | ---- | M] () -- C:\Program Files\HiJackThis.msi
    [2010/11/09 23:50:04 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
    [2010/11/09 23:46:24 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\XPS 600\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
    [2010/11/09 14:21:40 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\XPS 600\Local Settings\Application Data\housecall.guid.cache
    [2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe

    ========== Files Created - No Company Name ==========

    [2010/12/06 10:55:50 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2010/12/06 10:55:48 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2010/12/06 10:52:53 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2010/12/06 10:52:53 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2010/12/06 10:52:53 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2010/12/06 10:52:53 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2010/12/06 10:52:53 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2010/12/06 10:29:10 | 003,985,732 | R--- | C] () -- C:\Documents and Settings\XPS 600\Desktop\ComboFix.exe
    [2010/12/05 16:32:46 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
    [2010/12/05 12:13:41 | 000,001,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
    [2010/12/05 10:36:31 | 004,958,588 | ---- | C] () -- C:\WINDOWS\{00000003-00000000-00000005-00001102-00000004-20021102}.BAK
    [2010/12/04 15:25:41 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\XPS 600\S-1-5-21-3195425923-1285657760-1615779363-1003.rrr.LOG
    [2010/12/04 15:05:57 | 000,000,258 | ---- | C] () -- C:\WINDOWS\tasks\RMSchedule.job
    [2010/12/04 15:05:31 | 000,000,448 | ---- | C] () -- C:\WINDOWS\tasks\RMSmartUpdate.job
    [2010/12/04 15:05:06 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk
    [2010/12/04 15:05:05 | 000,037,336 | ---- | C] () -- C:\WINDOWS\System32\CleanMFT32.exe
    [2010/11/28 08:41:41 | 000,002,302 | ---- | C] () -- C:\Documents and Settings\XPS 600\Desktop\Google Chrome.lnk
    [2010/11/28 08:41:41 | 000,002,280 | ---- | C] () -- C:\Documents and Settings\XPS 600\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2010/11/28 07:07:26 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
    [2010/11/28 07:07:16 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
    [2010/11/28 07:07:16 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
    [2010/11/28 07:07:11 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
    [2010/11/28 07:06:16 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
    [2010/11/28 07:04:17 | 000,000,888 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2010/11/28 07:04:17 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010/11/23 11:53:14 | 000,052,947 | ---- | C] () -- C:\Documents and Settings\XPS 600\My Documents\090920_133119.jpg
    [2010/11/22 20:54:33 | 000,511,488 | ---- | C] () -- C:\WINDOWS\System32\pwmdtl40.dll
    [2010/11/22 20:54:33 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\cwsmaf40.dll
    [2010/11/22 20:54:33 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\cwpwmd10.dll
    [2010/11/22 20:54:32 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
    [2010/11/22 20:54:32 | 000,182,784 | ---- | C] () -- C:\WINDOWS\System32\DGVorbis.dll
    [2010/11/22 20:54:32 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\Mp3dec.dll
    [2010/11/22 20:54:32 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\MP3enc.dll
    [2010/11/22 20:54:32 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
    [2010/11/22 20:54:31 | 001,097,728 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
    [2010/11/22 20:54:31 | 001,003,520 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
    [2010/11/22 20:54:31 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\vorbisfile.dll
    [2010/11/15 21:07:13 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motport_01005.Wdf
    [2010/11/15 21:06:50 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motmodem_01005.Wdf
    [2010/11/15 21:06:20 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
    [2010/11/15 21:06:20 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motccgp_01005.Wdf
    [2010/11/15 09:08:18 | 000,000,282 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3195425923-1285657760-1615779363-1003.job
    [2010/11/15 09:08:17 | 000,000,290 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3195425923-1285657760-1615779363-1003.job
    [2010/11/15 09:07:53 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
    [2010/11/10 16:27:53 | 000,000,759 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Picasa 3.lnk
    [2010/11/10 10:12:37 | 001,402,880 | ---- | C] () -- C:\Program Files\HiJackThis.msi
    [2010/11/10 01:40:07 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
    [2010/11/09 23:51:29 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
    [2010/11/09 23:46:24 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\XPS 600\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
    [2010/11/09 14:21:40 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\XPS 600\Local Settings\Application Data\housecall.guid.cache
    [2010/03/07 23:22:34 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\XPS 600\Local Settings\Application Data\prvlcl.dat
    [2009/11/24 14:05:06 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
    [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
    [2008/09/30 09:38:26 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2008/09/30 09:38:26 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2008/09/06 17:05:17 | 000,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2008/06/03 12:11:33 | 000,000,052 | ---- | C] () -- C:\WINDOWS\pixworks.ini
    [2008/06/03 11:43:14 | 000,000,081 | ---- | C] () -- C:\WINDOWS\importclient.INI
    [2008/06/03 11:34:31 | 000,000,751 | ---- | C] () -- C:\WINDOWS\Bti.ini
    [2008/06/03 11:34:30 | 000,116,640 | ---- | C] () -- C:\WINDOWS\System32\Ptsaci40.dll
    [2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
    [2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
    [2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
    [2007/06/20 18:25:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSREGUSR.INI
    [2007/05/31 09:51:49 | 000,000,211 | ---- | C] () -- C:\WINDOWS\btw.ini
    [2007/05/31 09:50:49 | 000,111,104 | ---- | C] () -- C:\WINDOWS\System32\MVCL13N.DLL
    [2007/05/31 09:40:18 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
    [2007/05/31 09:32:33 | 000,000,057 | ---- | C] () -- C:\WINDOWS\viewer.ini
    [2007/05/31 09:32:31 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\CPUINF32.DLL
    [2007/05/31 09:32:25 | 000,023,076 | ---- | C] () -- C:\WINDOWS\System32\LANDDLL2.DLL
    [2007/05/31 09:32:18 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\gif89.dll
    [2007/05/31 09:32:06 | 000,000,455 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
    [2007/04/09 11:55:14 | 000,097,785 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
    [2007/04/09 11:33:50 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
    [2007/02/03 13:37:23 | 000,002,098 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
    [2007/01/14 22:10:30 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS5p.DLL
    [2007/01/13 18:51:52 | 000,000,179 | ---- | C] () -- C:\WINDOWS\ulead32.ini
    [2007/01/13 14:51:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
    [2006/12/18 22:21:23 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2006/12/18 22:16:56 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2006/12/18 21:41:02 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
    [2006/12/18 21:33:32 | 000,000,559 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2006/12/17 23:42:23 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\XPS 600\Local Settings\Application Data\rx_image.Cache
    [2006/12/17 23:40:03 | 000,008,704 | ---- | C] () -- C:\Documents and Settings\XPS 600\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2006/12/16 23:34:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
    [2006/12/16 22:30:07 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
    [2006/12/16 22:29:32 | 000,043,517 | ---- | C] () -- C:\WINDOWS\System32\e10kxwdm.ini
    [2006/12/16 22:29:32 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
    [2006/12/16 22:29:21 | 000,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
    [2006/12/16 22:29:21 | 000,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
    [2006/12/16 22:27:53 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
    [2006/12/16 10:19:20 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2006/12/08 14:09:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2006/10/22 13:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
    [2006/10/22 13:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
    [2006/10/22 13:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi(3).dll
    [2006/10/22 13:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi(2).dll
    [2006/09/17 00:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
    [2006/09/17 00:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
    [2005/06/16 09:17:16 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
    [2004/01/30 09:37:50 | 000,000,092 | R--- | C] () -- C:\WINDOWS\System32\FTDIUN2K.INI
    [2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
    [2002/03/01 14:43:34 | 000,028,008 | ---- | C] () -- C:\WINDOWS\System32\SUSUSB.SYS
    [2001/09/19 12:41:46 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\opcode.dll

    ========== LOP Check ==========

    [2010/12/06 10:09:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
    [2010/10/22 07:51:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2010/10/22 07:57:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2009/03/14 13:35:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
    [2008/04/27 19:54:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FunGames
    [2008/09/07 14:52:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
    [2010/10/22 07:49:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2007/12/07 20:42:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
    [2007/07/28 16:41:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
    [2008/09/08 15:45:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
    [2007/01/13 17:34:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nova Development
    [2009/03/15 15:18:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
    [2009/03/27 15:35:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
    [2007/04/17 16:25:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
    [2008/09/29 08:34:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
    [2010/12/06 20:45:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2007/01/13 18:51:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
    [2008/09/07 17:06:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
    [2008/11/04 17:39:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
    [2009/09/15 19:15:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2010/11/09 23:46:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{E961CE1B-C3EA-4882-9F67-F859B555D097}
    [2010/10/22 07:58:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\AVG10
    [2010/04/24 10:48:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\Clip Art Collection
    [2009/01/22 19:10:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2010/08/24 17:13:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\CVS
    [2008/09/24 18:56:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\Eyeblaster
    [2008/09/11 18:41:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\funkitron
    [2009/03/15 16:55:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\GetRightToGo
    [2008/09/07 14:52:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\Grisoft
    [2008/10/04 14:56:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\iWin
    [2006/12/18 11:07:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\Leadertech
    [2010/01/07 13:33:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\LimeWire
    [2008/12/20 17:20:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\LinkedLetters
    [2008/09/08 15:42:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\NCH Swift Sound
    [2008/12/05 17:26:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\Nova Development
    [2009/03/27 15:35:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\PlayFirst
    [2007/09/22 19:54:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\Pogo Games
    [2010/12/04 15:47:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\Registry Mechanic
    [2009/03/15 16:51:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\SystemRequirementsLab
    [2007/01/13 18:51:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\Ulead Systems
    [2010/12/04 14:27:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\Uniblue
    [2009/03/15 16:43:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\Windows Desktop Search
    [2008/09/24 19:27:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\Windows Search
    [2010/12/05 17:55:45 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
    [2010/12/06 20:45:15 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\RMSchedule.job
    [2010/12/06 15:05:04 | 000,000,448 | ---- | M] () -- C:\WINDOWS\Tasks\RMSmartUpdate.job
    [2010/12/06 17:49:40 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{876214DB-76CA-4704-8B18-8DC38E3EA59F}.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2010/12/06 21:43:18 | 000,005,772 | ---- | M] () -- C:\aaw7boot.log
    [2006/12/16 16:28:37 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2008/09/09 10:01:25 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2010/12/06 10:55:50 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2010/12/06 21:47:43 | 000,074,156 | ---- | M] () -- C:\ComboFix.txt
    [2006/12/16 16:28:37 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2010/10/14 11:06:44 | 000,000,000 | ---- | M] () -- C:\FIGHT0~1.DOC
    [2010/10/14 11:06:44 | 000,029,184 | ---- | M] () -- C:\INADA2~1.DOC
    [2006/12/16 16:28:37 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2007/12/07 20:36:10 | 000,000,031 | ---- | M] () -- C:\log.txt
    [2006/12/16 16:28:37 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2004/08/12 08:25:07 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008/09/12 08:17:31 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2010/12/06 21:43:18 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys

    < %systemroot%\Fonts\*.com >
    [2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/12/16 16:28:24 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2003/12/24 00:00:00 | 000,017,920 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD5p.DLL
    [2003/12/24 00:00:00 | 000,050,176 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP5p.DLL
    [2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2007/04/09 12:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
    [2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >
    [2006/10/08 22:20:29 | 000,355,658 | ---- | M] () -- C:\WINDOWS\DellBubbles.jpg
    [2006/10/08 22:20:18 | 000,161,128 | ---- | M] () -- C:\WINDOWS\dellienware2.jpg
    [2006/10/08 22:20:45 | 000,072,115 | ---- | M] () -- C:\WINDOWS\Dellpaper202.jpg
    [2006/10/08 22:20:57 | 000,106,665 | ---- | M] () -- C:\WINDOWS\DellXPS.jpg
    [2006/10/08 22:21:16 | 000,404,296 | ---- | M] () -- C:\WINDOWS\NebulaGeForce.jpg
    [2006/10/08 22:21:46 | 000,494,321 | ---- | M] () -- C:\WINDOWS\NF2_wpaper_l2.jpg
    [2006/10/08 22:22:19 | 000,141,305 | ---- | M] () -- C:\WINDOWS\wp_dell_ball.jpg
    [2006/10/08 22:22:30 | 000,030,181 | ---- | M] () -- C:\WINDOWS\wp_dell_chrome.jpg
    [2006/10/08 22:22:42 | 000,074,416 | ---- | M] () -- C:\WINDOWS\XPS.jpg
    [2006/10/08 22:22:53 | 000,441,345 | ---- | M] () -- C:\WINDOWS\xpsblue2aq.jpg

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2004/06/08 15:51:58 | 000,106,496 | ---- | M] (Nova Development.) -- C:\WINDOWS\UPSCR.Scr

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2010/11/10 10:12:49 | 001,402,880 | ---- | M] () -- C:\Program Files\HiJackThis.msi

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2006/12/16 10:17:33 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2006/12/16 10:17:33 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2006/12/16 10:17:33 | 000,917,504 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2008/09/12 08:23:04 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini
    [2006/12/16 22:30:12 | 000,000,185 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Free AOL & Unlimited Internet.url

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2007/01/09 00:02:01 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\XPS 600\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2006/12/16 17:24:00 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\XPS 600\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2010/12/06 21:32:59 | 003,985,732 | R--- | M] () -- C:\Documents and Settings\XPS 600\Desktop\ComboFix.exe
    [2008/05/01 16:53:41 | 002,588,163 | ---- | M] (Multidmedia Limited) -- C:\Documents and Settings\XPS 600\Desktop\DisneyPhotoFramerXP.exe
    [2009/03/15 15:38:54 | 005,061,752 | ---- | M] (W3i, LLC) -- C:\Documents and Settings\XPS 600\Desktop\radarsync_9292.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >
    [2000/01/18 15:10:02 | 000,021,288 | ---- | M] (Microtek International Inc.) -- C:\WINDOWS\Driver Cache\msmusd.dll

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2007/01/09 00:02:01 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\XPS 600\Favorites\Desktop.ini
    [2008/09/08 15:42:24 | 000,000,180 | ---- | M] () -- C:\Documents and Settings\XPS 600\Favorites\NCH Audio and Telephony Software Page.lnk
    [2008/09/08 15:44:25 | 000,000,262 | ---- | M] () -- C:\Documents and Settings\XPS 600\Favorites\NCH Audio and Telephony Software.lnk
    [2008/11/07 09:05:19 | 000,000,508 | ---- | M] () -- C:\Documents and Settings\XPS 600\Favorites\NCH Software Download.lnk

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2008/10/05 09:51:09 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\XPS 600\Cookies\desktop.ini
    [2010/12/06 21:53:46 | 000,032,768 | -HS- | M] () -- C:\Documents and Settings\XPS 600\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2007/06/26 21:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/13 19:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2004/08/04 02:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2004/08/04 02:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008/05/02 09:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 12:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/13 19:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2007/04/02 13:07:23 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2007/04/02 13:07:23 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2007/04/02 13:07:24 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2004/08/04 02:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/08/04 02:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    @Alternate Data Stream - 157 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
    @Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
    @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B623B5B8
    @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D09AEE3D

    < End of report >
  13. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      PRC - [2008/02/09 19:06:33 | 000,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
      SRV - File not found [On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
      SRV - [2008/02/09 19:06:33 | 000,238,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
      SRV - [2008/02/09 19:06:25 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
      DRV - [2008/09/07 08:11:34 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
      DRV - [2008/02/06 16:43:54 | 000,031,408 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
      DRV - [2008/02/06 16:43:54 | 000,031,408 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
      DRV - [2008/02/05 14:34:44 | 000,188,464 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
      DRV - [2008/02/05 14:34:44 | 000,096,432 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
      DRV - [2008/02/05 14:34:44 | 000,038,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
      DRV - [2008/02/05 14:34:44 | 000,037,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
      DRV - [2008/02/05 14:34:44 | 000,022,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
      DRV - [2008/02/05 14:34:44 | 000,013,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
      FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
      FF - HKLM\software\mozilla\Firefox\extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared
      O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
      O15 - HKCU\..Trusted Domains: aol.com ([free] http in Trusted sites)
      O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
      O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
      O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
      O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
      O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
      O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
      O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll File not found
      [2010/12/06 10:09:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
      [2010/10/22 07:51:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
      [2010/10/22 07:58:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\AVG10
      [2008/09/07 14:52:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\Grisoft
      @Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
      @Alternate Data Stream - 157 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
      @Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
      @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B623B5B8
      @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D09AEE3D
      
      :Services
      
      :Reg
      
      :Files
      C:\Program Files\Symantec
      
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =======================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  14. Rotten Rebel

    Rotten Rebel Newcomer, in training Topic Starter Posts: 34

    Broni,
    The last OTL scan you had me run has started a popup upon boot and also stopped my internet connection. I finally got the internet back but popup still there. Also in device mgr I now have 3 exclamation points in networking. I took pic if you want I will attach in next post.

    Popup:
    16 bit windows subsystem
    C:\PROGRA~1\Symantic|S32EVNT1.DLL. An installable Virtual Device Driver failed DLL initialization. Chose close to terminate the application.

    I have not run the last scans yet. I wanted to let you know about the OTL scan first before proceeding.
    Here are the results of the OTL scan.

    All processes killed
    ========== OTL ==========
    No active process named AluSchedulerSvc.exe was found!
    Service Symantec Core LC stopped successfully!
    Service Symantec Core LC deleted successfully!
    File C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe not found.
    Service Automatic LiveUpdate Scheduler stopped successfully!
    Service Automatic LiveUpdate Scheduler deleted successfully!
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe moved successfully.
    Service LiveUpdate stopped successfully!
    Service LiveUpdate deleted successfully!
    C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE moved successfully.
    Error: Unable to stop service SymEvent!
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SymEvent deleted successfully.
    C:\WINDOWS\system32\drivers\SYMEVENT.SYS moved successfully.
    Error: Unable to stop service SymIMMP!
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SymIMMP deleted successfully.
    C:\WINDOWS\system32\drivers\SymIM.sys moved successfully.
    Service SymIM stopped successfully!
    Service SymIM deleted successfully!
    File C:\WINDOWS\system32\drivers\SymIM.sys not found.
    Service SYMTDI stopped successfully!
    Service SYMTDI deleted successfully!
    C:\WINDOWS\system32\drivers\symtdi.sys moved successfully.
    Service SYMFW stopped successfully!
    Service SYMFW deleted successfully!
    C:\WINDOWS\system32\drivers\symfw.sys moved successfully.
    Service SYMIDS stopped successfully!
    Service SYMIDS deleted successfully!
    C:\WINDOWS\system32\drivers\symids.sys moved successfully.
    Service SYMNDIS stopped successfully!
    Service SYMNDIS deleted successfully!
    C:\WINDOWS\system32\drivers\symndis.sys moved successfully.
    Service SYMREDRV stopped successfully!
    Service SYMREDRV deleted successfully!
    C:\WINDOWS\system32\drivers\symredrv.sys moved successfully.
    Service SYMDNS stopped successfully!
    Service SYMDNS deleted successfully!
    C:\WINDOWS\system32\drivers\symdns.sys moved successfully.
    Prefs.js: "AVG Secure Search" removed from browser.search.defaultenginename
    Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@igeared deleted successfully.
    File C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aol.com\free\ deleted successfully.
    Starting removal of ActiveX control {6A344D34-5231-452A-8A57-D064AC9B7862}
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6A344D34-5231-452A-8A57-D064AC9B7862}\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6A344D34-5231-452A-8A57-D064AC9B7862}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A344D34-5231-452A-8A57-D064AC9B7862}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6A344D34-5231-452A-8A57-D064AC9B7862}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A344D34-5231-452A-8A57-D064AC9B7862}\ not found.
    Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\avgsecuritytoolbar\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F2DDE6B2-9684-4A55-86D4-E255E237B77C}\ deleted successfully.
    File {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll File not found not found.
    C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar\cache folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\avg9\update\prepare\temp folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\avg9\update\prepare folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\avg9\update\backup folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\avg9\update folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\avg9\Temp folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\avg9\scanlogs folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\avg9\Log folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\avg9\emc folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\avg9\Dumps folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\avg9\CfgAll folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\avg9\Cfg folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\avg9\AvgApi folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\avg9\AvgAm folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\avg9\admincli folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\avg9 folder moved successfully.
    C:\Documents and Settings\XPS 600\Application Data\AVG10\cfgall folder moved successfully.
    C:\Documents and Settings\XPS 600\Application Data\AVG10 folder moved successfully.
    C:\Documents and Settings\XPS 600\Application Data\Grisoft\AVG Antispyware 7.5\Reports folder moved successfully.
    C:\Documents and Settings\XPS 600\Application Data\Grisoft\AVG Antispyware 7.5\quarantine folder moved successfully.
    C:\Documents and Settings\XPS 600\Application Data\Grisoft\AVG Antispyware 7.5 folder moved successfully.
    C:\Documents and Settings\XPS 600\Application Data\Grisoft folder moved successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:B623B5B8 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:D09AEE3D deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    C:\Program Files\Symantec\LiveUpdate\Lang\09\01 folder moved successfully.
    C:\Program Files\Symantec\LiveUpdate\Lang\09 folder moved successfully.
    C:\Program Files\Symantec\LiveUpdate\Lang folder moved successfully.
    C:\Program Files\Symantec\LiveUpdate folder moved successfully.
    C:\Program Files\Symantec folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Diane
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes
    ->FireFox cache emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: XPS 600
    ->Temp folder emptied: 2706 bytes
    ->Temporary Internet Files folder emptied: 1277450 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 63684146 bytes
    ->Google Chrome cache emptied: 152370293 bytes
    ->Flash cache emptied: 3781 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 132505 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 2240376 bytes

    Total Files Cleaned = 210.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Diane
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: NetworkService

    User: XPS 600
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.17.3 log created on 12072010_101416

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
  15. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    If you mean a screenshot, please do.

    Regarding pop-up, re-run OTL "Quick scan" and post fresh log.
  16. Rotten Rebel

    Rotten Rebel Newcomer, in training Topic Starter Posts: 34

    OK I ran the OTL quick scan again and I still have the pop up when computer is booted.
    I will also attach the screen shot from device mgr.

    16 bit windows subsystem
    C:\PROGRA~1\Symantic|S32EVNT1.DLL. An installable Virtual Device Driver failed DLL initialization. Chose close to terminate the application.

    Here is the results from the OTL scan:

    OTL logfile created on: 12/8/2010 7:46:38 AM - Run 2
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\XPS 600\My Documents\Downloads
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 465.76 Gb Total Space | 427.33 Gb Free Space | 91.75% Space Free | Partition Type: NTFS

    Computer Name: DIANE-DAVID | User Name: XPS 600 | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/12/07 00:07:15 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\XPS 600\My Documents\Downloads\OTL.exe
    PRC - [2010/11/28 12:10:32 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    PRC - [2010/10/14 22:29:35 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Documents and Settings\XPS 600\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    PRC - [2010/10/01 13:27:22 | 000,632,792 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
    PRC - [2010/08/02 16:10:00 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
    PRC - [2010/08/02 16:09:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2010/08/02 16:09:55 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    PRC - [2008/05/30 13:41:28 | 000,182,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows SteadyState\Bubble.exe
    PRC - [2008/05/30 13:41:28 | 000,115,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows SteadyState\SCTSvc.exe
    PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/04/09 11:32:32 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CtHelper.exe
    PRC - [2007/01/31 13:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
    PRC - [2006/10/20 18:23:38 | 000,118,784 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    PRC - [2005/07/22 16:02:40 | 000,126,464 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvraidservice.exe
    PRC - [2003/10/08 17:35:42 | 000,139,264 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
    PRC - [2003/05/15 02:19:50 | 000,217,193 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/12/07 00:07:15 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\XPS 600\My Documents\Downloads\OTL.exe
    MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
    MOD - [2007/04/09 11:32:30 | 000,008,704 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\ctagent.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2010/11/23 20:05:21 | 001,375,992 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
    SRV - [2010/10/01 13:27:22 | 000,632,792 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
    SRV - [2010/08/02 16:10:00 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2010/08/02 16:09:55 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2010/03/15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
    SRV - [2010/03/11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
    SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
    SRV - [2008/05/30 13:41:28 | 000,115,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows SteadyState\SCTSvc.exe -- (Windows SteadyState)
    SRV - [2007/03/19 20:19:14 | 000,263,168 | ---- | M] (Ares Development Group) [On_Demand | Stopped] -- C:\Program Files\Ares\chatServer.exe -- (AresChatServer)
    SRV - [2007/01/31 13:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
    SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
    SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
    DRV - [2010/12/06 11:45:15 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
    DRV - [2010/09/23 02:46:08 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
    DRV - [2010/08/02 16:10:08 | 000,126,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
    DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
    DRV - [2010/06/17 15:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
    DRV - [2010/03/29 10:06:14 | 000,218,592 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
    DRV - [2010/01/12 11:03:34 | 010,276,768 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
    DRV - [2008/09/08 15:42:15 | 000,027,136 | ---- | M] (NCH Swift Sound) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nchssvad.sys -- (NCHSSVAD)
    DRV - [2008/08/21 23:49:58 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)
    DRV - [2008/08/21 23:49:22 | 000,018,688 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)
    DRV - [2008/04/13 13:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (NM)
    DRV - [2008/04/13 13:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
    DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motport.sys -- (motport)
    DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
    DRV - [2007/04/18 07:59:40 | 000,098,600 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\COMMONFX.DLL -- (COMMONFX.DLL)
    DRV - [2007/04/12 07:10:26 | 000,164,608 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CT20XUT.DLL -- (CT20XUT.DLL)
    DRV - [2007/04/12 07:10:26 | 000,066,816 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTHWIUT.DLL -- (CTHWIUT.DLL)
    DRV - [2007/04/12 07:10:24 | 001,317,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
    DRV - [2007/04/12 07:10:22 | 000,323,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
    DRV - [2007/04/12 07:10:22 | 000,128,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
    DRV - [2007/04/12 07:10:20 | 000,280,320 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
    DRV - [2007/04/12 07:10:20 | 000,094,976 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTERFXFX.DLL -- (CTERFXFX.DLL)
    DRV - [2007/04/12 07:10:18 | 000,168,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
    DRV - [2007/04/12 07:10:16 | 000,560,384 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\CTSBLFX.DLL -- (CTSBLFX.DLL)
    DRV - [2007/04/12 07:10:16 | 000,546,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\CTAUDFX.DLL -- (CTAUDFX.DLL)
    DRV - [2007/04/10 05:00:24 | 000,157,480 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
    DRV - [2007/04/10 04:59:04 | 000,126,760 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
    DRV - [2007/04/10 03:32:34 | 000,016,168 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pfmodnt.sys -- (PfDetNT)
    DRV - [2007/04/10 03:32:06 | 000,189,736 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
    DRV - [2007/04/10 03:31:18 | 000,163,112 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
    DRV - [2007/04/10 03:29:10 | 000,797,992 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
    DRV - [2007/04/10 03:28:36 | 000,092,968 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
    DRV - [2007/04/10 03:25:46 | 000,014,632 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
    DRV - [2007/04/10 03:21:06 | 000,347,128 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
    DRV - [2007/04/10 03:20:38 | 000,520,488 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
    DRV - [2007/04/10 03:19:30 | 000,511,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
    DRV - [2006/11/01 09:59:36 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
    DRV - [2006/11/01 09:59:10 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
    DRV - [2006/11/01 09:59:10 | 000,035,064 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
    DRV - [2006/11/01 09:59:08 | 000,098,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
    DRV - [2006/11/01 09:59:06 | 000,026,744 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
    DRV - [2006/11/01 09:59:04 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
    DRV - [2006/11/01 09:59:02 | 000,104,760 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
    DRV - [2006/11/01 09:59:02 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
    DRV - [2006/10/25 09:22:22 | 000,099,816 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
    DRV - [2006/09/15 10:45:24 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
    DRV - [2006/09/15 10:45:22 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
    DRV - [2006/09/15 10:42:52 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
    DRV - [2005/08/18 15:52:08 | 000,077,056 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvraid.sys -- (nvraid) NVIDIA nForce(tm)
    DRV - [2005/07/26 18:48:30 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
    DRV - [2005/07/26 18:48:28 | 000,033,664 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
    DRV - [2005/07/19 22:59:26 | 000,093,440 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)
    DRV - [2002/09/13 07:35:44 | 000,448,640 | ---- | M] (ahead software) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\bsudf.sys -- (BsUDF)
    DRV - [2002/06/05 18:07:00 | 000,009,344 | ---- | M] (B.H.A Co.,Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\bsstor.sys -- (BsStor)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: ""
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/"
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {afe43e80-0abc-4df2-81a0-3fe44b74abe8}:1.300.306
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..keyword.URL: "http://ws.infospace.com/gamers_tbar/ws/redir?_iceUrl=true&user_id=38549313&tool_id=60531&qkw="


    FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/11/15 09:07:46 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/28 08:35:30 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/22 18:02:21 | 000,000,000 | ---D | M]

    [2010/01/07 10:42:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\Mozilla\Extensions
    [2010/01/07 10:42:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\Mozilla\Extensions\mozswing@mozswing.org
    [2010/12/08 07:02:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\Mozilla\Firefox\Profiles\thy8db67.default\extensions
    [2010/04/27 12:27:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\XPS 600\Application Data\Mozilla\Firefox\Profiles\thy8db67.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/12/02 14:52:28 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Documents and Settings\XPS 600\Application Data\Mozilla\Firefox\Profiles\thy8db67.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
    [2010/08/09 10:32:26 | 000,000,000 | ---D | M] (Gamers Unite! Snag Bar) -- C:\Documents and Settings\XPS 600\Application Data\Mozilla\Firefox\Profiles\thy8db67.default\extensions\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}
    [2010/04/15 08:05:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\Mozilla\Firefox\Profiles\thy8db67.default\extensions\DeviceDetection@logitech(2).com
    [2010/08/09 10:32:39 | 000,001,742 | ---- | M] () -- C:\Documents and Settings\XPS 600\Application Data\Mozilla\Firefox\Profiles\thy8db67.default\searchplugins\search-the-web.xml
    [2010/12/08 07:12:43 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/04/15 09:26:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/09/25 07:16:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/10/22 08:17:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2008/06/18 01:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
    [2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

    O1 HOSTS File: ([2010/12/06 21:43:31 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
    O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [Bubble] C:\Program Files\Windows SteadyState\Bubble.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
    O4 - HKLM..\Run: [Logoff] C:\Program Files\Windows SteadyState\SCTUINotify.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe (NVIDIA Corporation)
    O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
    O4 - HKCU..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe (Creative Technology Ltd)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe (Mattel Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Scanner Detector.lnk = C:\Program Files\ScanSuite\SDetect.exe (Microtek)
    O4 - Startup: C:\Documents and Settings\XPS 600\Start Menu\Programs\Startup\Event Reminder.lnk = C:\pmw\PMREMIND.EXE ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
    O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
    O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab (StagingUI Object)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} http://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab (FunGamesLoader Object)
    O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB (PogoWebLauncher Control)
    O16 - DPF: {38A5F6F0-0B64-421B-A553-3D49A76ECDCD} http://cdn.ll.neoedge.com/webgames/MythicMarbles/MythicMarbles.1.0.0.2.cab (CPlayFirstMythicMarblesControl Object)
    O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab (MSN Games – Buddy Invite)
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-24-0.cab (EPUImageControl Class)
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cab (MSN Photo Upload Tool)
    O16 - DPF: {555F1BBC-6EC2-474F-84AF-633EF097FF54} http://www.worldwinner.com/games/v52/wwhearts/wwhearts.cab (WWHearts Control)
    O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} http://www.ca.com/us/securityadvisor/pestscan/pestscan.cab (PSFormX Control)
    O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab (ZonePAChat Object)
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab (Windows Live Safety Center Base Module)
    O16 - DPF: {61900274-3323-4446-BDCD-91548D32AF1B} http://www.worldwinner.com/games/v56/spidersolitaire/spidersolitaire.cab (SpiderSolitaire Control)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1169378728031 (MUWebControl Class)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab (WScanCtl Class)
    O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://zone.msn.com/bingame/amun/default/mjolauncher.cab (MJLauncherCtrl Class)
    O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} http://zone.msn.com/bingame/zpagames/zpa_dmno.cab55579.cab (ZPA_DMNO Object)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {8C63DABA-CBA8-4B5D-A0F7-AE00F2920929} http://cdn2.zone.msn.com/Bingame/BRDG/dataFiles/heartbeat.cab (Bridge Installer)
    O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab58570.cab (ZPA_HRTZ Object)
    O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} http://www.worldwinner.com/games/v46/sol/sol.cab (Sol Control)
    O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} http://www.worldwinner.com/games/v49/luxor/luxor.cab (WwLuxor Control)
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab (MSN Games - Installer)
    O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} http://www.worldwinner.com/games/v42/tilecity/tilecity.cab (Tilecity Control)
    O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} http://www.worldwinner.com/games/v45/royal/royal.cab (Royal Control)
    O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} http://diy.view22.com/view22/diyapp/View22RTE.cab (View22RTE Class)
    O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} http://support.f-secure.com/ols/fscax.cab (F-Secure Online Scanner 3.3)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} http://www.worldwinner.com/games/v47/familyfeud/familyfeud.cab (FamilyFeud Control)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} http://zone.msn.com/bingame/gold/UnSkin/gf.cab (TikGames Online Control)
    O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} http://zone.msn.com/binframework/v10/StProxy.cab55579.cab (MSN Games – Game Communicator)
    O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab (SCEWebLauncherCtl Object)
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5257/mcfscan.cab (McFreeScan Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\XPS 600\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\XPS 600\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/12/16 16:28:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
  17. Rotten Rebel

    Rotten Rebel Newcomer, in training Topic Starter Posts: 34

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/12/07 10:14:16 | 000,000,000 | ---D | C] -- C:\_OTL
    [2010/12/07 10:13:30 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2010/12/06 21:50:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
    [2010/12/06 10:55:48 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/12/06 10:52:53 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2010/12/06 10:52:53 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2010/12/06 10:52:53 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2010/12/06 10:52:53 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2010/12/06 10:44:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/12/06 10:31:14 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/12/05 16:35:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XPS 600\Application Data\Avira
    [2010/12/05 16:32:34 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
    [2010/12/05 16:32:33 | 000,126,856 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
    [2010/12/05 16:32:33 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
    [2010/12/05 16:32:33 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
    [2010/12/05 16:32:33 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
    [2010/12/05 16:32:31 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
    [2010/12/05 16:32:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
    [2010/12/04 22:32:15 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2010/12/04 20:23:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XPS 600\My Documents\cleaner backup registry file
    [2010/12/04 20:21:47 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\XPS 600\Recent
    [2010/12/04 15:05:05 | 001,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\WINDOWS\System32\UniBox210.ocx
    [2010/12/04 15:05:05 | 000,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\WINDOWS\System32\UniBox10.ocx
    [2010/12/04 15:05:05 | 000,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\WINDOWS\System32\UniBoxVB12.ocx
    [2010/12/04 14:26:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XPS 600\Local Settings\Application Data\PackageAware
    [2010/12/04 14:03:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XPS 600\Application Data\Google
    [2010/11/28 07:10:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
    [2010/11/28 07:07:26 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
    [2010/11/28 07:07:16 | 000,218,592 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
    [2010/11/28 07:07:16 | 000,088,040 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
    [2010/11/28 07:07:11 | 000,063,360 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
    [2010/11/28 07:06:49 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
    [2010/11/28 07:06:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
    [2010/11/28 07:06:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XPS 600\Application Data\PC Tools
    [2010/11/28 07:06:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
    [2010/11/23 11:48:19 | 000,000,000 | ---D | C] -- C:\Program Files\Cell Phone Manager
    [2010/11/22 20:54:35 | 000,305,432 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\WINDOWS\System32\Threed20.ocx
    [2010/11/22 20:54:33 | 000,170,248 | ---- | C] (/n software inc. - www.nsoftware.com) -- C:\WINDOWS\System32\webupl50.ocx
    [2010/11/22 20:54:33 | 000,114,688 | ---- | C] (DGPDev, DevNetMedia) -- C:\WINDOWS\System32\cwmpedit.ocx
    [2010/11/22 20:54:31 | 000,073,728 | ---- | C] (Viscom Software ) -- C:\WINDOWS\System32\ImageViewer2.OCX
    [2010/11/22 20:54:30 | 000,000,000 | ---D | C] -- C:\Program Files\Coding Workshop Polyphonic Wizard
    [2010/11/22 20:05:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XPS 600\My Documents\DataPilot
    [2010/11/22 20:04:54 | 000,000,000 | ---D | C] -- C:\WINNT
    [2010/11/22 18:28:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XPS 600\My Documents\bitpim
    [2010/11/22 18:28:18 | 000,000,000 | ---D | C] -- C:\Program Files\BitPim
    [2010/11/15 09:07:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
    [2010/11/10 09:13:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/11/10 09:13:50 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/11/09 23:54:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\Trend_Micro
    [2010/11/09 23:50:07 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
    [2010/11/09 23:50:05 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
    [2010/11/09 23:47:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XPS 600\Local Settings\Application Data\Sunbelt Software
    [2010/11/09 23:46:27 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{E961CE1B-C3EA-4882-9F67-F859B555D097}
    [2010/11/09 23:46:08 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
    [2006/12/16 22:29:13 | 000,034,816 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll

    ========== Files - Modified Within 30 Days ==========

    [2010/12/08 07:34:00 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3195425923-1285657760-1615779363-1003UA.job
    [2010/12/08 07:15:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2010/12/08 07:13:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3195425923-1285657760-1615779363-1008UA.job
    [2010/12/08 07:02:57 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{876214DB-76CA-4704-8B18-8DC38E3EA59F}.job
    [2010/12/07 22:08:31 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000005-00001102-00000004-20021102}.rfx
    [2010/12/07 22:08:31 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000005-00001102-00000004-20021102}.rfx
    [2010/12/07 22:08:31 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000003-00000000-00000005-00001102-00000004-20021102}.rfx
    [2010/12/07 22:08:31 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000003-00000000-00000005-00001102-00000004-20021102}.rfx
    [2010/12/07 22:08:31 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000005-00001102-00000004-20021102}.rfx
    [2010/12/07 22:08:30 | 004,958,588 | ---- | M] () -- C:\WINDOWS\{00000003-00000000-00000005-00001102-00000004-20021102}.CDF
    [2010/12/07 22:08:30 | 004,958,588 | ---- | M] () -- C:\WINDOWS\{00000003-00000000-00000005-00001102-00000004-20021102}.BAK
    [2010/12/07 20:07:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2010/12/07 20:05:04 | 000,000,448 | ---- | M] () -- C:\WINDOWS\tasks\RMSmartUpdate.job
    [2010/12/07 19:12:55 | 000,000,258 | ---- | M] () -- C:\WINDOWS\tasks\RMSchedule.job
    [2010/12/07 18:13:50 | 000,267,725 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
    [2010/12/07 18:13:40 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010/12/07 18:13:40 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3195425923-1285657760-1615779363-1003.job
    [2010/12/07 18:13:10 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/12/07 18:13:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/12/07 18:13:04 | 000,334,664 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/12/07 17:50:55 | 000,080,090 | ---- | M] () -- C:\Documents and Settings\XPS 600\Application Data\SMBIOSSP.exe
    [2010/12/07 15:35:54 | 000,447,706 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/12/07 15:35:54 | 000,073,330 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/12/07 14:13:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3195425923-1285657760-1615779363-1008Core.job
    [2010/12/07 11:28:56 | 000,104,398 | ---- | M] () -- C:\Documents and Settings\XPS 600\Desktop\Device Mgr pic.JPG
    [2010/12/07 08:36:24 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3195425923-1285657760-1615779363-1003.job
    [2010/12/06 23:34:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3195425923-1285657760-1615779363-1003Core.job
    [2010/12/06 21:43:31 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010/12/06 21:32:59 | 003,985,732 | R--- | M] () -- C:\Documents and Settings\XPS 600\Desktop\ComboFix.exe
    [2010/12/06 11:45:15 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
    [2010/12/06 10:55:50 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2010/12/05 17:55:45 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
    [2010/12/05 16:32:46 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
    [2010/12/05 12:14:06 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
    [2010/12/04 16:11:49 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\XPS 600\Local Settings\Application Data\prvlcl.dat
    [2010/12/04 15:05:06 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk
    [2010/12/03 21:34:56 | 000,002,302 | ---- | M] () -- C:\Documents and Settings\XPS 600\Desktop\Google Chrome.lnk
    [2010/12/03 21:34:56 | 000,002,280 | ---- | M] () -- C:\Documents and Settings\XPS 600\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/11/28 07:57:54 | 000,008,704 | ---- | M] () -- C:\Documents and Settings\XPS 600\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/11/28 07:06:16 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
    [2010/11/23 11:52:14 | 000,052,947 | ---- | M] () -- C:\Documents and Settings\XPS 600\My Documents\090920_133119.jpg
    [2010/11/15 21:07:13 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motport_01005.Wdf
    [2010/11/15 21:06:50 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motmodem_01005.Wdf
    [2010/11/15 21:06:20 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
    [2010/11/15 21:06:20 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motccgp_01005.Wdf
    [2010/11/15 09:07:53 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
    [2010/11/15 09:07:28 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
    [2010/11/10 16:27:53 | 000,000,759 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Picasa 3.lnk
    [2010/11/10 10:12:49 | 001,402,880 | ---- | M] () -- C:\Program Files\HiJackThis.msi
    [2010/11/09 23:50:04 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
    [2010/11/09 23:46:24 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\XPS 600\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
    [2010/11/09 14:21:40 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\XPS 600\Local Settings\Application Data\housecall.guid.cache

    ========== Files Created - No Company Name ==========

    [2010/12/07 17:50:55 | 000,080,090 | ---- | C] () -- C:\Documents and Settings\XPS 600\Application Data\SMBIOSSP.exe
    [2010/12/07 12:31:55 | 000,000,080 | ---- | C] () -- C:\Documents and Settings\XPS 600\Local Settings\Application Data\FASTWiz.log
    [2010/12/07 11:28:55 | 000,104,398 | ---- | C] () -- C:\Documents and Settings\XPS 600\Desktop\Device Mgr pic.JPG
    [2010/12/06 10:55:50 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2010/12/06 10:55:48 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2010/12/06 10:52:53 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2010/12/06 10:52:53 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2010/12/06 10:52:53 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2010/12/06 10:52:53 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2010/12/06 10:52:53 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2010/12/06 10:29:10 | 003,985,732 | R--- | C] () -- C:\Documents and Settings\XPS 600\Desktop\ComboFix.exe
    [2010/12/05 16:32:46 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
    [2010/12/05 12:13:41 | 000,001,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
    [2010/12/05 10:36:31 | 004,958,588 | ---- | C] () -- C:\WINDOWS\{00000003-00000000-00000005-00001102-00000004-20021102}.BAK
    [2010/12/04 15:25:41 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\XPS 600\S-1-5-21-3195425923-1285657760-1615779363-1003.rrr.LOG
    [2010/12/04 15:05:57 | 000,000,258 | ---- | C] () -- C:\WINDOWS\tasks\RMSchedule.job
    [2010/12/04 15:05:31 | 000,000,448 | ---- | C] () -- C:\WINDOWS\tasks\RMSmartUpdate.job
    [2010/12/04 15:05:06 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk
    [2010/12/04 15:05:05 | 000,037,336 | ---- | C] () -- C:\WINDOWS\System32\CleanMFT32.exe
    [2010/11/28 08:41:41 | 000,002,302 | ---- | C] () -- C:\Documents and Settings\XPS 600\Desktop\Google Chrome.lnk
    [2010/11/28 08:41:41 | 000,002,280 | ---- | C] () -- C:\Documents and Settings\XPS 600\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2010/11/28 07:07:26 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
    [2010/11/28 07:07:16 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
    [2010/11/28 07:07:16 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
    [2010/11/28 07:07:11 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
    [2010/11/28 07:06:16 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
    [2010/11/28 07:04:17 | 000,000,888 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2010/11/28 07:04:17 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010/11/23 11:53:14 | 000,052,947 | ---- | C] () -- C:\Documents and Settings\XPS 600\My Documents\090920_133119.jpg
    [2010/11/22 20:54:33 | 000,511,488 | ---- | C] () -- C:\WINDOWS\System32\pwmdtl40.dll
    [2010/11/22 20:54:33 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\cwsmaf40.dll
    [2010/11/22 20:54:33 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\cwpwmd10.dll
    [2010/11/22 20:54:32 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
    [2010/11/22 20:54:32 | 000,182,784 | ---- | C] () -- C:\WINDOWS\System32\DGVorbis.dll
    [2010/11/22 20:54:32 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\Mp3dec.dll
    [2010/11/22 20:54:32 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\MP3enc.dll
    [2010/11/22 20:54:32 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
    [2010/11/22 20:54:31 | 001,097,728 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
    [2010/11/22 20:54:31 | 001,003,520 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
    [2010/11/22 20:54:31 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\vorbisfile.dll
    [2010/11/15 21:07:13 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motport_01005.Wdf
    [2010/11/15 21:06:50 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motmodem_01005.Wdf
    [2010/11/15 21:06:20 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
    [2010/11/15 21:06:20 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motccgp_01005.Wdf
    [2010/11/15 09:08:18 | 000,000,282 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3195425923-1285657760-1615779363-1003.job
    [2010/11/15 09:08:17 | 000,000,290 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3195425923-1285657760-1615779363-1003.job
    [2010/11/15 09:07:53 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
    [2010/11/10 16:27:53 | 000,000,759 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Picasa 3.lnk
    [2010/11/10 10:12:37 | 001,402,880 | ---- | C] () -- C:\Program Files\HiJackThis.msi
    [2010/11/10 01:40:07 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
    [2010/11/09 23:51:29 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
    [2010/11/09 23:46:24 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\XPS 600\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
    [2010/11/09 14:21:40 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\XPS 600\Local Settings\Application Data\housecall.guid.cache
    [2010/03/07 23:22:34 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\XPS 600\Local Settings\Application Data\prvlcl.dat
    [2009/11/24 14:05:06 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
    [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
    [2008/09/30 09:38:26 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2008/09/30 09:38:26 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2008/09/06 17:05:17 | 000,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2008/06/03 12:11:33 | 000,000,052 | ---- | C] () -- C:\WINDOWS\pixworks.ini
    [2008/06/03 11:43:14 | 000,000,081 | ---- | C] () -- C:\WINDOWS\importclient.INI
    [2008/06/03 11:34:31 | 000,000,751 | ---- | C] () -- C:\WINDOWS\Bti.ini
    [2008/06/03 11:34:30 | 000,116,640 | ---- | C] () -- C:\WINDOWS\System32\Ptsaci40.dll
    [2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
    [2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
    [2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
    [2007/06/20 18:25:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSREGUSR.INI
    [2007/05/31 09:51:49 | 000,000,211 | ---- | C] () -- C:\WINDOWS\btw.ini
    [2007/05/31 09:50:49 | 000,111,104 | ---- | C] () -- C:\WINDOWS\System32\MVCL13N.DLL
    [2007/05/31 09:40:18 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
    [2007/05/31 09:32:33 | 000,000,057 | ---- | C] () -- C:\WINDOWS\viewer.ini
    [2007/05/31 09:32:31 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\CPUINF32.DLL
    [2007/05/31 09:32:25 | 000,023,076 | ---- | C] () -- C:\WINDOWS\System32\LANDDLL2.DLL
    [2007/05/31 09:32:18 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\gif89.dll
    [2007/05/31 09:32:06 | 000,000,455 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
    [2007/04/09 11:55:14 | 000,097,785 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
    [2007/04/09 11:33:50 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
    [2007/02/03 13:37:23 | 000,002,098 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
    [2007/01/14 22:10:30 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS5p.DLL
    [2007/01/13 18:51:52 | 000,000,179 | ---- | C] () -- C:\WINDOWS\ulead32.ini
    [2007/01/13 14:51:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
    [2006/12/18 22:21:23 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2006/12/18 22:16:56 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2006/12/18 21:41:02 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
    [2006/12/18 21:33:32 | 000,000,559 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2006/12/17 23:42:23 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\XPS 600\Local Settings\Application Data\rx_image.Cache
    [2006/12/17 23:40:03 | 000,008,704 | ---- | C] () -- C:\Documents and Settings\XPS 600\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2006/12/16 23:34:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
    [2006/12/16 22:30:07 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
    [2006/12/16 22:29:32 | 000,043,517 | ---- | C] () -- C:\WINDOWS\System32\e10kxwdm.ini
    [2006/12/16 22:29:32 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
    [2006/12/16 22:29:21 | 000,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
    [2006/12/16 22:29:21 | 000,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
    [2006/12/16 22:27:53 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
    [2006/12/16 10:19:20 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2006/12/08 14:09:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2006/10/22 13:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
    [2006/10/22 13:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
    [2006/10/22 13:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi(3).dll
    [2006/10/22 13:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi(2).dll
    [2006/09/17 00:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
    [2006/09/17 00:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
    [2005/06/16 09:17:16 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
    [2004/01/30 09:37:50 | 000,000,092 | R--- | C] () -- C:\WINDOWS\System32\FTDIUN2K.INI
    [2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
    [2002/03/01 14:43:34 | 000,028,008 | ---- | C] () -- C:\WINDOWS\System32\SUSUSB.SYS
    [2001/09/19 12:41:46 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\opcode.dll

    ========== LOP Check ==========

    [2010/10/22 07:57:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2009/03/14 13:35:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
    [2008/04/27 19:54:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FunGames
    [2008/09/07 14:52:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
    [2010/10/22 07:49:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2007/12/07 20:42:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
    [2007/07/28 16:41:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
    [2008/09/08 15:45:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
    [2007/01/13 17:34:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nova Development
    [2009/03/15 15:18:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
    [2009/03/27 15:35:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
    [2007/04/17 16:25:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
    [2008/09/29 08:34:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
    [2010/12/07 20:05:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2007/01/13 18:51:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
    [2008/09/07 17:06:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
    [2008/11/04 17:39:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
    [2009/09/15 19:15:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2010/11/09 23:46:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{E961CE1B-C3EA-4882-9F67-F859B555D097}
    [2010/04/24 10:48:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\Clip Art Collection
    [2009/01/22 19:10:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2010/08/24 17:13:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\CVS
    [2008/09/24 18:56:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\Eyeblaster
    [2008/09/11 18:41:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\funkitron
    [2009/03/15 16:55:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\GetRightToGo
    [2008/10/04 14:56:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\iWin
    [2006/12/18 11:07:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\Leadertech
    [2010/01/07 13:33:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\LimeWire
    [2008/12/20 17:20:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\LinkedLetters
    [2008/09/08 15:42:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\NCH Swift Sound
    [2008/12/05 17:26:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\Nova Development
    [2009/03/27 15:35:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\PlayFirst
    [2007/09/22 19:54:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\Pogo Games
    [2010/12/04 15:47:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\Registry Mechanic
    [2009/03/15 16:51:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\SystemRequirementsLab
    [2007/01/13 18:51:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\Ulead Systems
    [2010/12/04 14:27:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\Uniblue
    [2009/03/15 16:43:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\Windows Desktop Search
    [2008/09/24 19:27:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\Windows Search
    [2010/12/05 17:55:45 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
    [2010/12/07 19:12:55 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\RMSchedule.job
    [2010/12/07 20:05:04 | 000,000,448 | ---- | M] () -- C:\WINDOWS\Tasks\RMSmartUpdate.job
    [2010/12/08 07:02:57 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{876214DB-76CA-4704-8B18-8DC38E3EA59F}.job

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

    < End of report >
  18. Rotten Rebel

    Rotten Rebel Newcomer, in training Topic Starter Posts: 34

    Here is the screen shot.
    I still have not ran the last scans. Will await further instructions.

    Many many thanks,

    Rotten Rebel

    Attached Files:

  19. Broni

    Broni Malware Annihilator Posts: 45,226   +243

  20. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Actually, uninstalling those three items may help with getting rid of the first error.
  21. Rotten Rebel

    Rotten Rebel Newcomer, in training Topic Starter Posts: 34

    Hi,
    I ran the Norton removal tool and I still have the pop up upon boot. I tried uninstalling the 3 items in device mgr. but i get the error msg. failed to uninstall the device. The device may be require to boot up the computer.
    So where do we go from here?

    Rotten Rebel
  22. Broni

    Broni Malware Annihilator Posts: 45,226   +243

  23. Rotten Rebel

    Rotten Rebel Newcomer, in training Topic Starter Posts: 34

    Hi Broni,
    I haven't been able to check out the last post you sent but I will be able to get to it in the morning and let you know what is going on from there. I have been having problems with internet connections ever since I ran that OTL scan. Will update you in the morning though. Just wanted to let you know I haven't given up on this post yet.
    Thanks, Rotten Rebel
  24. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    You're very welcome [​IMG]
  25. Rotten Rebel

    Rotten Rebel Newcomer, in training Topic Starter Posts: 34

    Hi Broni,
    I tried the ehow uninstall miniport instructions and still they would not uninstall. I change all the "characteristics" from 29 to 1 as stated, rebooted and tried to uninstall and came up with same message that they may be needed. And yes I still have popup on boot.
    Will await further instructions.
    Thanks, Rotten Rebel
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.