Solved Bad image popups C:\windows\system32\smtens.dll is not a valid windows image

Status
Not open for further replies.
R

Rotten Rebel

Posts: 32   +0
Hi,
This is my first time posting and I hope I'm in the right place and someone can help me get rid of the pop ups.
I searched for the error message and came up with nothing that matches the "smtens" part of my error message.

I followed the first 8 steps you have listed and will paste the logs.

Thank you for any help you may be able to provide.

Rotten Rebel

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5248

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/5/2010 5:49:02 PM
mbam-log-2010-12-05 (17-49-02).txt

Scan type: Quick scan
Objects scanned: 153314
Time elapsed: 6 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-05 22:23:19
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\0000007c NVIDIA__ rev.
Running: ou16uugo.exe; Driver: C:\DOCUME~1\XPS600~1\LOCALS~1\Temp\ugryrpog.sys


---- System - GMER 1.0.15 ----

SSDT 8A550100 ZwConnectPort
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xB7EA2112]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xB7E812D6]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xB7E814C8]
SSDT B86EA58C ZwCreateThread
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xB7EA2900]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xB7EA2BB4]
SSDT B86EA5AA ZwLoadKey
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xB7EA0E12]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xA9F5B6C0]
SSDT B86EA57D ZwOpenThread
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xB7EA3020]
SSDT B86EA5B4 ZwReplaceKey
SSDT B86EA5AF ZwRestoreKey
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xB7EA23D2]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xA9F5B770]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xA9F5B810]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xA9F5B8B0]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2CA0 8050453C 8 Bytes CALL 68650DF8
.text ntkrnlpa.exe!ZwCallbackReturn + 2EE4 80504780 8 Bytes JMP 6EA5B4B7
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB685D380, 0x550AF5, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Spyware Doctor\pctsSvc.exe[2892] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 0044BC05 C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools)
.text C:\Program Files\Spyware Doctor\pctsTray.exe[3588] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 0044B8D9 C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools Tray Application/PC Tools)

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp Lbd.sys (Boot Driver/Lavasoft AB)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio)

---- EOF - GMER 1.0.15 ----




DDS (Ver_10-12-05.01) - NTFSx86
Run by XPS 600 at 22:30:45.20 on Sun 12/05/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2045.1097 [GMT -5:00]

AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: AVG Anti-Virus Free Edition 2011 *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Norton AntiVirus *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Windows SteadyState\SCTSvc.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Windows SteadyState\Bubble.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Documents and Settings\XPS 600\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgchsvx.exe
C:\Program Files\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\XPS 600\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://my.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://us.mcafee.com/root/campaign.asp?cid=15734
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
uRun: [RemoteCenter] c:\program files\creative\mediasource\remotecontrol\RCMan.EXE
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\xps 600\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [CTHelper] CTHELPER.EXE
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe
mRun: [Bubble] c:\program files\windows steadystate\Bubble.exe
mRun: [Logoff] c:\program files\windows steadystate\SCTUINotify.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
dRunOnce: [RealUpgradeHelper] "c:\program files\common files\real\update_ob\upgrdhlp.exe" "RealNetworks|RealPlayer|12.0"
StartupFolder: c:\docume~1\xps600~1\startm~1\programs\startup\eventr~1.lnk - c:\pmw\PMREMIND.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\eventr~1.lnk - c:\program files\broderbund\printmaster\PMremind.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\scanne~1.lnk - c:\program files\scansuite\SDetect.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
mPolicies-system: HideFastUserSwitching = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: aol.com\free
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {38A5F6F0-0B64-421B-A553-3D49A76ECDCD} - hxxp://cdn.ll.neoedge.com/webgames/MythicMarbles/MythicMarbles.1.0.0.2.cab
DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-24-0.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cab
DPF: {555F1BBC-6EC2-474F-84AF-633EF097FF54} - hxxp://www.worldwinner.com/games/v52/wwhearts/wwhearts.cab
DPF: {56393399-041A-4650-94C7-13DFCB1F4665} - hxxp://www.ca.com/us/securityadvisor/pestscan/pestscan.cab
DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
DPF: {61900274-3323-4446-BDCD-91548D32AF1B} - hxxp://www.worldwinner.com/games/v56/spidersolitaire/spidersolitaire.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1169378728031
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - hxxp://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://zone.msn.com/bingame/amun/default/mjolauncher.cab
DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} - hxxp://zone.msn.com/bingame/zpagames/zpa_dmno.cab55579.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8C63DABA-CBA8-4B5D-A0F7-AE00F2920929} - hxxp://cdn2.zone.msn.com/Bingame/BRDG/dataFiles/heartbeat.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} - hxxp://zone.msn.com/bingame/zpagames/zpa_hrtz.cab58570.cab
DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} - hxxp://www.worldwinner.com/games/v46/sol/sol.cab
DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} - hxxp://www.worldwinner.com/games/v49/luxor/luxor.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} - hxxp://www.worldwinner.com/games/v42/tilecity/tilecity.cab
DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} - hxxp://www.worldwinner.com/games/v45/royal/royal.cab
DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} - hxxp://diy.view22.com/view22/diyapp/View22RTE.cab
DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://support.f-secure.com/ols/fscax.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} - hxxp://www.worldwinner.com/games/v47/familyfeud/familyfeud.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} - hxxp://zone.msn.com/bingame/gold/UnSkin/gf.cab
DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab55579.cab
DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} - hxxp://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5257/mcfscan.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
AppInit_DLLs: smtens.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\mlJAsTjk

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\xps600~1\applic~1\mozilla\firefox\profiles\thy8db67.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://ws.infospace.com/gamers_tbar/ws/redir?_iceUrl=true&user_id=38549313&tool_id=60531&qkw=
FF - component: c:\documents and settings\xps 600\application data\mozilla\firefox\profiles\thy8db67.default\extensions\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\components\Engine.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\xps 600\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Extension: Gamers Unite! Snag Bar: {afe43e80-0abc-4df2-81a0-3fe44b74abe8} - c:\docume~1\xps600~1\applic~1\mozilla\firefox\profiles\thy8db67.default\extensions\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [2008-6-24 9344]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-11-9 64288]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-11-28 218592]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-12-5 11608]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 249424]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 299984]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-12-5 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-12-5 267944]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-11-10 6127184]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-12-5 60936]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2010-12-4 632792]
R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\pfmodnt.sys [2006-12-16 16168]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-11-28 366840]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-11-28 1142224]
R2 Windows SteadyState;Windows SteadyState Service;c:\program files\windows steadystate\SCTSvc.exe [2008-5-30 115728]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-9-23 1375992]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-28 136176]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2010-10-22 517448]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\common files\symantec shared\eengine\eraserutilrebootdrv.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-21 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-21 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-6-18 23680]
S3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2008-8-14 1245064]
S4 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\bsudf.sys [2008-6-24 448640]

=============== File Associations ===============

regfile=regedit.exe "%1" %*
scrfile="%1" %*

=============== Created Last 30 ================

2010-12-05 21:35:45 -------- d-----w- c:\docume~1\xps600~1\applic~1\Avira
2010-12-05 21:32:33 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-12-05 21:32:31 -------- d-----w- c:\program files\Avira
2010-12-05 21:32:31 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira
2010-12-05 03:32:15 -------- d-----w- c:\program files\ESET
2010-12-04 21:26:03 -------- d-----w- c:\docume~1\xps600~1\applic~1\ErrorTeck
2010-12-04 21:13:43 -------- d-----w- c:\docume~1\xps600~1\applic~1\PCFix
2010-12-04 21:08:14 -------- d-----w- c:\docume~1\alluse~1\applic~1\STOPzilla!
2010-12-04 20:05:05 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2010-12-04 20:05:05 37336 ----a-w- c:\windows\system32\CleanMFT32.exe
2010-12-04 20:05:05 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2010-12-04 20:05:05 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2010-12-04 19:49:50 -------- d-----w- c:\docume~1\alluse~1\applic~1\RegSERVO
2010-12-04 19:26:41 -------- d-----w- c:\docume~1\xps600~1\locals~1\applic~1\PackageAware
2010-12-04 19:08:57 -------- d-----w- c:\docume~1\xps600~1\applic~1\FixCleaner
2010-12-04 19:08:39 -------- d-----w- c:\program files\FixCleaner
2010-12-04 16:54:44 20 ----a-w- c:\windows\system32\SMTENS.DLL
2010-11-28 12:07:26 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-11-28 12:07:16 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-11-28 12:07:16 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-11-28 12:07:11 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-11-28 12:06:49 -------- d-----w- c:\program files\Spyware Doctor
2010-11-28 12:06:49 -------- d-----w- c:\program files\common files\PC Tools
2010-11-28 12:06:49 -------- d-----w- c:\docume~1\xps600~1\applic~1\PC Tools
2010-11-28 12:06:49 -------- d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2010-11-23 16:48:19 -------- d-----w- c:\program files\Cell Phone Manager
2010-11-23 01:04:54 -------- d-----w- C:\WINNT
2010-11-22 23:28:18 -------- d-----w- c:\program files\BitPim
2010-11-15 14:07:57 11776 ----a-w- c:\program files\mozilla firefox\plugins\nprjplug.dll
2010-11-15 14:07:48 -------- d-----w- c:\program files\common files\xing shared
2010-11-15 14:07:40 151776 ----a-w- c:\program files\mozilla firefox\plugins\nppl3260.dll
2010-11-15 14:07:32 100352 ----a-w- c:\program files\mozilla firefox\plugins\nprpjplug.dll
2010-11-10 15:13:03 388096 ----a-r- c:\docume~1\xps600~1\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2010-11-10 15:12:37 1402880 ----a-w- c:\program files\HiJackThis.msi
2010-11-10 14:13:51 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-10 14:13:50 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-10 06:40:07 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-11-10 04:50:07 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-11-10 04:50:05 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-11-10 04:47:22 -------- d-----w- c:\docume~1\xps600~1\locals~1\applic~1\Sunbelt Software
2010-11-10 04:46:27 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{E961CE1B-C3EA-4882-9F67-F859B555D097}
2010-11-10 04:46:08 -------- d-----w- c:\program files\Lavasoft
2010-11-06 16:37:34 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2010-11-06 16:37:34 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

==================== Find3M ====================

2010-10-14 23:44:02 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2010-09-28 15:32:45 2098 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-09-18 16:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 08:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 06:29:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl

============= FINISH: 22:34:02.21 ===============
 
DDS (Ver_10-12-05.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/9/2007 12:00:19 AM
System Uptime: 12/5/2010 5:37:27 PM (5 hours ago)

Motherboard: Dell Inc. | | 0XH241
Processor: Intel(R) Pentium(R) D CPU 3.46GHz | Microprocessor | 3990/1066mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 466 GiB total, 427.448 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
G: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1359: 9/6/2010 11:49:56 PM - System Checkpoint
RP1360: 9/10/2010 4:55:47 PM - System Checkpoint
RP1361: 9/11/2010 4:26:26 PM - Avg Update
RP1362: 9/13/2010 8:31:44 AM - System Checkpoint
RP1363: 9/14/2010 3:59:29 PM - Software Distribution Service 3.0
RP1364: 9/15/2010 9:28:28 AM - Software Distribution Service 3.0
RP1365: 9/17/2010 12:30:08 PM - System Checkpoint
RP1366: 9/18/2010 1:59:30 PM - System Checkpoint
RP1367: 9/19/2010 3:27:29 PM - System Checkpoint
RP1368: 9/20/2010 5:25:09 PM - System Checkpoint
RP1369: 9/21/2010 9:08:05 PM - System Checkpoint
RP1370: 9/22/2010 10:24:23 PM - System Checkpoint
RP1371: 9/23/2010 7:54:43 AM - Avg Update
RP1372: 9/23/2010 7:56:45 AM - Avg Update
RP1373: 9/24/2010 8:17:03 AM - System Checkpoint
RP1374: 9/25/2010 8:16:26 AM - Installed Java(TM) 6 Update 21
RP1375: 9/26/2010 1:19:38 PM - System Checkpoint
RP1376: 9/27/2010 2:13:10 PM - System Checkpoint
RP1377: 9/28/2010 9:28:15 PM - System Checkpoint
RP1378: 9/29/2010 9:50:52 PM - System Checkpoint
RP1379: 9/30/2010 7:55:04 AM - Software Distribution Service 3.0
RP1380: 10/1/2010 10:18:50 AM - System Checkpoint
RP1381: 10/2/2010 12:57:42 PM - System Checkpoint
RP1382: 10/3/2010 10:10:54 PM - System Checkpoint
RP1383: 10/4/2010 10:13:47 PM - System Checkpoint
RP1384: 10/5/2010 8:03:40 AM - Avg Update
RP1385: 10/6/2010 8:43:22 AM - Software Distribution Service 3.0
RP1386: 10/7/2010 8:46:25 AM - System Checkpoint
RP1387: 10/8/2010 9:23:44 AM - System Checkpoint
RP1388: 10/9/2010 10:25:34 AM - System Checkpoint
RP1389: 10/10/2010 2:01:03 PM - System Checkpoint
RP1390: 10/11/2010 8:10:31 PM - System Checkpoint
RP1391: 10/13/2010 8:35:41 AM - System Checkpoint
RP1392: 10/14/2010 7:54:04 AM - Software Distribution Service 3.0
RP1393: 10/15/2010 12:07:56 PM - System Checkpoint
RP1394: 10/16/2010 12:29:03 PM - System Checkpoint
RP1395: 10/17/2010 9:28:10 PM - System Checkpoint
RP1396: 10/18/2010 10:28:49 PM - System Checkpoint
RP1397: 10/20/2010 12:06:47 AM - System Checkpoint
RP1398: 10/21/2010 11:29:21 AM - System Checkpoint
RP1399: 10/22/2010 8:51:39 AM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
RP1400: 10/22/2010 8:51:47 AM - Installed AVG 2011
RP1401: 10/22/2010 8:52:17 AM - Removed AVG Free 9.0
RP1402: 10/22/2010 8:55:44 AM - Installed AVG 2011
RP1403: 10/22/2010 9:16:44 AM - Installed Java(TM) 6 Update 22
RP1404: 10/23/2010 11:10:25 AM - System Checkpoint
RP1405: 10/24/2010 1:30:17 PM - System Checkpoint
RP1406: 10/25/2010 1:42:23 PM - System Checkpoint
RP1407: 10/26/2010 3:57:31 PM - System Checkpoint
RP1408: 10/27/2010 6:23:33 PM - System Checkpoint
RP1409: 10/28/2010 7:13:39 PM - System Checkpoint
RP1410: 10/29/2010 8:51:42 PM - System Checkpoint
RP1411: 10/31/2010 11:30:17 AM - System Checkpoint
RP1412: 11/1/2010 11:36:33 AM - System Checkpoint
RP1413: 11/2/2010 12:52:10 PM - System Checkpoint
RP1414: 11/3/2010 10:13:46 PM - System Checkpoint
RP1415: 11/4/2010 10:41:30 PM - System Checkpoint
RP1416: 11/6/2010 5:47:08 AM - System Checkpoint
RP1417: 11/7/2010 2:14:07 PM - System Checkpoint
RP1418: 11/8/2010 8:41:57 PM - System Checkpoint
RP1419: 11/9/2010 11:29:10 AM - Installed HiJackThis
RP1420: 11/10/2010 9:11:20 AM - Removed HiJackThis
RP1421: 11/10/2010 9:38:55 AM - Software Distribution Service 3.0
RP1422: 11/10/2010 10:13:02 AM - Installed HiJackThis
RP1423: 11/10/2010 4:27:21 PM - Installed Windows XP -- Software Updates KB952011.
RP1424: 11/11/2010 5:26:19 PM - System Checkpoint
RP1425: 11/12/2010 5:37:42 PM - System Checkpoint
RP1426: 11/13/2010 9:02:34 PM - System Checkpoint
RP1427: 11/14/2010 9:05:23 PM - System Checkpoint
RP1428: 11/15/2010 9:22:03 PM - System Checkpoint
RP1429: 11/16/2010 10:02:22 PM - System Checkpoint
RP1430: 11/17/2010 10:02:39 PM - System Checkpoint
RP1431: 11/18/2010 10:05:00 PM - System Checkpoint
RP1432: 11/19/2010 11:26:50 PM - System Checkpoint
RP1433: 11/21/2010 6:08:53 AM - System Checkpoint
RP1434: 11/22/2010 9:53:02 AM - System Checkpoint
RP1435: 11/22/2010 7:58:51 PM - Installed DataPilot Trial
RP1436: 11/23/2010 9:05:38 PM - System Checkpoint
RP1437: 11/24/2010 9:27:18 PM - System Checkpoint
RP1438: 11/25/2010 10:16:52 PM - System Checkpoint
RP1439: 11/26/2010 10:17:59 PM - System Checkpoint
RP1440: 11/27/2010 10:46:06 PM - System Checkpoint
RP1441: 11/28/2010 8:34:28 AM - Removed Google Apps
RP1442: 11/28/2010 6:07:51 PM - Spyware Doctor: Cleaning Threats
RP1443: 11/29/2010 6:05:21 PM - Spyware Doctor: Cleaning Threats
RP1444: 11/30/2010 7:52:19 PM - System Checkpoint
RP1445: 11/30/2010 8:25:23 PM - Spyware Doctor: Cleaning Threats
RP1446: 12/1/2010 6:49:46 PM - Spyware Doctor: Cleaning Threats
RP1447: 12/2/2010 9:41:58 PM - Spyware Doctor: Cleaning Threats
RP1448: 12/2/2010 11:27:08 PM - Spyware Doctor: Cleaning Threats
RP1449: 12/3/2010 8:01:52 PM - Spyware Doctor: Cleaning Threats
RP1450: 12/4/2010 2:08:39 PM - Installed FixCleaner
RP1451: 12/4/2010 2:35:51 PM - Removed FixCleaner
RP1452: 12/4/2010 2:39:06 PM - Spyware Doctor: Cleaning Threats
RP1453: 12/4/2010 2:39:39 PM - Installed FixCleaner
RP1454: 12/4/2010 3:22:41 PM - Made by Registry Mechanic O
RP1455: 12/4/2010 3:38:35 PM - Removed FixCleaner
RP1456: 12/4/2010 3:45:41 PM - Made by Registry Mechanic O
RP1457: 12/4/2010 4:08:06 PM - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
RP1458: 12/4/2010 4:16:41 PM - Configured DataPilot Trial
RP1459: 12/4/2010 4:30:02 PM - ErrorTeck Restore point
RP1460: 12/4/2010 7:08:58 PM - Made by Registry Mechanic O
RP1461: 12/4/2010 8:01:35 PM - Spyware Doctor: Cleaning Threats
RP1462: 12/5/2010 12:33:00 PM - Spyware Doctor: Cleaning Threats
RP1463: 12/5/2010 4:16:41 PM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
RP1464: 12/5/2010 4:32:31 PM - Avira AntiVir Personal - 12/5/2010 16:30

==== Installed Programs ======================

Acrobat.com
Ad-Aware
Adobe Acrobat 6.0 Standard
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop CS
Adobe Reader 9.4.1
Adobe Shockwave Player 11.5
Aloha Solitaire
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ares 2.0.9
Art Explosion T-Shirt Factory Deluxe
AVG 2011
Avira AntiVir Personal - Free Antivirus
BitPim 1.0.7
Bonjour
Bounce Out Blitz
Camera Window DS
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DSLR 5 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon i9900
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon PowerShot A40 WIA Driver
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities Easy-PhotoPrint
Canon Utilities Easy-PhotoPrint Plus
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch 3.1
Canon Utilities RemoteCapture DC
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCleaner
Corel Paint Shop Pro Photo XI
Corel Snapfire Plus
Coupon Printer for Windows
Creative MediaSource
Creative System Information
DrawPlus 3.0
Driver Detective
Easy-WebPrint
ESET Online Scanner v3
Express Rip
GameHouse Sudoku
Golden Records
Google Chrome
Google Earth
Google Photos Screensaver
Google Update Helper
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
HyperLoad - Mah Jongg
InCD (Ahead Software)
Indeo® software
iTunes
Java Auto Updater
Java(TM) 6 Update 2
Java(TM) 6 Update 22
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
LimeWire 5.4.6
Little Shop of Treasures
LiveUpdate (Symantec Corporation)
Mah Jong Medley
Mahjong Fortuna 2
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Web Publishing Wizard 1.52
Microtek ScanSuite 1.2
Microtek ScanWizard
Mozilla Firefox (3.6.12)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero - Burning Rom
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA nView Desktop Manager
OGA Notifier 2.0.0048.0
Photo Explosion Deluxe
PhotoStitch
Picasa 3
Pixillion Image Converter
PowerDVD
PrintMaster
PrintMaster Gold 4.00
Prism Video Converter
QuickTime
RadarSync
RealArcade
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Registry Mechanic 10.0
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator Premier
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio EasyArchive
Roxio Express Labeler
Roxio Update Manager
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB923789)
Shape Shifter
Sierra Garden Encyclopedia
Sierra Photo Garden Designer
Slingo Supreme
Sound Blaster Audigy 2 ZS
SoundTap Streaming Audio Recorder
Splash
Spring Sprang Sprung
Spyware Doctor 7.0
Super Collapse! 3
Super Gem Drop
Switch Sound File Converter
SymNet
System Requirements Lab
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
URGE
USB-IrDA Adapter
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VueScan
WebFldrs XP
Windows Defender
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Player 11
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows SteadyState
Windows XP Service Pack 3
XML Paper Specification Shared Components Pack 1.0
Xvid 1.1.3 final uninstall
Yahoo! Music Jukebox
Yahoo! Software Update
Zuma Deluxe

==== Event Viewer Messages From Past Week ========

12/5/2010 5:35:11 PM, error: Service Control Manager [7034] - The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s).
12/5/2010 5:35:11 PM, error: Service Control Manager [7034] - The PC Tools Startup and Shutdown Monitor service service terminated unexpectedly. It has done this 1 time(s).
12/5/2010 5:35:11 PM, error: Service Control Manager [7034] - The PC Tools Auxiliary Service service terminated unexpectedly. It has done this 1 time(s).
12/5/2010 5:35:11 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
12/5/2010 5:35:11 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
12/5/2010 5:35:11 PM, error: Service Control Manager [7034] - The Canon Camera Access Library 8 service terminated unexpectedly. It has done this 1 time(s).
12/5/2010 5:35:11 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
12/5/2010 5:35:11 PM, error: Service Control Manager [7034] - The Automatic LiveUpdate Scheduler service terminated unexpectedly. It has done this 1 time(s).
12/5/2010 5:35:11 PM, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
12/5/2010 5:35:11 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/5/2010 5:35:00 PM, error: Service Control Manager [7034] - The Windows SteadyState Service service terminated unexpectedly. It has done this 1 time(s).
12/5/2010 4:16:25 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the szserver service.
12/4/2010 6:23:13 AM, error: System Error [1003] - Error code 1000000a, parameter1 01600104, parameter2 00000002, parameter3 00000001, parameter4 806e6a2a.
12/4/2010 4:07:35 PM, error: Service Control Manager [7034] - The WMDM PMSP Service service terminated unexpectedly. It has done this 1 time(s).
12/4/2010 4:07:35 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
12/4/2010 4:07:35 PM, error: Service Control Manager [7034] - The Creative Service for CDROM Access service terminated unexpectedly. It has done this 1 time(s).
12/4/2010 3:29:12 PM, error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
12/4/2010 3:28:35 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Windows SteadyState service.
11/30/2010 7:07:17 AM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

======================================================================

You're running two AV programs, Avira and AVG.
One of them has to go.
If AVG (preferably; it has to be uninstalled anyway to run one of the tools, which will follow), use this tool to uninstall it: http://www.avg.com/us-en/download-tools

When done....

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

======================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AVG Remover to uninstall it: http://www.avg.com/us-en/download-tools
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.pif
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Hi Broni,

Thank you for the welcome and also your quick response to my rescue.

I removed the AVG as recommended and disabled the other AV running and downloaded the MBRCheck and Combofix. I ran both scans and here are the results.

I'm certain there are more things you want done after reviewing these logs, so I will await your reply.

Thanks again,

Rotten Rebel



MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000007d

Kernel Drivers (total 164):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xB85A8000 \WINDOWS\system32\KDCOM.DLL
0xB84B8000 \WINDOWS\system32\BOOTVID.dll
0xB7F87000 fltmgr.sys
0xB7F59000 ACPI.sys
0xB85AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB7F48000 pci.sys
0xB80A8000 isapnp.sys
0xB80B8000 ohci1394.sys
0xB80C8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xB8670000 pciide.sys
0xB8328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xB80D8000 MountMgr.sys
0xB7F29000 ftdisk.sys
0xB85AC000 dmload.sys
0xB7F03000 dmio.sys
0xB7EF0000 nvraid.sys
0xB80E8000 \WINDOWS\system32\drivers\CLASSPNP.SYS
0xB8330000 PartMgr.sys
0xB80F8000 VolSnap.sys
0xB7ED8000 atapi.sys
0xB7EC1000 nvatabus.sys
0xB8108000 disk.sys
0xB7EAF000 sr.sys
0xB7E76000 PCTCore.sys
0xB8118000 Lbd.sys
0xB7E5F000 DRVMCDB.SYS
0xB84BC000 bsstor.sys
0xB8128000 PxHelp20.sys
0xB7E48000 KSecDD.sys
0xB7E35000 WudfPf.sys
0xB7DA8000 Ntfs.sys
0xB7D7B000 NDIS.sys
0xB7D61000 Mup.sys
0xB8148000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xB82D8000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB61B7000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB6084000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB8408000 \SystemRoot\system32\DRIVERS\fdc.sys
0xB8218000 \SystemRoot\system32\DRIVERS\serial.sys
0xB7D35000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB8410000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xB5FE8000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xB8418000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB7518000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB85C8000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0xB8258000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB8268000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB5FC5000 \SystemRoot\system32\DRIVERS\ks.sys
0xB84B0000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xB5F47000 \SystemRoot\system32\drivers\ctaud2k.sys
0xB5F23000 \SystemRoot\system32\drivers\portcls.sys
0xB8278000 \SystemRoot\system32\drivers\drmk.sys
0xB5EEF000 \SystemRoot\system32\drivers\ctoss2k.sys
0xB8480000 \SystemRoot\system32\drivers\ctprxy2k.sys
0xB7A54000 \SystemRoot\system32\DRIVERS\gameenum.sys
0xB82C8000 \SystemRoot\system32\DRIVERS\nvnetbus.sys
0xB5E05000 \SystemRoot\system32\DRIVERS\NVNRM.SYS
0xB82E8000 \SystemRoot\system32\drivers\nchssvad.sys
0xB87B5000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB82F8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB7A50000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB5DEE000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB8308000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB8318000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB8488000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB5DDD000 \SystemRoot\system32\DRIVERS\psched.sys
0xB8158000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xB8490000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xB8498000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB5DAD000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xB8168000 \SystemRoot\system32\DRIVERS\termdd.sys
0xB84A0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB84A8000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xB8350000 \SystemRoot\system32\DRIVERS\SymIM.sys
0xB860A000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB5D4F000 \SystemRoot\system32\DRIVERS\update.sys
0xB8584000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB8198000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB81A8000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xB8612000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB81B8000 \SystemRoot\system32\DRIVERS\NVENETFD.sys
0xB1A85000 \SystemRoot\system32\drivers\hap16v2k.sys
0xB197B000 \SystemRoot\system32\drivers\ha10kx2k.sys
0xB194C000 \SystemRoot\system32\drivers\emupia2k.sys
0xB1923000 \SystemRoot\system32\drivers\ctsfm2k.sys
0xB1887000 \SystemRoot\system32\drivers\ctac32k.sys
0xB1705000 \SystemRoot\system32\COMMONFX.DLL
0xB167A000 \SystemRoot\system32\CTAUDFX.DLL
0xB15EC000 \SystemRoot\system32\CTSBLFX.DLL
0xB8388000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xB7D1D000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB74D8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB8390000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xB83A0000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xB83A8000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB7CD8000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB83B0000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xB7CCC000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xB83B8000 \SystemRoot\system32\DRIVERS\NuidFltr.sys
0xB7488000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xB1571000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
0xB8620000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB86D1000 \SystemRoot\System32\Drivers\Null.SYS
0xB8622000 \SystemRoot\System32\Drivers\Beep.SYS
0xB83C8000 \SystemRoot\System32\Drivers\DLARTL_M.SYS
0xB83D0000 \SystemRoot\System32\drivers\vga.sys
0xB8624000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xB8626000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB83D8000 \SystemRoot\System32\Drivers\Msfs.SYS
0xB83E0000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB7CB4000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB153E000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB14E5000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB1495000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB146F000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB8238000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB1442000 \SystemRoot\System32\Drivers\SYMTDI.SYS
0xB141D000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
0xB8248000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xB3C4B000 \SystemRoot\System32\Drivers\SYMREDRV.SYS
0xB8628000 \SystemRoot\System32\Drivers\SYMDNS.SYS
0xB83E8000 \SystemRoot\System32\Drivers\SYMNDIS.SYS
0xB1317000 \SystemRoot\System32\Drivers\SYMFW.SYS
0xB83F0000 \SystemRoot\System32\Drivers\SYMIDS.SYS
0xB12F5000 \SystemRoot\System32\drivers\afd.sys
0xB8288000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB8400000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xB12CA000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB125A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB8298000 \SystemRoot\System32\Drivers\Fips.SYS
0xB1237000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xB8634000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0xB17D8000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB11FC000 \SystemRoot\System32\Drivers\dump_nvraid.sys
0xB17C8000 \SystemRoot\System32\Drivers\dump_CLASSPNP.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB7D19000 \SystemRoot\System32\drivers\Dxapi.sys
0xB133D000 \SystemRoot\System32\watchdog.sys
0xBD000000 \SystemRoot\System32\drivers\dxg.sys
0xB8768000 \SystemRoot\System32\drivers\dxgthk.sys
0xBD012000 \SystemRoot\System32\nv4_disp.dll
0xB0E0D000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xB1848000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0xB87EC000 \SystemRoot\System32\DLA\DLADResM.SYS
0xB0DCD000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0xB8470000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0xB860C000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB1355000 \SystemRoot\System32\DLA\DLABMFSM.SYS
0xB1335000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0xB0CEF000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0xB0CD8000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0xB0D19000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB09B3000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB08D6000 \SystemRoot\system32\drivers\wdmaud.sys
0xB0C50000 \SystemRoot\system32\drivers\sysaudio.sys
0xB059F000 \SystemRoot\System32\Drivers\HTTP.sys
0xB0738000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0xB0457000 \SystemRoot\system32\DRIVERS\srv.sys
0xB0440000 \??\C:\WINDOWS\system32\drivers\PfModNT.sys
0xB0CB8000 \??\C:\Program Files\Spyware Doctor\PCTSDInj32.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 53):
0 System Idle Process
4 System
932 C:\WINDOWS\system32\smss.exe
988 csrss.exe
1012 C:\WINDOWS\system32\winlogon.exe
1064 C:\WINDOWS\system32\services.exe
1076 C:\WINDOWS\system32\lsass.exe
1304 C:\WINDOWS\system32\nvsvc32.exe
1356 C:\WINDOWS\system32\svchost.exe
1428 svchost.exe
1612 C:\WINDOWS\system32\svchost.exe
1636 C:\Program Files\Windows SteadyState\SCTSvc.exe
1700 C:\WINDOWS\system32\svchost.exe
1828 svchost.exe
1980 svchost.exe
268 C:\WINDOWS\system32\spoolsv.exe
316 C:\Program Files\Avira\AntiVir Desktop\sched.exe
460 svchost.exe
740 C:\WINDOWS\explorer.exe
1348 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1508 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
1548 C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
1580 C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
1860 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
1904 C:\Program Files\Bonjour\mDNSResponder.exe
1944 C:\WINDOWS\system32\CTSVCCDA.EXE
580 C:\Program Files\Java\jre6\bin\jqs.exe
296 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
888 C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
1372 C:\Program Files\Spyware Doctor\pctsAuxs.exe
1856 C:\Program Files\Spyware Doctor\pctsSvc.exe
2216 C:\Program Files\Spyware Doctor\pctsTray.exe
2228 C:\WINDOWS\system32\svchost.exe
2368 C:\WINDOWS\system32\MsPMSPSv.exe
2416 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
3148 C:\Program Files\Canon\CAL\CALMAIN.exe
4068 alg.exe
3140 C:\WINDOWS\system32\CtHelper.exe
3424 C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
3444 C:\Program Files\Windows SteadyState\Bubble.exe
3484 C:\Program Files\iTunes\iTunesHelper.exe
3192 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3528 C:\WINDOWS\system32\wbem\unsecapp.exe
3604 wmiprvse.exe
1148 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
1584 C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
188 C:\WINDOWS\system32\ctfmon.exe
1576 C:\Documents and Settings\XPS 600\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
1592 C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
2900 C:\WINDOWS\system32\ntvdm.exe
2648 C:\Program Files\iPod\bin\iPodService.exe
2724 C:\Program Files\Mozilla Firefox\firefox.exe
2040 C:\Documents and Settings\XPS 600\My Documents\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: NVIDIASTRIPE 465.77G, Rev:

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 RE: Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!



ComboFix 10-12-04.06 - XPS 600 12/06/2010 10:57:06.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2045.1574 [GMT -5:00]
Running from: c:\documents and settings\XPS 600\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: Norton AntiVirus *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\core.cache(2).dsk
c:\windows\system32\drivers\core.cache(3).dsk
c:\windows\system32\eventmgr.exe
c:\windows\system32\SMTENS.DLL

.
((((((((((((((((((((((((( Files Created from 2010-11-06 to 2010-12-06 )))))))))))))))))))))))))))))))
.

2010-12-05 21:35 . 2010-12-05 21:35 -------- d-----w- c:\documents and settings\XPS 600\Application Data\Avira
2010-12-05 21:32 . 2010-08-02 21:10 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-12-05 21:32 . 2010-08-02 21:10 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-12-05 21:32 . 2010-06-17 20:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-12-05 21:32 . 2010-06-17 20:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-12-05 21:32 . 2010-12-05 21:32 -------- d-----w- c:\program files\Avira
2010-12-05 21:32 . 2010-12-05 21:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-12-05 03:32 . 2010-12-05 03:32 -------- d-----w- c:\program files\ESET
2010-12-04 21:26 . 2010-12-04 21:30 -------- d-----w- c:\documents and settings\XPS 600\Application Data\ErrorTeck
2010-12-04 21:13 . 2010-12-04 21:14 -------- d-----w- c:\documents and settings\XPS 600\Application Data\PCFix
2010-12-04 21:08 . 2010-12-05 21:16 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2010-12-04 20:05 . 2010-09-16 17:26 37336 ----a-w- c:\windows\system32\CleanMFT32.exe
2010-12-04 20:05 . 2008-04-02 21:54 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2010-12-04 20:05 . 2008-04-02 21:53 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2010-12-04 20:05 . 2008-04-02 21:53 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2010-12-04 19:49 . 2010-12-04 19:50 -------- d-----w- c:\documents and settings\All Users\Application Data\RegSERVO
2010-12-04 19:26 . 2010-12-04 19:26 -------- d-----w- c:\documents and settings\XPS 600\Local Settings\Application Data\PackageAware
2010-12-04 19:08 . 2010-12-04 19:37 -------- d-----w- c:\documents and settings\XPS 600\Application Data\FixCleaner
2010-12-04 19:08 . 2010-12-04 20:38 -------- d-----w- c:\program files\FixCleaner
2010-12-03 04:26 . 2010-12-03 04:26 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\AVG Security Toolbar
2010-11-28 12:10 . 2010-11-28 12:10 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-11-28 12:07 . 2010-02-05 14:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-11-28 12:07 . 2010-03-29 15:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-11-28 12:07 . 2009-11-23 18:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-11-28 12:07 . 2010-04-08 19:29 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-11-28 12:06 . 2010-12-06 15:43 -------- d-----w- c:\program files\Spyware Doctor
2010-11-28 12:06 . 2010-12-04 20:05 -------- d-----w- c:\program files\Common Files\PC Tools
2010-11-28 12:06 . 2010-11-28 12:06 -------- d-----w- c:\documents and settings\XPS 600\Application Data\PC Tools
2010-11-28 12:06 . 2010-11-28 12:06 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-11-23 16:48 . 2010-12-05 21:15 -------- d-----w- c:\program files\Cell Phone Manager
2010-11-23 01:04 . 2010-11-23 01:04 -------- d-----w- C:\WINNT
2010-11-22 23:28 . 2010-11-22 23:28 -------- d-----w- c:\program files\BitPim
2010-11-15 14:07 . 2010-11-15 14:07 11776 ----a-w- c:\program files\Mozilla Firefox\plugins\nprjplug.dll
2010-11-15 14:07 . 2010-11-15 14:07 -------- d-----w- c:\program files\Common Files\xing shared
2010-11-15 14:07 . 2010-11-15 14:07 151776 ----a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll
2010-11-15 14:07 . 2010-11-15 14:07 100352 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpjplug.dll
2010-11-10 15:13 . 2010-11-10 15:13 388096 ----a-r- c:\documents and settings\XPS 600\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-11-10 15:12 . 2010-11-10 15:12 1402880 ----a-w- c:\program files\HiJackThis.msi
2010-11-10 14:13 . 2010-11-29 22:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-10 14:13 . 2010-11-29 22:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-10 06:40 . 2010-09-23 07:46 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-11-10 04:50 . 2010-09-23 07:46 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-11-10 04:50 . 2010-11-10 04:50 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-11-10 04:47 . 2010-11-10 04:47 -------- d-----w- c:\documents and settings\XPS 600\Local Settings\Application Data\Sunbelt Software
2010-11-10 04:46 . 2010-11-10 04:46 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{E961CE1B-C3EA-4882-9F67-F859B555D097}
2010-11-10 04:46 . 2010-11-10 04:46 -------- d-----w- c:\program files\Lavasoft
2010-11-06 16:37 . 2010-11-06 16:37 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2010-11-06 16:37 . 2010-11-06 16:37 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-14 23:44 . 2010-10-14 23:44 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2010-09-18 16:23 . 2004-08-12 13:21 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-12 13:21 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-12 13:21 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-12 13:21 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 08:50 . 2010-04-15 14:26 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 06:29 . 2007-04-21 20:40 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-10 05:58 . 2004-08-12 13:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2004-08-12 13:21 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2004-08-12 13:20 1469440 ------w- c:\windows\system32\inetcpl.cpl
2004-06-08 20:51 . 2004-06-08 20:51 278528 ----a-w- c:\program files\internet explorer\plugins\PanoViewer.dll
2004-06-08 20:51 . 2004-06-08 20:51 143360 ----a-w- c:\program files\internet explorer\plugins\UPjpeg.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteCenter"="c:\program files\Creative\MediaSource\RemoteControl\RCMan.EXE" [2003-10-08 139264]
"Google Update"="c:\documents and settings\XPS 600\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-01-22 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [2007-04-09 19456]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Bubble"="c:\program files\Windows SteadyState\Bubble.exe" [2008-05-30 182288]
"Logoff"="c:\program files\Windows SteadyState\SCTUINotify.exe" [2008-05-30 163856]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-12 13666408]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]

c:\documents and settings\XPS 600\Start Menu\Programs\Startup\
Event Reminder.lnk - c:\pmw\PMREMIND.EXE [1998-5-18 255408]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-4-25 113664]
Event Reminder.lnk - c:\program files\Broderbund\PrintMaster\PMremind.exe [2008-6-3 442368]
Scanner Detector.lnk - c:\program files\ScanSuite\SDetect.exe [2009-3-15 29184]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideFastUserSwitching"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windows SteadyState]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"c:\\Documents and Settings\\XPS 600\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [6/24/2008 9:48 AM 9344]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [11/9/2010 11:50 PM 64288]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [11/28/2010 7:07 AM 218592]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/5/2010 4:32 PM 135336]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [12/4/2010 3:05 PM 632792]
R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\pfmodnt.sys [12/16/2006 10:26 PM 16168]
R2 Windows SteadyState;Windows SteadyState Service;c:\program files\Windows SteadyState\SCTSvc.exe [5/30/2008 1:41 PM 115728]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/28/2010 7:04 AM 136176]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe --> c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [?]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/23/2010 2:46 AM 1375992]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [8/21/2008 11:49 PM 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [8/21/2008 11:49 PM 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [6/18/2007 8:18 PM 23680]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [11/28/2010 7:06 AM 366840]
S4 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\bsudf.sys [6/24/2008 9:48 AM 448640]
.
Contents of the 'Scheduled Tasks' folder

2010-12-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-09-23 01:05]

2010-12-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-28 12:04]

2010-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-28 12:04]

2010-12-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3195425923-1285657760-1615779363-1003Core.job
- c:\documents and settings\XPS 600\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-22 21:15]

2010-12-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3195425923-1285657760-1615779363-1003UA.job
- c:\documents and settings\XPS 600\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-22 21:15]

2010-12-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3195425923-1285657760-1615779363-1008Core.job
- c:\documents and settings\Diane\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-24 19:08]

2010-12-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3195425923-1285657760-1615779363-1008UA.job
- c:\documents and settings\Diane\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-24 19:08]

2010-12-06 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3195425923-1285657760-1615779363-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]

2010-12-05 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3195425923-1285657760-1615779363-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]

2010-12-06 c:\windows\Tasks\RMSchedule.job
- c:\program files\Registry Mechanic\RegMech.exe [2010-12-04 22:05]

2010-12-06 c:\windows\Tasks\RMSmartUpdate.job
- c:\program files\Registry Mechanic\Update.exe [2010-12-04 17:26]

2010-12-06 c:\windows\Tasks\User_Feed_Synchronization-{876214DB-76CA-4704-8B18-8DC38E3EA59F}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://us.mcafee.com/root/campaign.asp?cid=15734
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: aol.com\free
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
FF - ProfilePath - c:\documents and settings\XPS 600\Application Data\Mozilla\Firefox\Profiles\thy8db67.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://ws.infospace.com/gamers_tbar/ws/redir?_iceUrl=true&user_id=38549313&tool_id=60531&qkw=
FF - component: c:\documents and settings\XPS 600\Application Data\Mozilla\Firefox\Profiles\thy8db67.default\extensions\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\components\Engine.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\XPS 600\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Extension: Gamers Unite! Snag Bar: {afe43e80-0abc-4df2-81a0-3fe44b74abe8} - c:\documents and settings\XPS 600\Application Data\Mozilla\Firefox\Profiles\thy8db67.default\extensions\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-RunOnce-RealUpgradeHelper - c:\program files\Common Files\Real\Update_OB\upgrdhlp.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-06 11:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3195425923-1285657760-1615779363-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3548)
c:\windows\system32\WININET.dll
c:\windows\system32\ctagent.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\CTHELPER.EXE
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\wscntfy.exe
c:\documents and settings\XPS 600\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-12-06 11:05:49 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-06 16:05

Pre-Run: 459,250,892,800 bytes free
Post-Run: 459,081,187,328 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - AEDA022072D46112A0F478C05F16AE14
 
Broni,

I also noticed the log states Norton AV but that has been removed at an earlier date and nothing of it shows in add/remove programs under Norton or Symantec. Please advise.

Thanks,

Rotten Rebel
 
We'll remove Norton's leftovers manually...

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
File::

Folder::
c:\documents and settings\All Users\Application Data\STOPzilla!
c:\documents and settings\XPS 600\Application Data\ErrorTeck
c:\documents and settings\XPS 600\Application Data\PCFix
c:\documents and settings\All Users\Application Data\RegSERVO
c:\documents and settings\XPS 600\Application Data\FixCleaner
c:\program files\FixCleaner
c:\documents and settings\LocalService\Local Settings\Application Data\AVG Security Toolbar
c:\program files\AVG
c:\program files\Common Files\Symantec Shared


Driver::
AVG Security Toolbar Service
EraserUtilRebootDrv


Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=-


SecCenter::
{990F9400-4CEE-43EA-A83A-D013ADD8EA6E}


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
I have not seen any more bad image popups since I ran combofix this morning. Yay. Thank you so much.
I know there are more thing for me to do so I will again wait for further instruction.
Here is the new log.

ComboFix 10-12-06.01 - XPS 600 12/06/2010 21:34:54.2.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2045.1532 [GMT -5:00]
Running from: c:\documents and settings\XPS 600\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\XPS 600\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\RegSERVO
c:\documents and settings\All Users\Application Data\RegSERVO\LOGS\LOGS_12_04_2010_14_50_04_PM.log
c:\documents and settings\All Users\Application Data\RegSERVO\LOGS\LOGS_12_04_2010_15_39_42_PM.log
c:\documents and settings\All Users\Application Data\RegSERVO\LOGS\LOGS_12_04_2010_20_58_35_PM.log
c:\documents and settings\All Users\Application Data\STOPzilla!
c:\documents and settings\All Users\Application Data\STOPzilla!\modules_scanned.db
c:\documents and settings\All Users\Application Data\STOPzilla!\modules_scanned.db.bak
c:\documents and settings\All Users\Application Data\STOPzilla!\scanner.log
c:\documents and settings\All Users\Application Data\STOPzilla!\userdata.db
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-000.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-001.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-002.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-003.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-004.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-005.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-006.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-007.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-008.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-009.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-010.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-011.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-012.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-013.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-014.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-015.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-016.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-017.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-018.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-019.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-020.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-021.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-022.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-023.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-024.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-025.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-026.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-027.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-028.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-029.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-030.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-031.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-032.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-033.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-034.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-035.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-036.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-037.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-038.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-039.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-040.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-041.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-042.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-043.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-044.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-045.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-046.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-047.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-048.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-049.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-050.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-051.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-052.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-053.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-054.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-055.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-056.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-057.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-058.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-059.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-060.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-061.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-062.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-063.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-064.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-065.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-066.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-067.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-068.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-069.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-070.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-071.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-072.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-073.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-074.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-075.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-076.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-077.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-078.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-079.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-080.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-081.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-082.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-083.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-084.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-085.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-086.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-087.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-088.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-089.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-090.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-091.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-092.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-093.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-094.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-095.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-096.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vb-daily.vdb
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vbcorent.dll
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vdb.xml
c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\xml_edk.log
c:\documents and settings\All Users\Application Data\STOPzilla!\zilla5.log
c:\documents and settings\LocalService\Local Settings\Application Data\AVG Security Toolbar
c:\documents and settings\LocalService\Local Settings\Application Data\AVG Security Toolbar\cache\2eaaaaa8.xml
c:\documents and settings\LocalService\Local Settings\Application Data\AVG Security Toolbar\cache\overlay.xml
c:\documents and settings\LocalService\Local Settings\Application Data\AVG Security Toolbar\cache\wea_26.png
c:\documents and settings\XPS 600\Application Data\ErrorTeck
c:\documents and settings\XPS 600\Application Data\ErrorTeck\Backup\Automatic Backup_12-04-2010_16-30-02.reg
c:\documents and settings\XPS 600\Application Data\ErrorTeck\settings.ini
c:\documents and settings\XPS 600\Application Data\FixCleaner
c:\documents and settings\XPS 600\Application Data\FixCleaner\Logs\2010-12-04 14-08-570.log
c:\documents and settings\XPS 600\Application Data\FixCleaner\Logs\2010-12-04 14-39-460.log
c:\documents and settings\XPS 600\Application Data\FixCleaner\Logs\2010-12-04 15-30-050.log
c:\documents and settings\XPS 600\Application Data\FixCleaner\PCOBackups\2010-12-04 14-18-23.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\PCOBackups\2010-12-04 14-18-48.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\PCOBackups\2010-12-04 14-19-27.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\PCOBackups\2010-12-04 14-19-55.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\PCOBackups\2010-12-04 14-20-12.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\PCOBackups\2010-12-04 14-21-33.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\PCOBackups\2010-12-04 14-40-04.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\filelist.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-0.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-1.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-10.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-100.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-101.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-102.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-103.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-104.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-105.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-106.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-107.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-108.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-109.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-11.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-110.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-111.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-112.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-113.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-114.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-115.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-116.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-117.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-118.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-119.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-12.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-120.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-121.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-122.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-123.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-124.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-125.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-126.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-127.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-128.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-129.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-13.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-130.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-131.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-132.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-133.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-134.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-135.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-136.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-137.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-138.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-139.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-14.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-140.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-141.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-142.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-143.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-144.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-145.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-146.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-147.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-148.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-149.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-15.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-150.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-151.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-152.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-153.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-154.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-155.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-156.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-157.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-158.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-159.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-16.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-160.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-161.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-162.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-163.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-164.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-165.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-166.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-167.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-168.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-169.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-17.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-170.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-171.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-172.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-173.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-174.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-175.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-176.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-177.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-178.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-179.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-18.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-180.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-181.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-182.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-183.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-184.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-185.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-186.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-187.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-188.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-189.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-19.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-190.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-191.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-192.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-193.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-194.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-195.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-196.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-197.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-198.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-199.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-2.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-20.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-200.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-201.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-202.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-203.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-204.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-205.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-206.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-207.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-208.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-209.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-21.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-210.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-211.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-212.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-213.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-214.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-215.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-216.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-217.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-218.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-219.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-22.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-220.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-221.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-23.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-24.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-25.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-26.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-27.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-28.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-29.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-3.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-30.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-31.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-32.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-33.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-34.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-35.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-36.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-37.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-38.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-39.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-4.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-40.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-41.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-42.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-43.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-44.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-45.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-46.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-47.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-48.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-49.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-5.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-50.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-51.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-52.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-53.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-54.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-55.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-56.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-57.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-58.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-59.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-6.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-60.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-61.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-62.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-63.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-64.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-65.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-66.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-67.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-68.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-69.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-7.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-70.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-71.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-72.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-73.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-74.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-75.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-76.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-77.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-78.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-79.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-8.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-80.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-81.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-82.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-83.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-84.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-85.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-86.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-87.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-88.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-89.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-9.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-90.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-91.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-92.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-93.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-94.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-95.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-96.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-97.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-98.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-110\regb-99.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-18-480\filelist.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-19-270\filelist.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-19-540\filelist.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-20-120\filelist.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-21-330\filelist.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\QuarantineW\2010-12-04 14-40-030\filelist.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\Results\Evidence.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\Results\Junk.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\Results\MSUpdate.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\Results\Registry.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\Results\Update.db
c:\documents and settings\XPS 600\Application Data\FixCleaner\spy_ignore.db
c:\documents and settings\XPS 600\Application Data\PCFix
c:\documents and settings\XPS 600\Application Data\PCFix\log.dat
c:\documents and settings\XPS 600\Application Data\PCFix\unresolvederrors.dat
 
c:\program files\AVG
c:\program files\Common Files\Symantec Shared
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcnet.dll
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlctnk.dll
c:\program files\Common Files\Symantec Shared\CF\Manifests\cltCFRg8.dll
c:\program files\Common Files\Symantec Shared\Default.rul
c:\program files\Common Files\Symantec Shared\Firewall.BAK
c:\program files\Common Files\Symantec Shared\Firewall.rul
c:\program files\Common Files\Symantec Shared\Help\LuMuiHelp\09\01\LUALL.chm
c:\program files\Common Files\Symantec Shared\Help\LuMuiHelp\fallback.dat
c:\program files\Common Files\Symantec Shared\LocationMap.dat
c:\program files\Common Files\Symantec Shared\NPC\2.0\09\01\NPCEXT.loc
c:\program files\Common Files\Symantec Shared\NPC\2.0\09\01\WSCRMain.loc
c:\program files\Common Files\Symantec Shared\NPC\2.0\NPCEXT.dll
c:\program files\Common Files\Symantec Shared\NPC\2.0\suphtml.dll
c:\program files\Common Files\Symantec Shared\NPC\2.0\WmiClnt.dll
c:\program files\Common Files\Symantec Shared\NPC\2.0\WmiData.dll
c:\program files\Common Files\Symantec Shared\NPC\2.0\WmiMontr.dll
c:\program files\Common Files\Symantec Shared\NPC\2.0\WSCR_Fix.dll
c:\program files\Common Files\Symantec Shared\NPC\2.0\WSCRHlpr.dll
c:\program files\Common Files\Symantec Shared\NPC\2.0\WSCRMain.dll
c:\program files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\CLTSComp.dll
c:\program files\Common Files\Symantec Shared\Persist.BAK
c:\program files\Common Files\Symantec Shared\Persist.Dat
c:\program files\Common Files\Symantec Shared\SEVINST.EXE
c:\program files\Common Files\Symantec Shared\SNDALRT.log
c:\program files\Common Files\Symantec Shared\SNDCON.log
c:\program files\Common Files\Symantec Shared\SNDDBG.log
c:\program files\Common Files\Symantec Shared\SNDFW.log
c:\program files\Common Files\Symantec Shared\SNDIDS.log
c:\program files\Common Files\Symantec Shared\SNDSvc.dll
c:\program files\Common Files\Symantec Shared\SNDSYS.log
c:\program files\Common Files\Symantec Shared\SNDunin.dll
c:\program files\Common Files\Symantec Shared\SPManifests\LuSymProtect.grd
c:\program files\Common Files\Symantec Shared\SPManifests\LuSymProtect.sig
c:\program files\Common Files\Symantec Shared\SPManifests\LuSymProtect.spm
c:\program files\Common Files\Symantec Shared\SPManifests\npc2008.grd
c:\program files\Common Files\Symantec Shared\SPManifests\npc2008.sig
c:\program files\Common Files\Symantec Shared\SPManifests\npc2008.spm
c:\program files\Common Files\Symantec Shared\SPManifests\Snd.grd
c:\program files\Common Files\Symantec Shared\SPManifests\Snd.sig
c:\program files\Common Files\Symantec Shared\SPManifests\Snd.spm
c:\program files\Common Files\Symantec Shared\SPManifests\SYMEVNT.GRD
c:\program files\Common Files\Symantec Shared\SPManifests\SYMEVNT.SIG
c:\program files\Common Files\Symantec Shared\SPManifests\SYMEVNT.SPM
c:\program files\Common Files\Symantec Shared\Support Controls\ssctlbr.dll
c:\program files\Common Files\Symantec Shared\Support Controls\ssctlln.dll
c:\program files\Common Files\Symantec Shared\Support Controls\ssctlwmi.dll
c:\program files\Common Files\Symantec Shared\Support Controls\sshelper.exe
c:\program files\Common Files\Symantec Shared\Support Controls\SymSupCC.dll
c:\program files\Common Files\Symantec Shared\Support Controls\tgctlcm.dll
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100212.003\CCERASER.DLL
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100212.003\ECMSVR32.DLL
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100212.003\EECTRL.SYS
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100212.003\ERASER.SPM
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100212.003\ERASER.SYS
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100212.003\NAVENG.SYS
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100212.003\NAVENG32.DLL
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100212.003\NAVEX15.SYS
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100212.003\NAVEX32A.DLL
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100212.003\SYMAVENG.CAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100212.003\SYMAVENG.INF
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100212.003\SYMERASE.CAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100212.003\SYMERASE.INF
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100212.003\VIRSCAN.INF
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\CATALOG.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\CCERASER.DLL
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\ECMSVR32.DLL
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\EECTRL.SYS
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\ERASER.GRD
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\ERASER.SIG
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\ERASER.SPM
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\ERASER.SYS
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\ESRDEF.BIN
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\HH
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\NAVENG.SYS
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\NAVENG32.DLL
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\NAVEX15.SYS
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\NAVEX32A.DLL
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\NCSACERT.TXT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\SCRAUTH.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\SYMAVENG.CAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\SYMAVENG.INF
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\SYMERASE.CAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\SYMERASE.INF
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\TCDEFS.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\TCSCAN7.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\TCSCAN8.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\TCSCAN9.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\TECHNOTE.TXT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\TINF.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\TINFIDX.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\TINFL.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\TSCAN1.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\TSCAN1HD.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\V.GRD
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\V.SIG
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\VIRSCAN.INF
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\VIRSCAN1.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\VIRSCAN2.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\VIRSCAN3.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\VIRSCAN4.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\VIRSCAN5.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\VIRSCAN6.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\VIRSCAN7.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\VIRSCAN8.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\VIRSCAN9.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\WHATSNEW.TXT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20101126.003\ZDONE.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\catalog.dat
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\CCERASER.DLL
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\ECMSVR32.DLL
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\EECTRL.SYS
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\ERASER.GRD
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\ERASER.SIG
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\ERASER.SPM
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\ERASER.SYS
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\ESRDEF.BIN
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\HH
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\NAVENG.SYS
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\NAVENG32.DLL
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\NAVEX15.SYS
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\NAVEX32A.DLL
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\ncsacert.txt
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\SCRAUTH.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\SYMAVENG.CAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\SYMAVENG.INF
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\SYMERASE.CAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\SYMERASE.INF
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\TCDEFS.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\TCSCAN7.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\TCSCAN8.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\TCSCAN9.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\technote.txt
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\TINF.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\tinfidx.dat
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\TINFL.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\TSCAN1.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\TSCAN1HD.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\V.GRD
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\V.SIG
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\VIRSCAN.INF
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\VIRSCAN1.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\VIRSCAN2.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\VIRSCAN3.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\VIRSCAN4.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\VIRSCAN5.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\VIRSCAN6.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\VIRSCAN7.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\VIRSCAN8.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\VIRSCAN9.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\WHATSNEW.TXT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\zdone.dat
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\definfo.dat
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp64dd.tmp\CATALOG.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp64dd.tmp\ERASER.GRD
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp64dd.tmp\ERASER.SIG
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp64dd.tmp\ESRDEF.BIN
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp64dd.tmp\HH
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp64dd.tmp\ncsacert.txt
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp64dd.tmp\SCRAUTH.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp64dd.tmp\TCDEFS.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp64dd.tmp\TCSCAN7.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp64dd.tmp\TCSCAN8.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp64dd.tmp\TCSCAN9.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp64dd.tmp\technote.txt
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp64dd.tmp\TINF.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp64dd.tmp\tinfidx.dat
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp64dd.tmp\TINFL.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp64dd.tmp\TSCAN1.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp64dd.tmp\TSCAN1HD.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp64dd.tmp\V.GRD
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp64dd.tmp\V.SIG
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp64dd.tmp\VIRSCAN1.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp64dd.tmp\VIRSCAN2.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp64dd.tmp\VIRSCAN3.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp64dd.tmp\VIRSCAN4.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp64dd.tmp\VIRSCAN5.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp64dd.tmp\VIRSCAN6.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp64dd.tmp\VIRSCAN7.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp64dd.tmp\VIRSCAN8.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp64dd.tmp\VIRSCAN9.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp64dd.tmp\virscant.dat
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp64dd.tmp\WHATSNEW.TXT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp64dd.tmp\zdone.dat
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\usage.dat
c:\program files\Common Files\Symantec Shared\SymNetDrv\symIM.cat
c:\program files\Common Files\Symantec Shared\SymNetDrv\SymIM.sys
c:\program files\Common Files\Symantec Shared\SymNetDrv\SymIM_m.inf
c:\program files\Common Files\Symantec Shared\SymNetDrv\SymIM_p.inf
c:\program files\Common Files\Symantec Shared\SymNetDrv\symIMv.cat
c:\program files\Common Files\Symantec Shared\SymNetDrv\SymIMv.inf
c:\program files\Common Files\Symantec Shared\SymNetDrv\SymIMv.sys
c:\program files\Common Files\Symantec Shared\TModule.dat
c:\program files\Common Files\Symantec Shared\TParent.dat
c:\program files\FixCleaner
c:\program files\FixCleaner\PW\general.html
c:\program files\FixCleaner\PW\optimizations.html
c:\program files\FixCleaner\PW\privacy.html
c:\program files\FixCleaner\PW\scheduler.html
c:\program files\FixCleaner\PW\startup.html
c:\program files\FixCleaner\PW\wizard.css


.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ERASERUTILREBOOTDRV
-------\Service_AVG Security Toolbar Service
-------\Service_EraserUtilRebootDrv


((((((((((((((((((((((((( Files Created from 2010-11-07 to 2010-12-07 )))))))))))))))))))))))))))))))
.

2010-12-05 21:35 . 2010-12-05 21:35 -------- d-----w- c:\documents and settings\XPS 600\Application Data\Avira
2010-12-05 21:32 . 2010-12-06 16:45 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-12-05 21:32 . 2010-08-02 21:10 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-12-05 21:32 . 2010-06-17 20:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-12-05 21:32 . 2010-06-17 20:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-12-05 21:32 . 2010-12-05 21:32 -------- d-----w- c:\program files\Avira
2010-12-05 21:32 . 2010-12-05 21:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-12-05 03:32 . 2010-12-05 03:32 -------- d-----w- c:\program files\ESET
2010-11-28 12:06 . 2010-11-28 12:06 -------- d-----w- c:\documents and settings\XPS 600\Application Data\PC Tools
2010-11-28 12:06 . 2010-11-28 12:06 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-11-23 16:48 . 2010-12-05 21:15 -------- d-----w- c:\program files\Cell Phone Manager
2010-11-23 01:04 . 2010-11-23 01:04 -------- d-----w- C:\WINNT
2010-11-22 23:28 . 2010-11-22 23:28 -------- d-----w- c:\program files\BitPim
2010-11-15 14:07 . 2010-11-15 14:07 11776 ----a-w- c:\program files\Mozilla Firefox\plugins\nprjplug.dll
2010-11-15 14:07 . 2010-11-15 14:07 -------- d-----w- c:\program files\Common Files\xing shared
2010-11-15 14:07 . 2010-11-15 14:07 151776 ----a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll
2010-11-15 14:07 . 2010-11-15 14:07 100352 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpjplug.dll
2010-11-10 15:13 . 2010-11-10 15:13 388096 ----a-r- c:\documents and settings\XPS 600\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-11-10 15:12 . 2010-11-10 15:12 1402880 ----a-w- c:\program files\HiJackThis.msi
2010-11-10 14:13 . 2010-11-29 22:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-10 14:13 . 2010-11-29 22:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-10 06:40 . 2010-09-23 07:46 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-11-10 04:50 . 2010-09-23 07:46 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-11-10 04:50 . 2010-11-10 04:50 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-11-10 04:47 . 2010-11-10 04:47 -------- d-----w- c:\documents and settings\XPS 600\Local Settings\Application Data\Sunbelt Software
2010-11-10 04:46 . 2010-11-10 04:46 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{E961CE1B-C3EA-4882-9F67-F859B555D097}
2010-11-10 04:46 . 2010-11-10 04:46 -------- d-----w- c:\program files\Lavasoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-14 23:44 . 2010-10-14 23:44 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2010-09-18 16:23 . 2004-08-12 13:21 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-12 13:21 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-12 13:21 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-12 13:21 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 08:50 . 2010-04-15 14:26 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 06:29 . 2007-04-21 20:40 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-10 05:58 . 2004-08-12 13:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2004-08-12 13:21 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2004-08-12 13:20 1469440 ------w- c:\windows\system32\inetcpl.cpl
2004-06-08 20:51 . 2004-06-08 20:51 278528 ----a-w- c:\program files\internet explorer\plugins\PanoViewer.dll
2004-06-08 20:51 . 2004-06-08 20:51 143360 ----a-w- c:\program files\internet explorer\plugins\UPjpeg.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-12-06_16.01.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-07 02:44 . 2010-12-07 02:44 16384 c:\windows\Temp\Perflib_Perfdata_22c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteCenter"="c:\program files\Creative\MediaSource\RemoteControl\RCMan.EXE" [2003-10-08 139264]
"Google Update"="c:\documents and settings\XPS 600\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-01-22 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [2007-04-09 19456]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Bubble"="c:\program files\Windows SteadyState\Bubble.exe" [2008-05-30 182288]
"Logoff"="c:\program files\Windows SteadyState\SCTUINotify.exe" [2008-05-30 163856]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-12 13666408]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]

c:\documents and settings\XPS 600\Start Menu\Programs\Startup\
Event Reminder.lnk - c:\pmw\PMREMIND.EXE [1998-5-18 255408]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-4-25 113664]
Event Reminder.lnk - c:\program files\Broderbund\PrintMaster\PMremind.exe [2008-6-3 442368]
Scanner Detector.lnk - c:\program files\ScanSuite\SDetect.exe [2009-3-15 29184]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideFastUserSwitching"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windows SteadyState]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"c:\\Documents and Settings\\XPS 600\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [6/24/2008 9:48 AM 9344]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [11/9/2010 11:50 PM 64288]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [11/28/2010 7:07 AM 218592]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/5/2010 4:32 PM 135336]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [12/4/2010 3:05 PM 632792]
R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\pfmodnt.sys [12/16/2006 10:26 PM 16168]
R2 Windows SteadyState;Windows SteadyState Service;c:\program files\Windows SteadyState\SCTSvc.exe [5/30/2008 1:41 PM 115728]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/28/2010 7:04 AM 136176]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/23/2010 2:46 AM 1375992]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [8/21/2008 11:49 PM 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [8/21/2008 11:49 PM 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [6/18/2007 8:18 PM 23680]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [11/28/2010 7:06 AM 366840]
S4 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\bsudf.sys [6/24/2008 9:48 AM 448640]
.
Contents of the 'Scheduled Tasks' folder

2010-12-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-09-23 01:05]

2010-12-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-12-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-28 12:04]

2010-12-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-28 12:04]

2010-12-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3195425923-1285657760-1615779363-1003Core.job
- c:\documents and settings\XPS 600\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-22 21:15]

2010-12-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3195425923-1285657760-1615779363-1003UA.job
- c:\documents and settings\XPS 600\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-22 21:15]

2010-12-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3195425923-1285657760-1615779363-1008Core.job
- c:\documents and settings\Diane\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-24 19:08]

2010-12-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3195425923-1285657760-1615779363-1008UA.job
- c:\documents and settings\Diane\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-24 19:08]

2010-12-07 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3195425923-1285657760-1615779363-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]

2010-12-05 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3195425923-1285657760-1615779363-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]

2010-12-07 c:\windows\Tasks\RMSchedule.job
- c:\program files\Registry Mechanic\RegMech.exe [2010-12-04 22:05]

2010-12-06 c:\windows\Tasks\RMSmartUpdate.job
- c:\program files\Registry Mechanic\Update.exe [2010-12-04 17:26]

2010-12-06 c:\windows\Tasks\User_Feed_Synchronization-{876214DB-76CA-4704-8B18-8DC38E3EA59F}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://us.mcafee.com/root/campaign.asp?cid=15734
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: aol.com\free
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
FF - ProfilePath - c:\documents and settings\XPS 600\Application Data\Mozilla\Firefox\Profiles\thy8db67.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://ws.infospace.com/gamers_tbar/ws/redir?_iceUrl=true&user_id=38549313&tool_id=60531&qkw=
FF - component: c:\documents and settings\XPS 600\Application Data\Mozilla\Firefox\Profiles\thy8db67.default\extensions\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\components\Engine.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\XPS 600\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Extension: Gamers Unite! Snag Bar: {afe43e80-0abc-4df2-81a0-3fe44b74abe8} - c:\documents and settings\XPS 600\Application Data\Mozilla\Firefox\Profiles\thy8db67.default\extensions\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-06 21:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3195425923-1285657760-1615779363-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(152)
c:\windows\system32\WININET.dll
c:\windows\system32\ctagent.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\MsPMSPSv.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\CTHELPER.EXE
c:\windows\system32\wbem\unsecapp.exe
c:\documents and settings\XPS 600\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-12-06 21:47:42 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-07 02:47
ComboFix2.txt 2010-12-06 16:05

Pre-Run: 459,032,719,360 bytes free
Post-Run: 458,899,275,776 bytes free

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 96D2C9316ACE0CC5B519DF934B8720D1
 
Good news :)

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Broni,

Here are the next 2 logs requested: extra.txt & otl.txt

Rotten Rebel


OTL Extras logfile created on: 12/7/2010 12:09:48 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\XPS 600\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 427.38 Gb Free Space | 91.76% Space Free | Partition Type: NTFS

Computer Name: DIANE-DAVID | User Name: XPS 600 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe" = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox -- (Yahoo! Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Ares\Ares.exe" = C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows -- (Ares Development Group)
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware -- (Malwarebytes Corporation)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Camera Window DS
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{10F5D9BB-E2F2-4B18-A65D-928B73D22E6F}" = USB-IrDA Adapter
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio EasyArchive
"{17A7779A-D23F-11D3-8753-0050BABE1202}" = Microtek ScanWizard
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
"{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{481E9852-DA0C-403B-ADA4-05D86C8BF9A9}" = Google Photos Screensaver
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5360DF11-A876-460B-9953-6817AA2BF9D5}" = Photo Explosion Deluxe
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"{62BFB4C2-8C4E-4D91-BD7D-81C06EAAC3C0}" = Windows Rights Management Client with Service Pack 2
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{71F6261F-C0EC-46EF-85D6-67EDEEE2EF89}" = Corel Snapfire Plus
"{7395D650-AE5D-4D68-B8FE-D3FA6B51467F}" = Driver Detective
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}" = PhotoStitch
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}" = URGE
"{8CD3B114-4A47-4F2B-ACBB-BFF7120E1C82}" = Art Explosion T-Shirt Factory Deluxe
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E2514D9-DC24-4634-B348-61F3EF0F1628}" = Sound Blaster Audigy 2 ZS
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-1033-0000-BA7E-000000000001}" = Adobe Acrobat 6.0 Standard
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B314244C-753A-413B-B0F1-30972D6B58A0}" = HyperLoad - Mah Jongg
"{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}" = Canon PhotoRecord
"{BCCB6326-C2C5-47E5-8DEC-2AB9FDB661F2}" = SymNet
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Premier
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3880A64-6112-47b7-8BFE-70EEA07B43E0}" = Windows SteadyState
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E1C7EF5E-3A7B-4ED4-A48B-F70F1B36EAB4}" = Corel Paint Shop Pro Photo XI
"{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}" = Acrobat.com
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{EC2A8F27-4FBF-4E41-B27B-FE822511B761}" = iTunes
"{EC3B8CA2-49B8-4D38-BE9C-ABD0F6029168}" = Yahoo! Music Jukebox
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 1.0.7
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Aloha Solitaire" = Aloha Solitaire
"Ares" = Ares 2.0.9
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Bounce Out Blitz" = Bounce Out Blitz
"CAL" = Canon Camera Access Library
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon Camera WIA Driver PowerShot A40" = Canon PowerShot A40 WIA Driver
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CANONBJ_Deinstall_CNMCP5p.DLL" = Canon i9900
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"CSCLIB" = Canon Camera Support Core Library
"DrawPlus 3.0" = DrawPlus 3.0
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PhotoPrint Plus" = Canon Utilities Easy-PhotoPrint Plus
"Easy-WebPrint" = Easy-WebPrint
"ESET Online Scanner" = ESET Online Scanner v3
"ExpressRip" = Express Rip
"GameHouse Sudoku" = GameHouse Sudoku
"Garden Encyclopedia" = Sierra Garden Encyclopedia
"Golden" = Golden Records
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InCD!UninstallKey" = InCD (Ahead Software)
"Indeo® software" = Indeo® software
"InstallShield_{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Canon Camera Window DSLR 5 for ZoomBrowser EX
"InstallShield_{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"InstallShield_{7395D650-AE5D-4D68-B8FE-D3FA6B51467F}" = Driver Detective
"InstallShield_{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}" = Canon Utilities PhotoStitch 3.1
"LimeWire" = LimeWire 5.4.6
"Little Shop of Treasures" = Little Shop of Treasures
"Mah Jong Medley" = Mah Jong Medley
"Mahjong Fortuna 2" = Mahjong Fortuna 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Picasa 3" = Picasa 3
"Pixillion" = Pixillion Image Converter
"PrintMaster 10" = PrintMaster
"PrintMaster Gold 4.00" = PrintMaster Gold 4.00
"Prism" = Prism Video Converter
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"RadarSync" = RadarSync
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealArcade" = RealArcade
"RealPlayer 12.0" = RealPlayer
"Registry Mechanic_is1" = Registry Mechanic 10.0
"RemoteCaptureDC" = Canon Utilities RemoteCapture DC
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"ScanSuite" = Microtek ScanSuite 1.2
"Shape Shifter" = Shape Shifter
"Sierra Photo Garden Designer" = Sierra Photo Garden Designer
"Slingo Supreme" = Slingo Supreme
"SoundTap" = SoundTap Streaming Audio Recorder
"Splash" = Splash
"Spring Sprang Sprung" = Spring Sprang Sprung
"Spyware Doctor" = Spyware Doctor 7.0
"Super Collapse! 3" = Super Collapse! 3
"Super Gem Drop" = Super Gem Drop
"Switch" = Switch Sound File Converter
"SysInfo" = Creative System Information
"SystemRequirementsLab" = System Requirements Lab
"VueScan" = VueScan
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WebPost" = Microsoft Web Publishing Wizard 1.52
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Xvid_is1" = Xvid 1.1.3 final uninstall
"Yahoo! Software Update" = Yahoo! Software Update
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
"Zuma Deluxe" = Zuma Deluxe

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/4/2010 4:29:12 PM | Computer Name = DIANE-DAVID | Source = Windows Search Service | ID = 1006
Description =

Error - 12/4/2010 4:29:12 PM | Computer Name = DIANE-DAVID | Source = Windows Search Service | ID = 3026
Description =

Error - 12/4/2010 5:00:46 PM | Computer Name = DIANE-DAVID | Source = Windows Search Service | ID = 1006
Description =

Error - 12/4/2010 5:00:46 PM | Computer Name = DIANE-DAVID | Source = Windows Search Service | ID = 3026
Description =

Error - 12/4/2010 5:55:02 PM | Computer Name = DIANE-DAVID | Source = Windows Search Service | ID = 1006
Description =

Error - 12/5/2010 10:39:37 AM | Computer Name = DIANE-DAVID | Source = MsiInstaller | ID = 11722
Description = Product: STOPzilla -- Message 1722. STOPzilla has canceled the removal
process!

Error - 12/5/2010 11:40:07 AM | Computer Name = DIANE-DAVID | Source = Windows Search Service | ID = 1006
Description =

Error - 12/5/2010 11:40:07 AM | Computer Name = DIANE-DAVID | Source = Windows Search Service | ID = 3026
Description =

Error - 12/5/2010 1:13:02 PM | Computer Name = DIANE-DAVID | Source = Windows Search Service | ID = 1006
Description =

Error - 12/5/2010 6:39:19 PM | Computer Name = DIANE-DAVID | Source = Windows Search Service | ID = 1006
Description =

[ System Events ]
Error - 12/5/2010 6:35:11 PM | Computer Name = DIANE-DAVID | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 12/5/2010 6:35:11 PM | Computer Name = DIANE-DAVID | Source = Service Control Manager | ID = 7034
Description = The Automatic LiveUpdate Scheduler service terminated unexpectedly.
It has done this 1 time(s).

Error - 12/5/2010 6:35:11 PM | Computer Name = DIANE-DAVID | Source = Service Control Manager | ID = 7034
Description = The PC Tools Security Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 12/5/2010 6:35:11 PM | Computer Name = DIANE-DAVID | Source = Service Control Manager | ID = 7031
Description = The Lavasoft Ad-Aware Service service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 5000
milliseconds: Restart the service.

Error - 12/5/2010 6:38:28 PM | Computer Name = DIANE-DAVID | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Windows SteadyState service.

Error - 12/5/2010 6:39:21 PM | Computer Name = DIANE-DAVID | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error
2147749155 (0x80040D23).

Error - 12/6/2010 8:20:56 AM | Computer Name = DIANE-DAVID | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Windows SteadyState service.

Error - 12/6/2010 8:22:00 AM | Computer Name = DIANE-DAVID | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error
2147749155 (0x80040D23).

Error - 12/6/2010 11:11:55 AM | Computer Name = DIANE-DAVID | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Windows SteadyState service.

Error - 12/6/2010 11:12:03 AM | Computer Name = DIANE-DAVID | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error
2147749155 (0x80040D23).


< End of report >
 
========== Files - Modified Within 30 Days ==========

[2010/12/06 23:34:00 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3195425923-1285657760-1615779363-1003UA.job
[2010/12/06 23:34:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3195425923-1285657760-1615779363-1003Core.job
[2010/12/06 23:15:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/06 23:13:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3195425923-1285657760-1615779363-1008UA.job
[2010/12/06 21:45:32 | 000,267,725 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/12/06 21:45:30 | 004,958,588 | ---- | M] () -- C:\WINDOWS\{00000003-00000000-00000005-00001102-00000004-20021102}.CDF
[2010/12/06 21:43:57 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/06 21:43:57 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3195425923-1285657760-1615779363-1003.job
[2010/12/06 21:43:31 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/12/06 21:43:25 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/06 21:43:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/06 21:42:38 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000005-00001102-00000004-20021102}.rfx
[2010/12/06 21:42:38 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000005-00001102-00000004-20021102}.rfx
[2010/12/06 21:42:38 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000003-00000000-00000005-00001102-00000004-20021102}.rfx
[2010/12/06 21:42:38 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000003-00000000-00000005-00001102-00000004-20021102}.rfx
[2010/12/06 21:42:38 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000005-00001102-00000004-20021102}.rfx
[2010/12/06 21:32:59 | 003,985,732 | R--- | M] () -- C:\Documents and Settings\XPS 600\Desktop\ComboFix.exe
[2010/12/06 21:32:19 | 004,958,588 | ---- | M] () -- C:\WINDOWS\{00000003-00000000-00000005-00001102-00000004-20021102}.BAK
[2010/12/06 20:45:15 | 000,000,258 | ---- | M] () -- C:\WINDOWS\tasks\RMSchedule.job
[2010/12/06 17:49:40 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{876214DB-76CA-4704-8B18-8DC38E3EA59F}.job
[2010/12/06 15:05:04 | 000,000,448 | ---- | M] () -- C:\WINDOWS\tasks\RMSmartUpdate.job
[2010/12/06 14:13:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3195425923-1285657760-1615779363-1008Core.job
[2010/12/06 11:45:15 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/12/06 10:55:50 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/12/05 17:55:45 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/12/05 16:32:46 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/12/05 12:14:06 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/12/05 10:45:40 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3195425923-1285657760-1615779363-1003.job
[2010/12/04 16:11:49 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\XPS 600\Local Settings\Application Data\prvlcl.dat
[2010/12/04 15:05:06 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk
[2010/12/03 21:34:56 | 000,002,302 | ---- | M] () -- C:\Documents and Settings\XPS 600\Desktop\Google Chrome.lnk
[2010/12/03 21:34:56 | 000,002,280 | ---- | M] () -- C:\Documents and Settings\XPS 600\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/11/30 20:07:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/28 07:57:54 | 000,008,704 | ---- | M] () -- C:\Documents and Settings\XPS 600\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/28 07:06:16 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/11/23 19:49:32 | 000,447,706 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/23 19:49:31 | 000,073,330 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/23 11:52:14 | 000,052,947 | ---- | M] () -- C:\Documents and Settings\XPS 600\My Documents\090920_133119.jpg
[2010/11/15 21:07:13 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motport_01005.Wdf
[2010/11/15 21:06:50 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motmodem_01005.Wdf
[2010/11/15 21:06:20 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
[2010/11/15 21:06:20 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motccgp_01005.Wdf
[2010/11/15 09:07:53 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2010/11/15 09:07:28 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2010/11/10 16:27:53 | 000,000,759 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Picasa 3.lnk
[2010/11/10 10:12:49 | 001,402,880 | ---- | M] () -- C:\Program Files\HiJackThis.msi
[2010/11/09 23:50:04 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/11/09 23:46:24 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\XPS 600\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/11/09 14:21:40 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\XPS 600\Local Settings\Application Data\housecall.guid.cache
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe

========== Files Created - No Company Name ==========

[2010/12/06 10:55:50 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/12/06 10:55:48 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/12/06 10:52:53 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/12/06 10:52:53 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/12/06 10:52:53 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/12/06 10:52:53 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/12/06 10:52:53 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/12/06 10:29:10 | 003,985,732 | R--- | C] () -- C:\Documents and Settings\XPS 600\Desktop\ComboFix.exe
[2010/12/05 16:32:46 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/12/05 12:13:41 | 000,001,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/12/05 10:36:31 | 004,958,588 | ---- | C] () -- C:\WINDOWS\{00000003-00000000-00000005-00001102-00000004-20021102}.BAK
[2010/12/04 15:25:41 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\XPS 600\S-1-5-21-3195425923-1285657760-1615779363-1003.rrr.LOG
[2010/12/04 15:05:57 | 000,000,258 | ---- | C] () -- C:\WINDOWS\tasks\RMSchedule.job
[2010/12/04 15:05:31 | 000,000,448 | ---- | C] () -- C:\WINDOWS\tasks\RMSmartUpdate.job
[2010/12/04 15:05:06 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk
[2010/12/04 15:05:05 | 000,037,336 | ---- | C] () -- C:\WINDOWS\System32\CleanMFT32.exe
[2010/11/28 08:41:41 | 000,002,302 | ---- | C] () -- C:\Documents and Settings\XPS 600\Desktop\Google Chrome.lnk
[2010/11/28 08:41:41 | 000,002,280 | ---- | C] () -- C:\Documents and Settings\XPS 600\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/11/28 07:07:26 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/11/28 07:07:16 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/11/28 07:07:16 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010/11/28 07:07:11 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010/11/28 07:06:16 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/11/28 07:04:17 | 000,000,888 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/28 07:04:17 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/23 11:53:14 | 000,052,947 | ---- | C] () -- C:\Documents and Settings\XPS 600\My Documents\090920_133119.jpg
[2010/11/22 20:54:33 | 000,511,488 | ---- | C] () -- C:\WINDOWS\System32\pwmdtl40.dll
[2010/11/22 20:54:33 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\cwsmaf40.dll
[2010/11/22 20:54:33 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\cwpwmd10.dll
[2010/11/22 20:54:32 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2010/11/22 20:54:32 | 000,182,784 | ---- | C] () -- C:\WINDOWS\System32\DGVorbis.dll
[2010/11/22 20:54:32 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\Mp3dec.dll
[2010/11/22 20:54:32 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\MP3enc.dll
[2010/11/22 20:54:32 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2010/11/22 20:54:31 | 001,097,728 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2010/11/22 20:54:31 | 001,003,520 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2010/11/22 20:54:31 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\vorbisfile.dll
[2010/11/15 21:07:13 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motport_01005.Wdf
[2010/11/15 21:06:50 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motmodem_01005.Wdf
[2010/11/15 21:06:20 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
[2010/11/15 21:06:20 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motccgp_01005.Wdf
[2010/11/15 09:08:18 | 000,000,282 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3195425923-1285657760-1615779363-1003.job
[2010/11/15 09:08:17 | 000,000,290 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3195425923-1285657760-1615779363-1003.job
[2010/11/15 09:07:53 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2010/11/10 16:27:53 | 000,000,759 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Picasa 3.lnk
[2010/11/10 10:12:37 | 001,402,880 | ---- | C] () -- C:\Program Files\HiJackThis.msi
[2010/11/10 01:40:07 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/11/09 23:51:29 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/11/09 23:46:24 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\XPS 600\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/11/09 14:21:40 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\XPS 600\Local Settings\Application Data\housecall.guid.cache
[2010/03/07 23:22:34 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\XPS 600\Local Settings\Application Data\prvlcl.dat
[2009/11/24 14:05:06 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/09/30 09:38:26 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/09/30 09:38:26 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/09/06 17:05:17 | 000,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/06/03 12:11:33 | 000,000,052 | ---- | C] () -- C:\WINDOWS\pixworks.ini
[2008/06/03 11:43:14 | 000,000,081 | ---- | C] () -- C:\WINDOWS\importclient.INI
[2008/06/03 11:34:31 | 000,000,751 | ---- | C] () -- C:\WINDOWS\Bti.ini
[2008/06/03 11:34:30 | 000,116,640 | ---- | C] () -- C:\WINDOWS\System32\Ptsaci40.dll
[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/06/20 18:25:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSREGUSR.INI
[2007/05/31 09:51:49 | 000,000,211 | ---- | C] () -- C:\WINDOWS\btw.ini
[2007/05/31 09:50:49 | 000,111,104 | ---- | C] () -- C:\WINDOWS\System32\MVCL13N.DLL
[2007/05/31 09:40:18 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2007/05/31 09:32:33 | 000,000,057 | ---- | C] () -- C:\WINDOWS\viewer.ini
[2007/05/31 09:32:31 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\CPUINF32.DLL
[2007/05/31 09:32:25 | 000,023,076 | ---- | C] () -- C:\WINDOWS\System32\LANDDLL2.DLL
[2007/05/31 09:32:18 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\gif89.dll
[2007/05/31 09:32:06 | 000,000,455 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/04/09 11:55:14 | 000,097,785 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2007/04/09 11:33:50 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2007/02/03 13:37:23 | 000,002,098 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/01/14 22:10:30 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS5p.DLL
[2007/01/13 18:51:52 | 000,000,179 | ---- | C] () -- C:\WINDOWS\ulead32.ini
[2007/01/13 14:51:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2006/12/18 22:21:23 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/12/18 22:16:56 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/12/18 21:41:02 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2006/12/18 21:33:32 | 000,000,559 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/12/17 23:42:23 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\XPS 600\Local Settings\Application Data\rx_image.Cache
[2006/12/17 23:40:03 | 000,008,704 | ---- | C] () -- C:\Documents and Settings\XPS 600\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/16 23:34:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2006/12/16 22:30:07 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2006/12/16 22:29:32 | 000,043,517 | ---- | C] () -- C:\WINDOWS\System32\e10kxwdm.ini
[2006/12/16 22:29:32 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2006/12/16 22:29:21 | 000,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
[2006/12/16 22:29:21 | 000,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2006/12/16 22:27:53 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2006/12/16 10:19:20 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/12/08 14:09:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/10/22 13:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/22 13:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/22 13:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi(3).dll
[2006/10/22 13:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi(2).dll
[2006/09/17 00:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/17 00:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2005/06/16 09:17:16 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
[2004/01/30 09:37:50 | 000,000,092 | R--- | C] () -- C:\WINDOWS\System32\FTDIUN2K.INI
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/01 14:43:34 | 000,028,008 | ---- | C] () -- C:\WINDOWS\System32\SUSUSB.SYS
[2001/09/19 12:41:46 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\opcode.dll

========== LOP Check ==========

[2010/12/06 10:09:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/10/22 07:51:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/10/22 07:57:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/03/14 13:35:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2008/04/27 19:54:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FunGames
[2008/09/07 14:52:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2010/10/22 07:49:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2007/12/07 20:42:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2007/07/28 16:41:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2008/09/08 15:45:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2007/01/13 17:34:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nova Development
[2009/03/15 15:18:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/03/27 15:35:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2007/04/17 16:25:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2008/09/29 08:34:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2010/12/06 20:45:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/01/13 18:51:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2008/09/07 17:06:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2008/11/04 17:39:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2009/09/15 19:15:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/11/09 23:46:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{E961CE1B-C3EA-4882-9F67-F859B555D097}
[2010/10/22 07:58:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\AVG10
[2010/04/24 10:48:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\Clip Art Collection
[2009/01/22 19:10:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/08/24 17:13:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\CVS
[2008/09/24 18:56:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\Eyeblaster
[2008/09/11 18:41:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\funkitron
[2009/03/15 16:55:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\GetRightToGo
[2008/09/07 14:52:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\Grisoft
[2008/10/04 14:56:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\iWin
[2006/12/18 11:07:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\Leadertech
[2010/01/07 13:33:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\LimeWire
[2008/12/20 17:20:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\LinkedLetters
[2008/09/08 15:42:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\NCH Swift Sound
[2008/12/05 17:26:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\Nova Development
[2009/03/27 15:35:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\PlayFirst
[2007/09/22 19:54:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\Pogo Games
[2010/12/04 15:47:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\Registry Mechanic
[2009/03/15 16:51:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\SystemRequirementsLab
[2007/01/13 18:51:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\Ulead Systems
[2010/12/04 14:27:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\Uniblue
[2009/03/15 16:43:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\Windows Desktop Search
[2008/09/24 19:27:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\Windows Search
[2010/12/05 17:55:45 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/12/06 20:45:15 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\RMSchedule.job
[2010/12/06 15:05:04 | 000,000,448 | ---- | M] () -- C:\WINDOWS\Tasks\RMSmartUpdate.job
[2010/12/06 17:49:40 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{876214DB-76CA-4704-8B18-8DC38E3EA59F}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/12/06 21:43:18 | 000,005,772 | ---- | M] () -- C:\aaw7boot.log
[2006/12/16 16:28:37 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/09/09 10:01:25 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/12/06 10:55:50 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2010/12/06 21:47:43 | 000,074,156 | ---- | M] () -- C:\ComboFix.txt
[2006/12/16 16:28:37 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/10/14 11:06:44 | 000,000,000 | ---- | M] () -- C:\FIGHT0~1.DOC
[2010/10/14 11:06:44 | 000,029,184 | ---- | M] () -- C:\INADA2~1.DOC
[2006/12/16 16:28:37 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007/12/07 20:36:10 | 000,000,031 | ---- | M] () -- C:\log.txt
[2006/12/16 16:28:37 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/12 08:25:07 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/12 08:17:31 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/12/06 21:43:18 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/12/16 16:28:24 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2003/12/24 00:00:00 | 000,017,920 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD5p.DLL
[2003/12/24 00:00:00 | 000,050,176 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP5p.DLL
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/04/09 12:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >
[2006/10/08 22:20:29 | 000,355,658 | ---- | M] () -- C:\WINDOWS\DellBubbles.jpg
[2006/10/08 22:20:18 | 000,161,128 | ---- | M] () -- C:\WINDOWS\dellienware2.jpg
[2006/10/08 22:20:45 | 000,072,115 | ---- | M] () -- C:\WINDOWS\Dellpaper202.jpg
[2006/10/08 22:20:57 | 000,106,665 | ---- | M] () -- C:\WINDOWS\DellXPS.jpg
[2006/10/08 22:21:16 | 000,404,296 | ---- | M] () -- C:\WINDOWS\NebulaGeForce.jpg
[2006/10/08 22:21:46 | 000,494,321 | ---- | M] () -- C:\WINDOWS\NF2_wpaper_l2.jpg
[2006/10/08 22:22:19 | 000,141,305 | ---- | M] () -- C:\WINDOWS\wp_dell_ball.jpg
[2006/10/08 22:22:30 | 000,030,181 | ---- | M] () -- C:\WINDOWS\wp_dell_chrome.jpg
[2006/10/08 22:22:42 | 000,074,416 | ---- | M] () -- C:\WINDOWS\XPS.jpg
[2006/10/08 22:22:53 | 000,441,345 | ---- | M] () -- C:\WINDOWS\xpsblue2aq.jpg

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2004/06/08 15:51:58 | 000,106,496 | ---- | M] (Nova Development.) -- C:\WINDOWS\UPSCR.Scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2010/11/10 10:12:49 | 001,402,880 | ---- | M] () -- C:\Program Files\HiJackThis.msi

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/12/16 10:17:33 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/12/16 10:17:33 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/12/16 10:17:33 | 000,917,504 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/09/12 08:23:04 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini
[2006/12/16 22:30:12 | 000,000,185 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Free AOL & Unlimited Internet.url

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2007/01/09 00:02:01 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\XPS 600\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2006/12/16 17:24:00 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\XPS 600\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2010/12/06 21:32:59 | 003,985,732 | R--- | M] () -- C:\Documents and Settings\XPS 600\Desktop\ComboFix.exe
[2008/05/01 16:53:41 | 002,588,163 | ---- | M] (Multidmedia Limited) -- C:\Documents and Settings\XPS 600\Desktop\DisneyPhotoFramerXP.exe
[2009/03/15 15:38:54 | 005,061,752 | ---- | M] (W3i, LLC) -- C:\Documents and Settings\XPS 600\Desktop\radarsync_9292.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >
[2000/01/18 15:10:02 | 000,021,288 | ---- | M] (Microtek International Inc.) -- C:\WINDOWS\Driver Cache\msmusd.dll

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2007/01/09 00:02:01 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\XPS 600\Favorites\Desktop.ini
[2008/09/08 15:42:24 | 000,000,180 | ---- | M] () -- C:\Documents and Settings\XPS 600\Favorites\NCH Audio and Telephony Software Page.lnk
[2008/09/08 15:44:25 | 000,000,262 | ---- | M] () -- C:\Documents and Settings\XPS 600\Favorites\NCH Audio and Telephony Software.lnk
[2008/11/07 09:05:19 | 000,000,508 | ---- | M] () -- C:\Documents and Settings\XPS 600\Favorites\NCH Software Download.lnk

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2008/10/05 09:51:09 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\XPS 600\Cookies\desktop.ini
[2010/12/06 21:53:46 | 000,032,768 | -HS- | M] () -- C:\Documents and Settings\XPS 600\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 21:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/13 19:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 02:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 02:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 09:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 12:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 19:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2007/04/02 13:07:23 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2007/04/02 13:07:23 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2007/04/02 13:07:24 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 02:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 02:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 157 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B623B5B8
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D09AEE3D

< End of report >
 
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
PRC - [2008/02/09 19:06:33 | 000,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
SRV - File not found [On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/02/09 19:06:33 | 000,238,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2008/02/09 19:06:25 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
DRV - [2008/09/07 08:11:34 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/02/06 16:43:54 | 000,031,408 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2008/02/06 16:43:54 | 000,031,408 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2008/02/05 14:34:44 | 000,188,464 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2008/02/05 14:34:44 | 000,096,432 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2008/02/05 14:34:44 | 000,038,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2008/02/05 14:34:44 | 000,037,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2008/02/05 14:34:44 | 000,022,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2008/02/05 14:34:44 | 000,013,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - HKLM\software\mozilla\Firefox\extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O15 - HKCU\..Trusted Domains: aol.com ([free] http in Trusted sites)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll File not found
[2010/12/06 10:09:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/10/22 07:51:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/10/22 07:58:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\AVG10
[2008/09/07 14:52:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\Grisoft
@Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 157 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B623B5B8
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D09AEE3D

:Services

:Reg

:Files
C:\Program Files\Symantec


:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

=======================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • IMPORTANT! UN-check Remove found threats
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Broni,
The last OTL scan you had me run has started a popup upon boot and also stopped my internet connection. I finally got the internet back but popup still there. Also in device mgr I now have 3 exclamation points in networking. I took pic if you want I will attach in next post.

Popup:
16 bit windows subsystem
C:\PROGRA~1\Symantic|S32EVNT1.DLL. An installable Virtual Device Driver failed DLL initialization. Chose close to terminate the application.

I have not run the last scans yet. I wanted to let you know about the OTL scan first before proceeding.
Here are the results of the OTL scan.

All processes killed
========== OTL ==========
No active process named AluSchedulerSvc.exe was found!
Service Symantec Core LC stopped successfully!
Service Symantec Core LC deleted successfully!
File C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe not found.
Service Automatic LiveUpdate Scheduler stopped successfully!
Service Automatic LiveUpdate Scheduler deleted successfully!
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe moved successfully.
Service LiveUpdate stopped successfully!
Service LiveUpdate deleted successfully!
C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE moved successfully.
Error: Unable to stop service SymEvent!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SymEvent deleted successfully.
C:\WINDOWS\system32\drivers\SYMEVENT.SYS moved successfully.
Error: Unable to stop service SymIMMP!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SymIMMP deleted successfully.
C:\WINDOWS\system32\drivers\SymIM.sys moved successfully.
Service SymIM stopped successfully!
Service SymIM deleted successfully!
File C:\WINDOWS\system32\drivers\SymIM.sys not found.
Service SYMTDI stopped successfully!
Service SYMTDI deleted successfully!
C:\WINDOWS\system32\drivers\symtdi.sys moved successfully.
Service SYMFW stopped successfully!
Service SYMFW deleted successfully!
C:\WINDOWS\system32\drivers\symfw.sys moved successfully.
Service SYMIDS stopped successfully!
Service SYMIDS deleted successfully!
C:\WINDOWS\system32\drivers\symids.sys moved successfully.
Service SYMNDIS stopped successfully!
Service SYMNDIS deleted successfully!
C:\WINDOWS\system32\drivers\symndis.sys moved successfully.
Service SYMREDRV stopped successfully!
Service SYMREDRV deleted successfully!
C:\WINDOWS\system32\drivers\symredrv.sys moved successfully.
Service SYMDNS stopped successfully!
Service SYMDNS deleted successfully!
C:\WINDOWS\system32\drivers\symdns.sys moved successfully.
Prefs.js: "AVG Secure Search" removed from browser.search.defaultenginename
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@igeared deleted successfully.
File C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aol.com\free\ deleted successfully.
Starting removal of ActiveX control {6A344D34-5231-452A-8A57-D064AC9B7862}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6A344D34-5231-452A-8A57-D064AC9B7862}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6A344D34-5231-452A-8A57-D064AC9B7862}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A344D34-5231-452A-8A57-D064AC9B7862}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6A344D34-5231-452A-8A57-D064AC9B7862}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A344D34-5231-452A-8A57-D064AC9B7862}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\avgsecuritytoolbar\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F2DDE6B2-9684-4A55-86D4-E255E237B77C}\ deleted successfully.
File {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll File not found not found.
C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar\cache folder moved successfully.
C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\update\prepare\temp folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\update\prepare folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\update\backup folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\update folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\Temp folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\scanlogs folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\Log folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\emc folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\Dumps folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\CfgAll folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\Cfg folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\AvgApi folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\AvgAm folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\admincli folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9 folder moved successfully.
C:\Documents and Settings\XPS 600\Application Data\AVG10\cfgall folder moved successfully.
C:\Documents and Settings\XPS 600\Application Data\AVG10 folder moved successfully.
C:\Documents and Settings\XPS 600\Application Data\Grisoft\AVG Antispyware 7.5\Reports folder moved successfully.
C:\Documents and Settings\XPS 600\Application Data\Grisoft\AVG Antispyware 7.5\quarantine folder moved successfully.
C:\Documents and Settings\XPS 600\Application Data\Grisoft\AVG Antispyware 7.5 folder moved successfully.
C:\Documents and Settings\XPS 600\Application Data\Grisoft folder moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B623B5B8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D09AEE3D deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Program Files\Symantec\LiveUpdate\Lang\09\01 folder moved successfully.
C:\Program Files\Symantec\LiveUpdate\Lang\09 folder moved successfully.
C:\Program Files\Symantec\LiveUpdate\Lang folder moved successfully.
C:\Program Files\Symantec\LiveUpdate folder moved successfully.
C:\Program Files\Symantec folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Diane
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->FireFox cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: XPS 600
->Temp folder emptied: 2706 bytes
->Temporary Internet Files folder emptied: 1277450 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 63684146 bytes
->Google Chrome cache emptied: 152370293 bytes
->Flash cache emptied: 3781 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 132505 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 2240376 bytes

Total Files Cleaned = 210.00 mb


[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Diane
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: XPS 600
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 12072010_101416

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
 
Also in device mgr I now have 3 exclamation points in networking
Click to expand...
If you mean a screenshot, please do.

Regarding pop-up, re-run OTL "Quick scan" and post fresh log.
 
OK I ran the OTL quick scan again and I still have the pop up when computer is booted.
I will also attach the screen shot from device mgr.

16 bit windows subsystem
C:\PROGRA~1\Symantic|S32EVNT1.DLL. An installable Virtual Device Driver failed DLL initialization. Chose close to terminate the application.

Here is the results from the OTL scan:

OTL logfile created on: 12/8/2010 7:46:38 AM - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\XPS 600\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 427.33 Gb Free Space | 91.75% Space Free | Partition Type: NTFS

Computer Name: DIANE-DAVID | User Name: XPS 600 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/07 00:07:15 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\XPS 600\My Documents\Downloads\OTL.exe
PRC - [2010/11/28 12:10:32 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
PRC - [2010/10/14 22:29:35 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Documents and Settings\XPS 600\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
PRC - [2010/10/01 13:27:22 | 000,632,792 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2010/08/02 16:10:00 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/08/02 16:09:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/08/02 16:09:55 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/05/30 13:41:28 | 000,182,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows SteadyState\Bubble.exe
PRC - [2008/05/30 13:41:28 | 000,115,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows SteadyState\SCTSvc.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/09 11:32:32 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CtHelper.exe
PRC - [2007/01/31 13:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2006/10/20 18:23:38 | 000,118,784 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2005/07/22 16:02:40 | 000,126,464 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvraidservice.exe
PRC - [2003/10/08 17:35:42 | 000,139,264 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
PRC - [2003/05/15 02:19:50 | 000,217,193 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe


========== Modules (SafeList) ==========

MOD - [2010/12/07 00:07:15 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\XPS 600\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2007/04/09 11:32:30 | 000,008,704 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\ctagent.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/11/23 20:05:21 | 001,375,992 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/10/01 13:27:22 | 000,632,792 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/08/02 16:10:00 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/08/02 16:09:55 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/03/15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/05/30 13:41:28 | 000,115,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows SteadyState\SCTSvc.exe -- (Windows SteadyState)
SRV - [2007/03/19 20:19:14 | 000,263,168 | ---- | M] (Ares Development Group) [On_Demand | Stopped] -- C:\Program Files\Ares\chatServer.exe -- (AresChatServer)
SRV - [2007/01/31 13:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/12/06 11:45:15 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/09/23 02:46:08 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/08/02 16:10:08 | 000,126,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 15:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010/03/29 10:06:14 | 000,218,592 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/01/12 11:03:34 | 010,276,768 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/09/08 15:42:15 | 000,027,136 | ---- | M] (NCH Swift Sound) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nchssvad.sys -- (NCHSSVAD)
DRV - [2008/08/21 23:49:58 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2008/08/21 23:49:22 | 000,018,688 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)
DRV - [2008/04/13 13:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (NM)
DRV - [2008/04/13 13:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motport.sys -- (motport)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/04/18 07:59:40 | 000,098,600 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\COMMONFX.DLL -- (COMMONFX.DLL)
DRV - [2007/04/12 07:10:26 | 000,164,608 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CT20XUT.DLL -- (CT20XUT.DLL)
DRV - [2007/04/12 07:10:26 | 000,066,816 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV - [2007/04/12 07:10:24 | 001,317,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
DRV - [2007/04/12 07:10:22 | 000,323,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV - [2007/04/12 07:10:22 | 000,128,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV - [2007/04/12 07:10:20 | 000,280,320 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV - [2007/04/12 07:10:20 | 000,094,976 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTERFXFX.DLL -- (CTERFXFX.DLL)
DRV - [2007/04/12 07:10:18 | 000,168,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
DRV - [2007/04/12 07:10:16 | 000,560,384 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\CTSBLFX.DLL -- (CTSBLFX.DLL)
DRV - [2007/04/12 07:10:16 | 000,546,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\CTAUDFX.DLL -- (CTAUDFX.DLL)
DRV - [2007/04/10 05:00:24 | 000,157,480 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2007/04/10 04:59:04 | 000,126,760 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2007/04/10 03:32:34 | 000,016,168 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pfmodnt.sys -- (PfDetNT)
DRV - [2007/04/10 03:32:06 | 000,189,736 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2007/04/10 03:31:18 | 000,163,112 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2007/04/10 03:29:10 | 000,797,992 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2007/04/10 03:28:36 | 000,092,968 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2007/04/10 03:25:46 | 000,014,632 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2007/04/10 03:21:06 | 000,347,128 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2007/04/10 03:20:38 | 000,520,488 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2007/04/10 03:19:30 | 000,511,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2006/11/01 09:59:36 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/11/01 09:59:10 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/11/01 09:59:10 | 000,035,064 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/11/01 09:59:08 | 000,098,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/11/01 09:59:06 | 000,026,744 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/11/01 09:59:04 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/11/01 09:59:02 | 000,104,760 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/11/01 09:59:02 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/10/25 09:22:22 | 000,099,816 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2006/09/15 10:45:24 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/09/15 10:45:22 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006/09/15 10:42:52 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/08/18 15:52:08 | 000,077,056 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvraid.sys -- (nvraid) NVIDIA nForce(tm)
DRV - [2005/07/26 18:48:30 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/07/26 18:48:28 | 000,033,664 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/07/19 22:59:26 | 000,093,440 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2002/09/13 07:35:44 | 000,448,640 | ---- | M] (ahead software) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\bsudf.sys -- (BsUDF)
DRV - [2002/06/05 18:07:00 | 000,009,344 | ---- | M] (B.H.A Co.,Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\bsstor.sys -- (BsStor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {afe43e80-0abc-4df2-81a0-3fe44b74abe8}:1.300.306
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://ws.infospace.com/gamers_tbar/ws/redir?_iceUrl=true&user_id=38549313&tool_id=60531&qkw="


FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/11/15 09:07:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/28 08:35:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/22 18:02:21 | 000,000,000 | ---D | M]

[2010/01/07 10:42:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\Mozilla\Extensions
[2010/01/07 10:42:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/12/08 07:02:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\Mozilla\Firefox\Profiles\thy8db67.default\extensions
[2010/04/27 12:27:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\XPS 600\Application Data\Mozilla\Firefox\Profiles\thy8db67.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/02 14:52:28 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Documents and Settings\XPS 600\Application Data\Mozilla\Firefox\Profiles\thy8db67.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010/08/09 10:32:26 | 000,000,000 | ---D | M] (Gamers Unite! Snag Bar) -- C:\Documents and Settings\XPS 600\Application Data\Mozilla\Firefox\Profiles\thy8db67.default\extensions\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}
[2010/04/15 08:05:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\Mozilla\Firefox\Profiles\thy8db67.default\extensions\DeviceDetection@logitech(2).com
[2010/08/09 10:32:39 | 000,001,742 | ---- | M] () -- C:\Documents and Settings\XPS 600\Application Data\Mozilla\Firefox\Profiles\thy8db67.default\searchplugins\search-the-web.xml
[2010/12/08 07:12:43 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/15 09:26:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/25 07:16:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/22 08:17:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2008/06/18 01:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/12/06 21:43:31 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Bubble] C:\Program Files\Windows SteadyState\Bubble.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Logoff] C:\Program Files\Windows SteadyState\SCTUINotify.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKCU..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe (Creative Technology Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe (Mattel Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Scanner Detector.lnk = C:\Program Files\ScanSuite\SDetect.exe (Microtek)
O4 - Startup: C:\Documents and Settings\XPS 600\Start Menu\Programs\Startup\Event Reminder.lnk = C:\pmw\PMREMIND.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab (StagingUI Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} http://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab (FunGamesLoader Object)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB (PogoWebLauncher Control)
O16 - DPF: {38A5F6F0-0B64-421B-A553-3D49A76ECDCD} http://cdn.ll.neoedge.com/webgames/MythicMarbles/MythicMarbles.1.0.0.2.cab (CPlayFirstMythicMarblesControl Object)
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab (MSN Games – Buddy Invite)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-24-0.cab (EPUImageControl Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {555F1BBC-6EC2-474F-84AF-633EF097FF54} http://www.worldwinner.com/games/v52/wwhearts/wwhearts.cab (WWHearts Control)
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} http://www.ca.com/us/securityadvisor/pestscan/pestscan.cab (PSFormX Control)
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab (ZonePAChat Object)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab (Windows Live Safety Center Base Module)
O16 - DPF: {61900274-3323-4446-BDCD-91548D32AF1B} http://www.worldwinner.com/games/v56/spidersolitaire/spidersolitaire.cab (SpiderSolitaire Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1169378728031 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab (WScanCtl Class)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://zone.msn.com/bingame/amun/default/mjolauncher.cab (MJLauncherCtrl Class)
O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} http://zone.msn.com/bingame/zpagames/zpa_dmno.cab55579.cab (ZPA_DMNO Object)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8C63DABA-CBA8-4B5D-A0F7-AE00F2920929} http://cdn2.zone.msn.com/Bingame/BRDG/dataFiles/heartbeat.cab (Bridge Installer)
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab58570.cab (ZPA_HRTZ Object)
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} http://www.worldwinner.com/games/v46/sol/sol.cab (Sol Control)
O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} http://www.worldwinner.com/games/v49/luxor/luxor.cab (WwLuxor Control)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} http://www.worldwinner.com/games/v42/tilecity/tilecity.cab (Tilecity Control)
O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} http://www.worldwinner.com/games/v45/royal/royal.cab (Royal Control)
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} http://diy.view22.com/view22/diyapp/View22RTE.cab (View22RTE Class)
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} http://support.f-secure.com/ols/fscax.cab (F-Secure Online Scanner 3.3)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} http://www.worldwinner.com/games/v47/familyfeud/familyfeud.cab (FamilyFeud Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} http://zone.msn.com/bingame/gold/UnSkin/gf.cab (TikGames Online Control)
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} http://zone.msn.com/binframework/v10/StProxy.cab55579.cab (MSN Games – Game Communicator)
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab (SCEWebLauncherCtl Object)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5257/mcfscan.cab (McFreeScan Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\XPS 600\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\XPS 600\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/16 16:28:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
 
========== Files/Folders - Created Within 30 Days ==========

[2010/12/07 10:14:16 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/12/07 10:13:30 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/12/06 21:50:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/12/06 10:55:48 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/12/06 10:52:53 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/12/06 10:52:53 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/12/06 10:52:53 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/12/06 10:52:53 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/12/06 10:44:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/12/06 10:31:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/12/05 16:35:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XPS 600\Application Data\Avira
[2010/12/05 16:32:34 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/12/05 16:32:33 | 000,126,856 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/12/05 16:32:33 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/12/05 16:32:33 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/12/05 16:32:33 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/12/05 16:32:31 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/12/05 16:32:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/12/04 22:32:15 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/12/04 20:23:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XPS 600\My Documents\cleaner backup registry file
[2010/12/04 20:21:47 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\XPS 600\Recent
[2010/12/04 15:05:05 | 001,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\WINDOWS\System32\UniBox210.ocx
[2010/12/04 15:05:05 | 000,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\WINDOWS\System32\UniBox10.ocx
[2010/12/04 15:05:05 | 000,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\WINDOWS\System32\UniBoxVB12.ocx
[2010/12/04 14:26:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XPS 600\Local Settings\Application Data\PackageAware
[2010/12/04 14:03:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XPS 600\Application Data\Google
[2010/11/28 07:10:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/11/28 07:07:26 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/11/28 07:07:16 | 000,218,592 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/11/28 07:07:16 | 000,088,040 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/11/28 07:07:11 | 000,063,360 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/11/28 07:06:49 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/11/28 07:06:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/11/28 07:06:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XPS 600\Application Data\PC Tools
[2010/11/28 07:06:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/11/23 11:48:19 | 000,000,000 | ---D | C] -- C:\Program Files\Cell Phone Manager
[2010/11/22 20:54:35 | 000,305,432 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\WINDOWS\System32\Threed20.ocx
[2010/11/22 20:54:33 | 000,170,248 | ---- | C] (/n software inc. - www.nsoftware.com) -- C:\WINDOWS\System32\webupl50.ocx
[2010/11/22 20:54:33 | 000,114,688 | ---- | C] (DGPDev, DevNetMedia) -- C:\WINDOWS\System32\cwmpedit.ocx
[2010/11/22 20:54:31 | 000,073,728 | ---- | C] (Viscom Software ) -- C:\WINDOWS\System32\ImageViewer2.OCX
[2010/11/22 20:54:30 | 000,000,000 | ---D | C] -- C:\Program Files\Coding Workshop Polyphonic Wizard
[2010/11/22 20:05:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XPS 600\My Documents\DataPilot
[2010/11/22 20:04:54 | 000,000,000 | ---D | C] -- C:\WINNT
[2010/11/22 18:28:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XPS 600\My Documents\bitpim
[2010/11/22 18:28:18 | 000,000,000 | ---D | C] -- C:\Program Files\BitPim
[2010/11/15 09:07:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2010/11/10 09:13:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/10 09:13:50 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/09 23:54:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\Trend_Micro
[2010/11/09 23:50:07 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/11/09 23:50:05 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/11/09 23:47:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XPS 600\Local Settings\Application Data\Sunbelt Software
[2010/11/09 23:46:27 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{E961CE1B-C3EA-4882-9F67-F859B555D097}
[2010/11/09 23:46:08 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2006/12/16 22:29:13 | 000,034,816 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll

========== Files - Modified Within 30 Days ==========

[2010/12/08 07:34:00 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3195425923-1285657760-1615779363-1003UA.job
[2010/12/08 07:15:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/08 07:13:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3195425923-1285657760-1615779363-1008UA.job
[2010/12/08 07:02:57 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{876214DB-76CA-4704-8B18-8DC38E3EA59F}.job
[2010/12/07 22:08:31 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000005-00001102-00000004-20021102}.rfx
[2010/12/07 22:08:31 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000005-00001102-00000004-20021102}.rfx
[2010/12/07 22:08:31 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000003-00000000-00000005-00001102-00000004-20021102}.rfx
[2010/12/07 22:08:31 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000003-00000000-00000005-00001102-00000004-20021102}.rfx
[2010/12/07 22:08:31 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000005-00001102-00000004-20021102}.rfx
[2010/12/07 22:08:30 | 004,958,588 | ---- | M] () -- C:\WINDOWS\{00000003-00000000-00000005-00001102-00000004-20021102}.CDF
[2010/12/07 22:08:30 | 004,958,588 | ---- | M] () -- C:\WINDOWS\{00000003-00000000-00000005-00001102-00000004-20021102}.BAK
[2010/12/07 20:07:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/12/07 20:05:04 | 000,000,448 | ---- | M] () -- C:\WINDOWS\tasks\RMSmartUpdate.job
[2010/12/07 19:12:55 | 000,000,258 | ---- | M] () -- C:\WINDOWS\tasks\RMSchedule.job
[2010/12/07 18:13:50 | 000,267,725 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/12/07 18:13:40 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/07 18:13:40 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3195425923-1285657760-1615779363-1003.job
[2010/12/07 18:13:10 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/07 18:13:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/07 18:13:04 | 000,334,664 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/07 17:50:55 | 000,080,090 | ---- | M] () -- C:\Documents and Settings\XPS 600\Application Data\SMBIOSSP.exe
[2010/12/07 15:35:54 | 000,447,706 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/12/07 15:35:54 | 000,073,330 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/12/07 14:13:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3195425923-1285657760-1615779363-1008Core.job
[2010/12/07 11:28:56 | 000,104,398 | ---- | M] () -- C:\Documents and Settings\XPS 600\Desktop\Device Mgr pic.JPG
[2010/12/07 08:36:24 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3195425923-1285657760-1615779363-1003.job
[2010/12/06 23:34:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3195425923-1285657760-1615779363-1003Core.job
[2010/12/06 21:43:31 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/12/06 21:32:59 | 003,985,732 | R--- | M] () -- C:\Documents and Settings\XPS 600\Desktop\ComboFix.exe
[2010/12/06 11:45:15 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/12/06 10:55:50 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/12/05 17:55:45 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/12/05 16:32:46 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/12/05 12:14:06 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/12/04 16:11:49 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\XPS 600\Local Settings\Application Data\prvlcl.dat
[2010/12/04 15:05:06 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk
[2010/12/03 21:34:56 | 000,002,302 | ---- | M] () -- C:\Documents and Settings\XPS 600\Desktop\Google Chrome.lnk
[2010/12/03 21:34:56 | 000,002,280 | ---- | M] () -- C:\Documents and Settings\XPS 600\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/28 07:57:54 | 000,008,704 | ---- | M] () -- C:\Documents and Settings\XPS 600\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/28 07:06:16 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/11/23 11:52:14 | 000,052,947 | ---- | M] () -- C:\Documents and Settings\XPS 600\My Documents\090920_133119.jpg
[2010/11/15 21:07:13 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motport_01005.Wdf
[2010/11/15 21:06:50 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motmodem_01005.Wdf
[2010/11/15 21:06:20 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
[2010/11/15 21:06:20 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motccgp_01005.Wdf
[2010/11/15 09:07:53 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2010/11/15 09:07:28 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2010/11/10 16:27:53 | 000,000,759 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Picasa 3.lnk
[2010/11/10 10:12:49 | 001,402,880 | ---- | M] () -- C:\Program Files\HiJackThis.msi
[2010/11/09 23:50:04 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/11/09 23:46:24 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\XPS 600\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/11/09 14:21:40 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\XPS 600\Local Settings\Application Data\housecall.guid.cache

========== Files Created - No Company Name ==========

[2010/12/07 17:50:55 | 000,080,090 | ---- | C] () -- C:\Documents and Settings\XPS 600\Application Data\SMBIOSSP.exe
[2010/12/07 12:31:55 | 000,000,080 | ---- | C] () -- C:\Documents and Settings\XPS 600\Local Settings\Application Data\FASTWiz.log
[2010/12/07 11:28:55 | 000,104,398 | ---- | C] () -- C:\Documents and Settings\XPS 600\Desktop\Device Mgr pic.JPG
[2010/12/06 10:55:50 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/12/06 10:55:48 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/12/06 10:52:53 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/12/06 10:52:53 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/12/06 10:52:53 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/12/06 10:52:53 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/12/06 10:52:53 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/12/06 10:29:10 | 003,985,732 | R--- | C] () -- C:\Documents and Settings\XPS 600\Desktop\ComboFix.exe
[2010/12/05 16:32:46 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/12/05 12:13:41 | 000,001,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/12/05 10:36:31 | 004,958,588 | ---- | C] () -- C:\WINDOWS\{00000003-00000000-00000005-00001102-00000004-20021102}.BAK
[2010/12/04 15:25:41 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\XPS 600\S-1-5-21-3195425923-1285657760-1615779363-1003.rrr.LOG
[2010/12/04 15:05:57 | 000,000,258 | ---- | C] () -- C:\WINDOWS\tasks\RMSchedule.job
[2010/12/04 15:05:31 | 000,000,448 | ---- | C] () -- C:\WINDOWS\tasks\RMSmartUpdate.job
[2010/12/04 15:05:06 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk
[2010/12/04 15:05:05 | 000,037,336 | ---- | C] () -- C:\WINDOWS\System32\CleanMFT32.exe
[2010/11/28 08:41:41 | 000,002,302 | ---- | C] () -- C:\Documents and Settings\XPS 600\Desktop\Google Chrome.lnk
[2010/11/28 08:41:41 | 000,002,280 | ---- | C] () -- C:\Documents and Settings\XPS 600\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/11/28 07:07:26 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/11/28 07:07:16 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/11/28 07:07:16 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010/11/28 07:07:11 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010/11/28 07:06:16 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/11/28 07:04:17 | 000,000,888 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/28 07:04:17 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/23 11:53:14 | 000,052,947 | ---- | C] () -- C:\Documents and Settings\XPS 600\My Documents\090920_133119.jpg
[2010/11/22 20:54:33 | 000,511,488 | ---- | C] () -- C:\WINDOWS\System32\pwmdtl40.dll
[2010/11/22 20:54:33 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\cwsmaf40.dll
[2010/11/22 20:54:33 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\cwpwmd10.dll
[2010/11/22 20:54:32 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2010/11/22 20:54:32 | 000,182,784 | ---- | C] () -- C:\WINDOWS\System32\DGVorbis.dll
[2010/11/22 20:54:32 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\Mp3dec.dll
[2010/11/22 20:54:32 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\MP3enc.dll
[2010/11/22 20:54:32 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2010/11/22 20:54:31 | 001,097,728 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2010/11/22 20:54:31 | 001,003,520 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2010/11/22 20:54:31 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\vorbisfile.dll
[2010/11/15 21:07:13 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motport_01005.Wdf
[2010/11/15 21:06:50 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motmodem_01005.Wdf
[2010/11/15 21:06:20 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
[2010/11/15 21:06:20 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motccgp_01005.Wdf
[2010/11/15 09:08:18 | 000,000,282 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3195425923-1285657760-1615779363-1003.job
[2010/11/15 09:08:17 | 000,000,290 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3195425923-1285657760-1615779363-1003.job
[2010/11/15 09:07:53 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2010/11/10 16:27:53 | 000,000,759 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Picasa 3.lnk
[2010/11/10 10:12:37 | 001,402,880 | ---- | C] () -- C:\Program Files\HiJackThis.msi
[2010/11/10 01:40:07 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/11/09 23:51:29 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/11/09 23:46:24 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\XPS 600\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/11/09 14:21:40 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\XPS 600\Local Settings\Application Data\housecall.guid.cache
[2010/03/07 23:22:34 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\XPS 600\Local Settings\Application Data\prvlcl.dat
[2009/11/24 14:05:06 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/09/30 09:38:26 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/09/30 09:38:26 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/09/06 17:05:17 | 000,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/06/03 12:11:33 | 000,000,052 | ---- | C] () -- C:\WINDOWS\pixworks.ini
[2008/06/03 11:43:14 | 000,000,081 | ---- | C] () -- C:\WINDOWS\importclient.INI
[2008/06/03 11:34:31 | 000,000,751 | ---- | C] () -- C:\WINDOWS\Bti.ini
[2008/06/03 11:34:30 | 000,116,640 | ---- | C] () -- C:\WINDOWS\System32\Ptsaci40.dll
[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/06/20 18:25:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSREGUSR.INI
[2007/05/31 09:51:49 | 000,000,211 | ---- | C] () -- C:\WINDOWS\btw.ini
[2007/05/31 09:50:49 | 000,111,104 | ---- | C] () -- C:\WINDOWS\System32\MVCL13N.DLL
[2007/05/31 09:40:18 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2007/05/31 09:32:33 | 000,000,057 | ---- | C] () -- C:\WINDOWS\viewer.ini
[2007/05/31 09:32:31 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\CPUINF32.DLL
[2007/05/31 09:32:25 | 000,023,076 | ---- | C] () -- C:\WINDOWS\System32\LANDDLL2.DLL
[2007/05/31 09:32:18 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\gif89.dll
[2007/05/31 09:32:06 | 000,000,455 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/04/09 11:55:14 | 000,097,785 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2007/04/09 11:33:50 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2007/02/03 13:37:23 | 000,002,098 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/01/14 22:10:30 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS5p.DLL
[2007/01/13 18:51:52 | 000,000,179 | ---- | C] () -- C:\WINDOWS\ulead32.ini
[2007/01/13 14:51:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2006/12/18 22:21:23 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/12/18 22:16:56 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/12/18 21:41:02 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2006/12/18 21:33:32 | 000,000,559 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/12/17 23:42:23 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\XPS 600\Local Settings\Application Data\rx_image.Cache
[2006/12/17 23:40:03 | 000,008,704 | ---- | C] () -- C:\Documents and Settings\XPS 600\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/16 23:34:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2006/12/16 22:30:07 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2006/12/16 22:29:32 | 000,043,517 | ---- | C] () -- C:\WINDOWS\System32\e10kxwdm.ini
[2006/12/16 22:29:32 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2006/12/16 22:29:21 | 000,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
[2006/12/16 22:29:21 | 000,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2006/12/16 22:27:53 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2006/12/16 10:19:20 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/12/08 14:09:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/10/22 13:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/22 13:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/22 13:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi(3).dll
[2006/10/22 13:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi(2).dll
[2006/09/17 00:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/17 00:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2005/06/16 09:17:16 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
[2004/01/30 09:37:50 | 000,000,092 | R--- | C] () -- C:\WINDOWS\System32\FTDIUN2K.INI
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/01 14:43:34 | 000,028,008 | ---- | C] () -- C:\WINDOWS\System32\SUSUSB.SYS
[2001/09/19 12:41:46 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\opcode.dll

========== LOP Check ==========

[2010/10/22 07:57:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/03/14 13:35:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2008/04/27 19:54:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FunGames
[2008/09/07 14:52:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2010/10/22 07:49:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2007/12/07 20:42:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2007/07/28 16:41:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2008/09/08 15:45:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2007/01/13 17:34:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nova Development
[2009/03/15 15:18:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/03/27 15:35:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2007/04/17 16:25:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2008/09/29 08:34:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2010/12/07 20:05:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/01/13 18:51:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2008/09/07 17:06:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2008/11/04 17:39:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2009/09/15 19:15:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/11/09 23:46:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{E961CE1B-C3EA-4882-9F67-F859B555D097}
[2010/04/24 10:48:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\Clip Art Collection
[2009/01/22 19:10:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/08/24 17:13:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\CVS
[2008/09/24 18:56:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\Eyeblaster
[2008/09/11 18:41:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\funkitron
[2009/03/15 16:55:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\GetRightToGo
[2008/10/04 14:56:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\iWin
[2006/12/18 11:07:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\Leadertech
[2010/01/07 13:33:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\LimeWire
[2008/12/20 17:20:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\LinkedLetters
[2008/09/08 15:42:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\NCH Swift Sound
[2008/12/05 17:26:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\Nova Development
[2009/03/27 15:35:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\PlayFirst
[2007/09/22 19:54:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\Pogo Games
[2010/12/04 15:47:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\Registry Mechanic
[2009/03/15 16:51:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\SystemRequirementsLab
[2007/01/13 18:51:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\Ulead Systems
[2010/12/04 14:27:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\Uniblue
[2009/03/15 16:43:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\Windows Desktop Search
[2008/09/24 19:27:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPS 600\Application Data\Windows Search
[2010/12/05 17:55:45 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/12/07 19:12:55 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\RMSchedule.job
[2010/12/07 20:05:04 | 000,000,448 | ---- | M] () -- C:\WINDOWS\Tasks\RMSmartUpdate.job
[2010/12/08 07:02:57 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{876214DB-76CA-4704-8B18-8DC38E3EA59F}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >
 
Here is the screen shot.
I still have not ran the last scans. Will await further instructions.

Many many thanks,

Rotten Rebel
 

Attachments

  • Device Mgr pic.JPG
    Device Mgr pic.JPG
    102 KB · Views: 2
Actually, uninstalling those three items may help with getting rid of the first error.
 
Hi,
I ran the Norton removal tool and I still have the pop up upon boot. I tried uninstalling the 3 items in device mgr. but i get the error msg. failed to uninstall the device. The device may be require to boot up the computer.
So where do we go from here?

Rotten Rebel
 
Hi Broni,
I haven't been able to check out the last post you sent but I will be able to get to it in the morning and let you know what is going on from there. I have been having problems with internet connections ever since I ran that OTL scan. Will update you in the morning though. Just wanted to let you know I haven't given up on this post yet.
Thanks, Rotten Rebel
 
Hi Broni,
I tried the ehow uninstall miniport instructions and still they would not uninstall. I change all the "characteristics" from 29 to 1 as stated, rebooted and tried to uninstall and came up with same message that they may be needed. And yes I still have popup on boot.
Will await further instructions.
Thanks, Rotten Rebel
 
Status
Not open for further replies.

Similar threads

S
  • Locked
Inactive Am I infected?
Replies
8
Views
3K
Broni
Broni
L
Solved Unknown spyware/ Monitoring/ Hijacking of my devices
Replies
15
Views
3K
Broni
Broni
E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni

Latest posts

Back