Hello. An hour ago or so, I received a popup from a bogus antivirus called VirusDoctor saying that I needed to run a scan. I didn't click on it. Instead, I tried to get rid of it with Avast! (the demo version). After installing Avast, it requires a reboot and gives the option of scanning after reboot. It picked up nothing, and my computer froze. I crashed my computer several times until finally going into safe mode and selecting a restore point that I happened to have created hours ago before I got the virus.

However, I've heard that viruses can sneak into system restore. But the thing is, I only had 1 VirusDoctor pop-up on my computer. I don't know if I am still infected. I skipped some of the directions in the Malware and Spyware Guide. [Note: By the way, the new system restore point program in the guide is broken.]

I also think that my internet is running slower, but my ISP smells so it might just be that.

The log for Malwarebytes claims to be clean.

Here is the log for the Rooter Rootkit Detector:

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP . (5.1.2600) Service Pack 2
[32_bits] - x86 Family 15 Model 6 Stepping 4, GenuineIntel
.
[wscsvc] STOPPED (state:1) : Security Center -> Disabled !
[SharedAccess] RUNNING (state:4)
Windows Firewall -> Enabled
.
Internet Explorer 6.0.2900.2180
.
A:\ [Removable]
C:\ [Fixed-NTFS] .. ( Total:232 Go - Free:203 Go )
D:\ [CD_Rom]
E:\ [CD_Rom]
.
Scan : 01:39.42
Path : C:\Documents and Settings\young\Desktop\Rooter.exe
User : young ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (592)
______ \??\C:\WINDOWS\system32\csrss.exe (640)
______ \??\C:\WINDOWS\system32\winlogon.exe (668)
______ C:\WINDOWS\system32\services.exe (712)
______ C:\WINDOWS\system32\lsass.exe (724)
______ C:\WINDOWS\system32\Ati2evxx.exe (884)
______ C:\WINDOWS\system32\svchost.exe (912)
______ C:\WINDOWS\system32\svchost.exe (1000)
______ C:\WINDOWS\System32\svchost.exe (1096)
______ C:\WINDOWS\system32\svchost.exe (1220)
______ C:\WINDOWS\system32\svchost.exe (1300)
______ C:\WINDOWS\system32\Ati2evxx.exe (1388)
______ C:\WINDOWS\system32\spoolsv.exe (1572)
______ C:\WINDOWS\Explorer.EXE (1832)
______ C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (1928)
______ C:\Program Files\Java\jre6\bin\jqs.exe (1952)
______ C:\WINDOWS\system32\svchost.exe (2040)
______ C:\WINDOWS\system32\Wacom_Tablet.exe (316)
______ C:\WINDOWS\system32\wdfmgr.exe (428)
______ C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe (384)
______ C:\WINDOWS\system32\Wacom_Tablet.exe (576)
______ C:\WINDOWS\System32\alg.exe (1172)
______ C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (1940)
______ C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (632)
______ C:\Program Files\Analog Devices\Core\smax4pnp.exe (1632)
______ C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (1676)
______ C:\Program Files\iTunes\iTunesHelper.exe (240)
______ C:\Program Files\Java\jre6\bin\jusched.exe (304)
______ C:\Program Files\SpywareGuard\sgmain.exe (1856)
______ C:\Program Files\SpywareGuard\sgbhp.exe (1912)
______ C:\Program Files\iPod\bin\iPodService.exe (2140)
______ C:\Program Files\Mozilla Firefox\firefox.exe (3288)
______ C:\WINDOWS\system32\NOTEPAD.EXE (3924)
______ C:\Documents and Settings\young\Desktop\Rooter.exe (3976)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:250048479744)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\SA.DAT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 01:39.49
.
C:\Rooter$\Rooter_1.txt - (27/06/2009 | 01:39.49)

This post has been edited by teatime: Jun 29 2009, 09:07 PM

Sorry to post more than once, but I think the logs are too long.

Here is the first OTL log, called OTL.Txt:

OTL logfile created on: 6/27/2009 1:40:59 AM - Run 1
OTL by OldTimer - Version 3.0.5.3 Folder = C:\Documents and Settings\young\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.48 Gb Available Physical Memory | 76.29% Memory free
3.79 Gb Paging File | 3.51 Gb Available in Paging File | 92.71% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 203.58 Gb Free Space | 87.42% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUNG-9FD9FB144
Current User Name: young
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\System32\Wacom_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\WINDOWS\System32\wdfmgr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\WTablet\Wacom_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:\WINDOWS\System32\Wacom_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Alpha Networks Inc.)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
PRC - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\SpywareGuard\sgmain.exe ()
PRC - C:\Program Files\SpywareGuard\sgbhp.exe ()
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\young\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (EhttpSrv [On_Demand | Stopped]) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)
SRV - (ekrn [Auto | Running]) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (TabletServiceWacom [Auto | Running]) -- C:\WINDOWS\System32\Wacom_Tablet.exe (Wacom Technology, Corp.)
SRV - (UMWdf [Auto | Running]) -- C:\WINDOWS\System32\wdfmgr.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (ADIHdAudAddService [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV - (AEAudioService [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\AEAudio.sys (Andrea Electronics Corporation)
DRV - (AliIde [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (ANIO [Auto | Running]) -- C:\WINDOWS\System32\ANIO.SYS (Alpha Networks Inc.)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (eamon [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\eamon.sys (ESET)
DRV - (easdrv [System | Running]) -- C:\WINDOWS\System32\DRIVERS\easdrv.sys (ESET)
DRV - (epfwtdir [System | Running]) -- C:\WINDOWS\System32\DRIVERS\epfwtdir.sys ()
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HdAudAddService [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\HdAudio.sys (Windows ® Server 2003 DDK provider)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (MTsensor [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ASACPI.sys ()
DRV - (N3AB [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\N3AB.sys (Atheros Communications, Inc. )
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (RTLE8023xp [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys ()
DRV - (SenFiltService [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\Senfilt.sys (Sensaura)
DRV - (sptd [Boot | Running]) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (wacmoumonitor [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wacmoumonitor.sys (Wacom Technology)
DRV - (wacommousefilter [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\wacommousefilter.sys (Wacom Technology)
DRV - (wacomvhid [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\wacomvhid.sys (Wacom Technology)
DRV - (WacomVKHid [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\WacomVKHid.sys (Wacom Technology)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.yahoo.com"

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/04/14 16:04:49 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/06/13 00:39:49 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/06/15 22:49:21 | 00,000,000 | ---D | M]

[2009/03/09 19:46:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\young\Application Data\mozilla\Extensions
[2009/03/09 19:46:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\young\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/06/27 01:38:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\young\Application Data\mozilla\Firefox\Profiles\9jyweqij.default\extensions
[2009/03/25 20:46:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\young\Application Data\mozilla\Firefox\Profiles\9jyweqij.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009/06/25 23:26:06 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/06/13 00:39:44 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/14 16:04:59 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/06/09 19:36:56 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/06/13 00:39:44 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/06/13 00:39:44 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/05/21 11:33:58 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2008/06/27 17:03:12 | 01,446,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2009/06/13 00:39:46 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/06/06 18:05:20 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/06/06 18:05:20 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/06/06 18:05:20 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/06/06 18:05:20 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/06/06 18:05:20 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/06/06 18:05:21 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/06/06 18:05:21 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/02/19 12:33:08 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/02/19 12:33:08 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/02/19 12:33:08 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/02/19 12:33:08 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/02/19 12:33:08 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/02/19 12:33:08 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/02/19 12:33:08 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Alpha Networks Inc.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [EPSON Stylus CX6000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HDAShCut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [MSPY2002] File not found
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] File not found
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [EPSON Stylus CX6000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] File not found
O4 - Startup: C:\Documents and Settings\young\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskmgr = 0
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 25 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/09 18:39:52 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0f73afac-555f-11de-a3cd-0023696ce913}\Shell\AutoRun\command - "" = F:\6phx.com -- File not found
O33 - MountPoints2\{0f73afac-555f-11de-a3cd-0023696ce913}\Shell\open\Command - "" = F:\6phx.com -- File not found
O33 - MountPoints2\{5d29f6dc-0d1d-11de-a2d0-001195e75bfa}\Shell\AutoRun\command - "" = I:\WDSetup.exe -- File not found
O33 - MountPoints2\{b2369220-0d27-11de-a2d1-001195e75bfa}\Shell - "" = AutoRun
O33 - MountPoints2\{b2369220-0d27-11de-a2d1-001195e75bfa}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b2369220-0d27-11de-a2d1-001195e75bfa}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{b2369221-0d27-11de-a2d1-001195e75bfa}\Shell\AutoRun\command - "" = setupSNK.exe
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\WDSetup.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/06/27 01:39:49 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/06/27 01:35:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\young\Application Data\Malwarebytes
[2009/06/27 01:35:52 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/06/27 01:35:49 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/06/27 01:35:48 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/06/27 01:35:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/06/27 01:35:47 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/06/27 01:34:01 | 03,561,752 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\young\Desktop\mbam-setup.exe
[2009/06/27 01:33:50 | 00,173,119 | ---- | C] (Eric_71) -- C:\Documents and Settings\young\Desktop\Rooter.exe
[2009/06/27 01:33:09 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\young\Desktop\OTL.exe
[2009/06/27 00:49:48 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/06/22 22:18:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\young\My Documents\COLLEGE CAREER PLANNING CLASS
[2009/06/22 20:02:12 | 00,081,920 | ---- | C] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\drivers\Rtenicxp.sys
[2009/06/22 20:02:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\OPTIONS
[2009/06/22 20:02:10 | 00,000,000 | ---D | C] -- C:\Program Files\Realtek
[2009/06/22 02:24:53 | 00,000,000 | ---D | C] -- C:\Program Files\alaplaya
[2009/06/22 01:05:41 | 00,071,202 | ---- | C] () -- C:\Documents and Settings\young\My Documents\Bookmarks 2009-06-22.json
[2009/06/19 14:54:10 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\young\My Documents\questions to ask time warner.doc
[2009/06/16 01:36:11 | 00,000,000 | ---D | C] -- C:\Program Files\Gravity
[2009/06/16 01:35:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\IFinst27.exe
[2009/06/15 23:17:10 | 00,405,583 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\jsws7c78.rra
[2009/06/15 23:16:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\young\Application Data\InstallShield
[2009/06/13 16:51:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AOL Downloads
[2009/06/13 00:06:50 | 00,005,013 | ---- | C] () -- C:\Documents and Settings\young\Desktop\ffnet QTs.html
[2009/06/08 01:03:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\young\Local Settings\Application Data\Deployment
[2009/06/08 00:41:17 | 00,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2009/06/08 00:40:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2009/06/08 00:38:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\young\My Documents\FasterPing-v01beta
[2009/06/08 00:02:43 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\young\My Documents\Fix Cannot Renew IP Address.doc
[2009/06/06 18:06:57 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/06/06 18:06:55 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/06/06 18:05:00 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/06/06 17:47:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\young\My Documents\LOW PING TWEAKS
[2009/06/06 12:38:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\msmq
[2009/03/09 19:01:45 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/03/09 18:57:43 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/03/09 18:47:04 | 00,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2007/12/21 09:21:56 | 00,033,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\epfwtdir.sys
[2006/05/26 06:29:14 | 00,005,120 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2006/04/03 05:26:36 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2004/08/04 05:00:00 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/04 05:00:00 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/04 05:00:00 | 00,000,573 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 05:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/06/24 02:20:02 | 00,000,054 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2003/01/07 16:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/06/27 01:35:52 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/06/27 01:34:58 | 03,561,752 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\young\Desktop\mbam-setup.exe
[2009/06/27 01:33:51 | 00,173,119 | ---- | M] (Eric_71) -- C:\Documents and Settings\young\Desktop\Rooter.exe
[2009/06/27 01:33:30 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\young\Desktop\OTL.exe
[2009/06/27 01:23:36 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/06/27 01:23:33 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/06/27 01:20:50 | 03,184,656 | -H-- | M] () -- C:\Documents and Settings\young\Local Settings\Application Data\IconCache.db
[2009/06/27 00:50:09 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/06/26 23:43:45 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/06/22 19:56:09 | 00,576,844 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/06/22 19:56:09 | 00,486,942 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/06/22 19:56:09 | 00,081,206 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/06/22 02:26:55 | 00,000,096 | -H-- | M] () -- C:\WINDOWS\System32\HsInfo.dat
[2009/06/22 01:05:41 | 00,071,202 | ---- | M] () -- C:\Documents and Settings\young\My Documents\Bookmarks 2009-06-22.json
[2009/06/21 14:53:00 | 00,071,680 | ---- | M] () -- C:\Documents and Settings\young\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/19 14:54:10 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\young\My Documents\questions to ask time warner.doc
[2009/06/17 11:27:56 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/06/17 11:27:44 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/06/16 01:48:07 | 00,065,536 | ---- | M] () -- C:\WINDOWS\IFinst27.exe
[2009/06/13 16:53:19 | 00,000,748 | -H-- | M] () -- C:\IPH.PH
[2009/06/13 00:06:50 | 00,005,013 | ---- | M] () -- C:\Documents and Settings\young\Desktop\ffnet QTs.html
[2009/06/08 00:03:46 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\young\My Documents\Fix Cannot Renew IP Address.doc
[2009/06/01 20:03:50 | 00,000,665 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EPSON Scan.lnk
< End of report >

Here is Extras.Txt:

OTL Extras logfile created on: 6/27/2009 1:40:59 AM - Run 1
OTL by OldTimer - Version 3.0.5.3 Folder = C:\Documents and Settings\young\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.48 Gb Available Physical Memory | 76.29% Memory free
3.79 Gb Paging File | 3.51 Gb Available in Paging File | 92.71% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 203.58 Gb Free Space | 87.42% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUNG-9FD9FB144
Current User Name: young
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"10615:TCP" = 10615:TCP:*:Enabled:BitComet 10615 TCP
"10615:UDP" = 10615:UDP:*:Enabled:BitComet 10615 UDP
"28002:TCP" = 28002:TCP:*:Enabled:S4League_28002
"28008:TCP" = 28008:TCP:*:Enabled:S4League_28008
"28012:TCP" = 28012:TCP:*:Enabled:S4League_28012
"28013:TCP" = 28013:TCP:*:Enabled:S4League_28013
"52901:TCP" = 52901:TCP:*:Enabled:BitComet 52901 TCP
"52901:UDP" = 52901:UDP:*:Enabled:BitComet 52901 UDP
"25289:TCP" = 25289:TCP:*:Enabled:S4League_25289
"29771:TCP" = 29771:TCP:*:Enabled:S4League_29771
"6445:TCP" = 6445:TCP:*:Enabled:S4League_6445
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client (www.BitComet.com)
C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader (AOL LLC)
C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM (AOL LLC)
C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour File not found
C:\Program Files\alaplaya\S4League\HShield\HSUpdate.exe:*:Enabled:HSUpdate (AhnLab, Inc.)
C:\Program Files\alaplaya\S4League\S4Client.exe:*:Enabled:S4Client ()
C:\Program Files\alaplaya\S4League\patcher_s4.exe:*:Enabled:S4League (© Neowiz Games)
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 14
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{57ECFB4D-FE11-491A-9AA0-0AF7C3ABC51D}" = ESET NOD32 Antivirus
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CC5702D7-86E2-45A8-99D7-E8B976ADCC56}" = iTunes
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D96021A9-B290-4783-B019-0E4000DA84CE}" = S4 League_EU
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EFC53C65-7EB6-4AAC-A441-461213C53D07}" = WLAN Monitor
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"AC3Filter" = AC3Filter (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"AIM_6" = AIM 6
"ATI Display Driver" = ATI Display Driver
"BitComet" = BitComet 1.10
"CCleaner" = CCleaner (remove only)
"DSMT6" = MathType 6
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"GOM Player" = GOM Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (3.0.11)" = Mozilla Firefox (3.0.11)
"NOD32 v3.x FiX 1.1 by TemDono_is1" = NOD32 v3.x FiX 1.1 by TemDono (Free Updates - Expire in 2050)
"Ragnarok Online" = Ragnarok Online
"Ragnarok Sakray" = Ragnarok Sakray
"SpywareBlaster_is1" = SpywareBlaster 4.2
"SpywareGuard_is1" = SpywareGuard v2.2
"Wacom Tablet Driver" = Wacom Tablet
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"538e2a4af313161a" = FasterPing

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/8/2009 3:41:30 AM | Computer Name = YOUNG-9FD9FB144 | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 2286, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.

Error - 6/8/2009 4:02:15 AM | Computer Name = YOUNG-9FD9FB144 | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 2286, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.

Error - 6/14/2009 9:26:00 PM | Computer Name = YOUNG-9FD9FB144 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module gdi32.dll, version 5.1.2600.3466, fault address 0x0000acf6.

Error - 6/14/2009 9:26:05 PM | Computer Name = YOUNG-9FD9FB144 | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.

Error - 6/17/2009 5:24:21 AM | Computer Name = YOUNG-9FD9FB144 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module unknown, version 0.0.0.0, fault address 0x78910568.

Error - 6/17/2009 5:24:26 AM | Computer Name = YOUNG-9FD9FB144 | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.

Error - 6/19/2009 4:28:14 PM | Computer Name = YOUNG-9FD9FB144 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module gdi32.dll, version 5.1.2600.3466, fault address 0x0000acf6.

Error - 6/19/2009 4:28:24 PM | Computer Name = YOUNG-9FD9FB144 | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.

Error - 6/20/2009 4:19:57 PM | Computer Name = YOUNG-9FD9FB144 | Source = Application Error | ID = 1000
Description = Faulting application egui.exe, version 3.0.621.0, faulting module
unknown, version 0.0.0.0, fault address 0x78910568.

Error - 6/24/2009 8:59:06 PM | Computer Name = YOUNG-9FD9FB144 | Source = JavaQuickStarterService | ID = 1
Description =

[ System Events ]
Error - 6/20/2009 4:20:27 PM | Computer Name = YOUNG-9FD9FB144 | Source = Service Control Manager | ID = 7031
Description = The Eset Service service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 0 milliseconds: Restart
the service.

Error - 6/27/2009 4:19:26 AM | Computer Name = YOUNG-9FD9FB144 | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .

Error - 6/27/2009 4:20:00 AM | Computer Name = YOUNG-9FD9FB144 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 6/27/2009 4:20:05 AM | Computer Name = YOUNG-9FD9FB144 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 6/27/2009 4:20:20 AM | Computer Name = YOUNG-9FD9FB144 | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31

Error - 6/27/2009 4:20:20 AM | Computer Name = YOUNG-9FD9FB144 | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 6/27/2009 4:20:20 AM | Computer Name = YOUNG-9FD9FB144 | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 6/27/2009 4:20:20 AM | Computer Name = YOUNG-9FD9FB144 | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 6/27/2009 4:20:20 AM | Computer Name = YOUNG-9FD9FB144 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 AFD aswSP aswTdi easdrv epfwtdir Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss
sptd
Tcpip

Error - 6/27/2009 4:20:51 AM | Computer Name = YOUNG-9FD9FB144 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}


< End of report >

Thank you very much for your time and consideration!

Hello teatime,

Sorry for the delay.

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Then :

Establish an internet connection & perform an online scan with Firefox or Internet Explorer at Kaspersky Online Scanner

**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs
• Turn off the real time scanner of any existing antivirus program while performing the online scan.

Click Accept, when prompted to download and install the program files and database of malware definitions.

• Click Run at the Security prompt.
• The program will then begin downloading and installing and will also update the database.
• Please be patient as this can take several minutes.
• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
• Click View scan report at the bottom.
• Click the Save Report As... button.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

Regards,
Egwene.

Hello Egwene, no problem about the delay. The MBAM log was clean. I can't use Kaspersky Online Scanner; it crashes my computer.

I haven't received any fake antivirus pop-ups since that time, and my computer has been running pretty normally. Last night my mouse was kind of weird 9all of a sudden it wouldn't work, but today it is ok), but I don't think that's virus-related. Do you think it's safe to say that I'm virus-free?

Thank you very much for checking up and everything.

This post has been edited by teatime: Jul 4 2009, 01:38 PM