[tonyjh]

Hi Thunderbird 1988

Here is the new otl log

OTL logfile created on: 13/11/2010 10:15:48 AM - Run 5
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\User1\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1,023.00 Mb Total Physical Memory | 644.00 Mb Available Physical Memory | 63.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 1534 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 62.14 Gb Free Space | 13.34% Space Free | Partition Type: NTFS
Drive F: | 612.14 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: JULLE-FD9C65E74 | User Name: User1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\User1\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)
PRC - C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)
PRC - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe (Acronis)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
PRC - C:\WINDOWS\system32\UAService7.exe ()
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\User1\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\MsgPlusLoader.dll (Patchou)


========== Win32 Services (SafeList) ==========

SRV - (napagent) -- C:\WINDOWS\System32\qagentrt.dll File not found
SRV - (hkmsvc) -- C:\WINDOWS\System32\kmsvc.dll File not found
SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (EapHost) -- C:\WINDOWS\System32\eapsvc.dll File not found
SRV - (Dot3svc) -- C:\WINDOWS\System32\dot3svc.dll File not found
SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe File not found
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (sdCoreService) -- C:\Program Files\Spyware Doctor\swdsvc.exe (PC Tools)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (ServiceLayer) -- C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (WLSetupSvc) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe (Acronis)
SRV - (spupdsvc) -- C:\WINDOWS\system32\spupdsvc.exe (Microsoft Corporation)
SRV - (StarWindServiceAE) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
SRV - (sdAuxService) -- C:\Program Files\Spyware Doctor\svcntaux.exe (PC Tools)
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (Diskeeper) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
SRV - (UserAccess7) SecuROM User Access Service (V7) -- C:\WINDOWS\system32\UAService7.exe ()
SRV - (SNDSrvc) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
SRV - (Perpeervc) -- C:\WINDOWS\system32\EPSTP32U.EXE (SEIKO EPSON CORPORATION)


========== Driver Services (SafeList) ==========

DRV - (d347bus) -- C:\WINDOWS\System32\DRIVERS\d347bus.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (agp440) -- C:\WINDOWS\System32\DRIVERS\agp440.sys File not found
DRV - (a347bus) -- C:\WINDOWS\System32\DRIVERS\a347bus.sys File not found
DRV - (AnyDVD) -- C:\WINDOWS\system32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (SBRE) -- C:\WINDOWS\system32\drivers\SBREDrv.sys (Sunbelt Software)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (ElbyCDIO) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (timounter) -- C:\WINDOWS\system32\DRIVERS\timntr.sys (Acronis)
DRV - (snapman) -- C:\WINDOWS\system32\DRIVERS\snapman.sys (Acronis)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows ® 2000 DDK provider)
DRV - (xusb21) -- C:\WINDOWS\system32\drivers\xusb21.sys (Microsoft Corporation)
DRV - (IKSysSec) -- C:\WINDOWS\system32\drivers\iksyssec.sys (PCTools Research Pty Ltd.)
DRV - (IkSysFlt) -- C:\WINDOWS\system32\drivers\iksysflt.sys (PCTools Research Pty Ltd.)
DRV - (IKFileSec) -- C:\WINDOWS\system32\drivers\ikfilesec.sys (PCTools Research Pty Ltd.)
DRV - (IKFileFlt) -- C:\WINDOWS\system32\drivers\ikfileflt.sys (PCTools Research Pty Ltd.)
DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (pgfilter) -- C:\Program Files\PeerGuardian2\pgfilter.sys ()
DRV - (vaxscsi) -- C:\WINDOWS\System32\Drivers\vaxscsi.sys (Alcohol Soft Co., Ltd.)
DRV - (MayPro) -- C:\WINDOWS\system32\drivers\Maypro.sys (TigerGame.,Ltd)
DRV - (dtscsi) -- C:\WINDOWS\System32\Drivers\dtscsi.sys (DT Soft Ltd.)
DRV - (EZWRIT3) -- C:\WINDOWS\system32\drivers\ezwrit3.sys (USTC)
DRV - (ASPI32) -- C:\WINDOWS\system32\drivers\ASPI32.SYS (Adaptec)
DRV - (APLOADER) -- C:\WINDOWS\system32\drivers\ApLoader.SYS (Texas Instruments)
DRV - (Hardlock) -- C:\WINDOWS\system32\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (VIAudio) Vinyl AC'97 Audio Controller (WDM) -- C:\WINDOWS\system32\drivers\vinyl97.sys (VIA Technologies, Inc.)
DRV - (d347prt) -- C:\WINDOWS\System32\Drivers\d347prt.sys ( )
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (a347scsi) -- C:\WINDOWS\System32\Drivers\a347scsi.sys ( )
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (ALCXSENS) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura)
DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yukonwxp.sys (Marvell Semiconductor Inc.)
DRV - (LMouFlt2) -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys (Logitech, Inc.)
DRV - (L8042pr2) -- C:\WINDOWS\system32\drivers\L8042pr2.Sys (Logitech, Inc.)
DRV - (SiSRaid) -- C:\WINDOWS\system32\DRIVERS\SiSRaid.sys (Silicon Integrated Systems)
DRV - (SISAGP) -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys (Silicon Integrated Systems Corporation)
DRV - (SiSide) -- C:\WINDOWS\system32\DRIVERS\siside.sys (Silicon Integrated Systems Corp.)
DRV - (sisidex) -- C:\WINDOWS\system32\drivers\sisidex.sys (Windows ® 2000 DDK provider)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (sisperf) -- C:\WINDOWS\system32\drivers\sisperf.sys (Silicon Integrated Systems Corp.)
DRV - (SISNIC) -- C:\WINDOWS\system32\drivers\sisnic.sys (SiS Corporation)
DRV - (StreamDispatcher) -- C:\WINDOWS\system32\drivers\strmdisp.sys (Conexant Systems)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultUrl =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dodo.com.au/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com.au/"
FF - prefs.js..network.proxy.http: ""

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/02/27 22:24:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/30 17:12:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/30 17:12:19 | 000,000,000 | ---D | M]

[2008/12/15 14:54:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Mozilla\Extensions
[2010/10/30 17:12:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Mozilla\Firefox\Profiles\6aecx7x9.julie\extensions
[2010/10/29 15:28:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User1\Application Data\Mozilla\Firefox\Profiles\6aecx7x9.julie\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010/08/18 15:17:13 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Documents and Settings\User1\Application Data\Mozilla\Firefox\Profiles\6aecx7x9.julie\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010/10/29 15:28:38 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Documents and Settings\User1\Application Data\Mozilla\Firefox\Profiles\6aecx7x9.julie\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2010/08/30 16:54:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Mozilla\Firefox\Profiles\uryozul3.default\extensions
[2005/01/22 15:54:38 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Documents and Settings\User1\Application Data\Mozilla\Firefox\Profiles\uryozul3.default\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/08/30 16:54:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Mozilla\Firefox\Profiles\uryozul3.default\extensions\[email protected]
[2010/10/30 18:02:33 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2004/01/14 13:09:25 | 000,176,176 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2005/09/05 11:11:48 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll

O1 HOSTS File: ([2010/11/11 20:04:24 | 000,000,789 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStrCmpLogical = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoTrayNotify = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {447F8438-8124-4369-905B-A249E13CBBFC} http://pickles.liveb...l/new/lgbkc.cab (LgbContent Control)
O16 - DPF: {680285A8-96D3-43DA-9D3D-51DD987D0B77} http://www.nero.com/...ckerControl.cab (NeroVersionCheckerControl Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - File not found
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\MsgPlusLoader.dll) - C:\WINDOWS\system32\MsgPlusLoader.dll (Patchou)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\dimsntfy: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\User1\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User1\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/13 08:21:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2000/08/04 01:32:39 | 000,098,304 | R--- | M] (Humongous Entertainment) - F:\AUTORUN.EXE -- [ CDFS ]
O32 - AutoRun File - [2000/07/08 04:52:18 | 000,000,432 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2000/08/04 01:32:39 | 000,085,200 | R--- | M] () - F:\AUTORUN.pcx -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\Documents and Settings\User1\My Documents\User1.
[2010/11/13 10:14:35 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User1\Desktop\OTL.exe
[2010/11/11 18:21:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User1\DoctorWeb
[2010/11/11 17:52:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/11/11 00:02:12 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User1\Desktop\TFC.exe
[2010/11/08 20:21:16 | 001,330,776 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\User1\Desktop\TDSSKiller.exe
[2010/11/08 13:41:36 | 000,000,000 | ---D | C] -- C:\Program Files\Hidden Expedition Titanic
[2010/11/08 13:41:08 | 000,000,000 | ---D | C] -- C:\Program Files\ReflexiveArcade
[2010/11/08 13:14:04 | 000,000,000 | ---D | C] -- C:\Program Files\GameHouse
[2010/11/08 13:07:04 | 000,000,000 | ---D | C] -- C:\Program Files\Hasbro Interactive
[2010/11/08 13:00:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User1\My Documents\The Learning Company
[2010/11/07 13:49:23 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/11/07 11:31:37 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/11/07 11:26:39 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/11/07 11:26:39 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/11/07 11:26:39 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/11/07 11:26:39 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/11/06 20:50:30 | 000,546,224 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\User1\Desktop\avg_remover_stf_x86_2011_1149.exe.to_delete
[2010/11/02 16:54:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User1\Desktop\MALWEAR VIRUS CLEANERS
[2010/11/02 15:56:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/11/02 07:34:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User1\Desktop\GooredFix Backups
[2010/11/01 20:13:07 | 000,093,872 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/11/01 20:13:07 | 000,027,944 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\sbbd.exe
[2010/11/01 20:12:53 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2010/11/01 14:59:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/28 17:47:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/10/28 17:46:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/10/27 18:20:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/10/27 18:18:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/10/26 22:44:17 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Documents\Server
[2010/10/26 22:43:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User1\Application Data\BBA3C47041CC05CF5F7CEAE09FFAF8B6
[2010/10/26 22:21:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User1\Desktop\Y.S.v1.4.0.0
[2010/10/26 16:58:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\The Learning Company
[2010/10/25 20:46:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User1\Desktop\a.b.hal.propper
[2010/10/24 00:35:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User1\Desktop\tgatetress
[2010/10/22 00:31:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User1\Desktop\IPOD
[2010/10/16 12:44:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User1\Local Settings\Application Data\AVG Security Toolbar
[2010/10/16 12:35:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User1\Application Data\AVG10
[2010/10/16 12:33:42 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/10/16 11:50:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/10/15 20:08:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User1\Application Data\Realore_Whiterra Roads Of Rome
[2010/10/15 16:41:55 | 000,000,000 | ---D | C] -- C:\Program Files\Roads of Rome
[2010/10/15 16:37:38 | 000,000,000 | ---D | C] -- C:\Program Files\Kate Arrow - Deserted Wood
[2010/10/15 16:36:40 | 000,000,000 | ---D | C] -- C:\Program Files\Help Felix Find a Cure
[2010/10/15 16:34:31 | 000,000,000 | ---D | C] -- C:\Program Files\Enlightenus II - The Timeless Tower
[2010/10/15 16:27:57 | 000,000,000 | ---D | C] -- C:\Program Files\Dark Tales - Edgar Allan Poe's The Black Cat Collector's Edition
[2010/10/15 15:25:54 | 000,000,000 | ---D | C] -- C:\Program Files\Columbus - Ghost of the Mystery Stone
[2009/02/04 17:45:55 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys
[2008/06/05 16:34:49 | 000,403,856 | ---- | C] (Pantaray Research LTD.) -- C:\Program Files\un_Star Defender 4_26816.exe
[2005/07/25 18:37:28 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347scsi.sys

========== Files - Modified Within 30 Days ==========

File not found -- C:\Documents and Settings\User1\My Documents\User1.
[2010/11/13 10:15:14 | 000,288,107 | ---- | M] () -- C:\Documents and Settings\User1\Desktop\gmer.zip
[2010/11/13 10:14:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User1\Desktop\OTL.exe
[2010/11/13 10:04:10 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/13 10:04:09 | 000,000,000 | ---- | M] () -- C:\WINDOWS\TempFile
[2010/11/13 10:03:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/12 20:50:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/12 06:52:45 | 000,000,559 | ---- | M] () -- C:\Documents and Settings\User1\Desktop\DrWeb.csv
[2010/11/11 20:04:24 | 000,000,789 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/11/11 00:46:19 | 000,029,847 | ---- | M] () -- C:\Documents and Settings\User1\Desktop\help from thunderbird.docx
[2010/11/11 00:19:03 | 000,009,334 | ---- | M] () -- C:\Documents and Settings\User1\Desktop\SysRestorePoint_v13.zip
[2010/11/11 00:02:16 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User1\Desktop\TFC.exe
[2010/11/10 23:55:30 | 051,743,000 | ---- | M] () -- C:\Documents and Settings\User1\Desktop\drweb-cureit.exe
[2010/11/10 19:49:56 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/09 18:54:27 | 001,215,581 | ---- | M] () -- C:\Documents and Settings\User1\Desktop\tdsskiller.zip
[2010/11/08 22:39:40 | 000,001,984 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/08 17:30:12 | 000,001,271 | ---- | M] () -- C:\WINDOWS\hegames.ini
[2010/11/08 13:44:25 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/11/08 13:41:45 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\User1\Desktop\Hidden Expedition Titanic.lnk
[2010/11/08 13:14:10 | 000,000,805 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Posh Shop.lnk
[2010/11/08 13:14:10 | 000,000,169 | ---- | M] () -- C:\Documents and Settings\User1\Desktop\More Games at GameHouse.com.url
[2010/11/08 10:55:10 | 001,330,776 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\User1\Desktop\TDSSKiller.exe
[2010/11/07 11:31:43 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/11/07 11:26:19 | 000,452,500 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/07 11:26:19 | 000,075,314 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/06 20:50:31 | 000,546,224 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\User1\Desktop\avg_remover_stf_x86_2011_1149.exe.to_delete
[2010/11/06 17:56:19 | 003,903,800 | R--- | M] () -- C:\Documents and Settings\User1\Desktop\ComboFix.exe
[2010/11/06 13:36:39 | 000,311,584 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/11/05 21:15:49 | 000,088,576 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2010/11/02 17:43:50 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/11/02 17:35:03 | 000,000,933 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2010/10/30 04:43:13 | 000,000,191 | ---- | M] () -- C:\Documents and Settings\User1\Application Data\ahfg.bat
[2010/10/29 23:52:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/10/26 17:00:55 | 000,000,036 | ---- | M] () -- C:\WINDOWS\Tiny_Run.ini
[2010/10/25 21:20:33 | 024,408,441 | ---- | M] () -- C:\Documents and Settings\User1\Desktop\Fallout_New_Vegas_Official_eGuide_pdf.rar
[2010/10/24 16:23:55 | 068,346,571 | ---- | M] () -- C:\Documents and Settings\User1\Desktop\Y.S.v1.4.0.0.rar
[2010/10/24 15:31:02 | 009,838,549 | ---- | M] () -- C:\Documents and Settings\User1\Desktop\a.b.hal.propper.rar
[2010/10/19 21:00:41 | 111,586,305 | ---- | M] () -- C:\Documents and Settings\User1\Desktop\s.c.v1.0.rar

========== Files Created - No Company Name ==========

[2010/11/12 06:52:45 | 000,000,559 | ---- | C] () -- C:\Documents and Settings\User1\Desktop\DrWeb.csv
[2010/11/11 00:46:19 | 000,029,847 | ---- | C] () -- C:\Documents and Settings\User1\Desktop\help from thunderbird.docx
[2010/11/11 00:19:03 | 000,009,334 | ---- | C] () -- C:\Documents and Settings\User1\Desktop\SysRestorePoint_v13.zip
[2010/11/10 23:55:30 | 051,743,000 | ---- | C] () -- C:\Documents and Settings\User1\Desktop\drweb-cureit.exe
[2010/11/09 18:54:19 | 001,215,581 | ---- | C] () -- C:\Documents and Settings\User1\Desktop\tdsskiller.zip
[2010/11/08 22:53:59 | 000,288,107 | ---- | C] () -- C:\Documents and Settings\User1\Desktop\gmer.zip
[2010/11/08 21:53:52 | 009,010,872 | ---- | C] () -- C:\Documents and Settings\User1\Desktop\abgx360_v1.0.3_setup.exe
[2010/11/08 13:41:45 | 000,000,826 | ---- | C] () -- C:\Documents and Settings\User1\Desktop\Hidden Expedition Titanic.lnk
[2010/11/08 13:14:10 | 000,000,805 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Posh Shop.lnk
[2010/11/08 13:14:10 | 000,000,169 | ---- | C] () -- C:\Documents and Settings\User1\Desktop\More Games at GameHouse.com.url
[2010/11/08 13:07:13 | 000,045,568 | ---- | C] () -- C:\WINDOWS\UniFish3.exe
[2010/11/07 11:31:43 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/11/07 11:31:39 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/11/07 11:26:39 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/11/07 11:26:39 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/11/07 11:26:39 | 000,088,576 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/11/07 11:26:39 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/11/07 11:26:39 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/11/06 17:56:19 | 003,903,800 | R--- | C] () -- C:\Documents and Settings\User1\Desktop\ComboFix.exe
[2010/10/30 04:43:13 | 000,000,191 | ---- | C] () -- C:\Documents and Settings\User1\Application Data\ahfg.bat
[2010/10/26 16:56:34 | 000,000,036 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini
[2010/10/25 21:20:31 | 024,408,441 | ---- | C] () -- C:\Documents and Settings\User1\Desktop\Fallout_New_Vegas_Official_eGuide_pdf.rar
[2010/10/24 16:23:49 | 068,346,571 | ---- | C] () -- C:\Documents and Settings\User1\Desktop\Y.S.v1.4.0.0.rar
[2010/10/24 15:31:00 | 009,838,549 | ---- | C] () -- C:\Documents and Settings\User1\Desktop\a.b.hal.propper.rar
[2010/10/19 21:00:24 | 111,586,305 | ---- | C] () -- C:\Documents and Settings\User1\Desktop\s.c.v1.0.rar
[2010/09/16 19:21:41 | 000,000,083 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2010/04/29 22:41:52 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\User1\Application Data\SuperSafer.cfg
[2010/02/03 18:22:05 | 000,000,253 | ---- | C] () -- C:\WINDOWS\Sin_setup.INI
[2009/10/28 23:14:35 | 000,155,648 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2009/08/03 00:21:54 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2009/07/21 13:49:53 | 000,001,044 | ---- | C] () -- C:\Documents and Settings\User1\Application Data\vso_ts_preview.xml
[2009/04/26 18:49:27 | 000,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/04/18 20:13:10 | 000,000,107 | ---- | C] () -- C:\Documents and Settings\User1\Application Data\default.pls
[2009/03/14 21:19:47 | 000,009,629 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2009/03/01 19:19:18 | 000,012,060 | ---- | C] () -- C:\Documents and Settings\User1\Application Data\NMM-MetaData.db
[2009/02/05 18:31:33 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\User1\Local Settings\Application Data\fusioncache.dat
[2009/02/01 11:29:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2008/12/31 17:04:42 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/10/23 21:26:32 | 000,000,635 | ---- | C] () -- C:\WINDOWS\Dc.INI
[2008/09/05 10:47:04 | 000,000,120 | ---- | C] () -- C:\WINDOWS\WINRESAZ.INI
[2008/09/01 14:21:46 | 000,000,121 | ---- | C] () -- C:\WINDOWS\SwDrvs.ini
[2008/09/01 14:21:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\drvxl32.INI
[2008/09/01 14:21:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\drvwd32.INI
[2008/09/01 13:20:32 | 000,000,343 | ---- | C] () -- C:\WINDOWS\9ed.ini
[2008/08/03 18:24:01 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/06/09 18:43:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\vusetup.dll
[2008/06/05 16:34:49 | 000,006,933 | ---- | C] () -- C:\Program Files\un_Star Defender 4_26816.txt
[2008/03/08 07:44:35 | 000,000,061 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2008/03/05 12:54:19 | 000,000,000 | ---- | C] () -- C:\Program Files\temp01
[2008/03/01 22:20:38 | 003,049,984 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008/03/01 22:20:38 | 000,404,480 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/03/01 22:20:38 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2008/03/01 22:20:38 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2008/01/30 14:05:30 | 000,002,568 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/01/24 15:47:46 | 000,000,052 | ---- | C] () -- C:\WINDOWS\cool.ini
[2008/01/24 15:45:27 | 000,000,011 | ---- | C] () -- C:\WINDOWS\wordpad.ini
[2007/12/20 21:45:27 | 000,000,028 | ---- | C] () -- C:\WINDOWS\v2d.INI
[2007/11/30 00:15:49 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll
[2007/11/30 00:15:49 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dxinputdll.dll
[2007/11/26 21:56:28 | 000,151,415 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2007/11/16 22:34:58 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/10/29 10:54:51 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2007/10/01 15:08:34 | 000,000,035 | ---- | C] () -- C:\WINDOWS\WDIRECT.INI
[2007/09/06 13:19:50 | 000,000,117 | ---- | C] () -- C:\WINDOWS\Prof.ini
[2007/09/06 00:55:21 | 000,000,447 | ---- | C] () -- C:\WINDOWS\Clony2.ini
[2007/07/26 00:24:28 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/05/28 18:21:04 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/05/28 18:21:03 | 000,084,480 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/05/23 15:56:10 | 000,000,205 | ---- | C] () -- C:\WINDOWS\disneysy.ini
[2007/04/05 00:15:37 | 000,000,397 | ---- | C] () -- C:\WINDOWS\Proxyrama.INI
[2007/03/29 22:00:40 | 000,203,264 | ---- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2007/03/10 22:51:48 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/02/28 14:33:51 | 000,286,208 | ---- | C] () -- C:\WINDOWS\System32\CNCS232.DLL
[2007/02/12 17:45:22 | 000,000,344 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2007/01/31 00:01:15 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2007/01/31 00:01:15 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2007/01/04 01:48:05 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\infcpy.dll
[2006/10/21 15:34:09 | 000,000,004 | ---- | C] () -- C:\WINDOWS\info147.sys
[2006/07/24 20:16:51 | 000,000,011 | ---- | C] () -- C:\WINDOWS\KPP.INI
[2006/07/15 10:45:10 | 000,000,019 | ---- | C] () -- C:\WINDOWS\System32\systilde32.dll
[2006/05/11 23:13:56 | 000,001,743 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/04/30 21:07:17 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2006/04/30 20:30:02 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2006/04/23 00:59:13 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2006/03/31 15:05:53 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2006/01/16 00:34:21 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2006/01/10 19:00:25 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDER310E.ini
[2006/01/09 12:20:04 | 000,000,073 | ---- | C] () -- C:\WINDOWS\EurekaLog.ini
[2005/12/23 13:15:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\RAWImage.INI
[2005/12/04 11:56:56 | 000,000,011 | ---- | C] () -- C:\WINDOWS\ABC.INI
[2005/10/27 16:41:47 | 000,000,020 | ---- | C] () -- C:\WINDOWS\Converter.INI
[2005/10/04 10:01:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Quicktools.INI
[2005/07/25 15:41:18 | 000,000,036 | ---- | C] () -- C:\WINDOWS\ibu.dll
[2005/06/27 18:08:31 | 000,000,551 | ---- | C] () -- C:\WINDOWS\Clubhouse.ini
[2005/06/23 17:00:08 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\TTSServer.dll
[2005/06/22 10:05:22 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVSyd.DLL
[2005/06/22 10:05:13 | 000,000,599 | ---- | C] () -- C:\WINDOWS\System32\CNCMP51.INI
[2005/05/25 10:04:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2005/05/25 09:57:09 | 000,000,111 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/05/11 14:01:36 | 000,001,125 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2005/04/08 14:38:48 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\tmpid.dll
[2005/04/05 18:41:14 | 000,000,397 | ---- | C] () -- C:\WINDOWS\MYOBP.INI
[2005/04/05 18:41:14 | 000,000,039 | ---- | C] () -- C:\WINDOWS\MYOB.INI
[2005/02/09 12:59:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005/01/30 10:22:58 | 000,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2005/01/29 11:25:02 | 008,956,040 | ---- | C] () -- C:\Program Files\InstallSnSBingo.exe
[2005/01/26 16:50:53 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2005/01/26 16:50:53 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2005/01/26 05:25:04 | 000,247,808 | ---- | C] () -- C:\Documents and Settings\User1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/01/22 04:00:05 | 000,000,712 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2005/01/22 04:00:03 | 000,000,780 | ---- | C] () -- C:\WINDOWS\ka.ini
[2005/01/20 09:32:33 | 000,001,271 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2005/01/20 06:23:29 | 000,000,700 | ---- | C] () -- C:\WINDOWS\disney.ini
[2005/01/19 12:26:31 | 000,000,119 | ---- | C] () -- C:\WINDOWS\compedia.ini
[2005/01/13 08:36:54 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\property.dll
[2005/01/13 08:33:58 | 000,139,264 | R--- | C] () -- C:\WINDOWS\System32\IDEproperty.dll
[2005/01/13 00:10:32 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/04/22 13:58:26 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2003/07/14 12:20:16 | 000,000,025 | R--- | C] () -- C:\WINDOWS\MPower23.ini
[2003/04/09 07:21:50 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\trayocx.dll
[2002/11/04 15:09:46 | 000,000,025 | R--- | C] () -- C:\WINDOWS\MPowerK1.ini
[2002/10/16 09:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2000/01/31 09:02:00 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\Wh2Robo.dll
[1999/01/23 08:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1997/04/01 00:00:00 | 001,664,272 | ---- | C] () -- C:\WINDOWS\System32\MSO97V.DLL
[1997/04/01 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/04/01 00:00:00 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\MSORFS.DLL
[1997/04/01 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== LOP Check ==========

[2008/06/26 20:57:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Activision
[2010/10/23 16:43:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Artist Colony
[2010/10/16 11:55:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2008/03/07 16:41:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Awem
[2005/05/25 09:58:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund
[2010/10/16 12:33:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2007/03/12 14:29:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dslic
[2007/03/12 14:36:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dslicense
[2008/05/29 18:09:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EdAlive
[2008/06/23 12:04:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EscapeTheMuseum
[2009/08/30 20:08:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\F1E9A331CBDB4A7EBD262857943DCAB7
[2010/03/07 11:25:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy-PizzaParty
[2010/04/22 17:56:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy2
[2010/04/25 17:08:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3_America
[2010/05/27 17:09:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3_Arctica
[2008/09/21 19:04:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games
[2007/08/20 10:07:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FloodLightGames
[2007/08/26 19:22:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreshGames
[2010/06/13 19:39:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2008/09/15 22:36:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GeoVid
[2010/04/26 16:27:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoBit Games
[2008/11/17 11:34:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HiddenSecretsNightmare
[2006/12/21 14:48:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Imaginext™
[2009/02/27 23:15:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2007/04/24 21:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterAction studios
[2007/01/04 01:20:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LearningPOWER
[2008/06/23 14:16:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ludia
[2010/07/16 17:30:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Merscom
[2005/04/25 12:47:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2010/10/16 11:52:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2008/02/02 21:52:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGS
[2009/11/28 16:14:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2009/04/19 23:37:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2010/08/29 14:45:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MyVirtualHome
[2007/07/06 20:11:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
[2009/02/27 23:15:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2009/12/04 15:38:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaMusic
[2008/01/11 21:33:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/08/13 17:13:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2009/01/16 18:55:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayPond
[2010/04/26 19:19:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment
[2009/08/09 04:34:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2010/01/12 20:55:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Princess Isabella
[2010/07/21 19:18:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2008/05/22 18:48:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2007/05/11 19:45:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2009/04/22 23:13:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sierra
[2009/07/08 09:47:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2010/04/29 22:42:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spotmau
[2010/06/14 20:11:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SulusGames
[2010/11/08 12:56:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/10/26 16:58:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Learning Company
[2006/01/10 19:08:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2005/11/29 11:18:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2006/12/06 12:11:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/02/14 15:04:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirtualFarm
[2005/12/17 13:47:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vivendi Universal Games
[2009/07/22 10:32:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2008/10/20 23:13:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vuvyrglo
[2007/10/09 13:22:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\XemiComputers
[2007/05/15 01:42:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2010/07/19 20:54:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/08/02 06:10:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2006/02/09 17:24:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\.bittorrent
[2010/07/07 14:58:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\abgx360
[2007/04/11 15:07:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Alawar
[2010/10/11 17:09:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Anarchy
[2010/10/16 12:35:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\AVG10
[2010/04/19 20:34:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\AVG9
[2010/10/23 16:10:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Azureus
[2010/10/26 22:43:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\BBA3C47041CC05CF5F7CEAE09FFAF8B6
[2010/01/17 21:16:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\bfgbar
[2010/06/03 17:36:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Big Fish Games
[2008/11/17 15:17:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Boomzap
[2007/02/25 18:17:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Canon
[2010/01/16 16:45:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Cloanto
[2010/08/16 20:27:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\com.gog.downloader.87F90EC6C28C7E479115BE2E026DB87A08BC420D.1
[2008/04/27 01:26:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\DAEMON Tools Pro
[2007/05/23 17:00:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Disney Interactive Studios
[2008/11/16 15:32:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\DiVision Studios XAvenger
[2009/12/25 19:42:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\EleFun Games
[2007/07/20 18:30:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Eyeblaster
[2008/09/21 19:04:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Flood Light Games
[2007/08/20 10:07:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\FloodLightGames
[2008/10/13 13:48:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\ForgottenRiddles
[2009/11/28 12:05:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Friday's games
[2010/11/08 13:14:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\GameHouse
[2008/09/15 22:39:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\GeoVid
[2007/11/13 13:35:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\GetRight
[2010/02/06 18:19:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\GetRightToGo
[2007/08/22 13:57:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\GrabIt
[2006/01/27 14:08:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Imageview
[2009/08/31 07:59:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\ImgBurn
[2005/01/21 07:46:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\InterTrust
[2007/08/24 18:21:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\iWin
[2007/11/30 00:17:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\KALiNKOsoft
[2006/01/08 15:31:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Leadertech
[2008/06/23 14:16:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Ludia
[2007/07/02 00:06:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Magic Academy
[2010/06/04 15:09:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\MagicIndie
[2010/07/16 17:30:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Merscom
[2007/07/06 20:21:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\My Games
[2010/09/13 01:56:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\NewsLeecher
[2010/08/29 11:00:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Nokia
[2009/02/27 22:24:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Nokia Multimedia Player
[2009/12/13 21:17:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Nseries
[2005/12/11 18:22:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Opera
[2009/12/04 15:27:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\PC Suite
[2010/09/03 23:19:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\PeaceCraft2
[2007/10/19 18:13:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\PgcEdit
[2010/08/13 17:13:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\PlayFirst
[2008/03/18 14:17:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\PSPDocMaker
[2009/05/26 10:00:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\RipIt4Me
[2009/11/01 12:57:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\runic games
[2010/10/03 13:13:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Sahmon Games
[2008/01/11 12:41:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\SecondLife
[2005/02/26 11:52:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\SEGA
[2010/06/14 20:11:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\SulusGames
[2009/02/01 19:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\TeamViewer
[2008/05/06 20:21:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\The Labyrinth Plus! Edition
[2009/03/29 22:12:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\The Path
[2007/04/28 13:10:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\tunebite
[2005/11/22 14:34:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Ulead Systems
[2007/08/26 10:13:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\VeniceMysteryData
[2007/06/23 22:30:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Viewpoint
[2009/07/23 09:10:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Vso
[2005/03/08 02:08:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\WholeSecurity
[2008/08/02 20:29:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Xbins
[2007/10/09 13:22:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\XemiComputers
[2007/06/29 22:53:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Zylom

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 239 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:178093AE
@Alternate Data Stream - 238 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B722BCE5
@Alternate Data Stream - 237 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38FF076E
@Alternate Data Stream - 236 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BF6C81B2
@Alternate Data Stream - 236 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A02025CE
@Alternate Data Stream - 234 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FC51BA36
@Alternate Data Stream - 234 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F43B7E8F
@Alternate Data Stream - 234 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:864881BF
@Alternate Data Stream - 230 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9D6EAEC3
@Alternate Data Stream - 228 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:22741C1F
@Alternate Data Stream - 227 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:00811B66
@Alternate Data Stream - 224 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CEE4A457
@Alternate Data Stream - 224 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:99AC3203
@Alternate Data Stream - 221 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8C81B36D
@Alternate Data Stream - 220 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:008586AE
@Alternate Data Stream - 219 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D055FC10
@Alternate Data Stream - 218 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6FD36C4B
@Alternate Data Stream - 216 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B3942462
@Alternate Data Stream - 215 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ED9B661E
@Alternate Data Stream - 215 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3DB6F365
@Alternate Data Stream - 214 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8140CB50
@Alternate Data Stream - 214 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80E965A3
@Alternate Data Stream - 213 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:56C17A93
@Alternate Data Stream - 209 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:109734F6
@Alternate Data Stream - 208 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC2381A4
@Alternate Data Stream - 208 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A0CB43B2
@Alternate Data Stream - 206 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AC0528D9
@Alternate Data Stream - 204 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BFAD7A5D
@Alternate Data Stream - 204 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:15752405
@Alternate Data Stream - 203 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F11C259D
@Alternate Data Stream - 202 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:76A59E49
@Alternate Data Stream - 201 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F0762150
@Alternate Data Stream - 201 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC7C9796
@Alternate Data Stream - 201 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:66AA0486
@Alternate Data Stream - 200 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC0A74A1
@Alternate Data Stream - 200 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D507B5A8
@Alternate Data Stream - 200 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:57CC1FDC
@Alternate Data Stream - 196 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7A0EFE63
@Alternate Data Stream - 191 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:59846E5E
@Alternate Data Stream - 190 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FC4EA67C
@Alternate Data Stream - 189 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3063E0E
@Alternate Data Stream - 163 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98F0614F
@Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ED51D3ED
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80EA2EA3
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07D9FF25
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7ADA8871
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A235FA9E
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:151760F0
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3BF63E4A
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B4123E9
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:57B4E612
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9857FAE3
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B7E2022
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D36932D
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ABE30DDB
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AEBFFE08
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BEBD9BCF

< End of report >

Computer seems to be running very slow. eg
When you click start, turn off computer, it takes 2 min for the shutdown window to open.
Shutdown seems to take a long time as well is that normal?
when scrolling large pages its not a smooth scroll you can see as it updates. if that makes sense
at the moment i have no antivirus as i had to uninstall avg
but when i try to install microsoft essentials it ends in an error if think its possible that the avg is not totally removed which i need to fix so i can get protected. could you please help me with solving this issue ?

Thanks for all your help

Kind Regards
tonyjh

Edited by tonyjh, 12 November 2010 - 07:45 PM.

[Advertisements]

Hello,

Can you run Combofix again?

To get rid of AVG, please re-install it again. and then uninstall it using [url=http://www.revouninstaller.com/start_freeware_download.html]revouninstaller[/url.

[Thunderbird1988]

Hello,

Can you run Combofix again?

To get rid of AVG, please re-install it again. and then uninstall it using [url=http://www.revouninstaller.com/start_freeware_download.html]revouninstaller[/url.

[tonyjh]

Hi Thunderbird here is the log you requested.

ComboFix 10-11-12.06 - User1 14/11/2010 16:53:32.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1033.18.1023.537 [GMT 11:00]
Running from: c:\documents and settings\User1\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system\QTIM32.DLL

.
((((((((((((((((((((((((( Files Created from 2010-10-14 to 2010-11-14 )))))))))))))))))))))))))))))))
.

2010-11-13 13:02 . 2010-11-13 13:03 -------- d-----w- c:\documents and settings\User1\Local Settings\Application Data\Temp
2010-11-13 10:57 . 2006-10-22 04:06 208896 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-11-13 10:56 . 2010-11-13 10:56 -------- d-----w- C:\NVIDIA
2010-11-13 01:42 . 2010-11-13 01:42 -------- d-----w- c:\program files\SystemRequirementsLab
2010-11-11 07:21 . 2010-11-11 09:04 -------- d-----w- c:\documents and settings\User1\DoctorWeb
2010-11-11 06:52 . 2010-11-11 06:52 -------- d-----w- C:\_OTL
2010-11-08 02:41 . 2010-11-08 02:43 -------- d-----w- c:\program files\Hidden Expedition Titanic
2010-11-08 02:41 . 2010-11-08 02:41 -------- d-----w- c:\program files\ReflexiveArcade
2010-11-08 02:14 . 2010-11-08 02:14 -------- d-----w- c:\program files\GameHouse
2010-11-08 02:07 . 2000-01-14 16:14 45568 ----a-w- c:\windows\UniFish3.exe
2010-11-08 02:07 . 2010-11-08 02:07 -------- d-----w- c:\program files\Hasbro Interactive
2010-11-02 05:22 . 2010-08-13 12:53 5120 ------w- c:\windows\system32\xpsp4res.dll
2010-11-02 05:07 . 2008-10-16 03:06 208744 ----a-w- c:\windows\system32\muweb.dll
2010-11-02 05:07 . 2008-10-16 03:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2010-11-02 05:07 . 2009-08-06 08:24 44768 ----a-w- c:\windows\system32\wups2.dll
2010-11-02 05:07 . 2009-08-06 08:24 35552 -c--a-w- c:\windows\system32\dllcache\wups.dll
2010-11-02 05:07 . 2009-08-06 08:24 35552 ----a-w- c:\windows\system32\wups.dll
2010-11-02 05:07 . 2008-10-16 03:13 202776 ----a-w- c:\windows\system32\wuweb.dll
2010-11-02 05:07 . 2008-10-16 03:12 323608 ----a-w- c:\windows\system32\wucltui.dll
2010-11-02 05:07 . 2008-10-16 03:13 1809944 ----a-w- c:\windows\system32\wuaueng.dll
2010-11-02 05:07 . 2008-10-16 03:12 561688 ----a-w- c:\windows\system32\wuapi.dll
2010-11-02 05:07 . 2008-10-16 03:12 213528 ----a-w- c:\windows\system32\wuaucpl.cpl
2010-11-02 05:07 . 2008-10-16 03:09 92696 ----a-w- c:\windows\system32\cdm.dll
2010-11-02 05:07 . 2008-10-16 03:09 51224 ----a-w- c:\windows\system32\wuauclt.exe
2010-11-01 09:13 . 2009-09-07 03:02 27944 ----a-w- c:\windows\system32\sbbd.exe
2010-11-01 09:13 . 2009-08-05 04:58 93872 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-11-01 09:12 . 2010-11-01 14:27 -------- d-----w- C:\VIPRERESCUE
2010-10-29 17:43 . 2010-10-29 17:43 191 ----a-w- c:\documents and settings\User1\Application Data\ahfg.bat
2010-10-28 06:47 . 2010-10-28 06:50 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-10-26 11:43 . 2010-10-26 11:43 -------- d-----w- c:\documents and settings\User1\Application Data\BBA3C47041CC05CF5F7CEAE09FFAF8B6
2010-10-26 05:58 . 2010-10-26 05:58 -------- d-----w- c:\documents and settings\All Users\Application Data\The Learning Company
2010-10-16 01:44 . 2010-10-16 01:44 -------- d-----w- c:\documents and settings\User1\Local Settings\Application Data\AVG Security Toolbar
2010-10-16 01:35 . 2010-10-16 01:35 -------- d-----w- c:\documents and settings\User1\Application Data\AVG10
2010-10-16 01:33 . 2010-10-16 01:33 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2010-10-16 00:50 . 2010-10-16 00:52 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2010-10-15 09:08 . 2010-10-23 05:50 -------- d-----w- c:\documents and settings\User1\Application Data\Realore_Whiterra Roads Of Rome

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 06:53 . 2004-08-04 12:00 954368 ------w- c:\windows\system32\mfc40.dll
2010-09-18 01:23 . 2004-08-04 12:00 974848 ------w- c:\windows\system32\mfc42u.dll
2010-09-09 13:38 . 2004-08-04 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 13:38 . 2004-08-04 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2007-05-25 23:26 . 2008-06-05 05:34 403856 ----a-w- c:\program files\un_Star Defender 4_26816.exe
2005-01-29 00:25 . 2005-01-29 00:25 8956040 ----a-w- c:\program files\InstallSnSBingo.exe
.

------- Sigcheck -------

[-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\$NtServicePackUninstall$\ntfs.sys
[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\system32\dllcache\ntfs.sys
[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\system32\drivers\ntfs.sys
[7] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB930916$\ntfs.sys

[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\$NtServicePackUninstall$\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\system32\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\system32\dllcache\netman.dll
[-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
[7] 2004-08-04 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB905414$\netman.dll

[7] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\rpcss.dll
[7] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[7] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\rpcss.dll
[7] 2009-02-09 . 01095FEBF33BEEA00C2A0730B9B3EC28 . 399360 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\rpcss.dll
[7] 2009-02-09 . 24B5D53B9ACCC1E2EDCF0A878D6659D4 . 401408 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\rpcss.dll
[7] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll
[-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
[-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\windows\system32\rpcss.dll
[-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2005-07-26 . C369DF215D352B6F3A0B8C3469AA34F8 . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[-] 2005-04-28 . DA383FB39A6F1C445F3AFC94B3EB1248 . 396288 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll
[-] 2005-04-28 . C8061F289E000703E7672916B7FE1571 . 395776 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\rpcss.dll
[-] 2005-01-14 . 419899803CA479B73B02390318C787C0 . 395776 . . [5.1.2600.2595] . . c:\windows\$NtUninstallKB894391$\rpcss.dll
[-] 2005-01-14 . 94456045BEB4545B5EBE1DCC85951AFA . 395776 . . [5.1.2600.2595] . . c:\windows\$hf_mig$\KB873333\SP2QFE\rpcss.dll
[7] 2004-08-04 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB873333$\rpcss.dll

[7] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[7] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\SoftwareDistribution\Download\9460002f6d8231358fc1eb590f9b1dce\sp3qfe\spoolsv.exe
[7] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\SoftwareDistribution\Download\9460002f6d8231358fc1eb590f9b1dce\sp3gdr\spoolsv.exe
[7] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2347290$\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\system32\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\system32\dllcache\spoolsv.exe
[7] 2004-08-04 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896423$\spoolsv.exe

[7] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\SoftwareDistribution\Download\21cbd3f70584651805685eba1753505f\SP3QFE\comctl32.dll
[7] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\windows\SoftwareDistribution\Download\21cbd3f70584651805685eba1753505f\asms\60\msft\windows\common\controls\comctl32.dll
[7] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\windows\SoftwareDistribution\Download\21cbd3f70584651805685eba1753505f\SP3QFE\asms\60\msft\windows\common\controls\comctl32.dll
[7] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
[7] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[7] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\$NtUninstallKB2296011$\comctl32.dll
[-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[-] 2006-08-25 . C4E80875C1CF1222FC5EFD0314AE5C01 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
[7] 2004-08-04 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\$NtUninstallKB923191$\comctl32.dll
[7] 2004-08-04 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[7] 2004-08-04 . 5AF68A5E44734A082442668E9C787743 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[7] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\sp3gdr\kernel32.dll
[7] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[7] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\sp3qfe\kernel32.dll
[7] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll
[7] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\backup\sp3gdr\kernel32.dll
[-] 2007-04-16 . 09F7CB3687F86EDAA4CA081F7AB66C03 . 986112 . . [5.1.2600.3119] . . c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2007-04-16 . A01F9CA902A88F7CED06884174D6419D . 984576 . . [5.1.2600.3119] . . c:\windows\$NtServicePackUninstall$\kernel32.dll
[-] 2007-04-16 . A01F9CA902A88F7CED06884174D6419D . 984576 . . [5.1.2600.3119] . . c:\windows\system32\kernel32.dll
[-] 2007-04-16 . A01F9CA902A88F7CED06884174D6419D . 984576 . . [5.1.2600.3119] . . c:\windows\system32\dllcache\kernel32.dll
[-] 2006-07-05 . 0FDD84928A5DDE2510761B7EC76CCEC9 . 985088 . . [5.1.2600.2945] . . c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[-] 2006-07-05 . D8DB5397DE07577C1CB50BA6D23B3AD4 . 984064 . . [5.1.2600.2945] . . c:\windows\$NtUninstallKB935839$\kernel32.dll
[7] 2004-08-04 . 888190E31455FAD793312F8D087146EB . 983552 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917422$\kernel32.dll

[-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\system32\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\system32\dllcache\linkinfo.dll
[7] 2004-08-04 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB900725$\linkinfo.dll

[-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\system32\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\system32\dllcache\tapisrv.dll
[7] 2004-08-04 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893756$\tapisrv.dll

[-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\system32\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\system32\dllcache\user32.dll
[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB925902$\user32.dll
[7] 2004-08-04 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll

[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\system32\dllcache\explorer.exe
[7] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe

[7] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . c:\windows\SoftwareDistribution\Download\e104dcd29adf1c6c473a5efad2d509be\sp3gdr\ole32.dll
[7] 2010-07-16 . 8D51FB47062F2A1A9EFECCEF338A4C46 . 1289216 . . [5.1.2600.6010] . . c:\windows\$hf_mig$\KB979687\SP3QFE\ole32.dll
[7] 2010-07-16 . 8D51FB47062F2A1A9EFECCEF338A4C46 . 1289216 . . [5.1.2600.6010] . . c:\windows\SoftwareDistribution\Download\e104dcd29adf1c6c473a5efad2d509be\sp3qfe\ole32.dll
[7] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB979687$\ole32.dll
[-] 2005-07-26 . AB8231D13692AC5088EB9C226B0C0576 . 1285120 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\ole32.dll
[-] 2005-07-26 . AB8231D13692AC5088EB9C226B0C0576 . 1285120 . . [5.1.2600.2726] . . c:\windows\system32\ole32.dll
[-] 2005-07-26 . AB8231D13692AC5088EB9C226B0C0576 . 1285120 . . [5.1.2600.2726] . . c:\windows\system32\dllcache\ole32.dll
[-] 2005-07-26 . A2F755E237FA2CDD748A80BFBE6657F3 . 1285632 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\ole32.dll
[-] 2005-04-28 . 7440D29F257B7E44329343F944F2142C . 1286144 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\ole32.dll
[-] 2005-04-28 . 5950E4F28FDA9D147576BF6798937397 . 1285120 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\ole32.dll
[-] 2005-01-14 . ABDEF60CED7C04AB35A415EFB6B96D81 . 1285120 . . [5.1.2600.2595] . . c:\windows\$NtUninstallKB894391$\ole32.dll
[-] 2005-01-14 . 2E752611C9A9AE1B6BFD0DA03CF7F17E . 1284608 . . [5.1.2600.2595] . . c:\windows\$hf_mig$\KB873333\SP2QFE\ole32.dll
[7] 2004-08-04 . 4FE9D9FA62D020E35E0AC6D1AEEB96F0 . 1281536 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB873333$\ole32.dll

[-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll
[-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\windows\system32\shsvcs.dll
[-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\windows\system32\dllcache\shsvcs.dll
[-] 2006-12-19 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
[7] 2004-08-04 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB928255$\shsvcs.dll

[-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$NtServicePackUninstall$\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\Driver Cache\i386\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\system32\dllcache\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\system32\drivers\aec.sys
[7] 2004-08-04 06:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtUninstallKB900485$\aec.sys

[7] 2010-09-18 07:18 . 842900DEDBC8E3E8DBCCCB298FD88F65 . 953856 . . [4.1.6151] . . c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll
[7] 2010-09-18 07:18 . 842900DEDBC8E3E8DBCCCB298FD88F65 . 953856 . . [4.1.6151] . . c:\windows\SoftwareDistribution\Download\b91377d1d56820d9d699c0c2dc7c8e80\SP3QFE\mfc40u.dll
[7] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\SoftwareDistribution\Download\b91377d1d56820d9d699c0c2dc7c8e80\SP3GDR\mfc40u.dll
[7] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\$NtUninstallKB2387149$\mfc40u.dll
[-] 2006-11-01 19:17 . 925F8B61ED301A317BA850EBEECBDAA0 . 927504 . . [4.1.0.61] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll
[-] 2006-11-01 19:17 . 925F8B61ED301A317BA850EBEECBDAA0 . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll
[-] 2006-11-01 19:17 . 925F8B61ED301A317BA850EBEECBDAA0 . 927504 . . [4.1.0.61] . . c:\windows\system32\dllcache\mfc40u.dll
[-] 2004-08-04 12:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\$NtUninstallKB924667$\mfc40u.dll

[-] 2007-02-05 . 36ACA6CDC19C95FF468A1426EB7F32F0 . 185344 . . [5.1.2600.3077] . . c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll
[-] 2007-02-05 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077] . . c:\windows\$NtServicePackUninstall$\upnphost.dll
[-] 2007-02-05 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077] . . c:\windows\system32\upnphost.dll
[-] 2007-02-05 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077] . . c:\windows\system32\dllcache\upnphost.dll
[7] 2004-08-04 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB931261$\upnphost.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-12 68856]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-05-14 67072]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-04-02 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-08-31 421160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 443968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 1 (0x1)
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoWelcomeScreen"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-31 11:39 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\MsgPlusLoader.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Nokia Ovi Suite.lnk]
backup=c:\windows\pss\Nokia Ovi Suite.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^User1^Start Menu^Programs^Startup^Xfire.lnk]
backup=c:\windows\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2007-08-08 07:51 148760 ----a-w- c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2007-08-08 08:00 1945424 ----a-w- c:\program files\Seagate\DiscWizard\TimounterMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-02 18:05 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-03-17 07:21 203928 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
2009-08-08 12:30 2980800 ----a-w- c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
2004-08-22 06:05 81920 ----a-w- c:\program files\D-Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop Calendar XP]
2007-01-16 19:36 471040 ----a-w- c:\program files\Desktop Calendar XP\Desktop Calendar XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiscWizardMonitor.exe]
2007-08-08 07:47 1169456 ----a-w- c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
2005-11-22 06:38 221184 ----a-w- c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo R310 Series]
2003-09-11 03:00 99840 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_S4I3F2.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EverioService]
2006-11-22 10:10 151552 ----a-w- c:\program files\CyberLink\PCM4Everio\EverioService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 14:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-11 10:34 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
2004-08-04 12:00 44032 ----a-w- c:\windows\ime\imkr6_1\imekrmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-04 12:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-12-11 21:31 1840424 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-08-31 22:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
2003-12-16 22:50 19968 ------w- c:\windows\LOGI_MWX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2004-08-04 12:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-12-02 04:29 2221352 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-11-05 21:25 570664 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia FastStart]
2008-10-17 08:18 2323680 ----a-w- c:\program files\Nokia\Nokia Music\NokiaMusic.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2008-12-03 01:47 1205760 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCCloneEX]
2008-06-09 07:53 4204032 ------w- c:\program files\PCCloneEX\PCCloneEX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PeerGuardian]
2007-01-29 14:39 1432064 ----a-w- c:\program files\PeerGuardian2\pg2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2004-08-04 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2004-08-04 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-09-06 05:09 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 00:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2009-03-04 07:39 1830128 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-10-12 00:22 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\PeerGuardian2\\pg2.exe"=
"c:\\Program Files\\Alcohol Soft\\Alcohol 120\\Alcohol.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\EGirl_v15\\EGirl_Loader.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\DVD Decrypter\\DVDDecrypter.exe"=
"c:\\Program Files\\DVD Shrink\\DVD Shrink 3.2.exe"=
"c:\\ijji\\ENGLISH\\u_sf\\soldierfront.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\CyberLink\\PCM4Everio\\PCM4Everio.exe"=
"c:\\Program Files\\CyberLink\\PCM4Everio\\EverioService.exe"=
"c:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=
"c:\\Documents and Settings\\User1\\Desktop\\TONY\\Xbins\\Xbins\\bin\\xbins.exe"=
"c:\\Program Files\\DVDFab Platinum 4\\DVDFabPlatinum.exe"=
"c:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Activision\\Wolfenstein\\MP\\Wolf2MP.exe"=
"c:\\Program Files\\Activision\\Wolfenstein\\MP\\Wolf2MPLite.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Documents and Settings\\User1\\My Documents\\dshutdown\\DShutdown\\RDShutdown.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2001:TCP"= 2001:TCP:dc++
"2000:UDP"= 2000:UDP:dc++
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800

R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [25/07/2005 6:37 PM 5248]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [4/02/2009 5:45 PM 5248]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26/04/2009 6:49 PM 685816]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [28/05/2008 11:33 AM 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [28/05/2008 11:33 AM 55024]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [1/11/2010 8:13 PM 93872]
S0 a347bus;a347bus;c:\windows\system32\DRIVERS\a347bus.sys --> c:\windows\system32\DRIVERS\a347bus.sys [?]
S0 d347bus;d347bus;c:\windows\system32\DRIVERS\d347bus.sys --> c:\windows\system32\DRIVERS\d347bus.sys [?]
S0 ztkbxvda;ztkbxvda; [x]
S2 EZWRIT3;EZWRIT3;c:\windows\system32\drivers\ezwrit3.sys [23/02/2007 2:46 PM 12672]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/02/2010 11:19 AM 135664]
S3 APLOADER;APLOADER;c:\windows\system32\drivers\ApLoader.SYS [23/02/2007 2:45 PM 21376]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe --> c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [?]
S3 Dual Mode;Dual Mode Video Capture;c:\windows\system32\drivers\CoachVc.sys [4/01/2007 1:48 AM 44928]
S3 MayPro;TigerGame SuperJoy Box Pro Filter Service;c:\windows\system32\drivers\Maypro.sys [31/05/2007 11:21 PM 12160]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [28/05/2008 11:33 AM 7408]
S3 sdAuxService;Spyware Doctor Auxiliary Service;c:\program files\Spyware Doctor\svcntaux.exe [18/05/2007 11:24 PM 708176]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [13/10/2006 7:18 PM 223128]
S4 Perpeervc;Perpeervc;c:\windows\system32\EPSTP32U.EXE [9/04/2004 6:06 AM 892928]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-10-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 01:50]

2010-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 00:12]

2010-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 00:12]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultUrl =
uStart Page = hxxp://www.dodo.com.au/
uSearchURL,(Default) = hxxp://www.accoona.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949}
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
FF - ProfilePath - c:\documents and settings\User1\Application Data\Mozilla\Firefox\Profiles\6aecx7x9.julie\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 81
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
FF - component: c:\documents and settings\User1\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\components\PlaySushiFF.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npnul32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPOFF12.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppdf32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
c:\progra~1\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\progra~1\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\progra~1\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\progra~1\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\progra~1\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\progra~1\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\progra~1\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\progra~1\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\progra~1\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\progra~1\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\progra~1\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

Notify-dimsntfy - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-14 17:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1220945662-1532298954-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{42F7913E-DCED-900F-61DE-39C97326557E}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1220945662-1532298954-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:99,a0,a2,16,d4,df,47,17,f4,f5,99,0e,84,23,fa,f5,68,3c,f4,ba,00,dc,09,
e4,0a,be,d3,1d,e2,fa,5d,6f,0a,36,57,23,7c,ba,da,fa,f6,64,4e,83,0f,b1,01,0b,\
"??"=hex:c1,60,1f,b9,56,6f,c7,85,eb,0b,21,2f,04,b8,6f,83

[HKEY_USERS\S-1-5-21-1220945662-1532298954-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:59,53,1c,5f,43,06,44,30,03,cd,b8,73,12,04,03,97,93,fe,4f,bd,47,
50,a3,7f,d8,50,1c,45,b3,a6,f6,2e,0c,9d,03,66,bf,13,5e,13,ab,dd,a4,8b,ee,a6,\
"rkeysecu"=hex:59,27,7a,7e,e9,f6,d3,63,af,88,b2,41,e1,cb,a3,86

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(804)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(1488)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Seagate\Schedule2\schedul2.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\UAService7.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Nokia\PC Connectivity Solution\ServiceLayer.exe
c:\program files\Nokia\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Completion time: 2010-11-14 17:15:05 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-14 06:15
ComboFix2.txt 2010-11-07 01:44

Pre-Run: 66,305,253,376 bytes free
Post-Run: 66,327,183,360 bytes free

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - FA7F1167E1FF8167F4EE582AE631D5F7

Thanks for taking the time to help
avg will not reinstall keeps giving errors actually nothing would install had to redownload the microsoft installer for windows to install revo uninstaller pro. but revo doesnt show avg

Regards
tonyjh

Edited by tonyjh, 14 November 2010 - 03:26 AM.

[Thunderbird1988]

Hello,

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::

Folder::

Registry::

Fcopy::

c:\windows\$NtUninstallKB930916$\ntfs.sys|c:\windows\system32\drivers\ntfs.sys
c:\windows\$NtUninstallKB905414$\netman.dll|c:\windows\system32\netman.dll
c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll|c:\windows\system32\rpcss.dll
c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe|c:\windows\system32\spoolsv.exe
c:\windows\SoftwareDistribution\Download\21cbd3f70584651805685eba1753505f\SP3QFE\comctl32.dll|c:\windows\system32\comctl32.dll
c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll|c:\windows\system32\kernel32.dll
c:\windows\$NtUninstallKB900725$\linkinfo.dll|c:\windows\$NtUninstallKB900725$\linkinfo.dll
c:\windows\$NtUninstallKB893756$\tapisrv.dll|c:\windows\system32\tapisrv.dll
c:\windows\$NtUninstallKB890859$\user32.dll|c:\windows\system32\user32.dll
c:\windows\$NtUninstallKB938828$\explorer.exe|c:\windows\explorer.exe
c:\windows\$hf_mig$\KB979687\SP3QFE\ole32.dll|c:\windows\system32\ole32.dll
c:\windows\$NtUninstallKB928255$\shsvcs.dll|c:\windows\system32\shsvcs.dll
c:\windows\$NtUninstallKB900485$\aec.sys|c:\windows\system32\drivers\aec.sys
c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll|c:\windows\system32\mfc40u.dll
c:\windows\$NtUninstallKB931261$\upnphost.dll|c:\windows\system32\upnphost.dll

Driver::

ztkbxvda

Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Please tell me also if your computer is running better now.

Thunderbird1988

[tonyjh]

Here is the latest log

ComboFix 10-11-15.05 - User1 16/11/2010 20:23:13.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1033.18.1023.545 [GMT 11:00]
Running from: c:\documents and settings\User1\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\User1\Desktop\CFScript.txt
.
ADS - system32: deleted 40 bytes in 1 streams.
ADS - WINDOWS: deleted 48 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\windows\$NtUninstallKB930916$\ntfs.sys --> c:\windows\system32\drivers\ntfs.sys
c:\windows\$NtUninstallKB905414$\netman.dll --> c:\windows\system32\netman.dll
c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll --> c:\windows\system32\rpcss.dll
c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe --> c:\windows\system32\spoolsv.exe
c:\windows\SoftwareDistribution\Download\21cbd3f70584651805685eba1753505f\SP3QFE\comctl32.dll --> c:\windows\system32\comctl32.dll
c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll --> c:\windows\system32\kernel32.dll
c:\windows\$NtUninstallKB893756$\tapisrv.dll --> c:\windows\system32\tapisrv.dll
c:\windows\$NtUninstallKB890859$\user32.dll --> c:\windows\system32\user32.dll
c:\windows\$NtUninstallKB938828$\explorer.exe --> c:\windows\explorer.exe
c:\windows\$hf_mig$\KB979687\SP3QFE\ole32.dll --> c:\windows\system32\ole32.dll
c:\windows\$NtUninstallKB928255$\shsvcs.dll --> c:\windows\system32\shsvcs.dll
c:\windows\$NtUninstallKB900485$\aec.sys --> c:\windows\system32\drivers\aec.sys
c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll --> c:\windows\system32\mfc40u.dll
c:\windows\$NtUninstallKB931261$\upnphost.dll --> c:\windows\system32\upnphost.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ZTKBXVDA
-------\Service_ztkbxvda


((((((((((((((((((((((((( Files Created from 2010-10-16 to 2010-11-16 )))))))))))))))))))))))))))))))
.

2010-11-14 08:58 . 2010-11-14 08:58 -------- d-----w- c:\documents and settings\User1\Local Settings\Application Data\VS Revo Group
2010-11-14 08:58 . 2009-12-30 00:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2010-11-14 08:58 . 2010-11-14 08:58 -------- d-----w- c:\program files\VS Revo Group
2010-11-14 06:35 . 2010-11-14 06:35 -------- d-----w- C:\AVGInstLog
2010-11-13 13:02 . 2010-11-13 13:03 -------- d-----w- c:\documents and settings\User1\Local Settings\Application Data\Temp
2010-11-13 10:57 . 2006-10-22 04:06 208896 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-11-13 10:56 . 2010-11-13 10:56 -------- d-----w- C:\NVIDIA
2010-11-11 07:21 . 2010-11-11 09:04 -------- d-----w- c:\documents and settings\User1\DoctorWeb
2010-11-11 06:52 . 2010-11-11 06:52 -------- d-----w- C:\_OTL
2010-11-08 02:41 . 2010-11-08 02:43 -------- d-----w- c:\program files\Hidden Expedition Titanic
2010-11-08 02:41 . 2010-11-08 02:41 -------- d-----w- c:\program files\ReflexiveArcade
2010-11-08 02:14 . 2010-11-08 02:14 -------- d-----w- c:\program files\GameHouse
2010-11-08 02:07 . 2000-01-14 16:14 45568 ----a-w- c:\windows\UniFish3.exe
2010-11-08 02:07 . 2010-11-08 02:07 -------- d-----w- c:\program files\Hasbro Interactive
2010-11-02 05:22 . 2010-08-13 12:53 5120 ------w- c:\windows\system32\xpsp4res.dll
2010-11-02 05:07 . 2008-10-16 03:06 208744 ----a-w- c:\windows\system32\muweb.dll
2010-11-02 05:07 . 2008-10-16 03:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2010-11-02 05:07 . 2009-08-06 08:24 44768 ----a-w- c:\windows\system32\wups2.dll
2010-11-02 05:07 . 2009-08-06 08:24 35552 -c--a-w- c:\windows\system32\dllcache\wups.dll
2010-11-02 05:07 . 2009-08-06 08:24 35552 ----a-w- c:\windows\system32\wups.dll
2010-11-02 05:07 . 2008-10-16 03:13 202776 ----a-w- c:\windows\system32\wuweb.dll
2010-11-02 05:07 . 2008-10-16 03:12 323608 ----a-w- c:\windows\system32\wucltui.dll
2010-11-02 05:07 . 2008-10-16 03:13 1809944 ----a-w- c:\windows\system32\wuaueng.dll
2010-11-02 05:07 . 2008-10-16 03:12 561688 ----a-w- c:\windows\system32\wuapi.dll
2010-11-02 05:07 . 2008-10-16 03:12 213528 ----a-w- c:\windows\system32\wuaucpl.cpl
2010-11-02 05:07 . 2008-10-16 03:09 92696 ----a-w- c:\windows\system32\cdm.dll
2010-11-02 05:07 . 2008-10-16 03:09 51224 ----a-w- c:\windows\system32\wuauclt.exe
2010-11-01 09:13 . 2009-09-07 03:02 27944 ----a-w- c:\windows\system32\sbbd.exe
2010-11-01 09:13 . 2009-08-05 04:58 93872 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-11-01 09:12 . 2010-11-01 14:27 -------- d-----w- C:\VIPRERESCUE
2010-10-29 17:43 . 2010-10-29 17:43 191 ----a-w- c:\documents and settings\User1\Application Data\ahfg.bat
2010-10-28 06:47 . 2010-10-28 06:50 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-10-26 11:43 . 2010-10-26 11:43 -------- d-----w- c:\documents and settings\User1\Application Data\BBA3C47041CC05CF5F7CEAE09FFAF8B6
2010-10-26 05:58 . 2010-10-26 05:58 -------- d-----w- c:\documents and settings\All Users\Application Data\The Learning Company

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 07:18 . 2009-02-01 07:12 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-18 06:53 . 2004-08-04 12:00 954368 ------w- c:\windows\system32\mfc40.dll
2010-09-18 01:23 . 2004-08-04 12:00 974848 ------w- c:\windows\system32\mfc42u.dll
2010-09-09 13:38 . 2004-08-04 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 13:38 . 2004-08-04 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2010-08-23 16:12 . 2009-02-01 07:12 617472 ----a-w- c:\windows\system32\comctl32.dll
2007-05-25 23:26 . 2008-06-05 05:34 403856 ----a-w- c:\program files\un_Star Defender 4_26816.exe
2005-01-29 00:25 . 2005-01-29 00:25 8956040 ----a-w- c:\program files\InstallSnSBingo.exe
.

------- Sigcheck -------

[-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\system32\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\system32\dllcache\linkinfo.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-12 68856]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-05-14 67072]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-04-02 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-08-31 421160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 443968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 1 (0x1)
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoWelcomeScreen"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-31 11:39 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\MsgPlusLoader.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Nokia Ovi Suite.lnk]
backup=c:\windows\pss\Nokia Ovi Suite.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^User1^Start Menu^Programs^Startup^Xfire.lnk]
backup=c:\windows\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2007-08-08 07:51 148760 ----a-w- c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2007-08-08 08:00 1945424 ----a-w- c:\program files\Seagate\DiscWizard\TimounterMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-02 18:05 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-03-17 07:21 203928 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
2009-08-08 12:30 2980800 ----a-w- c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
2004-08-22 06:05 81920 ----a-w- c:\program files\D-Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop Calendar XP]
2007-01-16 19:36 471040 ----a-w- c:\program files\Desktop Calendar XP\Desktop Calendar XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiscWizardMonitor.exe]
2007-08-08 07:47 1169456 ----a-w- c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
2005-11-22 06:38 221184 ----a-w- c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo R310 Series]
2003-09-11 03:00 99840 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_S4I3F2.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EverioService]
2006-11-22 10:10 151552 ----a-w- c:\program files\CyberLink\PCM4Everio\EverioService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 14:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-11 10:34 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
2004-08-04 12:00 44032 ----a-w- c:\windows\ime\imkr6_1\imekrmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-04 12:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-12-11 21:31 1840424 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-08-31 22:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
2003-12-16 22:50 19968 ------w- c:\windows\LOGI_MWX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2004-08-04 12:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-12-02 04:29 2221352 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-11-05 21:25 570664 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia FastStart]
2008-10-17 08:18 2323680 ----a-w- c:\program files\Nokia\Nokia Music\NokiaMusic.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2008-12-03 01:47 1205760 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCCloneEX]
2008-06-09 07:53 4204032 ------w- c:\program files\PCCloneEX\PCCloneEX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PeerGuardian]
2007-01-29 14:39 1432064 ----a-w- c:\program files\PeerGuardian2\pg2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2004-08-04 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2004-08-04 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-09-06 05:09 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 00:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2009-03-04 07:39 1830128 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-10-12 00:22 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\PeerGuardian2\\pg2.exe"=
"c:\\Program Files\\Alcohol Soft\\Alcohol 120\\Alcohol.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\EGirl_v15\\EGirl_Loader.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\DVD Decrypter\\DVDDecrypter.exe"=
"c:\\Program Files\\DVD Shrink\\DVD Shrink 3.2.exe"=
"c:\\ijji\\ENGLISH\\u_sf\\soldierfront.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\CyberLink\\PCM4Everio\\PCM4Everio.exe"=
"c:\\Program Files\\CyberLink\\PCM4Everio\\EverioService.exe"=
"c:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=
"c:\\Documents and Settings\\User1\\Desktop\\TONY\\Xbins\\Xbins\\bin\\xbins.exe"=
"c:\\Program Files\\DVDFab Platinum 4\\DVDFabPlatinum.exe"=
"c:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Activision\\Wolfenstein\\MP\\Wolf2MP.exe"=
"c:\\Program Files\\Activision\\Wolfenstein\\MP\\Wolf2MPLite.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Documents and Settings\\User1\\My Documents\\dshutdown\\DShutdown\\RDShutdown.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2001:TCP"= 2001:TCP:dc++
"2000:UDP"= 2000:UDP:dc++
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800

R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [25/07/2005 6:37 PM 5248]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [4/02/2009 5:45 PM 5248]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26/04/2009 6:49 PM 685816]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [28/05/2008 11:33 AM 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [28/05/2008 11:33 AM 55024]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [1/11/2010 8:13 PM 93872]
S0 a347bus;a347bus;c:\windows\system32\DRIVERS\a347bus.sys --> c:\windows\system32\DRIVERS\a347bus.sys [?]
S0 d347bus;d347bus;c:\windows\system32\DRIVERS\d347bus.sys --> c:\windows\system32\DRIVERS\d347bus.sys [?]
S2 EZWRIT3;EZWRIT3;c:\windows\system32\drivers\ezwrit3.sys [23/02/2007 2:46 PM 12672]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/02/2010 11:19 AM 135664]
S3 APLOADER;APLOADER;c:\windows\system32\drivers\ApLoader.SYS [23/02/2007 2:45 PM 21376]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe --> c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [?]
S3 Dual Mode;Dual Mode Video Capture;c:\windows\system32\drivers\CoachVc.sys [4/01/2007 1:48 AM 44928]
S3 MayPro;TigerGame SuperJoy Box Pro Filter Service;c:\windows\system32\drivers\Maypro.sys [31/05/2007 11:21 PM 12160]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [14/11/2010 7:58 PM 27064]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [28/05/2008 11:33 AM 7408]
S3 sdAuxService;Spyware Doctor Auxiliary Service;c:\program files\Spyware Doctor\svcntaux.exe [18/05/2007 11:24 PM 708176]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [13/10/2006 7:18 PM 223128]
S4 Perpeervc;Perpeervc;c:\windows\system32\EPSTP32U.EXE [9/04/2004 6:06 AM 892928]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-10-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 01:50]

2010-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 00:12]

2010-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 00:12]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultUrl =
uStart Page = hxxp://www.dodo.com.au/
uSearchURL,(Default) = hxxp://www.accoona.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949}
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
FF - ProfilePath - c:\documents and settings\User1\Application Data\Mozilla\Firefox\Profiles\6aecx7x9.julie\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 81
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
FF - component: c:\documents and settings\User1\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\components\PlaySushiFF.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npnul32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPOFF12.DLL
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
c:\progra~1\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\progra~1\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\progra~1\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\progra~1\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\progra~1\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\progra~1\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\progra~1\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\progra~1\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\progra~1\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\progra~1\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\progra~1\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-16 20:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1220945662-1532298954-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{42F7913E-DCED-900F-61DE-39C97326557E}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1220945662-1532298954-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:99,a0,a2,16,d4,df,47,17,f4,f5,99,0e,84,23,fa,f5,68,3c,f4,ba,00,dc,09,
e4,0a,be,d3,1d,e2,fa,5d,6f,0a,36,57,23,7c,ba,da,fa,f6,64,4e,83,0f,b1,01,0b,\
"??"=hex:c1,60,1f,b9,56,6f,c7,85,eb,0b,21,2f,04,b8,6f,83

[HKEY_USERS\S-1-5-21-1220945662-1532298954-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:59,53,1c,5f,43,06,44,30,03,cd,b8,73,12,04,03,97,93,fe,4f,bd,47,
50,a3,7f,d8,50,1c,45,b3,a6,f6,2e,0c,9d,03,66,bf,13,5e,13,ab,dd,a4,8b,ee,a6,\
"rkeysecu"=hex:59,27,7a,7e,e9,f6,d3,63,af,88,b2,41,e1,cb,a3,86

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(804)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2072)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Seagate\Schedule2\schedul2.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\UAService7.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\SOUNDMAN.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\Nokia\PC Connectivity Solution\ServiceLayer.exe
c:\program files\Nokia\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Completion time: 2010-11-16 20:50:53 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-16 09:50
ComboFix2.txt 2010-11-14 06:15
ComboFix3.txt 2010-11-07 01:44

Pre-Run: 60,353,191,936 bytes free
Post-Run: 60,363,776,000 bytes free

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - CFBFEBDC88824FDA9A452D3A82C089F1

will let you know about how windows performs.

Regards
tonyjh

[tonyjh]

Follow up

Windows is performing quite alot better (Thank You)
the shutdown window opens almost instanly.
and the machine shuts down or restarts very quickly.
I still have a problem of no antivirus installed, as something is stopping me from reinstalling avg or the microsoft one.
The avg free install exe starts working but fails and removes itself. the microsoft one also fails to install

Any help Greatly Appreciated
Regards
tonyjh

[Thunderbird1988]

Can you try AVG Remover to clean out the remnants of AVG?

[tonyjh]

Update

Ran the avg unistall program that seemed to work as i could reinstall avg again.

THANK YOU for all your help

The computer is running quite well I have reinstalled avg and it completed without any errors.

Regards
tonyjh

[Thunderbird1988]

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

• Download OTC to your desktop and run it
• Click Yes to beginning the Cleanup process and remove these components, including this application.
• You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

Please follow the link in my signature to read about how to protect your computer against infections.

Thunderbird1988

[Thunderbird1988]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.