I'll start with the Mbam log
Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 2
11/27/2009 1:19:01 AM
mbam-log-2009-11-27 (01-19-01).txt
Scan type: Quick Scan
Objects scanned: 97246
Time elapsed: 1 minute(s), 20 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Then Root Repeal
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/27 01:09
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================
Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB656C000 Size: 98304 File Visible: No Signed: -
Status: -
Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBAE20000 Size: 8192 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB3523000 Size: 49152 File Visible: No Signed: -
Status: -
SSDT
-------------------
#: 031 Function Name: NtConnectPort
Status: Hooked by "<unknown>" at address 0xe2a04fc0
==EOF==
OTL
OTL logfile created on: 11/27/2009 1:12:38 AM - Run 1
OTL by OldTimer - Version 3.1.11.0 Folder = C:\Documents and Settings\ARVIN\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.02 Gb Available Physical Memory | 50.96% Memory free
3.85 Gb Paging File | 2.85 Gb Available in Paging File | 74.05% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 274.24 Gb Free Space | 92.00% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 298.09 Gb Total Space | 233.50 Gb Free Space | 78.33% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: 469401D6077B428
Current User Name: ARVIN
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2009/11/27 01:11:29 | 00,532,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ARVIN\Desktop\OTL.exe
PRC - [2009/11/27 01:08:30 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\ARVIN\Desktop\RootRepeal.exe
PRC - [2009/11/12 07:11:40 | 00,921,072 | ---- | M] (Google Inc.) -- C:\Documents and Settings\ARVIN\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2009/11/12 07:11:40 | 00,921,072 | ---- | M] (Google Inc.) -- C:\Documents and Settings\ARVIN\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2009/11/12 07:11:40 | 00,921,072 | ---- | M] (Google Inc.) -- C:\Documents and Settings\ARVIN\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2009/11/12 07:11:40 | 00,921,072 | ---- | M] (Google Inc.) -- C:\Documents and Settings\ARVIN\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2009/10/28 20:21:26 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/08/28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/05/11 20:10:47 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/03/18 18:50:30 | 00,079,088 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
PRC - [2007/04/19 12:26:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2006/12/14 17:49:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2006/01/13 09:47:35 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2006/01/13 09:46:46 | 01,075,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/01/13 09:37:23 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2004/03/12 22:17:46 | 01,221,864 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2004/03/12 22:17:10 | 00,029,928 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2004/02/29 23:44:54 | 00,242,808 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2004/02/29 23:44:48 | 00,255,096 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
========== Modules (SafeList) ==========
MOD - [2009/11/27 01:11:29 | 00,532,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ARVIN\Desktop\OTL.exe
MOD - [2006/01/13 09:10:05 | 01,053,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2649_x-ww_aac16c8b\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/08/28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/05/11 20:10:47 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2007/04/19 12:26:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2006/12/23 17:54:04 | 00,262,144 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2006/12/14 17:49:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2006/10/27 07:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006/10/27 02:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 21:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/01/13 09:13:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf)
SRV - [2004/03/12 22:18:06 | 00,169,192 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2004/03/12 22:17:46 | 01,221,864 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2004/03/12 22:17:10 | 00,029,928 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2004/03/11 21:58:32 | 00,193,760 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2004/02/29 23:44:54 | 00,242,808 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2004/02/29 23:44:52 | 00,087,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2004/02/29 23:44:48 | 00,255,096 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..extensions.enabledItems: [email protected]:0.5.3.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.0.2
FF - prefs.js..extensions.enabledItems: {c9c58820-7bd4-11da-a72b-0800200c9a66}:2.20090109
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/05/11 20:10:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/29 12:52:13 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/29 12:52:13 | 00,000,000 | ---D | M]
[2009/05/11 20:19:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ARVIN\Application Data\Mozilla\Extensions
[2009/11/23 23:29:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ARVIN\Application Data\Mozilla\Firefox\Profiles\1grcszeb.default\extensions
[2009/06/12 00:25:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ARVIN\Application Data\Mozilla\Firefox\Profiles\1grcszeb.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
[2009/06/20 23:26:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ARVIN\Application Data\Mozilla\Firefox\Profiles\1grcszeb.default\extensions\{c9c58820-7bd4-11da-a72b-0800200c9a66}
[2009/09/09 10:44:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ARVIN\Application Data\Mozilla\Firefox\Profiles\1grcszeb.default\extensions\[email protected]
[2009/11/12 20:06:17 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/10/27 03:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 58.69.254.145 58.69.254.44 58.69.254.80
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: TaskMan - (C:\RECYCLER\S-1-5-21-4896368480-5184878122-834467489-5045\MsMxEng.exe) - C:\RECYCLER\S-1-5-21-4896368480-5184878122-834467489-5045\MsMxEng.exe ()
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/12 00:17:33 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/05/30 10:26:14 | 00,000,000 | ---D | M] - F:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{0b793508-3f8d-11de-88c3-001bfcaec328}\Shell\AutoRun\command - "" = RECYCLER\S-51-9-25-3434476501-1644491939-601013333-1214\Swrb.exe
O33 - MountPoints2\{0b793508-3f8d-11de-88c3-001bfcaec328}\Shell\open\command - "" = RECYCLER\S-51-9-25-3434476501-1644491939-601013333-1214\Swrb.exe
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/05/12 01:00:45 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (53765169410473984)
========== Files/Folders - Created Within 14 Days ==========
[2009/11/27 01:11:25 | 00,532,992 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ARVIN\Desktop\OTL.exe
[2009/11/27 01:08:27 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\ARVIN\Desktop\RootRepeal.exe
[2009/11/27 00:58:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/11/27 00:57:57 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/11/27 00:53:33 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\ARVIN\Recent
[2009/11/20 11:49:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2009/11/20 10:31:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/11/20 10:30:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ARVIN\Application Data\SUPERAntiSpyware.com
[2009/11/20 10:30:56 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/11/20 10:30:11 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/11/18 15:53:39 | 00,201,728 | ---- | C] (ScreenTime Media) -- C:\WINDOWS\System32\HP6_screensaver_train_PC.scr
[2009/11/18 15:53:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\HP6_screensaver_train_PC dir
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\ARVIN\*.tmp files -> C:\Documents and Settings\ARVIN\*.tmp -> ]
========== Files - Modified Within 14 Days ==========
[2009/11/27 01:11:29 | 00,532,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ARVIN\Desktop\OTL.exe
[2009/11/27 01:08:33 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\ARVIN\Desktop\settings.dat
[2009/11/27 01:08:30 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\ARVIN\Desktop\RootRepeal.exe
[2009/11/27 00:57:58 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\ARVIN\Desktop\NTREGOPT.lnk
[2009/11/27 00:57:58 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\ARVIN\Desktop\ERUNT.lnk
[2009/11/27 00:55:00 | 00,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-1425521274-725345543-1003UA.job
[2009/11/27 00:13:38 | 00,360,124 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/27 00:13:38 | 00,314,838 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/27 00:13:38 | 00,041,040 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/27 00:09:15 | 00,088,723 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/11/27 00:09:13 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/27 00:09:11 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/26 23:56:33 | 02,883,584 | -H-- | M] () -- C:\Documents and Settings\ARVIN\NTUSER.DAT
[2009/11/26 23:56:33 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\ARVIN\ntuser.ini
[2009/11/26 02:28:12 | 04,279,666 | -H-- | M] () -- C:\Documents and Settings\ARVIN\Local Settings\Application Data\IconCache.db
[2009/11/25 23:08:48 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/24 02:14:00 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/11/23 00:43:43 | 00,098,304 | ---- | M] () -- C:\Documents and Settings\ARVIN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/22 21:55:02 | 00,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-1425521274-725345543-1003Core.job
[2009/11/22 20:16:25 | 00,000,010 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2009/11/20 15:44:03 | 00,000,573 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/11/20 15:44:03 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/11/20 15:44:03 | 00,000,210 | -HS- | M] () -- C:\boot.ini
[2009/11/20 10:30:57 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/11/20 09:52:46 | 09,232,742 | ---- | M] () -- C:\Documents and Settings\ARVIN\My Documents\Monteluce 11-6-09.pdf
[2009/11/18 15:53:39 | 00,201,728 | ---- | M] (ScreenTime Media) -- C:\WINDOWS\System32\HP6_screensaver_train_PC.scr
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\ARVIN\*.tmp files -> C:\Documents and Settings\ARVIN\*.tmp -> ]
========== Files Created - No Company Name ==========
[2009/11/27 01:08:33 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\ARVIN\Desktop\settings.dat
[2009/11/27 00:57:58 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\ARVIN\Desktop\NTREGOPT.lnk
[2009/11/27 00:57:58 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\ARVIN\Desktop\ERUNT.lnk
[2009/11/24 01:21:03 | 03,391,574 | ---- | C] () -- C:\Documents and Settings\ARVIN\Desktop\EssenceRO.exe
[2009/11/20 10:30:57 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/11/20 09:50:38 | 09,232,742 | ---- | C] () -- C:\Documents and Settings\ARVIN\My Documents\Monteluce 11-6-09.pdf
[2009/07/31 01:21:30 | 00,001,356 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2009/05/12 01:05:05 | 00,005,810 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009/05/12 00:26:01 | 00,010,041 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/05/12 00:25:53 | 00,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009/05/12 00:21:59 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/05/11 18:40:11 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2009/05/11 18:34:25 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/05/11 18:34:23 | 00,098,304 | ---- | C] () -- C:\Documents and Settings\ARVIN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/04/19 12:26:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/04/19 12:26:00 | 01,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/04/19 12:26:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/04/19 12:26:00 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2007/04/19 12:26:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/04/19 12:26:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/04/19 12:26:00 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/01/13 10:02:21 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/01/13 09:55:15 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2006/01/13 09:55:02 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2006/01/13 09:52:59 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\CopyToSendTo.dll
[2006/01/13 09:52:17 | 00,745,472 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/01/13 09:40:44 | 01,163,264 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2006/01/13 09:40:28 | 01,040,384 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2006/01/13 09:39:33 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\vorbisfile.dll
[2006/01/13 09:38:40 | 00,394,240 | ---- | C] () -- C:\WINDOWS\System32\HMTCD.dll
[2006/01/13 09:33:47 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2006/01/13 09:33:47 | 00,000,609 | ---- | C] () -- C:\WINDOWS\System32\OEMinfo.ini
========== LOP Check ==========
[2009/11/20 11:49:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2009/10/28 01:02:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/06/02 23:30:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ARVIN\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/11/26 02:28:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ARVIN\Application Data\uTorrent
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< MD5 for: ATAPI.SYS >
[2006/01/06 23:53:12 | 00,095,616 | ---- | M] (Microsoft Corporation) MD5=C4B52426B79C6F6664B70B8E63B1B837 -- C:\WINDOWS\system32\drivers\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2006/01/13 09:31:39 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll
< MD5 for: IASTOR.SYS >
[2005/06/17 15:33:40 | 00,872,064 | ---- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\D\M\IN\1\iastor.sys
< MD5 for: NETLOGON.DLL >
[2006/01/13 09:59:53 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll
< MD5 for: NVATA.SYS >
[2005/05/26 19:06:22 | 00,092,800 | ---- | M] (NVIDIA Corporation) MD5=33C5D977343D5A696B5CB2CC57E3A795 -- C:\D\M\N\4I\nvata.sys
[2005/05/17 23:45:08 | 00,092,800 | ---- | M] (NVIDIA Corporation) MD5=DCE353985C988BFB7E84FD942068151F -- C:\D\M\N\4A\nvata.sys
< MD5 for: NVATABUS.SYS >
[2005/05/26 19:06:22 | 00,092,800 | ---- | M] (NVIDIA Corporation) MD5=33C5D977343D5A696B5CB2CC57E3A795 -- C:\D\M\N\4IR\nvatabus.sys
[2005/02/12 00:11:02 | 00,089,856 | ---- | M] (NVIDIA Corporation) MD5=83F0275A21D9772B51CEF57E35AFAE61 -- C:\D\M\N\123\NvAtaBus.sys
[2005/05/17 23:45:08 | 00,092,800 | ---- | M] (NVIDIA Corporation) MD5=DCE353985C988BFB7E84FD942068151F -- C:\D\M\N\4AR\nvatabus.sys
< MD5 for: SCECLI.DLL >
[2006/01/13 09:22:33 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
< MD5 for: VIAMRAID.SYS >
[2005/06/21 00:53:30 | 00,060,928 | ---- | M] (VIA Technologies inc,.ltd) MD5=0363E216E4EB5052969C96608934DBDE -- C:\D\M\V\1\viamraid.sys
< MD5 for: VIASRAID.SYS >
[2003/10/31 18:22:38 | 00,077,312 | R--- | M] (VIA Technologies inc,.ltd) MD5=EBE101C01D80A42868F57B327BE1B564 -- C:\D\M\V\1\viasraid.sys
< End of report >
Also I use Google Chrome, in case it has anything to do with it. Its been 2 weeks, and I getting really pissed at it. It now has startup popups.