infections galore

Good :)

Please, uninstall Eusing Free Registry Cleaner, Error Fix and Registry Mechanic (if present).
Registry tools are not recommended and here is why: http://miekiemoes.blogspot.com/2008/...eaking_13.html

=================================================================

1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:

---

Folder::
c:\program files\IObit
c:\documents and settings\Goody Two Shoes\Application Data\IObit
c:\documents and settings\Goody Two Shoes\Application Data\Registry Mechanic
c:\program files\Eusing Free Registry Cleaner
c:\documents and settings\Goody Two Shoes\Application Data\Uniblue
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix
c:\program files\Error Fix
c:\documents and settings\LocalService\Local Settings\Application Data\ywbakvqxv

---

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

https://discussions.virtualdr.com/im.../2016/03/2.gif


6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt

do I uninstall them and THEN follow steps 1, and 2?
or just follow steps 1 and 2?

Uninstall first.

Thanks,
It didn't ask to reboot
should I?

If it created any log, no.
If it didn't, reboot.

ok it's fine here's the log:

ComboFix 10-08-17.02 - Goody Two Shoes 08/17/2010 22:37:57.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.735.466 [GMT 1:00]
Running from: c:\documents and settings\Goody Two Shoes\Desktop\Broni.exe
Command switches used :: c:\documents and settings\Goody Two Shoes\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Goody Two Shoes\Application Data\Error Fix
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\Logs\2010-08-07 20-39-030.log
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\filelist.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-0.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-1.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-10.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-100.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-101.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-102.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-103.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-104.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-105.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-106.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-107.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-108.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-109.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-11.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-110.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-111.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-112.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-113.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-114.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-115.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-116.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-117.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-118.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-119.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-12.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-120.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-121.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-122.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-123.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-124.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-125.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-126.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-127.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-128.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-129.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-13.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-130.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-131.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-132.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-133.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-134.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-135.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-136.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-137.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-138.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-139.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-14.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-140.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-141.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-142.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-143.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-144.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-145.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-146.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-147.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-148.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-149.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-15.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-150.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-151.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-152.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-16.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-17.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-18.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-19.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-2.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-20.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-21.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-22.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-23.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-24.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-25.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-26.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-27.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-28.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-29.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-3.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-30.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-31.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-32.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-33.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-34.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-35.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-36.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-37.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-38.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-39.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-4.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-40.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-41.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-42.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-43.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-44.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-45.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-46.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-47.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-48.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-49.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-5.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-50.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-51.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-52.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-53.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-54.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-55.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-56.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-57.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-58.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-59.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-6.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-60.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-61.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-62.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-63.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-64.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-65.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-66.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-67.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-68.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-69.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-7.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-70.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-71.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-72.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-73.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-74.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-75.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-76.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-77.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-78.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-79.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-8.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-80.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-81.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-82.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-83.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-84.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-85.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-86.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-87.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-88.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-89.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-9.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-90.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-91.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-92.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-93.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-94.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-95.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-96.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-97.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-98.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-99.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\Results\Evidence.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\Results\Junk.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\Results\Registry.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\Results\Update.db

c:\documents and settings\Goody Two Shoes\Application Data\IObit
c:\documents and settings\Goody Two Shoes\Application Data\IObit\Advanced SystemCare\Backup.ini
c:\documents and settings\Goody Two Shoes\Application Data\IObit\Advanced SystemCare\Backup\doujke.reg
c:\documents and settings\Goody Two Shoes\Application Data\IObit\Advanced SystemCare\Backup\dutwlm.reg
c:\documents and settings\Goody Two Shoes\Application Data\IObit\Advanced SystemCare\Backup\idrbde.reg
c:\documents and settings\Goody Two Shoes\Application Data\IObit\Advanced SystemCare\Backup\mgecqk.reg
c:\documents and settings\Goody Two Shoes\Application Data\IObit\Advanced SystemCare\Fav.ico
c:\documents and settings\Goody Two Shoes\Application Data\IObit\Advanced SystemCare\Ignore.ini
c:\documents and settings\Goody Two Shoes\Application Data\IObit\Advanced SystemCare\Main.ini
c:\documents and settings\Goody Two Shoes\Application Data\Registry Mechanic
c:\documents and settings\Goody Two Shoes\Application Data\Registry Mechanic\SystemReport.txt
c:\documents and settings\Goody Two Shoes\Application Data\Uniblue
c:\documents and settings\Goody Two Shoes\Application Data\Uniblue\RegistryBooster\backup\20100807.205929.zip
c:\documents and settings\Goody Two Shoes\Application Data\Uniblue\RegistryBooster\error.log
c:\documents and settings\Goody Two Shoes\Application Data\Uniblue\RegistryBooster\history\20100807-205849_repair.xml
c:\documents and settings\Goody Two Shoes\Application Data\Uniblue\RegistryBooster\history\latest_scan_results.html
c:\documents and settings\Goody Two Shoes\Application Data\Uniblue\RegistryBooster\last_scan.dat
c:\documents and settings\Goody Two Shoes\Application Data\Uniblue\RegistryBooster\settings.dat
c:\documents and settings\Goody Two Shoes\Application Data\Uniblue\RegistryBooster\track_installs.txt
c:\documents and settings\LocalService\Local Settings\Application Data\ywbakvqxv
c:\program files\Error Fix
c:\program files\Error Fix\PW\general.html
c:\program files\Error Fix\PW\optimizations.html
c:\program files\Error Fix\PW\privacy.html
c:\program files\Error Fix\PW\scheduler.html
c:\program files\Error Fix\PW\startup.html
c:\program files\Error Fix\PW\wizard.css
c:\program files\Eusing Free Registry Cleaner
c:\program files\Eusing Free Registry Cleaner\Backup\Backup20100807211203.reg
c:\program files\Eusing Free Registry Cleaner\Backup\Backup20100807211804.reg
c:\program files\Eusing Free Registry Cleaner\Backup\Backup20100807212402.reg
c:\program files\Eusing Free Registry Cleaner\Backup\Backup20100809142132.reg
c:\program files\Eusing Free Registry Cleaner\options.ini
c:\program files\IObit
c:\program files\IObit\Advanced SystemCare 3\AutoCare.exe
c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe
c:\program files\IObit\Advanced SystemCare 3\AWC.exe
c:\program files\IObit\Advanced SystemCare 3\AWCInit.exe
c:\program files\IObit\Advanced SystemCare 3\AwcSchedule.dll
c:\program files\IObit\Advanced SystemCare 3\chkdskback.exe
c:\program files\IObit\Advanced SystemCare 3\ContextMenu.exe
c:\program files\IObit\Advanced SystemCare 3\CookiesBK.pln
c:\program files\IObit\Advanced SystemCare 3\CoolTrayIcon_D6plus.bpl
c:\program files\IObit\Advanced SystemCare 3\Def.dbd
c:\program files\IObit\Advanced SystemCare 3\DiskMap.dll
c:\program files\IObit\Advanced SystemCare 3\ESR.exe
c:\program files\IObit\Advanced SystemCare 3\EULA.rtf
c:\program files\IObit\Advanced SystemCare 3\FFSweep.dll
c:\program files\IObit\Advanced SystemCare 3\FileSweep.dll
c:\program files\IObit\Advanced SystemCare 3\Help.html
c:\program files\IObit\Advanced SystemCare 3\Hijack Analysis Report.txt
c:\program files\IObit\Advanced SystemCare 3\IEFavBK.pln
c:\program files\IObit\Advanced SystemCare 3\Images\care.png
c:\program files\IObit\Advanced SystemCare 3\Images\ds.png
c:\program files\IObit\Advanced SystemCare 3\Images\home.png
c:\program files\IObit\Advanced SystemCare 3\Images\mw.png
c:\program files\IObit\Advanced SystemCare 3\Images\tips.jpg
c:\program files\IObit\Advanced SystemCare 3\Images\tips2.jpg
c:\program files\IObit\Advanced SystemCare 3\Images\ut.png
c:\program files\IObit\Advanced SystemCare 3\IObitUpdate.exe
c:\program files\IObit\Advanced SystemCare 3\Language\Albanian.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Brasil.lng
c:\program files\IObit\Advanced SystemCare 3\Language\ChineseSimp.lng
c:\program files\IObit\Advanced SystemCare 3\Language\ChineseTrad.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Czech.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Dansk.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Dutch.lng
c:\program files\IObit\Advanced SystemCare 3\Language\English.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Finnish.lng
c:\program files\IObit\Advanced SystemCare 3\Language\French.lng
c:\program files\IObit\Advanced SystemCare 3\Language\German.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Hebrew.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Hungarian.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Italiano.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Japanese.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Korean.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Persian.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Polish.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Romanian.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Russian.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Slovenian.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Spanish.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Srpski.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Svenska.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Swedish.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Turkish.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Ukrainian.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Valencian.lng
c:\program files\IObit\Advanced SystemCare 3\License.dat
c:\program files\IObit\Advanced SystemCare 3\News\bnews.html
c:\program files\IObit\Advanced SystemCare 3\News\Css\bstyle.css
c:\program files\IObit\Advanced SystemCare 3\News\Css\wstyle.css
c:\program files\IObit\Advanced SystemCare 3\News\wnews.html
c:\program files\IObit\Advanced SystemCare 3\NtfsData.dll
c:\program files\IObit\Advanced SystemCare 3\RegeditBK.pln
c:\program files\IObit\Advanced SystemCare 3\Registration.exe
c:\program files\IObit\Advanced SystemCare 3\Registry Scan Report.txt
c:\program files\IObit\Advanced SystemCare 3\Routine.dll
c:\program files\IObit\Advanced SystemCare 3\rtl70.bpl
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\4C_Btn_01.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\4C_Btn_01_mouseover.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\4C_Btn_02.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\4C_Btn_02_mouseover.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\4C_Btn_03.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\4C_Btn_03_mouseover.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\4C_Btn_04.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\4C_Btn_04_mouseover.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\4C_Button_bg_down.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\4C_Button_bg_left.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\4C_Button_bg_right.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\4C_Button_bg_up.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Bg_Content.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\BG_Main.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Care_Button_1.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Care_Button_2.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Care_Button_3.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Care_Button_en_1.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Care_Button_en_2.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Care_Button_en_3.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Check.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Checked.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Close1.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Close2.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Content_bg_1.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Content_bg_2.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Content_bg_3.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Flag.ico
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Layout.ini
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Min1.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Min2.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\scan.avi
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Shadow.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Tab_Bottom.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Tab_Selected_1.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Tab_Selected_2.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Tab_Selected_3.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Tab_UnSelected_1.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Tab_UnSelected_2.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Tab_UnSelected_3.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Title.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\UnCheck.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Unchecked.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Upgrade1.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Upgrade2.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\4C_Btn_01.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\4C_Btn_01_mouseover.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\4C_Btn_02.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\4C_Btn_02_mouseover.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\4C_Btn_03.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\4C_Btn_03_mouseover.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\4C_Btn_04.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\4C_Btn_04_mouseover.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\4C_Button_bg_down.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\4C_Button_bg_left.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\4C_Button_bg_right.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\4C_Button_bg_up.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Bg_Content.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\BG_Main.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Care_Button_1.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Care_Button_2.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Care_Button_3.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Care_Button_en_1.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Care_Button_en_2.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Care_Button_en_3.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Check.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Checked.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Close1.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Close2.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Content_bg_1.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Content_bg_2.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Content_bg_3.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Flag.ico
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Layout.ini
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Min1.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Min2.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\scan.avi
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Shadow.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Tab_Bottom.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Tab_BottomLine.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Tab_Selected_1.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Tab_Selected_2.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Tab_Selected_3.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Tab_UnSelected_1.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Tab_UnSelected_2.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Tab_UnSelected_3.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Title.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\UnCheck.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Unchecked.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Upgrade1.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Upgrade2.png
c:\program files\IObit\Advanced SystemCare 3\sqlite3.dll
c:\program files\IObit\Advanced SystemCare 3\STFix.dll
c:\program files\IObit\Advanced SystemCare 3\Sup_DiskCleaner.exe
c:\program files\IObit\Advanced SystemCare 3\Sup_DiskDoctor.exe
c:\program files\IObit\Advanced SystemCare 3\Sup_FileShredder.exe
c:\program files\IObit\Advanced SystemCare 3\Sup_GameBooster.exe
c:\program files\IObit\Advanced SystemCare 3\Sup_InternetBooster.exe
c:\program files\IObit\Advanced SystemCare 3\Sup_IS360.exe
c:\program files\IObit\Advanced SystemCare 3\Sup_ISD.exe
c:\program files\IObit\Advanced SystemCare 3\Sup_RegistryDefrag.exe
c:\program files\IObit\Advanced SystemCare 3\Sup_ShortcutsFixer.exe
c:\program files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
c:\program files\IObit\Advanced SystemCare 3\Sus_DriverBackUp.exe
c:\program files\IObit\Advanced SystemCare 3\Sus_PIeHelp.exe
c:\program files\IObit\Advanced SystemCare 3\Sus_SystemBackup.exe
c:\program files\IObit\Advanced SystemCare 3\Sus_SystemFileScan.exe
c:\program files\IObit\Advanced SystemCare 3\Sut_AutoShutDown.exe
c:\program files\IObit\Advanced SystemCare 3\Sut_ClonedFilesFinder.exe
c:\program files\IObit\Advanced SystemCare 3\Sut_ContextManager.exe
c:\program files\IObit\Advanced SystemCare 3\Sut_DiskExplorer.exe
c:\program files\IObit\Advanced SystemCare 3\Sut_RestoreCenter.exe
c:\program files\IObit\Advanced SystemCare 3\Sut_SoftUninstaller.exe
c:\program files\IObit\Advanced SystemCare 3\Sut_StartUpManager.exe
c:\program files\IObit\Advanced SystemCare 3\Sut_SysInfo.exe
c:\program files\IObit\Advanced SystemCare 3\Sut_WinManager.exe
c:\program files\IObit\Advanced SystemCare 3\TurboBoost.exe
c:\program files\IObit\Advanced SystemCare 3\unins000.dat
c:\program files\IObit\Advanced SystemCare 3\unins000.exe
c:\program files\IObit\Advanced SystemCare 3\unins000.msg
c:\program files\IObit\Advanced SystemCare 3\Update History.txt
c:\program files\IObit\Advanced SystemCare 3\Update\awc3check.upt
c:\program files\IObit\Advanced SystemCare 3\vcl70.bpl
c:\program files\IObit\Advanced SystemCare 3\vclx70.bpl
c:\program files\IObit\Advanced SystemCare 3\winSkinD7R.bpl
c:\program files\IObit\Advanced SystemCare 3\Wizard.exe

.
((((((((((((((((((((((((( Files Created from 2010-07-17 to 2010-08-17 )))))))))))))))))))))))))))))))
.

2010-08-13 08:02 . 2010-08-13 08:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\Avira
2010-08-12 07:13 . 2010-08-12 07:13 -------- d-----w- c:\windows\system32\NtmsData
2010-08-12 07:10 . 2010-08-12 07:10 -------- d-----w- c:\documents and settings\Goody Two Shoes\Application Data\Avira
2010-08-12 06:08 . 2010-03-01 09:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-08-12 06:08 . 2010-02-16 13:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-08-12 06:08 . 2009-05-11 11:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-08-12 06:08 . 2009-05-11 11:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-08-12 06:08 . 2010-08-12 06:08 -------- d-----w- c:\program files\Avira
2010-08-12 06:08 . 2010-08-12 06:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-08-10 11:33 . 2010-08-10 11:33 -------- d-----w- c:\program files\CCleaner
2010-08-09 09:22 . 2010-08-10 11:37 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-09 09:21 . 2010-08-10 11:37 -------- d-----w- c:\program files\SpywareBlaster
2010-08-07 19:28 . 2010-08-17 21:37 -------- d-----w- c:\windows\system32\CatRoot2
2010-08-07 19:15 . 2010-08-07 19:15 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\AOL
2010-08-07 18:46 . 2010-08-07 18:46 503808 ----a-w- c:\documents and settings\Goody Two Shoes\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5e1ba386-n\msvcp71.dll
2010-08-07 18:46 . 2010-08-07 18:46 499712 ----a-w- c:\documents and settings\Goody Two Shoes\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5e1ba386-n\jmc.dll
2010-08-07 18:46 . 2010-08-07 18:46 348160 ----a-w- c:\documents and settings\Goody Two Shoes\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5e1ba386-n\msvcr71.dll
2010-08-07 18:46 . 2010-08-07 18:46 61440 ----a-w- c:\documents and settings\Goody Two Shoes\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-349dcea8-n\decora-sse.dll
2010-08-07 18:46 . 2010-08-07 18:46 12800 ----a-w- c:\documents and settings\Goody Two Shoes\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-349dcea8-n\decora-d3d.dll
2010-08-07 18:45 . 2010-07-17 04:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-07 18:16 . 2010-08-07 18:16 -------- d-----w- c:\windows\system32\wbem\Repository
2010-07-30 14:44 . 2010-07-30 14:44 -------- d-----w- c:\documents and settings\Goody Two Shoes\Application Data\Malwarebytes
2010-07-30 14:44 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-30 14:44 . 2010-08-07 18:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-30 14:44 . 2010-07-30 14:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-30 14:44 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-29 08:40 . 2010-07-29 08:40 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.

2010-08-12 06:19 . 2008-08-26 09:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2010-08-07 18:45 . 2008-07-23 02:47 -------- d-----w- c:\program files\Java
2010-07-14 07:55 . 2008-07-19 12:17 -------- d-----w- c:\program files\Thoosje Sidebar V2.3
2010-07-13 21:46 . 2010-07-13 21:46 25168 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-07-13 21:46 . 2010-07-13 21:46 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-07-13 21:46 . 2010-07-13 21:45 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-13 21:45 . 2010-07-13 21:45 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-13 21:43 . 2010-07-13 21:43 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-07-13 21:43 . 2010-07-13 21:43 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-07-13 21:30 . 2010-07-13 21:30 -------- d-----w- c:\program files\AVG
2010-07-13 21:27 . 2010-07-13 21:27 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-07-13 20:02 . 2010-07-13 20:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Driver Whiz
2010-07-13 19:52 . 2010-07-13 19:52 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2010-07-13 19:17 . 2008-07-19 18:56 -------- d-----w- c:\program files\Common Files\InstallShield
2010-07-11 17:26 . 2010-07-11 17:12 -------- d-----w- c:\program files\Shareaza
2010-07-11 17:26 . 2010-07-11 17:12 -------- d-----w- c:\documents and settings\Goody Two Shoes\Application Data\Shareaza
2010-06-07 09:50 . 2008-07-19 18:48 84328 ----a-w- c:\documents and settings\Goody Two Shoes\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.

------- Sigcheck -------

[-] 2008-01-11 . 2B60598FE17A9EAA1468C1B8F73EA0B9 . 1613824 . . [5.1.2600.3264] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2007-11-30 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2007-11-30 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2007-11-30 455168]
"SoundMan"="SOUNDMAN.EXE" [2008-01-11 64512]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-07-10 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-07-10 114688]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-07-18 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-07-18 618496]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-08-26 185896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-7-20 113664]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, credssp.dll, msnsspc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-11-10 15:39 5244216 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\CNAB4RPK.EXE"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 aaatimeo;aaatimeo;c:\windows\system32\drivers\aaatimeo.sys [2/26/2006 4:21 PM 4928]
R0 afamgt;afamgt;c:\windows\system32\drivers\afamgt.sys [3/28/2006 3:43 PM 91707]
R0 siwinacc;siwinacc;c:\windows\system32\drivers\siwinacc.sys [11/1/2004 11:21 AM 10368]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8/12/2010 7:08 AM 135336]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
IE: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
FF - ProfilePath - c:\documents and settings\Goody Two Shoes\Application Data\Mozilla\Firefox\Profiles\9na5dgyo.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&query=
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-HookURL - (no file)
URLSearchHooks-Rank - (no file)
HKCU-Run-Advanced SystemCare 3 - c:\program files\IObit\Advanced SystemCare 3\AWC.exe
AddRemove-Advanced SystemCare 3_is1 - c:\program files\IObit\Advanced SystemCare 3\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-17 22:48
Windows 5.1.2600 Service Pack 3, v.3264 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-08-17 22:52:28
ComboFix-quarantined-files.txt 2010-08-17 21:52
ComboFix2.txt 2010-08-17 18:20

Pre-Run: 48,064,765,952 bytes free
Post-Run: 48,034,590,720 bytes free

- - End Of File - - A1EF2513EBB6D2D5CD9223446DFA655B

Good :)

How is computer doing?

Uninstall Combofix:
Go Start > Run [Vista users, go Start>"Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall"
Click OK (Vista users - press Enter).
Restart computer.

=============================================================

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:



netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\*. /mp /s
/md5start
/md5stop
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs



* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Yeah computer's running really well, since this morning even, thanks! hope we've done enough to save him!!!

here's the otl.txt

OTL logfile created on: 8/17/2010 11:24:24 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Goody Two Shoes\Desktop
Windows XP Professional Edition Service Pack 3, v.3264 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.3264)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

735.00 Mb Total Physical Memory | 429.00 Mb Available Physical Memory | 58.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 1104 2208 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 45.88 Gb Free Space | 82.11% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 248.88 Mb Total Space | 39.13 Mb Free Space | 15.72% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TOM-PC
Current User Name: Goody Two Shoes
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/17 23:23:50 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Goody Two Shoes\Desktop\OTL.exe
PRC - [2010/07/05 11:23:46 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008/08/26 12:09:21 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/01/11 18:46:25 | 000,064,512 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2007/11/30 22:26:26 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/11 13:26:56 | 000,063,112 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\CNAB4RPK.EXE
PRC - [2003/07/18 01:42:08 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe


========== Modules (SafeList) ==========

MOD - [2010/08/17 23:23:50 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Goody Two Shoes\Desktop\OTL.exe
MOD - [2008/01/11 18:49:12 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.3264_x-ww_d751ffbf\comctl32.dll
MOD - [2007/11/30 22:23:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2003/07/18 01:41:42 | 000,065,536 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\GOODYT~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/03/01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/02/25 15:11:23 | 000,005,248 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\giveio.sys -- (giveio)
DRV - [2008/01/11 18:46:05 | 000,639,836 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2008/01/11 18:46:03 | 000,401,152 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2007/11/30 16:16:46 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2006/04/18 10:49:00 | 000,005,504 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\siremfil.sys -- (siremfil)
DRV - [2006/03/28 15:43:42 | 000,091,707 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\afamgt.sys -- (afamgt)
DRV - [2006/02/26 16:21:22 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\bb-run.sys -- (bb-run)
DRV - [2006/02/26 16:21:18 | 000,004,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aaatimeo.sys -- (aaatimeo)
DRV - [2004/11/01 11:21:32 | 000,010,368 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\siwinacc.sys -- (siwinacc)
DRV - [2003/07/18 01:40:06 | 000,265,728 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2003/07/18 01:21:40 | 000,270,544 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\..\URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
IE - HKCU\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.2.20080717
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&query="


FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/08/26 12:09:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/13 17:12:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/12 07:19:11 | 000,000,000 | ---D | M]

[2008/07/19 13:06:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goody Two Shoes\Application Data\Mozilla\Extensions
[2010/08/17 19:31:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goody Two Shoes\Application Data\Mozilla\Firefox\Profiles\9na5dgyo.default\extensions
[2010/08/07 20:02:41 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Goody Two Shoes\Application Data\Mozilla\Firefox\Profiles\9na5dgyo.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2008/08/26 10:29:58 | 000,000,000 | ---D | M] (AIM Toolbar) -- C:\Documents and Settings\Goody Two Shoes\Application Data\Mozilla\Firefox\Profiles\9na5dgyo.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2010/08/17 19:31:33 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/07 19:46:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2008/10/14 19:51:11 | 000,279,888 | ---- | M] (Musicnotes, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npmusicn.dll

O1 HOSTS File: ([2010/08/17 22:48:33 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AOLSearchHook Class) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &AIM Search - c:\Program Files\AOL\AIM Toolbar 5.0\resources\en-us\local\search.html ()
O9 - Extra Button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Goody Two Shoes\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Goody Two Shoes\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/19 19:37:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)
Unable to start service SrService!

========== Files/Folders - Created Within 90 Days ==========

[2010/08/17 23:23:43 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Goody Two Shoes\Desktop\OTL.exe
[2010/08/17 22:52:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/08/17 18:51:26 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/08/12 08:19:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/08/12 08:13:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/08/12 08:10:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Goody Two Shoes\Application Data\Avira
[2010/08/12 07:08:23 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/08/12 07:08:19 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/08/12 07:08:19 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/08/12 07:08:19 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/08/12 07:08:19 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/08/12 07:08:18 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/08/12 07:08:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/08/10 12:33:18 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/08/10 12:31:28 | 003,420,304 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Goody Two Shoes\Desktop\ccsetup234.exe
[2010/08/09 14:28:33 | 007,848,416 | ---- | C]

(IObit ) -- C:\Documents and Settings\Goody Two Shoes\Desktop\asc-setup.exe
[2010/08/09 10:22:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/08/09 10:21:58 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2010/08/07 21:49:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/08/07 21:49:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/08/07 21:01:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/08/07 20:28:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2010/08/07 20:15:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\AOL
[2010/08/07 19:47:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/07/30 15:44:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Goody Two Shoes\Application Data\Malwarebytes
[2010/07/30 15:44:11 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/30 15:44:10 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/30 15:44:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/30 15:44:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/30 15:39:23 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/07/30 09:48:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/07/29 09:40:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/07/29 09:40:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2010/07/13 22:46:17 | 000,025,168 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSxx.sys
[2010/07/13 22:46:15 | 000,052,872 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2010/07/13 22:45:51 | 000,243,024 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/07/13 22:45:47 | 000,216,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/07/13 22:43:04 | 000,030,104 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgfwdx.sys
[2010/07/13 22:43:03 | 000,050,968 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgfwdx.dll
[2010/07/13 22:30:35 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/07/13 22:27:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/07/13 21:11:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/07/13 21:02:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Driver Whiz
[2010/07/13 20:53:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Goody Two Shoes\My Documents\Downloads
[2010/07/13 20:52:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/07/13 20:42:10 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2010/07/13 20:41:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2010/07/13 19:47:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/07/13 19:47:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/07/11 18:14:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Goody Two Shoes\My Documents\Shareaza Downloads
[2010/07/11 18:14:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Goody Two Shoes\Local Settings\Application Data\Shareaza
[2010/07/11 18:12:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Goody Two Shoes\Application Data\Shareaza
[2010/07/11 18:12:44 | 000,000,000 | ---D | C] -- C:\Program Files\Shareaza
[2010/06/22 18:38:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Goody Two Shoes\Desktop\Christmas 10'
[2010/06/22 18:04:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Goody Two Shoes\Desktop\audiobooks
[2010/06/22 17:24:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Goody Two Shoes\Application Data\WinRAR
[2010/06/22 17:23:55 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/08/17 23:23:50 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Goody Two Shoes\Desktop\OTL.exe
[2010/08/17 23:20:44 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/17 23:20:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/17 23:19:48 | 004,456,448 | ---- | M] () -- C:\Documents and Settings\Goody Two Shoes\ntuser.dat
[2010/08/17 23:19:48 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Goody Two Shoes\ntuser.ini
[2010/08/17 23:19:44 | 006,973,938 | -H-- | M] () -- C:\Documents and Settings\Goody Two Shoes\Local Settings\Application Data\IconCache.db
[2010/08/17 22:48:50 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/17 22:48:33 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/08/17 18:51:40 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/08/16 16:14:24 | 000,294,400 | ---- | M] () -- C:\Documents and Settings\Goody Two Shoes\Desktop\exeHelper.com
[2010/08/16 16:10:02 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Goody Two Shoes\Desktop\rkill.com
[2010/08/16 15:56:33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/12 07:08:45 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/08/12 07:05:15 | 044,089,904 | ---- | M] () -- C:\Documents and Settings\Goody Two Shoes\Desktop\avira_antivir_personal_en.exe
[2010/08/12 06:49:26 | 000,038,736 | ---- | M] () -- C:\Documents and Settings\Goody Two Shoes\Desktop\oz.gif
[2010/08/11 15:27:58 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Goody Two Shoes\Desktop\dds.scr
[2010/08/11 11:02:12 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Goody Two Shoes\Desktop\0om7hh9w.exe
[2010/08/10 12:34:08 | 000,000,416 | ---- | M] () -- C:\Documents and Settings\Goody Two Shoes\My Documents\cc_20100810_123356.reg
[2010/08/10 12:33:20 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Goody Two Shoes\Desktop\CCleaner.lnk
[2010/08/10 12:31:28 | 003,420,304 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Goody Two Shoes\Desktop\ccsetup234.exe
[2010/08/09 14:29:28 | 000,000,892 | ---- | M] () -- C:\Documents and Settings\Goody Two Shoes\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare.lnk
[2010/08/09 14:29:28 | 000,000,163 | ---- | M] () -- C:\Documents and Settings\Goody Two Shoes\Desktop\IObit Freeware.url
[2010/08/09 14:29:27 | 000,000,874 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare.lnk
[2010/08/09 14:28:48 | 007,848,416 | ---- | M] (IObit ) -- C:\Documents and Settings\Goody Two Shoes\Desktop\asc-setup.exe
[2010/08/07 20:29:09 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/08/07 20:29:09 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/08/07 19:26:07 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/02 21:59:28 | 000,135,680 | ---- | M] () -- C:\Documents and Settings\Goody Two Shoes\Desktop\cj ams2.doc
[2010/08/02 16:04:08 | 000,133,120 | ---- | M] () -- C:\Documents and Settings\Goody Two Shoes\Desktop\CJ ams1.doc
[2010/07/31 19:06:41 | 000,135,168 | ---- | M] () -- C:\Documents and Settings\Goody Two Shoes\Desktop\cj ams3.doc
[2010/07/13 22:46:17 | 000,025,168 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSxx.sys
[2010/07/13 22:46:16 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2010/07/13 22:46:15 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/07/13 22:45:51 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/07/13 22:43:04 | 000,050,968 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgfwdx.dll
[2010/07/13 22:43:04 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgfwdx.sys
[2010/07/13 20:47:07 | 000,405,596 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/13 20:47:07 | 000,392,864 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/13 20:47:07 | 000,058,998 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/22 17:24:22 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\Goody Two Shoes\Desktop\WinRAR.lnk
[2010/06/07 10:50:13 | 000,084,328 | ---- | M] () -- C:\Documents and Settings\Goody Two Shoes\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/17 18:51:39 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/08/17 18:51:31 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/08/16 16:14:21 | 000,294,400 | ---- | C] () -- C:\Documents and Settings\Goody Two Shoes\Desktop\exeHelper.com
[2010/08/16 16:09:48 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Goody Two Shoes\Desktop\rkill.com
[2010/08/12 07:08:45 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/08/12 07:05:14 | 044,089,904 | ---- | C] () -- C:\Documents and Settings\Goody Two Shoes\Desktop\avira_antivir_personal_en.exe
[2010/08/12 06:48:58 | 000,038,736 | ---- | C] () -- C:\Documents and Settings\Goody Two Shoes\Desktop\oz.gif
[2010/08/11 15:27:57 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Goody Two Shoes\Desktop\dds.scr
[2010/08/11 11:02:12 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Goody Two Shoes\Desktop\0om7hh9w.exe
[2010/08/10 12:33:58 | 000,000,416 | ---- | C] () -- C:\Documents and Settings\Goody Two Shoes\My Documents\cc_20100810_123356.reg
[2010/08/10 12:33:20 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Goody Two Shoes\Desktop\CCleaner.lnk
[2010/08/09 14:29:28 | 000,000,892 | ---- | C] () -- C:\Documents and Settings\Goody Two Shoes\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare.lnk
[2010/08/09 14:29:28 | 000,000,163 | ---- | C] () -- C:\Documents and Settings\Goody Two Shoes\Desktop\IObit Freeware.url
[2010/08/09 14:29:27 | 000,000,874 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare.lnk
[2010/07/30 15:44:13 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/28 19:09:41 | 000,135,168 | ---- | C] () -- C:\Documents and Settings\Goody Two Shoes\Desktop\cj ams3.doc
[2010/07/28 19:09:35 | 000,135,680 | ---- | C] () -- C:\Documents and Settings\Goody Two Shoes\Desktop\cj ams2.doc
[2010/07/28 19:09:29 | 000,133,120 | ---- | C] () -- C:\Documents and Settings\Goody Two Shoes\Desktop\CJ ams1.doc
[2010/06/22 17:24:22 | 000,000,692 | ---- | C] () -- C:\Documents and Settings\Goody Two Shoes\Desktop\WinRAR.lnk
[2009/11/26 11:30:44 | 000,000,024 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/02/25 15:11:23 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
[2009/01/14 18:19:25 | 000,000,083 | ---- | C] () -- C:\WINDOWS\SGREP32.INI
[2008/09/16 13:33:50 | 000,245,760 | ---- | C] () -- C:\WINDOWS\System32\Sgtool32.dll
[2008/09/16 13:33:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\SGWebBrowser.dll
[2008/09/16 13:33:50 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\Sgtbar32.dll
[2008/09/16 13:33:50 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\Sgstat32.dll
[2008/09/16 13:33:50 | 000,001,191 | ---- | C] () -- C:\WINDOWS\SAGEINTL.INI
[2008/09/16 13:33:50 | 000,001,180 | ---- | C] () -- C:\WINDOWS\SAGE.INI
[2008/09/16 13:33:49 | 000,270,336 | ---- | C] () -- C:\WINDOWS\System32\Sglist32.dll
[2008/09/16 13:33:49 | 000,256,512 | ---- | C] () -- C:\WINDOWS\System32\SGOPopDg.dll
[2008/09/16 13:33:49 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\Sglch32.dll
[2008/09/16 13:33:49 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\SGJPEG32.dll
[2008/09/16 13:33:49 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\Sghelp32.dll
[2008/09/16 13:33:49 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Sgintl32.dll
[2008/09/16 13:33:49 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\Sgdt32.dll
[2008/09/16 13:33:49 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\Sglogo32.dll
[2008/09/16 13:33:48 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\Sgrep32.dll
[2008/09/16 13:33:48 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\Sgcdlg32.dll
[2008/09/16 13:33:48 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\SGCtrlEx.dll
[2008/09/16 13:33:48 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Sgcom32.dll
[2008/09/16 13:33:48 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\Sgappbar.dll
[2008/09/16 13:33:48 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\Sg3d32.dll
[2008/09/16 13:33:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\SageFolderBrowser.dll
[2008/09/08 10:12:59 | 000,000,474 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/07/20 20:51:12 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\Goody Two Shoes\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/19 19:59:27 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2007/11/30 22:25:38 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[1999/01/22 19:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2008/08/26 10:29:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2010/07/13 22:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/07/13 21:02:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Whiz
[2009/01/14 17:33:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2009/11/09 22:19:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/07/13 20:52:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/08/10 12:37:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/08/12 07:19:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/08/26 10:29:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goody Two Shoes\Application Data\acccore
[2009/11/13 00:10:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goody Two Shoes\Application Data\DC++
[2008/09/17 19:57:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goody Two Shoes\Application Data\MSNInstaller
[2009/11/09 22:19:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goody Two Shoes\Application Data\NCH Swift Sound
[2010/07/11 18:26:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goody Two Shoes\Application Data\Shareaza

========== Purity Check ==========



========== Custom Scans ==========


< &#37;SYSTEMDRIVE%\*.* >
[2008/07/19 19:37:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/07/19 19:29:22 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/08/17 18:51:40 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/08/17 22:52:30 | 000,044,358 | ---- | M] () -- C:\ComboFix.txt
[2008/07/19 19:37:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/07/19 19:37:08 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/08/26 10:29:41 | 000,000,378 | -H-- | M] () -- C:\IPH.PH
[2008/07/19 19:37:08 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2007/11/30 13:29:50 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2007/11/30 15:25:30 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/08/17 23:20:38 | 1157,627,904 | -HS- | M] () -- C:\pagefile.sys
[2010/08/17 17:55:39 | 000,000,326 | ---- | M] () -- C:\rkill.log

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\*. /mp /s >


< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/07/19 13:17:42 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/07/19 13:17:42 | 001,081,344 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/07/19 13:17:42 | 000,901,120 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2007/11/30 22:26:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=6C74C62ECDC3981A7F1F8F1656B27871 -- C:\WINDOWS\system32\user32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\ws2_32.dll /md5 >
[2007/11/30 22:26:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=36F8F7A2EF12ED817FC16C3248E39092 -- C:\WINDOWS\system32\ws2_32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\ws2help.dll /md5 >
[2007/11/30 22:26:08 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=64D39EF9D5BC5379C285D283EA9E4208 -- C:\WINDOWS\system32\ws2help.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 16 bytes -> C:\Documents and Settings\Goody Two Shoes\My Documents\Shareaza Downloads:Shareaza.GUID
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
< End of report >

and the extras.txt

OTL Extras logfile created on: 8/17/2010 11:24:24 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Goody Two Shoes\Desktop
Windows XP Professional Edition Service Pack 3, v.3264 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.3264)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

735.00 Mb Total Physical Memory | 429.00 Mb Available Physical Memory | 58.00&#37; Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 1104 2208 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 45.88 Gb Free Space | 82.11% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 248.88 Mb Total Space | 39.13 Mb Free Space | 15.72% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TOM-PC
Current User Name: Goody Two Shoes
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\WINDOWS\system32\CNAB4RPK.EXE" = C:\WINDOWS\system32\CNAB4RPK.EXE:*:Enabled:Canon LBP2900 RPC Server Process -- (CANON INC.)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 21
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{E1230694-33DA-4E74-82E1-06CC9D545E9B}" = Windows Vista Sounds Pack
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"AIM Search" = AIM Search
"AIM Toolbar" = AIM Toolbar 5.0
"AIM_6" = AIM 6
"am-ancientsecrets" = Ancient Secrets
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Broadcom 802.11b Network Adapter" = BCM Wireless Network Adapter
"Canon LBP2900" = Canon LBP2900
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"EPSON Printer and Utilities" = EPSON Printer Software
"GameHouse" = GameHouse
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.0.7)" = Mozilla Firefox (3.0.7)
"MSNINST" = MSN
"RealPlayer 6.0" = RealPlayer
"Sage Accounts 8.20" = Sage Accounts 8.20
"SSC Service Utility_is1" = SSC Service Utility v4.30
"Switch" = Switch Sound File Converter
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Vista Ultimate Edition final_is1" = Vista Ultimate Edition final v1.0
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Messenger" = Yahoo! Messenger

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/14/2009 7:40:52 AM | Computer Name = GTS | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3334, faulting module
unknown, version 0.0.0.0, fault address 0x003a004c.

Error - 11/14/2009 7:42:25 AM | Computer Name = GTS | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3334, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/15/2009 10:46:36 AM | Computer Name = GTS | Source = Application Error | ID = 1000
Description = Faulting application divx player.exe, version 7.2.0.19, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 11/15/2009 10:47:35 AM | Computer Name = GTS | Source = Application Error | ID = 1000
Description = Faulting application divx player.exe, version 7.2.0.19, faulting module
directdrawvideooutput.dll, version 3.0.0.166, fault address 0x0000220c.

Error - 11/15/2009 10:47:59 AM | Computer Name = GTS | Source = Application Error | ID = 1000
Description = Faulting application divx player.exe, version 7.2.0.19, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 11/17/2009 12:59:06 PM | Computer Name = GTS | Source = Application Error | ID = 1000
Description = Faulting application divx player.exe, version 7.2.0.19, faulting module
, version 0.0.0.0, fault address 0x00000000.

Error - 12/4/2009 8:36:12 PM | Computer Name = GTS | Source = WLTRYSVC | ID = 2
Description = SetServiceStatus() failed

Error - 12/17/2009 6:57:01 PM | Computer Name = GTS | Source = WLTRYSVC | ID = 2
Description = SetServiceStatus() failed

Error - 5/4/2010 8:32:21 AM | Computer Name = TOM-PC | Source = Application Error | ID = 1000
Description = Faulting application thoosje vista sidebar.exe, version 0.0.0.0, faulting
module unknown, version 0.0.0.0, fault address 0x00380035.

Error - 5/7/2010 9:39:15 AM | Computer Name = TOM-PC | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3334, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 8/17/2010 5:32:07 PM | Computer Name = TOM-PC | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 8/17/2010 5:32:49 PM | Computer Name = TOM-PC | Source = NetBT | ID = 4321
Description = The name "TOM-PC :0" could not be registered on the Interface
with IP address 192.168.2.3. The machine with the IP address 192.168.2.2 did not
allow the name to be claimed by this machine.

Error - 8/17/2010 5:32:49 PM | Computer Name = TOM-PC | Source = NetBT | ID = 4321
Description = The name "TOM-PC :20" could not be registered on the Interface
with IP address 192.168.2.3. The machine with the IP address 192.168.2.2 did not
allow the name to be claimed by this machine.

Error - 8/17/2010 5:32:49 PM | Computer Name = TOM-PC | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{390B2F00-7D4E-4DD1-A26E-1E74DC289CA6}
because another computer on the network has the same name. The server could not
start.

Error - 8/17/2010 5:37:36 PM | Computer Name = TOM-PC | Source = Service Control Manager | ID = 7034
Description = The WLTRYSVC service terminated unexpectedly. It has done this 1
time(s).

Error - 8/17/2010 6:20:44 PM | Computer Name = TOM-PC | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 8/17/2010 6:20:50 PM | Computer Name = TOM-PC | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 8/17/2010 6:21:38 PM | Computer Name = TOM-PC | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 8/17/2010 6:24:53 PM | Computer Name = TOM-PC | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 8/17/2010 6:24:53 PM | Computer Name = TOM-PC | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2


< End of report >

I'm glad to hear good news :)

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  Code:

  ---

  :OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Value error.)
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2010/08/12 07:19:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
@Alternate Data Stream - 16 bytes -> C:\Documents and Settings\Goody Two Shoes\My Documents\Shareaza Downloads:Shareaza.GUID
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]

  ---

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

2. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

3. Go to Kaspersky website and perform an online antivirus scan.

• Disable your active antivirus program.
• Read through the requirements and privacy statement and click on Accept button.
• It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
• When the downloads have finished, click on Settings.
• Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
  
  
  • Spyware, Adware, Dialers, and other potentially dangerous programs
  • Archives
  • Mail databases
• Click on My Computer under Scan.
• Once the scan is complete, it will display the results. Click on View Scan Report.
• You will see a list of infected items there. Click on Save Report As....
• Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

You are an angel!!!!!

ok I'm going through these steps one by one.......
please bear with me.
here's the otl log:

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Infodelivery\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.
Unable to delete ADS C:\Documents and Settings\Goody Two Shoes\My Documents\Shareaza Downloads:Shareaza.GUID .
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Goody Two Shoes
->Temp folder emptied: 403 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 2027 bytes
->FireFox cache emptied: 47184256 bytes
->Flash cache emptied: 1554 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 17395 bytes
->Flash cache emptied: 6641 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 2383 bytes

&#37;systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 67 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 45.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: Goody Two Shoes
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.10.0 log created on 08182010_000242

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

checkup.txt:

Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 4
Out of date service pack!!
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
Avira AntiVir Personal - Free Antivirus
Antivirus out of date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 21
Java(TM) 6 Update 7
Out of date Java installed!
Adobe Flash Player 10.0.45.2
Adobe Reader 9
Out of date Adobe Reader installed!
Mozilla Firefox (3.0.7) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````