Hi chgraves2001,

Welcome to Dell Community Malware Removal Forums,

I'm K27 and i will be reviewing your log for you.

Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.

Please Print or Save to Notepad all instructions and please follow them carefully and if there's something you don't understand or that will not work please let me know and we will go through it together.

Please DO NOT use this system for anything apart from visiting this forum and other sites I direct you too, as this will only make the cleanup process all the more diffecult.

Failure to reply in three (3) days will result in this topic being closed and I will remove it from my notifications, If you require more time then that is fine but please let me know.

1) Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

• Make sure you are connected to the Internet.
• Double-click on mbam-setup.exe to install the application.
• When the installation begins, follow the prompts and do not make any changes to default settings.
• When installation has finished, make sure you leave both of these checked:
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
• Then click Finish.

MBAM will automatically start and you will be asked to update the program before performing a scan.

• If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
• If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.

On the Scanner tab:

• Make sure the "Perform Quick Scan" option is selected.
• Then click on the Scan button.
• If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
• The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
• When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
• Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

• Click on the Show Results button to see a list of any malware that was found.
• Make sure that everything is checked, and click Remove Selected.
• When removal is completed, a log report will open in Notepad.
• The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
• Exit MBAM when done.

Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

2) I need to see some additional information about what is happening in your machine.
Please perform the following scan:

• Download DDS by sUBs from one of the following links. Save it to your desktop.
  • DDS.com
  • DDS.scr
  • DDS.pif
• Double click on the DDS icon, allow it to run.
• A small box will open, with an explanation about the tool.
• When done, DDS will open two (2) logs
  1. DDS.txt
  2. Attach.txt
• Save both reports to your desktop.
• The instructions here ask you to attach the Attach.txt.
  
• Instead of attaching, please copy/past both logs into your next reply.

   

   

• Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control here

3) YOU MUST DISABLE ALL REAL TIME PROTECTION BEFORE RUNNING THE NEXT TOOL,

Next, download this Antirootkit Program to a folder that you create such as C:\ARK, by choosing the "Download EXE" button on the webpage.

Please Disable all Anti-virus/Anti-Spyware/FireWall on your machine(instructions via links below)

• Anti Virus
• Anti Spyware
• Firewall

Next, please perform a rootkit scan:

• Double-click the randomly name EXE located in the C:\ARK folder that you just downloaded to launch it
• When the program opens, it will automatically initiate a very fast scan of common rootkit hiding places.
• When the "quick" scan is finished (a few seconds), click the Rootkit/Malware tab,and then select the Scan button.
• Leave your system completely idle while this longer scan is in progress.
• When the scan is done, save the scan log to the Windows clipboard
• Open Notepad or a similar text editor
• Paste the clipboard contents into a text file by clicking Edit | Paste or Ctl V
• Exit the Program
• Save the Scan log as ARK.txt and post it in your next reply.
• Now, re-enable the active protection component of any antivirus/antimalware programs you disabled before performing the scan.

.
If the ARK tool crashes your machine or causes a Blue Screen error, please post the log results from the first inital quick scan,this can be saved in the same way as the full scan in the above instructions.

Please COPY/PASTE the MBAM log, BOTH DDS logs and the ARK log back to this thread,
Thanks
K27

I already had this program on my computer, I updated and ran scan.  Here is that log.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5622

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

1/27/2011 1:32:21 PM
mbam-log-2011-01-27 (13-32-21).txt

Scan type: Quick scan
Objects scanned: 217779
Time elapsed: 5 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

DDS (Ver_10-12-12.02) - NTFSx86 NETWORK
Run by Owner at 13:39:50.53 on Thu 01/27/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18

============== Running Processes ===============


============== Pseudo HJT Report ===============

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
BHO: IE7pro BHO: {00011268-e188-40df-a514-835fcd78b1bf} - c:\program files\ie7pro\IE7pro.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users.windows\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: {52706EF7-D7A2-49AD-A615-E903858CF284} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {F5735C15-1FB2-41FE-BA12-242757E69DDE} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
mRun: [SpywareTerminator] "c:\program files\spyware terminator\SpywareTerminatorShield.exe"
mRun: [SystemProtect] c:\program files\system protect\SysProtect_Tray.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Display All Images with Full Quality - c:\program files\netzero\qsacc\appres.dll/228
IE: Display Image with Full Quality - c:\program files\netzero\qsacc\appres.dll/227
IE: {7220F1C9-B7E0-47a6-A0BD-D5B3940BCC79}
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - {B119EB0C-C021-46CF-85B0-34A760E0D5FE} - c:\program files\ie7pro\IE7pro.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://active.macromedia.com/director/cabs/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} - hxxp://zone.msn.com/bingame/trix/default/TriJinx.1.0.0.67.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1295549885062
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1295551018468
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://www.nick.com/common/groove/gx/GrooveAX27.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - hxxps://goldenriviera.microgaming.com/freeplay/FlashAX.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/chzl/default/popcaploader_v10.cab
DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} - hxxp://www.auctiva.com/hostedimages/activex/xupload/XUpload.ocx
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner~1.chr\applic~1\mozilla\firefox\profiles\0vua28g2.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - www.ebay.com
FF - prefs.js: keyword.URL - hxxp://search.avg.com/?d=4d275b0d&i=23&tp=ab&nt=1&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\all users.windows\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users.windows\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: c:\documents and settings\owner.chrishell\application data\move networks\plugins\npqmp071502000008.dll
FF - plugin: c:\documents and settings\owner.chrishell\application data\mozilla\firefox\profiles\0vua28g2.default\extensions\{000f1ea4-5e08-4564-a29b-29076f63a37a}\plugins\npsoe.dll
FF - plugin: c:\documents and settings\owner.chrishell\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmidas.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint_03050024.dll
FF - Ext: WeatherBug: {3EC9C995-8072-4fc0-953E-4F30620D17F3} - %profile%\extensions\{3EC9C995-8072-4fc0-953E-4F30620D17F3}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: vShare Plugin: vshareus@toolbar - %profile%\extensions\vshareus@toolbar
FF - Ext: SOE Web Installer: {000F1EA4-5E08-4564-A29B-29076F63A37A} - %profile%\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users.windows\application data\real\realplayer\browserrecordplugin\firefox\Ext
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\owner.chrishell\application data\Move Networks

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2011-01-26 06:12:53    --------    dcsha-r-    C:\cmdcons
2011-01-26 06:05:03    98816    ----a-w-    c:\windows\sed.exe
2011-01-26 06:05:03    89088    ----a-w-    c:\windows\MBR.exe
2011-01-26 06:05:03    256512    ----a-w-    c:\windows\PEV.exe
2011-01-26 06:05:03    161792    ----a-w-    c:\windows\SWREG.exe
2011-01-26 05:12:15    15880    ----a-w-    c:\windows\system32\lsdelete.exe
2011-01-26 04:38:54    64288    ----a-w-    c:\windows\system32\drivers\Lbd.sys
2011-01-26 04:31:45    --------    dc-h--w-    c:\docume~1\alluse~1.win\applic~1\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
2011-01-25 17:17:52    --------    d-----w-    c:\program files\Test My Hardware
2011-01-25 17:17:13    1226324    ----a-w-    c:\program files\testmh30.exe
2011-01-25 17:15:20    1226324    ----a-w-    c:\program files\mozilla firefox\testmh30.exe
2011-01-23 19:08:54    --------    d-----w-    c:\program files\VS Revo Group
2011-01-23 19:06:56    58880    ---ha-w-    c:\windows\system32\cisvplay.dll
2011-01-23 17:17:06    --------    d-sh--w-    c:\documents and settings\owner.chrishell\PrivacIE
2011-01-23 03:19:19    388096    ----a-r-    c:\docume~1\owner~1.chr\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-01-23 03:19:16    --------    d-----w-    c:\program files\Trend Micro
2011-01-21 01:41:48    --------    d-----w-    c:\docume~1\owner~1.chr\locals~1\applic~1\360Amigo
2011-01-21 01:35:46    --------    d-----w-    c:\program files\360Amigo
2011-01-20 23:40:01    --------    dc----w-    C:\1750e02d52fc4ff23d52ef05cb9a7fd7
2011-01-20 23:21:18    --------    dc----w-    C:\923415182e87306e0ba9f3
2011-01-20 23:21:00    --------    d-----w-    c:\windows\ie8updates
2011-01-20 23:09:16    272128    -c----w-    c:\windows\system32\dllcache\bthport.sys
2011-01-20 23:08:59    974848    -c----w-    c:\windows\system32\dllcache\mfc42.dll
2011-01-20 23:08:59    953856    -c----w-    c:\windows\system32\dllcache\mfc40u.dll
2011-01-20 23:08:55    138496    -c----w-    c:\windows\system32\dllcache\afd.sys
2011-01-20 23:08:47    357248    -c----w-    c:\windows\system32\dllcache\srv.sys
2011-01-20 23:08:31    617472    -c----w-    c:\windows\system32\dllcache\comctl32.dll
2011-01-20 23:08:16    455680    -c----w-    c:\windows\system32\dllcache\mrxsmb.sys
2011-01-20 23:07:49    471552    -c----w-    c:\windows\system32\dllcache\aclayers.dll
2011-01-20 23:05:50    744448    -c----w-    c:\windows\system32\dllcache\helpsvc.exe
2011-01-20 23:04:59    602112    -c----w-    c:\windows\system32\dllcache\msfeeds.dll
2011-01-20 23:04:58    55296    -c----w-    c:\windows\system32\dllcache\msfeedsbs.dll
2011-01-20 23:04:58    247808    -c----w-    c:\windows\system32\dllcache\ieproxy.dll
2011-01-20 23:04:58    12800    -c----w-    c:\windows\system32\dllcache\xpshims.dll
2011-01-20 23:04:55    743424    -c----w-    c:\windows\system32\dllcache\iedvtool.dll
2011-01-20 23:04:53    1991680    -c----w-    c:\windows\system32\dllcache\iertutil.dll
2011-01-20 23:04:50    11080704    -c----w-    c:\windows\system32\dllcache\ieframe.dll
2011-01-20 23:02:49    40960    -c----w-    c:\windows\system32\dllcache\ndproxy.sys
2011-01-20 23:01:46    81920    -c----w-    c:\windows\system32\dllcache\fontsub.dll
2011-01-20 23:01:46    119808    -c----w-    c:\windows\system32\dllcache\t2embed.dll
2011-01-20 23:01:19    284160    -c----w-    c:\windows\system32\dllcache\pdh.dll
2011-01-20 23:01:18    473600    -c----w-    c:\windows\system32\dllcache\fastprox.dll
2011-01-20 23:01:18    401408    -c----w-    c:\windows\system32\dllcache\rpcss.dll
2011-01-20 23:01:18    227840    -c----w-    c:\windows\system32\dllcache\wmiprvse.exe
2011-01-20 23:01:18    110592    -c----w-    c:\windows\system32\dllcache\services.exe
2011-01-20 23:01:17    730112    -c----w-    c:\windows\system32\dllcache\lsasrv.dll
2011-01-20 23:01:17    714752    -c----w-    c:\windows\system32\dllcache\ntdll.dll
2011-01-20 23:01:17    617472    -c----w-    c:\windows\system32\dllcache\advapi32.dll
2011-01-20 23:01:17    453120    -c----w-    c:\windows\system32\dllcache\wmiprvsd.dll
2011-01-20 23:00:53    153088    -c----w-    c:\windows\system32\dllcache\triedit.dll
2011-01-20 23:00:49    2189952    -c----w-    c:\windows\system32\dllcache\ntoskrnl.exe
2011-01-20 23:00:49    2146304    -c----w-    c:\windows\system32\dllcache\ntkrnlmp.exe
2011-01-20 23:00:49    2066816    -c----w-    c:\windows\system32\dllcache\ntkrnlpa.exe
2011-01-20 23:00:49    2024448    -c----w-    c:\windows\system32\dllcache\ntkrpamp.exe
2011-01-20 22:42:22    1172480    -c----w-    c:\windows\system32\dllcache\msxml3.dll
2011-01-20 22:42:19    203136    -c----w-    c:\windows\system32\dllcache\rmcast.sys
2011-01-20 22:42:03    331776    -c----w-    c:\windows\system32\dllcache\msadce.dll
2011-01-20 22:39:26    3558912    -c----w-    c:\windows\system32\dllcache\moviemk.exe
2011-01-20 22:26:56    337408    -c----w-    c:\windows\system32\dllcache\netapi32.dll
2011-01-20 22:24:16    45568    -c----w-    c:\windows\system32\dllcache\wab.exe
2011-01-20 22:23:46    590848    -c----w-    c:\windows\system32\dllcache\rpcrt4.dll
2011-01-20 22:23:45    5120    ----a-w-    c:\windows\system32\xpsp4res.dll
2011-01-20 22:19:46    58880    -c----w-    c:\windows\system32\dllcache\msasn1.dll
2011-01-20 22:19:21    1435648    -c----w-    c:\windows\system32\dllcache\query.dll
2011-01-20 19:12:41    --------    d-sh--w-    c:\documents and settings\owner.chrishell\IETldCache
2011-01-20 18:58:37    15064    ----a-w-    c:\windows\system32\wuapi.dll.mui
2011-01-16 19:44:04    38848    ----a-w-    c:\windows\avastSS.scr
2011-01-16 19:43:55    --------    dc----w-    c:\docume~1\alluse~1.win\applic~1\Alwil Software
2011-01-07 19:07:10    --------    dc----w-    C:\$AVG
2011-01-07 18:29:43    --------    d-----w-    c:\docume~1\owner~1.chr\applic~1\AVG10
2011-01-07 18:26:28    --------    dc-h--w-    c:\docume~1\alluse~1.win\applic~1\Common Files
2011-01-07 18:23:23    --------    dc----w-    c:\docume~1\alluse~1.win\applic~1\AVG10
2011-01-07 18:22:46    --------    d-----w-    c:\program files\AVG
2011-01-07 18:09:03    --------    dc----w-    c:\docume~1\alluse~1.win\applic~1\MFAData
2011-01-06 22:31:50    7680    -c--a-w-    c:\windows\system32\dllcache\migregdb.exe
2011-01-06 22:26:54    144384    ------w-    c:\windows\system32\drivers\hdaudbus.sys
2011-01-06 22:26:53    10240    ------w-    c:\windows\system32\drivers\sffp_mmc.sys
2011-01-06 17:18:07    135168    ----a-w-    c:\windows\system32\igfxres.dll
2011-01-06 16:56:59    426041    -c--a-w-    c:\windows\system32\dllcache\voicepad.dll
2011-01-06 16:55:54    98304    -c--a-w-    c:\windows\system32\dllcache\msir3jp.dll
2011-01-06 16:54:59    57856    -c--a-w-    c:\windows\system32\dllcache\esuimgd.dll
2011-01-06 16:43:09    214528    ----a-w-    c:\program files\internet explorer\connection wizard\icwconn1.exe
2011-01-06 16:39:58    88192    ----a-w-    c:\windows\system32\drivers\irda.sys
2011-01-06 16:39:58    8192    ----a-w-    c:\windows\system32\wshirda.dll
2011-01-06 16:39:58    380416    ----a-w-    c:\windows\system32\irprops.cpl
2011-01-06 16:39:58    28160    ----a-w-    c:\windows\system32\irmon.dll
2011-01-06 16:39:58    151552    ----a-w-    c:\windows\system32\irftp.exe
2011-01-06 16:37:14    19584    ----a-w-    c:\windows\system32\drivers\rasirda.sys
2011-01-06 16:37:01    18688    ----a-w-    c:\windows\system32\drivers\irsir.sys
2011-01-06 16:36:21    24661    -c--a-w-    c:\windows\system32\dllcache\spxcoins.dll
2011-01-06 16:36:21    24661    ----a-w-    c:\windows\system32\spxcoins.dll
2011-01-06 16:36:21    13312    -c--a-w-    c:\windows\system32\dllcache\irclass.dll
2011-01-06 16:36:21    13312    ----a-w-    c:\windows\system32\irclass.dll
2011-01-06 04:54:59    69632    ----a-w-    c:\windows\system32\msconf.dll
2011-01-06 04:53:55    217088    ----a-w-    c:\program files\common files\system\ole db\sqlxmlx.dll
2011-01-06 04:52:57    68608    ----a-w-    c:\program files\internet explorer\hmmapi.dll
2011-01-06 04:52:52    638816    ----a-w-    c:\program files\internet explorer\iexplore.exe
2011-01-06 04:50:03    41472    ----a-w-    c:\windows\system32\wbem\wmipsess.dll
2011-01-06 04:50:00    227840    ----a-w-    c:\windows\system32\wbem\wmiprvse.exe
2011-01-06 04:49:59    453120    ----a-w-    c:\windows\system32\wbem\wmiprvsd.dll
2011-01-06 04:49:56    144896    ----a-w-    c:\windows\system32\wbem\wmiprov.dll
2011-01-06 04:49:54    156672    ----a-w-    c:\windows\system32\wbem\wmipcima.dll
2011-01-06 04:49:52    140800    ----a-w-    c:\windows\system32\wbem\wmidcprv.dll
2011-01-06 04:49:49    60928    ----a-w-    c:\windows\system32\wbem\wmicookr.dll
2011-01-06 04:49:22    197120    ----a-w-    c:\windows\system32\wbem\wbemupgd.dll
2011-01-06 04:49:12    18944    ----a-w-    c:\windows\system32\wbem\wbemprox.dll
2011-01-06 04:49:10    273920    ----a-w-    c:\windows\system32\wbem\wbemess.dll
2011-01-06 04:49:07    531456    ----a-w-    c:\windows\system32\wbem\wbemcore.dll
2011-01-06 04:49:05    214528    ----a-w-    c:\windows\system32\wbem\wbemcomn.dll
2011-01-06 04:49:03    86528    ----a-w-    c:\windows\system32\wbem\stdprov.dll
2011-01-06 04:49:00    178176    ----a-w-    c:\windows\system32\wbem\repdrvfs.dll
2011-01-06 04:48:58    47104    ----a-w-    c:\windows\system32\wbem\ncprov.dll
2011-01-06 04:48:56    123904    ----a-w-    c:\windows\system32\wbem\mofd.dll
2011-01-06 04:48:50    16384    ----a-w-    c:\windows\system32\wbem\mofcomp.exe
2011-01-06 04:48:46    473600    ----a-w-    c:\windows\system32\wbem\fastprox.dll
2011-01-06 04:48:37    247808    ----a-w-    c:\windows\system32\wbem\esscli.dll
2011-01-06 04:48:33    1358848    ----a-w-    c:\windows\system32\wbem\cimwin32.dll
2011-01-06 04:46:51    58880    ----a-w-    c:\windows\system32\licwmi.dll
2011-01-06 04:46:21    196224    ----a-w-    c:\windows\system32\drivers\rdpdr.sys
2011-01-06 04:43:51    52864    ----a-w-    c:\windows\system32\drivers\dmusic.sys
2011-01-06 04:43:48    6272    ----a-w-    c:\windows\system32\drivers\splitter.sys
2011-01-06 04:43:15    57600    ----a-w-    c:\windows\system32\drivers\redbook.sys
2011-01-06 04:41:44    40840    ----a-w-    c:\windows\system32\drivers\termdd.sys
2011-01-06 04:40:20    741376    ----a-w-    c:\program files\common files\microsoft shared\speech\sapi.dll
2011-01-06 04:40:10    146432    ----a-w-    c:\windows\system\winspool.drv
2011-01-06 04:40:10    11264    ----a-w-    c:\windows\system32\drivers\irenum.sys
2011-01-06 04:40:09    74752    ----a-w-    c:\windows\system32\storprop.dll
2011-01-05 23:28:06    --------    d-----w-    c:\windows\system32\1031
2011-01-05 23:28:06    --------    d-----w-    c:\windows\system32\1028
2011-01-05 23:28:06    --------    d-----w-    c:\windows\system32\1025
2011-01-02 23:24:06    --------    d-----w-    c:\windows\system32\wbem\repository\FS
2011-01-02 23:24:06    --------    d-----w-    c:\windows\system32\wbem\Repository
2010-12-29 15:04:47    --------    d-----w-    c:\program files\FreeApps
2010-12-29 15:03:25    --------    d-----w-    c:\docume~1\owner~1.chr\applic~1\Search Settings
2010-12-29 15:03:04    --------    d-----w-    c:\program files\Application Updater
2010-12-29 15:03:02    --------    d-----w-    c:\program files\IObit Toolbar
2010-12-29 15:03:02    --------    d-----w-    c:\program files\common files\Spigot
2010-12-29 15:02:57    --------    dc----w-    c:\docume~1\alluse~1.win\applic~1\FreeApp
2010-12-29 15:02:24    --------    dc----w-    c:\docume~1\alluse~1.win\applic~1\IObit

==================== Find3M  ====================

2011-01-26 04:05:55    32608    ----a-w-    c:\windows\king-uninstall.exe
2010-11-18 18:12:44    81920    ----a-w-    c:\windows\system32\isign32.dll
2010-11-09 14:52:35    249856    ----a-w-    c:\windows\system32\odbc32.dll
2010-11-06 00:26:58    916480    ----a-w-    c:\windows\system32\wininet.dll
2010-11-06 00:26:58    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58    1469440    ----a-w-    c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54    385024    ----a-w-    c:\windows\system32\html.iec
2005-09-10 05:47:01    774144    -c--a-w-    c:\program files\RngInterstitial.dll

============= FINISH: 13:41:19.42 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)


==== Disk Partitions =========================


==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

360 Amigo System Speedup Free
Ad-Aware
Adobe Flash Player 10 Plugin
Adobe Reader 7.0.9
Adobe Shockwave Player 11.5
Advanced SystemCare 3
Amazing Windows XP Screen Saver 1.2
AutoUpdate
avast! Free Antivirus
BACS
Broadcom Advanced Control Suite
Camera Driver
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Checkers
Clone Wars
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
Dell ResourceCD
Digital Line Detect
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
Draw 4 App
EPSON Printer Software
Eusing Free Registry Cleaner
eVoice Player 1.0
Free Ride Games Player
FreeApps
Game Booster
Google Chrome
Graboid Video 1.73
GTK+ 2.8.9 runtime environment
HiJackThis
Holiday Snowflakes Screen Saver 1.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2443685)
IE7pro
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
InterActual Player
IObit Toolbar v4.1
iTunes
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java 2 Runtime Environment, SE v1.4.2_03
Java Auto Updater
Java(TM) 6 Update 18
Java(TM) SE Runtime Environment 6 Update 1
king.com (remove only)
Luxor 2
Mah Jong Medley (remove only)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mini Calculator
Move Media Player
Mozilla Firefox (3.6.13)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB954459)
MyDSC2
Netscape Browser (remove only)
NetWaiting
NetZero Internet
NetZeroInstallers
Online TV 1.0
OpenOffice.org 2.0
Pepsi Volume Controller 3.0
Picasa 3
PowerDVD 5.1
Puzzle Express (remove only)
QuickTime
RealArcade
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
SDFormatter
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Smart Defrag
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
SoulSeek Client 156c
SoundMAX
Spyware Terminator
StreamTorrent 1.0
SudokuSweep
Sun Download Manager 2.0 (web)
System Protect
Test My Hardware 3.0
The GIMP 2.2.11
The Treasures of Montezuma
Turbo Lister 2
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Veetle TV 0.9.18
Viewpoint Media Player
Virtual Villagers 2
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.0.1
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 11
Windows Media Player 9 Series Winter Fun Pack
Windows XP Service Pack 3
Windows XP Winter Fun Pack Screensavers
WinPoET Broadband Connection Manager

==== End Of File ===========================

I ran the last scan you requested and have no clue how to copy it.  No copy paste option is available and I have no clipboard.  Please advise

Hi,

When then Anti-Rootkit scan has completed, on the right hand side of the programs screen, there is a "Save" button. Please click that button and the log will automatically be saved to the Windows Clipboard. The Clipboard is not a place you can see, it is where anything that is copied using right click and copy is saved to.

Once you have clicked the Save button, please open notepad, "Start (windows icon, bottom left of screen) > All Programs > Accessories > Notepad > then right click an empty space of Notepad and then click "Paste". A log will then appear.

Save this log as ARK.txt to the desktop, and then please copy/paste it back for review.

Thanks.

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2011-01-29 12:17:46
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD800BB-75JHC0 rev.06.01C06
Running: 145beb7s.exe; Driver: C:\DOCUME~1\OWNER~1.CHR\LOCALS~1\Temp\kwlirpog.sys


---- System - GMER 1.0.15 ----

Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)  ZwCreateProcessEx [0xEF38182E]
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)  ZwCreateSection [0xEF381652]
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)  ZwLoadDriver [0xEF38178C]
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)  NtCreateSection
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)  ObInsertObject
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)  ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                 aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                 aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice  \Driver\Tcpip \Device\Ip                                                               aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                              aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice  \Driver\Tcpip \Device\Udp                                                              aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                            aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----

I apologize for the delay.  I had to run all of these scans in safe mode and I could not find the save button due to screen resolution.  I was able to get my regular screen up now temporarily and found the save.  It only gives me a few minutes before freezing.  That is why I had to scan in safe mode.  That last scan took close to 5 hours.  Thanks for your patience and help.

I do not think the scan results for the last item requested are accurate.  If I run the program in normal mode, the computer shuts off and restarts.  If I run it in safe mode, there is no save button.  I have no way to save the log.  Please advise on maybe another program scan or how to fix this in safe mode.  Thanks.

Hi,

The ARK scan is fine as it is. There is no need to run it again,

Please Disable all Anti-virus/Anti-Spyware/FireWall on your machine(instructions via links below)

• Anti Virus
• Anti Spyware
• Firewall

Please download ComboFix.exe. Please visit THIS webpage for download links, and instructions for running the tool:

ComboFix MUST be saved to your desktop before running the tool

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

When prompted to install the recovery console please make sure to do so as this is a VERY IMPORTANT backup of ComboFix (XP only, Vista/Windows 7 will NOT be propmted to install the recovery console)

You will need to be conected to the net to install the recovery console, if you can not install it DO NOT run ComboFix,
Post back and we will install it manually.

DO NOT mouse click when ComboFix is running as this will cause ComboFix to Stall and it will not work as it should

EXTRA NOTES:

• If Combofix detects a Rootkit on the system it will give a warning and prompt for a reboot, please allow it to do so.
• If Combofix reboot's due to a rootkit, the screen may stay black for a few minutes on reboot, this is normal
• On some Vista machines, after running Combofix, you may receive a warning message about registry key's being listed for deletion, when trying to open certain programs. Please reboot the system and this will fix the issue (These certain items will not be deleted)

Please include the C:\ComboFix.txt in your next reply for further review.

Thanks,
K27.

ComboFix 11-01-30.02 - Owner 01/31/2011   1:25.2.2 - x86
Running from: c:\documents and settings\Owner.CHRISHELL\My Documents\Downloads\ComboFix.exe
 * Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner.CHRISHELL\Application Data\completescan_pal
c:\documents and settings\Owner.CHRISHELL\Application Data\install_pal
c:\documents and settings\Owner.CHRISHELL\Application Data\uid_pal
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\nvDrv.sy
c:\windows\ST6UNST.000

.
(((((((((((((((((((((((((   Files Created from 2010-12-28 to 2011-01-31  )))))))))))))))))))))))))))))))
.

2011-01-26 05:12 . 2011-01-26 04:38    15880    ----a-w-    c:\windows\system32\lsdelete.exe
2011-01-26 04:38 . 2010-12-03 09:05    64288    ----a-w-    c:\windows\system32\drivers\Lbd.sys
2011-01-26 04:31 . 2011-01-26 04:32    --------    dc-h--w-    c:\documents and settings\All Users.WINDOWS\Application Data\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
2011-01-25 17:17 . 2011-01-25 17:42    --------    d-----w-    c:\program files\Test My Hardware
2011-01-25 17:17 . 2009-08-31 15:58    1226324    ----a-w-    c:\program files\testmh30.exe
2011-01-25 17:15 . 2009-08-31 15:58    1226324    ----a-w-    c:\program files\Mozilla Firefox\testmh30.exe
2011-01-24 01:00 . 2011-01-24 01:00    --------    d-----w-    c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Apple Computer
2011-01-24 01:00 . 2011-01-24 01:00    --------    d-----w-    c:\documents and settings\NetworkService.NT AUTHORITY\Application Data\Apple Computer
2011-01-23 19:08 . 2011-01-23 19:08    --------    d-----w-    c:\program files\VS Revo Group
2011-01-23 19:05 . 2011-01-23 19:06    --------    d-----w-    c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Adobe
2011-01-23 17:17 . 2011-01-23 17:17    --------    d-sh--w-    c:\documents and settings\Owner.CHRISHELL\PrivacIE
2011-01-23 09:37 . 2011-01-23 09:37    --------    d-sh--w-    c:\documents and settings\LocalService.NT AUTHORITY\UserData
2011-01-23 03:19 . 2011-01-23 03:19    388096    ----a-r-    c:\documents and settings\Owner.CHRISHELL\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-01-23 03:19 . 2011-01-23 03:19    --------    d-----w-    c:\program files\Trend Micro
2011-01-23 02:44 . 2011-01-23 02:44    --------    d-sh--w-    c:\documents and settings\LocalService.NT AUTHORITY\IETldCache
2011-01-21 01:41 . 2011-01-21 01:41    --------    d-----w-    c:\documents and settings\Owner.CHRISHELL\Local Settings\Application Data\360Amigo
2011-01-21 01:35 . 2011-01-21 01:35    --------    dc----w-    c:\documents and settings\Administrator.CHRISHELL\Local Settings\Application Data\360Amigo
2011-01-21 01:35 . 2011-01-21 01:35    --------    d-----w-    c:\program files\360Amigo
2011-01-20 23:40 . 2011-01-20 23:40    --------    dc----w-    C:\1750e02d52fc4ff23d52ef05cb9a7fd7
2011-01-20 23:21 . 2011-01-20 23:21    --------    dc----w-    C:\923415182e87306e0ba9f3
2011-01-20 23:21 . 2011-01-21 01:00    --------    d-----w-    c:\windows\ie8updates
2011-01-20 23:09 . 2008-06-13 11:05    272128    -c----w-    c:\windows\system32\dllcache\bthport.sys
2011-01-20 23:08 . 2010-09-18 06:53    974848    -c----w-    c:\windows\system32\dllcache\mfc42.dll
2011-01-20 23:08 . 2010-09-18 06:53    953856    -c----w-    c:\windows\system32\dllcache\mfc40u.dll
2011-01-20 23:08 . 2008-08-14 10:04    138496    -c----w-    c:\windows\system32\dllcache\afd.sys
2011-01-20 23:08 . 2010-08-26 13:39    357248    -c----w-    c:\windows\system32\dllcache\srv.sys
2011-01-20 23:08 . 2010-08-23 16:12    617472    -c----w-    c:\windows\system32\dllcache\comctl32.dll
2011-01-20 23:08 . 2010-02-24 13:11    455680    -c----w-    c:\windows\system32\dllcache\mrxsmb.sys
2011-01-20 23:07 . 2009-11-21 15:51    471552    -c----w-    c:\windows\system32\dllcache\aclayers.dll
2011-01-20 23:05 . 2010-06-14 14:31    744448    -c----w-    c:\windows\system32\dllcache\helpsvc.exe
2011-01-20 23:04 . 2010-11-06 00:26    602112    -c----w-    c:\windows\system32\dllcache\msfeeds.dll
2011-01-20 23:04 . 2010-11-06 00:26    55296    -c----w-    c:\windows\system32\dllcache\msfeedsbs.dll
2011-01-20 23:04 . 2010-11-06 00:26    12800    -c----w-    c:\windows\system32\dllcache\xpshims.dll
2011-01-20 23:04 . 2010-11-06 00:26    247808    -c----w-    c:\windows\system32\dllcache\ieproxy.dll
2011-01-20 23:04 . 2010-11-06 00:26    743424    -c----w-    c:\windows\system32\dllcache\iedvtool.dll
2011-01-20 23:04 . 2010-11-06 00:26    1991680    -c----w-    c:\windows\system32\dllcache\iertutil.dll
2011-01-20 23:04 . 2010-11-06 00:26    11080704    -c----w-    c:\windows\system32\dllcache\ieframe.dll
2011-01-20 23:02 . 2010-11-02 15:17    40960    -c----w-    c:\windows\system32\dllcache\ndproxy.sys
2011-01-20 23:01 . 2010-08-27 08:02    119808    -c----w-    c:\windows\system32\dllcache\t2embed.dll
2011-01-20 23:01 . 2009-10-15 16:28    81920    -c----w-    c:\windows\system32\dllcache\fontsub.dll
2011-01-20 23:01 . 2009-03-06 14:22    284160    -c----w-    c:\windows\system32\dllcache\pdh.dll
2011-01-20 23:01 . 2009-02-09 12:10    473600    -c----w-    c:\windows\system32\dllcache\fastprox.dll
2011-01-20 23:01 . 2009-02-09 12:10    401408    -c----w-    c:\windows\system32\dllcache\rpcss.dll
2011-01-20 23:01 . 2009-02-06 11:11    110592    -c----w-    c:\windows\system32\dllcache\services.exe
2011-01-20 23:01 . 2009-02-06 10:10    227840    -c----w-    c:\windows\system32\dllcache\wmiprvse.exe
2011-01-20 23:01 . 2009-06-25 08:25    730112    -c----w-    c:\windows\system32\dllcache\lsasrv.dll
2011-01-20 23:01 . 2009-02-09 12:10    714752    -c----w-    c:\windows\system32\dllcache\ntdll.dll
2011-01-20 23:01 . 2009-02-09 12:10    617472    -c----w-    c:\windows\system32\dllcache\advapi32.dll
2011-01-20 23:01 . 2009-02-09 12:10    453120    -c----w-    c:\windows\system32\dllcache\wmiprvsd.dll
2011-01-20 23:00 . 2009-06-21 21:44    153088    -c----w-    c:\windows\system32\dllcache\triedit.dll
2011-01-20 23:00 . 2010-04-28 02:25    2189952    -c----w-    c:\windows\system32\dllcache\ntoskrnl.exe
2011-01-20 23:00 . 2010-04-27 13:59    2146304    -c----w-    c:\windows\system32\dllcache\ntkrnlmp.exe
2011-01-20 23:00 . 2010-04-27 13:05    2066816    -c----w-    c:\windows\system32\dllcache\ntkrnlpa.exe
2011-01-20 23:00 . 2010-04-27 13:05    2024448    -c----w-    c:\windows\system32\dllcache\ntkrpamp.exe
2011-01-20 22:44 . 2011-01-20 22:44    --------    d-sh--w-    c:\documents and settings\NetworkService.NT AUTHORITY\IETldCache
2011-01-20 22:42 . 2010-06-14 07:41    1172480    -c----w-    c:\windows\system32\dllcache\msxml3.dll
2011-01-20 22:42 . 2008-05-08 14:02    203136    -c----w-    c:\windows\system32\dllcache\rmcast.sys
2011-01-20 22:42 . 2008-05-01 14:33    331776    -c----w-    c:\windows\system32\dllcache\msadce.dll
2011-01-20 22:39 . 2010-06-18 13:36    3558912    -c----w-    c:\windows\system32\dllcache\moviemk.exe
2011-01-20 22:26 . 2008-10-15 16:34    337408    -c----w-    c:\windows\system32\dllcache\netapi32.dll
2011-01-20 22:24 . 2010-10-11 14:59    45568    -c----w-    c:\windows\system32\dllcache\wab.exe
2011-01-20 22:23 . 2010-08-16 08:45    590848    -c----w-    c:\windows\system32\dllcache\rpcrt4.dll
2011-01-20 22:23 . 2010-08-26 12:52    5120    ----a-w-    c:\windows\system32\xpsp4res.dll
2011-01-20 22:19 . 2009-09-04 21:03    58880    -c----w-    c:\windows\system32\dllcache\msasn1.dll
2011-01-20 22:19 . 2009-07-17 16:22    1435648    -c----w-    c:\windows\system32\dllcache\query.dll
2011-01-20 19:15 . 2011-01-20 19:15    --------    dcsh--w-    c:\documents and settings\Administrator.CHRISHELL\PrivacIE
2011-01-20 19:15 . 2011-01-20 19:15    --------    dcsh--w-    c:\documents and settings\Administrator.CHRISHELL\IETldCache
2011-01-20 19:12 . 2011-01-20 19:12    --------    d-sh--w-    c:\documents and settings\Owner.CHRISHELL\IETldCache
2011-01-20 18:58 . 2009-08-07 00:24    15064    ----a-w-    c:\windows\system32\wuapi.dll.mui
2011-01-20 18:58 . 2011-01-20 18:58    --------    dcsh--w-    c:\documents and settings\Administrator.CHRISHELL\UserData
2011-01-16 19:44 . 2011-01-13 08:41    294608    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2011-01-16 19:44 . 2011-01-13 08:37    17744    ----a-w-    c:\windows\system32\drivers\aswFsBlk.sys
2011-01-16 19:44 . 2011-01-13 08:40    47440    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2011-01-16 19:44 . 2011-01-13 08:37    23632    ----a-w-    c:\windows\system32\drivers\aswRdr.sys
2011-01-16 19:44 . 2011-01-13 08:40    100176    ----a-w-    c:\windows\system32\drivers\aswmon2.sys
2011-01-16 19:44 . 2011-01-13 08:39    94544    ----a-w-    c:\windows\system32\drivers\aswmon.sys
2011-01-16 19:44 . 2011-01-13 08:37    29392    ----a-w-    c:\windows\system32\drivers\aavmker4.sys
2011-01-16 19:44 . 2011-01-13 08:47    38848    ----a-w-    c:\windows\avastSS.scr
2011-01-16 19:44 . 2011-01-13 08:47    188216    ----a-w-    c:\windows\system32\aswBoot.exe
2011-01-16 19:43 . 2011-01-16 19:43    --------    dc----w-    c:\documents and settings\All Users.WINDOWS\Application Data\Alwil Software
2011-01-16 19:43 . 2011-01-16 19:43    --------    d-----w-    c:\program files\Alwil Software
2011-01-09 05:50 . 2011-01-09 05:50    --------    dc----w-    c:\documents and settings\Administrator.CHRISHELL\Application Data\Netscape
2011-01-07 20:22 . 2011-01-24 05:23    --------    d-sh--w-    c:\documents and settings\NetworkService.NT AUTHORITY\UserData
2011-01-07 19:07 . 2011-01-07 19:07    --------    dc----w-    C:\$AVG
2011-01-07 18:29 . 2011-01-07 18:29    --------    d-----w-    c:\documents and settings\Owner.CHRISHELL\Application Data\AVG10
2011-01-07 18:26 . 2011-01-07 18:26    --------    dc-h--w-    c:\documents and settings\All Users.WINDOWS\Application Data\Common Files
2011-01-07 18:23 . 2011-01-16 19:35    --------    dc----w-    c:\documents and settings\All Users.WINDOWS\Application Data\AVG10
2011-01-07 18:09 . 2011-01-07 18:22    --------    dc----w-    c:\documents and settings\All Users.WINDOWS\Application Data\MFAData
2011-01-06 22:31 . 2008-04-14 10:42    7680    -c--a-w-    c:\windows\system32\dllcache\migregdb.exe
2011-01-06 22:26 . 2008-04-14 03:06    144384    ------w-    c:\windows\system32\drivers\hdaudbus.sys
2011-01-06 22:26 . 2008-04-14 05:10    10240    ------w-    c:\windows\system32\drivers\sffp_mmc.sys
2011-01-06 17:18 . 2005-09-20 13:31    135168    ----a-w-    c:\windows\system32\igfxres.dll
2011-01-06 16:56 . 2008-04-14 10:41    426041    -c--a-w-    c:\windows\system32\dllcache\voicepad.dll
2011-01-06 16:55 . 2003-07-16 20:23    98304    -c--a-w-    c:\windows\system32\dllcache\msir3jp.dll
2011-01-06 16:54 . 2003-07-16 20:28    25856    -c--a-w-    c:\windows\system32\dllcache\et4000.sys
2011-01-06 16:43 . 2008-04-14 10:42    214528    ----a-w-    c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe
2011-01-06 16:40 . 2009-08-07 00:24    53472    ----a-w-    c:\windows\system32\wuauclt.exe
2011-01-06 16:40 . 2009-08-07 00:23    1929952    ----a-w-    c:\windows\system32\wuaueng.dll
2011-01-06 16:39 . 2008-04-14 10:42    380416    ----a-w-    c:\windows\system32\irprops.cpl
2011-01-06 16:39 . 2008-04-14 10:42    151552    ----a-w-    c:\windows\system32\irftp.exe
2011-01-06 16:39 . 2008-04-14 10:42    8192    ----a-w-    c:\windows\system32\wshirda.dll
2011-01-06 16:39 . 2008-04-14 10:41    28160    ----a-w-    c:\windows\system32\irmon.dll
2011-01-06 16:39 . 2008-04-14 05:24    88192    ----a-w-    c:\windows\system32\drivers\irda.sys
2011-01-06 16:37 . 2001-08-17 18:51    19584    ----a-w-    c:\windows\system32\drivers\rasirda.sys
2011-01-06 16:37 . 2001-08-17 18:51    18688    ----a-w-    c:\windows\system32\drivers\irsir.sys
2011-01-06 16:36 . 2003-07-16 20:46    24661    -c--a-w-    c:\windows\system32\dllcache\spxcoins.dll
2011-01-06 16:36 . 2003-07-16 20:46    24661    ----a-w-    c:\windows\system32\spxcoins.dll
2011-01-06 16:36 . 2003-07-16 20:30    13312    -c--a-w-    c:\windows\system32\dllcache\irclass.dll
2011-01-06 16:36 . 2003-07-16 20:30    13312    ----a-w-    c:\windows\system32\irclass.dll
2011-01-06 05:06 . 2011-01-06 05:06    --------    d-----w-    c:\documents and settings\Default User.WINDOWS\Local Settings\Application Data\Microsoft
2011-01-06 04:54 . 2008-04-14 10:42    188416    ----a-w-    c:\windows\system32\msh261.drv
2011-01-06 04:53 . 2008-04-14 10:42    217088    ----a-w-    c:\program files\Common Files\System\Ole DB\sqlxmlx.dll
2011-01-06 04:52 . 2009-03-08 09:24    68608    ----a-w-    c:\program files\Internet Explorer\hmmapi.dll
2011-01-06 04:52 . 2009-03-08 19:09    638816    ----a-w-    c:\program files\Internet Explorer\iexplore.exe
2011-01-06 04:50 . 2008-04-14 10:42    41472    ----a-w-    c:\windows\system32\wbem\wmipsess.dll
2011-01-06 04:50 . 2009-02-06 10:10    227840    ----a-w-    c:\windows\system32\wbem\wmiprvse.exe
2011-01-06 04:49 . 2009-02-09 12:10    453120    ----a-w-    c:\windows\system32\wbem\wmiprvsd.dll
2011-01-06 04:49 . 2008-04-14 10:42    144896    ----a-w-    c:\windows\system32\wbem\wmiprov.dll
2011-01-06 04:49 . 2008-04-14 10:42    156672    ----a-w-    c:\windows\system32\wbem\wmipcima.dll
2011-01-06 04:49 . 2008-04-14 10:42    140800    ----a-w-    c:\windows\system32\wbem\wmidcprv.dll
2011-01-06 04:49 . 2008-04-14 10:42    60928    ----a-w-    c:\windows\system32\wbem\wmicookr.dll
2011-01-06 04:49 . 2008-04-14 10:42    197120    ----a-w-    c:\windows\system32\wbem\wbemupgd.dll
2011-01-06 04:49 . 2008-04-14 10:42    18944    ----a-w-    c:\windows\system32\wbem\wbemprox.dll
2011-01-06 04:49 . 2008-04-14 10:42    273920    ----a-w-    c:\windows\system32\wbem\wbemess.dll
2011-01-06 04:49 . 2008-04-14 10:42    531456    ----a-w-    c:\windows\system32\wbem\wbemcore.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-26 04:05 . 2008-11-09 23:35    32608    ----a-w-    c:\windows\king-uninstall.exe
2010-12-20 23:09 . 2009-10-24 05:14    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2009-10-24 05:13    19288    ----a-w-    c:\windows\system32\drivers\mbam.sys
2010-12-02 15:39 . 2010-05-25 23:01    98392    ----a-w-    c:\windows\system32\drivers\SBREDrv.sys
2010-12-02 03:35 . 2010-12-02 03:35    4280320    ----a-w-    c:\windows\system32\GPhotos.scr
2010-11-18 18:12 . 2006-06-30 00:57    81920    ----a-w-    c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2003-07-16 20:40    249856    ----a-w-    c:\windows\system32\odbc32.dll
2010-11-06 00:26 . 2003-07-16 20:51    916480    ----a-w-    c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2003-07-16 20:32    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2003-07-16 20:30    1469440    ----a-w-    c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2004-08-04 05:59    385024    ----a-w-    c:\windows\system32\html.iec
2010-11-02 15:17 . 2003-07-16 20:37    40960    ----a-w-    c:\windows\system32\drivers\ndproxy.sys
2005-09-10 05:47 . 2005-09-10 05:47    774144    -c--a-w-    c:\program files\RngInterstitial.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-12-16 2402512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-08-06 1783808]
"SystemProtect"="c:\program files\System Protect\SysProtect_Tray.exe" [2008-02-01 1223680]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0sprestrt\0sprestrt\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Owner.CHRISHELL^Start Menu^Programs^Startup^OpenOffice.org 2.0.lnk]
backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a-winpoet-service]
2004-11-09 14:39    405504    ----a-w-    c:\program files\WinPoET Broadband Connection Manager\WinPPPoverEthernet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 10:42    15360    ----a-w-    c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2004-03-15 05:04    122933    ----a-w-    c:\windows\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2004-04-11 15:43    53248    ------w-    c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX6000 Series]
2006-02-13 08:00    131072    ----a-w-    c:\windows\system32\spool\drivers\w32x86\3\E_FATIBIA.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX6000 Series (Copy 1)]
2006-02-13 08:00    131072    ----a-w-    c:\windows\system32\spool\drivers\w32x86\3\E_FATIBIA.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeApp]
2010-12-29 15:05    814496    ----a-w-    c:\program files\FreeApps\FreeApps.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP]
2006-11-01 23:43    1591808    ----a-w-    c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-09-20 13:32    77824    ----a-w-    c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-09-20 13:36    114688    ----a-w-    c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-09-20 13:35    94208    ----a-w-    c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-06-28 13:14    270648    ----a-w-    c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 10:42    1695232    --sh--w-    c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NCLaunch]
2006-07-29 01:54    40960    -c--a-w-    c:\windows\NCLAUNCH.EXe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-04-27 13:41    282624    ----a-w-    c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
2010-11-18 16:39    524288    ----a-w-    c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 15:43    248040    ----a-w-    c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-11-28 16:18    274608    ----a-w-    c:\program files\Real\RealPlayer\Update\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2003-08-19 05:01    110592    ----a-w-    c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 20:45    313472    ----a-r-    c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R2 CoachCap;Concord EyeQ Duo 2000 USB Video Capture V1.00;c:\windows\system32\drivers\CoachCap.sys
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-01-26 1402272]
R3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\Drivers\ICDUSB2.sys [2002-11-29 39048]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2010-12-03 15264]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-12-03 64288]
S1 aswSP;aswSP;
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2008-08-06 141312]
S2 aswFsBlk;aswFsBlk;
S2 SP_Service;System Protect Deletion Prevention Service;c:\program files\System Protect\SysProtect_srv.exe [2008-02-01 598528]
S2 TopWinPoETDriver;WinPoET PPPoE Optimized Driver;c:\windows\system32\DRIVERS\WrKPoET2000.sys [2004-09-16 52214]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 sp_prot;System Protect Filter Driver;c:\windows\system32\drivers\sp_prot.sys [2008-02-01 12288]
S3 WrKPoET2000;WrKPoET2000;c:\program files\WinPoET Broadband Connection Manager\WrKPoET2000.sys [2004-09-16 52214]
S3 WRSWanDD;WinPoET PPPoE Adapter;c:\windows\system32\DRIVERS\WrKPoETNic2000.sys [2002-10-28 65604]

.
Contents of the 'Scheduled Tasks' folder

2011-01-31 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-12-03 04:38]

2011-01-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-2052111302-839522115-1003Core.job
- c:\documents and settings\Owner.CHRISHELL\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-01 20:27]

2011-01-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-2052111302-839522115-1003UA.job
- c:\documents and settings\Owner.CHRISHELL\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-01 20:27]

2011-01-31 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-299502267-2052111302-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]

2011-01-31 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-299502267-2052111302-839522115-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]

2011-01-31 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-299502267-2052111302-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]

2011-01-24 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-299502267-2052111302-839522115-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
.
.
------- Supplementary Scan -------
.
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Display All Images with Full Quality - c:\program files\NetZero\qsacc\appres.dll/228
IE: Display Image with Full Quality - c:\program files\NetZero\qsacc\appres.dll/227
IE: { {7220F1C9-B7E0-47a6-A0BD-D5B3940BCC79}
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Owner.CHRISHELL\Application Data\Mozilla\Firefox\Profiles\0vua28g2.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - www.ebay.com
FF - prefs.js: keyword.URL - hxxp://search.avg.com/?d=4d275b0d&i=23&tp=ab&nt=1&q=
FF - prefs.js: network.proxy.type - 0
FF - Ext: WeatherBug: {3EC9C995-8072-4fc0-953E-4F30620D17F3} - %profile%\extensions\{3EC9C995-8072-4fc0-953E-4F30620D17F3}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: vShare Plugin: vshareus@toolbar - %profile%\extensions\vshareus@toolbar
FF - Ext: SOE Web Installer: {000F1EA4-5E08-4564-A29B-29076F63A37A} - %profile%\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\Owner.CHRISHELL\Application Data\Move Networks
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Pepsi Volume Controller 3 - c:\program files\Zamaan's Software\Pepsi Volume Controller 3.0\pvc3.0.exe
AddRemove-{DBAC1413-D5AE-4c89-AE9A-B330B02DBAB0} - c:\program files\eVoice Player 1.0\Uninstall.exe
AddRemove-SOE-Clone Wars - c:\program files\Sony Online Entertainment\Installed Games\Clone Wars\Uninstaller.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-31 01:38
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-299502267-2052111302-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{326F0EA2-6842-EA1D-B07F-F5AC0FD7E0E7}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"nagnmjneamjkilkkglmicofhljla"=hex:6a,61,6a,65,64,63,6e,70,6b,6e,6c,66,68,6a,
   70,6c,63,64,65,69,00,00
"maancendhcbnkpljhabdcgbahn"=hex:6a,61,6a,65,64,63,6e,70,6b,6e,6c,66,68,6a,70,
   6c,63,64,65,69,00,00
.
Completion time: 2011-01-31  01:47:08
ComboFix-quarantined-files.txt  2011-01-31 06:46
ComboFix2.txt  2011-01-26 06:56

Pre-Run: 43,527,700,480 bytes free
Post-Run: 43,599,552,512 bytes free

- - End Of File - - 33685D424D0EF398BD2EF97D45470A4E

Hi,

There is important information missing from the Combofix header, please repost the log located at C:\Combofix.txt,

Also, please tell me, did you have trouble running Combofix? This log is from the second time the tool was run. Please post the other Combofix log that is located at C:\qoobox\Combofix2.txt.

Thanks.

ComboFix 11-01-30.02 - Owner 01/31/2011   1:25.2.2 - x86
Running from: c:\documents and settings\Owner.CHRISHELL\My Documents\Downloads\ComboFix.exe
 * Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner.CHRISHELL\Application Data\completescan_pal
c:\documents and settings\Owner.CHRISHELL\Application Data\install_pal
c:\documents and settings\Owner.CHRISHELL\Application Data\uid_pal
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\nvDrv.sy
c:\windows\ST6UNST.000

.
(((((((((((((((((((((((((   Files Created from 2010-12-28 to 2011-01-31  )))))))))))))))))))))))))))))))
.

2011-01-26 05:12 . 2011-01-26 04:38    15880    ----a-w-    c:\windows\system32\lsdelete.exe
2011-01-26 04:38 . 2010-12-03 09:05    64288    ----a-w-    c:\windows\system32\drivers\Lbd.sys
2011-01-26 04:31 . 2011-01-26 04:32    --------    dc-h--w-    c:\documents and settings\All Users.WINDOWS\Application Data\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
2011-01-25 17:17 . 2011-01-25 17:42    --------    d-----w-    c:\program files\Test My Hardware
2011-01-25 17:17 . 2009-08-31 15:58    1226324    ----a-w-    c:\program files\testmh30.exe
2011-01-25 17:15 . 2009-08-31 15:58    1226324    ----a-w-    c:\program files\Mozilla Firefox\testmh30.exe
2011-01-24 01:00 . 2011-01-24 01:00    --------    d-----w-    c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Apple Computer
2011-01-24 01:00 . 2011-01-24 01:00    --------    d-----w-    c:\documents and settings\NetworkService.NT AUTHORITY\Application Data\Apple Computer
2011-01-23 19:08 . 2011-01-23 19:08    --------    d-----w-    c:\program files\VS Revo Group
2011-01-23 19:05 . 2011-01-23 19:06    --------    d-----w-    c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Adobe
2011-01-23 17:17 . 2011-01-23 17:17    --------    d-sh--w-    c:\documents and settings\Owner.CHRISHELL\PrivacIE
2011-01-23 09:37 . 2011-01-23 09:37    --------    d-sh--w-    c:\documents and settings\LocalService.NT AUTHORITY\UserData
2011-01-23 03:19 . 2011-01-23 03:19    388096    ----a-r-    c:\documents and settings\Owner.CHRISHELL\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-01-23 03:19 . 2011-01-23 03:19    --------    d-----w-    c:\program files\Trend Micro
2011-01-23 02:44 . 2011-01-23 02:44    --------    d-sh--w-    c:\documents and settings\LocalService.NT AUTHORITY\IETldCache
2011-01-21 01:41 . 2011-01-21 01:41    --------    d-----w-    c:\documents and settings\Owner.CHRISHELL\Local Settings\Application Data\360Amigo
2011-01-21 01:35 . 2011-01-21 01:35    --------    dc----w-    c:\documents and settings\Administrator.CHRISHELL\Local Settings\Application Data\360Amigo
2011-01-21 01:35 . 2011-01-21 01:35    --------    d-----w-    c:\program files\360Amigo
2011-01-20 23:40 . 2011-01-20 23:40    --------    dc----w-    C:\1750e02d52fc4ff23d52ef05cb9a7fd7
2011-01-20 23:21 . 2011-01-20 23:21    --------    dc----w-    C:\923415182e87306e0ba9f3
2011-01-20 23:21 . 2011-01-21 01:00    --------    d-----w-    c:\windows\ie8updates
2011-01-20 23:09 . 2008-06-13 11:05    272128    -c----w-    c:\windows\system32\dllcache\bthport.sys
2011-01-20 23:08 . 2010-09-18 06:53    974848    -c----w-    c:\windows\system32\dllcache\mfc42.dll
2011-01-20 23:08 . 2010-09-18 06:53    953856    -c----w-    c:\windows\system32\dllcache\mfc40u.dll
2011-01-20 23:08 . 2008-08-14 10:04    138496    -c----w-    c:\windows\system32\dllcache\afd.sys
2011-01-20 23:08 . 2010-08-26 13:39    357248    -c----w-    c:\windows\system32\dllcache\srv.sys
2011-01-20 23:08 . 2010-08-23 16:12    617472    -c----w-    c:\windows\system32\dllcache\comctl32.dll
2011-01-20 23:08 . 2010-02-24 13:11    455680    -c----w-    c:\windows\system32\dllcache\mrxsmb.sys
2011-01-20 23:07 . 2009-11-21 15:51    471552    -c----w-    c:\windows\system32\dllcache\aclayers.dll
2011-01-20 23:05 . 2010-06-14 14:31    744448    -c----w-    c:\windows\system32\dllcache\helpsvc.exe
2011-01-20 23:04 . 2010-11-06 00:26    602112    -c----w-    c:\windows\system32\dllcache\msfeeds.dll
2011-01-20 23:04 . 2010-11-06 00:26    55296    -c----w-    c:\windows\system32\dllcache\msfeedsbs.dll
2011-01-20 23:04 . 2010-11-06 00:26    12800    -c----w-    c:\windows\system32\dllcache\xpshims.dll
2011-01-20 23:04 . 2010-11-06 00:26    247808    -c----w-    c:\windows\system32\dllcache\ieproxy.dll
2011-01-20 23:04 . 2010-11-06 00:26    743424    -c----w-    c:\windows\system32\dllcache\iedvtool.dll
2011-01-20 23:04 . 2010-11-06 00:26    1991680    -c----w-    c:\windows\system32\dllcache\iertutil.dll
2011-01-20 23:04 . 2010-11-06 00:26    11080704    -c----w-    c:\windows\system32\dllcache\ieframe.dll
2011-01-20 23:02 . 2010-11-02 15:17    40960    -c----w-    c:\windows\system32\dllcache\ndproxy.sys
2011-01-20 23:01 . 2010-08-27 08:02    119808    -c----w-    c:\windows\system32\dllcache\t2embed.dll
2011-01-20 23:01 . 2009-10-15 16:28    81920    -c----w-    c:\windows\system32\dllcache\fontsub.dll
2011-01-20 23:01 . 2009-03-06 14:22    284160    -c----w-    c:\windows\system32\dllcache\pdh.dll
2011-01-20 23:01 . 2009-02-09 12:10    473600    -c----w-    c:\windows\system32\dllcache\fastprox.dll
2011-01-20 23:01 . 2009-02-09 12:10    401408    -c----w-    c:\windows\system32\dllcache\rpcss.dll
2011-01-20 23:01 . 2009-02-06 11:11    110592    -c----w-    c:\windows\system32\dllcache\services.exe
2011-01-20 23:01 . 2009-02-06 10:10    227840    -c----w-    c:\windows\system32\dllcache\wmiprvse.exe
2011-01-20 23:01 . 2009-06-25 08:25    730112    -c----w-    c:\windows\system32\dllcache\lsasrv.dll
2011-01-20 23:01 . 2009-02-09 12:10    714752    -c----w-    c:\windows\system32\dllcache\ntdll.dll
2011-01-20 23:01 . 2009-02-09 12:10    617472    -c----w-    c:\windows\system32\dllcache\advapi32.dll
2011-01-20 23:01 . 2009-02-09 12:10    453120    -c----w-    c:\windows\system32\dllcache\wmiprvsd.dll
2011-01-20 23:00 . 2009-06-21 21:44    153088    -c----w-    c:\windows\system32\dllcache\triedit.dll
2011-01-20 23:00 . 2010-04-28 02:25    2189952    -c----w-    c:\windows\system32\dllcache\ntoskrnl.exe
2011-01-20 23:00 . 2010-04-27 13:59    2146304    -c----w-    c:\windows\system32\dllcache\ntkrnlmp.exe
2011-01-20 23:00 . 2010-04-27 13:05    2066816    -c----w-    c:\windows\system32\dllcache\ntkrnlpa.exe
2011-01-20 23:00 . 2010-04-27 13:05    2024448    -c----w-    c:\windows\system32\dllcache\ntkrpamp.exe
2011-01-20 22:44 . 2011-01-20 22:44    --------    d-sh--w-    c:\documents and settings\NetworkService.NT AUTHORITY\IETldCache
2011-01-20 22:42 . 2010-06-14 07:41    1172480    -c----w-    c:\windows\system32\dllcache\msxml3.dll
2011-01-20 22:42 . 2008-05-08 14:02    203136    -c----w-    c:\windows\system32\dllcache\rmcast.sys
2011-01-20 22:42 . 2008-05-01 14:33    331776    -c----w-    c:\windows\system32\dllcache\msadce.dll
2011-01-20 22:39 . 2010-06-18 13:36    3558912    -c----w-    c:\windows\system32\dllcache\moviemk.exe
2011-01-20 22:26 . 2008-10-15 16:34    337408    -c----w-    c:\windows\system32\dllcache\netapi32.dll
2011-01-20 22:24 . 2010-10-11 14:59    45568    -c----w-    c:\windows\system32\dllcache\wab.exe
2011-01-20 22:23 . 2010-08-16 08:45    590848    -c----w-    c:\windows\system32\dllcache\rpcrt4.dll
2011-01-20 22:23 . 2010-08-26 12:52    5120    ----a-w-    c:\windows\system32\xpsp4res.dll
2011-01-20 22:19 . 2009-09-04 21:03    58880    -c----w-    c:\windows\system32\dllcache\msasn1.dll
2011-01-20 22:19 . 2009-07-17 16:22    1435648    -c----w-    c:\windows\system32\dllcache\query.dll
2011-01-20 19:15 . 2011-01-20 19:15    --------    dcsh--w-    c:\documents and settings\Administrator.CHRISHELL\PrivacIE
2011-01-20 19:15 . 2011-01-20 19:15    --------    dcsh--w-    c:\documents and settings\Administrator.CHRISHELL\IETldCache
2011-01-20 19:12 . 2011-01-20 19:12    --------    d-sh--w-    c:\documents and settings\Owner.CHRISHELL\IETldCache
2011-01-20 18:58 . 2009-08-07 00:24    15064    ----a-w-    c:\windows\system32\wuapi.dll.mui
2011-01-20 18:58 . 2011-01-20 18:58    --------    dcsh--w-    c:\documents and settings\Administrator.CHRISHELL\UserData
2011-01-16 19:44 . 2011-01-13 08:41    294608    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2011-01-16 19:44 . 2011-01-13 08:37    17744    ----a-w-    c:\windows\system32\drivers\aswFsBlk.sys
2011-01-16 19:44 . 2011-01-13 08:40    47440    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2011-01-16 19:44 . 2011-01-13 08:37    23632    ----a-w-    c:\windows\system32\drivers\aswRdr.sys
2011-01-16 19:44 . 2011-01-13 08:40    100176    ----a-w-    c:\windows\system32\drivers\aswmon2.sys
2011-01-16 19:44 . 2011-01-13 08:39    94544    ----a-w-    c:\windows\system32\drivers\aswmon.sys
2011-01-16 19:44 . 2011-01-13 08:37    29392    ----a-w-    c:\windows\system32\drivers\aavmker4.sys
2011-01-16 19:44 . 2011-01-13 08:47    38848    ----a-w-    c:\windows\avastSS.scr
2011-01-16 19:44 . 2011-01-13 08:47    188216    ----a-w-    c:\windows\system32\aswBoot.exe
2011-01-16 19:43 . 2011-01-16 19:43    --------    dc----w-    c:\documents and settings\All Users.WINDOWS\Application Data\Alwil Software
2011-01-16 19:43 . 2011-01-16 19:43    --------    d-----w-    c:\program files\Alwil Software
2011-01-09 05:50 . 2011-01-09 05:50    --------    dc----w-    c:\documents and settings\Administrator.CHRISHELL\Application Data\Netscape
2011-01-07 20:22 . 2011-01-24 05:23    --------    d-sh--w-    c:\documents and settings\NetworkService.NT AUTHORITY\UserData
2011-01-07 19:07 . 2011-01-07 19:07    --------    dc----w-    C:\$AVG
2011-01-07 18:29 . 2011-01-07 18:29    --------    d-----w-    c:\documents and settings\Owner.CHRISHELL\Application Data\AVG10
2011-01-07 18:26 . 2011-01-07 18:26    --------    dc-h--w-    c:\documents and settings\All Users.WINDOWS\Application Data\Common Files
2011-01-07 18:23 . 2011-01-16 19:35    --------    dc----w-    c:\documents and settings\All Users.WINDOWS\Application Data\AVG10
2011-01-07 18:09 . 2011-01-07 18:22    --------    dc----w-    c:\documents and settings\All Users.WINDOWS\Application Data\MFAData
2011-01-06 22:31 . 2008-04-14 10:42    7680    -c--a-w-    c:\windows\system32\dllcache\migregdb.exe
2011-01-06 22:26 . 2008-04-14 03:06    144384    ------w-    c:\windows\system32\drivers\hdaudbus.sys
2011-01-06 22:26 . 2008-04-14 05:10    10240    ------w-    c:\windows\system32\drivers\sffp_mmc.sys
2011-01-06 17:18 . 2005-09-20 13:31    135168    ----a-w-    c:\windows\system32\igfxres.dll
2011-01-06 16:56 . 2008-04-14 10:41    426041    -c--a-w-    c:\windows\system32\dllcache\voicepad.dll
2011-01-06 16:55 . 2003-07-16 20:23    98304    -c--a-w-    c:\windows\system32\dllcache\msir3jp.dll
2011-01-06 16:54 . 2003-07-16 20:28    25856    -c--a-w-    c:\windows\system32\dllcache\et4000.sys
2011-01-06 16:43 . 2008-04-14 10:42    214528    ----a-w-    c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe
2011-01-06 16:40 . 2009-08-07 00:24    53472    ----a-w-    c:\windows\system32\wuauclt.exe
2011-01-06 16:40 . 2009-08-07 00:23    1929952    ----a-w-    c:\windows\system32\wuaueng.dll
2011-01-06 16:39 . 2008-04-14 10:42    380416    ----a-w-    c:\windows\system32\irprops.cpl
2011-01-06 16:39 . 2008-04-14 10:42    151552    ----a-w-    c:\windows\system32\irftp.exe
2011-01-06 16:39 . 2008-04-14 10:42    8192    ----a-w-    c:\windows\system32\wshirda.dll
2011-01-06 16:39 . 2008-04-14 10:41    28160    ----a-w-    c:\windows\system32\irmon.dll
2011-01-06 16:39 . 2008-04-14 05:24    88192    ----a-w-    c:\windows\system32\drivers\irda.sys
2011-01-06 16:37 . 2001-08-17 18:51    19584    ----a-w-    c:\windows\system32\drivers\rasirda.sys
2011-01-06 16:37 . 2001-08-17 18:51    18688    ----a-w-    c:\windows\system32\drivers\irsir.sys
2011-01-06 16:36 . 2003-07-16 20:46    24661    -c--a-w-    c:\windows\system32\dllcache\spxcoins.dll
2011-01-06 16:36 . 2003-07-16 20:46    24661    ----a-w-    c:\windows\system32\spxcoins.dll
2011-01-06 16:36 . 2003-07-16 20:30    13312    -c--a-w-    c:\windows\system32\dllcache\irclass.dll
2011-01-06 16:36 . 2003-07-16 20:30    13312    ----a-w-    c:\windows\system32\irclass.dll
2011-01-06 05:06 . 2011-01-06 05:06    --------    d-----w-    c:\documents and settings\Default User.WINDOWS\Local Settings\Application Data\Microsoft
2011-01-06 04:54 . 2008-04-14 10:42    188416    ----a-w-    c:\windows\system32\msh261.drv
2011-01-06 04:53 . 2008-04-14 10:42    217088    ----a-w-    c:\program files\Common Files\System\Ole DB\sqlxmlx.dll
2011-01-06 04:52 . 2009-03-08 09:24    68608    ----a-w-    c:\program files\Internet Explorer\hmmapi.dll
2011-01-06 04:52 . 2009-03-08 19:09    638816    ----a-w-    c:\program files\Internet Explorer\iexplore.exe
2011-01-06 04:50 . 2008-04-14 10:42    41472    ----a-w-    c:\windows\system32\wbem\wmipsess.dll
2011-01-06 04:50 . 2009-02-06 10:10    227840    ----a-w-    c:\windows\system32\wbem\wmiprvse.exe
2011-01-06 04:49 . 2009-02-09 12:10    453120    ----a-w-    c:\windows\system32\wbem\wmiprvsd.dll
2011-01-06 04:49 . 2008-04-14 10:42    144896    ----a-w-    c:\windows\system32\wbem\wmiprov.dll
2011-01-06 04:49 . 2008-04-14 10:42    156672    ----a-w-    c:\windows\system32\wbem\wmipcima.dll
2011-01-06 04:49 . 2008-04-14 10:42    140800    ----a-w-    c:\windows\system32\wbem\wmidcprv.dll
2011-01-06 04:49 . 2008-04-14 10:42    60928    ----a-w-    c:\windows\system32\wbem\wmicookr.dll
2011-01-06 04:49 . 2008-04-14 10:42    197120    ----a-w-    c:\windows\system32\wbem\wbemupgd.dll
2011-01-06 04:49 . 2008-04-14 10:42    18944    ----a-w-    c:\windows\system32\wbem\wbemprox.dll
2011-01-06 04:49 . 2008-04-14 10:42    273920    ----a-w-    c:\windows\system32\wbem\wbemess.dll
2011-01-06 04:49 . 2008-04-14 10:42    531456    ----a-w-    c:\windows\system32\wbem\wbemcore.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-26 04:05 . 2008-11-09 23:35    32608    ----a-w-    c:\windows\king-uninstall.exe
2010-12-20 23:09 . 2009-10-24 05:14    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2009-10-24 05:13    19288    ----a-w-    c:\windows\system32\drivers\mbam.sys
2010-12-02 15:39 . 2010-05-25 23:01    98392    ----a-w-    c:\windows\system32\drivers\SBREDrv.sys
2010-12-02 03:35 . 2010-12-02 03:35    4280320    ----a-w-    c:\windows\system32\GPhotos.scr
2010-11-18 18:12 . 2006-06-30 00:57    81920    ----a-w-    c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2003-07-16 20:40    249856    ----a-w-    c:\windows\system32\odbc32.dll
2010-11-06 00:26 . 2003-07-16 20:51    916480    ----a-w-    c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2003-07-16 20:32    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2003-07-16 20:30    1469440    ----a-w-    c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2004-08-04 05:59    385024    ----a-w-    c:\windows\system32\html.iec
2010-11-02 15:17 . 2003-07-16 20:37    40960    ----a-w-    c:\windows\system32\drivers\ndproxy.sys
2005-09-10 05:47 . 2005-09-10 05:47    774144    -c--a-w-    c:\program files\RngInterstitial.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-12-16 2402512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-08-06 1783808]
"SystemProtect"="c:\program files\System Protect\SysProtect_Tray.exe" [2008-02-01 1223680]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0sprestrt\0sprestrt\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Owner.CHRISHELL^Start Menu^Programs^Startup^OpenOffice.org 2.0.lnk]
backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a-winpoet-service]
2004-11-09 14:39    405504    ----a-w-    c:\program files\WinPoET Broadband Connection Manager\WinPPPoverEthernet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 10:42    15360    ----a-w-    c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2004-03-15 05:04    122933    ----a-w-    c:\windows\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2004-04-11 15:43    53248    ------w-    c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX6000 Series]
2006-02-13 08:00    131072    ----a-w-    c:\windows\system32\spool\drivers\w32x86\3\E_FATIBIA.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX6000 Series (Copy 1)]
2006-02-13 08:00    131072    ----a-w-    c:\windows\system32\spool\drivers\w32x86\3\E_FATIBIA.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeApp]
2010-12-29 15:05    814496    ----a-w-    c:\program files\FreeApps\FreeApps.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP]
2006-11-01 23:43    1591808    ----a-w-    c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-09-20 13:32    77824    ----a-w-    c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-09-20 13:36    114688    ----a-w-    c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-09-20 13:35    94208    ----a-w-    c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-06-28 13:14    270648    ----a-w-    c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 10:42    1695232    --sh--w-    c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NCLaunch]
2006-07-29 01:54    40960    -c--a-w-    c:\windows\NCLAUNCH.EXe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-04-27 13:41    282624    ----a-w-    c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
2010-11-18 16:39    524288    ----a-w-    c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 15:43    248040    ----a-w-    c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-11-28 16:18    274608    ----a-w-    c:\program files\Real\RealPlayer\Update\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2003-08-19 05:01    110592    ----a-w-    c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 20:45    313472    ----a-r-    c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R2 CoachCap;Concord EyeQ Duo 2000 USB Video Capture V1.00;c:\windows\system32\drivers\CoachCap.sys
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-01-26 1402272]
R3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\Drivers\ICDUSB2.sys [2002-11-29 39048]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2010-12-03 15264]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-12-03 64288]
S1 aswSP;aswSP;
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2008-08-06 141312]
S2 aswFsBlk;aswFsBlk;
S2 SP_Service;System Protect Deletion Prevention Service;c:\program files\System Protect\SysProtect_srv.exe [2008-02-01 598528]
S2 TopWinPoETDriver;WinPoET PPPoE Optimized Driver;c:\windows\system32\DRIVERS\WrKPoET2000.sys [2004-09-16 52214]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 sp_prot;System Protect Filter Driver;c:\windows\system32\drivers\sp_prot.sys [2008-02-01 12288]
S3 WrKPoET2000;WrKPoET2000;c:\program files\WinPoET Broadband Connection Manager\WrKPoET2000.sys [2004-09-16 52214]
S3 WRSWanDD;WinPoET PPPoE Adapter;c:\windows\system32\DRIVERS\WrKPoETNic2000.sys [2002-10-28 65604]

.
Contents of the 'Scheduled Tasks' folder

2011-01-31 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-12-03 04:38]

2011-01-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-2052111302-839522115-1003Core.job
- c:\documents and settings\Owner.CHRISHELL\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-01 20:27]

2011-01-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-2052111302-839522115-1003UA.job
- c:\documents and settings\Owner.CHRISHELL\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-01 20:27]

2011-01-31 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-299502267-2052111302-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]

2011-01-31 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-299502267-2052111302-839522115-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]

2011-01-31 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-299502267-2052111302-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]

2011-01-24 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-299502267-2052111302-839522115-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
.
.
------- Supplementary Scan -------
.
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Display All Images with Full Quality - c:\program files\NetZero\qsacc\appres.dll/228
IE: Display Image with Full Quality - c:\program files\NetZero\qsacc\appres.dll/227
IE: { {7220F1C9-B7E0-47a6-A0BD-D5B3940BCC79}
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Owner.CHRISHELL\Application Data\Mozilla\Firefox\Profiles\0vua28g2.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - www.ebay.com
FF - prefs.js: keyword.URL - hxxp://search.avg.com/?d=4d275b0d&i=23&tp=ab&nt=1&q=
FF - prefs.js: network.proxy.type - 0
FF - Ext: WeatherBug: {3EC9C995-8072-4fc0-953E-4F30620D17F3} - %profile%\extensions\{3EC9C995-8072-4fc0-953E-4F30620D17F3}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: vShare Plugin: vshareus@toolbar - %profile%\extensions\vshareus@toolbar
FF - Ext: SOE Web Installer: {000F1EA4-5E08-4564-A29B-29076F63A37A} - %profile%\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\Owner.CHRISHELL\Application Data\Move Networks
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Pepsi Volume Controller 3 - c:\program files\Zamaan's Software\Pepsi Volume Controller 3.0\pvc3.0.exe
AddRemove-{DBAC1413-D5AE-4c89-AE9A-B330B02DBAB0} - c:\program files\eVoice Player 1.0\Uninstall.exe
AddRemove-SOE-Clone Wars - c:\program files\Sony Online Entertainment\Installed Games\Clone Wars\Uninstaller.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-31 01:38
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-299502267-2052111302-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{326F0EA2-6842-EA1D-B07F-F5AC0FD7E0E7}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"nagnmjneamjkilkkglmicofhljla"=hex:6a,61,6a,65,64,63,6e,70,6b,6e,6c,66,68,6a,
   70,6c,63,64,65,69,00,00
"maancendhcbnkpljhabdcgbahn"=hex:6a,61,6a,65,64,63,6e,70,6b,6e,6c,66,68,6a,70,
   6c,63,64,65,69,00,00
.
Completion time: 2011-01-31  01:47:08
ComboFix-quarantined-files.txt  2011-01-31 06:46
ComboFix2.txt  2011-01-26 06:56

Pre-Run: 43,527,700,480 bytes free
Post-Run: 43,599,552,512 bytes free

- - End Of File - - 33685D424D0EF398BD2EF97D45470A4E

ComboFix 11-01-25.01 - Owner 01/26/2011   1:15.1.2 - x86 NETWORK
Running from: c:\documents and settings\Owner.CHRISHELL\My Documents\Downloads\ComboFix.exe
 * Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner.CHRISHELL\Start Menu\Programs\Win Defragmenter
c:\documents and settings\Owner\cookies\hpothb07.dat
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\music\mainmenumusic.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\areabomb.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\beetlezap.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\bonusrow.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\bonustimer.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\bucketfilled.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\clearpyramid.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle1a.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle1b.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle1c.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle2a.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle2b.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle2c.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\colorchain.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\dialogbox.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\drumbeat.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\fillrow.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\gateopen.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\helptip.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\powerup.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\rotateboardleft.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\timerup.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\warning.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\warning2.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\artifacts-bb.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\bar.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\chamber0.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\chamber1.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\circledoor.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\full_screen_dialog.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\global-hs-bb_large.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\global-hs-bb_small.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\help-bb_large.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\help-bb_small.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\hexfield.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\hidden-artifact_icon.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\large_dialog.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\local-hs-bb.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\mainmenu.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\small_dialog.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\textfield.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\trifield.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetlehover1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetlehover2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetlehover3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetlehover4.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetleshock1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetleshock2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetleshock3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetleshock4.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetletatoo.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\dirt.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\scarabpost.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\scarabpostovr.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\tritop.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowdown_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowdown_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowdown_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowleft_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowleft_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowleft_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowright_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowright_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowright_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowup_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowup_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowup_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowleft_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowleft_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowleft_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowright_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowright_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowright_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\checkdown.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\checkup.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\long_button_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\long_button_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\long_button_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\orange-button_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\orange-button_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\orange-button_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotleft_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotleft_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotleft_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotright_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotright_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotright_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\simplebutton_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\simplebutton_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\simplebutton_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\sliderknob.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\sliderknobover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\sliderrail.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\characters\anwar\look\pl0001.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\characters\bast\look\bl0001.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\characters\kristine\look\kl0001.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\crackedstopper.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\cursor.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\doorlights.txt
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\fonts\jackarmstrong.mvec
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\fonts\lithos.mvec
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\greybomb.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\helptips\arrowkeys.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\helptips\helptip.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\levels\levels.dat
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\disk.mesh
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\equilateraltriangle.mesh
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\flattri.mesh
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\pyramid.mesh
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\quad.mesh
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\rotatingpyramid.mesh
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\scarabpanel.mesh
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\p1icon.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\scenes\page1-0.xml
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\scenes\page1-1.xml
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\scenes\panel1-0-1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\scenes\panel1-1-1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\scorecloud.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\setup.xml
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\areashockwave.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_4.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_starter.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_tail.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\flash.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\rubble.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\smoke.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\smoke2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\smoke3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\splash\aol_logo.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\splash\playfirst_logo.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\statues\statue0\snake_dirty.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\statues\statue1\arm01_dirty.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\statues\statue1\mask01_1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\statues\statue1\statue01_dirty.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\stopper.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\timer.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\timerglow.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\timericon.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\tm.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseblue1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseblue2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseblue3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousegreen1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousegreen2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousegreen3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousered1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousered2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousered3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseyellow1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseyellow2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseyellow3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\areabomb.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\areabombrollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\blue.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\bluerollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\boardfill.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\brick.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\brick1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\brick2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\brick3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\bricktip.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared4.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared5.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared6.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\eye1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\eye2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\eye3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\eye4.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\green.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\greenrollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-blue.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-bluerollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-green.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-greenrollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-red.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-redrollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-yellow.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-yellowrollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\red.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\redrollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\wild.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\wildrollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\yellow.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\yellowrollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\upsell\image0.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\upsell\image1.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\upsell\image2.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\upsell\image3.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\bluebucket.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\buckettriangle.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\chainlink.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\chaintip.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\genericbucket.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\greenbucket.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\redbucket.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\smallblue.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\smallgreen.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\smallred.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\smallyellow.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\urnglow.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\urnplatform.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\yellowbucket.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\warning.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\error.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\game.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\gameover.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\hiscore.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\hiscoreinfo.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\hiscoresubmit.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\instructions.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\leveldesign.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\levelover.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\mainarcade.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\mainconfirm.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\maincontinue.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\maingames.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\mainpuzzle.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\maphelptip.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\options.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\pause.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\quitconfirm.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\start.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\storyplayer.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\style.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\upsell.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\strings.xml
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\TriJinx.exe
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FREEZESCREENSAVER


(((((((((((((((((((((((((   Files Created from 2010-12-26 to 2011-01-26  )))))))))))))))))))))))))))))))
.

2011-01-26 05:12 . 2011-01-26 04:38    15880    ----a-w-    c:\windows\system32\lsdelete.exe
2011-01-26 04:38 . 2010-12-03 09:05    64288    ----a-w-    c:\windows\system32\drivers\Lbd.sys
2011-01-26 04:31 . 2011-01-26 04:32    --------    dc-h--w-    c:\documents and settings\All Users.WINDOWS\Application Data\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
2011-01-25 17:17 . 2011-01-25 17:42    --------    d-----w-    c:\program files\Test My Hardware
2011-01-25 17:17 . 2009-08-31 15:58    1226324    ----a-w-    c:\program files\testmh30.exe
2011-01-25 17:15 . 2009-08-31 15:58    1226324    ----a-w-    c:\program files\Mozilla Firefox\testmh30.exe
2011-01-24 01:00 . 2011-01-24 01:00    --------    d-----w-    c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Apple Computer
2011-01-24 01:00 . 2011-01-24 01:00    --------    d-----w-    c:\documents and settings\NetworkService.NT AUTHORITY\Application Data\Apple Computer
2011-01-23 19:08 . 2011-01-23 19:08    --------    d-----w-    c:\program files\VS Revo Group
2011-01-23 19:06 . 2011-01-23 19:06    58880    ---ha-w-    c:\windows\system32\cisvplay.dll
2011-01-23 19:05 . 2011-01-23 19:06    --------    d-----w-    c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Adobe
2011-01-23 17:17 . 2011-01-23 17:17    --------    d-sh--w-    c:\documents and settings\Owner.CHRISHELL\PrivacIE
2011-01-23 09:37 . 2011-01-23 09:37    --------    d-sh--w-    c:\documents and settings\LocalService.NT AUTHORITY\UserData
2011-01-23 03:19 . 2011-01-23 03:19    388096    ----a-r-    c:\documents and settings\Owner.CHRISHELL\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-01-23 03:19 . 2011-01-23 03:19    --------    d-----w-    c:\program files\Trend Micro
2011-01-23 02:44 . 2011-01-23 02:44    --------    d-sh--w-    c:\documents and settings\LocalService.NT AUTHORITY\IETldCache
2011-01-21 01:41 . 2011-01-21 01:41    --------    d-----w-    c:\documents and settings\Owner.CHRISHELL\Local Settings\Application Data\360Amigo
2011-01-21 01:35 . 2011-01-21 01:35    --------    dc----w-    c:\documents and settings\Administrator.CHRISHELL\Local Settings\Application Data\360Amigo
2011-01-21 01:35 . 2011-01-21 01:35    --------    d-----w-    c:\program files\360Amigo
2011-01-20 23:40 . 2011-01-20 23:40    --------    dc----w-    C:\1750e02d52fc4ff23d52ef05cb9a7fd7
2011-01-20 23:21 . 2011-01-20 23:21    --------    dc----w-    C:\923415182e87306e0ba9f3
2011-01-20 23:21 . 2011-01-21 01:00    --------    d-----w-    c:\windows\ie8updates
2011-01-20 23:09 . 2008-06-13 11:05    272128    -c----w-    c:\windows\system32\dllcache\bthport.sys
2011-01-20 23:08 . 2010-09-18 06:53    974848    -c----w-    c:\windows\system32\dllcache\mfc42.dll
2011-01-20 23:08 . 2010-09-18 06:53    953856    -c----w-    c:\windows\system32\dllcache\mfc40u.dll
2011-01-20 23:08 . 2008-08-14 10:04    138496    -c----w-    c:\windows\system32\dllcache\afd.sys
2011-01-20 23:08 . 2010-08-26 13:39    357248    -c----w-    c:\windows\system32\dllcache\srv.sys
2011-01-20 23:08 . 2010-08-23 16:12    617472    -c----w-    c:\windows\system32\dllcache\comctl32.dll
2011-01-20 23:08 . 2010-02-24 13:11    455680    -c----w-    c:\windows\system32\dllcache\mrxsmb.sys
2011-01-20 23:07 . 2009-11-21 15:51    471552    -c----w-    c:\windows\system32\dllcache\aclayers.dll
2011-01-20 23:05 . 2010-06-14 14:31    744448    -c----w-    c:\windows\system32\dllcache\helpsvc.exe
2011-01-20 23:04 . 2010-11-06 00:26    602112    -c----w-    c:\windows\system32\dllcache\msfeeds.dll
2011-01-20 23:04 . 2010-11-06 00:26    55296    -c----w-    c:\windows\system32\dllcache\msfeedsbs.dll
2011-01-20 23:04 . 2010-11-06 00:26    12800    -c----w-    c:\windows\system32\dllcache\xpshims.dll
2011-01-20 23:04 . 2010-11-06 00:26    247808    -c----w-    c:\windows\system32\dllcache\ieproxy.dll
2011-01-20 23:04 . 2010-11-06 00:26    743424    -c----w-    c:\windows\system32\dllcache\iedvtool.dll
2011-01-20 23:04 . 2010-11-06 00:26    1991680    -c----w-    c:\windows\system32\dllcache\iertutil.dll
2011-01-20 23:04 . 2010-11-06 00:26    11080704    -c----w-    c:\windows\system32\dllcache\ieframe.dll
2011-01-20 23:02 . 2010-11-02 15:17    40960    -c----w-    c:\windows\system32\dllcache\ndproxy.sys
2011-01-20 23:01 . 2010-08-27 08:02    119808    -c----w-    c:\windows\system32\dllcache\t2embed.dll
2011-01-20 23:01 . 2009-10-15 16:28    81920    -c----w-    c:\windows\system32\dllcache\fontsub.dll
2011-01-20 23:01 . 2009-03-06 14:22    284160    -c----w-    c:\windows\system32\dllcache\pdh.dll
2011-01-20 23:01 . 2009-02-09 12:10    473600    -c----w-    c:\windows\system32\dllcache\fastprox.dll
2011-01-20 23:01 . 2009-02-09 12:10    401408    -c----w-    c:\windows\system32\dllcache\rpcss.dll
2011-01-20 23:01 . 2009-02-06 11:11    110592    -c----w-    c:\windows\system32\dllcache\services.exe
2011-01-20 23:01 . 2009-02-06 10:10    227840    -c----w-    c:\windows\system32\dllcache\wmiprvse.exe
2011-01-20 23:01 . 2009-06-25 08:25    730112    -c----w-    c:\windows\system32\dllcache\lsasrv.dll
2011-01-20 23:01 . 2009-02-09 12:10    714752    -c----w-    c:\windows\system32\dllcache\ntdll.dll
2011-01-20 23:01 . 2009-02-09 12:10    617472    -c----w-    c:\windows\system32\dllcache\advapi32.dll
2011-01-20 23:01 . 2009-02-09 12:10    453120    -c----w-    c:\windows\system32\dllcache\wmiprvsd.dll
2011-01-20 23:00 . 2009-06-21 21:44    153088    -c----w-    c:\windows\system32\dllcache\triedit.dll
2011-01-20 23:00 . 2010-04-28 02:25    2189952    -c----w-    c:\windows\system32\dllcache\ntoskrnl.exe
2011-01-20 23:00 . 2010-04-27 13:59    2146304    -c----w-    c:\windows\system32\dllcache\ntkrnlmp.exe
2011-01-20 23:00 . 2010-04-27 13:05    2066816    -c----w-    c:\windows\system32\dllcache\ntkrnlpa.exe
2011-01-20 23:00 . 2010-04-27 13:05    2024448    -c----w-    c:\windows\system32\dllcache\ntkrpamp.exe
2011-01-20 22:44 . 2011-01-20 22:44    --------    d-sh--w-    c:\documents and settings\NetworkService.NT AUTHORITY\IETldCache
2011-01-20 22:42 . 2010-06-14 07:41    1172480    -c----w-    c:\windows\system32\dllcache\msxml3.dll
2011-01-20 22:42 . 2008-05-08 14:02    203136    -c----w-    c:\windows\system32\dllcache\rmcast.sys
2011-01-20 22:42 . 2008-05-01 14:33    331776    -c----w-    c:\windows\system32\dllcache\msadce.dll
2011-01-20 22:39 . 2010-06-18 13:36    3558912    -c----w-    c:\windows\system32\dllcache\moviemk.exe
2011-01-20 22:26 . 2008-10-15 16:34    337408    -c----w-    c:\windows\system32\dllcache\netapi32.dll
2011-01-20 22:24 . 2010-10-11 14:59    45568    -c----w-    c:\windows\system32\dllcache\wab.exe
2011-01-20 22:23 . 2010-08-16 08:45    590848    -c----w-    c:\windows\system32\dllcache\rpcrt4.dll
2011-01-20 22:23 . 2010-08-26 12:52    5120    ----a-w-    c:\windows\system32\xpsp4res.dll
2011-01-20 22:19 . 2009-09-04 21:03    58880    -c----w-    c:\windows\system32\dllcache\msasn1.dll
2011-01-20 22:19 . 2009-07-17 16:22    1435648    -c----w-    c:\windows\system32\dllcache\query.dll
2011-01-20 19:15 . 2011-01-20 19:15    --------    dcsh--w-    c:\documents and settings\Administrator.CHRISHELL\PrivacIE
2011-01-20 19:15 . 2011-01-20 19:15    --------    dcsh--w-    c:\documents and settings\Administrator.CHRISHELL\IETldCache
2011-01-20 19:12 . 2011-01-20 19:12    --------    d-sh--w-    c:\documents and settings\Owner.CHRISHELL\IETldCache
2011-01-20 18:58 . 2009-08-07 00:24    15064    ----a-w-    c:\windows\system32\wuapi.dll.mui
2011-01-20 18:58 . 2011-01-20 18:58    --------    dcsh--w-    c:\documents and settings\Administrator.CHRISHELL\UserData
2011-01-16 19:44 . 2011-01-13 08:41    294608    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2011-01-16 19:44 . 2011-01-13 08:37    17744    ----a-w-    c:\windows\system32\drivers\aswFsBlk.sys
2011-01-16 19:44 . 2011-01-13 08:40    47440    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2011-01-16 19:44 . 2011-01-13 08:37    23632    ----a-w-    c:\windows\system32\drivers\aswRdr.sys
2011-01-16 19:44 . 2011-01-13 08:40    100176    ----a-w-    c:\windows\system32\drivers\aswmon2.sys
2011-01-16 19:44 . 2011-01-13 08:39    94544    ----a-w-    c:\windows\system32\drivers\aswmon.sys
2011-01-16 19:44 . 2011-01-13 08:37    29392    ----a-w-    c:\windows\system32\drivers\aavmker4.sys
2011-01-16 19:44 . 2011-01-13 08:47    38848    ----a-w-    c:\windows\avastSS.scr
2011-01-16 19:44 . 2011-01-13 08:47    188216    ----a-w-    c:\windows\system32\aswBoot.exe
2011-01-16 19:43 . 2011-01-16 19:43    --------    dc----w-    c:\documents and settings\All Users.WINDOWS\Application Data\Alwil Software
2011-01-16 19:43 . 2011-01-16 19:43    --------    d-----w-    c:\program files\Alwil Software
2011-01-09 05:50 . 2011-01-09 05:50    --------    dc----w-    c:\documents and settings\Administrator.CHRISHELL\Application Data\Netscape
2011-01-07 20:22 . 2011-01-24 05:23    --------    d-sh--w-    c:\documents and settings\NetworkService.NT AUTHORITY\UserData
2011-01-07 19:07 . 2011-01-07 19:07    --------    dc----w-    C:\$AVG
2011-01-07 18:29 . 2011-01-07 18:29    --------    d-----w-    c:\documents and settings\Owner.CHRISHELL\Application Data\AVG10
2011-01-07 18:26 . 2011-01-07 18:26    --------    dc-h--w-    c:\documents and settings\All Users.WINDOWS\Application Data\Common Files
2011-01-07 18:23 . 2011-01-16 19:35    --------    dc----w-    c:\documents and settings\All Users.WINDOWS\Application Data\AVG10
2011-01-07 18:22 . 2011-01-07 18:22    --------    d-----w-    c:\program files\AVG
2011-01-07 18:09 . 2011-01-07 18:22    --------    dc----w-    c:\documents and settings\All Users.WINDOWS\Application Data\MFAData
2011-01-06 22:31 . 2008-04-14 10:42    7680    -c--a-w-    c:\windows\system32\dllcache\migregdb.exe
2011-01-06 22:26 . 2008-04-14 03:06    144384    ------w-    c:\windows\system32\drivers\hdaudbus.sys
2011-01-06 22:26 . 2008-04-14 05:10    10240    ------w-    c:\windows\system32\drivers\sffp_mmc.sys
2011-01-06 17:18 . 2005-09-20 13:31    135168    ----a-w-    c:\windows\system32\igfxres.dll
2011-01-06 16:56 . 2008-04-14 10:41    426041    -c--a-w-    c:\windows\system32\dllcache\voicepad.dll
2011-01-06 16:55 . 2003-07-16 20:23    98304    -c--a-w-    c:\windows\system32\dllcache\msir3jp.dll
2011-01-06 16:54 . 2003-07-16 20:28    25856    -c--a-w-    c:\windows\system32\dllcache\et4000.sys
2011-01-06 16:43 . 2008-04-14 10:42    214528    ----a-w-    c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe
2011-01-06 16:40 . 2009-08-07 00:24    53472    ----a-w-    c:\windows\system32\wuauclt.exe
2011-01-06 16:40 . 2009-08-07 00:23    1929952    ----a-w-    c:\windows\system32\wuaueng.dll
2011-01-06 16:39 . 2008-04-14 10:42    380416    ----a-w-    c:\windows\system32\irprops.cpl
2011-01-06 16:39 . 2008-04-14 10:42    151552    ----a-w-    c:\windows\system32\irftp.exe
2011-01-06 16:39 . 2008-04-14 10:42    8192    ----a-w-    c:\windows\system32\wshirda.dll
2011-01-06 16:39 . 2008-04-14 10:41    28160    ----a-w-    c:\windows\system32\irmon.dll
2011-01-06 16:39 . 2008-04-14 05:24    88192    ----a-w-    c:\windows\system32\drivers\irda.sys
2011-01-06 16:37 . 2001-08-17 18:51    19584    ----a-w-    c:\windows\system32\drivers\rasirda.sys
2011-01-06 16:37 . 2001-08-17 18:51    18688    ----a-w-    c:\windows\system32\drivers\irsir.sys
2011-01-06 16:36 . 2003-07-16 20:46    24661    -c--a-w-    c:\windows\system32\dllcache\spxcoins.dll
2011-01-06 16:36 . 2003-07-16 20:46    24661    ----a-w-    c:\windows\system32\spxcoins.dll
2011-01-06 16:36 . 2003-07-16 20:30    13312    -c--a-w-    c:\windows\system32\dllcache\irclass.dll
2011-01-06 16:36 . 2003-07-16 20:30    13312    ----a-w-    c:\windows\system32\irclass.dll
2011-01-06 05:06 . 2011-01-06 05:06    --------    d-----w-    c:\documents and settings\Default User.WINDOWS\Local Settings\Application Data\Microsoft
2011-01-06 04:54 . 2008-04-14 10:42    188416    ----a-w-    c:\windows\system32\msh261.drv
2011-01-06 04:53 . 2008-04-14 10:42    217088    ----a-w-    c:\program files\Common Files\System\Ole DB\sqlxmlx.dll
2011-01-06 04:52 . 2009-03-08 09:24    68608    ----a-w-    c:\program files\Internet Explorer\hmmapi.dll
2011-01-06 04:52 . 2009-03-08 19:09    638816    ----a-w-    c:\program files\Internet Explorer\iexplore.exe
2011-01-06 04:50 . 2008-04-14 10:42    41472    ----a-w-    c:\windows\system32\wbem\wmipsess.dll
2011-01-06 04:50 . 2009-02-06 10:10    227840    ----a-w-    c:\windows\system32\wbem\wmiprvse.exe
2011-01-06 04:49 . 2009-02-09 12:10    453120    ----a-w-    c:\windows\system32\wbem\wmiprvsd.dll
2011-01-06 04:49 . 2008-04-14 10:42    144896    ----a-w-    c:\windows\system32\wbem\wmiprov.dll
2011-01-06 04:49 . 2008-04-14 10:42    156672    ----a-w-    c:\windows\system32\wbem\wmipcima.dll
2011-01-06 04:49 . 2008-04-14 10:42    140800    ----a-w-    c:\windows\system32\wbem\wmidcprv.dll
2011-01-06 04:49 . 2008-04-14 10:42    60928    ----a-w-    c:\windows\system32\wbem\wmicookr.dll
2011-01-06 04:49 . 2008-04-14 10:42    197120    ----a-w-    c:\windows\system32\wbem\wbemupgd.dll
2011-01-06 04:49 . 2008-04-14 10:42    18944    ----a-w-    c:\windows\system32\wbem\wbemprox.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-26 04:05 . 2008-11-09 23:35    32608    ----a-w-    c:\windows\king-uninstall.exe
2010-12-20 23:09 . 2009-10-24 05:14    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2009-10-24 05:13    19288    ----a-w-    c:\windows\system32\drivers\mbam.sys
2010-12-02 15:39 . 2010-05-25 23:01    98392    ----a-w-    c:\windows\system32\drivers\SBREDrv.sys
2010-11-18 18:12 . 2006-06-30 00:57    81920    ----a-w-    c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2003-07-16 20:40    249856    ----a-w-    c:\windows\system32\odbc32.dll
2010-11-06 00:26 . 2003-07-16 20:51    916480    ----a-w-    c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2003-07-16 20:32    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2003-07-16 20:30    1469440    ----a-w-    c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2004-08-04 05:59    385024    ----a-w-    c:\windows\system32\html.iec
2010-11-02 15:17 . 2003-07-16 20:37    40960    ----a-w-    c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2003-07-16 20:24    290048    ----a-w-    c:\windows\system32\atmfd.dll
2005-09-10 05:47 . 2005-09-10 05:47    774144    -c--a-w-    c:\program files\RngInterstitial.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-12-16 2402512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-08-06 1783808]
"SystemProtect"="c:\program files\System Protect\SysProtect_Tray.exe" [2008-02-01 1223680]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0sprestrt\0sprestrt\0\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Owner.CHRISHELL^Start Menu^Programs^Startup^OpenOffice.org 2.0.lnk]
backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetZero_uoltray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a-winpoet-service]
2004-11-09 14:39    405504    ----a-w-    c:\program files\WinPoET Broadband Connection Manager\WinPPPoverEthernet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 10:42    15360    ----a-w-    c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2004-03-15 05:04    122933    ----a-w-    c:\windows\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2004-04-11 15:43    53248    ------w-    c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX6000 Series]
2006-02-13 08:00    131072    ----a-w-    c:\windows\system32\spool\drivers\w32x86\3\E_FATIBIA.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX6000 Series (Copy 1)]
2006-02-13 08:00    131072    ----a-w-    c:\windows\system32\spool\drivers\w32x86\3\E_FATIBIA.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeApp]
2010-12-29 15:05    814496    ----a-w-    c:\program files\FreeApps\FreeApps.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP]
2006-11-01 23:43    1591808    ----a-w-    c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-09-20 13:32    77824    ----a-w-    c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-09-20 13:36    114688    ----a-w-    c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-09-20 13:35    94208    ----a-w-    c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-06-28 13:14    270648    ----a-w-    c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 10:42    1695232    --sh--w-    c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NCLaunch]
2006-07-29 01:54    40960    -c--a-w-    c:\windows\NCLAUNCH.EXe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pepsi Volume Controller 3.0]
2006-04-08 05:56    798720    ----a-w-    c:\program files\Zamaan's Software\Pepsi Volume Controller 3.0\pvc3.0.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-04-27 13:41    282624    ----a-w-    c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
2010-11-18 16:39    524288    ----a-w-    c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 15:43    248040    ----a-w-    c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-11-28 16:18    274608    ----a-w-    c:\program files\Real\RealPlayer\Update\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2003-08-19 05:01    110592    ----a-w-    c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 20:45    313472    ----a-r-    c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R2 CoachCap;Concord EyeQ Duo 2000 USB Video Capture V1.00;c:\windows\system32\drivers\CoachCap.sys
R3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\Drivers\ICDUSB2.sys [2002-11-29 39048]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2010-12-03 15264]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-12-03 64288]
S1 aswSP;aswSP;
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2008-08-06 141312]
S2 aswFsBlk;aswFsBlk;
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-01-26 1402272]
S2 SP_Service;System Protect Deletion Prevention Service;c:\program files\System Protect\SysProtect_srv.exe [2008-02-01 598528]
S2 TopWinPoETDriver;WinPoET PPPoE Optimized Driver;c:\windows\system32\DRIVERS\WrKPoET2000.sys [2004-09-16 52214]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 sp_prot;System Protect Filter Driver;c:\windows\system32\drivers\sp_prot.sys [2008-02-01 12288]
S3 WrKPoET2000;WrKPoET2000;c:\program files\WinPoET Broadband Connection Manager\WrKPoET2000.sys [2004-09-16 52214]
S3 WRSWanDD;WinPoET PPPoE Adapter;c:\windows\system32\DRIVERS\WrKPoETNic2000.sys [2002-10-28 65604]

.
Contents of the 'Scheduled Tasks' folder

2011-01-26 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-12-03 04:38]

2011-01-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-2052111302-839522115-1003Core.job
- c:\documents and settings\Owner.CHRISHELL\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-01 20:27]

2011-01-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-2052111302-839522115-1003UA.job
- c:\documents and settings\Owner.CHRISHELL\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-01 20:27]

2011-01-26 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-299502267-2052111302-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]

2011-01-26 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-299502267-2052111302-839522115-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]

2011-01-26 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-299502267-2052111302-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]

2011-01-24 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-299502267-2052111302-839522115-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]

2011-01-10 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-12-29 23:08]
.
.
------- Supplementary Scan -------
.
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Display All Images with Full Quality - c:\program files\NetZero\qsacc\appres.dll/228
IE: Display Image with Full Quality - c:\program files\NetZero\qsacc\appres.dll/227
IE: { {7220F1C9-B7E0-47a6-A0BD-D5B3940BCC79}
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Owner.CHRISHELL\Application Data\Mozilla\Firefox\Profiles\0vua28g2.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - www.ebay.com
FF - prefs.js: keyword.URL - hxxp://search.avg.com/?d=4d275b0d&i=23&tp=ab&nt=1&q=
FF - prefs.js: network.proxy.type - 0
FF - Ext: WeatherBug: {3EC9C995-8072-4fc0-953E-4F30620D17F3} - %profile%\extensions\{3EC9C995-8072-4fc0-953E-4F30620D17F3}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: vShare Plugin: vshareus@toolbar - %profile%\extensions\vshareus@toolbar
FF - Ext: SOE Web Installer: {000F1EA4-5E08-4564-A29B-29076F63A37A} - %profile%\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\Owner.CHRISHELL\Application Data\Move Networks
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - ORPHANS REMOVED - - - -

BHO-{1AD7AB31-1FC2-4beb-A856-6F88A158E3F8} - (no file)
SharedTaskScheduler-{d3ecf5b6-844f-4cc9-a62b-ee3c461e16d8} - (no file)
SharedTaskScheduler-{7f44535f-19f0-4a12-ae4c-4e14e564aebf} - (no file)
SharedTaskScheduler-{e67ae821-42d0-4500-a4cc-68bc9adca2fa} - (no file)
SharedTaskScheduler-{23181d47-bcd2-4bef-96a2-f7e05b14b96b} - (no file)
SharedTaskScheduler-{95edc027-7a9c-442b-bf00-0748090de395} - (no file)
SharedTaskScheduler-{735186e9-b083-4c0e-bf53-8d6649f72e28} - (no file)
SharedTaskScheduler-{979281ab-5569-4663-a116-9b88b5963b04} - (no file)
SharedTaskScheduler-{06b263fe-35a7-4e01-a3fd-026ac861d83b} - (no file)
SharedTaskScheduler-{ae667e10-5bd5-49d0-8b50-437320265177} - (no file)
SharedTaskScheduler-{269ed097-1b0b-49d3-88f9-41fdeec95f27} - (no file)
SSODL-dawofoned-{d3ecf5b6-844f-4cc9-a62b-ee3c461e16d8} - (no file)
SSODL-fuzofevuz-{7f44535f-19f0-4a12-ae4c-4e14e564aebf} - (no file)
SSODL-yebugonoz-{e67ae821-42d0-4500-a4cc-68bc9adca2fa} - (no file)
SSODL-savoduyid-{23181d47-bcd2-4bef-96a2-f7e05b14b96b} - (no file)
SSODL-dibuyizen-{95edc027-7a9c-442b-bf00-0748090de395} - (no file)
SSODL-gayedowik-{735186e9-b083-4c0e-bf53-8d6649f72e28} - (no file)
SSODL-zovoditum-{979281ab-5569-4663-a116-9b88b5963b04} - (no file)
SSODL-zagewazid-{06b263fe-35a7-4e01-a3fd-026ac861d83b} - (no file)
SSODL-sajeyuraj-{ae667e10-5bd5-49d0-8b50-437320265177} - (no file)
SSODL-yiwosedeb-{269ed097-1b0b-49d3-88f9-41fdeec95f27} - (no file)
MSConfigStartUp-ruloleyip - c:\windows\system32\matizava.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-26 01:39
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-299502267-2052111302-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{326F0EA2-6842-EA1D-B07F-F5AC0FD7E0E7}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"nagnmjneamjkilkkglmicofhljla"=hex:6a,61,6a,65,64,63,6e,70,6b,6e,6c,66,68,6a,
   70,6c,63,64,65,69,00,00
"maancendhcbnkpljhabdcgbahn"=hex:6a,61,6a,65,64,63,6e,70,6b,6e,6c,66,68,6a,70,
   6c,63,64,65,69,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2852)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Analog Devices\SoundMAX\spkrmon.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\WinPoET Broadband Connection Manager\WrOS.EXE
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2011-01-26  01:56:46 - machine was rebooted
ComboFix-quarantined-files.txt  2011-01-26 06:56

Pre-Run: 33,101,729,792 bytes free
Post-Run: 33,628,557,312 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - E70F0B06BAC1449D027E001F3CF4040C

I ran combofix a few days before contacting you in the forum. About a week prior to that my girlfriends daughter was on myspace and an ad popped up that instructed her to run a scan on the computer because of all of the viruses and problems it found.  She did not know any better and allowed that to go which infected my computer.  Within a day I had nothing coming up but a black screen.  I installed the windows 98 recovery disk and was able to get the computer running again, but with all kinds of problems.  I googled info at the time on what could help and tried several different programs to clean the computer out.  None of them worked permanently including combofix. I was not until I downloaded Hijack this that I learned of this forum and how to ask for help.  My latest run of combofix seemed to help a little, but within 6 hours the internet is freezing again.  I am in safe mode again.  When I start up safe mode, I get a choice of administrator or user login.  I do not know if these scans are cleaning the entire computer, or if there is a hidden profile that is storing these viruses.  I figured I better explain the situation to you better.  I hope these combofix logs help and thank you very much for your time.  I appreciate any help I can get.