You're welcome.

Hi there. I just reinstalled my Avira antivirus and performed a full scan. Unfortunately, the BDS/Small.iuj was still detected. I don't know how to attach a print screen here, but I have a print screen just in case you'd like to see. Avira then has a prompt with two choices to either "Repair all" or "Cancel." If I click the repair all option, it would delete the explorer.exe and Explorer.EXE (I really don't know the difference).

I clicked cancel for the meanwhile. What should I do next?

Thank you.

By the way, here's the report from Avira:



Avira AntiVir Personal
Report file date: Thursday, March 04, 2010 11:57

Scanning for 1814064 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 2) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : SHERWIN

Version information:
BUILD.DAT : 9.0.0.415 21609 Bytes 11/8/2009 10:00:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 10/13/2009 03:26:33
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 02:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 03:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 02:58:52
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 23:35:52
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 03:52:22
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 03:52:40
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 03:52:46
VBASE004.VDF : 7.10.3.76 2048 Bytes 1/26/2010 03:52:47
VBASE005.VDF : 7.10.3.77 2048 Bytes 1/26/2010 03:52:47
VBASE006.VDF : 7.10.3.78 2048 Bytes 1/26/2010 03:52:47
VBASE007.VDF : 7.10.3.79 2048 Bytes 1/26/2010 03:52:48
VBASE008.VDF : 7.10.3.80 2048 Bytes 1/26/2010 03:52:48
VBASE009.VDF : 7.10.3.81 2048 Bytes 1/26/2010 03:52:48
VBASE010.VDF : 7.10.3.82 2048 Bytes 1/26/2010 03:52:49
VBASE011.VDF : 7.10.3.83 2048 Bytes 1/26/2010 03:52:49
VBASE012.VDF : 7.10.3.84 2048 Bytes 1/26/2010 03:52:49
VBASE013.VDF : 7.10.3.85 2048 Bytes 1/26/2010 03:52:50
VBASE014.VDF : 7.10.3.122 172544 Bytes 1/29/2010 03:52:51
VBASE015.VDF : 7.10.3.149 79872 Bytes 2/1/2010 03:52:52
VBASE016.VDF : 7.10.3.174 68608 Bytes 2/3/2010 03:52:52
VBASE017.VDF : 7.10.3.199 76800 Bytes 2/4/2010 03:52:53
VBASE018.VDF : 7.10.3.222 64512 Bytes 2/5/2010 03:52:54
VBASE019.VDF : 7.10.3.243 75776 Bytes 2/8/2010 03:52:55
VBASE020.VDF : 7.10.4.6 81920 Bytes 2/9/2010 03:52:55
VBASE021.VDF : 7.10.4.30 78848 Bytes 2/11/2010 03:52:56
VBASE022.VDF : 7.10.4.50 107520 Bytes 2/15/2010 03:52:57
VBASE023.VDF : 7.10.4.62 105472 Bytes 2/15/2010 03:52:58
VBASE024.VDF : 7.10.4.85 111616 Bytes 2/17/2010 03:52:59
VBASE025.VDF : 7.10.4.109 122368 Bytes 2/21/2010 03:53:00
VBASE026.VDF : 7.10.4.128 109056 Bytes 2/23/2010 03:53:00
VBASE027.VDF : 7.10.4.151 111104 Bytes 2/26/2010 03:53:01
VBASE028.VDF : 7.10.4.170 132608 Bytes 3/1/2010 03:53:02
VBASE029.VDF : 7.10.4.184 100864 Bytes 3/2/2010 03:53:03
VBASE030.VDF : 7.10.4.185 2048 Bytes 3/2/2010 03:53:04
VBASE031.VDF : 7.10.4.192 80896 Bytes 3/3/2010 03:53:04
Engineversion : 8.2.1.180
AEVDF.DLL : 8.1.1.3 106868 Bytes 3/4/2010 03:53:21
AESCRIPT.DLL : 8.1.3.17 1032570 Bytes 3/4/2010 03:53:21
AESCN.DLL : 8.1.5.0 127347 Bytes 3/4/2010 03:53:18
AESBX.DLL : 8.1.2.0 254323 Bytes 3/4/2010 03:53:22
AERDL.DLL : 8.1.4.2 479602 Bytes 3/4/2010 03:53:18
AEPACK.DLL : 8.2.1.0 426356 Bytes 3/4/2010 03:53:16
AEOFFICE.DLL : 8.1.0.39 196987 Bytes 3/4/2010 03:53:15
AEHEUR.DLL : 8.1.1.7 2326902 Bytes 3/4/2010 03:53:14
AEHELP.DLL : 8.1.10.1 237942 Bytes 3/4/2010 03:53:08
AEGEN.DLL : 8.1.2.0 373107 Bytes 3/4/2010 03:53:07
AEEMU.DLL : 8.1.1.0 393587 Bytes 11/7/2009 23:38:26
AECORE.DLL : 8.1.12.2 188790 Bytes 3/4/2010 03:53:05
AEBB.DLL : 8.1.0.3 53618 Bytes 11/7/2009 23:38:20
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 00:47:59
AVPREF.DLL : 9.0.3.0 44289 Bytes 8/26/2009 07:14:02
AVREP.DLL : 8.0.0.7 159784 Bytes 3/4/2010 03:53:24
AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 02:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 07:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 02:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 07:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 00:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 02:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/2009 07:39:58
RCTEXT.DLL : 9.0.73.0 86785 Bytes 10/13/2009 04:25:47

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Thursday, March 04, 2010 11:57

Starting search for hidden objects.
'26783' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'Dot1XCfg.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'YahooAUService.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'hsssrv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'openvpnas.exe' - '1' Module(s) have been scanned
Scan process 'RtkBtMnt.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'quicknote.exe' - '1' Module(s) have been scanned
Scan process 'GoogleDesktop.exe' - '1' Module(s) have been scanned
Scan process 'vsnpstd3.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'EOUWiz.exe' - '1' Module(s) have been scanned
Scan process 'iFrmewrk.exe' - '1' Module(s) have been scanned
Scan process 'ZCfgSvc.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\WINDOWS.0\Explorer.EXE'
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned
Scan process 'EvtEng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

42 processes with 42 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
C:\WINDOWS.0\Explorer.EXE
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Small.iuj back-door program
C:\WINDOWS.0\Explorer.EXE
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Small.iuj back-door program

The registry was scanned ( '53' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\WINDOWS.0\explorer.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Small.iuj back-door program
Begin scan in 'D:\'

Beginning disinfection:
C:\WINDOWS.0\Explorer.EXE
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Small.iuj back-door program
[WARNING] The file was ignored!
C:\WINDOWS.0\Explorer.EXE
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Small.iuj back-door program
[WARNING] The file was ignored!
C:\WINDOWS.0\explorer.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Small.iuj back-door program
[WARNING] The file was ignored!


End of the scan: Thursday, March 04, 2010 13:02
Used time: 53:12 Minute(s)

The scan has been done completely.

8859 Scanned directories
323780 Files were scanned
4 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
1 Files cannot be scanned
323775 Files not concerned
2373 Archives were scanned
4 Warnings
1 Notes
26783 Objects were scanned with rootkit scan
0 Hidden objects were found

I've noticed the following:

Explorer.EXE and explorer.exe

Thank you.

Hmm...odd.

I see the situation at hand.

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• Under the Custom Scan box paste this in
  
  %SYSTEMDRIVE%\*.exe
  %systemroot%\*. /mp /s
  /md5start
  eventlog.dll
  scecli.dll
  netlogon.dll
  cngaudit.dll
  sceclt.dll
  nvstor.sys
  nvstor32.sys
  atapi.sys
  explorer.exe
  svchost.exe
  /md5stop
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time
    
  
  

As requested, here are the logs:

OTL.txt:

OTL logfile created on: 3/4/2010 2:35:31 PM - Run 1
OTL by OldTimer - Version 3.1.32.0 Folder = C:\Documents and Settings\scs\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 112.00 Mb Available Physical Memory | 22.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS.0 | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 12.45 Gb Free Space | 31.87% Space Free | Partition Type: NTFS
Drive D: | 35.47 Gb Total Space | 12.27 Gb Free Space | 34.60% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SHERWIN
Current User Name: scs
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/03/04 14:34:33 | 000,551,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\scs\Desktop\OTL.exe
PRC - [2010/03/04 08:56:02 | 000,507,904 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\scs\Local Settings\Temp\RtkBtMnt.exe
PRC - [2010/02/19 15:24:01 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/12/01 03:22:05 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/11/25 12:53:56 | 000,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2009/07/21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/07/15 08:02:14 | 000,131,632 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe
PRC - [2009/06/16 05:21:26 | 000,331,312 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/12/02 08:20:20 | 001,183,744 | ---- | M] (JC&MB) -- C:\Program Files\Quicknote\quicknote.exe
PRC - [2006/04/14 18:56:12 | 000,569,413 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
PRC - [2006/04/14 18:52:18 | 000,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2006/04/14 18:51:52 | 000,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2006/04/14 18:49:28 | 000,397,381 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2006/04/14 18:44:58 | 000,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2006/04/14 18:43:02 | 000,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2006/04/14 18:42:26 | 000,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2006/01/13 09:46:46 | 001,075,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.0\explorer.exe
PRC - [2005/09/05 15:55:08 | 000,339,968 | ---- | M] () -- C:\WINDOWS.0\vsnpstd3.exe


========== Modules (SafeList) ==========

MOD - [2010/03/04 14:34:33 | 000,551,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\scs\Desktop\OTL.exe
MOD - [2006/01/13 09:10:05 | 001,053,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.0\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2649_x-ww_aac16c8b\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (iPod Service)
SRV - [2009/11/25 12:53:56 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2009/07/21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/07/15 08:02:20 | 000,057,640 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2009/07/15 08:02:14 | 000,131,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService)
SRV - [2009/06/16 05:21:26 | 000,331,312 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006/10/02 16:07:42 | 000,016,384 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Blackdialer\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2006/04/14 18:44:58 | 000,540,745 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
SRV - [2006/04/14 18:43:02 | 000,114,753 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2006/04/14 18:42:26 | 000,217,164 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2006/01/13 09:52:59 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.0\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.0\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?r320=1245772600
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://m.www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {d84a846d-f7cb-4187-a408-b171020e8940}:1.2.1
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=ffds1&p="
FF - prefs.js..network.proxy.http: "proxy.smartbro.net"
FF - prefs.js..network.proxy.http_port: 8080


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/19 15:24:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/19 15:24:22 | 000,000,000 | ---D | M]

[2008/09/11 18:28:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\scs\Application Data\Mozilla\Extensions
[2010/03/03 18:45:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\scs\Application Data\Mozilla\Firefox\Profiles\5xtyzkil.default\extensions
[2010/02/03 22:21:25 | 000,000,000 | ---D | M] (Navigational Sounds) -- C:\Documents and Settings\scs\Application Data\Mozilla\Firefox\Profiles\5xtyzkil.default\extensions\{d84a846d-f7cb-4187-a408-b171020e8940}
[2010/03/03 18:45:38 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/12/05 08:20:27 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin9.dll

O1 HOSTS File: ([2010/03/01 17:00:52 | 000,000,027 | ---- | M]) - C:\WINDOWS.0\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll (AnchorFree Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe (Intel Corporation)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS.0\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS.0\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [snpstd3] C:\WINDOWS.0\vsnpstd3.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [Quicknote] C:\Program Files\Quicknote\quicknote.exe (JC&MB)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O15 - HKCU\..Trusted Domains: dell.com ([webmail] https in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-PH/a-UNO1/GAME_UNO1.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} http://by106fd.bay106.hotmail.msn.com/activex/HMAtchmt.ocx (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS.0\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS.0\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\scs\My Documents\My Pictures\desktopblack.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\scs\My Documents\My Pictures\desktopblack.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/07/23 17:59:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/03/04 14:34:31 | 000,551,424 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\scs\Desktop\OTL.exe
[2010/03/04 13:28:37 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\scs\Recent
[2010/03/04 11:49:59 | 000,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS.0\System32\drivers\avipbb.sys
[2010/03/04 11:49:59 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS.0\System32\drivers\avgntdd.sys
[2010/03/04 11:49:59 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS.0\System32\drivers\avgntmgr.sys
[2010/03/04 11:49:58 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS.0\System32\drivers\ssmdrv.sys
[2010/03/04 11:49:54 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/03/04 11:49:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Avira
[2010/03/02 13:26:41 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/03/02 08:29:54 | 001,298,432 | ---- | C] (Bilbo & Frodo, Inc.) -- C:\Documents and Settings\scs\Desktop\PT8-4.exe
[2010/03/01 23:37:16 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/03/01 23:36:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\scs\Desktop\MALWARE DIAGNOSTICS
[2010/03/01 16:48:56 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/03/01 16:47:36 | 000,000,000 | ---D | C] -- C:\WINDOWS.0\ERDNT
[2010/02/22 19:44:29 | 001,298,432 | ---- | C] (Bilbo & Frodo, Inc.) -- C:\Documents and Settings\scs\Desktop\PT8-2.exe
[2007/08/06 21:42:46 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS.0\System32\rsnpstd3.dll
[2007/08/06 21:42:46 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS.0\System32\csnpstd3.dll
[2007/08/06 21:42:46 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS.0\System32\vsnpstd3.dll
[2007/07/23 18:03:24 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2007/07/23 18:03:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2007/07/23 18:02:12 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2007/07/23 18:02:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2004/11/25 02:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS.0\System32\drvc.dll
[1 C:\Documents and Settings\scs\*.tmp files -> C:\Documents and Settings\scs\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/03/04 14:34:33 | 000,551,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\scs\Desktop\OTL.exe
[2010/03/04 14:26:53 | 000,000,006 | -H-- | M] () -- C:\WINDOWS.0\tasks\SA.DAT
[2010/03/04 14:26:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS.0\bootstat.dat
[2010/03/04 13:29:33 | 014,680,064 | ---- | M] () -- C:\Documents and Settings\scs\ntuser.dat
[2010/03/04 13:29:16 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\scs\ntuser.ini
[2010/03/04 12:54:58 | 000,095,232 | ---- | M] () -- C:\Documents and Settings\scs\Desktop\Doc1.doc
[2010/03/04 11:50:20 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.0\Desktop\Avira AntiVir Control Center.lnk
[2010/03/04 08:51:46 | 001,407,624 | ---- | M] () -- C:\WINDOWS.0\System32\FNTCACHE.DAT
[2010/03/04 01:22:17 | 004,845,470 | -H-- | M] () -- C:\Documents and Settings\scs\Local Settings\Application Data\IconCache.db
[2010/03/03 16:13:33 | 000,039,424 | ---- | M] () -- C:\Documents and Settings\scs\Desktop\030310.doc
[2010/03/03 08:02:21 | 000,000,664 | ---- | M] () -- C:\WINDOWS.0\System32\d3d9caps.dat
[2010/03/02 10:57:11 | 000,080,321 | ---- | M] () -- C:\Documents and Settings\scs\Desktop\2010-3-02SablonSherwin-sc_sablon@yahoo.com.zip
[2010/03/02 10:54:25 | 000,000,142 | ---- | M] () -- C:\WINDOWS.0\fb4cols.ini
[2010/03/02 08:29:58 | 001,298,432 | ---- | M] (Bilbo & Frodo, Inc.) -- C:\Documents and Settings\scs\Desktop\PT8-4.exe
[2010/03/01 17:01:07 | 000,000,227 | ---- | M] () -- C:\WINDOWS.0\system.ini
[2010/03/01 17:00:52 | 000,000,027 | ---- | M] () -- C:\WINDOWS.0\System32\drivers\etc\hosts
[2010/03/01 16:49:04 | 000,000,395 | RHS- | M] () -- C:\boot.ini
[2010/02/26 21:09:34 | 000,167,158 | ---- | M] () -- C:\Documents and Settings\scs\Desktop\NBIClearance.jpg
[2010/02/22 19:44:37 | 001,298,432 | ---- | M] (Bilbo & Frodo, Inc.) -- C:\Documents and Settings\scs\Desktop\PT8-2.exe
[2010/02/19 07:52:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS.0\tasks\AppleSoftwareUpdate.job
[1 C:\Documents and Settings\scs\*.tmp files -> C:\Documents and Settings\scs\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/04 12:54:57 | 000,095,232 | ---- | C] () -- C:\Documents and Settings\scs\Desktop\Doc1.doc
[2010/03/04 11:50:20 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.0\Desktop\Avira AntiVir Control Center.lnk
[2010/03/02 10:56:11 | 000,080,321 | ---- | C] () -- C:\Documents and Settings\scs\Desktop\2010-3-02SablonSherwin-sc_sablon@yahoo.com.zip
[2010/03/01 16:49:04 | 000,000,325 | ---- | C] () -- C:\Boot.bak
[2010/03/01 16:48:57 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/03/01 16:47:44 | 000,261,632 | ---- | C] () -- C:\WINDOWS.0\PEV.exe
[2010/03/01 16:47:44 | 000,077,312 | ---- | C] () -- C:\WINDOWS.0\MBR.exe
[2010/02/26 21:09:30 | 000,167,158 | ---- | C] () -- C:\Documents and Settings\scs\Desktop\NBIClearance.jpg
[2009/08/10 04:23:35 | 000,070,656 | ---- | C] () -- C:\WINDOWS.0\System32\drivers\xnqvccrjkicvtvpk.sys
[2009/08/05 23:06:55 | 000,003,584 | ---- | C] () -- C:\WINDOWS.0\System32\drivers\DLPORTIO.sys
[2009/06/02 21:55:14 | 000,047,360 | R--- | C] () -- C:\WINDOWS.0\System32\drivers\Surroundhp_kern_i386.sys
[2009/06/02 21:55:13 | 000,047,104 | R--- | C] () -- C:\WINDOWS.0\System32\drivers\tshd4_kern_i386.sys
[2009/06/02 21:55:13 | 000,042,112 | R--- | C] () -- C:\WINDOWS.0\System32\drivers\csiidecoder_kern_i386.sys
[2009/06/02 21:55:13 | 000,039,808 | R--- | C] () -- C:\WINDOWS.0\System32\drivers\SRS_SSCFilter_i386.sys
[2009/04/28 00:29:41 | 000,000,142 | ---- | C] () -- C:\WINDOWS.0\fb4cols.ini
[2009/01/27 09:08:35 | 000,002,485 | ---- | C] () -- C:\Program Files\Proofer_Tool_Purge_Log.txt
[2008/04/20 00:41:58 | 000,000,998 | ---- | C] () -- C:\WINDOWS.0\posteriza(2).INI
[2008/04/16 01:32:28 | 000,000,993 | ---- | C] () -- C:\WINDOWS.0\posteriza.INI
[2008/03/30 21:38:39 | 000,000,036 | ---- | C] () -- C:\WINDOWS.0\iltwain.ini
[2008/02/23 21:45:28 | 000,002,223 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\hpzinstall.log
[2007/12/13 14:27:01 | 007,277,568 | ---- | C] () -- C:\WINDOWS.0\System32\3gpcore.dll
[2007/10/19 22:06:45 | 000,000,038 | ---- | C] () -- C:\WINDOWS.0\AviSplitter.INI
[2007/09/17 21:44:01 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\scs\Application Data\evf
[2007/08/08 00:15:51 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\QTSBandwidthCache
[2007/08/06 21:42:50 | 008,701,824 | ---- | C] () -- C:\WINDOWS.0\System32\drivers\snpstd3.sys
[2007/08/06 21:42:50 | 000,015,498 | ---- | C] () -- C:\WINDOWS.0\snpstd3.ini
[2007/07/23 19:50:53 | 000,065,024 | ---- | C] () -- C:\Documents and Settings\scs\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/07/23 19:43:03 | 000,135,168 | ---- | C] () -- C:\WINDOWS.0\System32\RtlCPAPI.dll
[2007/07/23 19:33:57 | 000,000,382 | ---- | C] () -- C:\WINDOWS.0\ODBC.INI
[2006/01/13 10:02:21 | 000,180,224 | ---- | C] () -- C:\WINDOWS.0\System32\xvidvfw.dll
[2006/01/13 09:55:02 | 000,061,440 | ---- | C] () -- C:\WINDOWS.0\System32\ogg.dll
[2006/01/13 09:52:59 | 000,061,440 | ---- | C] () -- C:\WINDOWS.0\System32\CopyToSendTo.dll
[2006/01/13 09:52:17 | 000,745,472 | ---- | C] () -- C:\WINDOWS.0\System32\xvidcore.dll
[2006/01/13 09:40:44 | 001,163,264 | ---- | C] () -- C:\WINDOWS.0\System32\vorbis.dll
[2006/01/13 09:40:28 | 001,040,384 | ---- | C] () -- C:\WINDOWS.0\System32\vorbisenc.dll
[2006/01/13 09:39:33 | 000,077,824 | ---- | C] () -- C:\WINDOWS.0\System32\vorbisfile.dll
[2006/01/13 09:38:40 | 000,394,240 | ---- | C] () -- C:\WINDOWS.0\System32\HMTCD.dll
[2006/01/13 09:33:47 | 000,237,568 | ---- | C] () -- C:\WINDOWS.0\System32\OggDS.dll
[2006/01/13 09:33:47 | 000,000,609 | ---- | C] () -- C:\WINDOWS.0\System32\OEMinfo.ini
[2004/10/12 13:40:58 | 002,255,360 | ---- | C] () -- C:\WINDOWS.0\System32\libavcodec.dll
[2004/10/12 13:39:48 | 000,028,160 | ---- | C] () -- C:\WINDOWS.0\System32\ff_wmv9.dll
[2004/10/12 13:39:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS.0\System32\ff_theora.dll
[2004/10/09 13:40:16 | 000,454,144 | ---- | C] () -- C:\WINDOWS.0\System32\ff_x264.dll
[2004/10/05 15:16:08 | 000,395,776 | ---- | C] () -- C:\WINDOWS.0\System32\libmplayer.dll
[2004/10/04 00:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS.0\System32\ff_mpeg2enc.dll
[2003/01/07 23:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS.0\System32\OUTLPERF.INI
[2001/05/03 09:03:58 | 000,000,219 | ---- | C] () -- C:\WINDOWS.0\System32\pspgru.ini
[1998/12/11 12:55:00 | 000,000,221 | ---- | C] () -- C:\WINDOWS.0\System32\pspsbext.ini
[1998/08/10 15:04:00 | 000,000,221 | ---- | C] () -- C:\WINDOWS.0\System32\pspfidrv.ini
[1998/08/10 15:04:00 | 000,000,221 | ---- | C] () -- C:\WINDOWS.0\System32\pspaudrv.ini
[1998/08/10 15:03:00 | 000,000,221 | ---- | C] () -- C:\WINDOWS.0\System32\pspapdrv.ini
[1998/08/10 15:03:00 | 000,000,221 | ---- | C] () -- C:\WINDOWS.0\System32\mcipspwa.ini
[1998/08/10 15:02:00 | 000,000,221 | ---- | C] () -- C:\WINDOWS.0\System32\pspfbase.ini
[1998/08/10 15:02:00 | 000,000,220 | ---- | C] () -- C:\WINDOWS.0\System32\pspwave.ini
[1998/08/10 15:02:00 | 000,000,219 | ---- | C] () -- C:\WINDOWS.0\System32\pspdss.ini
[1998/08/10 15:02:00 | 000,000,219 | ---- | C] () -- C:\WINDOWS.0\System32\pspddi.ini

========== LOP Check ==========

[2009/02/02 23:02:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Grisoft
[2009/08/05 23:38:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\NCH Swift Sound
[2009/07/11 18:59:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\SpeedBit
[2009/06/02 22:35:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\SRS Labs
[2009/07/11 18:59:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\TEMP
[2009/07/18 01:53:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\scs\Application Data\FileZilla
[2009/02/23 20:17:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\scs\Application Data\gtk-2.0
[2008/02/10 01:19:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\scs\Application Data\Inkscape
[2007/08/03 12:58:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\scs\Application Data\LG Electronics
[2009/08/05 23:56:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\scs\Application Data\NCH Swift Sound
[2008/04/05 23:05:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\scs\Application Data\SplitTile
[2008/04/06 16:43:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\scs\Application Data\UseNeXT
[2010/02/11 20:14:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\scs\Application Data\uTorrent

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\*. /mp /s >


< MD5 for: ATAPI.SYS >
[2006/01/13 10:01:46 | 008,686,921 | ---- | M] () .cab file -- C:\WINDOWS.0\Driver Cache\i386\sp2.cab:atapi.sys
[2006/01/13 10:01:46 | 008,686,921 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2006/01/06 23:53:12 | 000,095,616 | ---- | M] (Microsoft Corporation) MD5=C4B52426B79C6F6664B70B8E63B1B837 -- C:\WINDOWS.0\ERDNT\cache\atapi.sys
[2006/01/06 23:53:12 | 000,095,616 | ---- | M] (Microsoft Corporation) MD5=C4B52426B79C6F6664B70B8E63B1B837 -- C:\WINDOWS.0\system32\drivers\atapi.sys
[2006/01/06 23:53:12 | 000,095,616 | ---- | M] (Microsoft Corporation) MD5=C4B52426B79C6F6664B70B8E63B1B837 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2006/01/13 09:31:39 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS.0\ERDNT\cache\eventlog.dll
[2006/01/13 09:31:39 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS.0\system32\eventlog.dll
[2006/01/13 09:31:39 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2006/01/13 09:46:46 | 001,075,200 | ---- | M] (Microsoft Corporation) MD5=2DEACA71A7FD77205F59D48D76B2F565 -- C:\WINDOWS.0\explorer.exe

< MD5 for: NETLOGON.DLL >
[2006/01/13 09:59:53 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS.0\ERDNT\cache\netlogon.dll
[2006/01/13 09:59:53 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS.0\system32\netlogon.dll
[2006/01/13 09:59:53 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2006/01/13 09:22:33 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS.0\ERDNT\cache\scecli.dll
[2006/01/13 09:22:33 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS.0\system32\scecli.dll
[2006/01/13 09:22:33 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SVCHOST.EXE >
[2006/01/13 09:38:02 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS.0\ERDNT\cache\svchost.exe
[2006/01/13 09:38:02 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS.0\system32\svchost.exe
[2006/01/13 09:38:02 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\system32\svchost.exe

< %systemroot%\system32\*.dll /lockedfiles >
[2004/02/23 20:42:40 | 001,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS.0\system32\msvbvm60.dll

< %systemroot%\Tasks\*.job /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users.WINDOWS.0\Application Data\TEMP:A9662AE0
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users.WINDOWS.0\Application Data\TEMP:05D195EC
< End of report >

Extras.txt:

OTL Extras logfile created on: 3/4/2010 2:35:31 PM - Run 1
OTL by OldTimer - Version 3.1.32.0 Folder = C:\Documents and Settings\scs\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 112.00 Mb Available Physical Memory | 22.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS.0 | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 12.45 Gb Free Space | 31.87% Space Free | Partition Type: NTFS
Drive D: | 35.47 Gb Total Space | 12.27 Gb Free Space | 34.60% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SHERWIN
Current User Name: scs
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"21:TCP" = 21:TCP:*:Enabled:FTP Server
"20:TCP" = 20:TCP:*:Enabled:FTP-Data

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\uTorrent\utorrent.exe" = C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent -- ()
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\CounterPath\eyeBeam 1.5\eyeBeam.exe" = C:\Program Files\CounterPath\eyeBeam 1.5\eyeBeam.exe:*:Enabled:eyeBeam -- ()
"C:\Program Files\Blackdialer\easy-rsa\blackdialer.exe" = C:\Program Files\Blackdialer\easy-rsa\blackdialer.exe:*:Enabled:Softphone -- (Talk Free)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Documents and Settings\scs\Desktop\PT8-1.exe" = C:\Documents and Settings\scs\Desktop\PT8-1.exe:*:Enabled:PT8-1 -- File not found
"C:\Documents and Settings\scs\Desktop\PT8-2.exe" = C:\Documents and Settings\scs\Desktop\PT8-2.exe:*:Enabled:PT8-2 -- (Bilbo & Frodo, Inc.)
"C:\Documents and Settings\scs\Desktop\PT8-4.exe" = C:\Documents and Settings\scs\Desktop\PT8-4.exe:*:Enabled:PT8-4 -- (Bilbo & Frodo, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03E66394-42F0-4745-85F7-0A2F8F35C09F}" = HP Deskjet Printer Driver Software 9.0
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15C70064-2463-49dd-9A88-B700F75BB428}" = dj_sf_ProductContext
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2F467E6E-F7D2-43cc-91B9-4FCC105AE30D}" = D2400
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A77FE0A-6A36-44F0-A503-A4BC49EFD6BC}" = OLYMPUS DSS Player-Lite
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{75C22B40-6D12-4439-80DC-CAB3313EADA5}" = dj_sf_software_req
"{7CCEBC24-62DB-4280-A8EC-BFA49F167920}" = Software Update for Web Folders
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9521B818-19CE-4d28-8200-DD26133E19E6}" = D2400_Help
"{993960EE-CA4D-443F-8F88-E24260DD5FD2}" = LG PC Suite
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}" = HP Update
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.5
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{B502B428-3386-40A9-98DB-079AAB72E64F}" = mEoU
"{B639110D-747F-40DC-9682-95D94EF73790}" = dj_sf_software
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BA495217-1475-47A8-AB83-B7DC2A59B49E}" = DPM Player
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{ECD03DA7-5952-406A-8156-5F0C93618D1F}" = AV305
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"2005 Quick Look Drug Reference " = 2005 Quick Look Drug Reference
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"ASIO4ALL" = ASIO4ALL
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner (remove only)
"Collab" = Collab
"DMPCTRL_is1" = DPMCTRL Installer
"DSS2Wave_is1" = DSS to Wave Converter 2009.01
"Express" = Express Dictate
"eyeBeam_is1" = eyeBeam 1.5.7
"FileZilla Client" = FileZilla Client 3.2.2.1
"FL Studio 8" = FL Studio 8
"freebudget_is1" = freebudget 4.1
"Freez 3GP Video Converter_is1" = Freez 3GP Video Converter 2.0
"Google Desktop" = Google Desktop
"HotspotShield" = Hotspot Shield 1.19
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"ie8" = Windows Internet Explorer 8
"IL Download Manager" = IL Download Manager
"JC&MB Quicknote_is1" = Quicknote 5.4
"LineCount_is1" = LineCount 1.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (3.5." = Mozilla Firefox (3.5.
"Olympus DSS Player-Lite" = Olympus DSS Player-Lite
"OpenVPN" = OpenVPN 1.0.0
"Philips DPM Player Hot Fix_is1" = Philips DPM Player Hot Fix
"PoiZone" = PoiZone
"PokerStars" = PokerStars
"ProInst" = Intel(R) PROSet/Wireless Software
"Scribe" = Express Scribe
"Split and Tile Trial_is1" = Split and Tile Trial
"ST6UNST #1" = ProoferTool
"Toxic Biohazard" = Toxic Biohazard
"uTorrent" = µTorrent
"VLC media player" = VideoLAN VLC media player 0.8.6c
"WinGimp-2.0_is1" = GIMP 2.4.3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"XP Codec Pack" = XP Codec Pack
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/5/2009 8:08:40 PM | Computer Name = SHERWIN | Source = Application Error | ID = 1000
Description = Faulting application vlc.exe, version 0.8.6.0, faulting module comctl32.dll,
version 6.0.2900.2649, fault address 0x000048cc.

Error - 12/5/2009 8:08:53 PM | Computer Name = SHERWIN | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.

Error - 12/7/2009 4:13:32 AM | Computer Name = SHERWIN | Source = Application Error | ID = 1000
Description = Faulting application uninstallusb.exe, version 1.0.0.1, faulting module
msvcrt.dll, version 7.0.2600.2180, fault address 0x00037c89.

Error - 12/12/2009 6:48:26 PM | Computer Name = SHERWIN | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: The server returned an invalid or unrecognized response

Error - 12/13/2009 10:40:24 PM | Computer Name = SHERWIN | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: The server returned an invalid or unrecognized response

Error - 12/22/2009 9:58:14 PM | Computer Name = SHERWIN | Source = Application Error | ID = 1000
Description = Faulting application scribe.exe, version 0.0.0.0, faulting module
scribe.exe, version 0.0.0.0, fault address 0x0009b161.

Error - 12/30/2009 7:32:33 PM | Computer Name = SHERWIN | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: The server returned an invalid or unrecognized response

Error - 1/3/2010 8:47:07 PM | Computer Name = SHERWIN | Source = Application Error | ID = 1000
Description = Faulting application npswf32_flashutil.exe, version 10.0.32.18, faulting
module npswf32_flashutil.exe, version 10.0.32.18, fault address 0x000135b1.

Error - 2/28/2010 10:45:51 AM | Computer Name = SHERWIN | Source = Application Error | ID = 1000
Description = Faulting application vlc.exe, version 0.8.6.0, faulting module unknown,
version 0.0.0.0, fault address 0x00690030.

Error - 3/2/2010 1:26:38 AM | Computer Name = SHERWIN | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: The data is invalid.

[ System Events ]
Error - 3/3/2010 8:52:54 PM | Computer Name = SHERWIN | Source = Service Control Manager | ID = 7023
Description = The Update Universal service terminated with the following error:
%%126

Error - 3/3/2010 8:54:23 PM | Computer Name = SHERWIN | Source = Service Control Manager | ID = 7034
Description = The Intel(R) PROSet/Wireless Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 3/3/2010 8:54:23 PM | Computer Name = SHERWIN | Source = Service Control Manager | ID = 7034
Description = The Intel(R) PROSet/Wireless Event Log service terminated unexpectedly.
It has done this 1 time(s).

Error - 3/3/2010 8:54:24 PM | Computer Name = SHERWIN | Source = Service Control Manager | ID = 7031
Description = The Hotspot Shield Service service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 0 milliseconds:
Restart the service.

Error - 3/3/2010 8:54:24 PM | Computer Name = SHERWIN | Source = Service Control Manager | ID = 7031
Description = The Hotspot Shield Routing Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
0 milliseconds: Restart the service.

Error - 3/3/2010 8:54:24 PM | Computer Name = SHERWIN | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 3/3/2010 8:54:24 PM | Computer Name = SHERWIN | Source = Service Control Manager | ID = 7034
Description = The Intel(R) PROSet/Wireless Registry Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 3/3/2010 8:54:24 PM | Computer Name = SHERWIN | Source = Service Control Manager | ID = 7034
Description = The Yahoo! Updater service terminated unexpectedly. It has done this
1 time(s).

Error - 3/3/2010 8:57:09 PM | Computer Name = SHERWIN | Source = Service Control Manager | ID = 7023
Description = The Update Universal service terminated with the following error:
%%126

Error - 3/4/2010 2:28:08 AM | Computer Name = SHERWIN | Source = Service Control Manager | ID = 7023
Description = The Update Universal service terminated with the following error:
%%126


< End of report >

Thank you.

Hey

The explorer.exe you have is infected for sure, check this out:
http://www.virustotal.com/analisis/b4fc9bc886ec7855893eb1050fa13ddbdcc8de4d01a5544db2beaf45a90efb15-1266571130

============

We are going to have to replace that. First, let's do this:

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
  
• Copy the content of the following codebox into the main textfield:
  

  Code:

  
:filefind
explorer.*
*explorer*
explorer*
explorer.exe

:folderfind
explorer.*
*explorer*
explorer*


  
  
  
• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  

Note: The log can also be found on your Desktop entitled SystemLook.txt

Here is the log as requested:

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 08:32 on 05/03/2010 by scs (Administrator - Elevation successful)

========== filefind ==========

Searching for "explorer.*"
C:\WINDOWS.0\explorer.exe --a--- 1075200 bytes [01:46 13/01/2006] [01:46 13/01/2006] 2DEACA71A7FD77205F59D48D76B2F565
C:\WINDOWS.0\explorer.scf --a--- 80 bytes [01:46 13/01/2006] [01:46 13/01/2006] A3975A7D2C98B30A2AE010754FFB9392
C:\WINDOWS\explorer.scf --a--- 80 bytes [01:46 13/01/2006] [01:46 13/01/2006] A3975A7D2C98B30A2AE010754FFB9392

Searching for "*explorer*"
C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Accessories\System Tools\Process Explorer.lnk --a--- 1502 bytes [11:23 23/07/2007] [11:23 23/07/2007] 6B408E24273A2E0E8A4E7C75F3ED0C39
C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Process Explorer.lnk --a--- 1486 bytes [09:56 23/07/2007] [09:56 23/07/2007] 6E85FE7D686137395FABDBB4F35118DD
C:\Documents and Settings\Default User.WINDOWS.0\Start Menu\Programs\Accessories\Windows Explorer.lnk --a--- 1499 bytes [11:25 23/07/2007] [11:25 23/07/2007] F5EE15FDED0AE2A80B49BFB4E12CB92E
C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Windows Explorer.lnk --a--- 1487 bytes [09:58 23/07/2007] [09:58 23/07/2007] 123E4768A0CED535070FEEB7D2C2163B
C:\Documents and Settings\scs\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk --a--- 815 bytes [13:12 26/05/2009] [13:12 26/05/2009] 49E4CB1174BA947F8AAD06665E1C0EA8
C:\Documents and Settings\scs\Desktop\UnusedDesktopIcons\Internet Explorer (2).lnk --a--- 104 bytes [09:10 01/03/2010] [09:10 01/03/2010] 9F84BE7C877251786B8F47C0581223C2
C:\Documents and Settings\scs\Desktop\UnusedDesktopIcons\Internet Explorer.lnk --a--- 104 bytes [09:10 01/03/2010] [09:10 01/03/2010] 9F84BE7C877251786B8F47C0581223C2
C:\Documents and Settings\scs\Desktop\UnusedDesktopIcons\Shortcut to Internet Explorer.lnk --a--- 104 bytes [07:56 23/02/2009] [07:56 23/02/2009] 9F84BE7C877251786B8F47C0581223C2
C:\Documents and Settings\scs\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk --a--- 833 bytes [13:12 26/05/2009] [13:12 26/05/2009] CBB25D3D2827182F42F35467C7F31C01
C:\Documents and Settings\scs\Start Menu\Programs\Accessories\Windows Explorer.lnk --a--- 1499 bytes [11:32 23/07/2007] [11:25 23/07/2007] F5EE15FDED0AE2A80B49BFB4E12CB92E
C:\Documents and Settings\scs\Start Menu\Programs\Internet Explorer.lnk --a--- 803 bytes [11:37 23/07/2007] [13:12 26/05/2009] FB3EEFF4470806FF42D2668BDE02601F
C:\Documents and Settings\sherwin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk --a--- 779 bytes [10:09 23/07/2007] [10:09 23/07/2007] 1BB103FDBB55065595F91AB00F81C2F5
C:\Documents and Settings\sherwin\Start Menu\Programs\Accessories\Windows Explorer.lnk --a--- 1487 bytes [10:05 23/07/2007] [09:58 23/07/2007] 123E4768A0CED535070FEEB7D2C2163B
C:\Documents and Settings\sherwin\Start Menu\Programs\Internet Explorer.lnk --a--- 767 bytes [10:09 23/07/2007] [10:09 23/07/2007] 8E0C99D799EF31137834E1C32E64FE2A
C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\CML_explorer.exe --a--- 46648 bytes [10:39 22/01/2008] [11:29 21/01/2008] 5CA57A1444F185CBBB00C92F25D6C06B
C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\FractalExplorer.exe --a--- 53304 bytes [10:39 22/01/2008] [11:32 21/01/2008] 540B1D5E4E8A90C055F839BD12B878F2
C:\Program Files\GIMP-2.0\share\gimp\2.0\help\en\plug-in-cml-explorer.html --a--- 26291 bytes [16:28 22/01/2008] [03:19 27/08/2007] 9757DAE6C1E322879C1059D77A085D0C
C:\Program Files\GIMP-2.0\share\gimp\2.0\help\en\plug-in-fractalexplorer.html --a--- 18014 bytes [16:28 22/01/2008] [03:19 27/08/2007] 4F33E7106CAA94A7180B7E69EF551331
C:\Program Files\GIMP-2.0\share\gimp\2.0\help\images\filters\examples\render-taj-cmlexplorer.jpg --a--- 19496 bytes [16:28 22/01/2008] [02:28 27/08/2007] 99F7CF038837ECC7DB644D5E41016D43
C:\Program Files\GIMP-2.0\share\gimp\2.0\help\images\filters\examples\render-taj-fractalexplorer.jpg --a--- 12285 bytes [16:28 22/01/2008] [02:28 27/08/2007] 8754A93A2B3988DB00E0A61BB69954D7
C:\Program Files\GIMP-2.0\share\gimp\2.0\help\images\filters\options-render-cmlexplorer1.png --a--- 34695 bytes [16:28 22/01/2008] [02:47 27/08/2007] A731EAE400A63811DBAA4B55E1E58551
C:\Program Files\GIMP-2.0\share\gimp\2.0\help\images\filters\options-render-cmlexplorer1a.png --a--- 3621 bytes [16:28 22/01/2008] [02:48 27/08/2007] 94FCBFE22FF1DFE2826FCF9DE67EF612
C:\Program Files\GIMP-2.0\share\gimp\2.0\help\images\filters\options-render-cmlexplorer2.png --a--- 23372 bytes [16:28 22/01/2008] [02:48 27/08/2007] F3CAC5284008CF792EF480548485319D
C:\Program Files\GIMP-2.0\share\gimp\2.0\help\images\filters\options-render-cmlexplorer3.png --a--- 23319 bytes [16:28 22/01/2008] [02:48 27/08/2007] A3A3BF63BA2E9A91C28F7F55727A0259
C:\Program Files\GIMP-2.0\share\gimp\2.0\help\images\filters\options-render-cmlexplorer4.png --a--- 14430 bytes [16:28 22/01/2008] [02:48 27/08/2007] 5B6ACCA831EC637BFAA5384DEBB3749C
C:\Program Files\GIMP-2.0\share\gimp\2.0\help\images\filters\options-render-cmlexplorer5.png --a--- 14433 bytes [16:28 22/01/2008] [02:49 27/08/2007] 38D2E9680F1C6C44763DF41570F22307
C:\Program Files\GIMP-2.0\share\gimp\2.0\help\images\filters\options-render-cmlexplorer6.png --a--- 15312 bytes [16:28 22/01/2008] [02:49 27/08/2007] DA2AFBDD72BF0DD3DD9B6B34D5A58468
C:\Program Files\GIMP-2.0\share\gimp\2.0\help\images\filters\options-render-fractalexplorer1.png --a--- 33102 bytes [16:28 22/01/2008] [02:49 27/08/2007] AF3CDC6A9A1CCA6616419CE5AE52FF3B
C:\Program Files\GIMP-2.0\share\gimp\2.0\help\images\filters\options-render-fractalexplorer2.png --a--- 22037 bytes [16:28 22/01/2008] [02:49 27/08/2007] 1D1BBED51727BC1F0B87C12BC013EABD
C:\Program Files\GIMP-2.0\share\gimp\2.0\help\images\filters\options-render-fractalexplorer3.png --a--- 22582 bytes [16:28 22/01/2008] [02:50 27/08/2007] 06E6E0DD75B31DAC29E898C66642C4E0
C:\WINDOWS.0\explorer.exe --a--- 1075200 bytes [01:46 13/01/2006] [01:46 13/01/2006] 2DEACA71A7FD77205F59D48D76B2F565
C:\WINDOWS.0\explorer.scf --a--- 80 bytes [01:46 13/01/2006] [01:46 13/01/2006] A3975A7D2C98B30A2AE010754FFB9392
C:\WINDOWS.0\system32\config\systemprofile\Start Menu\Programs\Accessories\Windows Explorer.lnk --a--- 1499 bytes [11:28 23/07/2007] [11:25 23/07/2007] F5EE15FDED0AE2A80B49BFB4E12CB92E
C:\WINDOWS\explorer.scf --a--- 80 bytes [01:46 13/01/2006] [01:46 13/01/2006] A3975A7D2C98B30A2AE010754FFB9392
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Windows Explorer.lnk --a--- 1487 bytes [10:01 23/07/2007] [09:58 23/07/2007] 123E4768A0CED535070FEEB7D2C2163B

Searching for "explorer*"
C:\WINDOWS.0\explorer.exe --a--- 1075200 bytes [01:46 13/01/2006] [01:46 13/01/2006] 2DEACA71A7FD77205F59D48D76B2F565
C:\WINDOWS.0\explorer.scf --a--- 80 bytes [01:46 13/01/2006] [01:46 13/01/2006] A3975A7D2C98B30A2AE010754FFB9392
C:\WINDOWS\explorer.scf --a--- 80 bytes [01:46 13/01/2006] [01:46 13/01/2006] A3975A7D2C98B30A2AE010754FFB9392

Searching for "explorer.exe"
C:\WINDOWS.0\explorer.exe --a--- 1075200 bytes [01:46 13/01/2006] [01:46 13/01/2006] 2DEACA71A7FD77205F59D48D76B2F565

========== folderfind ==========

Searching for "explorer.*"
No folders found.

Searching for "*explorer*"
C:\Documents and Settings\Default User.WINDOWS.0\Application Data\Microsoft\Internet Explorer d----- [11:26 23/07/2007]
C:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer d----- [09:59 23/07/2007]
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Microsoft\Internet Explorer d----- [11:30 23/07/2007]
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Internet Explorer d----- [23:44 04/12/2009]
C:\Documents and Settings\LocalService\Application Data\Microsoft\Internet Explorer d----- [10:03 23/07/2007]
C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Microsoft\Internet Explorer d----- [11:30 23/07/2007]
C:\Documents and Settings\NetworkService\Application Data\Microsoft\Internet Explorer d----- [10:02 23/07/2007]
C:\Documents and Settings\scs\.gimp-2.4\fractalexplorer d----- [10:39 22/01/2008]
C:\Documents and Settings\scs\Application Data\Microsoft\Internet Explorer d----- [11:32 23/07/2007]
C:\Documents and Settings\scs\Local Settings\Application Data\Microsoft\Internet Explorer d----- [11:38 23/07/2007]
C:\Documents and Settings\sherwin\Application Data\Microsoft\Internet Explorer d----- [10:05 23/07/2007]
C:\Documents and Settings\sherwin\Local Settings\Application Data\Microsoft\Internet Explorer d----- [10:11 23/07/2007]
C:\Program Files\GIMP-2.0\share\gimp\2.0\fractalexplorer d----- [10:38 22/01/2008]
C:\Program Files\Internet Explorer d----- [09:56 23/07/2007]
C:\WINDOWS.0\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer d----- [11:28 23/07/2007]
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer d----- [10:01 23/07/2007]

Searching for "explorer*"
No folders found.

-=End Of File=-

Thank you.

Do you have a Windows CD?

I don't have one right now, I bought this laptop with the XP already installed. I'm guessing we need to remove my infected explorer.exe and exchange it with the one fresh from the CD right?

That's it.

Stay on. I am going to upload a version of Explorer.exe so you can download.

Be right back.

Dude, THANK YOU:)

Download explorer.exe from RapidShare:
rapidshare.com rapidshare.comexplorer.exe.html

Make sure to SAVE the download to your Desktop.

DO NOT OPEN IT
======

Then...
Re-running ComboFix to remove infections:

• Close any open browsers.
  
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
• Open notepad and copy/paste the text in the quotebox below into it:
  

  
  killall::
  FCopy::
  C:\documents and settings\scs\desktop\explorer.exe | c:\windows.0\explorer.exe
  reboot::
  

• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe
  
• When finished, it shall produce a log for you at C:\ComboFix.txt
  
• Please post the contents of the log in your next reply.

Let me know if this was successful. Post the ComboFix log.

Hi there. Just ran the ComboFix and I think it was successful. Here is the log as requested:

ComboFix 10-02-28.02 - scs 03/05/2010 9:32.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.502.217 [GMT 8:00]
Running from: c:\documents and settings\scs\Desktop\MALWARE DIAGNOSTICS\ComboFix.exe
Command switches used :: c:\documents and settings\scs\Desktop\MALWARE DIAGNOSTICS\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
ADS - explorer.exe: deleted 46 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\documents and settings\scs\desktop\explorer.exe --> c:\windows.0\explorer.exe
.
((((((((((((((((((((((((( Files Created from 2010-02-05 to 2010-03-05 )))))))))))))))))))))))))))))))
.

2010-03-04 03:49 . 2009-03-30 01:33 96104 ----a-w- c:\windows.0\system32\drivers\avipbb.sys
2010-03-04 03:49 . 2009-02-13 03:29 22360 ----a-w- c:\windows.0\system32\drivers\avgntmgr.sys
2010-03-04 03:49 . 2009-02-13 03:17 45416 ----a-w- c:\windows.0\system32\drivers\avgntdd.sys
2010-03-04 03:49 . 2010-03-04 03:49 -------- d-----w- c:\program files\Avira
2010-03-04 03:49 . 2010-03-04 03:49 -------- d-----w- c:\documents and settings\All Users.WINDOWS.0\Application Data\Avira
2010-03-02 05:26 . 2010-03-02 05:26 -------- d-----w- c:\program files\ESET
2010-02-16 06:43 . 2010-02-16 06:43 -------- d-----w- c:\documents and settings\scs\Application Data\Malwarebytes
2010-02-16 06:43 . 2010-01-07 08:07 38224 ----a-w- c:\windows.0\system32\drivers\mbamswissarmy.sys
2010-02-16 06:43 . 2010-02-16 06:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-16 06:43 . 2010-02-16 06:43 -------- d-----w- c:\documents and settings\All Users.WINDOWS.0\Application Data\Malwarebytes
2010-02-16 06:43 . 2010-01-07 08:07 19160 ----a-w- c:\windows.0\system32\drivers\mbam.sys
2010-02-16 06:00 . 2010-02-16 06:00 -------- d-----w- c:\windows.0\system32\wbem\Repository

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-05 01:25 . 2006-01-13 01:46 1033216 ----a-w- c:\windows.0\explorer.exe
2010-03-04 09:18 . 2007-07-26 17:06 664 ----a-w- c:\windows.0\system32\d3d9caps.dat
2010-02-25 15:12 . 2007-07-25 12:09 -------- d-----w- c:\program files\QLEDR05
2010-02-11 12:14 . 2007-10-12 09:46 -------- d-----w- c:\documents and settings\scs\Application Data\uTorrent
2010-01-12 18:36 . 2010-01-12 18:18 -------- d-----w- c:\program files\AutoHotkey
2009-12-31 04:58 . 2007-07-26 09:13 57 ----a-w- c:\windows.0\popcinfo.dat
2009-02-11 00:30 . 2009-01-27 01:08 2485 ----a-w- c:\program files\Proofer_Tool_Purge_Log.txt
2009-11-25 04:53 . 2009-02-23 08:13 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

------- Sigcheck -------

[-] 2006-01-13 . 2A4818AEA80ACD2C95D7D92D2F3155F8 . 360448 . . [5.1.2600.2688] . . c:\windows.0\system32\drivers\tcpip.sys

[-] 2006-01-13 . C3B84871DECE94E335B96FAFD756316C . 2187904 . . [5.1.2600.2765] . . c:\windows.0\system32\ntoskrnl.exe

[-] 2010-03-05 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows.0\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2009-07-16 11:07 218160 ----a-w- c:\program files\Hotspot Shield\hssie\HssIE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Quicknote"="c:\program files\Quicknote\quicknote.exe" [2007-12-02 1183744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-19 16248320]
"SkyTel"="SkyTel.EXE" [2006-07-19 2879488]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-04-14 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-04-14 602182]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2006-04-14 569413]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-30 149280]
"snpstd3"="c:\windows.0\vsnpstd3.exe" [2005-09-05 339968]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-11-25 30192]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"tscuninstall"="c:\windows.0\system32\tscupgrd.exe" [2006-01-13 44544]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.0^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users.WINDOWS.0\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows.0\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\CounterPath\\eyeBeam 1.5\\eyeBeam.exe"=
"c:\\Program Files\\Blackdialer\\easy-rsa\\blackdialer.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\scs\\Desktop\\PT8-2.exe"=
"c:\\Documents and Settings\\scs\\Desktop\\PT8-4.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21:TCP"= 21:TCP:FTP Server
"20:TCP"= 20:TCP:FTP-Data

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/4/2010 11:49 AM 108289]
R3 tap0801;TAP-Win32 Adapter V8;c:\windows.0\system32\drivers\tap0801.sys [10/2/2006 4:07 PM 26624]
S2 dtdtxjgpa;Update Universal;c:\windows.0\system32\svchost.exe -k netsvcs [1/13/2006 9:38 AM 14336]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2/23/2009 4:13 PM 30192]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
dtdtxjgpa
.
Contents of the 'Scheduled Tasks' folder

2010-02-18 c:\windows.0\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 04:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?r320=1245772600
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
Trusted Zone: dell.com\webmail
TCP: {C0844E9C-441E-4468-9690-4950CDF413D5} = 58.69.254.16 58.69.254.17
FF - ProfilePath - c:\documents and settings\scs\Application Data\Mozilla\Firefox\Profiles\5xtyzkil.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://m.www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin9.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin9.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-05 09:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1844237615-152049171-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)

[HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\¬ }*2*]
"Path"="c:\\WINDOWS.0\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2964)
c:\windows.0\system32\msi.dll
c:\windows.0\system32\ieframe.dll
c:\windows.0\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows.0\RTHDCPL.EXE
c:\docume~1\scs\LOCALS~1\Temp\RtkBtMnt.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Hotspot Shield\bin\openvpnas.exe
c:\program files\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows.0\system32\wdfmgr.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows.0\system32\wscntfy.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
.
**************************************************************************
.
Completion time: 2010-03-05 09:44:20 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-05 01:44

Pre-Run: 14,412,414,976 bytes free
Post-Run: 14,451,081,216 bytes free

- - End Of File - - 661B258406F4322DE2E98C420882D049

Thank you.

Ok. Now run that scan with Avira again, and post the results here.

Sure thing, currently running the scan and will update you soon as it's finished. By the way, the explorer.exe that you gave me and I saved on my desktop, is it okay to delete now or should I save it just in case I need a not-yet corrupted copy in the future?

Thanks a lot man, you've been very, very, very helpful:D!