Hi! My Avira (free version) seems to be detecting a BDS\small.iuj malware in my explorer.exe. I chose the "remove this file" option and it deleted my explorer.exe. I reformatted my pc but when I installed Avira, it detected this malware again. This time, i chose to ignore it and searched the net for some solutions to remove this. I stumbled upon your site and downloaded the System Look, gave it a run and got this log.

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 23:01 on 15/08/2010 by jalla (Administrator - Elevation successful)

========== filefind ==========

Searching for "explorer.exe"
C:\Documents and Settings\jalla\My Documents\Downloads\explorer.exe --a--- 1033216 bytes [14:39 15/08/2010] [14:39 15/08/2010] 97BD6515465659FF8F3B7BE375B2EA87
C:\WINDOWS\explorer.exe --a--- 1075200 bytes [14:08 15/08/2010] [14:10 15/08/2010] 2DEACA71A7FD77205F59D48D76B2F565

-=End Of File=-

It had the same results with the thread that I read, so I proceeded to download the explorer.exe link posted there and ComboFix.
I opened ComboFix and let it do it's work. When the box disappeared, all of my icons on the desktop disappeared too. So I decided to restart my pc after waiting for a few minutes if my icons will return.
After restarting, ComboFix reappeared again saying that it's preparing the log report.

ComboFix 10-08-12.03 - jalla 08/15/2010 23:45:36.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.644 [GMT 7:00]
Running from: c:\documents and settings\jalla\Desktop\combo-fix.exe.exe
Command switches used :: c:\documents and settings\jalla\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((( Files Created from 2010-07-15 to 2010-08-15 )))))))))))))))))))))))))))))))
.

2010-08-15 15:04 . 2010-08-15 15:18 -------- d-----w- C:\ComboFix
2010-08-15 14:08 . 2010-08-15 14:10 1075200 ----a-w- c:\windows\explorer.exe
2010-08-15 14:07 . 2010-08-15 14:07 -------- d-----w- c:\documents and settings\jalla\Application Data\Avira
2010-08-15 14:03 . 2010-08-15 14:03 -------- d-----w- c:\windows\system32\KB905474
2010-08-15 12:03 . 2010-08-15 12:07 -------- d-----w- c:\windows\system32\NtmsData
2010-08-15 12:00 . 2010-08-15 12:00 503808 ----a-w- c:\documents and settings\jalla\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-58e50266-n\msvcp71.dll
2010-08-15 12:00 . 2010-08-15 12:00 499712 ----a-w- c:\documents and settings\jalla\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-58e50266-n\jmc.dll
2010-08-15 12:00 . 2010-08-15 12:00 348160 ----a-w- c:\documents and settings\jalla\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-58e50266-n\msvcr71.dll
2010-08-15 12:00 . 2010-08-15 12:00 61440 ----a-w- c:\documents and settings\jalla\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-73adf7f2-n\decora-sse.dll
2010-08-15 12:00 . 2010-08-15 12:00 12800 ----a-w- c:\documents and settings\jalla\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-73adf7f2-n\decora-d3d.dll
2010-08-15 12:00 . 2010-08-15 12:00 -------- d-----w- c:\program files\Common Files\Java
2010-08-15 12:00 . 2010-08-15 12:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-15 12:00 . 2010-08-15 12:00 -------- d-----w- c:\program files\Java
2010-08-15 11:59 . 2010-08-15 11:59 -------- d-----w- c:\program files\Avira
2010-08-15 11:59 . 2010-08-15 11:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-08-15 11:59 . 2010-03-01 03:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-08-15 11:59 . 2010-02-16 07:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-08-15 11:59 . 2009-05-11 05:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-08-15 11:59 . 2009-05-11 05:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-08-14 14:11 . 2010-08-14 14:11 77184 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-08-14 14:03 . 2010-08-14 14:03 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Microsoft Help
2010-08-14 14:00 . 2010-08-14 14:00 -------- d-----w- c:\program files\MSXML 4.0
2010-08-14 13:54 . 2010-08-15 14:27 -------- d-----w- c:\documents and settings\jalla\Local Settings\Application Data\Adobe
2010-08-14 13:32 . 2010-08-15 11:56 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-08-14 13:24 . 2010-08-14 13:24 -------- d-----w- c:\program files\Common Files\Apple
2010-08-14 13:24 . 2010-08-14 13:24 -------- d-----w- c:\documents and settings\jalla\Local Settings\Application Data\Apple
2010-08-14 13:24 . 2010-08-14 13:24 -------- d-----w- c:\program files\Apple Software Update
2010-08-14 13:24 . 2010-08-14 13:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-08-14 13:23 . 2010-08-14 13:23 -------- d-----w- c:\documents and settings\jalla\Local Settings\Application Data\Apple Computer
2010-08-14 10:45 . 2010-08-14 10:45 -------- d-----w- c:\documents and settings\jalla\Local Settings\Application Data\Ahead
2010-08-14 10:42 . 2010-08-14 10:42 -------- d-----w- c:\documents and settings\jalla\Application Data\Ahead
2010-08-14 10:41 . 2010-08-14 10:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Ahead
2010-08-14 10:38 . 2010-08-15 14:03 -------- d-----w- c:\windows\system32\DllCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-14 14:03 . 2010-08-13 16:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-14 13:59 . 2010-08-13 15:30 -------- d-----w- c:\program files\QuickTime Alternative
2010-08-14 13:24 . 2010-08-13 15:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-08-14 10:43 . 2010-08-14 10:43 -------- d-----w- c:\program files\Common Files\LightScribe
2010-08-14 10:41 . 2010-08-13 16:35 -------- d-----w- c:\program files\Common Files\Ahead
2010-08-13 16:35 . 2010-08-13 16:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2010-08-13 16:35 . 2010-08-13 16:35 -------- d-----w- c:\program files\Nero
2010-08-13 16:30 . 2010-08-13 16:30 66144 ----a-w- c:\documents and settings\jalla\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-13 16:15 . 2010-08-13 16:15 -------- d-----w- c:\program files\Microsoft Works
2010-08-13 16:15 . 2010-08-13 16:15 -------- d-----w- c:\program files\MSBuild
2010-08-13 16:09 . 2010-08-13 15:28 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-08-13 15:48 . 2010-08-13 15:44 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-13 15:48 . 2010-08-13 15:48 -------- d-----w- c:\program files\FOXCONN
2010-08-13 15:47 . 2010-08-13 15:47 -------- d-----w- c:\program files\Common Files\InstallShield
2010-08-13 15:44 . 2010-08-13 15:44 -------- d-----w- c:\program files\Realtek
2010-08-13 15:44 . 2010-08-13 15:44 -------- d-----w- c:\documents and settings\jalla\Application Data\InstallShield
2010-08-13 15:41 . 2010-08-13 15:41 -------- d-----w- c:\program files\Intel
2010-08-13 15:37 . 2010-08-13 15:37 0 ----a-w- c:\windows\nsreg.dat
2010-08-13 15:30 . 2010-08-13 15:30 107132 ----a-w- c:\windows\UninstallFirefox.exe
2010-08-13 15:30 . 2010-08-13 15:30 2293 ----a-w- c:\windows\mozver.dat
2010-08-13 15:29 . 2010-08-13 15:29 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-13 15:26 . 2010-08-13 15:26 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-08-13 15:26 . 2010-08-13 15:26 -------- d-----w- c:\program files\Unlocker
2010-06-14 14:30 . 2010-08-13 15:27 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
.

------- Sigcheck -------

[-] 2010-08-15 . 2DEACA71A7FD77205F59D48D76B2F565 . 1075200 . . [6.00.2900.2649] . . c:\windows\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-08-15_15.16.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-15 17:02 . 2010-08-15 17:02 16384 c:\windows\temp\Perflib_Perfdata_79c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-10 16384000]
"SkyTel"="SkyTel.EXE" [2007-08-03 1826816]
"Gainward"="c:\windows\TBPanel.exe" [2008-01-29 2177576]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-08 8523776]
"nwiz"="nwiz.exe" [2008-01-08 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-08 81920]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-06-25 1629480]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-06-25 1057064]
"NBKeyScan"="c:\program files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" [2007-06-29 1373480]
"QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" [2010-03-17 421888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnsc"="c:\windows\system32\msnsc.exe" [2006-01-13 62054]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2006-01-13 44544]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8/15/2010 6:59 PM 135336]
S3 FXDrv32;FXDrv32;\??\d:\fxdrv32.sys --> d:\FXDrv32.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 10:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-08-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 05:34]

2010-08-15 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-08-15 15:18]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\jalla\Application Data\Mozilla\Firefox\Profiles\8pagwy0d.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p=
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-16 00:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4012)
c:\windows\system32\msi.dll
c:\windows\system32\browselc.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
c:\program files\Microsoft Office\Office12\1033\GrooveIntlResource.dll
c:\program files\Common Files\Ahead\Lib\NeroDigitalExt.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
c:\windows\system32\shdoclc.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-08-16 00:04:32 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-15 17:04

Pre-Run: 68,662,476,800 bytes free
Post-Run: 68,649,660,416 bytes free

- - End Of File - - 375E396B5221CED0AB8EBCD2A7B08728



Now, when I checked the thread, it did not have the same results. What should I do next? By the way, I'm using a Windows XP Home Edition Service Pack 3. It's not genuine though.

Re-running ComboFix to remove infections:

• Close any open browsers.
  
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
• Open notepad and copy/paste the text in the codebox below into it:
  

  Code:

  killall::

FCopy::
C:\Documents and Settings\jalla\My Documents\Downloads\explorer.exe | c:\windows\explorer.exe

Reboot::


• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe
  
• When finished, it shall produce a log for you at C:\ComboFix.txt
  
• Please post the contents of the log in your next reply.

Here's the log.

ComboFix 10-08-16.04 - jalla 08/18/2010 21:54:53.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.630 [GMT 7:00]
Running from: c:\documents and settings\jalla\Desktop\combo-fix.exe.exe
Command switches used :: c:\documents and settings\jalla\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2010-07-18 to 2010-08-18 )))))))))))))))))))))))))))))))
.

2010-08-16 14:36 . 2010-08-16 14:36 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-16 10:59 . 2010-08-17 14:31 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-08-15 16:45 . 2010-08-15 17:04 -------- d-----w- C:\combo-fix.exe
2010-08-15 15:04 . 2010-08-15 15:18 -------- d-----w- C:\ComboFix
2010-08-15 14:08 . 2010-08-15 14:10 1075200 ----a-w- c:\windows\explorer.exe
2010-08-15 14:07 . 2010-08-15 14:07 -------- d-----w- c:\documents and settings\jalla\Application Data\Avira
2010-08-15 14:03 . 2010-08-15 14:03 -------- d-----w- c:\windows\system32\KB905474
2010-08-15 12:03 . 2010-08-15 12:07 -------- d-----w- c:\windows\system32\NtmsData
2010-08-15 12:00 . 2010-08-15 12:00 503808 ----a-w- c:\documents and settings\jalla\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-58e50266-n\msvcp71.dll
2010-08-15 12:00 . 2010-08-15 12:00 499712 ----a-w- c:\documents and settings\jalla\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-58e50266-n\jmc.dll
2010-08-15 12:00 . 2010-08-15 12:00 348160 ----a-w- c:\documents and settings\jalla\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-58e50266-n\msvcr71.dll
2010-08-15 12:00 . 2010-08-15 12:00 61440 ----a-w- c:\documents and settings\jalla\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-73adf7f2-n\decora-sse.dll
2010-08-15 12:00 . 2010-08-15 12:00 12800 ----a-w- c:\documents and settings\jalla\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-73adf7f2-n\decora-d3d.dll
2010-08-15 12:00 . 2010-08-15 12:00 -------- d-----w- c:\program files\Common Files\Java
2010-08-15 12:00 . 2010-08-15 12:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-15 12:00 . 2010-08-15 12:00 -------- d-----w- c:\program files\Java
2010-08-15 11:59 . 2010-08-15 11:59 -------- d-----w- c:\program files\Avira
2010-08-15 11:59 . 2010-08-15 11:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-08-15 11:59 . 2010-03-01 03:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-08-15 11:59 . 2010-02-16 07:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-08-15 11:59 . 2009-05-11 05:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-08-15 11:59 . 2009-05-11 05:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-08-14 14:11 . 2010-08-14 14:11 77184 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-08-14 14:03 . 2010-08-14 14:03 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Microsoft Help
2010-08-14 14:00 . 2010-08-14 14:00 -------- d-----w- c:\program files\MSXML 4.0
2010-08-14 13:54 . 2010-08-17 15:08 -------- d-----w- c:\documents and settings\jalla\Local Settings\Application Data\Adobe
2010-08-14 13:32 . 2010-08-15 11:56 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-08-14 13:24 . 2010-08-14 13:24 -------- d-----w- c:\program files\Common Files\Apple
2010-08-14 13:24 . 2010-08-14 13:24 -------- d-----w- c:\documents and settings\jalla\Local Settings\Application Data\Apple
2010-08-14 13:24 . 2010-08-14 13:24 -------- d-----w- c:\program files\Apple Software Update
2010-08-14 13:24 . 2010-08-14 13:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-08-14 13:23 . 2010-08-14 13:23 -------- d-----w- c:\documents and settings\jalla\Local Settings\Application Data\Apple Computer
2010-08-14 10:45 . 2010-08-14 10:45 -------- d-----w- c:\documents and settings\jalla\Local Settings\Application Data\Ahead
2010-08-14 10:42 . 2010-08-14 10:42 -------- d-----w- c:\documents and settings\jalla\Application Data\Ahead
2010-08-14 10:41 . 2010-08-14 10:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Ahead
2010-08-14 10:38 . 2010-08-15 14:03 -------- d-----w- c:\windows\system32\DllCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-14 14:03 . 2010-08-13 16:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-14 13:59 . 2010-08-13 15:30 -------- d-----w- c:\program files\QuickTime Alternative
2010-08-14 13:24 . 2010-08-13 15:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-08-14 10:43 . 2010-08-14 10:43 -------- d-----w- c:\program files\Common Files\LightScribe
2010-08-14 10:41 . 2010-08-13 16:35 -------- d-----w- c:\program files\Common Files\Ahead
2010-08-13 16:35 . 2010-08-13 16:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2010-08-13 16:35 . 2010-08-13 16:35 -------- d-----w- c:\program files\Nero
2010-08-13 16:30 . 2010-08-13 16:30 66144 ----a-w- c:\documents and settings\jalla\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-13 16:15 . 2010-08-13 16:15 -------- d-----w- c:\program files\Microsoft Works
2010-08-13 16:15 . 2010-08-13 16:15 -------- d-----w- c:\program files\MSBuild
2010-08-13 16:09 . 2010-08-13 15:28 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-08-13 15:48 . 2010-08-13 15:44 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-13 15:48 . 2010-08-13 15:48 -------- d-----w- c:\program files\FOXCONN
2010-08-13 15:47 . 2010-08-13 15:47 -------- d-----w- c:\program files\Common Files\InstallShield
2010-08-13 15:44 . 2010-08-13 15:44 -------- d-----w- c:\program files\Realtek
2010-08-13 15:44 . 2010-08-13 15:44 -------- d-----w- c:\documents and settings\jalla\Application Data\InstallShield
2010-08-13 15:41 . 2010-08-13 15:41 -------- d-----w- c:\program files\Intel
2010-08-13 15:37 . 2010-08-13 15:37 0 ----a-w- c:\windows\nsreg.dat
2010-08-13 15:30 . 2010-08-13 15:30 107132 ----a-w- c:\windows\UninstallFirefox.exe
2010-08-13 15:30 . 2010-08-13 15:30 2293 ----a-w- c:\windows\mozver.dat
2010-08-13 15:26 . 2010-08-13 15:26 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-08-13 15:26 . 2010-08-13 15:26 -------- d-----w- c:\program files\Unlocker
2010-06-14 14:30 . 2010-08-13 15:27 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
.

------- Sigcheck -------

[-] 2010-08-15 . 2DEACA71A7FD77205F59D48D76B2F565 . 1075200 . . [6.00.2900.2649] . . c:\windows\explorer.exe
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-08-15_15.16.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-18 15:32 . 2010-08-18 15:32 16384 c:\windows\temp\Perflib_Perfdata_1b8.dat
+ 2009-12-21 13:09 . 2009-12-21 13:09 16832 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\ViewerPS.dll
+ 2009-12-21 18:57 . 2009-12-21 18:57 35760 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\reader_sl.exe
+ 2009-12-21 13:02 . 2009-12-21 13:02 79280 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\PDFPrevHndlr.dll
+ 2009-12-21 16:21 . 2009-12-21 16:21 99776 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\eula.exe
+ 2009-12-11 08:57 . 2009-12-11 08:57 70584 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\adobeextractfiles.dll
+ 2009-12-21 16:37 . 2009-12-21 16:37 27048 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acrotextextractor.exe
+ 2009-12-21 11:39 . 2009-12-21 11:39 15288 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRd32Info.exe
+ 2009-12-21 11:27 . 2009-12-21 11:27 75200 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acroiehelpershim.dll
+ 2009-12-21 11:27 . 2009-12-21 11:27 61888 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroIEHelper.dll
+ 2006-12-01 15:54 . 2006-12-01 15:54 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
+ 2006-12-01 15:54 . 2006-12-01 15:54 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
+ 2006-12-01 15:54 . 2006-12-01 15:54 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
+ 2009-12-11 08:57 . 2009-12-11 08:57 326056 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\readerupdater.exe
+ 2009-12-21 11:35 . 2009-12-21 11:35 378264 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\pdfshell.dll
+ 2009-12-21 13:05 . 2009-12-21 13:05 116168 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\PDFPrevHndlrShim.exe
+ 2009-12-21 11:34 . 2009-12-21 11:34 103864 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\nppdf32.dll
+ 2009-11-09 12:18 . 2009-11-09 12:18 684032 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\JP2KLib.dll
+ 2009-12-21 13:02 . 2009-12-21 13:02 542168 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AdobeCollabSync.exe
+ 2009-12-11 08:57 . 2009-12-11 08:57 948672 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\adobearm.exe
+ 2009-12-21 11:43 . 2009-12-21 11:43 120240 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRdIF.dll
+ 2009-12-21 18:57 . 2009-12-21 18:57 349616 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRd32.exe
+ 2009-12-21 11:15 . 2009-12-21 11:15 660912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroPDF.dll
+ 2009-12-21 12:32 . 2009-12-21 12:32 280024 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acrobroker.exe
+ 2009-12-11 08:57 . 2009-12-11 08:57 326056 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acrobatupdater.exe
+ 2009-12-21 12:15 . 2009-12-21 12:15 251296 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\a3dutility.exe
+ 2010-06-20 08:01 . 2010-06-20 08:01 8040960 c:\windows\Installer\76f408.msp
+ 2010-08-16 14:36 . 2010-08-16 14:36 3940352 c:\windows\Installer\76f407.msi
+ 2009-12-21 11:29 . 2009-12-21 11:29 2409880 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\rt3d.dll
+ 2009-12-21 12:00 . 2009-12-21 12:00 1298996 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\JSByteCodeWin.bin
+ 2009-12-21 16:31 . 2009-12-21 16:31 5713920 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AGM.dll
+ 2010-04-04 06:54 . 2010-04-04 06:54 11850240 c:\windows\Installer\76f409.msp
+ 2009-12-21 16:21 . 2009-12-21 16:21 20436408 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRd32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-10 16384000]
"SkyTel"="SkyTel.EXE" [2007-08-03 1826816]
"Gainward"="c:\windows\TBPanel.exe" [2008-01-29 2177576]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-08 8523776]
"nwiz"="nwiz.exe" [2008-01-08 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-08 81920]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-06-25 1629480]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-06-25 1057064]
"NBKeyScan"="c:\program files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" [2007-06-29 1373480]
"QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" [2010-03-17 421888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnsc"="c:\windows\system32\msnsc.exe" [2006-01-13 62054]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2006-01-13 44544]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8/15/2010 6:59 PM 135336]
S3 FXDrv32;FXDrv32;\??\d:\fxdrv32.sys --> d:\FXDrv32.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 10:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-08-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 05:34]

2010-08-18 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-08-15 15:18]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\jalla\Application Data\Mozilla\Firefox\Profiles\8pagwy0d.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p=
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-18 22:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3960)
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-08-18 22:34:33 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-18 15:34
ComboFix2.txt 2010-08-15 17:04

Pre-Run: 66,295,283,712 bytes free
Post-Run: 66,301,878,272 bytes free

- - End Of File - - 130F470533699BFE00C57FBFDBCE1658

Hi

Rename ComboFix to ComboFix.exe

instead of combo-fix.exe.exe


Then, re-run the CFScript and post a new log.

here's the log

ComboFix 10-08-17.03 - jalla 08/19/2010 17:39:39.7.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.512 [GMT 7:00]
Running from: c:\documents and settings\jalla\Desktop\ComboFix.exe.exe
Command switches used :: c:\documents and settings\jalla\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((( Files Created from 2010-07-19 to 2010-08-19 )))))))))))))))))))))))))))))))
.

2010-08-18 16:02 . 2010-08-18 16:02 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-08-18 14:53 . 2010-08-18 15:34 -------- d-----w- C:\combo-fix.exe5950c
2010-08-16 14:36 . 2010-08-16 14:36 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-16 10:59 . 2010-08-17 14:31 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-08-15 16:45 . 2010-08-15 17:04 -------- d-----w- C:\combo-fix.exe
2010-08-15 15:04 . 2010-08-15 15:18 -------- d-----w- C:\ComboFix
2010-08-15 14:08 . 2010-08-15 14:10 1075200 ----a-w- c:\windows\explorer.exe
2010-08-15 14:07 . 2010-08-15 14:07 -------- d-----w- c:\documents and settings\jalla\Application Data\Avira
2010-08-15 14:03 . 2010-08-15 14:03 -------- d-----w- c:\windows\system32\KB905474
2010-08-15 12:03 . 2010-08-15 12:07 -------- d-----w- c:\windows\system32\NtmsData
2010-08-15 12:00 . 2010-08-15 12:00 503808 ----a-w- c:\documents and settings\jalla\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-58e50266-n\msvcp71.dll
2010-08-15 12:00 . 2010-08-15 12:00 499712 ----a-w- c:\documents and settings\jalla\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-58e50266-n\jmc.dll
2010-08-15 12:00 . 2010-08-15 12:00 348160 ----a-w- c:\documents and settings\jalla\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-58e50266-n\msvcr71.dll
2010-08-15 12:00 . 2010-08-15 12:00 61440 ----a-w- c:\documents and settings\jalla\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-73adf7f2-n\decora-sse.dll
2010-08-15 12:00 . 2010-08-15 12:00 12800 ----a-w- c:\documents and settings\jalla\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-73adf7f2-n\decora-d3d.dll
2010-08-15 12:00 . 2010-08-15 12:00 -------- d-----w- c:\program files\Common Files\Java
2010-08-15 12:00 . 2010-08-15 12:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-15 12:00 . 2010-08-15 12:00 -------- d-----w- c:\program files\Java
2010-08-15 11:59 . 2010-08-15 11:59 -------- d-----w- c:\program files\Avira
2010-08-15 11:59 . 2010-08-15 11:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-08-15 11:59 . 2010-03-01 03:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-08-15 11:59 . 2010-02-16 07:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-08-15 11:59 . 2009-05-11 05:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-08-15 11:59 . 2009-05-11 05:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-08-14 14:11 . 2010-08-14 14:11 77184 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-08-14 14:03 . 2010-08-14 14:03 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Microsoft Help
2010-08-14 14:00 . 2010-08-14 14:00 -------- d-----w- c:\program files\MSXML 4.0
2010-08-14 13:54 . 2010-08-17 15:08 -------- d-----w- c:\documents and settings\jalla\Local Settings\Application Data\Adobe
2010-08-14 13:32 . 2010-08-15 11:56 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-08-14 13:24 . 2010-08-14 13:24 -------- d-----w- c:\program files\Common Files\Apple
2010-08-14 13:24 . 2010-08-14 13:24 -------- d-----w- c:\documents and settings\jalla\Local Settings\Application Data\Apple
2010-08-14 13:24 . 2010-08-14 13:24 -------- d-----w- c:\program files\Apple Software Update
2010-08-14 13:24 . 2010-08-14 13:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-08-14 13:23 . 2010-08-14 13:23 -------- d-----w- c:\documents and settings\jalla\Local Settings\Application Data\Apple Computer
2010-08-14 10:45 . 2010-08-19 10:38 -------- d-----w- c:\documents and settings\jalla\Local Settings\Application Data\Ahead
2010-08-14 10:42 . 2010-08-19 10:39 -------- d-----w- c:\documents and settings\jalla\Application Data\Ahead
2010-08-14 10:41 . 2010-08-14 10:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Ahead
2010-08-14 10:38 . 2010-08-15 14:03 -------- d-----w- c:\windows\system32\DllCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-18 16:51 . 2010-08-13 16:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-18 16:49 . 2010-08-13 16:15 -------- d-----w- c:\program files\Microsoft Works
2010-08-18 16:31 . 2010-08-13 15:30 -------- d-----w- c:\program files\QuickTime Alternative
2010-08-18 16:31 . 2010-08-13 15:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-08-14 10:43 . 2010-08-14 10:43 -------- d-----w- c:\program files\Common Files\LightScribe
2010-08-14 10:41 . 2010-08-13 16:35 -------- d-----w- c:\program files\Common Files\Ahead
2010-08-13 16:35 . 2010-08-13 16:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2010-08-13 16:35 . 2010-08-13 16:35 -------- d-----w- c:\program files\Nero
2010-08-13 16:30 . 2010-08-13 16:30 66144 ----a-w- c:\documents and settings\jalla\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-13 16:15 . 2010-08-13 16:15 -------- d-----w- c:\program files\MSBuild
2010-08-13 16:09 . 2010-08-13 15:28 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-08-13 15:48 . 2010-08-13 15:44 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-13 15:48 . 2010-08-13 15:48 -------- d-----w- c:\program files\FOXCONN
2010-08-13 15:47 . 2010-08-13 15:47 -------- d-----w- c:\program files\Common Files\InstallShield
2010-08-13 15:44 . 2010-08-13 15:44 -------- d-----w- c:\program files\Realtek
2010-08-13 15:44 . 2010-08-13 15:44 -------- d-----w- c:\documents and settings\jalla\Application Data\InstallShield
2010-08-13 15:41 . 2010-08-13 15:41 -------- d-----w- c:\program files\Intel
2010-08-13 15:37 . 2010-08-13 15:37 0 ----a-w- c:\windows\nsreg.dat
2010-08-13 15:30 . 2010-08-13 15:30 107132 ----a-w- c:\windows\UninstallFirefox.exe
2010-08-13 15:30 . 2010-08-13 15:30 2293 ----a-w- c:\windows\mozver.dat
2010-08-13 15:26 . 2010-08-13 15:26 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-08-13 15:26 . 2010-08-13 15:26 -------- d-----w- c:\program files\Unlocker
2010-06-14 14:30 . 2010-08-13 15:27 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
.

------- Sigcheck -------

[-] 2010-08-15 . 2DEACA71A7FD77205F59D48D76B2F565 . 1075200 . . [6.00.2900.2649] . . c:\windows\explorer.exe
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-08-15_15.16.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-24 14:15 . 2008-10-24 14:15 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2008-10-24 14:15 . 2008-10-24 14:15 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2008-10-24 14:15 . 2008-10-24 14:15 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2008-10-24 14:15 . 2008-10-24 14:15 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2008-10-24 14:15 . 2008-10-24 14:15 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2008-10-24 14:15 . 2008-10-24 14:15 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2008-10-24 14:15 . 2008-10-24 14:15 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2008-10-24 14:15 . 2008-10-24 14:15 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2008-10-24 14:15 . 2008-10-24 14:15 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2008-10-24 14:15 . 2008-10-24 14:15 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2008-10-24 14:15 . 2008-10-24 14:15 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2008-10-24 14:15 . 2008-10-24 14:15 96256 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2010-08-19 11:19 . 2010-08-19 11:19 16384 c:\windows\temp\Perflib_Perfdata_e8.dat
+ 2010-08-13 16:16 . 2008-11-10 04:41 67472 c:\windows\system32\spool\drivers\w32x86\msonpui.dll
+ 2010-08-13 16:16 . 2008-11-10 04:41 67472 c:\windows\system32\spool\drivers\w32x86\3\msonpui.dll
+ 2010-08-13 16:16 . 2008-11-10 04:41 32656 c:\windows\system32\msonpmon.dll
+ 2010-08-13 16:16 . 2010-08-18 16:50 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2010-08-13 16:16 . 2010-08-14 14:03 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2010-08-13 16:16 . 2010-08-18 16:50 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2010-08-13 16:16 . 2010-08-14 14:03 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2010-08-13 16:16 . 2010-08-18 16:50 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2010-08-13 16:16 . 2010-08-14 14:03 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-12-21 13:09 . 2009-12-21 13:09 16832 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\ViewerPS.dll
+ 2009-12-21 18:57 . 2009-12-21 18:57 35760 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\reader_sl.exe
+ 2009-12-21 13:02 . 2009-12-21 13:02 79280 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\PDFPrevHndlr.dll
+ 2009-12-21 16:21 . 2009-12-21 16:21 99776 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\eula.exe
+ 2009-12-11 08:57 . 2009-12-11 08:57 70584 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\adobeextractfiles.dll
+ 2009-12-21 16:37 . 2009-12-21 16:37 27048 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acrotextextractor.exe
+ 2009-12-21 11:39 . 2009-12-21 11:39 15288 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRd32Info.exe
+ 2009-12-21 11:27 . 2009-12-21 11:27 75200 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acroiehelpershim.dll
+ 2009-12-21 11:27 . 2009-12-21 11:27 61888 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroIEHelper.dll
+ 2006-07-24 09:50 . 2006-07-24 09:50 47920 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\VBAME.DLL
+ 2006-07-24 09:50 . 2006-07-24 09:50 92976 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSADDNDR.DLL
+ 2006-10-26 20:17 . 2006-10-26 20:17 11072 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XLCALL32.DLL
+ 2006-10-26 20:13 . 2006-10-26 20:13 72472 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XL12CNVP.DLL
+ 2006-10-27 14:11 . 2006-10-27 14:11 21264 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WRD12EXE.EXE
+ 2006-10-26 13:04 . 2006-10-26 13:04 76624 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWSTRUCT.DLL
+ 2006-10-26 13:04 . 2006-10-26 13:04 19784 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWRECS.DLL
+ 2006-10-26 13:04 . 2006-10-26 13:04 51008 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWRECE.DLL
+ 2006-10-26 13:04 . 2006-10-26 13:04 27456 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWORIENT.DLL
+ 2006-10-26 13:04 . 2006-10-26 13:04 58168 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWLAY32.DLL
+ 2006-10-26 13:05 . 2006-10-26 13:05 86840 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWCUTLIN.DLL
+ 2006-10-26 13:04 . 2006-10-26 13:04 29976 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\THOCRAPI.DLL
+ 2006-10-26 18:59 . 2006-10-26 18:59 15672 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SMARTTAGINSTALL.EXE
+ 2006-10-26 18:49 . 2006-10-26 18:49 34104 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SETLANG.EXE
+ 2006-10-26 19:55 . 2006-10-26 19:55 55056 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SCANOST.EXE
+ 2006-10-26 19:55 . 2006-10-26 19:55 76576 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\RM.DLL
+ 2006-10-26 13:04 . 2006-10-26 13:04 19784 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\REVERSE.DLL
+ 2006-10-26 19:12 . 2006-10-26 19:12 40424 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\REFIEBAR.DLL
+ 2006-10-26 20:13 . 2006-10-26 20:13 38168 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\REFEDIT.DLL
+ 2006-10-26 19:55 . 2006-10-26 19:55 39208 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\RECALL.DLL
+ 2006-10-26 19:09 . 2006-10-26 19:09 48448 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PUBTRAP.DLL
+ 2006-10-26 13:05 . 2006-10-26 13:05 77144 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PSOM.DLL
+ 2006-10-26 19:55 . 2006-10-26 19:55 53048 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLVBA.DLL
+ 2006-10-27 14:16 . 2006-10-27 14:16 46864 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLRPC.DLL
+ 2006-10-26 18:59 . 2006-10-26 18:59 46936 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OSETUPPS.DLL
+ 2006-10-26 18:59 . 2006-10-26 18:59 18760 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OPHPROXY.DLL
+ 2006-10-26 19:24 . 2006-10-26 19:24 72504 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONFILTER.DLL
+ 2006-10-26 19:24 . 2006-10-26 19:24 98632 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONENOTEM.EXE
+ 2006-10-26 18:59 . 2006-10-26 18:59 16728 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OMUOPTINPS.DLL
+ 2006-10-26 19:00 . 2006-10-26 19:00 23392 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OISCTRL.DLL
+ 2006-10-27 14:11 . 2006-10-27 14:11 54680 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OFFRHD.DLL
+ 2006-10-26 19:12 . 2006-10-26 19:12 65824 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\NAME.DLL
+ 2006-10-26 18:59 . 2006-10-26 18:59 43832 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSSH.DLL
+ 2006-10-27 14:26 . 2006-10-27 14:26 35152 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOSTYLE.DLL
+ 2006-10-26 18:56 . 2006-10-26 18:56 67408 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSONPUI.DLL
+ 2006-10-26 18:56 . 2006-10-26 18:56 32592 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSONPMON.DLL
+ 2006-10-26 18:52 . 2006-10-26 18:52 66368 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOMSE.DLL
+ 2006-10-26 19:12 . 2006-10-26 19:12 67896 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOHTMED.EXE
+ 2006-10-27 14:01 . 2006-10-27 14:01 76088 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOHEV.DLL
+ 2006-10-26 20:13 . 2006-10-26 20:13 26936 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOEURO.DLL
+ 2006-10-26 18:48 . 2006-10-26 18:48 14664 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOCFU.DLL
+ 2006-10-26 18:59 . 2006-10-26 18:59 19768 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSMH.DLL
+ 2006-10-26 18:52 . 2006-10-26 18:52 48424 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSE7.EXE
+ 2006-10-26 20:18 . 2006-10-26 20:18 66880 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSAEXP30.DLL
+ 2006-10-26 19:55 . 2006-10-26 19:55 21312 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MLSHEXT.DLL
+ 2006-10-26 19:12 . 2006-10-26 19:12 89400 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\METCONV.DLL
+ 2006-10-26 20:41 . 2006-10-26 20:41 66368 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\INLAUNCH.DLL
+ 2006-10-27 14:37 . 2006-10-27 14:37 35112 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVESYSTEMMODE.DLL
+ 2006-10-26 23:47 . 2006-10-26 23:47 16688 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVESTDURLLAUNCHER.EXE
+ 2006-10-26 23:47 . 2006-10-26 23:47 22808 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVENEW.DLL
+ 2006-10-26 23:47 . 2006-10-26 23:47 31016 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEMONITOR.EXE
+ 2006-10-26 23:47 . 2006-10-26 23:47 33568 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVECLEAN.EXE
+ 2006-10-27 14:37 . 2006-10-27 14:37 34088 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEAUTOPROXY.DLL
+ 2006-10-26 23:47 . 2006-10-26 23:47 65824 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEAUDITSERVICE.EXE
+ 2006-10-26 13:04 . 2006-10-26 13:04 75576 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\FORM.DLL
+ 2006-10-26 19:55 . 2006-10-26 19:55 35160 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DUMPSTER.DLL
+ 2006-10-26 19:55 . 2006-10-26 19:55 87344 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DLGSETP.DLL
+ 2006-10-26 20:30 . 2006-10-26 20:30 65312 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\COLLIMP.DLL
+ 2006-10-26 19:12 . 2006-10-26 19:12 53576 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\AUTHZAX.DLL
+ 2006-10-26 19:13 . 2006-10-26 19:13 56120 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACERCLR.DLL
+ 2006-10-26 19:13 . 2006-10-26 19:13 15160 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEODTXT.DLL
+ 2006-10-26 19:13 . 2006-10-26 19:13 15160 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEODPDX.DLL
+ 2006-10-26 19:13 . 2006-10-26 19:13 15160 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEODEXL.DLL
+ 2006-10-26 19:13 . 2006-10-26 19:13 15160 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEODDBS.DLL
+ 2006-10-27 14:00 . 2006-10-27 14:00 47976 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEERR.DLL
+ 2006-10-26 20:18 . 2006-10-26 20:18 94016 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACCOLK.DLL
+ 2006-12-01 15:54 . 2006-12-01 15:54 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
+ 2006-12-01 15:54 . 2006-12-01 15:54 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
+ 2006-12-01 15:54 . 2006-12-01 15:54 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
+ 2010-08-13 16:16 . 2008-11-10 04:41 864144 c:\windows\system32\spool\drivers\w32x86\msonpdrv.dll
+ 2010-08-13 16:16 . 2008-11-10 04:41 864144 c:\windows\system32\spool\drivers\w32x86\3\msonpdrv.dll
- 2010-08-13 16:15 . 2010-08-15 11:56 263024 c:\windows\system32\FNTCACHE.DAT
+ 2010-08-13 16:15 . 2010-08-19 09:39 263024 c:\windows\system32\FNTCACHE.DAT
+ 2010-08-18 16:31 . 2010-08-18 16:31 807936 c:\windows\Installer\35a743.msi
+ 2010-08-18 16:48 . 2010-08-18 16:48 217864 c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
- 2010-08-13 16:11 . 2010-08-13 16:11 217864 c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2010-08-13 16:16 . 2010-08-18 16:50 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2010-08-13 16:16 . 2010-08-14 14:03 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2010-08-13 16:16 . 2010-08-14 14:03 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2010-08-13 16:16 . 2010-08-18 16:50 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2010-08-13 16:16 . 2010-08-14 14:03 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2010-08-13 16:16 . 2010-08-18 16:50 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2010-08-13 16:16 . 2010-08-18 16:50 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2010-08-13 16:16 . 2010-08-14 14:03 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2010-08-13 16:16 . 2010-08-14 14:03 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2010-08-13 16:16 . 2010-08-18 16:50 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2010-08-13 16:16 . 2010-08-18 16:50 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2010-08-13 16:16 . 2010-08-14 14:03 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2010-08-13 16:16 . 2010-08-18 16:50 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2010-08-13 16:16 . 2010-08-14 14:03 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-12-11 08:57 . 2009-12-11 08:57 326056 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\readerupdater.exe
+ 2009-12-21 11:35 . 2009-12-21 11:35 378264 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\pdfshell.dll
+ 2009-12-21 13:05 . 2009-12-21 13:05 116168 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\PDFPrevHndlrShim.exe
+ 2009-12-21 11:34 . 2009-12-21 11:34 103864 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\nppdf32.dll
+ 2009-11-09 12:18 . 2009-11-09 12:18 684032 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\JP2KLib.dll
+ 2009-12-21 13:02 . 2009-12-21 13:02 542168 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AdobeCollabSync.exe
+ 2009-12-11 08:57 . 2009-12-11 08:57 948672 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\adobearm.exe
+ 2009-12-21 11:43 . 2009-12-21 11:43 120240 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRdIF.dll
+ 2009-12-21 18:57 . 2009-12-21 18:57 349616 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRd32.exe
+ 2009-12-21 11:15 . 2009-12-21 11:15 660912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroPDF.dll
+ 2009-12-21 12:32 . 2009-12-21 12:32 280024 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acrobroker.exe
+ 2009-12-11 08:57 . 2009-12-11 08:57 326056 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acrobatupdater.exe
+ 2009-12-21 12:15 . 2009-12-21 12:15 251296 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\a3dutility.exe
+ 2006-07-24 09:50 . 2006-07-24 09:50 125744 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSSTDFMT.DLL
+ 2006-10-26 13:05 . 2006-10-26 13:05 530760 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XPAGE3C.DLL
+ 2006-10-26 19:49 . 2006-10-26 19:49 509200 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WRD12CVR.DLL
+ 2006-10-27 14:23 . 2006-10-27 14:23 347432 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WINWORD.EXE
+ 2006-10-26 13:05 . 2006-10-26 13:05 126784 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWCUTCHR.DLL
+ 2006-07-28 14:21 . 2006-07-28 14:21 277320 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SSGEN.DLL
+ 2006-10-26 20:18 . 2006-10-26 20:18 502608 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SOA.DLL
+ 2006-10-26 19:06 . 2006-10-26 19:06 439600 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SETUP.EXE
+ 2006-10-26 19:13 . 2006-10-26 19:13 503624 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SELFCERT.EXE
+ 2006-10-26 19:55 . 2006-10-26 19:55 272744 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SCNPST64.DLL
+ 2006-10-26 19:55 . 2006-10-26 19:55 263520 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SCNPST32.DLL
+ 2006-10-27 14:16 . 2006-10-27 14:16 408880 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\RTFHTML.DLL
+ 2006-10-26 20:42 . 2006-10-26 20:42 744808 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\REGFORM.EXE
+ 2006-10-26 19:09 . 2006-10-26 19:09 590144 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PUBCONV.DLL
+ 2006-10-27 14:04 . 2006-10-27 14:04 624456 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PTXT9.DLL
+ 2006-10-26 19:55 . 2006-10-26 19:55 413472 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PSTPRX32.DLL
+ 2006-10-26 19:09 . 2006-10-26 19:09 136008 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PRTF9.DLL
+ 2006-10-26 20:07 . 2006-10-26 20:07 368968 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PPSLAX.DLL
+ 2006-10-27 14:04 . 2006-10-27 14:04 465200 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\POWERPNT.EXE
+ 2006-10-26 20:30 . 2006-10-26 20:30 482088 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PORTCONN.DLL
+ 2006-10-27 14:16 . 2006-10-27 14:16 176976 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLPH.DLL
+ 2006-10-27 14:16 . 2006-10-27 14:16 594256 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLMIME.DLL
+ 2006-07-26 17:53 . 2006-07-26 17:53 459080 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLFLTR.DLL
+ 2006-10-27 14:16 . 2006-10-27 14:16 138512 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLCTL.DLL
+ 2006-10-26 19:23 . 2006-10-26 19:23 782720 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONSYNCPC.DLL
+ 2006-10-27 14:39 . 2006-10-27 14:39 687432 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONBTTNOL.DLL
+ 2006-10-26 19:32 . 2006-10-26 19:32 604000 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONBTTNIE.DLL
+ 2006-10-26 19:34 . 2006-10-26 19:34 192848 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OMSXP32.DLL
+ 2006-10-26 19:34 . 2006-10-26 19:34 660792 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OMSMAIN.DLL
+ 2006-10-26 19:55 . 2006-10-26 19:55 254776 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OLKFSTUB.DLL
+ 2006-10-26 19:00 . 2006-10-26 19:00 285008 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OISGRAPH.DLL
+ 2006-10-26 19:00 . 2006-10-26 19:00 998208 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OISAPP.DLL
+ 2006-10-26 19:00 . 2006-10-26 19:00 274744 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OIS.EXE
+ 2006-10-20 07:37 . 2006-10-20 07:37 637744 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OGALEGIT.DLL
+ 2006-10-26 19:06 . 2006-10-26 19:06 232816 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ODEPLOY.EXE
+ 2006-10-26 18:55 . 2006-10-26 18:55 538904 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSTORES.DLL
+ 2006-10-26 18:55 . 2006-10-26 18:55 145688 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSTORE.EXE
+ 2006-10-26 18:55 . 2006-10-26 18:55 832800 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSTORDB.EXE
+ 2006-10-26 12:56 . 2006-10-26 12:56 505136 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSSOAP30.DLL
+ 2006-10-26 18:50 . 2006-10-26 18:50 672024 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSQRY32.EXE
+ 2006-10-26 13:47 . 2006-10-26 13:47 727840 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSPROOF6.DLL
+ 2006-10-26 12:56 . 2006-10-26 12:56 436520 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSORUN.DLL
+ 2006-10-26 18:56 . 2006-10-26 18:56 864080 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSONPDRV.DLL
+ 2006-10-26 19:12 . 2006-10-26 19:12 428816 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSODCW.DLL
+ 2006-10-27 13:59 . 2006-10-27 13:59 161080 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOCF.DLL
+ 2006-10-26 12:58 . 2006-10-26 12:58 117552 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSCONV97.DLL
+ 2006-10-26 12:58 . 2006-10-26 12:58 290576 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSCDM.DLL
+ 2006-10-27 14:04 . 2006-10-27 14:04 497504 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MORPH9.DLL
+ 2006-10-26 18:52 . 2006-10-26 18:52 460616 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MODHELP.DLL
+ 2006-10-26 19:55 . 2006-10-26 19:55 340248 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MIMEDIR.DLL
+ 2006-10-26 18:55 . 2006-10-26 18:55 828704 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MEDCAT.DLL
+ 2006-10-26 20:42 . 2006-10-26 20:42 176976 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IPOLK.DLL
+ 2006-10-26 19:55 . 2006-10-26 19:55 138024 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IMPMAIL.DLL
+ 2006-10-26 19:00 . 2006-10-26 19:00 178488 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IETAG.DLL
+ 2006-10-26 19:12 . 2006-10-26 19:12 173328 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IEAWSDC.DLL
+ 2006-10-27 14:37 . 2006-10-27 14:37 631080 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEWEBSERVICES.DLL
+ 2006-10-26 23:48 . 2006-10-26 23:48 572216 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEWEBPLATFORMSERVICES.DLL
+ 2006-10-27 14:37 . 2006-10-27 14:37 268080 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEWEBBROWSERTOOL2.DLL
+ 2006-10-26 23:48 . 2006-10-26 23:48 955680 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEUTIL.DLL
+ 2006-10-26 23:48 . 2006-10-26 23:48 222512 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVESYSTEMSERVICES.DLL
+ 2006-10-26 23:48 . 2006-10-26 23:48 363304 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVESKETCHTOOL.DLL
+ 2006-10-26 23:48 . 2006-10-26 23:48 224048 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEPROJECTTOOLSET.DLL
+ 2006-10-26 23:48 . 2006-10-26 23:48 317736 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEMIGRATOR.EXE
+ 2006-10-26 23:48 . 2006-10-26 23:48 197920 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEGAMES.DLL
+ 2006-10-27 14:37 . 2006-10-27 14:37 284976 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEFETCHSERVICES.DLL
+ 2006-10-26 23:48 . 2006-10-26 23:48 377136 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEDATAVIEWERTOOL.DLL
+ 2006-10-27 14:37 . 2006-10-27 14:37 768304 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVECOMPONENTMGR.DLL
+ 2006-10-27 14:37 . 2006-10-27 14:37 117584 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVECOMMUNICATIONSSTATUSANDCONTROL.DLL
+ 2006-10-27 14:37 . 2006-10-27 14:37 300336 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVECALENDARTOOL.DLL
+ 2006-10-27 14:37 . 2006-10-27 14:37 284448 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEAUDIO.DLL
+ 2006-10-27 14:37 . 2006-10-27 14:37 338216 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVE.EXE
+ 2006-10-27 14:09 . 2006-10-27 14:09 983376 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\FPWEC.DLL
+ 2006-10-26 19:55 . 2006-10-26 19:55 154960 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ENVELOPE.DLL
+ 2006-10-26 19:55 . 2006-10-26 19:55 116544 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\EMABLT32.DLL
+ 2006-10-26 18:48 . 2006-10-26 18:48 434528 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DWTRIG20.EXE
+ 2006-10-26 18:48 . 2006-10-26 18:48 439568 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DWDCW20.DLL
+ 2006-10-26 19:12 . 2006-10-26 19:12 106824 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DSSM.EXE
+ 2006-10-26 23:48 . 2006-10-26 23:48 234784 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DRAT.EXE
+ 2006-10-26 19:12 . 2006-10-26 19:12 189760 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\CONTACTPICKER.DLL
+ 2006-10-27 14:16 . 2006-10-27 14:16 133936 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\CONTAB32.DLL
+ 2006-10-26 18:59 . 2006-10-26 18:59 205616 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\CLVIEW.EXE
+ 2006-10-27 14:41 . 2006-10-27 14:41 399640 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\CDLMSO.DLL
+ 2006-10-26 19:13 . 2006-10-26 19:13 371568 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEXBE.DLL
+ 2006-10-27 14:40 . 2006-10-27 14:40 208760 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEWSS.DLL
+ 2006-10-26 19:13 . 2006-10-26 19:13 224104 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACETXT.DLL
+ 2006-10-26 19:13 . 2006-10-26 19:13 551800 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEREP.DLL
+ 2006-10-26 19:13 . 2006-10-26 19:13 289648 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACER3X.DLL
+ 2006-10-26 19:13 . 2006-10-26 19:13 260976 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACER2X.DLL
+ 2006-10-26 19:13 . 2006-10-26 19:13 392048 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEPDE.DLL
+ 2006-10-27 14:00 . 2006-10-27 14:00 387960 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEOLEDB.DLL
+ 2006-10-26 19:13 . 2006-10-26 19:13 279352 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEODBC.DLL
+ 2006-10-26 19:13 . 2006-10-26 19:13 207736 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACELTS.DLL
+ 2006-10-26 19:13 . 2006-10-26 19:13 629616 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEEXCL.DLL
+ 2006-10-26 19:13 . 2006-10-26 19:13 338800 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEEXCH.DLL
+ 2006-10-27 14:00 . 2006-10-27 14:00 191360 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEES.DLL
+ 2006-10-27 14:00 . 2006-10-27 14:00 576376 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEDAO.DLL
+ 2006-10-26 20:18 . 2006-10-26 20:18 162616 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACCWIZ.DLL
+ 2006-10-27 14:00 . 2006-10-27 14:00 576376 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACACEDAO.DLL
+ 2006-10-26 18:49 . 2006-10-26 18:49 970528 c:\windows\Installer\$PatchCache$\Managed\00002109010090400000000000F01FEC\12.0.4518\MSONSEXT.DLL
+ 2008-10-24 14:15 . 2008-10-24 14:15 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2008-10-24 14:15 . 2008-10-24 14:15 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2008-11-20 16:06 . 2008-11-20 16:06 1194848 c:\windows\system32\FM20.DLL
+ 2010-06-20 08:01 . 2010-06-20 08:01 8040960 c:\windows\Installer\76f408.msp
+ 2010-08-16 14:36 . 2010-08-16 14:36 3940352 c:\windows\Installer\76f407.msi
+ 2009-04-04 10:10 . 2009-04-04 10:10 1282560 c:\windows\Installer\45c4a4.msp
+ 2009-04-04 10:10 . 2009-04-04 10:10 7888384 c:\windows\Installer\45c49d.msp
+ 2009-04-04 10:10 . 2009-04-04 10:10 9926144 c:\windows\Installer\45c494.msp
+ 2009-04-04 03:14 . 2009-04-04 03:14 1094656 c:\windows\Installer\45c2dc.msp
+ 2010-08-18 16:31 . 2010-08-18 16:31 9472000 c:\windows\Installer\35a6d7.msi
- 2010-08-13 16:16 . 2010-08-14 14:03 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2010-08-13 16:16 . 2010-08-18 16:50 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2010-08-13 16:16 . 2010-08-18 16:50 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2010-08-13 16:16 . 2010-08-14 14:03 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-12-21 11:29 . 2009-12-21 11:29 2409880 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\rt3d.dll
+ 2009-12-21 12:00 . 2009-12-21 12:00 1298996 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\JSByteCodeWin.bin
+ 2009-12-21 16:31 . 2009-12-21 16:31 5713920 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AGM.dll
+ 2006-10-26 13:05 . 2006-10-26 13:05 1181520 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XIMAGE3B.DLL
+ 2006-10-27 14:11 . 2006-10-27 14:11 4235560 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WRD12CNV.DLL
+ 2006-10-26 21:58 . 2006-10-26 21:58 3732792 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\VVIEWER.DLL
+ 2006-10-26 22:00 . 2006-10-26 22:00 1841984 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\VVIEWDWG.DLL
+ 2006-09-29 23:42 . 2006-09-29 23:42 2583344 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\VBE6.DLL
+ 2006-10-27 13:57 . 2006-10-27 13:57 2330968 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\STSLIST.DLL
+ 2006-10-26 18:52 . 2006-10-26 18:52 2012480 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PPTVIEW.EXE
+ 2006-10-27 14:04 . 2006-10-27 14:04 7980848 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PPCORE.DLL
+ 2006-10-26 19:07 . 2006-10-26 19:07 6536992 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OSETUP.DLL
+ 2006-10-27 14:03 . 2006-10-27 14:03 6579512 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONMAIN.DLL
+ 2006-10-26 19:24 . 2006-10-26 19:24 1165112 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONLIBS.DLL
+ 2006-10-27 14:03 . 2006-10-27 14:03 1018664 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONENOTE.EXE
+ 2006-10-27 14:16 . 2006-10-27 14:16 2939704 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OLMAPI32.DLL
+ 2006-10-27 14:18 . 2006-10-27 14:18 1658152 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OGL.DLL
+ 2006-10-26 19:14 . 2006-10-26 19:14 7033152 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OFFOWC.DLL
+ 2006-10-26 19:42 . 2006-10-26 19:42 8423224 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OARTCONV.DLL
+ 2006-10-26 13:47 . 2006-10-26 13:47 1512304 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\NLSD0000.DLL
+ 2006-10-27 14:04 . 2006-10-27 14:04 9581360 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSPUB.EXE
+ 2006-10-26 19:00 . 2006-10-26 19:00 6635320 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSORES.DLL
+ 2006-10-27 14:10 . 2006-10-27 14:10 5281592 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IPEDITOR.DLL
+ 2006-10-27 14:10 . 2006-10-27 14:10 5456704 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IPDESIGN.DLL
+ 2006-10-27 14:10 . 2006-10-27 14:10 1439032 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\INFOPATH.EXE
+ 2006-10-27 14:37 . 2006-10-27 14:37 1396008 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEUIFRAMEWORK.DLL
+ 2006-10-27 14:38 . 2006-10-27 14:38 4746536 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVETRANSCEIVER.DLL
+ 2006-10-27 14:37 . 2006-10-27 14:37 1163048 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVETEXTTOOLS.DLL
+ 2006-10-27 14:37 . 2006-10-27 14:37 2738472 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVESTORAGEMGR.DLL
+ 2006-10-26 23:48 . 2006-10-26 23:48 2210608 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVESHELLEXTENSIONS.DLL
+ 2006-10-27 14:38 . 2006-10-27 14:38 7053096 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVERESOURCE.DLL
+ 2006-10-26 23:48 . 2006-10-26 23:48 1555232 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEMISC.DLL
+ 2006-10-27 14:37 . 2006-10-27 14:37 3071288 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEDOCUMENTSHARETOOL.DLL
+ 2006-10-27 14:37 . 2006-10-27 14:37 1359648 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVECRYPTO.DLL
+ 2006-10-27 14:38 . 2006-10-27 14:38 3508544 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVECOMMUNICATIONSSERVICES.DLL
+ 2006-10-27 14:37 . 2006-10-27 14:37 2689336 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVECOMMONCOMPONENTS.DLL
+ 2006-10-27 14:38 . 2006-10-27 14:38 6191400 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEACCOUNTMGR.DLL
+ 2006-10-26 19:02 . 2006-10-26 19:02 2526520 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GRAPH.EXE
+ 2006-10-26 18:21 . 2006-10-26 18:21 1682232 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\FPSRVUTL.DLL
+ 2006-10-26 13:10 . 2006-10-26 13:10 1190688 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\FM20.DLL
+ 2006-10-27 14:00 . 2006-10-27 14:00 1751904 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACECORE.DLL
+ 2006-10-26 18:49 . 2006-10-26 18:49 1011488 c:\windows\Installer\$PatchCache$\Managed\00002109010090400000000000F01FEC\12.0.4518\MSDAIPP.DLL
+ 2010-04-04 06:54 . 2010-04-04 06:54 11850240 c:\windows\Installer\76f409.msp
+ 2009-04-04 10:09 . 2009-04-04 10:09 15190016 c:\windows\Installer\45c2fc.msp
+ 2009-04-04 04:36 . 2009-04-04 04:36 21390848 c:\windows\Installer\45c2dd.msp
+ 2009-12-21 16:21 . 2009-12-21 16:21 20436408 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRd32.dll
+ 2006-10-26 20:13 . 2006-10-26 20:13 14674216 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XL12CNV.EXE
+ 2006-10-27 14:23 . 2006-10-27 14:23 17483560 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WWLIB.DLL
+ 2006-10-27 14:16 . 2006-10-27 14:16 12813096 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLOOK.EXE
+ 2006-10-27 14:14 . 2006-10-27 14:14 14151456 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OART.DLL
+ 2006-10-27 14:01 . 2006-10-27 14:01 10371880 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSACCESS.EXE
+ 2006-10-27 14:07 . 2006-10-27 14:07 17891112 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\EXCEL.EXE
+ 2009-04-04 10:08 . 2009-04-04 10:08 343058432 c:\windows\Installer\45c48a.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-10 16384000]
"SkyTel"="SkyTel.EXE" [2007-08-03 1826816]
"Gainward"="c:\windows\TBPanel.exe" [2008-01-29 2177576]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-08 8523776]
"nwiz"="nwiz.exe" [2008-01-08 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-08 81920]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-06-25 1629480]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-06-25 1057064]
"NBKeyScan"="c:\program files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" [2007-06-29 1373480]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" [2010-08-09 421888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnsc"="c:\windows\system32\msnsc.exe" [2006-01-13 62054]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2006-01-13 44544]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8/15/2010 6:59 PM 135336]
S3 FXDrv32;FXDrv32;\??\d:\fxdrv32.sys --> d:\FXDrv32.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 10:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-08-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 05:34]

2010-08-19 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-08-15 15:18]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\jalla\Application Data\Mozilla\Firefox\Profiles\8pagwy0d.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p=
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-19 18:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3832)
c:\windows\system32\msi.dll
c:\windows\system32\browselc.dll
c:\program files\Microsoft Office\Office12\1033\GrooveIntlResource.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-08-19 18:22:11 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-19 11:22
ComboFix2.txt 2010-08-18 15:34
ComboFix3.txt 2010-08-15 17:04

Pre-Run: 64,711,610,368 bytes free
Post-Run: 64,739,319,808 bytes free

- - End Of File - - 33EFB20A57591DA2D96EADBE7606BE7E

Delete your copy of ComboFix, and download a new one from here, and save it to your Desktop, but don't rename it:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Then, drag CFScript in to ComboFix, like before, and post a log when it is finished.

here's the log

ComboFix 10-08-19.02 - jalla 08/22/2010 17:00:17.10.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.516 [GMT 7:00]
Running from: c:\documents and settings\jalla\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\jalla\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
ADS - explorer.exe: deleted 26 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\documents and settings\jalla\desktop\explorer.exe --> c:\windows\explorer.exe
.
((((((((((((((((((((((((( Files Created from 2010-07-22 to 2010-08-22 )))))))))))))))))))))))))))))))
.

2010-08-21 13:44 . 2010-08-21 13:44 -------- d-----w- c:\documents and settings\jalla\Application Data\TigerPlayer
2010-08-21 11:38 . 2010-08-21 11:39 -------- d-----w- c:\program files\MpcStar
2010-08-19 16:40 . 2010-08-19 16:43 -------- d-----w- c:\documents and settings\jalla\Local Settings\Application Data\WMTools Downloaded Files
2010-08-19 10:38 . 2010-08-19 11:22 -------- d-----w- C:\ComboFix.exe
2010-08-18 16:02 . 2010-08-18 16:02 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-08-18 14:53 . 2010-08-18 15:34 -------- d-----w- C:\combo-fix.exe5950c
2010-08-16 14:36 . 2010-08-16 14:36 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-16 10:59 . 2010-08-17 14:31 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-08-15 16:45 . 2010-08-15 17:04 -------- d-----w- C:\combo-fix.exe
2010-08-15 14:08 . 2010-08-15 14:39 1033216 ----a-w- c:\windows\explorer.exe
2010-08-15 14:07 . 2010-08-15 14:07 -------- d-----w- c:\documents and settings\jalla\Application Data\Avira
2010-08-15 14:03 . 2010-08-15 14:03 -------- d-----w- c:\windows\system32\KB905474
2010-08-15 12:03 . 2010-08-15 12:07 -------- d-----w- c:\windows\system32\NtmsData
2010-08-15 12:00 . 2010-08-15 12:00 503808 ----a-w- c:\documents and settings\jalla\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-58e50266-n\msvcp71.dll
2010-08-15 12:00 . 2010-08-15 12:00 499712 ----a-w- c:\documents and settings\jalla\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-58e50266-n\jmc.dll
2010-08-15 12:00 . 2010-08-15 12:00 348160 ----a-w- c:\documents and settings\jalla\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-58e50266-n\msvcr71.dll
2010-08-15 12:00 . 2010-08-15 12:00 61440 ----a-w- c:\documents and settings\jalla\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-73adf7f2-n\decora-sse.dll
2010-08-15 12:00 . 2010-08-15 12:00 12800 ----a-w- c:\documents and settings\jalla\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-73adf7f2-n\decora-d3d.dll
2010-08-15 12:00 . 2010-08-15 12:00 -------- d-----w- c:\program files\Common Files\Java
2010-08-15 12:00 . 2010-08-15 12:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-15 12:00 . 2010-08-15 12:00 -------- d-----w- c:\program files\Java
2010-08-15 11:59 . 2010-08-15 11:59 -------- d-----w- c:\program files\Avira
2010-08-15 11:59 . 2010-08-15 11:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-08-15 11:59 . 2010-03-01 03:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-08-15 11:59 . 2010-02-16 07:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-08-15 11:59 . 2009-05-11 05:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-08-15 11:59 . 2009-05-11 05:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-08-14 14:11 . 2010-08-14 14:11 77184 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-08-14 14:03 . 2010-08-14 14:03 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Microsoft Help
2010-08-14 14:00 . 2010-08-14 14:00 -------- d-----w- c:\program files\MSXML 4.0
2010-08-14 13:54 . 2010-08-17 15:08 -------- d-----w- c:\documents and settings\jalla\Local Settings\Application Data\Adobe
2010-08-14 13:32 . 2010-08-15 11:56 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-08-14 13:24 . 2010-08-14 13:24 -------- d-----w- c:\program files\Common Files\Apple
2010-08-14 13:24 . 2010-08-14 13:24 -------- d-----w- c:\documents and settings\jalla\Local Settings\Application Data\Apple
2010-08-14 13:24 . 2010-08-14 13:24 -------- d-----w- c:\program files\Apple Software Update
2010-08-14 13:24 . 2010-08-14 13:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-08-14 13:23 . 2010-08-14 13:23 -------- d-----w- c:\documents and settings\jalla\Local Settings\Application Data\Apple Computer
2010-08-14 10:45 . 2010-08-19 10:38 -------- d-----w- c:\documents and settings\jalla\Local Settings\Application Data\Ahead
2010-08-14 10:42 . 2010-08-19 10:39 -------- d-----w- c:\documents and settings\jalla\Application Data\Ahead
2010-08-14 10:41 . 2010-08-14 10:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Ahead
2010-08-14 10:38 . 2010-08-15 14:03 -------- d-----w- c:\windows\system32\DllCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-21 11:39 . 2010-08-13 15:30 -------- d-----w- c:\program files\QuickTime Alternative
2010-08-19 14:05 . 2010-08-13 16:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-18 16:49 . 2010-08-13 16:15 -------- d-----w- c:\program files\Microsoft Works
2010-08-18 16:31 . 2010-08-13 15:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-08-14 10:43 . 2010-08-14 10:43 -------- d-----w- c:\program files\Common Files\LightScribe
2010-08-14 10:41 . 2010-08-13 16:35 -------- d-----w- c:\program files\Common Files\Ahead
2010-08-13 16:35 . 2010-08-13 16:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2010-08-13 16:35 . 2010-08-13 16:35 -------- d-----w- c:\program files\Nero
2010-08-13 16:30 . 2010-08-13 16:30 66144 ----a-w- c:\documents and settings\jalla\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-13 16:15 . 2010-08-13 16:15 -------- d-----w- c:\program files\MSBuild
2010-08-13 16:09 . 2010-08-13 15:28 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-08-13 15:48 . 2010-08-13 15:44 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-13 15:48 . 2010-08-13 15:48 -------- d-----w- c:\program files\FOXCONN
2010-08-13 15:47 . 2010-08-13 15:47 -------- d-----w- c:\program files\Common Files\InstallShield
2010-08-13 15:44 . 2010-08-13 15:44 -------- d-----w- c:\program files\Realtek
2010-08-13 15:44 . 2010-08-13 15:44 -------- d-----w- c:\documents and settings\jalla\Application Data\InstallShield
2010-08-13 15:41 . 2010-08-13 15:41 -------- d-----w- c:\program files\Intel
2010-08-13 15:37 . 2010-08-13 15:37 0 ----a-w- c:\windows\nsreg.dat
2010-08-13 15:30 . 2010-08-13 15:30 107132 ----a-w- c:\windows\UninstallFirefox.exe
2010-08-13 15:30 . 2010-08-13 15:30 2293 ----a-w- c:\windows\mozver.dat
2010-08-13 15:26 . 2010-08-13 15:26 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-08-13 15:26 . 2010-08-13 15:26 -------- d-----w- c:\program files\Unlocker
2010-06-14 14:30 . 2010-08-13 15:27 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-10 16384000]
"SkyTel"="SkyTel.EXE" [2007-08-03 1826816]
"Gainward"="c:\windows\TBPanel.exe" [2008-01-29 2177576]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-08 8523776]
"nwiz"="nwiz.exe" [2008-01-08 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-08 81920]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-06-25 1629480]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-06-25 1057064]
"NBKeyScan"="c:\program files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" [2007-06-29 1373480]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnsc"="c:\windows\system32\msnsc.exe" [2006-01-13 62054]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2006-01-13 44544]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8/15/2010 6:59 PM 135336]
S3 FXDrv32;FXDrv32;\??\d:\fxdrv32.sys --> d:\FXDrv32.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 10:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-08-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 05:34]

2010-08-22 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-08-15 15:18]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\jalla\Application Data\Mozilla\Firefox\Profiles\8pagwy0d.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p=
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\MpcStar\Codecs\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\MpcStar\Codecs\Real\browser\plugins\nprpjplug.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-22 17:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2380)
c:\windows\system32\msi.dll
c:\windows\system32\browselc.dll
c:\program files\Microsoft Office\Office12\1033\GrooveIntlResource.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\SoftwareDistribution\Download\f508741c6f4c0f780bfb007248d4c220\update\update.exe
.
**************************************************************************
.
Completion time: 2010-08-22 17:14:33 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-22 10:14

Pre-Run: 62,482,309,120 bytes free
Post-Run: 62,550,691,840 bytes free

- - End Of File - - 70C3032385DF30A0D7AE10C0F73AACFE

Re-running ComboFix to remove infections:

• Close any open browsers.
  
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
• Open notepad and copy/paste the text in the codebox below into it:
  

  Code:

  killall::

Registry::
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnsc"=-

File::
c:\windows\system32\msnsc.exe

Reboot::

• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe
  
• When finished, it shall produce a log for you at C:\ComboFix.txt
  
• Please post the contents of the log in your next reply.

ComboFix 10-10-12.03 - jalla 10/14/2010 18:36:16.14.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.695 [GMT 7:00]
Running from: c:\documents and settings\jalla\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\jalla\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
* Created a new restore point

FILE ::
"c:\windows\system32\msnsc.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\AutoRun.inf
c:\windows\system32\usp10(2).dll

.
((((((((((((((((((((((((( Files Created from 2010-09-14 to 2010-10-14 )))))))))))))))))))))))))))))))
.

2010-10-09 13:02 . 2010-10-09 13:02 -------- d-----w- c:\windows\system32\Adobe
2010-10-07 11:47 . 2010-10-07 11:47 -------- d-----w- c:\program files\Common Files\Adobe
2010-10-02 15:16 . 2010-10-02 15:16 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2010-10-02 10:56 . 2010-10-02 10:56 -------- d-----w- c:\documents and settings\jalla\Local Settings\Application Data\HP
2010-10-02 10:56 . 2010-10-02 10:56 -------- d-----w- c:\documents and settings\jalla\Application Data\HP
2010-10-01 15:21 . 2010-10-01 15:21 -------- d-----w- c:\program files\7-Zip
2010-09-30 14:34 . 2010-09-30 14:34 -------- d-s---w- c:\documents and settings\jalla\UserData
2010-09-29 12:11 . 2010-09-29 12:11 -------- d-----w- c:\documents and settings\jalla\Application Data\ViiKiiDesktopPlugin.5E22EA0FF243470AB5EDDF282C0A5B52E9909C36.1
2010-09-29 12:11 . 2010-09-29 12:11 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-09-22 11:10 . 2010-09-22 11:10 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2010-09-18 10:15 . 2010-09-18 10:15 -------- d-----w- c:\windows\system32\wbem\Repository
2010-09-18 10:13 . 2010-09-18 10:26 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-09-18 10:07 . 2010-09-18 10:07 -------- d-----w- C:\5b9e71b5c365c537fc336343
2010-09-18 10:07 . 2010-09-18 10:07 -------- d-----w- c:\documents and settings\All Users\Application Data\HPSSUPPLY
2010-09-18 10:07 . 2010-09-18 10:07 -------- d-----w- c:\program files\Common Files\HP
2010-09-18 10:07 . 2010-09-18 10:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2010-09-18 10:06 . 2010-09-18 10:06 -------- d-----w- c:\windows\Sun
2010-09-17 11:42 . 2010-09-17 11:42 -------- d-----w- c:\windows\system32\scripting
2010-09-17 11:42 . 2010-09-17 11:42 -------- d-----w- c:\windows\l2schemas
2010-09-17 11:40 . 2010-09-17 11:42 -------- d-----w- c:\windows\ServicePackFiles
2010-09-17 11:29 . 2006-01-06 08:52 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-09-17 11:29 . 2006-01-06 08:53 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-09-17 11:29 . 2006-01-06 08:52 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"SkyTel"="SkyTel.EXE" [2007-08-03 1826816]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-06-25 1629480]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-10 16384000]
"QuickTime Task"="c:\program files\QuickTime Alternative\qttask.exe" [2010-09-08 421888]
"nwiz"="nwiz.exe" [2008-01-08 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-08 81920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-08 8523776]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" [2007-06-29 1373480]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-06-25 1057064]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Gainward"="c:\windows\TBPanel.exe" [2008-01-29 2177576]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2006-01-13 44544]

c:\documents and settings\jalla\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8/15/2010 6:59 PM 135336]
S3 FXDrv32;FXDrv32;\??\d:\fxdrv32.sys --> d:\FXDrv32.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 10:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-09-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 05:34]

2010-10-14 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-08-15 15:18]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\jalla\Application Data\Mozilla\Firefox\Profiles\8pagwy0d.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p=
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\MpcStar\Codecs\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\MpcStar\Codecs\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin5.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin6.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3940)
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\browselc.dll
c:\program files\Microsoft Office\Office12\1033\GrooveIntlResource.dll
c:\program files\Common Files\Ahead\Lib\NeroDigitalExt.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Completion time: 2010-10-14 18:53:32 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-14 11:53

Pre-Run: 56,462,888,960 bytes free
Post-Run: 57,558,335,488 bytes free

- - End Of File - - 423AB59A8C039AA026BDAF262600BB86

i recently had my bios updated..and since then the warning message stopped appearing...but I still seem to have a problem with my xp because I can't burn any cd on my burner. My nero keeps on saying power calibration failure. I tried error-checking my local disk but it keeps on saying that it was unable to continue the checking. I recently installed my hp software too but it can't finish the installment. can you please help me find the solution to this?

Since your computer probably changed, I would recommend to start a new topic.