Can't get rid of MS Removal Tool

Hi,
I tried getting rid of MS Removal tool as instructed by your website using Malwarebytes. I also tried the directions posted here on bleepingcomputer.com:
www.bleepingcomputer.com/virus-removal/remove-ms-removal-tool. Unfortunately I'm still infected. I don't see any evidence of the virus in Safe Mode w/Networking, but it's definitely still there when I reboot in "regular" mode. I read some other posts and am wondering if I should run combofix? I haven't tried that yet. Here is my log from OTL. It didn't spit out an extras.txt file, just otl.txt.

OTL logfile created on: 4/23/2011 8:44:00 AM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Danielle\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 230.34 Gb Total Space | 75.78 Gb Free Space | 32.90% Space Free | Partition Type: NTFS

Computer Name: DSMITH-LAP | User Name: Danielle | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/21 07:33:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Danielle\Desktop\OTL.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/04/21 07:33:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Danielle\Desktop\OTL.exe
MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/04/19 17:39:02 | 000,062,928 | R--- | M] (iS3, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver)
SRV - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2007/10/07 19:48:36 | 000,116,664 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2007/10/07 19:48:32 | 001,822,648 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2007/10/07 19:48:24 | 000,031,160 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2007/08/28 18:04:25 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/08/27 16:14:00 | 000,214,408 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2007/07/26 18:25:20 | 001,181,016 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2007/05/29 15:33:36 | 000,169,576 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2007/05/29 15:33:26 | 000,192,104 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2007/05/10 09:23:50 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Stopped] -- C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe -- (STacSV)
SRV - [2006/03/30 08:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Stopped] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)


========== Driver Services (SafeList) ==========

DRV - [2011/03/31 02:00:00 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110420.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/03/31 02:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110420.002\NAVENG.SYS -- (NAVENG)
DRV - [2010/12/10 13:24:12 | 000,239,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/07/16 14:59:54 | 000,338,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2010/05/27 02:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/27 02:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/12 18:01:06 | 000,059,280 | R--- | M] (iS3, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\szkgfs.sys -- (szkgfs)
DRV - [2009/12/07 17:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\szkg.sys -- (szkg5)
DRV - [2009/12/07 17:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\is3srv.sys -- (is3srv)
DRV - [2008/08/05 14:58:27 | 000,110,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/06/13 13:26:06 | 000,110,080 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2007/12/06 08:51:00 | 000,285,952 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2007/10/17 01:00:00 | 000,009,200 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2007/10/17 01:00:00 | 000,009,072 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2007/10/09 18:17:42 | 001,123,328 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/08/27 16:13:36 | 000,189,320 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2007/08/27 16:13:32 | 000,023,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2007/07/26 18:25:18 | 000,400,216 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2007/05/10 09:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/11/14 23:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/14 18:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/14 16:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/09/06 13:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2006/09/06 13:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2006/08/04 15:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\XAudio.sys -- (XAudio)
DRV - [2005/11/14 13:59:00 | 000,007,424 | ---- | M] (CMS Peripherals, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\portd2k.sys -- (portD)
DRV - [2003/12/27 19:42:12 | 000,137,216 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\d344bus.sys -- (d344bus)
DRV - [2003/12/27 01:38:10 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\d344prt.sys -- (d344prt)
DRV - [2002/04/10 16:01:12 | 000,024,554 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2002/04/10 16:01:00 | 000,029,638 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2002/04/10 16:00:44 | 000,117,898 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2002/04/10 15:48:04 | 000,236,032 | ---- | M] (Roxio) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)
DRV - [2002/04/10 15:45:16 | 000,206,336 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://my.earthlink.net
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.earthlink.net/partner/more/msie/button/search.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://music.yahoo.com/launchcast/station.asp?u=1776826765
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://classic.wunderground.com/cgi-bin/findweather/getForecast?query=80002"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}:5.0.15
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071102000005
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/04/06 21:05:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/04/06 21:05:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/06 21:46:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/06 21:46:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/08/02 22:56:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011/04/06 21:05:56 | 000,000,000 | ---D | M]

[2008/08/05 19:16:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Danielle\Application Data\Mozilla\Extensions
[2011/04/22 22:51:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\ajdbz2sb.default\extensions
[2010/06/01 21:18:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\ajdbz2sb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/01/28 22:20:14 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\ajdbz2sb.default\extensions\moveplayer@movenetworks.com
[2011/04/16 09:27:25 | 000,001,137 | ---- | M] () -- C:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\ajdbz2sb.default\searchplugins\dictionarycom.xml
[2011/04/16 09:27:25 | 000,002,786 | ---- | M] () -- C:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\ajdbz2sb.default\searchplugins\google-images.xml
[2011/04/16 09:27:25 | 000,002,563 | ---- | M] () -- C:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\ajdbz2sb.default\searchplugins\google-maps.xml
[2008/08/06 20:35:05 | 000,001,504 | ---- | M] () -- C:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\ajdbz2sb.default\searchplugins\imdb.xml
[2011/04/16 09:27:25 | 000,002,087 | ---- | M] () -- C:\Documents and Settings\Danielle\Application Data\Mozilla\Firefox\Profiles\ajdbz2sb.default\searchplugins\youtube.xml
[2011/04/22 22:51:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/08/25 23:00:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}
[2010/04/20 20:09:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/04/06 21:46:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/04/06 21:05:56 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011/04/06 21:05:57 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2009/03/16 19:49:03 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/05/16 09:30:04 | 000,036,864 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npSfAppM.dll

O1 HOSTS File: ([2011/04/21 10:04:04 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5

part 2 of otl log:

CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

========== Files/Folders - Created Within 30 Days ==========

[2011/04/22 18:29:37 | 016,537,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Danielle\Desktop\jre-6u25-windows-i586.exe
[2011/04/22 18:29:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Danielle\Desktop\JavaRa
[2011/04/21 10:00:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Danielle\Application Data\Malwarebytes
[2011/04/21 09:59:34 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/21 09:59:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/21 09:59:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/21 09:59:31 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/04/21 09:59:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/21 09:26:52 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Danielle\Desktop\mbam-setup.exe
[2011/04/21 07:33:16 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Danielle\Desktop\OTL.exe
[2011/04/21 07:31:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Danielle\Desktop\RK_Quarantine
[2011/04/20 22:56:25 | 000,656,320 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctEFA.sys
[2011/04/20 22:56:25 | 000,338,880 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctDS.sys
[2011/04/20 22:56:24 | 000,251,560 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2011/04/20 22:56:15 | 000,239,168 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2011/04/20 22:56:15 | 000,160,448 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2011/04/20 22:56:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Tools Security
[2011/04/20 22:56:09 | 000,070,536 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2011/04/20 22:56:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/04/20 22:56:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Danielle\Application Data\PC Tools
[2011/04/20 20:57:57 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/04/20 20:49:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/04/20 20:47:28 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/04/20 20:27:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\STOPzilla
[2011/04/20 20:27:20 | 000,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2011/04/20 20:27:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/04/20 20:27:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2011/04/20 20:08:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\fIb24500oFlGo24500
[2011/04/19 17:38:56 | 000,132,560 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3HTUI5.dll
[2011/04/19 17:38:56 | 000,022,992 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZIO5.dll
[2011/04/19 17:38:54 | 000,546,256 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZComp5.dll
[2011/04/19 17:38:54 | 000,452,048 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZBase5.dll
[2011/04/19 17:38:54 | 000,398,800 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3DBA5.dll
[2011/04/19 17:38:54 | 000,067,024 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Hks5.dll
[2011/04/19 17:38:54 | 000,028,624 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3XDat5.dll
[2011/04/19 17:38:52 | 000,738,768 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Base5.dll
[2011/04/19 17:38:52 | 000,390,608 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3UI5.dll
[2011/04/19 17:38:52 | 000,230,864 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Win325.dll
[2011/04/19 17:38:52 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Svc5.dll
[2011/04/19 17:38:52 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Inet5.dll
[2011/04/06 21:47:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Danielle\Application Data\DDMSettings
[2011/04/06 21:46:37 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/04/06 21:46:37 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/04/06 21:46:37 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2008/10/14 17:44:36 | 000,137,216 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d344bus.sys
[2008/10/14 17:44:36 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d344prt.sys
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Danielle\*.tmp files -> C:\Documents and Settings\Danielle\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/23 08:39:14 | 000,440,684 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/23 08:39:14 | 000,071,002 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/23 08:35:07 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/23 08:34:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/22 22:42:45 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/22 22:11:23 | 000,133,120 | ---- | M] () -- C:\Documents and Settings\Danielle\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/22 11:32:34 | 016,537,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Danielle\Desktop\jre-6u25-windows-i586.exe
[2011/04/21 22:25:15 | 001,006,778 | ---- | M] () -- C:\Documents and Settings\Danielle\Desktop\iExplore.exe
[2011/04/21 22:16:34 | 001,006,778 | ---- | M] () -- C:\Documents and Settings\Danielle\Desktop\7d44676795ac6724edd466d0ffab4cc7.szcpf
[2011/04/21 22:12:36 | 001,006,778 | ---- | M] () -- C:\Documents and Settings\Danielle\Desktop\uSeRiNiT.exe
[2011/04/21 22:11:46 | 000,002,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpfr2.cfg
[2011/04/21 22:09:25 | 001,006,778 | ---- | M] () -- C:\Documents and Settings\Danielle\Desktop\rkill.com
[2011/04/21 21:52:00 | 000,000,990 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-790525478-839522115-1003UA.job
[2011/04/21 10:04:04 | 000,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/04/21 10:03:08 | 000,000,134 | ---- | M] () -- C:\Documents and Settings\Danielle\Desktop\hosts-perm.bat
[2011/04/21 09:26:54 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Danielle\Desktop\mbam-setup.exe
[2011/04/21 07:34:40 | 001,098,752 | ---- | M] () -- C:\Documents and Settings\Danielle\Desktop\RogueKiller.exe
[2011/04/21 07:34:32 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011/04/21 07:33:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Danielle\Desktop\OTL.exe
[2011/04/20 20:49:00 | 000,512,992 | ---- | M] () -- C:\Documents and Settings\Danielle\Desktop\RWsdsetup.exe
[2011/04/20 20:33:33 | 000,000,971 | ---- | M] () -- C:\Documents and Settings\Danielle\Start Menu\Programs\Startup\Dropbox.lnk
[2011/04/19 17:38:56 | 000,132,560 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3HTUI5.dll
[2011/04/19 17:38:56 | 000,022,992 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZIO5.dll
[2011/04/19 17:38:54 | 000,546,256 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZComp5.dll
[2011/04/19 17:38:54 | 000,452,048 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZBase5.dll
[2011/04/19 17:38:54 | 000,398,800 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3DBA5.dll
[2011/04/19 17:38:54 | 000,067,024 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Hks5.dll
[2011/04/19 17:38:54 | 000,028,624 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3XDat5.dll
[2011/04/19 17:38:52 | 000,738,768 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Base5.dll
[2011/04/19 17:38:52 | 000,390,608 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3UI5.dll
[2011/04/19 17:38:52 | 000,230,864 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Win325.dll
[2011/04/19 17:38:52 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Svc5.dll
[2011/04/19 17:38:52 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Inet5.dll
[2011/04/17 19:19:06 | 000,135,664 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/16 14:52:00 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-790525478-839522115-1003Core.job
[2011/04/16 12:12:04 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Danielle\*.tmp files -> C:\Documents and Settings\Danielle\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/21 22:25:09 | 001,006,778 | ---- | C] () -- C:\Documents and Settings\Danielle\Desktop\iExplore.exe
[2011/04/21 22:16:34 | 001,006,778 | ---- | C] () -- C:\Documents and Settings\Danielle\Desktop\7d44676795ac6724edd466d0ffab4cc7.szcpf
[2011/04/21 22:12:00 | 001,006,778 | ---- | C] () -- C:\Documents and Settings\Danielle\Desktop\uSeRiNiT.exe
[2011/04/21 22:09:17 | 001,006,778 | ---- | C] () -- C:\Documents and Settings\Danielle\Desktop\rkill.com
[2011/04/21 21:54:37 | 000,002,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpfr2.cfg
[2011/04/21 10:03:34 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Danielle\Desktop\hosts-perm.bat
[2011/04/21 07:34:39 | 001,098,752 | ---- | C] () -- C:\Documents and Settings\Danielle\Desktop\RogueKiller.exe
[2011/04/21 07:34:32 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011/04/20 20:49:07 | 000,512,992 | ---- | C] () -- C:\Documents and Settings\Danielle\Desktop\RWsdsetup.exe
[2010/08/17 23:18:25 | 000,022,640 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/08/12 20:29:20 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\Danielle\Local Settings\Application Data\fusioncache.dat
[2009/05/26 10:40:26 | 000,000,032 | ---- | C] () -- C:\WINDOWS\AuthMgr.INI
[2009/05/26 10:37:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2008/12/07 18:29:48 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/09/22 18:46:31 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2008/09/14 22:24:00 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\BBUninstall.exe
[2008/08/07 19:42:32 | 000,133,120 | ---- | C] () -- C:\Documents and Settings\Danielle\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/06 20:16:27 | 000,053,248 | ---- | C] () -- C:\WINDOWS\uneng.exe
[2008/08/06 20:09:43 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/08/05 19:16:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/08/05 14:37:02 | 001,445,112 | ---- | C] () -- C:\WINDOWS\System32\igkrng400.bin
[2008/08/05 14:37:02 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4964.dll
[2008/08/05 09:05:26 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2008/08/05 09:05:26 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2008/08/05 09:05:26 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2008/08/05 08:15:53 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2008/08/05 07:52:13 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2008/08/04 15:47:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/08/04 15:42:17 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/08/04 10:37:16 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/08/04 10:36:10 | 000,135,664 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/07/23 10:50:52 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006/02/28 06:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 06:00:00 | 000,440,684 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 06:00:00 | 000,071,002 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 06:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/12/27 19:43:24 | 000,068,608 | ---- | C] () -- C:\WINDOWS\daemon.dll
[2002/03/13 14:46:46 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\zlib.dll

========== Custom Scans ==========


< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2008/08/04 15:44:39 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 06:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/07/06 04:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/08/05 10:47:29 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2008/08/05 10:55:35 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Danielle\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2008/08/04 15:54:35 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Danielle\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/04/21 22:25:15 | 001,006,778 | ---- | M] () -- C:\Documents and Settings\Danielle\Desktop\iExplore.exe
[2011/04/22 11:32:34 | 016,537,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Danielle\Desktop\jre-6u25-windows-i586.exe
[2008/12/15 21:05:39 | 004,900,376 | ---- | M] (Lime Wire LLC) -- C:\Documents and Settings\Danielle\Desktop\LimeWireWin.exe
[2011/04/21 09:26:54 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Danielle\Desktop\mbam-setup.exe
[2011/04/21 07:33:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Danielle\Desktop\OTL.exe
[2008/08/05 09:12:22 | 000,081,920 | ---- | M] () -- C:\Documents and Settings\Danielle\Desktop\RemoveCred.exe
[2011/04/21 07:34:40 | 001,098,752 | ---- | M] () -- C:\Documents and Settings\Danielle\Desktop\RogueKiller.exe
[2011/04/20 20:49:00 | 000,512,992 | ---- | M] () -- C:\Documents and Settings\Danielle\Desktop\RWsdsetup.exe
[2009/08/17 20:33:12 | 004,928,376 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Danielle\Desktop\Silverlight.exe
[2009/01/10 12:43:28 | 014,968,808 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Danielle\Desktop\spybotsd160.exe
[2008/08/05 19:29:37 | 005,517,312 | ---- | M] (SSH Communications Security Corp) -- C:\Documents and Settings\Danielle\Desktop\SSHSecureShellClient-3.2.9.exe
[2011/04/21 22:12:36 | 001,006,778 | ---- | M] () -- C:\Documents and Settings\Danielle\Desktop\uSeRiNiT.exe
[2008/08/05 19:30:04 | 000,434,176 | ---- | M] (Cloudpath Networks, Inc.) -- C:\Documents and Settings\Danielle\Desktop\xc_manual_loader.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2011/04/06 21:45:43 | 000,107,480 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2011/04/06 21:45:46 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2011/04/06 21:45:53 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2011/04/06 21:45:59 | 000,245,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2008/08/05 10:55:35 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Danielle\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/08/04 10:34:46 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/08/04 10:34:46 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/08/04 10:34:46 | 000,913,408 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2006/02/28 06:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2006/02/28 06:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2006/02/28 06:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2006/02/28 06:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2006/02/28 06:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2006/02/28 06:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2006/02/28 06:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2006/02/28 06:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2006/02/28 06:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2006/02/28 06:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2006/02/28 06:00:00 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2006/02/28 06:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2006/02/28 06:00:00 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2006/02/28 06:00:00 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2006/02/28 06:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2008/04/13 12:44:59 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2011/03/03 07:21:11 | 001,857,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2008/04/13 18:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008/04/13 18:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/13 18:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/13 18:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/13 18:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/13 18:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/13 18:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2008/04/13 18:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/13 18:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/13 18:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/13 18:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/13 18:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/13 18:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2008/04/13 18:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008/04/13 18:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >
[2006/08/04 15:39:20 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\XAudio.exe

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 06:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

< %SYSTEMDRIVE%\*.* >
[2008/08/04 15:44:54 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/08/04 15:40:50 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/04/22 21:47:51 | 000,003,146 | ---- | M] () -- C:\bootex.log
[2008/08/04 15:44:54 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/04/11 10:07:18 | 000,003,820 | ---- | M] () -- C:\eula.1028.txt
[2008/04/11 10:07:18 | 000,015,428 | ---- | M] () -- C:\eula.1031.txt
[2008/04/11 10:07:18 | 000,010,058 | ---- | M] () -- C:\eula.1033.txt
[2008/04/11 10:07:18 | 000,012,246 | ---- | M] () -- C:\eula.1036.txt
[2008/04/11 10:07:18 | 000,013,912 | ---- | M] () -- C:\eula.1040.txt
[2008/04/11 10:07:18 | 000,005,868 | ---- | M] () -- C:\eula.1041.txt
[2008/04/11 10:07:18 | 000,005,970 | ---- | M] () -- C:\eula.1042.txt
[2008/04/11 10:07:18 | 000,010,134 | ---- | M] () -- C:\eula.1049.txt
[2008/04/11 10:07:18 | 000,003,814 | ---- | M] () -- C:\eula.2052.txt
[2008/04/11 10:07:18 | 000,012,936 | ---- | M] () -- C:\eula.3082.txt
[2008/04/11 10:07:18 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2008/04/11 08:03:48 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2008/04/11 10:07:18 | 000,000,843 | ---- | M] () -- C:\install.ini
[2008/04/11 08:03:48 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2008/04/11 08:03:48 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2008/04/11 08:03:48 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2008/04/11 08:03:48 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2008/04/11 08:03:48 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2008/04/11 08:03:48 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2008/04/11 08:03:48 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2008/04/11 10:09:24 | 000,093,200 | ---- | M] (Microsoft Corporation) -- C:\install.res.1049.dll
[2008/04/11 08:03:48 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2008/04/11 08:03:48 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2008/08/04 15:44:54 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/04/22 22:44:11 | 000,021,704 | ---- | M] () -- C:\JavaRa.log
[2009/08/26 11:02:06 | 000,000,053 | ---- | M] () -- C:\JMP code.txt
[2008/08/04 15:44:54 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/08/05 09:05:20 | 000,022,729 | ---- | M] () -- C:\newfile.enc
[2008/08/05 09:05:20 | 000,022,729 | ---- | M] () -- C:\newkey
[2006/02/28 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/08/05 10:45:03 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/04/23 08:34:46 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2011/04/21 07:34:32 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011/04/22 22:45:53 | 000,000,363 | ---- | M] () -- C:\rkill.log
[2008/08/16 08:03:08 | 000,000,000 | ---- | M] () -- C:\temp.html
[2009/08/30 22:14:21 | 000,000,081 | ---- | M] () -- C:\united cert.txt
[2008/04/11 10:07:18 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2008/04/11 10:09:38 | 003,797,292 | ---- | M] () -- C:\VC_RED.cab
[2008/04/11 10:11:40 | 000,233,472 | ---- | M] () -- C:\VC_RED.MSI

< %PROGRAMFILES%\*. >
[2009/08/12 20:28:21 | 000,000,000 | ---D | M] -- C:\Program Files\2Wire
[2008/09/22 18:46:31 | 000,000,000 | ---D | M] -- C:\Program Files\Acro Software
[2009/08/12 20:28:21 | 000,000,000 | ---D | M] -- C:\Program Files\Actiontec
[2008/10/10 12:06:10 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2008/08/05 19:51:28 | 000,000,000 | ---D | M] -- C:\Program Files\Aladdin Systems
[2010/08/02 22:58:27 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2008/08/06 20:25:09 | 000,000,000 | ---D | M] -- C:\Program Files\Audible
[2010/08/02 22:55:02 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2008/08/05 19:18:40 | 000,000,000 | ---D | M] -- C:\Program Files\Canon
[2008/09/14 22:23:39 | 000,000,000 | ---D | M] -- C:\Program Files\CMS Products
[2011/04/20 22:56:03 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2008/08/04 15:42:15 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2008/08/05 08:30:34 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2008/08/06 20:25:49 | 000,000,000 | ---D | M] -- C:\Program Files\Creative
[2008/08/06 20:24:09 | 000,000,000 | -H-D | M] -- C:\Program Files\Creative Installation Information
[2008/10/14 17:44:36 | 000,000,000 | ---D | M] -- C:\Program Files\D-Tools
[2008/08/05 09:05:26 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
[2008/08/05 07:52:16 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
[2011/04/06 21:06:02 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2009/05/26 10:29:49 | 000,000,000 | ---D | M] -- C:\Program Files\EarthLink
[2011/03/03 21:32:55 | 000,000,000 | ---D | M] -- C:\Program Files\EarthLink TotalAccess
[2008/08/06 20:03:18 | 000,000,000 | ---D | M] -- C:\Program Files\EndNote
[2008/10/14 17:50:40 | 000,000,000 | ---D | M] -- C:\Program Files\EndNote X
[2008/10/14 17:40:49 | 000,000,000 | ---D | M] -- C:\Program Files\Gatan
[2008/10/14 17:43:19 | 000,000,000 | ---D | M] -- C:\Program Files\Gatan files
[2008/12/07 14:02:45 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2008/09/22 18:48:05 | 000,000,000 | ---D | M] -- C:\Program Files\GPLGS
[2008/08/16 08:11:37 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2009/08/26 13:10:53 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2008/08/05 08:22:02 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2009/11/25 14:27:22 | 000,000,000 | ---D | M] -- C:\Program Files\InterActual
[2011/04/16 12:11:16 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2008/08/06 20:13:47 | 000,000,000 | ---D | M] -- C:\Program Files\InterVideo
[2010/08/02 22:57:16 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/08/02 22:57:43 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2011/04/22 18:36:12 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2011/04/21 09:59:35 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/08/13 20:17:26 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2008/08/06 20:09:13 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2008/08/04 15:45:19 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2008/08/08 18:25:40 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Money
[2009/08/05 23:02:04 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2011/03/29 19:51:21 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2010/08/11 07:12:40 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2011/04/06 21:46:11 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2011/04/12 20:49:08 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Thunderbird
[2009/08/10 21:45:52 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/08/05 23:01:59 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2008/08/04 15:42:05 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2008/08/05 10:45:50 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2008/08/05 19:08:40 | 000,000,000 | ---D | M] -- C:\Program Files\NOS
[2008/08/04 15:42:12 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2008/10/10 12:13:42 | 000,000,000 | ---D | M] -- C:\Program Files\OriginLab
[2010/12/16 23:22:14 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2011/04/21 07:48:16 | 000,000,000 | ---D | M] -- C:\Program Files\PC Tools Security
[2010/08/02 22:56:49 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2009/08/26 13:10:53 | 000,000,000 | ---D | M] -- C:\Program Files\Qwest
[2009/08/10 21:45:48 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2008/08/08 18:29:53 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
[2009/08/25 23:00:54 | 000,000,000 | ---D | M] -- C:\Program Files\SAS
[2008/08/05 08:27:42 | 000,000,000 | ---D | M] -- C:\Program Files\SigmaTel
[2011/04/20 20:31:14 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2011/04/20 20:12:04 | 000,000,000 | ---D | M] -- C:\Program Files\SpywareBlaster
[2011/04/20 20:27:25 | 000,000,000 | ---D | M] -- C:\Program Files\STOPzilla!
[2008/08/05 14:58:27 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2011/04/21 07:48:08 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec AntiVirus
[2008/08/04 15:54:27 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2008/08/05 11:08:16 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2008/08/05 11:08:15 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2008/08/05 10:45:48 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2008/08/04 15:44:03 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2010/02/07 23:21:42 | 000,000,000 | ---D | M] -- C:\Program Files\Xenocode
[2008/08/04 15:45:19 | 000,000,000 | ---D | M] -- C:\Program Files\xerox

< %appdata%\*.* >
[2008/08/04 10:36:52 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Danielle\Application Data\desktop.ini
[2011/01/11 23:18:55 | 000,022,984 | ---- | M] () -- C:\Documents and Settings\Danielle\Application Data\GDIPFONTCACHEV1.DAT


< MD5 for: AGP440.SYS >
[2006/02/28 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/08/05 10:43:57 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/08/05 10:43:57 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2006/02/28 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/08/05 10:43:57 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/08/05 10:43:57 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2006/02/28 06:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2006/02/28 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/08/05 10:43:57 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2008/08/05 10:43:57 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2006/02/28 06:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 12:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 12:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/03/19 17:39:14 | 000,222,696 | ---- | M] (EarthLink, Inc.) MD5=23E8C3E511C3E0C2BC96D1618866B956 -- C:\Program Files\EarthLink TotalAccess\EventLog.dll
[2008/04/13 18:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 18:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2006/02/28 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2007/07/12 10:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\WINDOWS\OemDir\iaStor.sys
[2007/07/12 10:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2006/02/28 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2006/02/28 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 18:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 18:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2006/02/28 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2008/08/05 10:43:57 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2008/08/05 10:43:57 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2006/02/28 06:00:00 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2008/04/13 12:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/13 12:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-04-16 18:12:12

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 152 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >


Thanks in advance for your help! I'm getting really frustrated and really hope to get rid of this horrible virus!

Hello.

• Download combofix from here
  Link 1
  
  1. If you are using Firefox, make sure that your download settings are as follows:
  
  * Tools->Options->Main tab
  * Set to "Always ask me where to Save the files".
  
  2. During the download, rename Combofix to Combo-Fix as follows:
  
  
  
  
  
  3. It is important you rename Combofix during the download, but not after.
  4. Please do not rename Combofix to other names, but only to the one indicated.
  5. Close any open browsers.
  6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
  
• We need to disable your local AV (Anti-virus) before running Combofix.
  
• See HERE for how to disable your AV.
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
  
  
  
• The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
  
  
  
  
• Allow ComboFix to download the Recovery Console.
  
• Accept the End-User License Agreement.
  
• The Recovery Console will be installed.
  
• You will then get this next prompt that asks if you want to continue the malware scan, select yes
  
  
  
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

So I had some problems running combofix. First, it wasn't happy bc I couldn't get my antivirus sotware (Symantic Antivirus) to shut off running from Safe Mode w/Networking. So I let the computer reboot in normal mode, and MS Removal Tool didn't pop up! I was happy about this but decided to turn off Symantic and run it anyway. It didn't seem to like running in the regular mode, it kept giving me errors about not being able to find files.

So then I rebooted again in Safe Mode w/Networking, redownloaded it and ran it. It seemed to work, it didn't complain about antivirus not being off and it downloaded the Microsoft Recovery Console and made a restore point. It then ran and rebooted the machine in normal mode, and great news, it looks like the virus is gone!!! Is there anything else I should do? Here is a copy of the log file:

ComboFix 11-04-23.01 - Danielle 04/23/2011 21:55:54.1.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2761 [GMT -6:00]
Running from: C:\Documents and Settings\Danielle\Desktop\Combo-Fix.exe
AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\All Users\Application Data\fIb24500oFlGo24500
C:\Documents and Settings\All Users\Application Data\fIb24500oFlGo24500\fIb24500oFlGo24500
C:\Documents and Settings\All Users\Application Data\fIb24500oFlGo24500\fIb24500oFlGo24500.exe
C:\install.exe
C:\WINDOWS\daemon.dll
C:\WINDOWS\XSxS


((((((((((((((((((((((((( Files Created from 2011-03-24 to 2011-04-24 )))))))))))))))))))))))))))))))


2011-04-21 15:59:34 . 2011-04-21 15:59:34 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2011-04-21 15:59:34 . 2010-12-21 00:09:00 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-04-21 15:59:31 . 2011-04-21 15:59:35 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2011-04-21 15:59:31 . 2010-12-21 00:08:40 20952 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2011-04-21 13:34:32 . 2011-04-21 13:34:32 512 ----a-w- C:\PhysicalMBR.bin
2011-04-21 04:56:25 . 2010-07-16 20:59:54 656320 ----a-w- C:\WINDOWS\system32\drivers\pctEFA.sys
2011-04-21 04:56:25 . 2010-07-16 20:59:54 338880 ----a-w- C:\WINDOWS\system32\drivers\pctDS.sys
2011-04-21 04:56:24 . 2011-01-17 15:10:26 251560 ----a-w- C:\WINDOWS\system32\drivers\pctgntdi.sys
2011-04-21 04:56:15 . 2010-12-10 22:57:26 160448 ----a-w- C:\WINDOWS\system32\drivers\PCTAppEvent.sys
2011-04-21 04:56:15 . 2010-12-10 19:24:12 239168 ----a-w- C:\WINDOWS\system32\drivers\PCTCore.sys
2011-04-21 04:56:09 . 2010-12-16 14:46:04 70536 ----a-w- C:\WINDOWS\system32\drivers\pctplsg.sys
2011-04-21 04:56:03 . 2011-04-21 05:04:22 -------- d-----w- C:\Program Files\Common Files\PC Tools
2011-04-21 02:57:57 . 2011-04-24 04:01:52 -------- d-----w- C:\Program Files\PC Tools Security
2011-04-21 02:49:07 . 2011-04-21 04:56:11 -------- d-----w- C:\Documents and Settings\All Users\Application Data\PC Tools
2011-04-21 02:27:20 . 2011-04-21 02:27:25 -------- d-----w- C:\Program Files\STOPzilla!
2011-04-21 02:27:19 . 2011-04-24 04:05:25 -------- d-----w- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2011-04-21 02:27:19 . 2011-04-21 02:27:19 -------- d-----w- C:\Program Files\Common Files\iS3
2011-04-19 23:38:56 . 2011-04-19 23:38:56 22992 ----a-r- C:\WINDOWS\system32\SZIO5.dll
2011-04-19 23:38:56 . 2011-04-19 23:38:56 132560 ----a-r- C:\WINDOWS\system32\IS3HTUI5.dll
2011-04-19 23:38:54 . 2011-04-19 23:38:54 67024 ----a-r- C:\WINDOWS\system32\IS3Hks5.dll
2011-04-19 23:38:54 . 2011-04-19 23:38:54 546256 ----a-r- C:\WINDOWS\system32\SZComp5.dll
2011-04-19 23:38:54 . 2011-04-19 23:38:54 452048 ----a-r- C:\WINDOWS\system32\SZBase5.dll
2011-04-19 23:38:54 . 2011-04-19 23:38:54 398800 ----a-r- C:\WINDOWS\system32\IS3DBA5.dll
2011-04-19 23:38:54 . 2011-04-19 23:38:54 28624 ----a-r- C:\WINDOWS\system32\IS3XDat5.dll
2011-04-19 23:38:52 . 2011-04-19 23:38:52 99792 ----a-r- C:\WINDOWS\system32\IS3Svc5.dll
2011-04-19 23:38:52 . 2011-04-19 23:38:52 99792 ----a-r- C:\WINDOWS\system32\IS3Inet5.dll
2011-04-19 23:38:52 . 2011-04-19 23:38:52 738768 ----a-r- C:\WINDOWS\system32\IS3Base5.dll
2011-04-19 23:38:52 . 2011-04-19 23:38:52 390608 ----a-r- C:\WINDOWS\system32\IS3UI5.dll
2011-04-19 23:38:52 . 2011-04-19 23:38:52 230864 ----a-r- C:\WINDOWS\system32\IS3Win325.dll
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-03-07 05:33:50 . 2008-08-04 21:42:42 692736 ----a-w- C:\WINDOWS\system32\inetcomm.dll
2011-03-04 06:45:07 . 2006-02-28 12:00:00 434176 ----a-w- C:\WINDOWS\system32\vbscript.dll
2011-03-03 13:21:11 . 2006-02-28 12:00:00 1857920 ----a-w- C:\WINDOWS\system32\win32k.sys
2011-02-17 19:00:29 . 2006-02-28 12:00:00 832512 ----a-w- C:\WINDOWS\system32\wininet.dll
2011-02-17 19:00:28 . 2006-02-28 12:00:00 78336 ----a-w- C:\WINDOWS\system32\ieencode.dll
2011-02-17 19:00:28 . 2006-02-28 12:00:00 1830912 ------w- C:\WINDOWS\system32\inetcpl.cpl
2011-02-17 19:00:27 . 2006-02-28 12:00:00 17408 ----a-w- C:\WINDOWS\system32\corpol.dll
2011-02-17 13:18:24 . 2006-02-28 12:00:00 455936 ----a-w- C:\WINDOWS\system32\drivers\mrxsmb.sys
2011-02-17 13:18:03 . 2006-02-28 12:00:00 357888 ----a-w- C:\WINDOWS\system32\drivers\srv.sys
2011-02-17 12:32:12 . 2009-04-16 03:11:48 5120 ----a-w- C:\WINDOWS\system32\xpsp4res.dll
2011-02-17 11:44:16 . 2006-02-28 12:00:00 389120 ----a-w- C:\WINDOWS\system32\html.iec
2011-02-15 12:56:39 . 2006-02-28 12:00:00 290432 ----a-w- C:\WINDOWS\system32\atmfd.dll
2011-02-09 13:53:52 . 2006-02-28 12:00:00 270848 ----a-w- C:\WINDOWS\system32\sbe.dll
2011-02-09 13:53:52 . 2006-02-28 12:00:00 186880 ----a-w- C:\WINDOWS\system32\encdec.dll
2011-02-08 13:33:55 . 2006-02-28 12:00:00 978944 ----a-w- C:\WINDOWS\system32\mfc42.dll
2011-02-08 13:33:55 . 2006-02-28 12:00:00 974848 ----a-w- C:\WINDOWS\system32\mfc42u.dll
2011-02-03 03:40:23 . 2010-04-21 02:09:27 472808 ----a-w- C:\WINDOWS\system32\deployJava1.dll
2011-02-03 01:19:39 . 2009-03-17 01:49:15 73728 ----a-w- C:\WINDOWS\system32\javacpl.cpl
2011-02-02 07:58:35 . 2008-08-04 21:41:22 2067456 ----a-w- C:\WINDOWS\system32\mstscax.dll
2011-01-27 11:57:06 . 2008-08-04 21:41:22 677888 ----a-w- C:\WINDOWS\system32\mstsc.exe
2010-07-08 02:47:37 . 2008-09-01 18:53:36 119808 ----a-w- C:\Program Files\mozilla firefox\components\GoogleDesktopMozilla.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

Hello.
The log looks good so far, but it seems the log was cut off maybe, the bottom half is missing after the reg loading points, can you post the rest?

I double checked the combofix.txt file, and I did post it all. Do you think it didn't run completely? Should I rerun it? Please advise. Thanks!

Yes please.

Ok just ran it again. Here it is:

ComboFix 11-04-25.02 - Danielle 04/25/2011 21:58:54.2.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2767 [GMT -6:00]
Running from: c:\documents and settings\Danielle\Desktop\Combo-Fix.exe
AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
---- Previous Run -------
.
c:\documents and settings\All Users\Application Data\fIb24500oFlGo24500\fIb24500oFlGo24500
c:\documents and settings\All Users\Application Data\fIb24500oFlGo24500\fIb24500oFlGo24500.exe
C:\install.exe
c:\windows\daemon.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-03-26 to 2011-04-26 )))))))))))))))))))))))))))))))
.
.
2011-04-24 00:12 . 2011-04-24 00:20 -------- d-----w- C:\Combo-Fix
2011-04-21 16:00 . 2011-04-21 16:00 -------- d-----w- c:\documents and settings\Danielle\Application Data\Malwarebytes
2011-04-21 15:59 . 2011-04-21 15:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-04-21 15:59 . 2010-12-21 00:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-21 15:59 . 2011-04-21 15:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-21 15:59 . 2010-12-21 00:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-21 13:34 . 2011-04-21 13:34 512 ----a-w- C:\PhysicalMBR.bin
2011-04-21 04:56 . 2010-07-16 20:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-04-21 04:56 . 2010-07-16 20:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-04-21 04:56 . 2011-01-17 15:10 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-04-21 04:56 . 2010-12-10 22:57 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-04-21 04:56 . 2010-12-10 19:24 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-04-21 04:56 . 2010-12-16 14:46 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-04-21 04:56 . 2011-04-21 05:04 -------- d-----w- c:\program files\Common Files\PC Tools
2011-04-21 04:56 . 2011-04-21 04:56 -------- d-----w- c:\documents and settings\Danielle\Application Data\PC Tools
2011-04-21 02:57 . 2011-04-24 04:01 -------- d-----w- c:\program files\PC Tools Security
2011-04-21 02:49 . 2011-04-21 04:56 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-04-21 02:27 . 2011-04-21 02:27 -------- d-----w- c:\program files\STOPzilla!
2011-04-21 02:27 . 2011-04-24 04:21 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2011-04-21 02:27 . 2011-04-21 02:27 -------- d-----w- c:\program files\Common Files\iS3
2011-04-19 23:38 . 2011-04-19 23:38 22992 ----a-r- c:\windows\system32\SZIO5.dll
2011-04-19 23:38 . 2011-04-19 23:38 132560 ----a-r- c:\windows\system32\IS3HTUI5.dll
2011-04-19 23:38 . 2011-04-19 23:38 67024 ----a-r- c:\windows\system32\IS3Hks5.dll
2011-04-19 23:38 . 2011-04-19 23:38 546256 ----a-r- c:\windows\system32\SZComp5.dll
2011-04-19 23:38 . 2011-04-19 23:38 452048 ----a-r- c:\windows\system32\SZBase5.dll
2011-04-19 23:38 . 2011-04-19 23:38 398800 ----a-r- c:\windows\system32\IS3DBA5.dll
2011-04-19 23:38 . 2011-04-19 23:38 28624 ----a-r- c:\windows\system32\IS3XDat5.dll
2011-04-19 23:38 . 2011-04-19 23:38 99792 ----a-r- c:\windows\system32\IS3Svc5.dll
2011-04-19 23:38 . 2011-04-19 23:38 99792 ----a-r- c:\windows\system32\IS3Inet5.dll
2011-04-19 23:38 . 2011-04-19 23:38 738768 ----a-r- c:\windows\system32\IS3Base5.dll
2011-04-19 23:38 . 2011-04-19 23:38 390608 ----a-r- c:\windows\system32\IS3UI5.dll
2011-04-19 23:38 . 2011-04-19 23:38 230864 ----a-r- c:\windows\system32\IS3Win325.dll
2011-04-07 03:47 . 2011-04-07 03:47 -------- d-----w- c:\documents and settings\Danielle\Application Data\DDMSettings
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-07 05:33 . 2008-08-04 21:42 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:45 . 2006-02-28 12:00 434176 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2006-02-28 12:00 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-17 19:00 . 2006-02-28 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2011-02-17 19:00 . 2006-02-28 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-02-17 19:00 . 2006-02-28 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-02-17 19:00 . 2006-02-28 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2011-02-17 13:18 . 2006-02-28 12:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2006-02-28 12:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2009-04-16 03:11 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-17 11:44 . 2006-02-28 12:00 389120 ----a-w- c:\windows\system32\html.iec
2011-02-15 12:56 . 2006-02-28 12:00 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53 . 2006-02-28 12:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2006-02-28 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2006-02-28 12:00 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2006-02-28 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-03 03:40 . 2010-04-21 02:09 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-03 01:19 . 2009-03-17 01:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-02 07:58 . 2008-08-04 21:41 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2008-08-04 21:41 677888 ----a-w- c:\windows\system32\mstsc.exe
2010-07-08 02:47 . 2008-09-01 18:53 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Danielle\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Danielle\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Danielle\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Danielle\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]
"MoneyAgent"="c:\program files\Microsoft Money\System\Money Express.exe" [2001-07-25 184376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-10 2183168]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-27 143360]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-27 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-27 135168]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-05-29 52840]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-10-08 125368]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-04-10 679936]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-08 30192]
"MoneyStartUp10.0"="c:\program files\Microsoft Money\System\Activation.exe" [2001-07-25 241714]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-05 188416]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"IPInSightMonitor 01"="c:\program files\EarthLink TotalAccess\FastLane2\IPMon32.exe" [2005-08-11 122880]
"IPInSightLAN 01"="c:\program files\EarthLink TotalAccess\FastLane2\IPClient.exe" [2005-08-11 380928]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"ISTray"="c:\program files\PC Tools Security\pctsGui.exe" [2011-01-13 1589208]
.
c:\documents and settings\Danielle\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Danielle\Application Data\Dropbox\bin\Dropbox.exe [2011-1-26 23361424]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Danielle\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Documents and Settings\\Danielle\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8097:TCP"= 8097:TCP:EarthLink UHP Modem Support
.
R0 d344bus;d344bus;c:\windows\system32\drivers\d344bus.sys [10/14/2008 5:44 PM 137216]
R0 d344prt;d344prt;c:\windows\system32\drivers\d344prt.sys [10/14/2008 5:44 PM 5248]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [4/20/2011 10:56 PM 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [4/20/2011 10:56 PM 338880]
R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [12/7/2009 5:59 PM 61328]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [5/12/2010 6:01 PM 59280]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [12/7/2009 5:59 PM 61328]
S2 portD;CMS PortIO Service;c:\windows\system32\drivers\portd2k.sys [9/14/2008 10:23 PM 7424]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [4/20/2011 10:56 PM 366840]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [4/23/2011 8:03 PM 102448]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [8/7/2008 7:33 PM 30192]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [8/5/2008 2:37 PM 110080]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [10/7/2007 7:48 PM 116664]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MDMXSDK
.
Contents of the 'Scheduled Tasks' folder
.
2010-08-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
.
2011-04-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-790525478-839522115-1003Core.job
- c:\documents and settings\Danielle\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-02 23:57]
.
2011-04-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-790525478-839522115-1003UA.job
- c:\documents and settings\Danielle\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-02 23:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://music.yahoo.com/launchcast/station.asp?u=1776826765
uDefault_Search_URL = hxxp://www.earthlink.net/partner/more/msie/button/search.html
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: EarthLink Google Search - c:\program files\EarthLink TotalAccess\Toolbar\Toolbar\SearchUI.dll/search.html
IE: Refresh Pa&ge with Full Quality
IE: Refresh Pi&cture with Full Quality
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
DPF: {58E1AB7E-57BA-472E-8582-97D26B5F84FC} - hxxps://management.pna.utexas.edu/idengineswpa/tools/xc_loader_activex.ocx
FF - ProfilePath - c:\documents and settings\Danielle\Application Data\Mozilla\Firefox\Profiles\ajdbz2sb.default\
FF - prefs.js: browser.startup.homepage - hxxp://classic.wunderground.com/cgi-bin/findweather/getForecast?query=80002
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SigmatelSysTrayApp - %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
Notify-TPSvc - TPSvc.dll
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-25 22:04
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Swearware\backup\winsock2\Parameters]
@DACL=(02 0000)
@SACL=
"WinSock_Registry_Version"="2.0"
"Current_NameSpace_Catalog"="NameSpace_Catalog5"
"Current_Protocol_Catalog"="Protocol_Catalog9"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(924)
c:\windows\System32\BCMLogon.dll
.
Completion time: 2011-04-25 22:06:28
ComboFix-quarantined-files.txt 2011-04-26 04:06
.
Pre-Run: 84,030,533,632 bytes free
Post-Run: 84,093,427,712 bytes free
.
- - End Of File - - 2AD6F58CCFA49087D18C883FEA4A195E

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

• Check (tick) this box: YES, I accept the Terms of Use.
  
• Click on the Start button next to it.
  
• When prompted to run ActiveX. click Yes.
  
• You will be asked to install an ActiveX. Click Install.
  
• Once installed, the scanner will be initialized.
  
• After the scanner is initialized, click Start.
  
• Check (tick) Remove found threats box.
  
• Check (tick) Scan unwanted applications.
  
• Click on Scan.
  
• It will start scanning. Please be patient.
  
• Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.
  

Thanks. I'm out of town tonight but will do it tomorrow night when I get home as I won't have my computer w/me tonight. So I won't be posting again until tomorrow night. Thanks again for all of your help, I appreciate it so much!!!!

Ran ESET Online scanner. Here's the log:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.17096 (vista_gdr.110211-1830)
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=16dda91e89efd742a50fbe9726b7327d
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-04-28 03:44:32
# local_time=2011-04-27 09:44:32 (-0700, Mountain Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=134670
# found=3
# cleaned=3
# scan_time=4669
C:\Documents and Settings\Danielle\Desktop\RK_Quarantine\fib24500oflgo24500.exe.vir a variant of Win32/Kryptik.MZK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\fIb24500oFlGo24500\fIb24500oFlGo24500.exe.vir a variant of Win32/Kryptik.MZK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{DEA6917D-A876-4E1E-A874-C69B996012A5}\RP1\A0000188.exe a variant of Win32/Kryptik.MZK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Am I all clean now?

Hello.
Nearly, just a few last things to do.

Please download the current version of HijackThis from HERE

• Double click and run the installer.
  
• It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  
• After installing, you should get the user agreement, press accept and Hijack This will run.
  
• When Hijack This opens, click "Open the Misc Tools section"
  
• Then select "Open Uninstall Manager"
  
• Click on "Save List..." (generates uninstall_list.txt)
  
• Click Save, copy and paste the results in your next post.
  

Ok. Here is the uninstall_list.txt from HiJackThis.

Acrobat.com
Acrobat.com
Actiontec Gateway
Adobe Acrobat 7.1.0 Professional
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Illustrator 9.0
Adobe Photoshop 6.0
Adobe Reader 9
Adobe SVG Viewer
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AudibleManager
Bonjour
BounceBack Express
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Compatibility Pack for the 2007 Office system
Conexant HDA D330 MDC V.92 Modem
Creative Software AutoUpdate
Creative System Information
Creative ZEN
Critical Update for Windows Media Player 11 (KB959772)
CutePDF Writer 2.7
DAEMON Tools
Dell Wireless WLAN Card
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
EarthLink Accelerator
EarthLink FastLane
EarthLink Software
EarthLink Toolbar
Easy CD Creator 5 Basic
EndNote
EndNote X Volume License Edition
ESET Online Scanner v3
Gatan Microscopy Suite 1.3.3
Google Desktop
Google Talk Plugin
High Definition Audio Driver Package - KB835221
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
hp deskjet 3820 series
Intel(R) Graphics Media Accelerator Driver
InterActual Player
InterVideo WinDVD
ISI ResearchSoft - Export Helper
iTunes
J2SE Runtime Environment 5.0 Update 15
Java(TM) 6 Update 24
JMP 8
JMP 8
Juniper Networks Setup Client Activex Control
LiveUpdate 3.2 (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2002
Microsoft Money 2002 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Media Content
Microsoft Office XP Professional
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Mozilla Firefox (3.6.16)
Mozilla Thunderbird (2.0.0.23)
OriginPro 7.5
Picasa 3
QuickTime
RIS Web Helper
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
SciFinder Scholar 2007
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SigmaTel Audio
Smart Installer
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
Spyware Doctor 8.0
SpywareBlaster 4.4
STOPzilla
StuffIt Standard
Symantec AntiVirus
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.4053
Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
ZENcast Organizer

Okay just some updates to do.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

Adobe Reader 9
J2SE Runtime Environment 5.0 Update 15
Java(TM) 6 Update 24

Updating Java:

• Download the latest version of Java SE Runtime Environment (JRE) 6 Update 25.
  
• Click the "Download JRE" button to the right.
  
• In the Window that opens, select your platform, check the "agree" box, and click Continue.
  
• Click on the link to download Windows Offline Installation and save to your desktop.
  
• Close any programs you may have running - especially your web browser.
  
• Then from your desktop double-click on jre-6u25-windows-i586.exe that you downloaded to install the newest version.
  

Then download and install Adobe Reader X

How is the machine running now?

Ok, I did all the updates requested. The machine seems to be working well-- no signs of any more virus. Am I all finished or is there still more to do?

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

AntiSpyware

• SpywareBlaster
  SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found here.
  
• Spybot - Search & Destroy.
  Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).
  

NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Securing your computer

• Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  
• hpHosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.
  

Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:

• Firefox may be downloaded from here: http://www.getfirefox.com
  
• Opera is available here: http://www.opera.com/download/
  
• Google Chrome is available here: Google Chrome
  
• SRWare Iron is available here: SRWare Iron
  

Thank you for choosing GeekPolice. Please leave feedback!

Thanks so much!!! You are a genius and have been absolutely AWESOME. I can't thank you enough for all of your help!!!