Backdoor.Bot and Trojan.Agent

Hello again,
Sorry to come running back so soon after my last post - http://www.geekpolice.net/virus-spyware-malware-removal-f11/win32-cryptor-generic13-many-others-t10629.htm , but I'm in need of some more help.

After getting help before and protecting myself, I've been using my computer the same as before, just some light browsing and chatting, and I decided to run some scans just now. Spybot turned up one result, a simple tracking cookie, but a Malwarebytes scan turned up something much worse:

Malwarebytes' Anti-Malware 1.37
Database version: 2295
Windows 5.1.2600 Service Pack 3

6/17/2009 7:59:27 AM
mbam-log-2009-06-17 (07-59-23).txt

Scan type: Full Scan (C:\|)
Objects scanned: 222286
Time elapsed: 1 hour(s), 38 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\rundll32.exe (Backdoor.Bot) -> No action taken.
C:\WINDOWS\rundll.exe (Trojan.Agent) -> No action taken.

I actually took action against those two files and Malwarebytes said it was successful, but needed a reboot. Upon rebooting, Windows XP started a CHKDSK utility. I took a photo with my camera, but two key things it says are:
Deleting corrupt attribute recird (128, " ") from file record segment 65729
File verification completed.

And

Correcting error in index $I30 for file 10347.
Correcting error in index $I30 for file 10347.
Sorting index $I30 in file 10347.

I know nothing about this, but maybe it's more havoc that the previous infections caused still on my machine? Either way, I'm pretty scared now, since MBAM now says that it did nothing to those files and the blue CHKDSK screen always petrifies me. I'll be attaching a hijackthis scan in a moment, thank you in advance for your continued help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:21:49 AM, on 6/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dldtcoms.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
c:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\David\Desktop\hijackgpthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall\feedback.exe" /dump:os_startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dldt_device - - C:\WINDOWS\system32\dldtcoms.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 8495 bytes

The two files were just two leftovers. We need to remove the old Java to stop it being abused by malware.

• Open HijackThis.
  
• When Hijack This opens, click "Open the Misc Tools section"
  
• Then select "Open Uninstall Manager"
  
• Click on "Save List..." (generates uninstall_list.txt)
  
• Click Save, copy and paste the results in your next post.
  

You're sure they were just leftovers? That CHKDSK thing upon reboot got me even more worried. Here's the fresh uninstall list it may look familiar to you :

7 Wonders - The Treasures of Seven
7 Wonders 2
Adobe Acrobat - Reader 6.0.2 Update
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 6.0.1
AIM 6
Alien Shooter 2 - Reloaded
Apple Mobile Device Support
Apple Software Update
Aquaria
ATI Control Panel
ATI Display Driver
Audacity 1.2.6
AVG Free 8.5
Battlefield Heroes
Blueberry Garden Demo
Bonjour
Bookworm Adventures Deluxe
Broadcom Advanced Control Suite 2
Cogs Demo
Company of Heroes
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Dangerous High School Girls in Trouble
Defense Grid: The Awakening
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Media Experience
Dell Support
Emote-Launcher (remove only)
Geometry Wars
Ghost Master
Heavy Weapon Deluxe
Heroes Of Hellas
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Intel Application Accelerator
Intel(R) 537EP V9x DF PCI Modem
Internet Explorer Default Page
iTunes
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java 2 Runtime Environment, SE v1.4.2_03
Learn2 Player (Uninstall Only)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Modem Event Monitor
Modem Helper
Modem On Hold
Mozilla Firefox (3.0.11)
Mozilla Thunderbird (2.0.0.21)
MSXML 6 Service Pack 2 (KB954459)
Musaic Box
Music Rescue
Musicmatch for Windows Media Player
MUSICMATCH Jukebox
NetZeroInstallers
OpenAL
Outpost Firewall 2009
Penumbra Overture
Penumbra: Black Plague
Penumbra: Requiem
Plants Vs Zombies
PowerDVD 5.3
Qualxserve Service Agreement
QuickTime
Raycatcher Demo
RealPlayer Basic
Reaxxion
Ricochet Infinity
S.T.A.L.K.E.R. - Shadow of Chernobyl
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Sid Meier's Railroads Demo
Sonic DLA
Sonic MyDVD
Sonic RecordNow!
Sonic Update Manager
Speedball 2 - Tournament
Spybot - Search & Destroy
Steam
SUPERAntiSpyware Free Edition
Team Fortress 2
The Path
Trials 2: Second Edition
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Venice
WeatherBug
Windows Imaging Component
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10
Windows Presentation Foundation
Windows XP Service Pack 3
WinRAR archiver
WordPerfect Office 12
World of Goo
X-COM: Apocalypse
X-COM: Enforcer
X-COM: Interceptor
X-COM: Terror from the Deep
X-COM: UFO Defense
Yahoo! Messenger
Yahoo! Toolbar
Zeno Clash Demo
Zuma Deluxe 1.0
Zylom Games Player Plugin

Hello.
Yes, I'm sure, two files and nothing else. If it was an active infection, registry items would of been found.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

Java 2 Runtime Environment, SE v1.4.2_03

Okay, removed the old Java as you instructed. Anything else?

Sorry for the false alarm, I'm still a bit gun-shy about this stuff.

Nope, that should do it.

Scanned everything today with Spybot, AVG and Superantispyware and ran two back-to-back scans with MBAM and got the same results as yesterday, any idea why these two files are still lingering?

Malwarebytes' Anti-Malware 1.37
Database version: 2295
Windows 5.1.2600 Service Pack 3

6/18/2009 2:45:42 PM
mbam-log-2009-06-18 (14-45-42).txt

Scan type: Full Scan (C:\|)
Objects scanned: 222883
Time elapsed: 1 hour(s), 48 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\rundll32.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\rundll.exe (Trojan.Agent) -> Quarantined and deleted successfully.



Malwarebytes' Anti-Malware 1.37
Database version: 2295
Windows 5.1.2600 Service Pack 3

6/18/2009 4:53:02 PM
mbam-log-2009-06-18 (16-53-02).txt

Scan type: Full Scan (C:\|)
Objects scanned: 222943
Time elapsed: 1 hour(s), 41 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\rundll32.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\rundll.exe (Trojan.Agent) -> Quarantined and deleted successfully.

• Download combofix from here
  Link 1
  Link 2
  

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

• See HERE for how to disable your AV. (Mcafee)
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

This ComboFix log is absolutely massive, 435KB. What should I do with it?

I disabled everything, but when it rebooted my system, my Outpost Firewall came back on, so I just allowed everything, all the registry changes and everything, since it should all have been ComboFix, was this a mistake? It seemed to hang for a while, but finally finished and gave me this gigantic text file.

Hello can you split the log into two posts or more if required.

If needed, upload it to rapidshare.com

I uploaded it to Rapidshare, I have no idea why the file came out so large, I hope everything is all right.

http://rapidshare.com/files/246080038/ComboFix.txt.html

Just the snapshot, there was a Windows update between runs.

Thank you again, Belahzur and Origin.

Does the ComboFix scan look okay, even though it got slowed down by the firewall at the end? Any ideas why these two .dll files keep showing up? If it makes any difference, I just remembered that I watched the whole MBAM scan yesterday and the 2 infections showed up at the very end, after all the file scanning, during the Heuristic Scanning, or something like that.

It def looks like malware. Do they keep showing up still?
Something may be regenerating them.

Let me know. The Combofix log looks fine btw.

Yes, I just performed a quick scan with MBAM, the same results, 2 infections found at the end, during the 'extras and hueristics' scan.

Also, one strange thing is that twice in the past few days, after MBAM reboots after finding these things, my system tray is behaving strangely. Usually I get the little arrow I can click to access unused icons, but right now and one other time, it just shows everything with no arrow. Plus, the volume properties icon is gone. I can still turn my speakers on and get sound just fine, only that icon is gone. Last time, the AIM icon, the Steam icon and the Dell Support Alerts also didn't show up, but seemed to be running. This might be nothing, but something I've noticed. Other than that, the machine seems to be fine, albiet a little slow, but again, I might chalk that up to the new programs/add-ons.

Malwarebytes' Anti-Malware 1.37
Database version: 2295
Windows 5.1.2600 Service Pack 3

6/19/2009 9:22:20 AM
mbam-log-2009-06-19 (09-22-20).txt

Scan type: Quick Scan
Objects scanned: 93120
Time elapsed: 6 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\rundll32.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\rundll.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Lets run a GMER rootkit scan.

Download the GMER rootkit scan from here: GMER

1. Unzip it and start GMER.
   
2. Click the >>> tab and then click the Scan button.
   
3. Once done, click the Copy button.
   
4. This will copy the results to your clipboard.
   
5. Paste the results in your next reply.
   

Note:
If you're having problems with running GMER.exe, try it in safe mode. This tools works in safe mode.
You can also try renaming it since some malware blocks GMER.

The log will be quite big, please please upload it to rapidshare.com for me to see.

Upon clicking the link you showed me, it immediately started a download of o7t4xw2d.exe, I hope this is normal. Had the same thing with Outpost Firewall, where I opened the file and Outpost asked me to allow some files I couldn't recognize access and since I'd just opened the GMER you showed me, I allowed it. Again, I hope this is normal. The first few minutes seemed to turn up a lot of text results in the window, but then scanned for over 90 minutes with no more text appearing at all. Again, I hope, etc.

http://rapidshare.com/files/246323901/gmerlog.txt.html

Logfile of random's system information tool 1.06 (written by random/random)
Run by David at 2009-06-19 12:03:38
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 74 GB (49%) free of 149 GB
Total RAM: 1022 MB (27% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:04:08 PM, on 6/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
c:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dldtcoms.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\David\Desktop\RSIT.exe
C:\Program Files\trend micro\David.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall\feedback.exe" /dump:os_startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dldt_device - - C:\WINDOWS\system32\dldtcoms.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 8094 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-05-01 1107224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-08-13 118842]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BA52B914-B692-46c4-B683-905236F6F655}
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"=C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe [2004-03-23 135168]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-05-28 335872]
"IntelMeM"=C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe [2003-09-03 221184]
"PCMService"=C:\Program Files\Dell\Media Experience\PCMService.exe [2004-04-11 290816]
"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2004-08-23 57344]
"RealTray"=C:\Program Files\Real\RealPlayer\RealPlay.exe [2004-10-27 26112]
"mmtask"=c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe [2004-04-19 53248]
"UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2004-01-07 110592]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-08-13 122939]
"DwlClient"=c:\Program Files\Common Files\Dell\EUSW\Support.exe [2004-05-27 323584]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-06-11 1948440]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-05-30 292136]
"OutpostMonitor"=C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe [2009-04-28 2374464]
"OutpostFeedBack"=C:\Program Files\Agnitum\Outpost Firewall\feedback.exe [2009-04-28 428032]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Aim6"=C:\Program Files\AIM6\aim6.exe [2009-05-19 49968]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-05-26 4351216]
"Steam"=C:\Program Files\Steam\Steam.exe [2009-06-10 1217784]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-05-26 1830128]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-02-25 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-05-01 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Steam\steamapps\common\dangerous high school girls in trouble\prog\brigiton.exe"="C:\Program Files\Steam\steamapps\common\dangerous high school girls in trouble\prog\brigiton.exe:*:Enabled:Dangerous High School Girls in Trouble"
"C:\Program Files\Steam\steamapps\common\aquaria\Aquaria.exe"="C:\Program Files\Steam\steamapps\common\aquaria\Aquaria.exe:*:Enabled:Aquaria"
"C:\Program Files\Steam\steamapps\common\7 wonders 2\Wonders2.exe"="C:\Program Files\Steam\steamapps\common\7 wonders 2\Wonders2.exe:*:Enabled:7 Wonders 2"
"C:\Program Files\Steam\steamapps\common\bookworm adventures deluxe\BookwormAdventures.exe"="C:\Program Files\Steam\steamapps\common\bookworm adventures deluxe\BookwormAdventures.exe:*:Enabled:Bookworm Adventures Deluxe"
"C:\Program Files\Steam\steamapps\common\world of goo\WorldOfGoo.exe"="C:\Program Files\Steam\steamapps\common\world of goo\WorldOfGoo.exe:*:Enabled:World of Goo"
"C:\Program Files\Steam\steamapps\common\raycatcher demo\Raycatcher.exe"="C:\Program Files\Steam\steamapps\common\raycatcher demo\Raycatcher.exe:*:Enabled:Raycatcher Demo"
"C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe"="C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)"
"C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe"="C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)"
"C:\Program Files\Steam\steamapps\common\reaxxion\Reaxxion.exe"="C:\Program Files\Steam\steamapps\common\reaxxion\Reaxxion.exe:*:Enabled:Reaxxion"
"C:\Program Files\Steam\steamapps\common\musaic box\bin\musaic_Release.exe"="C:\Program Files\Steam\steamapps\common\musaic box\bin\musaic_Release.exe:*:Enabled:Musaic Box"
"C:\WINDOWS\SYSTEM32\dldtcoms.exe"="C:\WINDOWS\SYSTEM32\dldtcoms.exe:*:Enabled:V305 Server"
"C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\dldtpswx.exe"="C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\dldtpswx.exe:*:Enabled:Printer Status Window Interface"
"C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\dldttime.exe"="C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\dldttime.exe:*:Enabled:Time Executable"
"C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\dldtjswx.exe"="C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\dldtjswx.exe:*:Enabled:Job Status Window Interface"
"C:\Program Files\THQ\Company of Heroes\RelicCOH.exe"="C:\Program Files\THQ\Company of Heroes\RelicCOH.exe:*:Enabled:Company of Heroes"
"C:\Program Files\THQ\Company of Heroes\RelicDownloader\RelicDownloader.exe"="C:\Program Files\THQ\Company of Heroes\RelicDownloader\RelicDownloader.exe:*:Enabled:Relic Downloader"
"C:\Program Files\Steam\steamapps\common\xcom interceptor\Interceptor.exe"="C:\Program Files\Steam\steamapps\common\xcom interceptor\Interceptor.exe:*:Enabled:X-COM: Interceptor"
"C:\Program Files\Steam\steamapps\common\ghost master\ghost.exe"="C:\Program Files\Steam\steamapps\common\ghost master\ghost.exe:*:Enabled:Ghost Master"
"C:\Program Files\Steam\steamapps\common\xcom ufo defense\dosbox.exe"="C:\Program Files\Steam\steamapps\common\xcom ufo defense\dosbox.exe:*:Enabled:X-COM: UFO Defense"
"C:\Program Files\Steam\steamapps\common\xcom enforcer\System\XCom.exe"="C:\Program Files\Steam\steamapps\common\xcom enforcer\System\XCom.exe:*:Enabled:X-COM: Enforcer"
"C:\Program Files\Steam\steamapps\common\geometry wars\GeometryWars.exe"="C:\Program Files\Steam\steamapps\common\geometry wars\GeometryWars.exe:*:Enabled:Geometry Wars"
"C:\Program Files\Steam\steamapps\common\trials 2 second edition\launcher.exe"="C:\Program Files\Steam\steamapps\common\trials 2 second edition\launcher.exe:*:Enabled:Trials 2: Second Edition"
"C:\Program Files\Steam\steamapps\common\x-com terror from the deep\runme.exe"="C:\Program Files\Steam\steamapps\common\x-com terror from the deep\runme.exe:*:Enabled:X-COM: Terror from the Deep"
"C:\Program Files\Steam\steamapps\common\xcom apocalypse\dosbox.exe"="C:\Program Files\Steam\steamapps\common\xcom apocalypse\dosbox.exe:*:Enabled:X-COM: Apocalypse"
"C:\Program Files\Steam\steamapps\common\defensegridtheawakening\DefenseGrid.exe"="C:\Program Files\Steam\steamapps\common\defensegridtheawakening\DefenseGrid.exe:*:Enabled:Defense Grid: The Awakening"
"C:\Program Files\Steam\steamapps\common\speedball 2\Speedball2.exe"="C:\Program Files\Steam\steamapps\common\speedball 2\Speedball2.exe:*:Enabled:Speedball 2 - Tournament"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Steam\steamapps\common\venice\Venice.exe"="C:\Program Files\Steam\steamapps\common\venice\Venice.exe:*:Enabled:Venice"
"C:\Program Files\Steam\steamapps\common\sid meier's railroads demo\RailRoadsDemo.exe"="C:\Program Files\Steam\steamapps\common\sid meier's railroads demo\RailRoadsDemo.exe:*:Enabled:Sid Meier's Railroads Demo"
"C:\Program Files\Steam\steamapps\common\plants vs zombies\PlantsVsZombies.exe"="C:\Program Files\Steam\steamapps\common\plants vs zombies\PlantsVsZombies.exe:*:Enabled:Plants Vs Zombies"
"C:\Program Files\Steam\steamapps\common\cogs\cogs.exe"="C:\Program Files\Steam\steamapps\common\cogs\cogs.exe:*:Enabled:Cogs Demo"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Steam\steamapps\common\penumbra overture\redist\Penumbra.exe"="C:\Program Files\Steam\steamapps\common\penumbra overture\redist\Penumbra.exe:*:Enabled:Penumbra Overture"
"C:\Program Files\Steam\steamapps\common\alien shooter 2 - reloaded\AlienShooter.exe"="C:\Program Files\Steam\steamapps\common\alien shooter 2 - reloaded\AlienShooter.exe:*:Enabled:Alien Shooter 2 - Reloaded"
"C:\Program Files\Steam\steamapps\common\penumbra black plague\redist\Penumbra.exe"="C:\Program Files\Steam\steamapps\common\penumbra black plague\redist\Penumbra.exe:*:Enabled:Penumbra: Black Plague"
"C:\Program Files\Steam\steamapps\common\penumbra black plague\redist\Requiem.exe"="C:\Program Files\Steam\steamapps\common\penumbra black plague\redist\Requiem.exe:*:Enabled:Penumbra: Requiem"
"C:\Program Files\Steam\steamapps\common\blueberry garden demo\BlueberryGarden.exe"="C:\Program Files\Steam\steamapps\common\blueberry garden demo\BlueberryGarden.exe:*:Enabled:Blueberry Garden Demo"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-06-19 12:03:38 ----D---- C:\rsit
2009-06-19 12:03:38 ----D---- C:\Program Files\trend micro
2009-06-18 18:07:21 ----D---- C:\WINDOWS\temp
2009-06-18 18:07:19 ----A---- C:\ComboFix.txt
2009-06-17 05:46:06 ----D---- C:\WINDOWS\ie8updates
2009-06-17 05:44:58 ----HDC---- C:\WINDOWS\ie8
2009-06-17 05:40:15 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-06-17 05:40:04 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-06-17 05:28:13 ----D---- C:\WINDOWS\Prefetch
2009-06-17 05:25:04 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-17 05:24:55 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-06-17 05:24:47 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-06-17 05:24:39 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-17 05:24:33 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-06-17 05:24:20 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-06-17 05:24:14 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-06-17 05:24:05 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-06-17 05:23:59 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-06-17 05:23:53 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-06-17 05:23:47 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-06-17 05:23:42 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-06-17 05:23:34 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-06-17 05:23:28 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-06-17 05:23:21 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-06-17 05:23:15 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-06-17 05:23:04 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-06-17 05:22:55 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-06-17 05:22:49 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-06-17 05:22:43 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-06-17 05:22:38 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-06-17 05:22:31 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-06-17 05:22:24 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-06-17 05:22:17 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-06-17 05:22:11 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-06-17 05:22:06 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-06-17 05:22:00 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-06-17 05:21:54 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-06-17 05:21:48 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-06-17 05:21:43 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-06-17 05:21:35 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-06-17 05:13:48 ----D---- C:\WINDOWS\system32\scripting
2009-06-17 05:13:47 ----D---- C:\WINDOWS\system32\en
2009-06-17 05:13:47 ----D---- C:\WINDOWS\system32\bits
2009-06-17 05:13:47 ----D---- C:\WINDOWS\l2schemas
2009-06-17 05:10:55 ----D---- C:\WINDOWS\ServicePackFiles
2009-06-17 05:06:30 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-06-17 05:06:25 ----D---- C:\WINDOWS\EHome
2009-06-16 06:57:53 ----D---- C:\Program Files\Agnitum
2009-06-16 06:57:38 ----D---- C:\Documents and Settings\All Users\Application Data\Agnitum
2009-06-16 05:31:05 ----A---- C:\Boot.bak
2009-06-16 05:30:48 ----RASHD---- C:\cmdcons
2009-06-16 05:29:48 ----A---- C:\WINDOWS\zip.exe
2009-06-16 05:29:48 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-06-16 05:29:48 ----A---- C:\WINDOWS\SWSC.exe
2009-06-16 05:29:48 ----A---- C:\WINDOWS\SWREG.exe
2009-06-16 05:29:48 ----A---- C:\WINDOWS\sed.exe
2009-06-16 05:29:48 ----A---- C:\WINDOWS\PEV.exe
2009-06-16 05:29:48 ----A---- C:\WINDOWS\NIRCMD.exe
2009-06-16 05:29:48 ----A---- C:\WINDOWS\grep.exe
2009-06-16 05:29:44 ----D---- C:\WINDOWS\ERDNT
2009-06-16 05:29:41 ----D---- C:\Qoobox
2009-06-15 10:57:02 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-06-15 10:56:55 ----D---- C:\Program Files\SUPERAntiSpyware
2009-06-15 10:56:55 ----D---- C:\Documents and Settings\David\Application Data\SUPERAntiSpyware.com
2009-06-15 10:53:31 ----D---- C:\Documents and Settings\David\Application Data\Malwarebytes
2009-06-15 10:53:09 ----D---- C:\Documents and Settings\David\Application Data\Yahoo!
2009-06-15 08:24:51 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-06-15 08:15:12 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-06-15 08:15:11 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-06-15 05:50:42 ----A---- C:\WINDOWS\ntbtlog.txt
2009-06-14 10:18:16 ----D---- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2009-06-11 03:05:51 ----HDC---- C:\WINDOWS\$NtUninstallKB961501_0$
2009-06-11 03:05:41 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-11 03:01:05 ----HDC---- C:\WINDOWS\$NtUninstallKB970238_0$
2009-06-11 03:00:23 ----HDC---- C:\WINDOWS\$NtUninstallKB968537_0$
2009-06-10 18:33:30 ----D---- C:\WINDOWS\system32\LogFiles
2009-06-10 08:39:14 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2009-06-03 01:07:27 ----D---- C:\Program Files\iPod
2009-06-03 01:07:18 ----D---- C:\Program Files\iTunes
2009-06-03 01:05:49 ----D---- C:\Program Files\QuickTime
2009-06-01 13:24:36 ----D---- C:\Documents and Settings\David\Application Data\Move Networks
2009-05-20 07:34:52 ----D---- C:\Program Files\Ricochet Infinity
2009-05-20 06:58:22 ----D---- C:\Program Files\Zylom Games
2009-05-20 06:58:22 ----D---- C:\Documents and Settings\All Users\Application Data\Zylom

======List of files/folders modified in the last 1 months======

2009-06-19 12:03:55 ----D---- C:\WINDOWS
2009-06-19 12:03:38 ----RD---- C:\Program Files
2009-06-19 12:01:44 ----D---- C:\Program Files\Mozilla Firefox
2009-06-19 11:59:28 ----A---- C:\WINDOWS\ModemLog_Intel(R) 537EP V9x DF PCI Modem.txt
2009-06-19 11:58:53 ----D---- C:\Program Files\Steam
2009-06-19 11:57:30 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-06-19 09:47:30 ----D---- C:\WINDOWS\system32\DRIVERS
2009-06-19 09:38:43 ----D---- C:\Program Files\Mozilla Thunderbird
2009-06-19 09:25:43 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2009-06-19 09:25:38 ----D---- C:\WINDOWS\SYSTEM32
2009-06-19 09:24:57 ----D---- C:\WINDOWS\system32\CatRoot2
2009-06-18 17:59:50 ----A---- C:\WINDOWS\system.ini
2009-06-18 17:56:24 ----D---- C:\WINDOWS\system32\CONFIG
2009-06-18 17:49:38 ----D---- C:\WINDOWS\AppPatch
2009-06-18 17:49:19 ----D---- C:\Program Files\Common Files
2009-06-18 07:55:04 ----A---- C:\WINDOWS\OEWABLog.txt
2009-06-18 06:02:52 ----HD---- C:\$AVG8.VAULT$
2009-06-17 09:11:47 ----SHD---- C:\WINDOWS\Installer
2009-06-17 09:11:42 ----D---- C:\Program Files\Java
2009-06-17 05:49:03 ----HD---- C:\WINDOWS\INF
2009-06-17 05:49:03 ----D---- C:\WINDOWS\system32\en-US
2009-06-17 05:49:03 ----D---- C:\WINDOWS\Media
2009-06-17 05:49:03 ----D---- C:\WINDOWS\Help
2009-06-17 05:49:03 ----D---- C:\Program Files\Internet Explorer
2009-06-17 05:46:17 ----HD---- C:\WINDOWS\$hf_mig$
2009-06-17 05:46:09 ----A---- C:\WINDOWS\imsins.BAK
2009-06-17 05:32:20 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-06-17 05:28:19 ----A---- C:\WINDOWS\setuplog.txt
2009-06-17 05:27:43 ----D---- C:\WINDOWS\system32\Setup
2009-06-17 05:27:42 ----RSD---- C:\WINDOWS\Fonts
2009-06-17 05:27:42 ----D---- C:\WINDOWS\system32\WBEM
2009-06-17 05:27:00 ----D---- C:\WINDOWS\SECURITY
2009-06-17 05:25:05 ----D---- C:\WINDOWS\system32\CatRoot
2009-06-17 05:21:49 ----D---- C:\Program Files\Messenger
2009-06-17 05:21:43 ----D---- C:\WINDOWS\WinSxS
2009-06-17 05:13:58 ----D---- C:\WINDOWS\network diagnostic
2009-06-17 05:13:57 ----D---- C:\WINDOWS\IME
2009-06-17 05:13:48 ----D---- C:\WINDOWS\system32\USMT
2009-06-17 05:13:47 ----D---- C:\WINDOWS\PeerNet
2009-06-17 05:13:47 ----D---- C:\Program Files\Movie Maker
2009-06-17 05:10:52 ----D---- C:\WINDOWS\system32\Restore
2009-06-17 05:10:52 ----D---- C:\WINDOWS\system32\NPP
2009-06-17 05:10:51 ----D---- C:\WINDOWS\MSAGENT
2009-06-17 05:10:49 ----D---- C:\WINDOWS\SRCHASST
2009-06-17 05:10:49 ----D---- C:\Program Files\NetMeeting
2009-06-17 05:10:47 ----D---- C:\WINDOWS\system32\Com
2009-06-17 05:10:46 ----D---- C:\Program Files\Windows Media Player
2009-06-17 05:10:45 ----D---- C:\Program Files\Windows NT
2009-06-17 05:10:45 ----D---- C:\Program Files\Outlook Express
2009-06-17 05:10:42 ----D---- C:\Program Files\Common Files\System
2009-06-17 05:10:33 ----D---- C:\WINDOWS\system32\OOBE
2009-06-17 05:10:30 ----D---- C:\WINDOWS\SYSTEM
2009-06-17 05:08:09 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-06-16 05:31:05 ----RASH---- C:\BOOT.INI
2009-06-16 05:22:33 ----D---- C:\Program Files\McAfee.com
2009-06-16 05:20:53 ----SD---- C:\WINDOWS\Tasks
2009-06-16 05:20:26 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2009-06-15 11:13:21 ----A---- C:\WINDOWS\wininit.ini
2009-06-15 08:26:46 ----D---- C:\Documents and Settings
2009-06-14 17:37:05 ----D---- C:\WINDOWS\system32\FxsTmp
2009-06-14 10:19:53 ----D---- C:\Program Files\AIM6
2009-06-10 18:34:24 ----D---- C:\Documents and Settings\David\Application Data\uTorrent
2009-06-10 08:39:41 ----D---- C:\Program Files\Yahoo!
2009-06-05 22:26:37 ----A---- C:\WINDOWS\system32\wrap_oal.dll
2009-06-05 22:26:37 ----A---- C:\WINDOWS\system32\OpenAL32.dll
2009-06-03 01:07:15 ----D---- C:\Program Files\Common Files\Apple
2009-06-03 01:04:15 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-06-01 12:51:12 ----A---- C:\WINDOWS\system32\MRT.exe
2009-05-29 13:36:16 ----A---- C:\WINDOWS\system32\usbaaplrc.dll
2009-05-23 12:28:03 ----D---- C:\Program Files\Heroes Of Hellas

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-06-11 327688]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-06-19 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-01 108552]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2002-11-08 17217]
R1 SandBox;SandBox; \??\C:\WINDOWS\system32\drivers\SandBox.sys []
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2004-10-27 8552]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-08-13 40544]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-08-13 25723]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-08-13 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-08-13 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-08-13 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-08-13 86202]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-08-13 14715]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-08-13 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-08-13 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-08-13 100603]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 afw;Agnitum firewall driver; C:\WINDOWS\system32\DRIVERS\afw.sys [2009-02-18 31128]
R3 afwcore;afwcore; C:\WINDOWS\system32\drivers\afwcore.sys [2009-02-10 257432]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-02-25 3565568]
R3 b57w2k;Broadcom NetXtreme 57xx Gigabit Controller; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2004-05-29 186112]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntelC51;IntelC51; C:\WINDOWS\system32\DRIVERS\IntelC51.sys [2004-03-05 1233525]
R3 IntelC52;IntelC52; C:\WINDOWS\system32\DRIVERS\IntelC52.sys [2004-03-05 647929]
R3 IntelC53;IntelC53; C:\WINDOWS\system32\DRIVERS\IntelC53.sys [2004-06-15 61157]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mohfilt;mohfilt; C:\WINDOWS\system32\DRIVERS\mohfilt.sys [2004-03-05 37048]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2004-10-27 28352]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-04-09 612352]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\David\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-05-29 39424]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-09-15 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\WINDOWS\system32\DRIVERS\xusb21.sys [2009-04-08 56448]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 acssrv;Agnitum Client Security Service; C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe [2009-04-28 1195008]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-05-29 144712]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-02-25 602112]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-06-19 906520]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-05-01 298776]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 dldt_device;dldt_device; C:\WINDOWS\system32\dldtcoms.exe [2008-02-25 595184]
R2 IAANTMon;IAA Event Monitor; C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe [2004-03-23 73852]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-09-15 38912]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-05-30 541992]
S2 ATI Smart;ATI Smart; C:\WINDOWS\SYSTEM32\ati2sgag.exe [2009-02-25 593920]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.06 2009-06-19 12:04:11

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7 Wonders - The Treasures of Seven-->"C:\Program Files\Steam\steam.exe" steam://uninstall/16030
7 Wonders 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/15900
Adobe Acrobat - Reader 6.0.2 Update-->MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 6.0.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
AIM 6-->C:\Program Files\AIM6\uninst.exe
Alien Shooter 2 - Reloaded-->"C:\Program Files\Steam\steam.exe" steam://uninstall/33120
Apple Mobile Device Support-->MsiExec.exe /I{659B48CD-0608-4ED5-94C0-0B6C87114F10}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Aquaria-->"C:\Program Files\Steam\steam.exe" steam://uninstall/24420
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Battlefield Heroes-->"C:\Program Files\EA Games\Battlefield Heroes\uninstaller.exe" "C:\Program Files\EA Games\Battlefield Heroes\Uninstall.xml"
Blueberry Garden Demo-->"C:\Program Files\Steam\steam.exe" steam://uninstall/29170
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Bookworm Adventures Deluxe-->"C:\Program Files\Steam\steam.exe" steam://uninstall/3470
Broadcom Advanced Control Suite 2-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2E086814-7392-4E0F-ADB8-54A81E47406C} /l1033
Cogs Demo-->"C:\Program Files\Steam\steam.exe" steam://uninstall/26510
Company of Heroes - FAKEMSI-->MsiExec.exe /I{14574B7F-75D1-4718-B7F2-EBF6E2862A35}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{199E6632-EB28-4F73-AECB-3E192EB92D18}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{25724802-CC14-4B90-9F3B-3D6955EE27B1}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{50193078-F553-4EBA-AA77-64C9FAA12F98}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{51D718D1-DA81-4FAD-919F-5C1CE3C33379}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{66F78C51-D108-4F0C-A93C-1CBE74CE338F}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{80D03817-7943-4839-8E96-B9F924C5E67D}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{97E5205F-EA4F-438F-B211-F1846419F1C1}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{99A7722D-9ACB-43F3-A222-ABC7133F159E}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{BA801B94-C28D-46EE-B806-E1E021A3D519}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{D4D244D1-05E0-4D24-86A2-B2433C435671}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{EAF636A9-F664-4703-A659-85A894DA264F}
Company of Heroes-->"C:\Program Files\THQ\Company of Heroes\Uninstall_English.exe"
Dangerous High School Girls in Trouble-->"C:\Program Files\Steam\steam.exe" steam://uninstall/27400
Defense Grid: The Awakening-->"C:\Program Files\Steam\steam.exe" steam://uninstall/18500
Dell Digital Jukebox Driver-->C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Media Experience-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
Dell Support-->MsiExec.exe /X{43FCA273-9534-40DB-B7C5-D7758875616A}
Emote-Launcher (remove only)-->"C:\Program Files\emote\launcher\Emote-Launcher-uninst.exe"
Geometry Wars-->"C:\Program Files\Steam\steam.exe" steam://uninstall/8400
Ghost Master-->"C:\Program Files\Steam\steam.exe" steam://uninstall/6200
Heavy Weapon Deluxe-->"C:\Program Files\Steam\steam.exe" steam://uninstall/3410
Heroes Of Hellas-->"C:\Program Files\Heroes Of Hellas\ReflexiveArcade\unins000.exe"
HijackThis 2.0.2-->"C:\Documents and Settings\Administrator\Desktop\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Intel Application Accelerator-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}\setup.exe" -l0409 -INTELUNINST
Intel(R) 537EP V9x DF PCI Modem-->rundll32 IntelCci.dll,iSMUninstallation "Intel(R) 537EP V9x DF PCI Modem"
Internet Explorer Default Page-->MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
iTunes-->MsiExec.exe /I{CC5702D7-86E2-45A8-99D7-E8B976ADCC56}
Jasc Paint Shop Photo Album-->MsiExec.exe /I{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}
Jasc Paint Shop Pro 8 Dell Edition-->MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft Money 2004 System Pack-->MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80}
Microsoft Money 2004-->MsiExec.exe /I{1D643CD7-4DD6-11D7-A4E0-000874180BB3}
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft VC9 runtime libraries-->MsiExec.exe /I{C4124E95-5061-4776-8D5D-E3D931C778E1}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Modem Event Monitor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}\setup.exe" -l0x9
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Modem On Hold-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Mozilla Firefox (3.0.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.21)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
Musaic Box-->"C:\Program Files\Steam\steam.exe" steam://uninstall/29130
Music Rescue-->MsiExec.exe /X{3364BD16-5A28-4862-86A1-A8FF5FD23919}
Musicmatch for Windows Media Player-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E93E5EF6-D361-481E-849D-F16EF5C78EBC}\setup.exe" -l0x9 remove
MUSICMATCH Jukebox-->C:\PROGRA~1\MUSICM~1\MUSICM~2\unmatch.exe
NetZeroInstallers-->MsiExec.exe /X{352310C3-E46B-42D3-8F32-54721FDD72D9}
OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
Outpost Firewall 2009-->"C:\Program Files\Agnitum\Outpost Firewall\unins000.exe"
Penumbra Overture-->"C:\Program Files\Steam\steam.exe" steam://uninstall/22180
Penumbra: Black Plague-->"C:\Program Files\Steam\steam.exe" steam://uninstall/22120
Penumbra: Requiem-->"C:\Program Files\Steam\steam.exe" steam://uninstall/22140
Plants Vs Zombies-->"C:\Program Files\Steam\steam.exe" steam://uninstall/3590
PowerDVD 5.3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Qualxserve Service Agreement-->MsiExec.exe /X{0F756CD9-4A1E-409B-B101-601DDC4C03AA}
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
Raycatcher Demo-->"C:\Program Files\Steam\steam.exe" steam://uninstall/32010
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Reaxxion-->"C:\Program Files\Steam\steam.exe" steam://uninstall/15950
Ricochet Infinity-->"C:\Program Files\Ricochet Infinity\ReflexiveArcade\unins000.exe"

S.T.A.L.K.E.R. - Shadow of Chernobyl-->"C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\unins000.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Sid Meier's Railroads Demo-->"C:\Program Files\Steam\steam.exe" steam://uninstall/7630
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic MyDVD-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Speedball 2 - Tournament-->"C:\Program Files\Steam\steam.exe" steam://uninstall/10700
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Team Fortress 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/440
The Path-->"C:\Program Files\Steam\steam.exe" steam://uninstall/27000
Trials 2: Second Edition-->"C:\Program Files\Steam\steam.exe" steam://uninstall/16600
Update for Windows Internet Explorer 8 (KB971180)-->"C:\WINDOWS\ie8updates\KB971180-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Venice-->"C:\Program Files\Steam\steam.exe" steam://uninstall/3490
WeatherBug-->MsiExec.exe /X{70DECFBF-9119-4434-B2D3-A3C283D15E45}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WordPerfect Office 12-->MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}
World of Goo-->"C:\Program Files\Steam\steam.exe" steam://uninstall/22000
X-COM: Apocalypse-->"C:\Program Files\Steam\steam.exe" steam://uninstall/7660
X-COM: Enforcer-->"C:\Program Files\Steam\steam.exe" steam://uninstall/7770
X-COM: Interceptor-->"C:\Program Files\Steam\steam.exe" steam://uninstall/7730
X-COM: Terror from the Deep-->"C:\Program Files\Steam\steam.exe" steam://uninstall/7650
X-COM: UFO Defense-->"C:\Program Files\Steam\steam.exe" steam://uninstall/7760
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
Zeno Clash Demo-->"C:\Program Files\Steam\steam.exe" steam://uninstall/22220
Zuma Deluxe 1.0-->C:\Program Files\PopCap Games\Zuma Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Zuma Deluxe\Install.log"
Zylom Games Player Plugin-->"C:\Program Files\Zylom Games\UninstallPlugin.exe" --uninstall

======Security center information======

AV: AVG Anti-Virus Free
FW: Outpost Firewall

======System event log======

Computer Name: DCZ86Y51
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 6368
Source Name: W32Time
Time Written: 20090604014305.000000-240
Event Type: warning
User:

Computer Name: DCZ86Y51
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 6365
Source Name: Tcpip
Time Written: 20090603180220.000000-240
Event Type: warning
User:

Computer Name: DCZ86Y51
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 6364
Source Name: Tcpip
Time Written: 20090603145725.000000-240
Event Type: warning
User:

Computer Name: DCZ86Y51
Event Code: 7034
Message: The McAfee.com McShield service terminated unexpectedly. It has done this 1 time(s).

Record Number: 6363
Source Name: Service Control Manager
Time Written: 20090603120922.000000-240
Event Type: error
User:

Computer Name: DCZ86Y51
Event Code: 8021
Message: The browser was unable to retrieve a list of servers from the browser master \\LANCE-EF13081F6 on the network \Device\NetBT_Tcpip_{9CF11AB7-F9E3-4FD4-B6DD-C6DBDD0B5345}.
The data is the error code.

Record Number: 6360
Source Name: BROWSER
Time Written: 20090603120430.000000-240
Event Type: warning
User:

=====Application event log=====

Computer Name: DCZ86Y51
Event Code: 1020
Message: Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Record Number: 187
Source Name: ASP.NET 1.1.4322.0
Time Written: 20090415101815.000000-240
Event Type: warning
User:

Computer Name: DCZ86Y51
Event Code: 1073
Message: Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To completely uninstall ASP.NET from IIS, please re-enable IIS and unregister ASP.NET using aspnet_regiis.exe /u.


Record Number: 178
Source Name: ASP.NET 1.1.4322.0
Time Written: 20090415101542.000000-240
Event Type: warning
User:

Computer Name: DCZ86Y51
Event Code: 5028
Message:
Record Number: 173
Source Name: McLogEvent
Time Written: 20090415101407.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: DCZ86Y51
Event Code: 2004
Message: Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.

Record Number: 169
Source Name: PerfNet
Time Written: 20090415101340.000000-240
Event Type: error
User:

Computer Name: DCZ86Y51
Event Code: 1517
Message: Windows saved user DCZ86Y51\David registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 168
Source Name: Userenv
Time Written: 20090415101244.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\PROGRA~1\COMMON~1\SONICS~1;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0304
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe

• Double-click the launch.exe or cureit.exe file and Allow to run the express scan
  
• This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  
• Once the short scan has finished, just let it cure whatever it finds...
  o Now, go to Settings >> Change Settings
  o Go to Actions tab >> under Objects section, change the settings to below
  Infected objects - Cure
  Incurable objects - Report
  Suspicious objects - Report
  o Don't change any other settings
  
• Start the scan again. This time, choose Complete Scan
  
• Click the green arrow button at the right, and the scan will start.
  
• After the scan finished, click Select all
  
• Click on Cure and choose Report incurable (means take no actions.. Don't "move", or "rename" or "delete")
  
• When the scan has finished, in the menu, click File and choose Save report list
  
• Save the report to your Desktop. The report will be called DrWeb.csv
  
• Post DrWeb.csv in your next reply (Open it as Notepad).. Do NOT reboot the computer yet..
  

Wow, the program won't run. I tried it twice and both times, it opens, I click on Start and Windows shuts down with a blue screen, saying "A problem has been detected and Windows has been shut down to prevent damage to your computer." It goes on about checking your memory and BIOS, and the technical information I copied down as follows:

Stop: 0x0000007F (0xC0000005, 0xF93E8DFA, 0xF798FBB0, 0xF798F8AC)

iaStor.sys - Address F73E8DFA base at F73DA000, DateStamp 40608c73

The BSOD is driver related, a quick Google shows other people getting the error.
Did you disable TeaTimer when MBAM removes those files?

Okay, that's a little reassuring. No, I haven't disabled anything while running MBAM, Spybot, AVG or SAS scans. Am I supposed to? I'm still not too well-versed in all of this...

Also, this might just be my insane paranoia getting the best of me, but I've heard a sort of a 'ding' noise coming from my speakers a few times today. Once was after running the RSIT scan, I believe. I'm browsing the web killing time when I hear this noise like a little bell or two glasses hitting together. About 30-60 seconds later, I hear it again with no source that I can find. I reboot and sure enough, a few minutes after that, I hear it again, then it repeats a minute or so later. I apologize if this is way too crackpot/tin-foil hat for you guys, but all these infections are getting the best of me.

Heh, AVG and SAS won't interfere unless you have the paid for version of them, but I know TeaTimer always gets in the way.

Please disable TeaTimer by doing the following:
1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts

Re-scan again, and remove the files, then re-enable TeaTimer, see if they come back this time.

Nope, no difference. I disabled teatimer, ran MBAM scan and got the 2 results, reboot, enable teatimer, MBAM still gives me the same two entries. Good idea though, it would've been a good fit for me if the solution turned out to be so simple after all.

Malwarebytes' Anti-Malware 1.37
Database version: 2295
Windows 5.1.2600 Service Pack 3

6/19/2009 1:31:54 PM
mbam-log-2009-06-19 (13-31-54).txt

Scan type: Quick Scan
Objects scanned: 93300
Time elapsed: 5 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\rundll32.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\rundll.exe (Trojan.Agent) -> Quarantined and deleted successfully.




Malwarebytes' Anti-Malware 1.37
Database version: 2295
Windows 5.1.2600 Service Pack 3

6/19/2009 1:43:14 PM
mbam-log-2009-06-19 (13-43-14).txt

Scan type: Quick Scan
Objects scanned: 93574
Time elapsed: 6 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\rundll32.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\rundll.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Darn. Okay, first, update MBAM, you still have 1.37, get the newest version which is 1.38 and database version 2308.

Does 1.38 still find them?

I go to update it and the update downloads, but then gives me an error during setup saying "This program requires Windows NT version 4.0 or later."

Hmm. Try uninstalling MBAM via add/remove programs, then download and install a new setup file for 1.38

http://www.malwarebytes.org/mbam/program/mbam-setup.exe

Weird, they didn't show up this time. I'm still a bit nervous, but glad that they're not showing up anymore. Do you think it was just a fluke or something? Here's the newest log, just for posterity:

Malwarebytes' Anti-Malware 1.38
Database version: 2309
Windows 5.1.2600 Service Pack 3

6/19/2009 7:36:00 PM
mbam-log-2009-06-19 (19-36-00).txt

Scan type: Quick Scan
Objects scanned: 94229
Time elapsed: 8 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Thank you yet again for your enormous patience and expertise!

More than likely a bug or false positive in 1.37. 1.38 has sorted that now.