I am having all kinds of problems with my computer, very slow now, some of my passwords on the internet dont work. windows explorer will have to close every time i do anything. please help

Please download Malwarebytes' Anti-Malware from one of these sites:

MalwareBytes1

MalwareBytes2

1. Double Click mbam-setup.exe to install the application.
2. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
3. If an update is found, it will download and install the latest version.
4. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient.
5. When the scan is complete, click OK, then Show Results to view the results.
6. Make sure that everything found is checked, and click Remove Selected.
7. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
8. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
9. Copy&Paste the entire report in your next reply.

Please download and install the latest version of HijackThis v2.0.2:

Download the "HijackThis" Installer from this link:
Hijack This

1. Save " HJTInstall.exe" to your desktop.
2. Double click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

Malwarebytes' Anti-Malware 1.25
Database version: 1093
Windows 5.1.2600 Service Pack 2

8:17:24 PM 9/2/2008
mbam-log-09-02-2008 (20-17-24).txt

Scan type: Quick Scan
Objects scanned: 46232
Time elapsed: 7 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

---------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:18:17 PM, on 9/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Common Files\AOL\1122615497\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Eraser\Eraser.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\AOL\1122615497\EE\aolsoftware.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IntelMeM] "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe"
O4 - HKLM\..\Run: [REGSHAVE] "C:\Program Files\REGSHAVE\REGSHAVE.EXE" /AUTORUN
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [AOLDialer] "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"
O4 - HKLM\..\Run: [lxczbmgr.exe] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1122615497\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe -hide
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\DOCUME~1\michael\LOCALS~1\Temp\SSUPDATE.EXE Software\SUPERAntiSpyware.com\SUPERAntiSpyware
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} -
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} -
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} -
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} -
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/i...
O17 - HKLM\System\CS1\Services\Tcpip\..\{53D2E408-3225-43BA-8E7A-E7161EA16DC5}: NameServer = 205.188.146.145
O17 - HKLM\System\CS6\Services\Tcpip\..\{53D2E408-3225-43BA-8E7A-E7161EA16DC5}: NameServer = 205.188.146.145
O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - D:\Player\__CDS2.dll (file missing)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe (file missing)

--
End of file - 10380 bytes

Any advice would be greatly appreciated thank you

Your java is out of date and has been exploited.
Download the latest version of java from this link Java
Click on the JRE 6 Update 7 download button.
Check the box that says: "Accept License Agreement". The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. It should have the "coffee cup" icon next to it.
Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed
Then from your desktop double-click on jre-6u7-windows-i586-p.exe to install the newest version.

Please download ComboFix to the desktop from one of the following links:

Link1

Link 2

Link 3

Combofix is a powerful tool so follow the instructions exactly or you could damage your computer.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with Combofix and remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

In your case to run Combofix do the following:
1. Go offline, turn off your AVG antivirus and these antispyware programs:
a. Windiws Defender
b. Ad-Aware
c. AOL Spyware Protection
2. Run Combofix and save its log.
3. Restart the computer to get the antivirus running ( leave the antispyware off until we get you clean).
4. Post the Combofix log.

Remember to re-enable the protection again afterwards before connecting to the Internet.

Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running or move the mouse, it will cause your system to hang.)
Please post the log it produces.

Now sometimes one of my hard drives can not be found on my computer and also my icons will not show up on my computer I have to restart my computer a few times before they will show up.

Here is my combo fix log, sorry it took so long.

ComboFix 08-09-05.04 - michael 2008-09-08 8:21:15.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.268 [GMT -6:00]
Running from: C:\Documents and Settings\michael\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\jestertb.dll

.
((((((((((((((((((((((((( Files Created from 2008-08-08 to 2008-09-08 )))))))))))))))))))))))))))))))
.

2008-09-07 13:04 . 2008-09-07 13:04 <DIR> d-------- C:\NEW
2008-09-06 20:19 . 2008-09-06 20:19 <DIR> d-------- C:\Program Files\Sun
2008-09-06 20:19 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\SYSTEM32\javacpl.cpl
2008-09-06 20:08 . 2008-09-06 20:08 <DIR> d-------- C:\Program Files\Common Files\Java
2008-09-03 23:54 . 2008-09-07 11:25 <DIR> d-------- C:\WINDOWS\SYSTEM32\CatRoot_bak
2008-09-02 06:46 . 2008-09-06 22:49 <DIR> d--h----- C:\$AVG8.VAULT$
2008-09-01 23:49 . 2008-09-05 17:06 <DIR> d-------- C:\WINDOWS\SYSTEM32\DRIVERS\Avg
2008-09-01 23:49 . 2008-09-01 23:49 <DIR> d-------- C:\Program Files\AVG
2008-09-01 23:49 . 2008-09-01 23:49 <DIR> d-------- C:\Documents and Settings\michael\Application Data\AVGTOOLBAR
2008-09-01 23:49 . 2008-09-01 23:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-09-01 23:49 . 2008-09-05 22:50 97,928 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avgldx86.sys
2008-09-01 23:49 . 2008-09-01 23:49 76,040 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avgtdix.sys
2008-09-01 23:49 . 2008-09-01 23:49 10,520 --a------ C:\WINDOWS\SYSTEM32\avgrsstx.dll
2008-08-29 17:52 . 2008-08-29 17:52 <DIR> d-------- C:\Program Files\CCleaner
2008-08-28 18:02 . 2008-08-28 18:03 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-28 18:02 . 2008-08-28 18:02 <DIR> d-------- C:\Documents and Settings\michael\Application Data\Malwarebytes
2008-08-28 18:02 . 2008-08-28 18:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-28 18:02 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys
2008-08-28 18:02 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
2008-08-24 14:27 . 2008-08-26 22:31 <DIR> d-a------ C:\Program Files\canto
2008-08-18 18:00 . 2008-08-18 18:00 <DIR> d-------- C:\Program Files\Handbrake
2008-08-16 09:48 . 2008-08-16 09:48 <DIR> d-------- C:\Program Files\Lavasoft
2008-08-16 09:09 . 2008-08-16 09:09 <DIR> d-------- C:\WINDOWS\MaxSecureBackup
2008-08-16 09:08 . 2008-08-16 09:08 63 --a------ C:\WINDOWS\SYSTEM\SYSRegC.dll
2008-08-16 09:05 . 2008-08-17 08:39 <DIR> d-------- C:\Program Files\Max Registry Cleaner
2008-08-16 09:05 . 2007-05-24 16:57 143,360 --a------ C:\WINDOWS\SYSTEM32\GetHardDiskNo.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-08 14:26 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-08 14:20 --------- d-----w C:\Program Files\PeerGuardian2
2008-09-08 04:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-09-08 03:57 --------- d-----w C:\Documents and Settings\michael\Application Data\DVD Flick
2008-09-08 00:31 --------- d-----w C:\Documents and Settings\michael\Application Data\Azureus
2008-09-07 02:19 --------- d-----w C:\Program Files\Java
2008-09-04 13:09 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-09-02 05:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-09-02 05:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-09-02 05:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-09-01 01:12 --------- d-----w C:\Program Files\QuickTime
2008-08-25 13:15 --------- d-----w C:\Documents and Settings\michael\Application Data\NeroDCTemplates
2008-08-17 18:22 --------- d-----w C:\Program Files\Apple Software Update
2008-08-16 15:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-16 15:45 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-23 02:32 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys
2008-07-22 03:48 --------- d-----w C:\Documents and Settings\michael\Application Data\RipIt4Me
2008-07-16 05:07 --------- d-----w C:\Program Files\Google
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\SYSTEM32\es.dll
2008-07-07 20:32 253,952 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\es.dll
2008-06-24 16:57 3,592,192 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\SYSTEM32\mscms.dll
2008-06-24 16:23 74,240 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mscms.dll
2008-06-23 09:20 70,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2008-06-23 09:20 625,664 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2008-06-23 09:20 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2008-06-21 05:23 161,792 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\SYSTEM32\mswsock.dll
2008-06-20 17:41 245,248 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip6.sys
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\bthport.sys
2006-04-02 02:52 1,024 -c-ha-w C:\Documents and Settings\michael\UserInfo.dat
2005-01-07 21:20 278,528 ----a-w C:\Program Files\internet explorer\plugins\PanoViewer.dll
2005-01-07 21:20 143,360 ----a-w C:\Program Files\internet explorer\plugins\UPjpeg.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-03-13 171448]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 1421824]
"Eraser"="C:\Program Files\Eraser\Eraser.exe" [2007-12-22 916240]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-04 1576176]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-21 126976]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2005-04-11 83544]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"lxczbmgr.exe"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [2007-02-08 74672]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2007-02-08 295856]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 267048]
"ThreatFire"="C:\Program Files\ThreatFire\TFTray.exe" [2008-04-24 259392]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"HostManager"="C:\Program Files\Common Files\AOL\1122615497\ee\AOLSoftware.exe" [2007-10-08 41824]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-05 1235736]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-09-04 07:09 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.JDCT"= jl_jdct.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk
backup=C:\WINDOWS\pss\Exif Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MySoftware NewsFlash.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MySoftware NewsFlash.lnk
backup=C:\WINDOWS\pss\MySoftware NewsFlash.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
--a------ 2007-12-22 17:03 916240 C:\Program Files\Eraser\Eraser.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
--a------ 2008-01-24 13:32 2289664 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"C:\\Program Files\\Common Files\\AOL\\1122615497\\EE\\AOLServiceHost.exe"=
"C:\\Program Files\\Common Files\\AOL\\1122615497\\EE\\aolsoftware.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\WINDOWS\\SYSTEM32\\lxczcoms.exe"=
"C:\\Program Files\\AOL\\RC\\regclient.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"C:\\WINDOWS\\SYSTEM32\\mmc.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"C:\\Program Files\\Common Files\\AOL\\1122615497\\EE\\AOLDesktop.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 TfFsMon;TfFsMon;C:\WINDOWS\system32\drivers\TfFsMon.sys [2008-04-24 51520]
R0 TfSysMon;TfSysMon;C:\WINDOWS\system32\drivers\TfSysMon.sys [2008-04-24 38208]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-05 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-05 875288]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-05 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-09-01 76040]
R2 lxcz_device;lxcz_device;C:\WINDOWS\system32\lxczcoms.exe [2007-02-08 537520]
R2 ThreatFire;ThreatFire;C:\Program Files\ThreatFire\TFService.exe service [ ]
R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-01-11 40832]
R3 ES1370;Creative AudioPCI (ES1370), SB PCI 64/128 (WDM);C:\WINDOWS\system32\drivers\ES1370MP.sys [2002-08-05 37504]
R3 TfNetMon;TfNetMon;C:\WINDOWS\system32\drivers\TfNetMon.sys [2008-04-24 33088]
S3 b9a7d890-ceff-4600-8a9a-aff1173af2c1;b9a7d890-ceff-4600-8a9a-aff1173af2c1;D:\Player\cds300.dll [ ]
S3 JL2005C;Dual Mode Camera;C:\WINDOWS\system32\Drivers\jl2005c.sys [2007-03-24 62762]
S3 MTK;Media Technology Kernel Driver;C:\WINDOWS\system32\Drivers\mtk.sys [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9ea939e5-8832-11d8-ac5c-806d6172696f}]
\Shell\AutoRun\command - D:\pyrates.exe

*Newly Created Service* - PROCEXP90

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Zune Launcher - C:\Program Files\Zune\ZuneLauncher.exe

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\michael\Application Data\Mozilla\Firefox\Profiles\5wkh1o0w.default\
FF -: plugin - C:\Program Files\Adobe\Acrobat 5.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npqtplugin8.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\npjava11.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\npjava12.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\npjava13.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\npjava14.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\npjava32.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\npjpi160_03.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\npoji610.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\nppdf32.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\npqtplugin8.dll
FF -: plugin - C:\Program Files\QuickTime\Plugins\npqtplugin8.dll
.
.
------- File Associations (Beta) -------
.
regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-08 08:26:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\TEMP\SPL152.tmp 1113840 bytes
C:\WINDOWS\TEMP\SPL160.tmp 1113808 bytes
C:\WINDOWS\TEMP\Temporary Internet Files
C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5
C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\[u]0[/u]PE3GNC7
C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\[u]0[/u]PE3GNC7\affiliates[1].css 2595 bytes
C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\[u]0[/u]PE3GNC7\alerts[1].css 1049 bytes
C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\[u]0[/u]PE3GNC7\buttons[1].css 15589 bytes
C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\[u]0[/u]PE3GNC7\CA3MYL33.gif 43 bytes
C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\[u]0[/u]PE3GNC7\callOut-CornerTopLeft_11x11[1].gif 95 bytes
C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\[u]0[/u]PE3GNC7\CASZIXGH.lpk 1843 bytes
C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\[u]0[/u]PE3GNC7\corner_bottom_left_13x14[1].gif 132 bytes
C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\[u]0[/u]PE3GNC7\corner_top_left_13x14[1].gif 129 bytes
C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\[u]0[/u]PE3GNC7\desktop.ini 67 bytes
C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\[u]0[/u]PE3GNC7\lang[1].css 5547 bytes
C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\[u]0[/u]PE3GNC7\pageTitle_right_10x20[1].gif 91 bytes
C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\[u]0[/u]PE3GNC7\valert[1].ui 22112 bytes
C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\83SBC14L
C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\83SBC14L\CA3FVEEX.lpk 1843 bytes
C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\83SBC14L\callOut-CornerTopRight_11x11[1].gif 123 bytes
C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\83SBC14L\common[1].css 15523 bytes
C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\83SBC14L\corner_bottom_right_13x14[1].gif 130 bytes
C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\83SBC14L\corner_top_right_13x14[1].gif 129 bytes
C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\83SBC14L\dash_vertical_1x3[1].gif 43 bytes
C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\83SBC14L\desktop.ini 67 bytes
C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\83SBC14L\login[1].htm 10978 bytes
C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\83SBC14L\openWindow[1].js 1814 bytes
C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\83SBC14L\sysicon_squareM_16x16[1].gif 262 bytes
C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\83SBC14L\wrapper[1].css 4829 bytes
C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\desktop.ini 67 bytes
C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\index.dat 49152 bytes
C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\MZEPWLUB
C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\MZEPWLUB\affiliate[1].css 464 bytes
C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\MZEPWLUB\callOut-CornerBottomLeft_11x11[1].gif 120 bytes
C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\MZEPWLUB\CAMNU1U0.lpk 1843 bytes
C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\MZEPWLUB\dash_horizontal_1x3[1].gif 43 bytes
C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\MZEPWLUB\dash_horizontal_3x1[1].gif 43 bytes
C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\MZEPWLUB\desktop.ini 67 bytes
C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\MZEPWLUB\hover[1].htc 897 bytes
C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\MZEPWLUB\logo_redOnWhite_170x75[1].gif 1353 bytes
C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\MZEPWLUB\mcltvers[1].ini 2657 bytes
C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\MZEPWLUB\nav[1].css 2890 bytes
C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\MZEPWLUB\pricePlan[1].js 2098 bytes
C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\MZEPWLUB\tabs[1].css 1427 bytes
C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\XYMRAP3M
C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\XYMRAP3M\callOut-CornerBottomRight_11x11[1catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\XYMRAP3M\clear[1].gif 49 bytes
C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\XYMRAP3M\default[1].css 769 bytes
C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\XYMRAP3M\desktop.ini 67 bytes
C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\XYMRAP3M\icn_arrow_black_11x11[1].gif 106 bytes
C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\XYMRAP3M\icon_warning_32x32[1].gif 1507 bytes
C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\XYMRAP3M\logo_dell_105x32[1].gif 1361 bytes
C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\XYMRAP3M\pageTitle_left_10x20[1].gif 92 bytes
C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\XYMRAP3M\PurchaseWizard[1].css 708 bytes
C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\XYMRAP3M\redir[1].htm 223 bytes
C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\XYMRAP3M\Sitewise[1].htm 4373 bytes
C:\WINDOWS\TEMP\TFUN.exe 46400 bytes executable
C:\WINDOWS\TEMP\SPL339.tmp 170541 bytes
C:\WINDOWS\TEMP\SPL434.tmp 43122 bytes
C:\WINDOWS\TEMP\SPL4D4.tmp 1320290 bytes
C:\WINDOWS\TEMP\SPL4D7.tmp 6066010 bytes
C:\WINDOWS\TEMP\SPL74.tmp 20840448 bytes
C:\WINDOWS\TEMP\SPLC4.tmp 6118186 bytes
C:\WINDOWS\TEMP\SPLEE8.tmp 193512 bytes
C:\WINDOWS\TEMP\SysExplorer.exe 24576 bytes executable
C:\WINDOWS\TEMP\SPL16E.tmp 1113812 bytes
C:\WINDOWS\TEMP\TMP000000019E2487B1A713AD51 524288 bytes
C:\WINDOWS\TEMP\TMP00000055BDD5D2D84DD8D56E 524288 bytes
C:\WINDOWS\TEMP\TMP0000005E0BCB5C428C8B48B3 524288 bytes executable
C:\WINDOWS\TEMP\TMP00000073EA061FD0B11D23E9 524288 bytes
C:\WINDOWS\TEMP\TMP0000008572F47E3016B99D24 524288 bytes
C:\WINDOWS\TEMP\TMP00000095216625B2BA06448E 524288 bytes
C:\WINDOWS\TEMP\TMP00000114598ABA62D6B3FEC4 524288 bytes executable
C:\WINDOWS\TEMP\TMP00000115EFD282161401C54A 524288 bytes executable
C:\WINDOWS\TEMP\TMP00000116907D37AD544E0A79 524288 bytes executable
C:\WINDOWS\TEMP\TMP000001E2A5424C55EDE01B0B 524288 bytes
C:\WINDOWS\TEMP\TMP000001E3D59A3E32583F3FE8 524288 bytes
C:\WINDOWS\TEMP\TMP000001FF43355B32E75F86B2 524288 bytes
C:\WINDOWS\TEMP\TMP0000046DD85B6E9D96ED2CAB 524288 bytes
C:\WINDOWS\TEMP\unstall.pif 995 bytes
C:\WINDOWS\TEMP\WGAErrLog.txt 255 bytes
C:\WINDOWS\TEMP\WGANotify.settings 409 bytes
C:\WINDOWS\TEMP\_ISTMP1.DIR
C:\WINDOWS\TEMP\_ISTMP1.DIR\_ISTMP0.DIR
C:\WINDOWS\TEMP\_ISTMP1.DIR\_ISTMP0.DIR\value.shl 699 bytes
C:\WINDOWS\TEMP\~GLF0F7E.TMP 8704 bytes executable
C:\WINDOWS\TEMP\~GLF2060.TMP 8704 bytes executable
C:\WINDOWS\TEMP\TMP0000000C72F12800BAC404C7 524288 bytes
C:\WINDOWS\TEMP\TMP00000013410997B2D61819F8 524288 bytes executable
C:\WINDOWS\TEMP\TMP000000174E9C0176EDFC35EA 524288 bytes executable
C:\WINDOWS\TEMP\TMP0000001842453D1C3D62F91C 524288 bytes executable
C:\WINDOWS\TEMP\TMP00000018A326A3E5BF466BB3
C:\WINDOWS\TEMP\TMP0000001BCC2777F67C281FF3 524288 bytes executable
C:\WINDOWS\TEMP\TMP0000001EEC909BF3C2B6989A 524288 bytes executable
C:\WINDOWS\TEMP\TMP000000208284B07350A43A9C 524288 bytes executable
C:\WINDOWS\TEMP\TMP00000025A303C7C5A001A846 524288 bytes executable
C:\WINDOWS\TEMP\TMP000000263DC6A41EEB3ABE32 524288 bytes executable
C:\WINDOWS\TEMP\TMP0000002B21C1FC9D8E8F1ECB 524288 bytes executable
C:\WINDOWS\TEMP\TMP0000002BF0746B90830AB7B7 524288 bytes executable
C:\WINDOWS\TEMP\TMP0000003338608CF2A9C36B1F 524288 bytes executable
C:\WINDOWS\TEMP\TMP00000034A960FFFD7F62ABF5 524288 bytes executable
C:\WINDOWS\TEMP\TMP0000003C2186D20019BC0C0A 524288 bytes
C:\WINDOWS\TEMP\TMP000000444EAB33107660BCC2 524288 bytes executable
C:\WINDOWS\TEMP\TMP00000045EFE5DD07C266034B 524288 bytes executable
C:\WINDOWS\TEMP\TMP0000004A5FCD148CF83AABBF 524288 bytes executable
C:\WINDOWS\TEMP\TMP0000004C53774EF027C35AC6 524288 bytes executable
C:\WINDOWS\TEMP\TMP0000004E20020D3978C3CC7A 524288 bytes executable
C:\WINDOWS\TEMP\TMP000000535ABD1D49D3B26A12 524288 bytes executable
C:\WINDOWS\TEMP\TMP00000054CF56FA27D930B38A 524288 bytes executable

**************************************************************************
.
Completion time: 2008-09-08 8:31:06
ComboFix-quarantined-files.txt 2008-09-08 14:30:01

Pre-Run: 2,814,750,720 bytes free
Post-Run: 6,944,206,848 bytes free

326 --- E O F --- 2008-09-07 01:58:49