Windows, Operating System, Security, Networking, Malware, Support, Forum, Help Site Check Our Facebook Page!
Notices

Register your FREE account to unlock additional features at WindowsBBS.com
 
 
LinkBack Thread Tools
Old 11th February 2010   #1
Senior Member
THREAD STARTER
 
Profile:
Join Date: May 2003
Location: Omega, Ga
Posts: 179
Computer Experience:
Intermediate
Fredb38 Reputation Level

[Resolved] Virus


My computer says their are two people logged on but I am the only one.
Everytime I run a virus and or spyware check their is alway something found.
My computer has slowed way down. I am running Windows 7 on an HP desktop.
I have created a log file from highjackthis but don't know how to read it.
I am getting ready to reformat my harddrive as I am not sure of what else to do.
I have tried Malwarebyte, Spybot, Spyware Doctor, Eset Smart Security 4, and Windows Defender.
Any ideas on what else to try?

Fredb38 is offline  
Old 11th February 2010   #2
Getting Old
 
wildfire's Avatar
 
Profile:
Join Date: Apr 2008
Location: Dundee, Tayside
Posts: 4,643
Computer Experience:
Intermediate
wildfire Reputation Levelwildfire Reputation Levelwildfire Reputation Levelwildfire Reputation Levelwildfire Reputation Levelwildfire Reputation Levelwildfire Reputation Levelwildfire Reputation Levelwildfire Reputation Levelwildfire Reputation Level

My System
As indicated at the start of this forum, please *** READ THIS BEFORE POSTING IN THIS FORUM *** then post the requested logs in this thread.

NOTES:
Quote:
No shortcuts
When posting the logs ensure word wrap is switched off (in notepad Uncheck Format->Word Wrap) as this makes them difficult to read.

Be aware that only Malware analysts will advise and they are often busy. Your post will be taken on a first come first served basis but it may take a while before you receive a reply.

wildfire is offline  
Old 11th February 2010   #3
Senior Member
THREAD STARTER
 
Profile:
Join Date: May 2003
Location: Omega, Ga
Posts: 179
Computer Experience:
Intermediate
Fredb38 Reputation Level

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:07:16 PM, on 2/11/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Felitec\Mindful 2\Mindful.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
H:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Users\Fred\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Fred\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - H:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [hpqSRMon] "C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe"
O4 - HKLM\..\Run: [Mindful 2] "C:\Program Files\Felitec\Mindful 2\Mindful.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] "C:\Program Files\Google\Gmail Notifier\gnotify.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "H:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - Startup: Dropbox.lnk = Fred\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: ESET Smart Security.lnk = C:\Program Files\ESET\ESET Smart Security\egui.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\SDHelper.dll
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NMSAccess - Unknown owner - H:\Program Files\Blaze Media Pro\NMSAccess32.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - H:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ScsiAccess - Unknown owner - H:\Program Files\PhotodexProShowGold\ScsiAccess.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 8335 bytes

Fredb38 is offline  
Old 11th February 2010   #4
Getting Old
 
wildfire's Avatar
 
Profile:
Join Date: Apr 2008
Location: Dundee, Tayside
Posts: 4,643
Computer Experience:
Intermediate
wildfire Reputation Levelwildfire Reputation Levelwildfire Reputation Levelwildfire Reputation Levelwildfire Reputation Levelwildfire Reputation Levelwildfire Reputation Levelwildfire Reputation Levelwildfire Reputation Levelwildfire Reputation Level

My System
Wrong logs Fred read that link again

wildfire is offline  
Old 11th February 2010   #5
Senior Member
THREAD STARTER
 
Profile:
Join Date: May 2003
Location: Omega, Ga
Posts: 179
Computer Experience:
Intermediate
Fredb38 Reputation Level

DDS
DDS (Ver_09-12-01.01) - NTFSx86
Run by Fred at 17:21:33.08 on Thu 02/11/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17
Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.3454.1927 [GMT -5:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\System32\svchost.exe -k HPZ12
H:\Program Files\Blaze Media Pro\NMSAccess32.exe
C:\Windows\System32\svchost.exe -k HPZ12
H:\Program Files\PhotodexProShowGold\ScsiAccess.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\system32\svchost.exe -k imgsvc
H:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Felitec\Mindful 2\Mindful.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
H:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Users\Fred\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
H:\Program Files\Microsoft Street & Trip 2010\StreetsOlkShim.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
c:\Program Files\Microsoft Security Essentials\MpCmdRun.exe
C:\Users\Fred\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 8\SnagItBHO.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - h:\program files\spybot - search & destroy\spybot - search & destroy\SDHelper.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 8\SnagItIEAddin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [SpybotSD TeaTimer] "h:\program files\spybot - search & destroy\spybot - search & destroy\TeaTimer.exe"
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [hpqSRMon] "c:\program files\hp\digital imaging\bin\hpqSRMon.exe"
mRun: [Mindful 2] "c:\program files\felitec\mindful 2\Mindful.exe"
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] "c:\program files\google\gmail notifier\gnotify.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
StartupFolder: c:\users\fred\appdata\roaming\micros~1\windows\startm~1\programs\startup\dr opbox.lnk - c:\users\fred\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\fred\appdata\roaming\micros~1\windows\startm~1\programs\startup\es etsm~1.lnk - c:\program files\eset\eset smart security\egui.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - h:\program files\spybot - search & destroy\spybot - search & destroy\SDHelper.dll
Trusted Zone: intuit.com\ttlc
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

================= FIREFOX ===================

FF - ProfilePath - c:\users\fred\appdata\roaming\mozilla\firefox\profiles\5uvqh77u.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll
FF - component: c:\users\fred\appdata\roaming\mozilla\firefox\profiles\5uvqh77u.default\ext ensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\plugins\nphpclipbook.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\photodex presenter\npPxPlay.dll
FF - plugin: c:\users\fred\appdata\roaming\mozilla\firefox\profiles\5uvqh77u.default\ext ensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\users\fred\appdata\roaming\mozilla\firefox\profiles\5uvqh77u.default\ext ensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-2-7 207792]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 142832]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-2-7 112592]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2009-11-16 735960]
R2 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2009-11-16 38240]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-2-5 236368]
R2 SBSDWSCService;SBSD Security Center Service;h:\program files\spybot - search & destroy\spybot - search & destroy\SDWinSec.exe [2010-1-9 1153368]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-2-9 359624]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-2-9 1141712]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-12-11 19160]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-6-18 42480]
R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]
RUnknown szkg5;szkg5; [x]
RUnknown szkgfs;szkgfs; [x]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
SUnknown is3srv;is3srv; [x]

=============== Created Last 30 ================

2010-02-11 20:51:37 856 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-02-11 14:53:22 335090342 ----a-w- c:\windows\MEMORY.DMP
2010-02-10 00:50:44 3955288 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-10 00:50:44 292864 ----a-w- c:\windows\system32\apphelp.dll
2010-02-10 00:50:43 3899464 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-10 00:27:04 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-10 00:27:04 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-02-10 00:26:32 1328640 ----a-w- c:\windows\system32\quartz.dll
2010-02-10 00:26:31 84480 ----a-w- c:\windows\system32\mciavi32.dll
2010-02-10 00:26:31 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-02-10 00:26:30 91648 ----a-w- c:\windows\system32\avifil32.dll
2010-02-10 00:26:30 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-02-10 00:26:30 22016 ----a-w- c:\windows\system32\msyuv.dll
2010-02-10 00:26:29 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-02-10 00:26:29 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2010-02-10 00:26:24 221184 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-10 00:26:24 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-10 00:25:55 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-10 00:25:54 369152 ----a-w- c:\windows\system32\secproc.dll
2010-02-10 00:25:53 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-10 00:25:53 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-10 00:25:52 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-10 00:25:52 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-10 00:25:51 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-10 00:25:50 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-08 15:53:04 0 d-----w- c:\users\fred\appdata\roaming\Easy Thumbnails
2010-02-07 16:09:19 767952 ----a-w- c:\windows\BDTSupport.dll
2010-02-07 16:09:17 882 ----a-w- c:\windows\RegSDImport.xml
2010-02-07 16:09:17 880 ----a-w- c:\windows\RegISSImport.xml
2010-02-07 16:09:17 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-02-07 16:09:17 131 ----a-w- c:\windows\IDB.zip
2010-02-07 16:09:17 1152444 ----a-w- c:\windows\UDB.zip
2010-02-07 16:09:15 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-02-07 16:09:15 1640400 ----a-w- c:\windows\PCTBDCore.dll
2010-02-07 16:09:04 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2010-02-07 16:09:03 98600 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2010-02-07 16:09:03 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-02-07 16:08:55 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2010-02-07 16:08:55 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2010-02-07 16:08:55 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-02-07 16:08:54 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-02-07 16:08:33 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2010-02-07 16:08:33 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-02-07 16:06:57 0 d-----w- c:\program files\common files\PC Tools
2010-02-07 16:06:56 0 d-----w- c:\users\fred\appdata\roaming\PC Tools
2010-02-07 16:06:56 0 d-----w- c:\program files\Spyware Doctor
2010-02-07 05:14:05 0 d-----w- c:\users\fred\appdata\roaming\QuickScan
2010-02-06 15:12:03 0 dc----w- c:\programdata\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2010-02-06 00:34:21 0 d-----w- c:\programdata\PC Tools
2010-02-05 02:18:58 0 d-----w- c:\users\fred\appdata\roaming\FreeAudioPack
2010-02-04 17:24:35 0 d-----w- c:\program files\Creative Home
2010-02-04 15:31:20 0 d-sh--w- C:\$RECYCLE.BIN
2010-02-04 15:21:14 77312 ----a-w- c:\windows\MBR.exe
2010-02-04 15:21:11 261632 ----a-w- c:\windows\PEV.exe
2010-02-04 15:21:11 161792 ----a-w- c:\windows\SWREG.exe
2010-02-04 15:21:10 98816 ----a-w- c:\windows\sed.exe
2010-02-04 14:10:37 0 d-----w- c:\program files\Enigma Software Group
2010-02-04 12:14:43 164 ----a-w- c:\windows\install.dat
2010-02-04 05:26:40 0 --sha-w- C:\ProgramData.LOG2
2010-02-04 05:26:40 0 --sha-w- C:\ProgramData.LOG1
2010-02-04 05:16:26 0 d-----w- c:\program files\MSSOAP
2010-02-04 05:16:26 0 d-----w- c:\program files\common files\MSSoap
2010-02-04 02:23:51 0 d-----w- c:\programdata\SITEguard
2010-02-04 02:23:00 0 d-----w- c:\program files\common files\iS3
2010-02-04 02:22:58 0 d-----w- c:\programdata\STOPzilla!
2010-02-04 01:53:23 606 ----a-w- c:\windows\system32\.crusader
2010-02-04 01:45:24 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-02-04 01:43:59 0 d-----w- c:\programdata\Hitman Pro
2010-02-03 04:14:10 102400 --sha-r- c:\windows\system32\sppsvcb.dll
2010-02-02 20:19:24 0 d-----w- c:\users\fred\appdata\roaming\Foxit Software
2010-02-02 19:43:17 0 d-----w- c:\users\fred\appdata\roaming\Foxit
2010-02-02 19:43:16 0 d-----w- c:\program files\Foxit Software
2010-02-02 18:40:34 0 d-----w- c:\users\fred\appdata\roaming\WinMount
2010-02-02 18:39:54 41776 ----a-w- c:\windows\system32\drivers\WMDrive.sys
2010-02-02 05:39:03 0 d-----w- c:\program files\common files\Macrovision Shared
2010-02-02 05:38:46 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2010-02-02 04:09:51 0 d-----w- c:\programdata\FLEXnet
2010-01-30 20:29:34 0 d-----w- c:\program files\NVIDIA Corporation
2010-01-30 20:28:17 7437 ----a-w- c:\windows\system32\nvinfo.pb
2010-01-30 20:28:17 68200 ----a-w- c:\windows\system32\OpenCL.dll
2010-01-30 20:28:17 14924392 ----a-w- c:\windows\system32\nvoglv32.dll
2010-01-30 20:28:17 11586280 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2010-01-30 20:28:17 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2010-01-30 20:28:16 4077672 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-01-30 20:28:16 4061800 ----a-w- c:\windows\system32\nvcuda.dll
2010-01-30 20:28:16 2243176 ----a-w- c:\windows\system32\nvcuvid.dll
2010-01-30 20:28:16 182888 ----a-w- c:\windows\system32\nvcod189.dll
2010-01-30 20:28:16 182888 ----a-w- c:\windows\system32\nvcod.dll
2010-01-30 20:28:16 11639400 ----a-w- c:\windows\system32\nvcompiler.dll
2010-01-30 20:28:14 0 d-----w- C:\NVIDIA
2010-01-30 20:01:57 0 d-----w- c:\program files\SystemRequirementsLab
2010-01-29 21:29:52 51716 ----a-w- c:\windows\system32\pdf995mon.dll
2010-01-29 21:29:52 249856 ----a-w- c:\windows\system32\pdfmona.dll
2010-01-29 21:29:52 142 ----a-w- c:\windows\wpd99.drv
2010-01-29 21:29:52 0 d-----w- c:\programdata\pdf995
2010-01-29 21:29:28 203264 ----a-w- c:\windows\system32\wbem\framedyn.dll
2010-01-28 13:51:01 0 d-----w- c:\users\fred\appdata\roaming\TaxCut
2010-01-28 13:48:48 0 d-----w- c:\program files\PDF995
2010-01-28 13:48:48 0 d-----w- c:\program files\HRBlock2009
2010-01-28 13:47:24 0 d-----w- c:\programdata\TaxCut
2010-01-26 20:15:11 2614272 ----a-w- c:\windows\explorer.exe
2010-01-26 20:15:10 285696 ----a-w- c:\windows\system32\winlogon.exe
2010-01-26 20:15:00 41984 ----a-w- c:\windows\system32\drivers\usbehci.sys
2010-01-26 20:15:00 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2010-01-23 01:16:49 0 d-----w- c:\program files\Movie Maker 2.6
2010-01-23 00:38:40 0 d-----w- c:\programdata\Deskshare
2010-01-23 00:37:46 0 d-----w- c:\program files\Deskshare
2010-01-23 00:37:38 0 d-----w- c:\program files\Mpeg2Decoder
2010-01-22 19:43:40 0 d-----w- C:\NOD_upd
2010-01-22 06:08:24 977920 ----a-w- c:\windows\system32\wininet.dll
2010-01-18 18:58:18 243200 ----a-w- c:\program files\UNWISE.EXE
2010-01-16 19:06:41 0 d-----w- c:\program files\MPC HomeCinema
2010-01-13 19:13:26 0 d-----w- c:\users\fred\appdata\roaming\BSplayer PRO
2010-01-13 18:36:07 88 --sh--r- c:\programdata\9545D97103.sys
2010-01-13 18:36:06 2516 --sha-w- c:\programdata\KGyGaAvL.sys
2010-01-13 18:36:03 0 d-----w- c:\users\fred\Corel
2010-01-13 18:35:09 40 ---ha-w- c:\windows\system32\ivireg.ivr
2010-01-13 02:11:45 70656 ----a-w- c:\windows\system32\fontsub.dll
2010-01-13 02:11:45 108544 ----a-w- c:\windows\system32\t2embed.dll

==================== Find3M ====================

2010-01-14 16:12:06 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-12 04:03:33 9388648 ----a-w- c:\windows\system32\nvd3dum.dll
2010-01-12 04:03:33 592488 ----a-w- c:\windows\system32\nvudisp.exe
2010-01-12 04:03:33 1280616 ----a-w- c:\windows\system32\nvapi.dll
2010-01-12 03:18:00 962664 ----a-w- c:\windows\system32\nvsvc.dll
2010-01-12 03:18:00 13679720 ----a-w- c:\windows\system32\nvcpl.dll
2010-01-12 03:18:00 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-01-12 03:18:00 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-01-07 21:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-05 02:10:30 23124 ----a-w- c:\windows\hpqins15.dat
2009-12-14 19:15:14 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-12-14 15:37:17 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2009-11-30 18:09:14 114688 ----a-w- c:\windows\keymail.dll
2009-11-23 19:44:24 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-23 17:26:13 47360 ----a-w- c:\users\fred\appdata\roaming\pcouffin.sys
2009-11-23 15:10:45 202387 ----a-w- c:\windows\hpoins18.dat
2009-11-23 14:29:31 13824 ----a-w- c:\windows\system32\LAYOUT.DLL
2009-11-21 07:52:02 17177413 ----a-w- c:\users\fred\appdata\roaming\WinZip PRO FINAL v14.0 + Serials By ChattChitto.exe
2009-11-20 02:42:56 592488 ----a-w- c:\windows\system32\nvuninst.exe
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 17:22:52.29 ===============

Attached

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows 7 Enterprise
Boot Device: \Device\HarddiskVolume1
Install Date: 11/23/2009 8:02:14 AM
System Uptime: 2/11/2010 3:48:51 PM (2 hours ago)

Motherboard: ECS | | Nettle2
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5000+ | Socket M2 | 2600/201mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 326 GiB total, 193.754 GiB free.
D: is FIXED (NTFS) - 9 GiB total, 1.204 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is FIXED (NTFS) - 466 GiB total, 226.092 GiB free.
H: is FIXED (NTFS) - 466 GiB total, 413.821 GiB free.
I: is Removable
J: is FIXED (NTFS) - 932 GiB total, 607.112 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

µTorrent
1st Free Solitaire 1.7.1
2009 Hallmark Bonus Pack
32 Bit HP CIO Components Installer
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3
Adobe Shockwave Player 11.5
AFPL Ghostscript 8.54
AFPL Ghostscript Fonts
AIO_CDA_ProductContext
AIO_CDA_Software
AIO_Scan
All Media Fixer 2008 9.07
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Software Update
Ashampoo Burning Studio 3.03
Ashampoo Burning Studio 9.21
Ashampoo ClipFisher1.21
Ashampoo DVD Theme Pack 1
Ashampoo HDD Control 1.10
Audacity 1.2.6
AVS Audio Converter version 6.1
AVS DVDMenu Editor 1.2.1.19
AVS Update Manager 1.0
AVS Video Converter 6
AVS Video Tools 5.6
AVS4YOU Software Navigator 1.3
Backup4all Professional 4
BitPim 1.0.7.20090805
Blaze Media Pro
Browser Defender 2.0.6.11
BS.Player PRO
BufferChm
C4100
c4100_Help
CCleaner
Collage Maker
Contact Sheets 1.7.0.1
ConvertXtoDVD 4.0.9.322
Copy
Coupon Printer for Windows
DaisyTrail DigiKit Collection 1
DesignPro 5.4 Limited Edition
Destinations
DeviceDiscovery
DocProc
Dropbox
DVDFab 6.2.1.8 (31/12/2009)
ESET Smart Security
Fax
FLV to AVI MPEG WMV 3GP MP4 iPod Converter 5.2.0603
Foxit Reader
FrameShots Video Screen Capture
Google Gmail Notifier
GPBaseService2
H&R Block Deluxe + Efile + State 2009
H&R Block Georgia 2009
Hallmark Card Studio 2009 Deluxe
Hallmark Card Studio 2010 Deluxe
HP Customer Participation Program 13.0
HP Imaging Device Functions 13.0
HP Photosmart All-In-One Driver Software 13.0 Rel. A
HP Photosmart Essential 3.5
HP Smart Web Printing 4.60
HP Solution Center 13.0
HP Update
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
ImgBurn
ImTOO AVI to DVD Converter
IrfanView (remove only)
iSkysoft Video Converter(Build 2.2.1.0)
IsoBuster 2.7
Java(TM) 6 Update 17
Karen's Directory Printer
LAME v3.98.2 for Audacity
LG USB Modem Drivers
LimeWire PRO 5.3.6
Magic ISO Maker v5.5 (build 0276)
Malwarebytes' Anti-Malware
MarketResearch
Match-Up!
Media Player Classic - Home Cinema v. 1.3.1249.0
Microsoft Antimalware
Microsoft Office Access database engine 2007 (English)
Microsoft Office Professional Edition 2003
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Streets & Trips 2010
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable Package
Mindful version 2
Morpheus Photo Animation Suite v3.11
Moyea FLV Player version: 2.0.2.94
Mozilla Firefox (3.5.7)
Mpeg2Decoder 1.3
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
MSXML 4.0 SP2 Parser and SDK
Network
NVIDIA Display Control Panel
NVIDIA Drivers
OCR Software by I.R.I.S. 13.0
OGA Notifier 2.0.0048.0
OJOsoft Total Video Converter
Paint.NET v3.5.1
Pdf995 (installed by H&R Block)
PdfEdit995 (installed by H&R Block)
Photo Collage Platinum 2.06
Photodex Presenter
Picasa 3
PlayFLV
ProShow Gold
PVSonyDll
Quicken 2009
QuickTime
Scan
SceneGrabber.NET
Scrapbook Factory Deluxe 4.0
SmartWebPrinting
SnagIt 8
SolutionCenter
Spybot - Search & Destroy
Spyware Doctor 7.0
Status
Striata Reader
SyncBackPro
System Requirements Lab
Toolbox
TrayApp
TurboTax 2009
TurboTax 2009 wgaiper
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wrapper
Ultra Video Joiner 5.2.0108
Uniblue RegistryBooster 2010
Uniblue SpeedUpMyPC 2009
UnloadSupport
WebReg
WinAVI Video Converter
Windows Media Player Firefox Plugin
Windows Movie Maker 2.6
WinRAR archiver
WinZip 14.0
Xilisoft DVD Ripper Ultimate
XviD Video Codec (remove only)

==== Event Viewer Messages From Past Week ========

2/9/2010 8:21:42 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.75.517.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5406.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
2/9/2010 8:21:42 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.75.517.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5406.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
2/9/2010 8:21:42 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.75.517.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5406.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
2/9/2010 11:58:21 AM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
2/7/2010 8:59:03 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR3.
2/7/2010 4:49:37 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume G:.
2/7/2010 4:43:34 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume H:.
2/7/2010 4:43:30 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume Cavalry Drive.
2/7/2010 4:39:50 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000c2 (0x00000007, 0x00001097, 0x1b210425, 0xb8e93508). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 020710-18985-01.
2/7/2010 4:34:27 PM, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?link...tid=2147630792 User: NT AUTHORITY\SYSTEM Name: Worm:Win32/VB.WA ID: 2147630792 Severity: Severe Category: Worm Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.75.494.0, AS: 1.75.494.0 Engine Version: 1.1.5406.0
2/7/2010 3:49:41 PM, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?link...tid=2147630792 User: NT AUTHORITY\SYSTEM Name: Worm:Win32/VB.WA ID: 2147630792 Severity: Severe Category: Worm Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.75.494.0, AS: 1.75.494.0 Engine Version: 1.1.5406.0
2/7/2010 3:49:41 PM, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?link...tid=2147600988 User: NT AUTHORITY\SYSTEM Name: Trojan:Win32/Dopip.A ID: 2147600988 Severity: Severe Category: Trojan Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.75.494.0, AS: 1.75.494.0 Engine Version: 1.1.5406.0
2/7/2010 2:16:46 PM, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?link...tid=2147628568 User: NT AUTHORITY\SYSTEM Name: TrojanDownloader:ASX/Wimad.CN ID: 2147628568 Severity: Severe Category: Trojan Downloader Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.75.494.0, AS: 1.75.494.0 Engine Version: 1.1.5406.0
2/7/2010 2:07:46 PM, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?link...tid=2147630792 User: NT AUTHORITY\SYSTEM Name: Worm:Win32/VB.WA ID: 2147630792 Severity: Severe Category: Worm Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.75.494.0, AS: 1.75.494.0 Engine Version: 1.1.5406.0
2/7/2010 12:58:08 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
2/7/2010 1:02:37 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Networking Identity Manager service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
2/7/2010 1:02:37 PM, Error: Service Control Manager [7001] - The Peer Name Resolution Protocol service depends on the Peer Networking Identity Manager service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
2/7/2010 1:02:37 PM, Error: Service Control Manager [7000] - The Peer Networking Identity Manager service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/7/2010 1:02:32 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Peer Networking Identity Manager service to connect.
2/7/2010 1:00:05 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intuit Update Service service to connect.
2/7/2010 1:00:05 PM, Error: Service Control Manager [7000] - The Intuit Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/6/2010 8:22:13 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
2/6/2010 7:53:18 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk5\DR5.
2/6/2010 2:53:27 AM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/6/2010 2:53:27 AM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/6/2010 2:53:27 AM, Error: Service Control Manager [7031] - The Offline Files service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/6/2010 2:53:27 AM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
2/6/2010 2:53:27 AM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/6/2010 11:30:49 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
2/6/2010 11:30:48 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
2/6/2010 11:30:47 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
2/6/2010 11:30:46 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
2/6/2010 11:30:45 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2/6/2010 11:30:38 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
2/6/2010 11:30:20 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache ehdrv MpFilter spldr TfFsMon TfSysMon Wanarpv6
2/6/2010 10:15:31 AM, Error: Service Control Manager [7034] - The Diagnostic System Host service terminated unexpectedly. It has done this 1 time(s).
2/6/2010 10:15:31 AM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/6/2010 10:15:31 AM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/6/2010 10:15:31 AM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/6/2010 10:15:31 AM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/6/2010 10:15:31 AM, Error: Service Control Manager [7031] - The Offline Files service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
2/6/2010 10:15:31 AM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
2/6/2010 10:15:31 AM, Error: Service Control Manager [7031] - The HomeGroup Listener service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/6/2010 10:15:31 AM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
2/6/2010 10:15:31 AM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/6/2010 1:52:19 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001a (0x00041201, 0xc002f600, 0x98d422f5, 0x85987aa0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 020610-31808-01.
2/5/2010 9:12:57 PM, Error: Service Control Manager [7000] - The MBAMService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/5/2010 9:12:55 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the MBAMService service to connect.
2/5/2010 9:10:29 PM, Error: Service Control Manager [7030] - The ThreatFire service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
2/5/2010 9:08:10 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.
2/5/2010 8:00:20 AM, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?link...tid=2147628568 User: NT AUTHORITY\SYSTEM Name: TrojanDownloader:ASX/Wimad.CN ID: 2147628568 Severity: Severe Category: Trojan Downloader Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.75.422.0, AS: 1.75.422.0 Engine Version: 1.1.5406.0
2/5/2010 6:56:53 PM, Error: Service Control Manager [7034] - The Webroot Client Service service terminated unexpectedly. It has done this 1 time(s).
2/5/2010 6:56:46 PM, Error: Service Control Manager [7034] - The Webroot Spy Sweeper Engine service terminated unexpectedly. It has done this 1 time(s).
2/5/2010 6:50:53 PM, Error: Application Popup [876] - Driver ssidrv.sys has been blocked from loading.
2/5/2010 6:28:21 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
2/5/2010 6:23:05 PM, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?link...tid=2147625188 User: NT AUTHORITY\SYSTEM Name: Worm:Win32/Orbina!rts ID: 2147625188 Severity: High Category: Worm Path: Action: Quarantine Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.75.422.0, AS: 1.75.422.0 Engine Version: 1.1.5406.0
2/5/2010 5:50:16 PM, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?link...tid=2147628568 User: NT AUTHORITY\SYSTEM Name: TrojanDownloader:ASX/Wimad.CN ID: 2147628568 Severity: Severe Category: Trojan Downloader Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.75.422.0, AS: 1.75.422.0 Engine Version: 1.1.5406.0
2/5/2010 5:19:35 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x81ec5da9, 0xa3e5bb38, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 020510-24242-01.
2/5/2010 5:16:58 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk4\DR6.
2/5/2010 5:05:18 PM, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?link...tid=2147628568 User: NT AUTHORITY\SYSTEM Name: TrojanDownloader:ASX/Wimad.CN ID: 2147628568 Severity: Severe Category: Trojan Downloader Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.75.422.0, AS: 1.75.422.0 Engine Version: 1.1.5406.0
2/5/2010 4:59:43 PM, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?link...tid=2147628568 User: NT AUTHORITY\SYSTEM Name: TrojanDownloader:ASX/Wimad.CN ID: 2147628568 Severity: Severe Category: Trojan Downloader Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.75.422.0, AS: 1.75.422.0 Engine Version: 1.1.5406.0
2/5/2010 4:53:49 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007a (0xc053e5e8, 0xc0000185, 0x08ec0be0, 0xa7cbd000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 020510-25022-01.
2/5/2010 4:29:31 PM, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?link...tid=2147628568 User: NT AUTHORITY\SYSTEM Name: TrojanDownloader:ASX/Wimad.CN ID: 2147628568 Severity: Severe Category: Trojan Downloader Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.75.422.0, AS: 1.75.422.0 Engine Version: 1.1.5406.0
2/5/2010 12:06:59 PM, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?link...tid=2147628568 User: NT AUTHORITY\SYSTEM Name: TrojanDownloader:ASX/Wimad.CN ID: 2147628568 Severity: Severe Category: Trojan Downloader Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.75.422.0, AS: 1.75.422.0 Engine Version: 1.1.5406.0
2/4/2010 9:17:58 AM, Error: ssidrv [26] -
2/4/2010 8:45:56 PM, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?link...tid=2147621024 User: NT AUTHORITY\SYSTEM Name: TrojanDownloader:ASX/Wimad.AZ ID: 2147621024 Severity: Severe Category: Trojan Downloader Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.75.331.0, AS: 1.75.331.0 Engine Version: 1.1.5406.0
2/4/2010 12:28:46 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: is3srv
2/4/2010 11:34:04 AM, Error: Service Control Manager [7031] - The Portable Device Enumerator Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/4/2010 10:29:30 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
2/11/2010 9:54:32 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: TfFsMon TfSysMon
2/11/2010 9:54:29 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.
2/11/2010 9:54:29 AM, Error: Service Control Manager [7000] - The SBSD Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/11/2010 9:53:37 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001a (0x00000031, 0x854542f0, 0x974e5000, 0xb2a8e0ab). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 021110-22323-01.
2/11/2010 9:08:39 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk4\DR4.
2/11/2010 3:50:50 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: is3srv TfFsMon TfSysMon
2/11/2010 3:39:50 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume FreeAgent Drive.
2/10/2010 12:24:19 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
2/10/2010 1:14:50 PM, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?link...tid=2147624825 User: NT AUTHORITY\SYSTEM Name: VirTool:Win32/Obfuscator.XX ID: 2147624825 Severity: Severe Category: Tool Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.75.517.0, AS: 1.75.517.0 Engine Version: 1.1.5406.0
2/10/2010 1:14:50 PM, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?link...tid=2147624825 User: NT AUTHORITY\SYSTEM Name: VirTool:Win32/Obfuscator.XX ID: 2147624825 Severity: Severe Category: Tool Path: Action: Quarantine Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.75.517.0, AS: 1.75.517.0 Engine Version: 1.1.5406.0
2/10/2010 1:10:39 PM, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?link...tid=2147624825 User: NT AUTHORITY\SYSTEM Name: VirTool:Win32/Obfuscator.XX ID: 2147624825 Severity: Severe Category: Tool Path: Action: Quarantine Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.75.517.0, AS: 1.75.517.0 Engine Version: 1.1.5406.0
2/10/2010 1:10:38 PM, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?link...tid=2147624825 User: NT AUTHORITY\SYSTEM Name: VirTool:Win32/Obfuscator.XX ID: 2147624825 Severity: Severe Category: Tool Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.75.517.0, AS: 1.75.517.0 Engine Version: 1.1.5406.0

==== End Of File ===========================

Fredb38 is offline  
Old 11th February 2010   #6
Malware Analyst
 
broni's Avatar
 
Profile:
Join Date: Aug 2002
Location: Daly City, CA
Posts: 20,105
Computer Experience:
intermediate
broni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Level

My System
Please download ComboFix from Here or Here to your Desktop.


**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE 1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

broni is offline  
Old 12th February 2010   #7
Senior Member
THREAD STARTER
 
Profile:
Join Date: May 2003
Location: Omega, Ga
Posts: 179
Computer Experience:
Intermediate
Fredb38 Reputation Level

ComboFix 10-02-11.04 - Fred 02/11/2010 18:45:51.1.2 - x86
Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.3454.2082 [GMT -5:00]
Running from: c:\users\Fred\Downloads\ComboFix.exe
SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2010-01-12 to 2010-02-12 )))))))))))))))))))))))))))))))
.

2010-02-12 00:02 . 2010-02-12 00:02 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-02-12 00:02 . 2010-02-12 00:02 -------- d-----w- c:\users\DZH~1.OLY\AppData\Local\temp
2010-02-12 00:02 . 2010-02-12 00:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-11 20:54 . 2010-02-11 20:54 -------- d-----w- c:\users\Fred\AppData\Roaming\HPAppData
2010-02-11 20:54 . 2010-02-11 20:54 385024 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{77DCD6F8-6990-39DD-A30C-DF71DD740DA5}-iS3UI5.dll
2010-02-11 20:52 . 2010-02-11 20:52 -------- d-----w- c:\users\Fred\AppData\Local\Threat Expert
2010-02-10 18:09 . 2010-02-10 18:09 1056768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{1A2D0C2E-5EED-0628-94BE-20AA69FA49A7}-$REKQ5YW.exe
2010-02-10 18:08 . 2010-02-10 18:08 1056768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{637BD3DB-F3F5-F124-3A07-8BE72DE10F00}-$RN616PX.exe
2010-02-10 17:45 . 2010-02-10 17:45 1056768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{15E5B4D8-C7D1-2F32-C01C-B3DEFA8BC352}-Assistant.exe
2010-02-10 00:50 . 2009-12-08 11:40 3955288 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-10 00:50 . 2009-12-08 11:32 292864 ----a-w- c:\windows\system32\apphelp.dll
2010-02-10 00:50 . 2009-12-08 11:40 3899464 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-10 00:27 . 2009-12-08 08:05 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-10 00:27 . 2009-12-08 08:05 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-02-10 00:26 . 2009-12-19 09:02 1328640 ----a-w- c:\windows\system32\quartz.dll
2010-02-10 00:26 . 2009-12-19 09:02 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-02-10 00:26 . 2009-12-19 09:02 84480 ----a-w- c:\windows\system32\mciavi32.dll
2010-02-10 00:26 . 2009-12-19 09:02 22016 ----a-w- c:\windows\system32\msyuv.dll
2010-02-10 00:26 . 2009-12-19 09:02 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-02-10 00:26 . 2009-12-19 09:02 91648 ----a-w- c:\windows\system32\avifil32.dll
2010-02-10 00:26 . 2009-12-19 09:02 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2010-02-10 00:26 . 2009-12-19 09:02 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-02-10 00:26 . 2010-01-08 03:18 221184 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-10 00:26 . 2010-01-08 03:17 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-10 00:25 . 2010-01-18 23:29 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-10 00:25 . 2010-01-18 23:29 369152 ----a-w- c:\windows\system32\secproc.dll
2010-02-10 00:25 . 2010-01-18 23:28 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-10 00:25 . 2010-01-18 23:28 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-10 00:25 . 2010-01-18 23:29 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-10 00:25 . 2010-01-18 23:29 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-10 00:25 . 2010-01-18 23:28 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-10 00:25 . 2010-01-18 23:28 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-09 05:10 . 2010-02-09 05:10 1724728 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{1E9CF5D5-80CD-09F1-CC34-3BE3B36BB112}-CCleaner.exe
2010-02-08 15:53 . 2010-02-08 15:55 -------- d-----w- c:\users\Fred\AppData\Roaming\Easy Thumbnails
2010-02-07 16:09 . 2009-11-10 15:26 767952 ----a-w- c:\windows\BDTSupport.dll
2010-02-07 16:09 . 2009-11-10 15:28 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-02-07 16:09 . 2009-10-28 06:36 1152444 ----a-w- c:\windows\UDB.zip
2010-02-07 16:09 . 2008-11-26 17:08 131 ----a-w- c:\windows\IDB.zip
2010-02-07 16:09 . 2009-11-10 15:28 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-02-07 16:09 . 2009-11-10 15:28 1640400 ----a-w- c:\windows\PCTBDCore.dll
2010-02-07 16:09 . 2009-10-30 16:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-02-07 16:09 . 2009-10-30 16:09 98600 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2010-02-07 16:08 . 2009-11-09 16:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-02-07 16:08 . 2009-10-06 21:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-02-07 16:08 . 2009-09-03 14:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-02-07 16:06 . 2010-02-07 16:09 -------- d-----w- c:\program files\Common Files\PC Tools
2010-02-07 16:06 . 2010-02-11 23:05 -------- d-----w- c:\program files\Spyware Doctor
2010-02-07 16:06 . 2010-02-07 16:06 -------- d-----w- c:\users\Fred\AppData\Roaming\PC Tools
2010-02-07 05:14 . 2010-02-07 05:17 -------- d-----w- c:\users\Fred\AppData\Roaming\QuickScan
2010-02-07 05:13 . 2010-01-11 22:33 789320 ----a-w- c:\users\Fred\AppData\Roaming\Mozilla\Firefox\Profiles\5uvqh77u.default\ext ensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2010-02-07 05:13 . 2010-01-11 22:32 698184 ----a-w- c:\users\Fred\AppData\Roaming\Mozilla\Firefox\Profiles\5uvqh77u.default\ext ensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
2010-02-06 15:12 . 2010-02-06 15:12 -------- dc----w- c:\programdata\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2010-02-06 00:34 . 2010-02-07 16:06 -------- d-----w- c:\programdata\PC Tools
2010-02-05 22:38 . 2010-02-05 22:38 0 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{EDA09200-65E6-4359-93FF-B64E07FAEDA2}-Spy Sweeper Trail Reset!.exe
2010-02-05 22:38 . 2010-02-05 22:38 0 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{C3D8DE87-C0DA-4575-B142-C0CC30EC86C2}-Spy Sweeper Trail Reset!.exe
2010-02-05 22:38 . 2010-02-05 22:38 0 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{43D4EB3B-5228-43A3-B046-3F052E9CEF27}-Spy Sweeper Trail Reset!.exe
2010-02-05 22:38 . 2010-02-05 22:38 0 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{33156D32-FD82-465F-9F74-836C647A23D1}-Spy Sweeper Trail Reset!.exe
2010-02-05 22:38 . 2010-02-05 22:38 0 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{23076EDC-276D-4117-8BD8-7616D85B6FEC}-Spy Sweeper Trail Reset!.exe
2010-02-05 22:38 . 2010-02-05 22:38 0 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{09A121DD-34F1-42F7-A119-E9329C53F565}-Spy Sweeper Trail Reset!.exe
2010-02-05 22:37 . 2010-02-05 22:37 0 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{DE74F754-EBBB-4433-BC71-C3C804145256}-Spy Sweeper Trail Reset!.exe
2010-02-05 22:37 . 2010-02-05 22:37 0 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{6B0544FB-7F8B-4211-8F71-DE8BDCEACB4D}-Spy Sweeper Trail Reset!.exe
2010-02-05 22:36 . 2010-02-05 22:36 0 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{157D584B-27D3-4C27-8595-8407F1101C71}-Spy Sweeper Trail Reset!.exe
2010-02-05 01:02 . 2010-02-05 02:52 -------- d-----w- c:\users\Fred\AppData\Local\Ashampoo Music Studio 3
2010-02-04 17:24 . 2010-02-04 17:24 -------- d-----w- c:\program files\Creative Home
2010-02-04 15:31 . 2010-02-12 00:03 -------- d-----w- c:\users\Fred\AppData\Local\temp
2010-02-04 14:10 . 2010-02-04 15:07 -------- d-----w- c:\program files\Enigma Software Group
2010-02-04 12:14 . 2010-02-04 12:14 164 ----a-w- c:\windows\install.dat
2010-02-04 05:16 . 2010-02-04 05:16 -------- d-----w- c:\program files\MSSOAP
2010-02-04 03:49 . 2010-02-04 03:49 43094016 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{B950C6AC-7BDB-45C9-A9F8-A020277C5B27}-ashampoo_office2008_310_fm.exe
2010-02-04 03:49 . 2010-02-04 03:49 43094016 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{7C84BA20-B8BD-405F-AABF-AA170A554DA2}-ashampoo_office2008_310_fm.exe
2010-02-04 03:48 . 2010-02-04 03:48 43094016 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{3E516F9E-C9F3-4483-9684-B5765280A26B}-ashampoo_office2008_310_fm.exe
2010-02-04 03:47 . 2010-02-04 03:47 43094016 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{82113ADB-91DB-4E9F-8F38-317C918071E0}-ashampoo_office2008_310_fm.exe
2010-02-04 03:47 . 2010-02-04 03:47 43094016 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{86859B24-C248-4267-B458-5DBAEBF261BC}-ashampoo_office2008_310_fm.exe
2010-02-04 03:45 . 2010-02-04 03:45 67740 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{6DCE3DAC-58B3-4CCC-98D9-D6D221C118B1}-keygen.exe
2010-02-04 03:44 . 2010-02-04 03:44 67740 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{BA014A5E-4487-42F4-A4A7-507C699E3AF0}-keygen.exe
2010-02-04 02:23 . 2010-02-11 20:52 -------- d-----w- c:\programdata\SITEguard
2010-02-04 02:23 . 2010-02-04 02:23 -------- d-----w- c:\program files\Common Files\iS3
2010-02-04 02:22 . 2010-02-11 20:55 -------- d-----w- c:\programdata\STOPzilla!
2010-02-04 01:45 . 2010-02-04 01:55 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-02-04 01:43 . 2010-02-04 01:53 -------- d-----w- c:\programdata\Hitman Pro
2010-02-03 04:14 . 2010-02-03 04:14 102400 --sha-r- c:\windows\system32\sppsvcb.dll
2010-02-02 20:19 . 2010-02-02 20:19 -------- d-----w- c:\users\Fred\AppData\Roaming\Foxit Software
2010-02-02 19:43 . 2010-02-02 19:43 -------- d-----w- c:\users\Fred\AppData\Roaming\Foxit
2010-02-02 19:43 . 2010-02-02 19:43 -------- d-----w- c:\program files\Foxit Software
2010-02-02 18:40 . 2010-02-02 18:58 -------- d-----w- c:\users\Fred\AppData\Roaming\WinMount
2010-02-02 18:39 . 2010-02-02 18:39 41776 ----a-w- c:\windows\system32\drivers\WMDrive.sys
2010-02-02 05:39 . 2010-02-02 05:39 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-02-02 05:38 . 2008-04-07 10:38 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2010-02-02 04:09 . 2010-02-02 04:09 -------- d-----w- c:\programdata\FLEXnet
2010-01-30 20:29 . 2010-01-30 20:30 -------- d-----w- c:\program files\NVIDIA Corporation
2010-01-30 20:28 . 2010-01-12 04:03 68200 ----a-w- c:\windows\system32\OpenCL.dll
2010-01-30 20:28 . 2010-01-12 04:03 14924392 ----a-w- c:\windows\system32\nvoglv32.dll
2010-01-30 20:28 . 2010-01-12 04:03 11586280 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2010-01-30 20:28 . 2010-01-12 04:03 4077672 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-01-30 20:28 . 2010-01-12 04:03 4061800 ----a-w- c:\windows\system32\nvcuda.dll
2010-01-30 20:28 . 2010-01-12 04:03 2243176 ----a-w- c:\windows\system32\nvcuvid.dll
2010-01-30 20:28 . 2010-01-12 04:03 182888 ----a-w- c:\windows\system32\nvcod189.dll
2010-01-30 20:28 . 2010-01-12 04:03 182888 ----a-w- c:\windows\system32\nvcod.dll
2010-01-30 20:28 . 2010-01-12 04:03 11639400 ----a-w- c:\windows\system32\nvcompiler.dll
2010-01-30 20:28 . 2010-01-30 20:28 -------- d-----w- C:\NVIDIA
2010-01-30 20:01 . 2010-01-30 20:02 -------- d-----w- c:\program files\SystemRequirementsLab
2010-01-30 20:01 . 2010-01-30 20:01 -------- d-----w- c:\users\Fred\AppData\Roaming\SystemRequirementsLab
2010-01-30 20:01 . 2010-01-30 20:01 290816 ----a-w- c:\users\Fred\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_4.dll
2010-01-30 20:01 . 2010-01-30 20:01 290816 ----a-w- c:\users\Fred\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_3.dll
2010-01-30 20:01 . 2010-01-30 20:01 290816 ----a-w- c:\users\Fred\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_2.dll
2010-01-30 20:01 . 2010-01-30 20:01 290816 ----a-w- c:\users\Fred\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_1.dll
2010-01-29 21:30 . 2010-01-29 21:31 -------- d-----w- c:\users\Fred\AppData\Roaming\pdf995
2010-01-29 21:29 . 2010-01-29 21:31 -------- d-----w- c:\programdata\pdf995
2010-01-29 21:29 . 2010-01-29 21:29 51716 ----a-w- c:\windows\system32\pdf995mon.dll
2010-01-29 21:29 . 2010-01-29 21:29 249856 ----a-w- c:\windows\system32\pdfmona.dll
2010-01-29 21:29 . 2007-08-24 16:13 142 ----a-w- c:\windows\wpd99.drv
2010-01-29 21:29 . 2009-07-14 01:15 203264 ----a-w- c:\windows\system32\wbem\framedyn.dll
2010-01-29 17:47 . 2010-01-29 17:48 2888440 ----a-w- c:\programdata\TaxCut\2009\Downloads\HRBlockGA.exe
2010-01-29 16:39 . 2010-01-29 16:44 16832384 ----a-w- c:\programdata\TaxCut\2009\Update\US57016001xupd.exe
2010-01-28 13:53 . 2010-01-28 13:53 15524808 ----a-w- c:\programdata\TaxCut\2009\Update\US30025701xupd.exe
2010-01-28 13:51 . 2010-01-29 21:31 -------- d-----w- c:\users\Fred\AppData\Roaming\TaxCut
2010-01-28 13:48 . 2010-01-29 21:29 -------- d-----w- c:\program files\PDF995
2010-01-28 13:48 . 2010-01-28 13:49 -------- d-----w- c:\program files\HRBlock2009
2010-01-28 13:47 . 2010-01-28 13:47 -------- d-----w- c:\programdata\TaxCut
2010-01-26 20:15 . 2009-10-31 05:45 2614272 ----a-w- c:\windows\explorer.exe
2010-01-26 20:15 . 2009-10-28 06:17 285696 ----a-w- c:\windows\system32\winlogon.exe
2010-01-26 20:15 . 2009-10-24 04:00 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2010-01-26 20:15 . 2009-10-24 03:58 41984 ----a-w- c:\windows\system32\drivers\usbehci.sys
2010-01-25 18:50 . 2010-01-25 19:11 -------- d-----w- c:\users\Fred\AppData\Local\Quicken WillMaker
2010-01-23 01:17 . 2010-01-23 01:33 -------- d-----w- c:\users\Fred\AppData\Local\WMTools Downloaded Files

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-11 23:43 . 2009-11-23 16:01 -------- d-----w- c:\users\Fred\AppData\Roaming\uTorrent
2010-02-11 20:52 . 2010-02-11 20:51 856 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-02-11 20:50 . 2009-12-10 13:58 -------- d-----w- c:\users\Fred\AppData\Roaming\Dropbox
2010-02-11 14:09 . 2009-11-23 17:26 -------- d-----w- c:\users\Fred\AppData\Roaming\Vso
2010-02-10 19:41 . 2009-11-23 15:38 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-02-06 22:46 . 2009-12-22 02:10 -------- d-----w- c:\users\Fred\AppData\Roaming\1st Free Solitaire
2010-02-06 16:34 . 2009-12-12 02:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-06 05:06 . 2009-11-23 14:42 -------- d-----w- c:\programdata\HP
2010-02-06 03:52 . 2009-12-02 21:49 -------- d-----w- c:\users\Fred\AppData\Roaming\dvdcss
2010-02-05 03:24 . 2010-01-06 04:13 -------- d-----w- c:\users\Fred\AppData\Roaming\AVS4YOU
2010-02-05 03:23 . 2010-01-06 04:10 -------- d-----w- c:\program files\AVS4YOU
2010-02-05 02:19 . 2010-02-05 02:18 -------- d-----w- c:\users\Fred\AppData\Roaming\FreeAudioPack
2010-02-05 02:10 . 2009-12-06 23:56 -------- d--h--w- c:\users\Fred\AppData\Roaming\InAlbumTemp
2010-02-05 01:43 . 2009-12-03 21:27 -------- d-----w- c:\users\Fred\AppData\Roaming\LimeWire
2010-02-04 16:40 . 2009-11-23 14:15 249768 ----a-w- c:\users\Fred\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-04 16:37 . 2009-12-17 01:58 -------- d-----w- c:\programdata\Creative Home
2010-02-04 16:36 . 2009-12-17 02:07 -------- d-----w- c:\users\Fred\AppData\Roaming\Creative Home
2010-02-02 04:04 . 2009-11-23 16:24 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-30 20:30 . 2009-12-24 22:11 -------- d-----w- c:\programdata\NVIDIA
2010-01-20 20:36 . 2009-11-23 14:15 -------- d-----w- c:\program files\Common Files\AnswerWorks 5.0
2010-01-20 20:32 . 2009-12-14 14:42 -------- d-----w- c:\program files\TurboTax
2010-01-20 13:36 . 2009-12-06 14:21 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-14 16:12 . 2009-11-23 13:16 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-13 16:44 . 2010-01-07 01:10 -------- d-----w- c:\users\Fred\AppData\Roaming\vlc
2010-01-12 04:03 . 2010-01-30 20:28 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2010-01-12 04:03 . 2009-09-28 04:12 592488 ----a-w- c:\windows\system32\nvudisp.exe
2010-01-12 04:03 . 2009-09-28 04:12 1280616 ----a-w- c:\windows\system32\nvapi.dll
2010-01-12 04:03 . 2009-06-10 21:19 9388648 ----a-w- c:\windows\system32\nvd3dum.dll
2010-01-12 03:18 . 2010-01-12 03:18 962664 ----a-w- c:\windows\system32\nvsvc.dll
2010-01-12 03:18 . 2010-01-12 03:18 13679720 ----a-w- c:\windows\system32\nvcpl.dll
2010-01-12 03:18 . 2010-01-12 03:18 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-01-12 03:18 . 2010-01-12 03:18 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-01-11 19:13 . 2009-11-30 16:06 -------- d-----w- c:\users\Fred\AppData\Roaming\HpUpdate
2010-01-09 21:20 . 2010-01-09 21:20 -------- d-----w- c:\program files\VSO
2010-01-09 13:15 . 2010-01-02 19:40 5115824 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-08 17:10 . 2010-01-08 17:10 -------- d-----w- c:\users\Fred\AppData\Roaming\Moyea
2010-01-08 17:09 . 2010-01-08 17:09 -------- d-----w- c:\program files\Moyea
2010-01-07 21:07 . 2009-12-12 02:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07 . 2009-12-12 02:23 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-07 14:23 . 2010-01-07 14:23 -------- dc-h--w- c:\programdata\{EFE627F2-85B4-425A-99CB-4FF4189D5429}
2010-01-07 01:53 . 2009-11-23 15:48 -------- d-----w- c:\programdata\RegCure
2010-01-07 01:51 . 2010-01-07 01:51 -------- d-----w- c:\program files\ffdshow
2010-01-06 04:10 . 2009-11-23 22:30 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-01-06 03:49 . 2009-11-23 22:39 -------- d-----w- c:\users\Fred\AppData\Roaming\AVSMedia
2010-01-05 02:10 . 2010-01-05 01:38 23124 ----a-w- c:\windows\hpqins15.dat
2010-01-02 18:16 . 2010-01-02 18:16 -------- d-----w- c:\program files\Photodex Presenter
2010-01-02 18:16 . 2010-01-02 18:16 -------- d-----w- c:\users\Fred\AppData\Roaming\Netscape
2010-01-02 18:16 . 2010-01-02 18:15 -------- d-----w- c:\programdata\Photodex
2010-01-02 15:56 . 2009-12-06 23:48 -------- d-----w- c:\users\Fred\AppData\Roaming\Photodex
2009-12-30 03:32 . 2009-11-23 20:19 -------- d-----w- c:\programdata\vsosdk
2009-12-29 16:55 . 2009-12-29 16:55 -------- d-----w- c:\program files\Karen's Power Tools
2009-12-29 16:55 . 2009-12-29 16:55 -------- d-----w- c:\programdata\Karen's Power Tools
2009-12-29 14:10 . 2009-12-29 14:09 -------- d-----w- c:\program files\gs
2009-12-25 03:54 . 2009-12-25 03:54 -------- d-----w- c:\program files\Ultra Video Joiner
2009-12-25 02:35 . 2009-12-25 02:35 -------- d-----w- c:\users\Fred\AppData\Roaming\Media Player Classic
2009-12-24 04:57 . 2009-12-24 04:57 -------- d-----w- c:\program files\Common Files\Common Share
2009-12-24 04:35 . 2009-12-24 04:35 -------- d-----w- c:\program files\Coupons
2009-12-22 03:53 . 2009-12-02 04:29 -------- d-----w- c:\program files\QuickTime
2009-12-22 03:53 . 2009-12-22 03:53 -------- d-----w- c:\programdata\Apple Computer
2009-12-22 03:52 . 2009-12-04 03:32 -------- d-----w- c:\program files\Apple Software Update
2009-12-22 02:10 . 2009-12-22 02:10 -------- d-----w- c:\program files\1st Free Solitaire
2009-12-21 14:26 . 2009-12-21 14:26 -------- d-----w- c:\program files\XviD
2009-12-20 19:21 . 2009-11-23 14:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-20 19:19 . 2009-12-19 00:37 36864 ----a-w- c:\programdata\TEMP\{80E158EA-7181-40FE-A701-301CE6BE64AB}\PostBuild.exe
2009-12-19 00:42 . 2009-12-18 21:13 -------- d-----w- c:\programdata\CyberLink
2009-12-18 21:17 . 2009-12-18 21:09 36864 ----a-w- c:\programdata\TEMP\{E3739848-5329-48E3-8D28-5BBD6E8BE384}\PostBuild.exe
2009-12-18 21:14 . 2009-12-18 21:14 -------- d-----w- c:\users\Fred\AppData\Roaming\CyberLink
2009-12-17 20:43 . 2009-12-17 20:42 -------- d-----w- c:\program files\Paint.NET
2009-12-15 19:33 . 2009-12-04 23:39 -------- d-----w- c:\programdata\Avery
2009-12-15 14:55 . 2009-12-15 14:54 -------- dc-h--w- c:\programdata\{B10A9EE2-3B21-44A2-A778-D14E0C4BB591}
2009-12-14 20:33 . 2009-12-14 20:24 -------- d-----w- c:\program files\Lame for Audacity
2009-12-14 20:23 . 2009-12-14 20:23 -------- d-----w- c:\program files\Audacity
2009-12-14 20:21 . 2009-12-14 20:21 -------- d-----w- c:\program files\BitPim
2009-12-14 19:15 . 2009-12-14 19:15 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-12-14 15:37 . 2009-12-14 15:37 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2009-12-14 15:27 . 2009-12-14 15:27 -------- d-----w- c:\program files\LG Electronics
2009-12-14 14:45 . 2009-11-23 14:15 -------- d-----w- c:\users\Fred\AppData\Roaming\Intuit
2009-12-14 14:43 . 2009-11-23 14:14 -------- d-----w- c:\programdata\Intuit
2009-12-14 14:42 . 2009-11-23 14:14 -------- d-----w- c:\program files\Common Files\Intuit
2009-12-11 20:36 . 2009-12-11 20:36 3175784 ----a-w- c:\users\Fred\AppData\Roaming\Uniblue\RegistryBooster 2010\_temp\ub.exe
2009-12-10 13:59 . 2009-12-10 13:59 89962 ----a-w- c:\users\Fred\AppData\Roaming\Dropbox\bin\Uninstall.exe
2009-12-07 23:11 . 2009-12-07 23:11 22486 ----a-r- c:\users\Fred\AppData\Roaming\Microsoft\Installer\{439800C9-FD42-4EA3-94D2-063DF0926873}\_12db153c.exe
2009-12-03 21:27 . 2009-12-03 21:27 77824 ----a-w- c:\users\Fred\AppData\Roaming\LimeWire\browser\xulrunner\xpicleanup.exe
2009-12-03 21:27 . 2009-12-03 21:27 20480 ----a-w- c:\users\Fred\AppData\Roaming\LimeWire\browser\xulrunner\components\autocon fig.dll
2009-12-02 04:28 . 2009-12-02 04:28 59 ----a-w- c:\windows\system32\fire.bat
2009-11-30 18:09 . 2009-11-30 18:09 114688 ----a-w- c:\windows\keymail.dll
2009-11-23 19:44 . 2009-11-23 19:44 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-23 17:26 . 2009-11-23 17:26 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-11-23 17:26 . 2009-11-23 17:26 47360 ----a-w- c:\users\Fred\AppData\Roaming\pcouffin.sys
2009-11-23 17:26 . 2009-11-23 17:26 47360 ----a-w- c:\users\Fred\AppData\Roaming\pcouffin.sys
2009-11-23 15:10 . 2009-11-23 15:03 202387 ----a-w- c:\windows\hpoins18.dat
2009-11-23 14:29 . 1996-08-30 22:02 13824 ----a-w- c:\windows\system32\LAYOUT.DLL
2009-11-23 14:17 . 2009-11-23 14:17 6725632 ----a-w- c:\programdata\Intuit\Quicken\Inet\Common\patch\Update\181625-18178.dll
2009-11-23 14:16 . 2009-11-23 14:16 3616768 ----a-w- c:\programdata\Intuit\Quicken\Inet\Common\patch\Update\181311-181414.dll
2009-11-23 14:16 . 2009-11-23 14:16 2904064 ----a-w- c:\programdata\Intuit\Quicken\Inet\Common\patch\Update\18154-181625.dll
2009-11-23 14:15 . 2009-11-23 14:15 1536000 ----a-w- c:\programdata\Intuit\Quicken\Inet\Common\patch\Update\181414-18154.dll
2009-11-23 14:15 . 2009-11-23 14:15 1007616 ----a-w- c:\programdata\Intuit\Quicken\Inet\Common\patch\Update\181129-181212.dll
2009-11-23 14:15 . 2009-11-23 14:15 811008 ----a-w- c:\programdata\Intuit\Quicken\Inet\Common\patch\Update\181212-181311.dll
2009-11-23 14:15 . 2009-11-23 14:15 245760 ----a-w- c:\programdata\Intuit\Quicken\Inet\Common\patch\Update\QWPATCH.EXE
2009-11-23 14:15 . 2009-11-23 14:15 223584 ----a-w- c:\programdata\Intuit\Quicken\Inet\Common\patch\Update\patchw32.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-10-08 21:18 77824 ----a-w- c:\users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt.3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-10-08 21:18 77824 ----a-w- c:\users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt.3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-10-08 21:18 77824 ----a-w- c:\users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt.3.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="h:\program files\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"Mindful 2"="c:\program files\Felitec\Mindful 2\Mindful.exe" [2009-04-04 471040]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-23 149280]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-01-07 429392]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-11-18 1243088]

c:\users\Fred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Fred\AppData\Roaming\Dropbox\bin\Dropbox.exe [2009-10-8 26805255]
ESET Smart Security.lnk - c:\program files\ESET\ESET Smart Security\egui.exe [2009-11-16 2054360]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSv c]
@="Service"
path=
backup=
backupExtension=Common Startup

R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [2/7/2010 11:08 AM 207792]
R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [11/16/2009 9:03 AM 108792]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2/7/2010 11:09 AM 112592]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [11/16/2009 9:04 AM 735960]
R2 epfwwfp;epfwwfp;c:\windows\System32\drivers\epfwwfp.sys [11/16/2009 9:06 AM 38240]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/5/2010 9:02 AM 236368]
R2 SBSDWSCService;SBSD Security Center Service;h:\program files\Spybot - Search & Destroy\Spybot - Search & Destroy\SDWinSec.exe [1/9/2010 8:53 AM 1153368]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2/9/2010 8:05 PM 359624]
R3 MBAMProtector;MBAMProtector;c:\windows\System32\drivers\mbam.sys [12/11/2009 9:23 PM 19160]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\System32\drivers\MpNWMon.sys [6/18/2009 6:48 PM 42480]
R3 VST_DPV;VST_DPV;c:\windows\System32\drivers\VSTDPV3.SYS [7/13/2009 5:13 PM 980992]
R3 VSTHWBS2;VSTHWBS2;c:\windows\System32\drivers\VSTBS23.SYS [7/13/2009 5:13 PM 266752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
getPlusHelper REG_MULTI_SZ getPlusHelper
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
FF - ProfilePath - c:\users\Fred\AppData\Roaming\Mozilla\Firefox\Profiles\5uvqh77u.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - component: c:\users\Fred\AppData\Roaming\Mozilla\Firefox\Profiles\5uvqh77u.default\ext ensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\Photodex Presenter\npPxPlay.dll
FF - plugin: c:\users\Fred\AppData\Roaming\Mozilla\Firefox\Profiles\5uvqh77u.default\ext ensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\users\Fred\AppData\Roaming\Mozilla\Firefox\Profiles\5uvqh77u.default\ext ensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1306462997-134322713-302931799-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FA089CD4-D770-73C2-9E59-136E9B0FF8F8}*]
@Allowed: (Read) (RestrictedCode)
"eancpbmobd"=hex:66,61,6c,66,61,68,62,70,6a,66,6f,62,00,00
"daocgbhp"=hex:64,62,6a,67,6b,67,62,6d,62,61,65,65,64,66,63,70,66,70,6b,64, 67,
62,6e,6c,6c,6c,62,61,6f,6a,6f,6d,6e,67,6a,6b,6e,6d,69,66,00,00
"iafgagoiedgbafoika"=hex:6b,61,62,62,69,6a,6b,6f,66,6c,6c,68,6f,69,63,6b,6a ,6d,
66,64,6a,62,00,00
"hadfgldiflahhoca"=hex:6b,61,62,62,69,6a,6b,6f,66,6c,6c,68,6f,69,63,6b,6a,6 d,
66,64,6a,62,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5772)
c:\users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt.3.dll
.
Completion time: 2010-02-11 19:08:14
ComboFix-quarantined-files.txt 2010-02-12 00:08
ComboFix2.txt 2010-02-04 15:31

Pre-Run: 211,692,056,576 bytes free
Post-Run: 211,698,974,720 bytes free

- - End Of File - - 8FE71487AE9108F0AF9A89ACE0F7C437

Fredb38 is offline  
Old 12th February 2010   #8
Malware Analyst
 
broni's Avatar
 
Profile:
Join Date: Aug 2002
Location: Daly City, CA
Posts: 20,105
Computer Experience:
intermediate
broni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Level

My System
1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:
File::
c:\windows\system32\sppsvcb.dll
c:\windows\system32\drivers\kgpcpy.cfg


Folder::

Driver::

Registry::

RegLockDel::

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

broni is offline  
Old 12th February 2010   #9
Senior Member
THREAD STARTER
 
Profile:
Join Date: May 2003
Location: Omega, Ga
Posts: 179
Computer Experience:
Intermediate
Fredb38 Reputation Level

ComboFix 10-02-11.04 - Fred 02/11/2010 19:46:02.2.2 - x86
Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.3454.2150 [GMT -5:00]
Running from: c:\users\Fred\Downloads\ComboFix.exe
Command switches used :: c:\users\Fred\Downloads\CFScript.txt
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
* Resident AV is active


FILE ::
"c:\windows\system32\drivers\kgpcpy.cfg"
"c:\windows\system32\sppsvcb.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\kgpcpy.cfg
c:\windows\system32\sppsvcb.dll

.
((((((((((((((((((((((((( Files Created from 2010-01-12 to 2010-02-12 )))))))))))))))))))))))))))))))
.

2010-02-12 01:01 . 2010-02-12 01:01 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-02-12 01:01 . 2010-02-12 01:01 -------- d-----w- c:\users\DZH~1.OLY\AppData\Local\temp
2010-02-12 01:01 . 2010-02-12 01:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-11 20:54 . 2010-02-11 20:54 -------- d-----w- c:\users\Fred\AppData\Roaming\HPAppData
2010-02-11 20:54 . 2010-02-11 20:54 385024 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{77DCD6F8-6990-39DD-A30C-DF71DD740DA5}-iS3UI5.dll
2010-02-11 20:52 . 2010-02-11 20:52 -------- d-----w- c:\users\Fred\AppData\Local\Threat Expert
2010-02-10 18:09 . 2010-02-10 18:09 1056768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{1A2D0C2E-5EED-0628-94BE-20AA69FA49A7}-$REKQ5YW.exe
2010-02-10 18:08 . 2010-02-10 18:08 1056768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{637BD3DB-F3F5-F124-3A07-8BE72DE10F00}-$RN616PX.exe
2010-02-10 17:45 . 2010-02-10 17:45 1056768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{15E5B4D8-C7D1-2F32-C01C-B3DEFA8BC352}-Assistant.exe
2010-02-10 00:50 . 2009-12-08 11:40 3955288 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-10 00:50 . 2009-12-08 11:32 292864 ----a-w- c:\windows\system32\apphelp.dll
2010-02-10 00:50 . 2009-12-08 11:40 3899464 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-10 00:27 . 2009-12-08 08:05 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-10 00:27 . 2009-12-08 08:05 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-02-10 00:26 . 2009-12-19 09:02 1328640 ----a-w- c:\windows\system32\quartz.dll
2010-02-10 00:26 . 2009-12-19 09:02 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-02-10 00:26 . 2009-12-19 09:02 84480 ----a-w- c:\windows\system32\mciavi32.dll
2010-02-10 00:26 . 2009-12-19 09:02 22016 ----a-w- c:\windows\system32\msyuv.dll
2010-02-10 00:26 . 2009-12-19 09:02 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-02-10 00:26 . 2009-12-19 09:02 91648 ----a-w- c:\windows\system32\avifil32.dll
2010-02-10 00:26 . 2009-12-19 09:02 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2010-02-10 00:26 . 2009-12-19 09:02 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-02-10 00:26 . 2010-01-08 03:18 221184 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-10 00:26 . 2010-01-08 03:17 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-10 00:25 . 2010-01-18 23:29 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-10 00:25 . 2010-01-18 23:29 369152 ----a-w- c:\windows\system32\secproc.dll
2010-02-10 00:25 . 2010-01-18 23:28 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-10 00:25 . 2010-01-18 23:28 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-10 00:25 . 2010-01-18 23:29 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-10 00:25 . 2010-01-18 23:29 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-10 00:25 . 2010-01-18 23:28 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-10 00:25 . 2010-01-18 23:28 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-09 05:10 . 2010-02-09 05:10 1724728 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{1E9CF5D5-80CD-09F1-CC34-3BE3B36BB112}-CCleaner.exe
2010-02-08 15:53 . 2010-02-08 15:55 -------- d-----w- c:\users\Fred\AppData\Roaming\Easy Thumbnails
2010-02-07 16:09 . 2009-11-10 15:26 767952 ----a-w- c:\windows\BDTSupport.dll
2010-02-07 16:09 . 2009-11-10 15:28 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-02-07 16:09 . 2009-10-28 06:36 1152444 ----a-w- c:\windows\UDB.zip
2010-02-07 16:09 . 2008-11-26 17:08 131 ----a-w- c:\windows\IDB.zip
2010-02-07 16:09 . 2009-11-10 15:28 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-02-07 16:09 . 2009-11-10 15:28 1640400 ----a-w- c:\windows\PCTBDCore.dll
2010-02-07 16:09 . 2009-10-30 16:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-02-07 16:09 . 2009-10-30 16:09 98600 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2010-02-07 16:08 . 2009-11-09 16:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-02-07 16:08 . 2009-10-06 21:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-02-07 16:08 . 2009-09-03 14:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-02-07 16:06 . 2010-02-07 16:09 -------- d-----w- c:\program files\Common Files\PC Tools
2010-02-07 16:06 . 2010-02-11 23:05 -------- d-----w- c:\program files\Spyware Doctor
2010-02-07 16:06 . 2010-02-07 16:06 -------- d-----w- c:\users\Fred\AppData\Roaming\PC Tools
2010-02-07 05:14 . 2010-02-07 05:17 -------- d-----w- c:\users\Fred\AppData\Roaming\QuickScan
2010-02-07 05:13 . 2010-01-11 22:33 789320 ----a-w- c:\users\Fred\AppData\Roaming\Mozilla\Firefox\Profiles\5uvqh77u.default\ext ensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2010-02-07 05:13 . 2010-01-11 22:32 698184 ----a-w- c:\users\Fred\AppData\Roaming\Mozilla\Firefox\Profiles\5uvqh77u.default\ext ensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
2010-02-06 15:12 . 2010-02-06 15:12 -------- dc----w- c:\programdata\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2010-02-06 00:34 . 2010-02-07 16:06 -------- d-----w- c:\programdata\PC Tools
2010-02-05 22:38 . 2010-02-05 22:38 0 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{EDA09200-65E6-4359-93FF-B64E07FAEDA2}-Spy Sweeper Trail Reset!.exe
2010-02-05 22:38 . 2010-02-05 22:38 0 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{C3D8DE87-C0DA-4575-B142-C0CC30EC86C2}-Spy Sweeper Trail Reset!.exe
2010-02-05 22:38 . 2010-02-05 22:38 0 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{43D4EB3B-5228-43A3-B046-3F052E9CEF27}-Spy Sweeper Trail Reset!.exe
2010-02-05 22:38 . 2010-02-05 22:38 0 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{33156D32-FD82-465F-9F74-836C647A23D1}-Spy Sweeper Trail Reset!.exe
2010-02-05 22:38 . 2010-02-05 22:38 0 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{23076EDC-276D-4117-8BD8-7616D85B6FEC}-Spy Sweeper Trail Reset!.exe
2010-02-05 22:38 . 2010-02-05 22:38 0 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{09A121DD-34F1-42F7-A119-E9329C53F565}-Spy Sweeper Trail Reset!.exe
2010-02-05 22:37 . 2010-02-05 22:37 0 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{DE74F754-EBBB-4433-BC71-C3C804145256}-Spy Sweeper Trail Reset!.exe
2010-02-05 22:37 . 2010-02-05 22:37 0 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{6B0544FB-7F8B-4211-8F71-DE8BDCEACB4D}-Spy Sweeper Trail Reset!.exe
2010-02-05 22:36 . 2010-02-05 22:36 0 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{157D584B-27D3-4C27-8595-8407F1101C71}-Spy Sweeper Trail Reset!.exe
2010-02-05 01:02 . 2010-02-05 02:52 -------- d-----w- c:\users\Fred\AppData\Local\Ashampoo Music Studio 3
2010-02-04 17:24 . 2010-02-04 17:24 -------- d-----w- c:\program files\Creative Home
2010-02-04 15:31 . 2010-02-12 01:02 -------- d-----w- c:\users\Fred\AppData\Local\temp
2010-02-04 14:10 . 2010-02-04 15:07 -------- d-----w- c:\program files\Enigma Software Group
2010-02-04 12:14 . 2010-02-04 12:14 164 ----a-w- c:\windows\install.dat
2010-02-04 05:16 . 2010-02-04 05:16 -------- d-----w- c:\program files\MSSOAP
2010-02-04 03:49 . 2010-02-04 03:49 43094016 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{B950C6AC-7BDB-45C9-A9F8-A020277C5B27}-ashampoo_office2008_310_fm.exe
2010-02-04 03:49 . 2010-02-04 03:49 43094016 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{7C84BA20-B8BD-405F-AABF-AA170A554DA2}-ashampoo_office2008_310_fm.exe
2010-02-04 03:48 . 2010-02-04 03:48 43094016 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{3E516F9E-C9F3-4483-9684-B5765280A26B}-ashampoo_office2008_310_fm.exe
2010-02-04 03:47 . 2010-02-04 03:47 43094016 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{82113ADB-91DB-4E9F-8F38-317C918071E0}-ashampoo_office2008_310_fm.exe
2010-02-04 03:47 . 2010-02-04 03:47 43094016 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{86859B24-C248-4267-B458-5DBAEBF261BC}-ashampoo_office2008_310_fm.exe
2010-02-04 03:45 . 2010-02-04 03:45 67740 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{6DCE3DAC-58B3-4CCC-98D9-D6D221C118B1}-keygen.exe
2010-02-04 03:44 . 2010-02-04 03:44 67740 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{BA014A5E-4487-42F4-A4A7-507C699E3AF0}-keygen.exe
2010-02-04 02:23 . 2010-02-11 20:52 -------- d-----w- c:\programdata\SITEguard
2010-02-04 02:23 . 2010-02-04 02:23 -------- d-----w- c:\program files\Common Files\iS3
2010-02-04 02:22 . 2010-02-11 20:55 -------- d-----w- c:\programdata\STOPzilla!
2010-02-04 01:45 . 2010-02-04 01:55 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-02-04 01:43 . 2010-02-04 01:53 -------- d-----w- c:\programdata\Hitman Pro
2010-02-02 20:19 . 2010-02-02 20:19 -------- d-----w- c:\users\Fred\AppData\Roaming\Foxit Software
2010-02-02 19:43 . 2010-02-02 19:43 -------- d-----w- c:\users\Fred\AppData\Roaming\Foxit
2010-02-02 19:43 . 2010-02-02 19:43 -------- d-----w- c:\program files\Foxit Software
2010-02-02 18:40 . 2010-02-02 18:58 -------- d-----w- c:\users\Fred\AppData\Roaming\WinMount
2010-02-02 18:39 . 2010-02-02 18:39 41776 ----a-w- c:\windows\system32\drivers\WMDrive.sys
2010-02-02 05:39 . 2010-02-02 05:39 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-02-02 05:38 . 2008-04-07 10:38 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2010-02-02 04:09 . 2010-02-02 04:09 -------- d-----w- c:\programdata\FLEXnet
2010-01-30 20:29 . 2010-01-30 20:30 -------- d-----w- c:\program files\NVIDIA Corporation
2010-01-30 20:28 . 2010-01-12 04:03 68200 ----a-w- c:\windows\system32\OpenCL.dll
2010-01-30 20:28 . 2010-01-12 04:03 14924392 ----a-w- c:\windows\system32\nvoglv32.dll
2010-01-30 20:28 . 2010-01-12 04:03 11586280 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2010-01-30 20:28 . 2010-01-12 04:03 4077672 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-01-30 20:28 . 2010-01-12 04:03 4061800 ----a-w- c:\windows\system32\nvcuda.dll
2010-01-30 20:28 . 2010-01-12 04:03 2243176 ----a-w- c:\windows\system32\nvcuvid.dll
2010-01-30 20:28 . 2010-01-12 04:03 182888 ----a-w- c:\windows\system32\nvcod189.dll
2010-01-30 20:28 . 2010-01-12 04:03 182888 ----a-w- c:\windows\system32\nvcod.dll
2010-01-30 20:28 . 2010-01-12 04:03 11639400 ----a-w- c:\windows\system32\nvcompiler.dll
2010-01-30 20:28 . 2010-01-30 20:28 -------- d-----w- C:\NVIDIA
2010-01-30 20:01 . 2010-01-30 20:02 -------- d-----w- c:\program files\SystemRequirementsLab
2010-01-30 20:01 . 2010-01-30 20:01 -------- d-----w- c:\users\Fred\AppData\Roaming\SystemRequirementsLab
2010-01-30 20:01 . 2010-01-30 20:01 290816 ----a-w- c:\users\Fred\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_4.dll
2010-01-30 20:01 . 2010-01-30 20:01 290816 ----a-w- c:\users\Fred\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_3.dll
2010-01-30 20:01 . 2010-01-30 20:01 290816 ----a-w- c:\users\Fred\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_2.dll
2010-01-30 20:01 . 2010-01-30 20:01 290816 ----a-w- c:\users\Fred\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_1.dll
2010-01-29 21:30 . 2010-01-29 21:31 -------- d-----w- c:\users\Fred\AppData\Roaming\pdf995
2010-01-29 21:29 . 2010-01-29 21:31 -------- d-----w- c:\programdata\pdf995
2010-01-29 21:29 . 2010-01-29 21:29 51716 ----a-w- c:\windows\system32\pdf995mon.dll
2010-01-29 21:29 . 2010-01-29 21:29 249856 ----a-w- c:\windows\system32\pdfmona.dll
2010-01-29 21:29 . 2007-08-24 16:13 142 ----a-w- c:\windows\wpd99.drv
2010-01-29 21:29 . 2009-07-14 01:15 203264 ----a-w- c:\windows\system32\wbem\framedyn.dll
2010-01-29 17:47 . 2010-01-29 17:48 2888440 ----a-w- c:\programdata\TaxCut\2009\Downloads\HRBlockGA.exe
2010-01-29 16:39 . 2010-01-29 16:44 16832384 ----a-w- c:\programdata\TaxCut\2009\Update\US57016001xupd.exe
2010-01-28 13:53 . 2010-01-28 13:53 15524808 ----a-w- c:\programdata\TaxCut\2009\Update\US30025701xupd.exe
2010-01-28 13:51 . 2010-01-29 21:31 -------- d-----w- c:\users\Fred\AppData\Roaming\TaxCut
2010-01-28 13:48 . 2010-01-29 21:29 -------- d-----w- c:\program files\PDF995
2010-01-28 13:48 . 2010-01-28 13:49 -------- d-----w- c:\program files\HRBlock2009
2010-01-28 13:47 . 2010-01-28 13:47 -------- d-----w- c:\programdata\TaxCut
2010-01-26 20:15 . 2009-10-31 05:45 2614272 ----a-w- c:\windows\explorer.exe
2010-01-26 20:15 . 2009-10-28 06:17 285696 ----a-w- c:\windows\system32\winlogon.exe
2010-01-26 20:15 . 2009-10-24 04:00 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2010-01-26 20:15 . 2009-10-24 03:58 41984 ----a-w- c:\windows\system32\drivers\usbehci.sys
2010-01-25 18:50 . 2010-01-25 19:11 -------- d-----w- c:\users\Fred\AppData\Local\Quicken WillMaker
2010-01-23 01:17 . 2010-01-23 01:33 -------- d-----w- c:\users\Fred\AppData\Local\WMTools Downloaded Files
2010-01-23 01:16 . 2010-01-23 01:16 -------- d-----w- c:\program files\Movie Maker 2.6

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-12 00:55 . 2009-11-23 16:01 -------- d-----w- c:\users\Fred\AppData\Roaming\uTorrent
2010-02-11 20:50 . 2009-12-10 13:58 -------- d-----w- c:\users\Fred\AppData\Roaming\Dropbox
2010-02-11 14:09 . 2009-11-23 17:26 -------- d-----w- c:\users\Fred\AppData\Roaming\Vso
2010-02-10 19:41 . 2009-11-23 15:38 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-02-06 22:46 . 2009-12-22 02:10 -------- d-----w- c:\users\Fred\AppData\Roaming\1st Free Solitaire
2010-02-06 16:34 . 2009-12-12 02:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-06 05:06 . 2009-11-23 14:42 -------- d-----w- c:\programdata\HP
2010-02-06 03:52 . 2009-12-02 21:49 -------- d-----w- c:\users\Fred\AppData\Roaming\dvdcss
2010-02-05 03:24 . 2010-01-06 04:13 -------- d-----w- c:\users\Fred\AppData\Roaming\AVS4YOU
2010-02-05 03:23 . 2010-01-06 04:10 -------- d-----w- c:\program files\AVS4YOU
2010-02-05 02:19 . 2010-02-05 02:18 -------- d-----w- c:\users\Fred\AppData\Roaming\FreeAudioPack
2010-02-05 02:10 . 2009-12-06 23:56 -------- d--h--w- c:\users\Fred\AppData\Roaming\InAlbumTemp
2010-02-05 01:43 . 2009-12-03 21:27 -------- d-----w- c:\users\Fred\AppData\Roaming\LimeWire
2010-02-04 16:40 . 2009-11-23 14:15 249768 ----a-w- c:\users\Fred\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-04 16:37 . 2009-12-17 01:58 -------- d-----w- c:\programdata\Creative Home
2010-02-04 16:36 . 2009-12-17 02:07 -------- d-----w- c:\users\Fred\AppData\Roaming\Creative Home
2010-02-02 04:04 . 2009-11-23 16:24 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-30 20:30 . 2009-12-24 22:11 -------- d-----w- c:\programdata\NVIDIA
2010-01-20 20:36 . 2009-11-23 14:15 -------- d-----w- c:\program files\Common Files\AnswerWorks 5.0
2010-01-20 20:32 . 2009-12-14 14:42 -------- d-----w- c:\program files\TurboTax
2010-01-20 13:36 . 2009-12-06 14:21 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-14 16:12 . 2009-11-23 13:16 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-13 16:44 . 2010-01-07 01:10 -------- d-----w- c:\users\Fred\AppData\Roaming\vlc
2010-01-12 04:03 . 2010-01-30 20:28 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2010-01-12 04:03 . 2009-09-28 04:12 592488 ----a-w- c:\windows\system32\nvudisp.exe
2010-01-12 04:03 . 2009-09-28 04:12 1280616 ----a-w- c:\windows\system32\nvapi.dll
2010-01-12 04:03 . 2009-06-10 21:19 9388648 ----a-w- c:\windows\system32\nvd3dum.dll
2010-01-12 03:18 . 2010-01-12 03:18 962664 ----a-w- c:\windows\system32\nvsvc.dll
2010-01-12 03:18 . 2010-01-12 03:18 13679720 ----a-w- c:\windows\system32\nvcpl.dll
2010-01-12 03:18 . 2010-01-12 03:18 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-01-12 03:18 . 2010-01-12 03:18 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-01-11 19:13 . 2009-11-30 16:06 -------- d-----w- c:\users\Fred\AppData\Roaming\HpUpdate
2010-01-09 21:20 . 2010-01-09 21:20 -------- d-----w- c:\program files\VSO
2010-01-09 13:15 . 2010-01-02 19:40 5115824 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-08 17:10 . 2010-01-08 17:10 -------- d-----w- c:\users\Fred\AppData\Roaming\Moyea
2010-01-08 17:09 . 2010-01-08 17:09 -------- d-----w- c:\program files\Moyea
2010-01-07 21:07 . 2009-12-12 02:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07 . 2009-12-12 02:23 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-07 14:23 . 2010-01-07 14:23 -------- dc-h--w- c:\programdata\{EFE627F2-85B4-425A-99CB-4FF4189D5429}
2010-01-07 01:53 . 2009-11-23 15:48 -------- d-----w- c:\programdata\RegCure
2010-01-07 01:51 . 2010-01-07 01:51 -------- d-----w- c:\program files\ffdshow
2010-01-06 04:10 . 2009-11-23 22:30 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-01-06 03:49 . 2009-11-23 22:39 -------- d-----w- c:\users\Fred\AppData\Roaming\AVSMedia
2010-01-05 02:10 . 2010-01-05 01:38 23124 ----a-w- c:\windows\hpqins15.dat
2010-01-02 18:16 . 2010-01-02 18:16 -------- d-----w- c:\program files\Photodex Presenter
2010-01-02 18:16 . 2010-01-02 18:16 -------- d-----w- c:\users\Fred\AppData\Roaming\Netscape
2010-01-02 18:16 . 2010-01-02 18:15 -------- d-----w- c:\programdata\Photodex
2010-01-02 15:56 . 2009-12-06 23:48 -------- d-----w- c:\users\Fred\AppData\Roaming\Photodex
2009-12-30 03:32 . 2009-11-23 20:19 -------- d-----w- c:\programdata\vsosdk
2009-12-29 16:55 . 2009-12-29 16:55 -------- d-----w- c:\program files\Karen's Power Tools
2009-12-29 16:55 . 2009-12-29 16:55 -------- d-----w- c:\programdata\Karen's Power Tools
2009-12-29 14:10 . 2009-12-29 14:09 -------- d-----w- c:\program files\gs
2009-12-25 03:54 . 2009-12-25 03:54 -------- d-----w- c:\program files\Ultra Video Joiner
2009-12-25 02:35 . 2009-12-25 02:35 -------- d-----w- c:\users\Fred\AppData\Roaming\Media Player Classic
2009-12-24 04:57 . 2009-12-24 04:57 -------- d-----w- c:\program files\Common Files\Common Share
2009-12-24 04:35 . 2009-12-24 04:35 -------- d-----w- c:\program files\Coupons
2009-12-22 03:53 . 2009-12-02 04:29 -------- d-----w- c:\program files\QuickTime
2009-12-22 03:53 . 2009-12-22 03:53 -------- d-----w- c:\programdata\Apple Computer
2009-12-22 03:52 . 2009-12-04 03:32 -------- d-----w- c:\program files\Apple Software Update
2009-12-22 02:10 . 2009-12-22 02:10 -------- d-----w- c:\program files\1st Free Solitaire
2009-12-21 14:26 . 2009-12-21 14:26 -------- d-----w- c:\program files\XviD
2009-12-20 19:21 . 2009-11-23 14:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-20 19:19 . 2009-12-19 00:37 36864 ----a-w- c:\programdata\TEMP\{80E158EA-7181-40FE-A701-301CE6BE64AB}\PostBuild.exe
2009-12-19 00:42 . 2009-12-18 21:13 -------- d-----w- c:\programdata\CyberLink
2009-12-18 21:17 . 2009-12-18 21:09 36864 ----a-w- c:\programdata\TEMP\{E3739848-5329-48E3-8D28-5BBD6E8BE384}\PostBuild.exe
2009-12-18 21:14 . 2009-12-18 21:14 -------- d-----w- c:\users\Fred\AppData\Roaming\CyberLink
2009-12-17 20:43 . 2009-12-17 20:42 -------- d-----w- c:\program files\Paint.NET
2009-12-15 19:33 . 2009-12-04 23:39 -------- d-----w- c:\programdata\Avery
2009-12-15 14:55 . 2009-12-15 14:54 -------- dc-h--w- c:\programdata\{B10A9EE2-3B21-44A2-A778-D14E0C4BB591}
2009-12-14 20:33 . 2009-12-14 20:24 -------- d-----w- c:\program files\Lame for Audacity
2009-12-14 20:23 . 2009-12-14 20:23 -------- d-----w- c:\program files\Audacity
2009-12-14 20:21 . 2009-12-14 20:21 -------- d-----w- c:\program files\BitPim
2009-12-14 19:15 . 2009-12-14 19:15 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-12-14 15:37 . 2009-12-14 15:37 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2009-12-14 15:27 . 2009-12-14 15:27 -------- d-----w- c:\program files\LG Electronics
2009-12-14 14:45 . 2009-11-23 14:15 -------- d-----w- c:\users\Fred\AppData\Roaming\Intuit
2009-12-14 14:43 . 2009-11-23 14:14 -------- d-----w- c:\programdata\Intuit
2009-12-14 14:42 . 2009-11-23 14:14 -------- d-----w- c:\program files\Common Files\Intuit
2009-12-11 20:36 . 2009-12-11 20:36 3175784 ----a-w- c:\users\Fred\AppData\Roaming\Uniblue\RegistryBooster 2010\_temp\ub.exe
2009-12-10 13:59 . 2009-12-10 13:59 89962 ----a-w- c:\users\Fred\AppData\Roaming\Dropbox\bin\Uninstall.exe
2009-12-07 23:11 . 2009-12-07 23:11 22486 ----a-r- c:\users\Fred\AppData\Roaming\Microsoft\Installer\{439800C9-FD42-4EA3-94D2-063DF0926873}\_12db153c.exe
2009-12-03 21:27 . 2009-12-03 21:27 77824 ----a-w- c:\users\Fred\AppData\Roaming\LimeWire\browser\xulrunner\xpicleanup.exe
2009-12-03 21:27 . 2009-12-03 21:27 20480 ----a-w- c:\users\Fred\AppData\Roaming\LimeWire\browser\xulrunner\components\autocon fig.dll
2009-12-02 04:28 . 2009-12-02 04:28 59 ----a-w- c:\windows\system32\fire.bat
2009-11-30 18:09 . 2009-11-30 18:09 114688 ----a-w- c:\windows\keymail.dll
2009-11-23 19:44 . 2009-11-23 19:44 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-23 17:26 . 2009-11-23 17:26 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-11-23 17:26 . 2009-11-23 17:26 47360 ----a-w- c:\users\Fred\AppData\Roaming\pcouffin.sys
2009-11-23 17:26 . 2009-11-23 17:26 47360 ----a-w- c:\users\Fred\AppData\Roaming\pcouffin.sys
2009-11-23 15:10 . 2009-11-23 15:03 202387 ----a-w- c:\windows\hpoins18.dat
2009-11-23 14:29 . 1996-08-30 22:02 13824 ----a-w- c:\windows\system32\LAYOUT.DLL
2009-11-23 14:17 . 2009-11-23 14:17 6725632 ----a-w- c:\programdata\Intuit\Quicken\Inet\Common\patch\Update\181625-18178.dll
2009-11-23 14:16 . 2009-11-23 14:16 3616768 ----a-w- c:\programdata\Intuit\Quicken\Inet\Common\patch\Update\181311-181414.dll
2009-11-23 14:16 . 2009-11-23 14:16 2904064 ----a-w- c:\programdata\Intuit\Quicken\Inet\Common\patch\Update\18154-181625.dll
2009-11-23 14:15 . 2009-11-23 14:15 1536000 ----a-w- c:\programdata\Intuit\Quicken\Inet\Common\patch\Update\181414-18154.dll
2009-11-23 14:15 . 2009-11-23 14:15 1007616 ----a-w- c:\programdata\Intuit\Quicken\Inet\Common\patch\Update\181129-181212.dll
2009-11-23 14:15 . 2009-11-23 14:15 811008 ----a-w- c:\programdata\Intuit\Quicken\Inet\Common\patch\Update\181212-181311.dll
2009-11-23 14:15 . 2009-11-23 14:15 245760 ----a-w- c:\programdata\Intuit\Quicken\Inet\Common\patch\Update\QWPATCH.EXE
2009-11-23 14:15 . 2009-11-23 14:15 223584 ----a-w- c:\programdata\Intuit\Quicken\Inet\Common\patch\Update\patchw32.dll
2009-11-23 14:15 . 2009-11-23 14:15 997 ----a-w- c:\programdata\Intuit\Quicken\Inet\Common\patch\Update\rebase.cmd
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-10-08 21:18 77824 ----a-w- c:\users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt.3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-10-08 21:18 77824 ----a-w- c:\users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt.3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-10-08 21:18 77824 ----a-w- c:\users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt.3.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="h:\program files\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"Mindful 2"="c:\program files\Felitec\Mindful 2\Mindful.exe" [2009-04-04 471040]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-23 149280]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-01-07 429392]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-11-18 1243088]

c:\users\Fred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Fred\AppData\Roaming\Dropbox\bin\Dropbox.exe [2009-10-8 26805255]
ESET Smart Security.lnk - c:\program files\ESET\ESET Smart Security\egui.exe [2009-11-16 2054360]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSv c]
@="Service"
path=
backup=
backupExtension=Common Startup

R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [2/7/2010 11:08 AM 207792]
R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [11/16/2009 9:03 AM 108792]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2/7/2010 11:09 AM 112592]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [11/16/2009 9:04 AM 735960]
R2 epfwwfp;epfwwfp;c:\windows\System32\drivers\epfwwfp.sys [11/16/2009 9:06 AM 38240]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/5/2010 9:02 AM 236368]
R2 SBSDWSCService;SBSD Security Center Service;h:\program files\Spybot - Search & Destroy\Spybot - Search & Destroy\SDWinSec.exe [1/9/2010 8:53 AM 1153368]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2/9/2010 8:05 PM 359624]
R3 MBAMProtector;MBAMProtector;c:\windows\System32\drivers\mbam.sys [12/11/2009 9:23 PM 19160]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\System32\drivers\MpNWMon.sys [6/18/2009 6:48 PM 42480]
R3 VST_DPV;VST_DPV;c:\windows\System32\drivers\VSTDPV3.SYS [7/13/2009 5:13 PM 980992]
R3 VSTHWBS2;VSTHWBS2;c:\windows\System32\drivers\VSTBS23.SYS [7/13/2009 5:13 PM 266752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
getPlusHelper REG_MULTI_SZ getPlusHelper
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
FF - ProfilePath - c:\users\Fred\AppData\Roaming\Mozilla\Firefox\Profiles\5uvqh77u.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - component: c:\users\Fred\AppData\Roaming\Mozilla\Firefox\Profiles\5uvqh77u.default\ext ensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\Photodex Presenter\npPxPlay.dll
FF - plugin: c:\users\Fred\AppData\Roaming\Mozilla\Firefox\Profiles\5uvqh77u.default\ext ensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\users\Fred\AppData\Roaming\Mozilla\Firefox\Profiles\5uvqh77u.default\ext ensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1306462997-134322713-302931799-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FA089CD4-D770-73C2-9E59-136E9B0FF8F8}*]
@Allowed: (Read) (RestrictedCode)
"eancpbmobd"=hex:66,61,6c,66,61,68,62,70,6a,66,6f,62,00,00
"daocgbhp"=hex:64,62,6a,67,6b,67,62,6d,62,61,65,65,64,66,63,70,66,70,6b,64, 67,
62,6e,6c,6c,6c,62,61,6f,6a,6f,6d,6e,67,6a,6b,6e,6d,69,66,00,00
"iafgagoiedgbafoika"=hex:6b,61,62,62,69,6a,6b,6f,66,6c,6c,68,6f,69,63,6b,6a ,6d,
66,64,6a,62,00,00
"hadfgldiflahhoca"=hex:6b,61,62,62,69,6a,6b,6f,66,6c,6c,68,6f,69,63,6b,6a,6 d,
66,64,6a,62,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-02-11 20:07:53
ComboFix-quarantined-files.txt 2010-02-12 01:07
ComboFix2.txt 2010-02-12 00:08
ComboFix3.txt 2010-02-04 15:31

Pre-Run: 211,746,394,112 bytes free
Post-Run: 211,695,702,016 bytes free

- - End Of File - - 0670FB927840A5BFF81FC4CD20210341

Fredb38 is offline  
Old 12th February 2010   #10
Malware Analyst
 
broni's Avatar
 
Profile:
Join Date: Aug 2002
Location: Daly City, CA
Posts: 20,105
Computer Experience:
intermediate
broni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Level

My System
Uninstall Combofix:
Go Start > Run [Vista users, go Start>"Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall"
Click OK (Vista users - press Enter).
Restart computer.


Print these instructions out.

NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

***VERY IMPORTANT! Make sure, you update Malwarebytes before running the scans.***


STEP 1. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

STEP 2.
Post fresh HijackThis log.
NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator
Do NOT attempt to "fix" anything!


DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

broni is offline  
Old 12th February 2010   #11
Senior Member
THREAD STARTER
 
Profile:
Join Date: May 2003
Location: Omega, Ga
Posts: 179
Computer Experience:
Intermediate
Fredb38 Reputation Level

Malwarebytes' Anti-Malware 1.44
Database version: 3728
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

2/11/2010 8:57:38 PM
mbam-log-2010-02-11 (20-57-38).txt

Scan type: Quick Scan
Objects scanned: 111720
Time elapsed: 7 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:04:18 PM, on 2/11/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Felitec\Mindful 2\Mindful.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
H:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Users\Fred\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Users\Fred\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - H:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [hpqSRMon] "C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe"
O4 - HKLM\..\Run: [Mindful 2] "C:\Program Files\Felitec\Mindful 2\Mindful.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] "C:\Program Files\Google\Gmail Notifier\gnotify.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "H:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - Startup: Dropbox.lnk = Fred\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: ESET Smart Security.lnk = C:\Program Files\ESET\ESET Smart Security\egui.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\SDHelper.dll
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NMSAccess - Unknown owner - H:\Program Files\Blaze Media Pro\NMSAccess32.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - H:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ScsiAccess - Unknown owner - H:\Program Files\PhotodexProShowGold\ScsiAccess.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 8439 bytes

Fredb38 is offline  
Old 12th February 2010   #12
Malware Analyst
 
broni's Avatar
 
Profile:
Join Date: Aug 2002
Location: Daly City, CA
Posts: 20,105
Computer Experience:
intermediate
broni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Level

My System
Good


1. Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.


2. Go to Kaspersky website and perform an online antivirus scan.

1. Disable your active antivirus program.
2. Read through the requirements and privacy statement and click on Accept button.
3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
4. When the downloads have finished, click on Settings.
5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
  • Spyware, Adware, Dialers, and other potentially dangerous programs
  • Archives
  • Mail databases
6. Click on My Computer under Scan.
7. Once the scan is complete, it will display the results. Click on View Scan Report.
8. You will see a list of infected items there. Click on Save Report As....
9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

Post fresh HijackThis log as well.

broni is offline  
Old 13th February 2010   #13
Senior Member
THREAD STARTER
 
Profile:
Join Date: May 2003
Location: Omega, Ga
Posts: 179
Computer Experience:
Intermediate
Fredb38 Reputation Level

Date: Yesterday (events: 26)
My Protection (events: 7)
2/11/2010 11:38:06 PM Deleted: Packed.Win32.Black.a Kaspersky Anti-Virus C:\Documents and Settings\All Users\Microsoft\Microsoft Antimalware\LocalCopy\{1A2D0C2E-5EED-0628-94BE-20AA69FA49A7}-$REKQ5YW.exe
2/11/2010 11:37:43 PM Detected: Packed.Win32.Black.a Kaspersky Anti-Virus C:\Documents and Settings\All Users\Microsoft\Microsoft Antimalware\LocalCopy\{1A2D0C2E-5EED-0628-94BE-20AA69FA49A7}-$REKQ5YW.exe/PE-Crypt.XorPE
2/11/2010 11:37:08 PM Threats have been detected Kaspersky Anti-Virus
2/11/2010 11:22:28 PM Your computer is protected Kaspersky Anti-Virus
2/11/2010 11:22:24 PM Databases are obsolete Kaspersky Anti-Virus
2/11/2010 11:13:42 PM Your computer is protected Kaspersky Anti-Virus
2/11/2010 11:13:40 PM Databases are obsolete Kaspersky Anti-Virus
File Anti-Virus (events: 6)
2/11/2010 11:33:58 PM Processing error Host Process for Windows Services J:\$Extend\$ObjId Read error
2/11/2010 11:33:58 PM Processing error Host Process for Windows Services G:\$Extend\$ObjId Read error
2/11/2010 11:33:58 PM Processing error Host Process for Windows Services H:\$Extend\$ObjId Read error
2/11/2010 11:33:58 PM Processing error Host Process for Windows Services C:\$EXTEND\$ObjId:$O:$INDEX_ALLOCATION Read error
2/11/2010 11:21:02 PM Task started Kaspersky Anti-Virus File Anti-Virus
2/11/2010 11:13:40 PM Task started Kaspersky Anti-Virus File Anti-Virus
Mail Anti-Virus (events: 2)
2/11/2010 11:21:02 PM Task started Kaspersky Anti-Virus Mail Anti-Virus
2/11/2010 11:13:40 PM Task started Kaspersky Anti-Virus Mail Anti-Virus
Web Anti-Virus (events: 2)
2/11/2010 11:21:03 PM Task started Kaspersky Anti-Virus Web Anti-Virus
2/11/2010 11:13:41 PM Task started Kaspersky Anti-Virus Web Anti-Virus
Proactive Defense (events: 4)
2/11/2010 11:23:46 PM Detected: PDM.DNS Query HP Digital Imaging Monitor C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQTRA08.EXE Action selected by user
2/11/2010 11:23:46 PM Detected: PDM.DNS Query HP Digital Imaging Monitor C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQTRA08.EXE
2/11/2010 11:21:02 PM Task started Kaspersky Anti-Virus Proactive Defense
2/11/2010 11:13:40 PM Task started Kaspersky Anti-Virus Proactive Defense
IM Anti-Virus (events: 2)
2/11/2010 11:21:02 PM Task started Kaspersky Anti-Virus IM Anti-Virus
2/11/2010 11:13:40 PM Task started Kaspersky Anti-Virus IM Anti-Virus
Objects Scan (events: 1)
2/11/2010 11:30:39 PM Task started Kaspersky Anti-Virus Full Scan
My Update Center (events: 2)
2/11/2010 11:29:40 PM Task completed Kaspersky Anti-Virus My Update Center
2/11/2010 11:22:53 PM Task started Kaspersky Anti-Virus My Update Center
Date: Today (events: 33)
My Protection (events: 3)
2/12/2010 6:40:48 PM Threats have been detected Kaspersky Anti-Virus
2/12/2010 3:31:19 PM Threats have been detected Kaspersky Anti-Virus
2/12/2010 11:24:12 AM Your computer is protected Kaspersky Anti-Virus
File Anti-Virus (events: 11)
2/12/2010 7:09:36 PM Processing error Host Process for Windows Services J:\$Extend\$ObjId Read error
2/12/2010 7:03:54 PM Processing error Host Process for Windows Services H:\$Extend\$ObjId Read error
2/12/2010 6:42:37 PM Cannot be quarantined: HEUR:Trojan.Win32.Generic System C:\Program Files\SPYWARE DOCTOR\avdb\temp\AVSDVDMENUEDITOR.EXE0\sym.sdupk
2/12/2010 6:40:48 PM Detected: HEUR:Trojan.Win32.Generic System C:\Program Files\SPYWARE DOCTOR\avdb\temp\AVSDVDMENUEDITOR.EXE0\sym.sdupk
2/12/2010 3:33:43 PM Deleted: Worm.Win32.Carrier.ne Windows Explorer H:\PROGRAM FILES\AVSVideoConverter6\AVSVideoConverter.exe
2/12/2010 3:31:19 PM Detected: Worm.Win32.Carrier.ne Windows Explorer H:\PROGRAM FILES\AVSVideoConverter6\AVSVideoConverter.exe/#
2/12/2010 12:48:25 PM Processing error Host Process for Windows Services C:\$EXTEND\$ObjId Read error
2/12/2010 11:34:42 AM Processing error Host Process for Windows Services J:\$Extend\$ObjId Read error
2/12/2010 11:34:42 AM Processing error Host Process for Windows Services H:\$Extend\$ObjId Read error
2/12/2010 11:34:42 AM Processing error Host Process for Windows Services C:\$EXTEND\$ObjId Read error
2/12/2010 11:21:03 AM Task started Kaspersky Anti-Virus File Anti-Virus
Mail Anti-Virus (events: 1)
2/12/2010 11:21:03 AM Task started Kaspersky Anti-Virus Mail Anti-Virus
Web Anti-Virus (events: 1)
2/12/2010 11:21:03 AM Task started Kaspersky Anti-Virus Web Anti-Virus
Proactive Defense (events: 3)
2/12/2010 11:24:09 AM Detected: PDM.DNS Query HP Digital Imaging Monitor C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQTRA08.EXE Action selected by user
2/12/2010 11:24:09 AM Detected: PDM.DNS Query HP Digital Imaging Monitor C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQTRA08.EXE
2/12/2010 11:21:03 AM Task started Kaspersky Anti-Virus Proactive Defense
IM Anti-Virus (events: 1)
2/12/2010 11:21:03 AM Task started Kaspersky Anti-Virus IM Anti-Virus
Objects Scan (events: 5)
2/12/2010 7:11:29 PM Task started Kaspersky Anti-Virus Rootkit Scan
2/12/2010 7:11:10 PM Task completed Kaspersky Anti-Virus Full Scan
2/12/2010 11:33:08 AM Task started Kaspersky Anti-Virus Full Scan
2/12/2010 11:31:48 AM Task completed Kaspersky Anti-Virus Quick Scan
2/12/2010 11:29:51 AM Task started Kaspersky Anti-Virus Quick Scan
My Update Center (events: 8)
2/12/2010 7:01:45 PM Task completed Kaspersky Anti-Virus My Update Center
2/12/2010 6:58:59 PM Task started Kaspersky Anti-Virus My Update Center
2/12/2010 4:40:08 PM Task completed Kaspersky Anti-Virus My Update Center
2/12/2010 4:37:59 PM Task started Kaspersky Anti-Virus My Update Center
2/12/2010 2:22:08 PM Task completed Kaspersky Anti-Virus My Update Center
2/12/2010 1:56:55 PM Task started Kaspersky Anti-Virus My Update Center
2/12/2010 11:38:03 AM Task completed Kaspersky Anti-Virus My Update Center
2/12/2010 11:36:26 AM Task started Kaspersky Anti-Virus My Update Center

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:15:25 PM, on 2/12/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
H:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Users\Fred\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Fred\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - H:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [hpqSRMon] "C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe"
O4 - HKLM\..\Run: [Mindful 2] "C:\Program Files\Felitec\Mindful 2\Mindful.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] "C:\Program Files\Google\Gmail Notifier\gnotify.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "H:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - Startup: Dropbox.lnk = Fred\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: ESET Smart Security.lnk = C:\Program Files\ESET\ESET Smart Security\egui.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\SDHelper.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NMSAccess - Unknown owner - H:\Program Files\Blaze Media Pro\NMSAccess32.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - H:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ScsiAccess - Unknown owner - H:\Program Files\PhotodexProShowGold\ScsiAccess.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 8976 bytes

Fredb38 is offline  
Old 13th February 2010   #14
Malware Analyst
 
broni's Avatar
 
Profile:
Join Date: Aug 2002
Location: Daly City, CA
Posts: 20,105
Computer Experience:
intermediate
broni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Level

My System
What happened?
You switched from ESET to Kaspersky?

broni is offline  
Old 13th February 2010   #15
Senior Member
THREAD STARTER
 
Profile:
Join Date: May 2003
Location: Omega, Ga
Posts: 179
Computer Experience:
Intermediate
Fredb38 Reputation Level

Kaspersky would not install unless I uninstalled ESET. Kaspersky made me do it.

Fredb38 is offline  


 

THIS THREAD HAS EXPIRED.

Are you having the same problem? Please post a new thread, but first you'll have to join us by Registering (FREE).



Discussion Forums
Operating Systems
Windows 10 Windows 10
Windows 8 Windows 8
Windows 7 Windows 7
Windows Vista Windows Vista
Windows XP Windows XP
Windows Server System Windows Server System
Legacy Windows OS Legacy Windows OS
Internet & Networking
Networking (Hardware & Software) Networking
Internet Explorer Internet Explorer
Microsoft Mail Microsoft Mail
Firefox, Thunderbird & SeaMonkey Firefox, Thunderbird
      & SeaMonkey

Web Applications & Cloud Web Applications & Cloud
General Internet
Security
Malware and Virus Removal Malware and Virus
     Removal

Security and Privacy Security and Privacy

Other
Other PC Software Other PC Software
Test Posts Test Posts
Hardware
PC Hardware PC Hardware
Mobile Devices Mobile Devices
Community
Introductions Introductions
General Discussions General Discussions
Site Comments & Suggestions Site Comments
      & Suggestions

News News @ WindowsBBS

Thread Tools


Find us on Facebook   Web Of Trust Rating

All times are GMT. The time now is 19:19.


Recent Discussions
Record Blu Ray Disc with Standard O.. (2)
How to change outdated Mail address.. (5)
How to remove undeletable folders (9)
Hard drive information. (7)
During the sleep mode, it sometimes.. (13)
[Activation issues] (20)
Happy Holidays! (7)
Xmas Wish (4)
dell laptop no operating system fou.. (5)
Long Running Scripts (15)
Updating Vista (4)
Teluguword setup.exe (8)
Need TV Buying Advice (19)
Strange character in emails (8)
Information regarding WD My Cloud 3.. (13)
Samsung RC512 laptop won't boot up (3)
Pin to taskbar question (6)
MS Fax and Scan Replacement (23)


Donate!
Support Windows BBS!



Powered by vBulletin® Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO
Copyright İ 2002 - 2014 WindowsBBS.com. All rights reserved.
FDMA Media LLC
Terms of Use, Legal Information & Privacy Policy
Page generated in 1.16323 seconds with 7 queries