1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Virus

Discussion in 'Malware and Virus Removal Archive' started by Fredb38, 2010/02/11.

  1. 2010/02/11
    Fredb38

    Fredb38 Well-Known Member Thread Starter

    Joined:
    2003/05/30
    Messages:
    182
    Likes Received:
    0
    [Resolved] Virus

    My computer says their are two people logged on but I am the only one.
    Everytime I run a virus and or spyware check their is alway something found.
    My computer has slowed way down. I am running Windows 7 on an HP desktop.
    I have created a log file from highjackthis but don't know how to read it.
    I am getting ready to reformat my harddrive as I am not sure of what else to do.
    I have tried Malwarebyte, Spybot, Spyware Doctor, Eset Smart Security 4, and Windows Defender.
    Any ideas on what else to try?
     
  2. 2010/02/11
    wildfire

    wildfire Getting Old

    Joined:
    2008/04/21
    Messages:
    4,649
    Likes Received:
    124
    As indicated at the start of this forum, please *** READ THIS BEFORE POSTING IN THIS FORUM *** then post the requested logs in this thread.

    NOTES:
    When posting the logs ensure word wrap is switched off (in notepad Uncheck Format->Word Wrap) as this makes them difficult to read.

    Be aware that only Malware analysts will advise and they are often busy. Your post will be taken on a first come first served basis but it may take a while before you receive a reply.
     

  3. to hide this advert.

  4. 2010/02/11
    Fredb38

    Fredb38 Well-Known Member Thread Starter

    Joined:
    2003/05/30
    Messages:
    182
    Likes Received:
    0
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:07:16 PM, on 2/11/2010
    Platform: Unknown Windows (WinNT 6.01.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16385)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Felitec\Mindful 2\Mindful.exe
    C:\Program Files\Google\Gmail Notifier\gnotify.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    H:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Users\Fred\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files\ESET\ESET Smart Security\egui.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Users\Fred\Downloads\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - H:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
    O4 - HKLM\..\Run: [hpqSRMon] "C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe "
    O4 - HKLM\..\Run: [Mindful 2] "C:\Program Files\Felitec\Mindful 2\Mindful.exe "
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] "C:\Program Files\Google\Gmail Notifier\gnotify.exe "
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe "
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
    O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe "
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe "
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe "
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] "H:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe "
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - Startup: Dropbox.lnk = Fred\AppData\Roaming\Dropbox\bin\Dropbox.exe
    O4 - Startup: ESET Smart Security.lnk = C:\Program Files\ESET\ESET Smart Security\egui.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\SDHelper.dll
    O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
    O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
    O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: NMSAccess - Unknown owner - H:\Program Files\Blaze Media Pro\NMSAccess32.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - H:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: ScsiAccess - Unknown owner - H:\Program Files\PhotodexProShowGold\ScsiAccess.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

    --
    End of file - 8335 bytes
     
  5. 2010/02/11
    wildfire

    wildfire Getting Old

    Joined:
    2008/04/21
    Messages:
    4,649
    Likes Received:
    124
  6. 2010/02/11
    Fredb38

    Fredb38 Well-Known Member Thread Starter

    Joined:
    2003/05/30
    Messages:
    182
    Likes Received:
    0
    DDS
    DDS (Ver_09-12-01.01) - NTFSx86
    Run by Fred at 17:21:33.08 on Thu 02/11/2010
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17
    Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.3454.1927 [GMT -5:00]

    SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
    C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k hpdevmgmt
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Windows\System32\svchost.exe -k HPZ12
    H:\Program Files\Blaze Media Pro\NMSAccess32.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    H:\Program Files\PhotodexProShowGold\ScsiAccess.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    H:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files\Felitec\Mindful 2\Mindful.exe
    C:\Program Files\Google\Gmail Notifier\gnotify.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    H:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Users\Fred\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files\ESET\ESET Smart Security\egui.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k HPService
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    H:\Program Files\Microsoft Street & Trip 2010\StreetsOlkShim.exe
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    c:\Program Files\Microsoft Security Essentials\MpCmdRun.exe
    C:\Users\Fred\Downloads\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 8\SnagItBHO.dll
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - h:\program files\spybot - search & destroy\spybot - search & destroy\SDHelper.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 8\SnagItIEAddin.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
    TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
    uRun: [SpybotSD TeaTimer] "h:\program files\spybot - search & destroy\spybot - search & destroy\TeaTimer.exe "
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    mRun: [hpqSRMon] "c:\program files\hp\digital imaging\bin\hpqSRMon.exe "
    mRun: [Mindful 2] "c:\program files\felitec\mindful 2\Mindful.exe "
    mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] "c:\program files\google\gmail notifier\gnotify.exe "
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
    mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe "
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
    mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe "
    mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe "
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe "
    StartupFolder: c:\users\fred\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\fred\appdata\roaming\dropbox\bin\Dropbox.exe
    StartupFolder: c:\users\fred\appdata\roaming\micros~1\windows\startm~1\programs\startup\esetsm~1.lnk - c:\program files\eset\eset smart security\egui.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office11\EXCEL.EXE/3000
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office11\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - h:\program files\spybot - search & destroy\spybot - search & destroy\SDHelper.dll
    Trusted Zone: intuit.com\ttlc
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\fred\appdata\roaming\mozilla\firefox\profiles\5uvqh77u.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll
    FF - component: c:\users\fred\appdata\roaming\mozilla\firefox\profiles\5uvqh77u.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\plugins\nphpclipbook.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: c:\program files\photodex presenter\npPxPlay.dll
    FF - plugin: c:\users\fred\appdata\roaming\mozilla\firefox\profiles\5uvqh77u.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
    FF - plugin: c:\users\fred\appdata\roaming\mozilla\firefox\profiles\5uvqh77u.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);

    ============= SERVICES / DRIVERS ===============

    R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-2-7 207792]
    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 142832]
    R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-2-7 112592]
    R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2009-11-16 735960]
    R2 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2009-11-16 38240]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-2-5 236368]
    R2 SBSDWSCService;SBSD Security Center Service;h:\program files\spybot - search & destroy\spybot - search & destroy\SDWinSec.exe [2010-1-9 1153368]
    R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-2-9 359624]
    R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-2-9 1141712]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-12-11 19160]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-6-18 42480]
    R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
    R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]
    RUnknown szkg5;szkg5; [x]
    RUnknown szkgfs;szkgfs; [x]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
    SUnknown is3srv;is3srv; [x]

    =============== Created Last 30 ================

    2010-02-11 20:51:37 856 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
    2010-02-11 14:53:22 335090342 ----a-w- c:\windows\MEMORY.DMP
    2010-02-10 00:50:44 3955288 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2010-02-10 00:50:44 292864 ----a-w- c:\windows\system32\apphelp.dll
    2010-02-10 00:50:43 3899464 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-02-10 00:27:04 310784 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-02-10 00:27:04 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2010-02-10 00:26:32 1328640 ----a-w- c:\windows\system32\quartz.dll
    2010-02-10 00:26:31 84480 ----a-w- c:\windows\system32\mciavi32.dll
    2010-02-10 00:26:31 31744 ----a-w- c:\windows\system32\msvidc32.dll
    2010-02-10 00:26:30 91648 ----a-w- c:\windows\system32\avifil32.dll
    2010-02-10 00:26:30 50176 ----a-w- c:\windows\system32\iyuv_32.dll
    2010-02-10 00:26:30 22016 ----a-w- c:\windows\system32\msyuv.dll
    2010-02-10 00:26:29 13312 ----a-w- c:\windows\system32\msrle32.dll
    2010-02-10 00:26:29 12288 ----a-w- c:\windows\system32\tsbyuv.dll
    2010-02-10 00:26:24 221184 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2010-02-10 00:26:24 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2010-02-10 00:25:55 365568 ----a-w- c:\windows\system32\secproc_isv.dll
    2010-02-10 00:25:54 369152 ----a-w- c:\windows\system32\secproc.dll
    2010-02-10 00:25:53 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
    2010-02-10 00:25:53 320512 ----a-w- c:\windows\system32\RMActivate.exe
    2010-02-10 00:25:52 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
    2010-02-10 00:25:52 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
    2010-02-10 00:25:51 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
    2010-02-10 00:25:50 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
    2010-02-08 15:53:04 0 d-----w- c:\users\fred\appdata\roaming\Easy Thumbnails
    2010-02-07 16:09:19 767952 ----a-w- c:\windows\BDTSupport.dll
    2010-02-07 16:09:17 882 ----a-w- c:\windows\RegSDImport.xml
    2010-02-07 16:09:17 880 ----a-w- c:\windows\RegISSImport.xml
    2010-02-07 16:09:17 149456 ----a-w- c:\windows\SGDetectionTool.dll
    2010-02-07 16:09:17 131 ----a-w- c:\windows\IDB.zip
    2010-02-07 16:09:17 1152444 ----a-w- c:\windows\UDB.zip
    2010-02-07 16:09:15 165840 ----a-w- c:\windows\PCTBDRes.dll
    2010-02-07 16:09:15 1640400 ----a-w- c:\windows\PCTBDCore.dll
    2010-02-07 16:09:04 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
    2010-02-07 16:09:03 98600 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
    2010-02-07 16:09:03 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
    2010-02-07 16:08:55 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
    2010-02-07 16:08:55 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
    2010-02-07 16:08:55 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
    2010-02-07 16:08:54 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
    2010-02-07 16:08:33 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
    2010-02-07 16:08:33 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
    2010-02-07 16:06:57 0 d-----w- c:\program files\common files\PC Tools
    2010-02-07 16:06:56 0 d-----w- c:\users\fred\appdata\roaming\PC Tools
    2010-02-07 16:06:56 0 d-----w- c:\program files\Spyware Doctor
    2010-02-07 05:14:05 0 d-----w- c:\users\fred\appdata\roaming\QuickScan
    2010-02-06 15:12:03 0 dc----w- c:\programdata\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
    2010-02-06 00:34:21 0 d-----w- c:\programdata\PC Tools
    2010-02-05 02:18:58 0 d-----w- c:\users\fred\appdata\roaming\FreeAudioPack
    2010-02-04 17:24:35 0 d-----w- c:\program files\Creative Home
    2010-02-04 15:31:20 0 d-sh--w- C:\$RECYCLE.BIN
    2010-02-04 15:21:14 77312 ----a-w- c:\windows\MBR.exe
    2010-02-04 15:21:11 261632 ----a-w- c:\windows\PEV.exe
    2010-02-04 15:21:11 161792 ----a-w- c:\windows\SWREG.exe
    2010-02-04 15:21:10 98816 ----a-w- c:\windows\sed.exe
    2010-02-04 14:10:37 0 d-----w- c:\program files\Enigma Software Group
    2010-02-04 12:14:43 164 ----a-w- c:\windows\install.dat
    2010-02-04 05:26:40 0 --sha-w- C:\ProgramData.LOG2
    2010-02-04 05:26:40 0 --sha-w- C:\ProgramData.LOG1
    2010-02-04 05:16:26 0 d-----w- c:\program files\MSSOAP
    2010-02-04 05:16:26 0 d-----w- c:\program files\common files\MSSoap
    2010-02-04 02:23:51 0 d-----w- c:\programdata\SITEguard
    2010-02-04 02:23:00 0 d-----w- c:\program files\common files\iS3
    2010-02-04 02:22:58 0 d-----w- c:\programdata\STOPzilla!
    2010-02-04 01:53:23 606 ----a-w- c:\windows\system32\.crusader
    2010-02-04 01:45:24 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
    2010-02-04 01:43:59 0 d-----w- c:\programdata\Hitman Pro
    2010-02-03 04:14:10 102400 --sha-r- c:\windows\system32\sppsvcb.dll
    2010-02-02 20:19:24 0 d-----w- c:\users\fred\appdata\roaming\Foxit Software
    2010-02-02 19:43:17 0 d-----w- c:\users\fred\appdata\roaming\Foxit
    2010-02-02 19:43:16 0 d-----w- c:\program files\Foxit Software
    2010-02-02 18:40:34 0 d-----w- c:\users\fred\appdata\roaming\WinMount
    2010-02-02 18:39:54 41776 ----a-w- c:\windows\system32\drivers\WMDrive.sys
    2010-02-02 05:39:03 0 d-----w- c:\program files\common files\Macrovision Shared
    2010-02-02 05:38:46 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
    2010-02-02 04:09:51 0 d-----w- c:\programdata\FLEXnet
    2010-01-30 20:29:34 0 d-----w- c:\program files\NVIDIA Corporation
    2010-01-30 20:28:17 7437 ----a-w- c:\windows\system32\nvinfo.pb
    2010-01-30 20:28:17 68200 ----a-w- c:\windows\system32\OpenCL.dll
    2010-01-30 20:28:17 14924392 ----a-w- c:\windows\system32\nvoglv32.dll
    2010-01-30 20:28:17 11586280 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
    2010-01-30 20:28:17 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
    2010-01-30 20:28:16 4077672 ----a-w- c:\windows\system32\nvcuvenc.dll
    2010-01-30 20:28:16 4061800 ----a-w- c:\windows\system32\nvcuda.dll
    2010-01-30 20:28:16 2243176 ----a-w- c:\windows\system32\nvcuvid.dll
    2010-01-30 20:28:16 182888 ----a-w- c:\windows\system32\nvcod189.dll
    2010-01-30 20:28:16 182888 ----a-w- c:\windows\system32\nvcod.dll
    2010-01-30 20:28:16 11639400 ----a-w- c:\windows\system32\nvcompiler.dll
    2010-01-30 20:28:14 0 d-----w- C:\NVIDIA
    2010-01-30 20:01:57 0 d-----w- c:\program files\SystemRequirementsLab
    2010-01-29 21:29:52 51716 ----a-w- c:\windows\system32\pdf995mon.dll
    2010-01-29 21:29:52 249856 ----a-w- c:\windows\system32\pdfmona.dll
    2010-01-29 21:29:52 142 ----a-w- c:\windows\wpd99.drv
    2010-01-29 21:29:52 0 d-----w- c:\programdata\pdf995
    2010-01-29 21:29:28 203264 ----a-w- c:\windows\system32\wbem\framedyn.dll
    2010-01-28 13:51:01 0 d-----w- c:\users\fred\appdata\roaming\TaxCut
    2010-01-28 13:48:48 0 d-----w- c:\program files\PDF995
    2010-01-28 13:48:48 0 d-----w- c:\program files\HRBlock2009
    2010-01-28 13:47:24 0 d-----w- c:\programdata\TaxCut
    2010-01-26 20:15:11 2614272 ----a-w- c:\windows\explorer.exe
    2010-01-26 20:15:10 285696 ----a-w- c:\windows\system32\winlogon.exe
    2010-01-26 20:15:00 41984 ----a-w- c:\windows\system32\drivers\usbehci.sys
    2010-01-26 20:15:00 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
    2010-01-23 01:16:49 0 d-----w- c:\program files\Movie Maker 2.6
    2010-01-23 00:38:40 0 d-----w- c:\programdata\Deskshare
    2010-01-23 00:37:46 0 d-----w- c:\program files\Deskshare
    2010-01-23 00:37:38 0 d-----w- c:\program files\Mpeg2Decoder
    2010-01-22 19:43:40 0 d-----w- C:\NOD_upd
    2010-01-22 06:08:24 977920 ----a-w- c:\windows\system32\wininet.dll
    2010-01-18 18:58:18 243200 ----a-w- c:\program files\UNWISE.EXE
    2010-01-16 19:06:41 0 d-----w- c:\program files\MPC HomeCinema
    2010-01-13 19:13:26 0 d-----w- c:\users\fred\appdata\roaming\BSplayer PRO
    2010-01-13 18:36:07 88 --sh--r- c:\programdata\9545D97103.sys
    2010-01-13 18:36:06 2516 --sha-w- c:\programdata\KGyGaAvL.sys
    2010-01-13 18:36:03 0 d-----w- c:\users\fred\Corel
    2010-01-13 18:35:09 40 ---ha-w- c:\windows\system32\ivireg.ivr
    2010-01-13 02:11:45 70656 ----a-w- c:\windows\system32\fontsub.dll
    2010-01-13 02:11:45 108544 ----a-w- c:\windows\system32\t2embed.dll

    ==================== Find3M ====================

    2010-01-14 16:12:06 181120 ------w- c:\windows\system32\MpSigStub.exe
    2010-01-12 04:03:33 9388648 ----a-w- c:\windows\system32\nvd3dum.dll
    2010-01-12 04:03:33 592488 ----a-w- c:\windows\system32\nvudisp.exe
    2010-01-12 04:03:33 1280616 ----a-w- c:\windows\system32\nvapi.dll
    2010-01-12 03:18:00 962664 ----a-w- c:\windows\system32\nvsvc.dll
    2010-01-12 03:18:00 13679720 ----a-w- c:\windows\system32\nvcpl.dll
    2010-01-12 03:18:00 129640 ----a-w- c:\windows\system32\nvvsvc.exe
    2010-01-12 03:18:00 110696 ----a-w- c:\windows\system32\nvmctray.dll
    2010-01-07 21:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-01-07 21:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-01-05 02:10:30 23124 ----a-w- c:\windows\hpqins15.dat
    2009-12-14 19:15:14 2146304 ----a-w- c:\windows\system32\GPhotos.scr
    2009-12-14 15:37:17 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
    2009-11-30 18:09:14 114688 ----a-w- c:\windows\keymail.dll
    2009-11-23 19:44:24 411368 ----a-w- c:\windows\system32\deploytk.dll
    2009-11-23 17:26:13 47360 ----a-w- c:\users\fred\appdata\roaming\pcouffin.sys
    2009-11-23 15:10:45 202387 ----a-w- c:\windows\hpoins18.dat
    2009-11-23 14:29:31 13824 ----a-w- c:\windows\system32\LAYOUT.DLL
    2009-11-21 07:52:02 17177413 ----a-w- c:\users\fred\appdata\roaming\WinZip PRO FINAL v14.0 + Serials By ChattChitto.exe
    2009-11-20 02:42:56 592488 ----a-w- c:\windows\system32\nvuninst.exe
    2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
    2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
    2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
    2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
    2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
    2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
    2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
    2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
    2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
    2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
    2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

    ============= FINISH: 17:22:52.29 ===============

    Attached

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-12-01.01)

    Microsoft Windows 7 Enterprise
    Boot Device: \Device\HarddiskVolume1
    Install Date: 11/23/2009 8:02:14 AM
    System Uptime: 2/11/2010 3:48:51 PM (2 hours ago)

    Motherboard: ECS | | Nettle2
    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5000+ | Socket M2 | 2600/201mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 326 GiB total, 193.754 GiB free.
    D: is FIXED (NTFS) - 9 GiB total, 1.204 GiB free.
    E: is CDROM ()
    F: is CDROM ()
    G: is FIXED (NTFS) - 466 GiB total, 226.092 GiB free.
    H: is FIXED (NTFS) - 466 GiB total, 413.821 GiB free.
    I: is Removable
    J: is FIXED (NTFS) - 932 GiB total, 607.112 GiB free.

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    No restore point in system.

    ==== Installed Programs ======================

    µTorrent
    1st Free Solitaire 1.7.1
    2009 Hallmark Bonus Pack
    32 Bit HP CIO Components Installer
    Adobe Acrobat 9 Pro - English, Français, Deutsch
    Adobe Download Manager
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.3
    Adobe Shockwave Player 11.5
    AFPL Ghostscript 8.54
    AFPL Ghostscript Fonts
    AIO_CDA_ProductContext
    AIO_CDA_Software
    AIO_Scan
    All Media Fixer 2008 9.07
    AnswerWorks 5.0 English Runtime
    Apple Application Support
    Apple Software Update
    Ashampoo Burning Studio 3.03
    Ashampoo Burning Studio 9.21
    Ashampoo ClipFisher1.21
    Ashampoo DVD Theme Pack 1
    Ashampoo HDD Control 1.10
    Audacity 1.2.6
    AVS Audio Converter version 6.1
    AVS DVDMenu Editor 1.2.1.19
    AVS Update Manager 1.0
    AVS Video Converter 6
    AVS Video Tools 5.6
    AVS4YOU Software Navigator 1.3
    Backup4all Professional 4
    BitPim 1.0.7.20090805
    Blaze Media Pro
    Browser Defender 2.0.6.11
    BS.Player PRO
    BufferChm
    C4100
    c4100_Help
    CCleaner
    Collage Maker
    Contact Sheets 1.7.0.1
    ConvertXtoDVD 4.0.9.322
    Copy
    Coupon Printer for Windows
    DaisyTrail DigiKit Collection 1
    DesignPro 5.4 Limited Edition
    Destinations
    DeviceDiscovery
    DocProc
    Dropbox
    DVDFab 6.2.1.8 (31/12/2009)
    ESET Smart Security
    Fax
    FLV to AVI MPEG WMV 3GP MP4 iPod Converter 5.2.0603
    Foxit Reader
    FrameShots Video Screen Capture
    Google Gmail Notifier
    GPBaseService2
    H&R Block Deluxe + Efile + State 2009
    H&R Block Georgia 2009
    Hallmark Card Studio 2009 Deluxe
    Hallmark Card Studio 2010 Deluxe
    HP Customer Participation Program 13.0
    HP Imaging Device Functions 13.0
    HP Photosmart All-In-One Driver Software 13.0 Rel. A
    HP Photosmart Essential 3.5
    HP Smart Web Printing 4.60
    HP Solution Center 13.0
    HP Update
    HPPhotoGadget
    HPPhotoSmartDiscLabelContent1
    HPPhotosmartEssential
    HPProductAssistant
    ImgBurn
    ImTOO AVI to DVD Converter
    IrfanView (remove only)
    iSkysoft Video Converter(Build 2.2.1.0)
    IsoBuster 2.7
    Java(TM) 6 Update 17
    Karen's Directory Printer
    LAME v3.98.2 for Audacity
    LG USB Modem Drivers
    LimeWire PRO 5.3.6
    Magic ISO Maker v5.5 (build 0276)
    Malwarebytes' Anti-Malware
    MarketResearch
    Match-Up!
    Media Player Classic - Home Cinema v. 1.3.1249.0
    Microsoft Antimalware
    Microsoft Office Access database engine 2007 (English)
    Microsoft Office Professional Edition 2003
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft Streets & Trips 2010
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable Package
    Mindful version 2
    Morpheus Photo Animation Suite v3.11
    Moyea FLV Player version: 2.0.2.94
    Mozilla Firefox (3.5.7)
    Mpeg2Decoder 1.3
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 and SOAP Toolkit 3.0
    MSXML 4.0 SP2 Parser and SDK
    Network
    NVIDIA Display Control Panel
    NVIDIA Drivers
    OCR Software by I.R.I.S. 13.0
    OGA Notifier 2.0.0048.0
    OJOsoft Total Video Converter
    Paint.NET v3.5.1
    Pdf995 (installed by H&R Block)
    PdfEdit995 (installed by H&R Block)
    Photo Collage Platinum 2.06
    Photodex Presenter
    Picasa 3
    PlayFLV
    ProShow Gold
    PVSonyDll
    Quicken 2009
    QuickTime
    Scan
    SceneGrabber.NET
    Scrapbook Factory Deluxe 4.0
    SmartWebPrinting
    SnagIt 8
    SolutionCenter
    Spybot - Search & Destroy
    Spyware Doctor 7.0
    Status
    Striata Reader
    SyncBackPro
    System Requirements Lab
    Toolbox
    TrayApp
    TurboTax 2009
    TurboTax 2009 wgaiper
    TurboTax 2009 WinPerFedFormset
    TurboTax 2009 WinPerReleaseEngine
    TurboTax 2009 WinPerTaxSupport
    TurboTax 2009 wrapper
    Ultra Video Joiner 5.2.0108
    Uniblue RegistryBooster 2010
    Uniblue SpeedUpMyPC 2009
    UnloadSupport
    WebReg
    WinAVI Video Converter
    Windows Media Player Firefox Plugin
    Windows Movie Maker 2.6
    WinRAR archiver
    WinZip 14.0
    Xilisoft DVD Ripper Ultimate
    XviD Video Codec (remove only)

    ==== Event Viewer Messages From Past Week ========

    2/9/2010 8:21:42 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.75.517.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5406.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    2/9/2010 8:21:42 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.75.517.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5406.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    2/9/2010 8:21:42 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.75.517.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5406.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    2/9/2010 11:58:21 AM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    2/7/2010 8:59:03 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR3.
    2/7/2010 4:49:37 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume G:.
    2/7/2010 4:43:34 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume H:.
    2/7/2010 4:43:30 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume Cavalry Drive.
    2/7/2010 4:39:50 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000c2 (0x00000007, 0x00001097, 0x1b210425, 0xb8e93508). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 020710-18985-01.
    2/7/2010 4:34:27 PM, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/VB.WA&threatid=2147630792 User: NT AUTHORITY\SYSTEM Name: Worm:Win32/VB.WA ID: 2147630792 Severity: Severe Category: Worm Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.75.494.0, AS: 1.75.494.0 Engine Version: 1.1.5406.0
    2/7/2010 3:49:41 PM, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/VB.WA&threatid=2147630792 User: NT AUTHORITY\SYSTEM Name: Worm:Win32/VB.WA ID: 2147630792 Severity: Severe Category: Worm Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.75.494.0, AS: 1.75.494.0 Engine Version: 1.1.5406.0
    2/7/2010 3:49:41 PM, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Dopip.A&threatid=2147600988 User: NT AUTHORITY\SYSTEM Name: Trojan:Win32/Dopip.A ID: 2147600988 Severity: Severe Category: Trojan Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.75.494.0, AS: 1.75.494.0 Engine Version: 1.1.5406.0
    2/7/2010 2:16:46 PM, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:ASX/Wimad.CN&threatid=2147628568 User: NT AUTHORITY\SYSTEM Name: TrojanDownloader:ASX/Wimad.CN ID: 2147628568 Severity: Severe Category: Trojan Downloader Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.75.494.0, AS: 1.75.494.0 Engine Version: 1.1.5406.0
    2/7/2010 2:07:46 PM, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/VB.WA&threatid=2147630792 User: NT AUTHORITY\SYSTEM Name: Worm:Win32/VB.WA ID: 2147630792 Severity: Severe Category: Worm Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.75.494.0, AS: 1.75.494.0 Engine Version: 1.1.5406.0
    2/7/2010 12:58:08 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
    2/7/2010 1:02:37 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Networking Identity Manager service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
    2/7/2010 1:02:37 PM, Error: Service Control Manager [7001] - The Peer Name Resolution Protocol service depends on the Peer Networking Identity Manager service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
    2/7/2010 1:02:37 PM, Error: Service Control Manager [7000] - The Peer Networking Identity Manager service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    2/7/2010 1:02:32 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Peer Networking Identity Manager service to connect.
    2/7/2010 1:00:05 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intuit Update Service service to connect.
    2/7/2010 1:00:05 PM, Error: Service Control Manager [7000] - The Intuit Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    2/6/2010 8:22:13 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
    2/6/2010 7:53:18 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk5\DR5.
    2/6/2010 2:53:27 AM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2/6/2010 2:53:27 AM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2/6/2010 2:53:27 AM, Error: Service Control Manager [7031] - The Offline Files service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2/6/2010 2:53:27 AM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    2/6/2010 2:53:27 AM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2/6/2010 11:30:49 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    2/6/2010 11:30:48 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    2/6/2010 11:30:47 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments " " in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    2/6/2010 11:30:46 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments " " in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    2/6/2010 11:30:45 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    2/6/2010 11:30:38 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments " " in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    2/6/2010 11:30:20 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache ehdrv MpFilter spldr TfFsMon TfSysMon Wanarpv6
    2/6/2010 10:15:31 AM, Error: Service Control Manager [7034] - The Diagnostic System Host service terminated unexpectedly. It has done this 1 time(s).
    2/6/2010 10:15:31 AM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2/6/2010 10:15:31 AM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2/6/2010 10:15:31 AM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2/6/2010 10:15:31 AM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2/6/2010 10:15:31 AM, Error: Service Control Manager [7031] - The Offline Files service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    2/6/2010 10:15:31 AM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    2/6/2010 10:15:31 AM, Error: Service Control Manager [7031] - The HomeGroup Listener service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2/6/2010 10:15:31 AM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    2/6/2010 10:15:31 AM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2/6/2010 1:52:19 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001a (0x00041201, 0xc002f600, 0x98d422f5, 0x85987aa0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 020610-31808-01.
    2/5/2010 9:12:57 PM, Error: Service Control Manager [7000] - The MBAMService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    2/5/2010 9:12:55 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the MBAMService service to connect.
    2/5/2010 9:10:29 PM, Error: Service Control Manager [7030] - The ThreatFire service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    2/5/2010 9:08:10 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.
    2/5/2010 8:00:20 AM, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:ASX/Wimad.CN&threatid=2147628568 User: NT AUTHORITY\SYSTEM Name: TrojanDownloader:ASX/Wimad.CN ID: 2147628568 Severity: Severe Category: Trojan Downloader Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.75.422.0, AS: 1.75.422.0 Engine Version: 1.1.5406.0
    2/5/2010 6:56:53 PM, Error: Service Control Manager [7034] - The Webroot Client Service service terminated unexpectedly. It has done this 1 time(s).
    2/5/2010 6:56:46 PM, Error: Service Control Manager [7034] - The Webroot Spy Sweeper Engine service terminated unexpectedly. It has done this 1 time(s).
    2/5/2010 6:50:53 PM, Error: Application Popup [876] - Driver ssidrv.sys has been blocked from loading.
    2/5/2010 6:28:21 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
    2/5/2010 6:23:05 PM, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Orbina!rts&threatid=2147625188 User: NT AUTHORITY\SYSTEM Name: Worm:Win32/Orbina!rts ID: 2147625188 Severity: High Category: Worm Path: Action: Quarantine Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.75.422.0, AS: 1.75.422.0 Engine Version: 1.1.5406.0
    2/5/2010 5:50:16 PM, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:ASX/Wimad.CN&threatid=2147628568 User: NT AUTHORITY\SYSTEM Name: TrojanDownloader:ASX/Wimad.CN ID: 2147628568 Severity: Severe Category: Trojan Downloader Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.75.422.0, AS: 1.75.422.0 Engine Version: 1.1.5406.0
    2/5/2010 5:19:35 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x81ec5da9, 0xa3e5bb38, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 020510-24242-01.
    2/5/2010 5:16:58 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk4\DR6.
    2/5/2010 5:05:18 PM, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:ASX/Wimad.CN&threatid=2147628568 User: NT AUTHORITY\SYSTEM Name: TrojanDownloader:ASX/Wimad.CN ID: 2147628568 Severity: Severe Category: Trojan Downloader Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.75.422.0, AS: 1.75.422.0 Engine Version: 1.1.5406.0
    2/5/2010 4:59:43 PM, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:ASX/Wimad.CN&threatid=2147628568 User: NT AUTHORITY\SYSTEM Name: TrojanDownloader:ASX/Wimad.CN ID: 2147628568 Severity: Severe Category: Trojan Downloader Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.75.422.0, AS: 1.75.422.0 Engine Version: 1.1.5406.0
    2/5/2010 4:53:49 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007a (0xc053e5e8, 0xc0000185, 0x08ec0be0, 0xa7cbd000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 020510-25022-01.
    2/5/2010 4:29:31 PM, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:ASX/Wimad.CN&threatid=2147628568 User: NT AUTHORITY\SYSTEM Name: TrojanDownloader:ASX/Wimad.CN ID: 2147628568 Severity: Severe Category: Trojan Downloader Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.75.422.0, AS: 1.75.422.0 Engine Version: 1.1.5406.0
    2/5/2010 12:06:59 PM, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:ASX/Wimad.CN&threatid=2147628568 User: NT AUTHORITY\SYSTEM Name: TrojanDownloader:ASX/Wimad.CN ID: 2147628568 Severity: Severe Category: Trojan Downloader Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.75.422.0, AS: 1.75.422.0 Engine Version: 1.1.5406.0
    2/4/2010 9:17:58 AM, Error: ssidrv [26] -
    2/4/2010 8:45:56 PM, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:ASX/Wimad.AZ&threatid=2147621024 User: NT AUTHORITY\SYSTEM Name: TrojanDownloader:ASX/Wimad.AZ ID: 2147621024 Severity: Severe Category: Trojan Downloader Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.75.331.0, AS: 1.75.331.0 Engine Version: 1.1.5406.0
    2/4/2010 12:28:46 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: is3srv
    2/4/2010 11:34:04 AM, Error: Service Control Manager [7031] - The Portable Device Enumerator Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2/4/2010 10:29:30 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    2/11/2010 9:54:32 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: TfFsMon TfSysMon
    2/11/2010 9:54:29 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.
    2/11/2010 9:54:29 AM, Error: Service Control Manager [7000] - The SBSD Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    2/11/2010 9:53:37 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001a (0x00000031, 0x854542f0, 0x974e5000, 0xb2a8e0ab). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 021110-22323-01.
    2/11/2010 9:08:39 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk4\DR4.
    2/11/2010 3:50:50 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: is3srv TfFsMon TfSysMon
    2/11/2010 3:39:50 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume FreeAgent Drive.
    2/10/2010 12:24:19 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
    2/10/2010 1:14:50 PM, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=VirTool:Win32/Obfuscator.XX&threatid=2147624825 User: NT AUTHORITY\SYSTEM Name: VirTool:Win32/Obfuscator.XX ID: 2147624825 Severity: Severe Category: Tool Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.75.517.0, AS: 1.75.517.0 Engine Version: 1.1.5406.0
    2/10/2010 1:14:50 PM, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=VirTool:Win32/Obfuscator.XX&threatid=2147624825 User: NT AUTHORITY\SYSTEM Name: VirTool:Win32/Obfuscator.XX ID: 2147624825 Severity: Severe Category: Tool Path: Action: Quarantine Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.75.517.0, AS: 1.75.517.0 Engine Version: 1.1.5406.0
    2/10/2010 1:10:39 PM, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=VirTool:Win32/Obfuscator.XX&threatid=2147624825 User: NT AUTHORITY\SYSTEM Name: VirTool:Win32/Obfuscator.XX ID: 2147624825 Severity: Severe Category: Tool Path: Action: Quarantine Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.75.517.0, AS: 1.75.517.0 Engine Version: 1.1.5406.0
    2/10/2010 1:10:38 PM, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=VirTool:Win32/Obfuscator.XX&threatid=2147624825 User: NT AUTHORITY\SYSTEM Name: VirTool:Win32/Obfuscator.XX ID: 2147624825 Severity: Severe Category: Tool Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.75.517.0, AS: 1.75.517.0 Engine Version: 1.1.5406.0

    ==== End Of File ===========================
     
  7. 2010/02/11
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please download ComboFix from Here or Here to your Desktop.


    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Please, never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE 1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt " along with a new HijackThis log for further review.
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  8. 2010/02/11
    Fredb38

    Fredb38 Well-Known Member Thread Starter

    Joined:
    2003/05/30
    Messages:
    182
    Likes Received:
    0
    ComboFix 10-02-11.04 - Fred 02/11/2010 18:45:51.1.2 - x86
    Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.3454.2082 [GMT -5:00]
    Running from: c:\users\Fred\Downloads\ComboFix.exe
    SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
    * Resident AV is active

    .

    ((((((((((((((((((((((((( Files Created from 2010-01-12 to 2010-02-12 )))))))))))))))))))))))))))))))
    .

    2010-02-12 00:02 . 2010-02-12 00:02 -------- d-----w- c:\users\Public\AppData\Local\temp
    2010-02-12 00:02 . 2010-02-12 00:02 -------- d-----w- c:\users\DZH~1.OLY\AppData\Local\temp
    2010-02-12 00:02 . 2010-02-12 00:02 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-02-11 20:54 . 2010-02-11 20:54 -------- d-----w- c:\users\Fred\AppData\Roaming\HPAppData
    2010-02-11 20:54 . 2010-02-11 20:54 385024 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{77DCD6F8-6990-39DD-A30C-DF71DD740DA5}-iS3UI5.dll
    2010-02-11 20:52 . 2010-02-11 20:52 -------- d-----w- c:\users\Fred\AppData\Local\Threat Expert
    2010-02-10 18:09 . 2010-02-10 18:09 1056768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{1A2D0C2E-5EED-0628-94BE-20AA69FA49A7}-$REKQ5YW.exe
    2010-02-10 18:08 . 2010-02-10 18:08 1056768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{637BD3DB-F3F5-F124-3A07-8BE72DE10F00}-$RN616PX.exe
    2010-02-10 17:45 . 2010-02-10 17:45 1056768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{15E5B4D8-C7D1-2F32-C01C-B3DEFA8BC352}-Assistant.exe
    2010-02-10 00:50 . 2009-12-08 11:40 3955288 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2010-02-10 00:50 . 2009-12-08 11:32 292864 ----a-w- c:\windows\system32\apphelp.dll
    2010-02-10 00:50 . 2009-12-08 11:40 3899464 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-02-10 00:27 . 2009-12-08 08:05 310784 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-02-10 00:27 . 2009-12-08 08:05 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2010-02-10 00:26 . 2009-12-19 09:02 1328640 ----a-w- c:\windows\system32\quartz.dll
    2010-02-10 00:26 . 2009-12-19 09:02 31744 ----a-w- c:\windows\system32\msvidc32.dll
    2010-02-10 00:26 . 2009-12-19 09:02 84480 ----a-w- c:\windows\system32\mciavi32.dll
    2010-02-10 00:26 . 2009-12-19 09:02 22016 ----a-w- c:\windows\system32\msyuv.dll
    2010-02-10 00:26 . 2009-12-19 09:02 50176 ----a-w- c:\windows\system32\iyuv_32.dll
    2010-02-10 00:26 . 2009-12-19 09:02 91648 ----a-w- c:\windows\system32\avifil32.dll
    2010-02-10 00:26 . 2009-12-19 09:02 12288 ----a-w- c:\windows\system32\tsbyuv.dll
    2010-02-10 00:26 . 2009-12-19 09:02 13312 ----a-w- c:\windows\system32\msrle32.dll
    2010-02-10 00:26 . 2010-01-08 03:18 221184 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2010-02-10 00:26 . 2010-01-08 03:17 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2010-02-10 00:25 . 2010-01-18 23:29 365568 ----a-w- c:\windows\system32\secproc_isv.dll
    2010-02-10 00:25 . 2010-01-18 23:29 369152 ----a-w- c:\windows\system32\secproc.dll
    2010-02-10 00:25 . 2010-01-18 23:28 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
    2010-02-10 00:25 . 2010-01-18 23:28 320512 ----a-w- c:\windows\system32\RMActivate.exe
    2010-02-10 00:25 . 2010-01-18 23:29 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
    2010-02-10 00:25 . 2010-01-18 23:29 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
    2010-02-10 00:25 . 2010-01-18 23:28 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
    2010-02-10 00:25 . 2010-01-18 23:28 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
    2010-02-09 05:10 . 2010-02-09 05:10 1724728 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{1E9CF5D5-80CD-09F1-CC34-3BE3B36BB112}-CCleaner.exe
    2010-02-08 15:53 . 2010-02-08 15:55 -------- d-----w- c:\users\Fred\AppData\Roaming\Easy Thumbnails
    2010-02-07 16:09 . 2009-11-10 15:26 767952 ----a-w- c:\windows\BDTSupport.dll
    2010-02-07 16:09 . 2009-11-10 15:28 149456 ----a-w- c:\windows\SGDetectionTool.dll
    2010-02-07 16:09 . 2009-10-28 06:36 1152444 ----a-w- c:\windows\UDB.zip
    2010-02-07 16:09 . 2008-11-26 17:08 131 ----a-w- c:\windows\IDB.zip
    2010-02-07 16:09 . 2009-11-10 15:28 165840 ----a-w- c:\windows\PCTBDRes.dll
    2010-02-07 16:09 . 2009-11-10 15:28 1640400 ----a-w- c:\windows\PCTBDCore.dll
    2010-02-07 16:09 . 2009-10-30 16:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
    2010-02-07 16:09 . 2009-10-30 16:09 98600 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
    2010-02-07 16:08 . 2009-11-09 16:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
    2010-02-07 16:08 . 2009-10-06 21:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
    2010-02-07 16:08 . 2009-09-03 14:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
    2010-02-07 16:06 . 2010-02-07 16:09 -------- d-----w- c:\program files\Common Files\PC Tools
    2010-02-07 16:06 . 2010-02-11 23:05 -------- d-----w- c:\program files\Spyware Doctor
    2010-02-07 16:06 . 2010-02-07 16:06 -------- d-----w- c:\users\Fred\AppData\Roaming\PC Tools
    2010-02-07 05:14 . 2010-02-07 05:17 -------- d-----w- c:\users\Fred\AppData\Roaming\QuickScan
    2010-02-07 05:13 . 2010-01-11 22:33 789320 ----a-w- c:\users\Fred\AppData\Roaming\Mozilla\Firefox\Profiles\5uvqh77u.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
    2010-02-07 05:13 . 2010-01-11 22:32 698184 ----a-w- c:\users\Fred\AppData\Roaming\Mozilla\Firefox\Profiles\5uvqh77u.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
    2010-02-06 15:12 . 2010-02-06 15:12 -------- dc----w- c:\programdata\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
    2010-02-06 00:34 . 2010-02-07 16:06 -------- d-----w- c:\programdata\PC Tools
    2010-02-05 22:38 . 2010-02-05 22:38 0 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{EDA09200-65E6-4359-93FF-B64E07FAEDA2}-Spy Sweeper Trail Reset!.exe
    2010-02-05 22:38 . 2010-02-05 22:38 0 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{C3D8DE87-C0DA-4575-B142-C0CC30EC86C2}-Spy Sweeper Trail Reset!.exe
    2010-02-05 22:38 . 2010-02-05 22:38 0 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{43D4EB3B-5228-43A3-B046-3F052E9CEF27}-Spy Sweeper Trail Reset!.exe
    2010-02-05 22:38 . 2010-02-05 22:38 0 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{33156D32-FD82-465F-9F74-836C647A23D1}-Spy Sweeper Trail Reset!.exe
    2010-02-05 22:38 . 2010-02-05 22:38 0 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{23076EDC-276D-4117-8BD8-7616D85B6FEC}-Spy Sweeper Trail Reset!.exe
    2010-02-05 22:38 . 2010-02-05 22:38 0 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{09A121DD-34F1-42F7-A119-E9329C53F565}-Spy Sweeper Trail Reset!.exe
    2010-02-05 22:37 . 2010-02-05 22:37 0 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{DE74F754-EBBB-4433-BC71-C3C804145256}-Spy Sweeper Trail Reset!.exe
    2010-02-05 22:37 . 2010-02-05 22:37 0 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{6B0544FB-7F8B-4211-8F71-DE8BDCEACB4D}-Spy Sweeper Trail Reset!.exe
    2010-02-05 22:36 . 2010-02-05 22:36 0 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{157D584B-27D3-4C27-8595-8407F1101C71}-Spy Sweeper Trail Reset!.exe
    2010-02-05 01:02 . 2010-02-05 02:52 -------- d-----w- c:\users\Fred\AppData\Local\Ashampoo Music Studio 3
    2010-02-04 17:24 . 2010-02-04 17:24 -------- d-----w- c:\program files\Creative Home
    2010-02-04 15:31 . 2010-02-12 00:03 -------- d-----w- c:\users\Fred\AppData\Local\temp
    2010-02-04 14:10 . 2010-02-04 15:07 -------- d-----w- c:\program files\Enigma Software Group
    2010-02-04 12:14 . 2010-02-04 12:14 164 ----a-w- c:\windows\install.dat
    2010-02-04 05:16 . 2010-02-04 05:16 -------- d-----w- c:\program files\MSSOAP
    2010-02-04 03:49 . 2010-02-04 03:49 43094016 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{B950C6AC-7BDB-45C9-A9F8-A020277C5B27}-ashampoo_office2008_310_fm.exe
    2010-02-04 03:49 . 2010-02-04 03:49 43094016 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{7C84BA20-B8BD-405F-AABF-AA170A554DA2}-ashampoo_office2008_310_fm.exe
    2010-02-04 03:48 . 2010-02-04 03:48 43094016 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{3E516F9E-C9F3-4483-9684-B5765280A26B}-ashampoo_office2008_310_fm.exe
    2010-02-04 03:47 . 2010-02-04 03:47 43094016 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{82113ADB-91DB-4E9F-8F38-317C918071E0}-ashampoo_office2008_310_fm.exe
    2010-02-04 03:47 . 2010-02-04 03:47 43094016 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{86859B24-C248-4267-B458-5DBAEBF261BC}-ashampoo_office2008_310_fm.exe
    2010-02-04 03:45 . 2010-02-04 03:45 67740 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{6DCE3DAC-58B3-4CCC-98D9-D6D221C118B1}-keygen.exe
    2010-02-04 03:44 . 2010-02-04 03:44 67740 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{BA014A5E-4487-42F4-A4A7-507C699E3AF0}-keygen.exe
    2010-02-04 02:23 . 2010-02-11 20:52 -------- d-----w- c:\programdata\SITEguard
    2010-02-04 02:23 . 2010-02-04 02:23 -------- d-----w- c:\program files\Common Files\iS3
    2010-02-04 02:22 . 2010-02-11 20:55 -------- d-----w- c:\programdata\STOPzilla!
    2010-02-04 01:45 . 2010-02-04 01:55 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
    2010-02-04 01:43 . 2010-02-04 01:53 -------- d-----w- c:\programdata\Hitman Pro
    2010-02-03 04:14 . 2010-02-03 04:14 102400 --sha-r- c:\windows\system32\sppsvcb.dll
    2010-02-02 20:19 . 2010-02-02 20:19 -------- d-----w- c:\users\Fred\AppData\Roaming\Foxit Software
    2010-02-02 19:43 . 2010-02-02 19:43 -------- d-----w- c:\users\Fred\AppData\Roaming\Foxit
    2010-02-02 19:43 . 2010-02-02 19:43 -------- d-----w- c:\program files\Foxit Software
    2010-02-02 18:40 . 2010-02-02 18:58 -------- d-----w- c:\users\Fred\AppData\Roaming\WinMount
    2010-02-02 18:39 . 2010-02-02 18:39 41776 ----a-w- c:\windows\system32\drivers\WMDrive.sys
    2010-02-02 05:39 . 2010-02-02 05:39 -------- d-----w- c:\program files\Common Files\Macrovision Shared
    2010-02-02 05:38 . 2008-04-07 10:38 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
    2010-02-02 04:09 . 2010-02-02 04:09 -------- d-----w- c:\programdata\FLEXnet
    2010-01-30 20:29 . 2010-01-30 20:30 -------- d-----w- c:\program files\NVIDIA Corporation
    2010-01-30 20:28 . 2010-01-12 04:03 68200 ----a-w- c:\windows\system32\OpenCL.dll
    2010-01-30 20:28 . 2010-01-12 04:03 14924392 ----a-w- c:\windows\system32\nvoglv32.dll
    2010-01-30 20:28 . 2010-01-12 04:03 11586280 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
    2010-01-30 20:28 . 2010-01-12 04:03 4077672 ----a-w- c:\windows\system32\nvcuvenc.dll
    2010-01-30 20:28 . 2010-01-12 04:03 4061800 ----a-w- c:\windows\system32\nvcuda.dll
    2010-01-30 20:28 . 2010-01-12 04:03 2243176 ----a-w- c:\windows\system32\nvcuvid.dll
    2010-01-30 20:28 . 2010-01-12 04:03 182888 ----a-w- c:\windows\system32\nvcod189.dll
    2010-01-30 20:28 . 2010-01-12 04:03 182888 ----a-w- c:\windows\system32\nvcod.dll
    2010-01-30 20:28 . 2010-01-12 04:03 11639400 ----a-w- c:\windows\system32\nvcompiler.dll
    2010-01-30 20:28 . 2010-01-30 20:28 -------- d-----w- C:\NVIDIA
    2010-01-30 20:01 . 2010-01-30 20:02 -------- d-----w- c:\program files\SystemRequirementsLab
    2010-01-30 20:01 . 2010-01-30 20:01 -------- d-----w- c:\users\Fred\AppData\Roaming\SystemRequirementsLab
    2010-01-30 20:01 . 2010-01-30 20:01 290816 ----a-w- c:\users\Fred\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_4.dll
    2010-01-30 20:01 . 2010-01-30 20:01 290816 ----a-w- c:\users\Fred\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_3.dll
    2010-01-30 20:01 . 2010-01-30 20:01 290816 ----a-w- c:\users\Fred\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_2.dll
    2010-01-30 20:01 . 2010-01-30 20:01 290816 ----a-w- c:\users\Fred\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_1.dll
    2010-01-29 21:30 . 2010-01-29 21:31 -------- d-----w- c:\users\Fred\AppData\Roaming\pdf995
    2010-01-29 21:29 . 2010-01-29 21:31 -------- d-----w- c:\programdata\pdf995
    2010-01-29 21:29 . 2010-01-29 21:29 51716 ----a-w- c:\windows\system32\pdf995mon.dll
    2010-01-29 21:29 . 2010-01-29 21:29 249856 ----a-w- c:\windows\system32\pdfmona.dll
    2010-01-29 21:29 . 2007-08-24 16:13 142 ----a-w- c:\windows\wpd99.drv
    2010-01-29 21:29 . 2009-07-14 01:15 203264 ----a-w- c:\windows\system32\wbem\framedyn.dll
    2010-01-29 17:47 . 2010-01-29 17:48 2888440 ----a-w- c:\programdata\TaxCut\2009\Downloads\HRBlockGA.exe
    2010-01-29 16:39 . 2010-01-29 16:44 16832384 ----a-w- c:\programdata\TaxCut\2009\Update\US57016001xupd.exe
    2010-01-28 13:53 . 2010-01-28 13:53 15524808 ----a-w- c:\programdata\TaxCut\2009\Update\US30025701xupd.exe
    2010-01-28 13:51 . 2010-01-29 21:31 -------- d-----w- c:\users\Fred\AppData\Roaming\TaxCut
    2010-01-28 13:48 . 2010-01-29 21:29 -------- d-----w- c:\program files\PDF995
    2010-01-28 13:48 . 2010-01-28 13:49 -------- d-----w- c:\program files\HRBlock2009
    2010-01-28 13:47 . 2010-01-28 13:47 -------- d-----w- c:\programdata\TaxCut
    2010-01-26 20:15 . 2009-10-31 05:45 2614272 ----a-w- c:\windows\explorer.exe
    2010-01-26 20:15 . 2009-10-28 06:17 285696 ----a-w- c:\windows\system32\winlogon.exe
    2010-01-26 20:15 . 2009-10-24 04:00 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
    2010-01-26 20:15 . 2009-10-24 03:58 41984 ----a-w- c:\windows\system32\drivers\usbehci.sys
    2010-01-25 18:50 . 2010-01-25 19:11 -------- d-----w- c:\users\Fred\AppData\Local\Quicken WillMaker
    2010-01-23 01:17 . 2010-01-23 01:33 -------- d-----w- c:\users\Fred\AppData\Local\WMTools Downloaded Files

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-02-11 23:43 . 2009-11-23 16:01 -------- d-----w- c:\users\Fred\AppData\Roaming\uTorrent
    2010-02-11 20:52 . 2010-02-11 20:51 856 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
    2010-02-11 20:50 . 2009-12-10 13:58 -------- d-----w- c:\users\Fred\AppData\Roaming\Dropbox
    2010-02-11 14:09 . 2009-11-23 17:26 -------- d-----w- c:\users\Fred\AppData\Roaming\Vso
    2010-02-10 19:41 . 2009-11-23 15:38 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2010-02-06 22:46 . 2009-12-22 02:10 -------- d-----w- c:\users\Fred\AppData\Roaming\1st Free Solitaire
    2010-02-06 16:34 . 2009-12-12 02:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-02-06 05:06 . 2009-11-23 14:42 -------- d-----w- c:\programdata\HP
    2010-02-06 03:52 . 2009-12-02 21:49 -------- d-----w- c:\users\Fred\AppData\Roaming\dvdcss
    2010-02-05 03:24 . 2010-01-06 04:13 -------- d-----w- c:\users\Fred\AppData\Roaming\AVS4YOU
    2010-02-05 03:23 . 2010-01-06 04:10 -------- d-----w- c:\program files\AVS4YOU
    2010-02-05 02:19 . 2010-02-05 02:18 -------- d-----w- c:\users\Fred\AppData\Roaming\FreeAudioPack
    2010-02-05 02:10 . 2009-12-06 23:56 -------- d--h--w- c:\users\Fred\AppData\Roaming\InAlbumTemp
    2010-02-05 01:43 . 2009-12-03 21:27 -------- d-----w- c:\users\Fred\AppData\Roaming\LimeWire
    2010-02-04 16:40 . 2009-11-23 14:15 249768 ----a-w- c:\users\Fred\AppData\Local\GDIPFONTCACHEV1.DAT
    2010-02-04 16:37 . 2009-12-17 01:58 -------- d-----w- c:\programdata\Creative Home
    2010-02-04 16:36 . 2009-12-17 02:07 -------- d-----w- c:\users\Fred\AppData\Roaming\Creative Home
    2010-02-02 04:04 . 2009-11-23 16:24 -------- d-----w- c:\program files\Common Files\Adobe
    2010-01-30 20:30 . 2009-12-24 22:11 -------- d-----w- c:\programdata\NVIDIA
    2010-01-20 20:36 . 2009-11-23 14:15 -------- d-----w- c:\program files\Common Files\AnswerWorks 5.0
    2010-01-20 20:32 . 2009-12-14 14:42 -------- d-----w- c:\program files\TurboTax
    2010-01-20 13:36 . 2009-12-06 14:21 -------- d-----w- c:\program files\Microsoft Silverlight
    2010-01-14 16:12 . 2009-11-23 13:16 181120 ------w- c:\windows\system32\MpSigStub.exe
    2010-01-13 16:44 . 2010-01-07 01:10 -------- d-----w- c:\users\Fred\AppData\Roaming\vlc
    2010-01-12 04:03 . 2010-01-30 20:28 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
    2010-01-12 04:03 . 2009-09-28 04:12 592488 ----a-w- c:\windows\system32\nvudisp.exe
    2010-01-12 04:03 . 2009-09-28 04:12 1280616 ----a-w- c:\windows\system32\nvapi.dll
    2010-01-12 04:03 . 2009-06-10 21:19 9388648 ----a-w- c:\windows\system32\nvd3dum.dll
    2010-01-12 03:18 . 2010-01-12 03:18 962664 ----a-w- c:\windows\system32\nvsvc.dll
    2010-01-12 03:18 . 2010-01-12 03:18 13679720 ----a-w- c:\windows\system32\nvcpl.dll
    2010-01-12 03:18 . 2010-01-12 03:18 129640 ----a-w- c:\windows\system32\nvvsvc.exe
    2010-01-12 03:18 . 2010-01-12 03:18 110696 ----a-w- c:\windows\system32\nvmctray.dll
    2010-01-11 19:13 . 2009-11-30 16:06 -------- d-----w- c:\users\Fred\AppData\Roaming\HpUpdate
    2010-01-09 21:20 . 2010-01-09 21:20 -------- d-----w- c:\program files\VSO
    2010-01-09 13:15 . 2010-01-02 19:40 5115824 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2010-01-08 17:10 . 2010-01-08 17:10 -------- d-----w- c:\users\Fred\AppData\Roaming\Moyea
    2010-01-08 17:09 . 2010-01-08 17:09 -------- d-----w- c:\program files\Moyea
    2010-01-07 21:07 . 2009-12-12 02:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-01-07 21:07 . 2009-12-12 02:23 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-01-07 14:23 . 2010-01-07 14:23 -------- dc-h--w- c:\programdata\{EFE627F2-85B4-425A-99CB-4FF4189D5429}
    2010-01-07 01:53 . 2009-11-23 15:48 -------- d-----w- c:\programdata\RegCure
    2010-01-07 01:51 . 2010-01-07 01:51 -------- d-----w- c:\program files\ffdshow
    2010-01-06 04:10 . 2009-11-23 22:30 -------- d-----w- c:\program files\Common Files\AVSMedia
    2010-01-06 03:49 . 2009-11-23 22:39 -------- d-----w- c:\users\Fred\AppData\Roaming\AVSMedia
    2010-01-05 02:10 . 2010-01-05 01:38 23124 ----a-w- c:\windows\hpqins15.dat
    2010-01-02 18:16 . 2010-01-02 18:16 -------- d-----w- c:\program files\Photodex Presenter
    2010-01-02 18:16 . 2010-01-02 18:16 -------- d-----w- c:\users\Fred\AppData\Roaming\Netscape
    2010-01-02 18:16 . 2010-01-02 18:15 -------- d-----w- c:\programdata\Photodex
    2010-01-02 15:56 . 2009-12-06 23:48 -------- d-----w- c:\users\Fred\AppData\Roaming\Photodex
    2009-12-30 03:32 . 2009-11-23 20:19 -------- d-----w- c:\programdata\vsosdk
    2009-12-29 16:55 . 2009-12-29 16:55 -------- d-----w- c:\program files\Karen's Power Tools
    2009-12-29 16:55 . 2009-12-29 16:55 -------- d-----w- c:\programdata\Karen's Power Tools
    2009-12-29 14:10 . 2009-12-29 14:09 -------- d-----w- c:\program files\gs
    2009-12-25 03:54 . 2009-12-25 03:54 -------- d-----w- c:\program files\Ultra Video Joiner
    2009-12-25 02:35 . 2009-12-25 02:35 -------- d-----w- c:\users\Fred\AppData\Roaming\Media Player Classic
    2009-12-24 04:57 . 2009-12-24 04:57 -------- d-----w- c:\program files\Common Files\Common Share
    2009-12-24 04:35 . 2009-12-24 04:35 -------- d-----w- c:\program files\Coupons
    2009-12-22 03:53 . 2009-12-02 04:29 -------- d-----w- c:\program files\QuickTime
    2009-12-22 03:53 . 2009-12-22 03:53 -------- d-----w- c:\programdata\Apple Computer
    2009-12-22 03:52 . 2009-12-04 03:32 -------- d-----w- c:\program files\Apple Software Update
    2009-12-22 02:10 . 2009-12-22 02:10 -------- d-----w- c:\program files\1st Free Solitaire
    2009-12-21 14:26 . 2009-12-21 14:26 -------- d-----w- c:\program files\XviD
    2009-12-20 19:21 . 2009-11-23 14:15 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-12-20 19:19 . 2009-12-19 00:37 36864 ----a-w- c:\programdata\TEMP\{80E158EA-7181-40FE-A701-301CE6BE64AB}\PostBuild.exe
    2009-12-19 00:42 . 2009-12-18 21:13 -------- d-----w- c:\programdata\CyberLink
    2009-12-18 21:17 . 2009-12-18 21:09 36864 ----a-w- c:\programdata\TEMP\{E3739848-5329-48E3-8D28-5BBD6E8BE384}\PostBuild.exe
    2009-12-18 21:14 . 2009-12-18 21:14 -------- d-----w- c:\users\Fred\AppData\Roaming\CyberLink
    2009-12-17 20:43 . 2009-12-17 20:42 -------- d-----w- c:\program files\Paint.NET
    2009-12-15 19:33 . 2009-12-04 23:39 -------- d-----w- c:\programdata\Avery
    2009-12-15 14:55 . 2009-12-15 14:54 -------- dc-h--w- c:\programdata\{B10A9EE2-3B21-44A2-A778-D14E0C4BB591}
    2009-12-14 20:33 . 2009-12-14 20:24 -------- d-----w- c:\program files\Lame for Audacity
    2009-12-14 20:23 . 2009-12-14 20:23 -------- d-----w- c:\program files\Audacity
    2009-12-14 20:21 . 2009-12-14 20:21 -------- d-----w- c:\program files\BitPim
    2009-12-14 19:15 . 2009-12-14 19:15 2146304 ----a-w- c:\windows\system32\GPhotos.scr
    2009-12-14 15:37 . 2009-12-14 15:37 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
    2009-12-14 15:27 . 2009-12-14 15:27 -------- d-----w- c:\program files\LG Electronics
    2009-12-14 14:45 . 2009-11-23 14:15 -------- d-----w- c:\users\Fred\AppData\Roaming\Intuit
    2009-12-14 14:43 . 2009-11-23 14:14 -------- d-----w- c:\programdata\Intuit
    2009-12-14 14:42 . 2009-11-23 14:14 -------- d-----w- c:\program files\Common Files\Intuit
    2009-12-11 20:36 . 2009-12-11 20:36 3175784 ----a-w- c:\users\Fred\AppData\Roaming\Uniblue\RegistryBooster 2010\_temp\ub.exe
    2009-12-10 13:59 . 2009-12-10 13:59 89962 ----a-w- c:\users\Fred\AppData\Roaming\Dropbox\bin\Uninstall.exe
    2009-12-07 23:11 . 2009-12-07 23:11 22486 ----a-r- c:\users\Fred\AppData\Roaming\Microsoft\Installer\{439800C9-FD42-4EA3-94D2-063DF0926873}\_12db153c.exe
    2009-12-03 21:27 . 2009-12-03 21:27 77824 ----a-w- c:\users\Fred\AppData\Roaming\LimeWire\browser\xulrunner\xpicleanup.exe
    2009-12-03 21:27 . 2009-12-03 21:27 20480 ----a-w- c:\users\Fred\AppData\Roaming\LimeWire\browser\xulrunner\components\autoconfig.dll
    2009-12-02 04:28 . 2009-12-02 04:28 59 ----a-w- c:\windows\system32\fire.bat
    2009-11-30 18:09 . 2009-11-30 18:09 114688 ----a-w- c:\windows\keymail.dll
    2009-11-23 19:44 . 2009-11-23 19:44 411368 ----a-w- c:\windows\system32\deploytk.dll
    2009-11-23 17:26 . 2009-11-23 17:26 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
    2009-11-23 17:26 . 2009-11-23 17:26 47360 ----a-w- c:\users\Fred\AppData\Roaming\pcouffin.sys
    2009-11-23 17:26 . 2009-11-23 17:26 47360 ----a-w- c:\users\Fred\AppData\Roaming\pcouffin.sys
    2009-11-23 15:10 . 2009-11-23 15:03 202387 ----a-w- c:\windows\hpoins18.dat
    2009-11-23 14:29 . 1996-08-30 22:02 13824 ----a-w- c:\windows\system32\LAYOUT.DLL
    2009-11-23 14:17 . 2009-11-23 14:17 6725632 ----a-w- c:\programdata\Intuit\Quicken\Inet\Common\patch\Update\181625-18178.dll
    2009-11-23 14:16 . 2009-11-23 14:16 3616768 ----a-w- c:\programdata\Intuit\Quicken\Inet\Common\patch\Update\181311-181414.dll
    2009-11-23 14:16 . 2009-11-23 14:16 2904064 ----a-w- c:\programdata\Intuit\Quicken\Inet\Common\patch\Update\18154-181625.dll
    2009-11-23 14:15 . 2009-11-23 14:15 1536000 ----a-w- c:\programdata\Intuit\Quicken\Inet\Common\patch\Update\181414-18154.dll
    2009-11-23 14:15 . 2009-11-23 14:15 1007616 ----a-w- c:\programdata\Intuit\Quicken\Inet\Common\patch\Update\181129-181212.dll
    2009-11-23 14:15 . 2009-11-23 14:15 811008 ----a-w- c:\programdata\Intuit\Quicken\Inet\Common\patch\Update\181212-181311.dll
    2009-11-23 14:15 . 2009-11-23 14:15 245760 ----a-w- c:\programdata\Intuit\Quicken\Inet\Common\patch\Update\QWPATCH.EXE
    2009-11-23 14:15 . 2009-11-23 14:15 223584 ----a-w- c:\programdata\Intuit\Quicken\Inet\Common\patch\Update\patchw32.dll
    2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
    2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @= "{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2009-10-08 21:18 77824 ----a-w- c:\users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt.3.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @= "{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2009-10-08 21:18 77824 ----a-w- c:\users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt.3.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @= "{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2009-10-08 21:18 77824 ----a-w- c:\users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt.3.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer "= "h:\program files\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    "Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpqSRMon "= "c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
    "Mindful 2 "= "c:\program files\Felitec\Mindful 2\Mindful.exe" [2009-04-04 471040]
    "{0228e555-4f9c-4e35-a3ec-b109a192b4c2} "= "c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
    "SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-11-23 149280]
    "HP Software Update "= "c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
    "Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
    "Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
    "Adobe Acrobat Speed Launcher "= "c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
    "Acrobat Assistant 8.0 "= "c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
    "Malwarebytes' Anti-Malware "= "c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-01-07 429392]
    "ISTray "= "c:\program files\Spyware Doctor\pctsTray.exe" [2009-11-18 1243088]

    c:\users\Fred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Fred\AppData\Roaming\Dropbox\bin\Dropbox.exe [2009-10-8 26805255]
    ESET Smart Security.lnk - c:\program files\ESET\ESET Smart Security\egui.exe [2009-11-16 2054360]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin "= 5 (0x5)
    "ConsentPromptBehaviorUser "= 3 (0x3)
    "EnableUIADesktopToggle "= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux "=wdmaud.drv

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @= "Service "
    path=
    backup=
    backupExtension=Common Startup

    R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [2/7/2010 11:08 AM 207792]
    R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [11/16/2009 9:03 AM 108792]
    R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2/7/2010 11:09 AM 112592]
    R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [11/16/2009 9:04 AM 735960]
    R2 epfwwfp;epfwwfp;c:\windows\System32\drivers\epfwwfp.sys [11/16/2009 9:06 AM 38240]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/5/2010 9:02 AM 236368]
    R2 SBSDWSCService;SBSD Security Center Service;h:\program files\Spybot - Search & Destroy\Spybot - Search & Destroy\SDWinSec.exe [1/9/2010 8:53 AM 1153368]
    R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2/9/2010 8:05 PM 359624]
    R3 MBAMProtector;MBAMProtector;c:\windows\System32\drivers\mbam.sys [12/11/2009 9:23 PM 19160]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\System32\drivers\MpNWMon.sys [6/18/2009 6:48 PM 42480]
    R3 VST_DPV;VST_DPV;c:\windows\System32\drivers\VSTDPV3.SYS [7/13/2009 5:13 PM 980992]
    R3 VSTHWBS2;VSTHWBS2;c:\windows\System32\drivers\VSTBS23.SYS [7/13/2009 5:13 PM 266752]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    HPService REG_MULTI_SZ HPSLPSVC
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    getPlusHelper REG_MULTI_SZ getPlusHelper
    .
    .
    ------- Supplementary Scan -------
    .
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    Trusted Zone: intuit.com\ttlc
    FF - ProfilePath - c:\users\Fred\AppData\Roaming\Mozilla\Firefox\Profiles\5uvqh77u.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
    FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
    FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
    FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
    FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
    FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
    FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
    FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
    FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
    FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
    FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
    FF - component: c:\users\Fred\AppData\Roaming\Mozilla\Firefox\Profiles\5uvqh77u.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
    FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
    FF - plugin: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: c:\program files\Photodex Presenter\npPxPlay.dll
    FF - plugin: c:\users\Fred\AppData\Roaming\Mozilla\Firefox\Profiles\5uvqh77u.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
    FF - plugin: c:\users\Fred\AppData\Roaming\Mozilla\Firefox\Profiles\5uvqh77u.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true.
    - - - - ORPHANS REMOVED - - - -

    WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)


    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-1306462997-134322713-302931799-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FA089CD4-D770-73C2-9E59-136E9B0FF8F8}*]
    @Allowed: (Read) (RestrictedCode)
    "eancpbmobd "=hex:66,61,6c,66,61,68,62,70,6a,66,6f,62,00,00
    "daocgbhp "=hex:64,62,6a,67,6b,67,62,6d,62,61,65,65,64,66,63,70,66,70,6b,64,67,
    62,6e,6c,6c,6c,62,61,6f,6a,6f,6d,6e,67,6a,6b,6e,6d,69,66,00,00
    "iafgagoiedgbafoika "=hex:6b,61,62,62,69,6a,6b,6f,66,6c,6c,68,6f,69,63,6b,6a,6d,
    66,64,6a,62,00,00
    "hadfgldiflahhoca "=hex:6b,61,62,62,69,6a,6b,6f,66,6c,6c,68,6f,69,63,6b,6a,6d,
    66,64,6a,62,00,00

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'Explorer.exe'(5772)
    c:\users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt.3.dll
    .
    Completion time: 2010-02-11 19:08:14
    ComboFix-quarantined-files.txt 2010-02-12 00:08
    ComboFix2.txt 2010-02-04 15:31

    Pre-Run: 211,692,056,576 bytes free
    Post-Run: 211,698,974,720 bytes free

    - - End Of File - - 8FE71487AE9108F0AF9A89ACE0F7C437
     
  9. 2010/02/11
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\windows\system32\sppsvcb.dll
    c:\windows\system32\drivers\kgpcpy.cfg
    
    
    Folder::
    
    Driver::
    
    Registry::
    
    RegLockDel::
    
    

    3. Save the above as CFScript.txt

    4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
    • A new HijackThis log.
     
  10. 2010/02/11
    Fredb38

    Fredb38 Well-Known Member Thread Starter

    Joined:
    2003/05/30
    Messages:
    182
    Likes Received:
    0
    ComboFix 10-02-11.04 - Fred 02/11/2010 19:46:02.2.2 - x86
    Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.3454.2150 [GMT -5:00]
    Running from: c:\users\Fred\Downloads\ComboFix.exe
    Command switches used :: c:\users\Fred\Downloads\CFScript.txt
    SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
    * Resident AV is active


    FILE ::
    "c:\windows\system32\drivers\kgpcpy.cfg "
    "c:\windows\system32\sppsvcb.dll "
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\drivers\kgpcpy.cfg
    c:\windows\system32\sppsvcb.dll

    .
    ((((((((((((((((((((((((( Files Created from 2010-01-12 to 2010-02-12 )))))))))))))))))))))))))))))))
    .

    2010-02-12 01:01 . 2010-02-12 01:01 -------- d-----w- c:\users\Public\AppData\Local\temp
    2010-02-12 01:01 . 2010-02-12 01:01 -------- d-----w- c:\users\DZH~1.OLY\AppData\Local\temp
    2010-02-12 01:01 . 2010-02-12 01:01 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-02-11 20:54 . 2010-02-11 20:54 -------- d-----w- c:\users\Fred\AppData\Roaming\HPAppData
    2010-02-11 20:54 . 2010-02-11 20:54 385024 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{77DCD6F8-6990-39DD-A30C-DF71DD740DA5}-iS3UI5.dll
    2010-02-11 20:52 . 2010-02-11 20:52 -------- d-----w- c:\users\Fred\AppData\Local\Threat Expert
    2010-02-10 18:09 . 2010-02-10 18:09 1056768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{1A2D0C2E-5EED-0628-94BE-20AA69FA49A7}-$REKQ5YW.exe
    2010-02-10 18:08 . 2010-02-10 18:08 1056768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{637BD3DB-F3F5-F124-3A07-8BE72DE10F00}-$RN616PX.exe
    2010-02-10 17:45 . 2010-02-10 17:45 1056768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{15E5B4D8-C7D1-2F32-C01C-B3DEFA8BC352}-Assistant.exe
    2010-02-10 00:50 . 2009-12-08 11:40 3955288 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2010-02-10 00:50 . 2009-12-08 11:32 292864 ----a-w- c:\windows\system32\apphelp.dll
    2010-02-10 00:50 . 2009-12-08 11:40 3899464 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-02-10 00:27 . 2009-12-08 08:05 310784 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-02-10 00:27 . 2009-12-08 08:05 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2010-02-10 00:26 . 2009-12-19 09:02 1328640 ----a-w- c:\windows\system32\quartz.dll
    2010-02-10 00:26 . 2009-12-19 09:02 31744 ----a-w- c:\windows\system32\msvidc32.dll
    2010-02-10 00:26 . 2009-12-19 09:02 84480 ----a-w- c:\windows\system32\mciavi32.dll
    2010-02-10 00:26 . 2009-12-19 09:02 22016 ----a-w- c:\windows\system32\msyuv.dll
    2010-02-10 00:26 . 2009-12-19 09:02 50176 ----a-w- c:\windows\system32\iyuv_32.dll
    2010-02-10 00:26 . 2009-12-19 09:02 91648 ----a-w- c:\windows\system32\avifil32.dll
    2010-02-10 00:26 . 2009-12-19 09:02 12288 ----a-w- c:\windows\system32\tsbyuv.dll
    2010-02-10 00:26 . 2009-12-19 09:02 13312 ----a-w- c:\windows\system32\msrle32.dll
    2010-02-10 00:26 . 2010-01-08 03:18 221184 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2010-02-10 00:26 . 2010-01-08 03:17 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2010-02-10 00:25 . 2010-01-18 23:29 365568 ----a-w- c:\windows\system32\secproc_isv.dll
    2010-02-10 00:25 . 2010-01-18 23:29 369152 ----a-w- c:\windows\system32\secproc.dll
    2010-02-10 00:25 . 2010-01-18 23:28 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
    2010-02-10 00:25 . 2010-01-18 23:28 320512 ----a-w- c:\windows\system32\RMActivate.exe
    2010-02-10 00:25 . 2010-01-18 23:29 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
    2010-02-10 00:25 . 2010-01-18 23:29 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
    2010-02-10 00:25 . 2010-01-18 23:28 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
    2010-02-10 00:25 . 2010-01-18 23:28 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
    2010-02-09 05:10 . 2010-02-09 05:10 1724728 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{1E9CF5D5-80CD-09F1-CC34-3BE3B36BB112}-CCleaner.exe
    2010-02-08 15:53 . 2010-02-08 15:55 -------- d-----w- c:\users\Fred\AppData\Roaming\Easy Thumbnails
    2010-02-07 16:09 . 2009-11-10 15:26 767952 ----a-w- c:\windows\BDTSupport.dll
    2010-02-07 16:09 . 2009-11-10 15:28 149456 ----a-w- c:\windows\SGDetectionTool.dll
    2010-02-07 16:09 . 2009-10-28 06:36 1152444 ----a-w- c:\windows\UDB.zip
    2010-02-07 16:09 . 2008-11-26 17:08 131 ----a-w- c:\windows\IDB.zip
    2010-02-07 16:09 . 2009-11-10 15:28 165840 ----a-w- c:\windows\PCTBDRes.dll
    2010-02-07 16:09 . 2009-11-10 15:28 1640400 ----a-w- c:\windows\PCTBDCore.dll
    2010-02-07 16:09 . 2009-10-30 16:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
    2010-02-07 16:09 . 2009-10-30 16:09 98600 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
    2010-02-07 16:08 . 2009-11-09 16:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
    2010-02-07 16:08 . 2009-10-06 21:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
    2010-02-07 16:08 . 2009-09-03 14:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
    2010-02-07 16:06 . 2010-02-07 16:09 -------- d-----w- c:\program files\Common Files\PC Tools
    2010-02-07 16:06 . 2010-02-11 23:05 -------- d-----w- c:\program files\Spyware Doctor
    2010-02-07 16:06 . 2010-02-07 16:06 -------- d-----w- c:\users\Fred\AppData\Roaming\PC Tools
    2010-02-07 05:14 . 2010-02-07 05:17 -------- d-----w- c:\users\Fred\AppData\Roaming\QuickScan
    2010-02-07 05:13 . 2010-01-11 22:33 789320 ----a-w- c:\users\Fred\AppData\Roaming\Mozilla\Firefox\Profiles\5uvqh77u.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
    2010-02-07 05:13 . 2010-01-11 22:32 698184 ----a-w- c:\users\Fred\AppData\Roaming\Mozilla\Firefox\Profiles\5uvqh77u.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
    2010-02-06 15:12 . 2010-02-06 15:12 -------- dc----w- c:\programdata\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
    2010-02-06 00:34 . 2010-02-07 16:06 -------- d-----w- c:\programdata\PC Tools
    2010-02-05 22:38 . 2010-02-05 22:38 0 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{EDA09200-65E6-4359-93FF-B64E07FAEDA2}-Spy Sweeper Trail Reset!.exe
    2010-02-05 22:38 . 2010-02-05 22:38 0 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{C3D8DE87-C0DA-4575-B142-C0CC30EC86C2}-Spy Sweeper Trail Reset!.exe
    2010-02-05 22:38 . 2010-02-05 22:38 0 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{43D4EB3B-5228-43A3-B046-3F052E9CEF27}-Spy Sweeper Trail Reset!.exe
    2010-02-05 22:38 . 2010-02-05 22:38 0 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{33156D32-FD82-465F-9F74-836C647A23D1}-Spy Sweeper Trail Reset!.exe
    2010-02-05 22:38 . 2010-02-05 22:38 0 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{23076EDC-276D-4117-8BD8-7616D85B6FEC}-Spy Sweeper Trail Reset!.exe
    2010-02-05 22:38 . 2010-02-05 22:38 0 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{09A121DD-34F1-42F7-A119-E9329C53F565}-Spy Sweeper Trail Reset!.exe
    2010-02-05 22:37 . 2010-02-05 22:37 0 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{DE74F754-EBBB-4433-BC71-C3C804145256}-Spy Sweeper Trail Reset!.exe
    2010-02-05 22:37 . 2010-02-05 22:37 0 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{6B0544FB-7F8B-4211-8F71-DE8BDCEACB4D}-Spy Sweeper Trail Reset!.exe
    2010-02-05 22:36 . 2010-02-05 22:36 0 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{157D584B-27D3-4C27-8595-8407F1101C71}-Spy Sweeper Trail Reset!.exe
    2010-02-05 01:02 . 2010-02-05 02:52 -------- d-----w- c:\users\Fred\AppData\Local\Ashampoo Music Studio 3
    2010-02-04 17:24 . 2010-02-04 17:24 -------- d-----w- c:\program files\Creative Home
    2010-02-04 15:31 . 2010-02-12 01:02 -------- d-----w- c:\users\Fred\AppData\Local\temp
    2010-02-04 14:10 . 2010-02-04 15:07 -------- d-----w- c:\program files\Enigma Software Group
    2010-02-04 12:14 . 2010-02-04 12:14 164 ----a-w- c:\windows\install.dat
    2010-02-04 05:16 . 2010-02-04 05:16 -------- d-----w- c:\program files\MSSOAP
    2010-02-04 03:49 . 2010-02-04 03:49 43094016 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{B950C6AC-7BDB-45C9-A9F8-A020277C5B27}-ashampoo_office2008_310_fm.exe
    2010-02-04 03:49 . 2010-02-04 03:49 43094016 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{7C84BA20-B8BD-405F-AABF-AA170A554DA2}-ashampoo_office2008_310_fm.exe
    2010-02-04 03:48 . 2010-02-04 03:48 43094016 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{3E516F9E-C9F3-4483-9684-B5765280A26B}-ashampoo_office2008_310_fm.exe
    2010-02-04 03:47 . 2010-02-04 03:47 43094016 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{82113ADB-91DB-4E9F-8F38-317C918071E0}-ashampoo_office2008_310_fm.exe
    2010-02-04 03:47 . 2010-02-04 03:47 43094016 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{86859B24-C248-4267-B458-5DBAEBF261BC}-ashampoo_office2008_310_fm.exe
    2010-02-04 03:45 . 2010-02-04 03:45 67740 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{6DCE3DAC-58B3-4CCC-98D9-D6D221C118B1}-keygen.exe
    2010-02-04 03:44 . 2010-02-04 03:44 67740 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{BA014A5E-4487-42F4-A4A7-507C699E3AF0}-keygen.exe
    2010-02-04 02:23 . 2010-02-11 20:52 -------- d-----w- c:\programdata\SITEguard
    2010-02-04 02:23 . 2010-02-04 02:23 -------- d-----w- c:\program files\Common Files\iS3
    2010-02-04 02:22 . 2010-02-11 20:55 -------- d-----w- c:\programdata\STOPzilla!
    2010-02-04 01:45 . 2010-02-04 01:55 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
    2010-02-04 01:43 . 2010-02-04 01:53 -------- d-----w- c:\programdata\Hitman Pro
    2010-02-02 20:19 . 2010-02-02 20:19 -------- d-----w- c:\users\Fred\AppData\Roaming\Foxit Software
    2010-02-02 19:43 . 2010-02-02 19:43 -------- d-----w- c:\users\Fred\AppData\Roaming\Foxit
    2010-02-02 19:43 . 2010-02-02 19:43 -------- d-----w- c:\program files\Foxit Software
    2010-02-02 18:40 . 2010-02-02 18:58 -------- d-----w- c:\users\Fred\AppData\Roaming\WinMount
    2010-02-02 18:39 . 2010-02-02 18:39 41776 ----a-w- c:\windows\system32\drivers\WMDrive.sys
    2010-02-02 05:39 . 2010-02-02 05:39 -------- d-----w- c:\program files\Common Files\Macrovision Shared
    2010-02-02 05:38 . 2008-04-07 10:38 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
    2010-02-02 04:09 . 2010-02-02 04:09 -------- d-----w- c:\programdata\FLEXnet
    2010-01-30 20:29 . 2010-01-30 20:30 -------- d-----w- c:\program files\NVIDIA Corporation
    2010-01-30 20:28 . 2010-01-12 04:03 68200 ----a-w- c:\windows\system32\OpenCL.dll
    2010-01-30 20:28 . 2010-01-12 04:03 14924392 ----a-w- c:\windows\system32\nvoglv32.dll
    2010-01-30 20:28 . 2010-01-12 04:03 11586280 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
    2010-01-30 20:28 . 2010-01-12 04:03 4077672 ----a-w- c:\windows\system32\nvcuvenc.dll
    2010-01-30 20:28 . 2010-01-12 04:03 4061800 ----a-w- c:\windows\system32\nvcuda.dll
    2010-01-30 20:28 . 2010-01-12 04:03 2243176 ----a-w- c:\windows\system32\nvcuvid.dll
    2010-01-30 20:28 . 2010-01-12 04:03 182888 ----a-w- c:\windows\system32\nvcod189.dll
    2010-01-30 20:28 . 2010-01-12 04:03 182888 ----a-w- c:\windows\system32\nvcod.dll
    2010-01-30 20:28 . 2010-01-12 04:03 11639400 ----a-w- c:\windows\system32\nvcompiler.dll
    2010-01-30 20:28 . 2010-01-30 20:28 -------- d-----w- C:\NVIDIA
    2010-01-30 20:01 . 2010-01-30 20:02 -------- d-----w- c:\program files\SystemRequirementsLab
    2010-01-30 20:01 . 2010-01-30 20:01 -------- d-----w- c:\users\Fred\AppData\Roaming\SystemRequirementsLab
    2010-01-30 20:01 . 2010-01-30 20:01 290816 ----a-w- c:\users\Fred\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_4.dll
    2010-01-30 20:01 . 2010-01-30 20:01 290816 ----a-w- c:\users\Fred\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_3.dll
    2010-01-30 20:01 . 2010-01-30 20:01 290816 ----a-w- c:\users\Fred\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_2.dll
    2010-01-30 20:01 . 2010-01-30 20:01 290816 ----a-w- c:\users\Fred\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_1.dll
    2010-01-29 21:30 . 2010-01-29 21:31 -------- d-----w- c:\users\Fred\AppData\Roaming\pdf995
    2010-01-29 21:29 . 2010-01-29 21:31 -------- d-----w- c:\programdata\pdf995
    2010-01-29 21:29 . 2010-01-29 21:29 51716 ----a-w- c:\windows\system32\pdf995mon.dll
    2010-01-29 21:29 . 2010-01-29 21:29 249856 ----a-w- c:\windows\system32\pdfmona.dll
    2010-01-29 21:29 . 2007-08-24 16:13 142 ----a-w- c:\windows\wpd99.drv
    2010-01-29 21:29 . 2009-07-14 01:15 203264 ----a-w- c:\windows\system32\wbem\framedyn.dll
    2010-01-29 17:47 . 2010-01-29 17:48 2888440 ----a-w- c:\programdata\TaxCut\2009\Downloads\HRBlockGA.exe
    2010-01-29 16:39 . 2010-01-29 16:44 16832384 ----a-w- c:\programdata\TaxCut\2009\Update\US57016001xupd.exe
    2010-01-28 13:53 . 2010-01-28 13:53 15524808 ----a-w- c:\programdata\TaxCut\2009\Update\US30025701xupd.exe
    2010-01-28 13:51 . 2010-01-29 21:31 -------- d-----w- c:\users\Fred\AppData\Roaming\TaxCut
    2010-01-28 13:48 . 2010-01-29 21:29 -------- d-----w- c:\program files\PDF995
    2010-01-28 13:48 . 2010-01-28 13:49 -------- d-----w- c:\program files\HRBlock2009
    2010-01-28 13:47 . 2010-01-28 13:47 -------- d-----w- c:\programdata\TaxCut
    2010-01-26 20:15 . 2009-10-31 05:45 2614272 ----a-w- c:\windows\explorer.exe
    2010-01-26 20:15 . 2009-10-28 06:17 285696 ----a-w- c:\windows\system32\winlogon.exe
    2010-01-26 20:15 . 2009-10-24 04:00 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
    2010-01-26 20:15 . 2009-10-24 03:58 41984 ----a-w- c:\windows\system32\drivers\usbehci.sys
    2010-01-25 18:50 . 2010-01-25 19:11 -------- d-----w- c:\users\Fred\AppData\Local\Quicken WillMaker
    2010-01-23 01:17 . 2010-01-23 01:33 -------- d-----w- c:\users\Fred\AppData\Local\WMTools Downloaded Files
    2010-01-23 01:16 . 2010-01-23 01:16 -------- d-----w- c:\program files\Movie Maker 2.6

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-02-12 00:55 . 2009-11-23 16:01 -------- d-----w- c:\users\Fred\AppData\Roaming\uTorrent
    2010-02-11 20:50 . 2009-12-10 13:58 -------- d-----w- c:\users\Fred\AppData\Roaming\Dropbox
    2010-02-11 14:09 . 2009-11-23 17:26 -------- d-----w- c:\users\Fred\AppData\Roaming\Vso
    2010-02-10 19:41 . 2009-11-23 15:38 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2010-02-06 22:46 . 2009-12-22 02:10 -------- d-----w- c:\users\Fred\AppData\Roaming\1st Free Solitaire
    2010-02-06 16:34 . 2009-12-12 02:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-02-06 05:06 . 2009-11-23 14:42 -------- d-----w- c:\programdata\HP
    2010-02-06 03:52 . 2009-12-02 21:49 -------- d-----w- c:\users\Fred\AppData\Roaming\dvdcss
    2010-02-05 03:24 . 2010-01-06 04:13 -------- d-----w- c:\users\Fred\AppData\Roaming\AVS4YOU
    2010-02-05 03:23 . 2010-01-06 04:10 -------- d-----w- c:\program files\AVS4YOU
    2010-02-05 02:19 . 2010-02-05 02:18 -------- d-----w- c:\users\Fred\AppData\Roaming\FreeAudioPack
    2010-02-05 02:10 . 2009-12-06 23:56 -------- d--h--w- c:\users\Fred\AppData\Roaming\InAlbumTemp
    2010-02-05 01:43 . 2009-12-03 21:27 -------- d-----w- c:\users\Fred\AppData\Roaming\LimeWire
    2010-02-04 16:40 . 2009-11-23 14:15 249768 ----a-w- c:\users\Fred\AppData\Local\GDIPFONTCACHEV1.DAT
    2010-02-04 16:37 . 2009-12-17 01:58 -------- d-----w- c:\programdata\Creative Home
    2010-02-04 16:36 . 2009-12-17 02:07 -------- d-----w- c:\users\Fred\AppData\Roaming\Creative Home
    2010-02-02 04:04 . 2009-11-23 16:24 -------- d-----w- c:\program files\Common Files\Adobe
    2010-01-30 20:30 . 2009-12-24 22:11 -------- d-----w- c:\programdata\NVIDIA
    2010-01-20 20:36 . 2009-11-23 14:15 -------- d-----w- c:\program files\Common Files\AnswerWorks 5.0
    2010-01-20 20:32 . 2009-12-14 14:42 -------- d-----w- c:\program files\TurboTax
    2010-01-20 13:36 . 2009-12-06 14:21 -------- d-----w- c:\program files\Microsoft Silverlight
    2010-01-14 16:12 . 2009-11-23 13:16 181120 ------w- c:\windows\system32\MpSigStub.exe
    2010-01-13 16:44 . 2010-01-07 01:10 -------- d-----w- c:\users\Fred\AppData\Roaming\vlc
    2010-01-12 04:03 . 2010-01-30 20:28 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
    2010-01-12 04:03 . 2009-09-28 04:12 592488 ----a-w- c:\windows\system32\nvudisp.exe
    2010-01-12 04:03 . 2009-09-28 04:12 1280616 ----a-w- c:\windows\system32\nvapi.dll
    2010-01-12 04:03 . 2009-06-10 21:19 9388648 ----a-w- c:\windows\system32\nvd3dum.dll
    2010-01-12 03:18 . 2010-01-12 03:18 962664 ----a-w- c:\windows\system32\nvsvc.dll
    2010-01-12 03:18 . 2010-01-12 03:18 13679720 ----a-w- c:\windows\system32\nvcpl.dll
    2010-01-12 03:18 . 2010-01-12 03:18 129640 ----a-w- c:\windows\system32\nvvsvc.exe
    2010-01-12 03:18 . 2010-01-12 03:18 110696 ----a-w- c:\windows\system32\nvmctray.dll
    2010-01-11 19:13 . 2009-11-30 16:06 -------- d-----w- c:\users\Fred\AppData\Roaming\HpUpdate
    2010-01-09 21:20 . 2010-01-09 21:20 -------- d-----w- c:\program files\VSO
    2010-01-09 13:15 . 2010-01-02 19:40 5115824 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2010-01-08 17:10 . 2010-01-08 17:10 -------- d-----w- c:\users\Fred\AppData\Roaming\Moyea
    2010-01-08 17:09 . 2010-01-08 17:09 -------- d-----w- c:\program files\Moyea
    2010-01-07 21:07 . 2009-12-12 02:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-01-07 21:07 . 2009-12-12 02:23 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-01-07 14:23 . 2010-01-07 14:23 -------- dc-h--w- c:\programdata\{EFE627F2-85B4-425A-99CB-4FF4189D5429}
    2010-01-07 01:53 . 2009-11-23 15:48 -------- d-----w- c:\programdata\RegCure
    2010-01-07 01:51 . 2010-01-07 01:51 -------- d-----w- c:\program files\ffdshow
    2010-01-06 04:10 . 2009-11-23 22:30 -------- d-----w- c:\program files\Common Files\AVSMedia
    2010-01-06 03:49 . 2009-11-23 22:39 -------- d-----w- c:\users\Fred\AppData\Roaming\AVSMedia
    2010-01-05 02:10 . 2010-01-05 01:38 23124 ----a-w- c:\windows\hpqins15.dat
    2010-01-02 18:16 . 2010-01-02 18:16 -------- d-----w- c:\program files\Photodex Presenter
    2010-01-02 18:16 . 2010-01-02 18:16 -------- d-----w- c:\users\Fred\AppData\Roaming\Netscape
    2010-01-02 18:16 . 2010-01-02 18:15 -------- d-----w- c:\programdata\Photodex
    2010-01-02 15:56 . 2009-12-06 23:48 -------- d-----w- c:\users\Fred\AppData\Roaming\Photodex
    2009-12-30 03:32 . 2009-11-23 20:19 -------- d-----w- c:\programdata\vsosdk
    2009-12-29 16:55 . 2009-12-29 16:55 -------- d-----w- c:\program files\Karen's Power Tools
    2009-12-29 16:55 . 2009-12-29 16:55 -------- d-----w- c:\programdata\Karen's Power Tools
    2009-12-29 14:10 . 2009-12-29 14:09 -------- d-----w- c:\program files\gs
    2009-12-25 03:54 . 2009-12-25 03:54 -------- d-----w- c:\program files\Ultra Video Joiner
    2009-12-25 02:35 . 2009-12-25 02:35 -------- d-----w- c:\users\Fred\AppData\Roaming\Media Player Classic
    2009-12-24 04:57 . 2009-12-24 04:57 -------- d-----w- c:\program files\Common Files\Common Share
    2009-12-24 04:35 . 2009-12-24 04:35 -------- d-----w- c:\program files\Coupons
    2009-12-22 03:53 . 2009-12-02 04:29 -------- d-----w- c:\program files\QuickTime
    2009-12-22 03:53 . 2009-12-22 03:53 -------- d-----w- c:\programdata\Apple Computer
    2009-12-22 03:52 . 2009-12-04 03:32 -------- d-----w- c:\program files\Apple Software Update
    2009-12-22 02:10 . 2009-12-22 02:10 -------- d-----w- c:\program files\1st Free Solitaire
    2009-12-21 14:26 . 2009-12-21 14:26 -------- d-----w- c:\program files\XviD
    2009-12-20 19:21 . 2009-11-23 14:15 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-12-20 19:19 . 2009-12-19 00:37 36864 ----a-w- c:\programdata\TEMP\{80E158EA-7181-40FE-A701-301CE6BE64AB}\PostBuild.exe
    2009-12-19 00:42 . 2009-12-18 21:13 -------- d-----w- c:\programdata\CyberLink
    2009-12-18 21:17 . 2009-12-18 21:09 36864 ----a-w- c:\programdata\TEMP\{E3739848-5329-48E3-8D28-5BBD6E8BE384}\PostBuild.exe
    2009-12-18 21:14 . 2009-12-18 21:14 -------- d-----w- c:\users\Fred\AppData\Roaming\CyberLink
    2009-12-17 20:43 . 2009-12-17 20:42 -------- d-----w- c:\program files\Paint.NET
    2009-12-15 19:33 . 2009-12-04 23:39 -------- d-----w- c:\programdata\Avery
    2009-12-15 14:55 . 2009-12-15 14:54 -------- dc-h--w- c:\programdata\{B10A9EE2-3B21-44A2-A778-D14E0C4BB591}
    2009-12-14 20:33 . 2009-12-14 20:24 -------- d-----w- c:\program files\Lame for Audacity
    2009-12-14 20:23 . 2009-12-14 20:23 -------- d-----w- c:\program files\Audacity
    2009-12-14 20:21 . 2009-12-14 20:21 -------- d-----w- c:\program files\BitPim
    2009-12-14 19:15 . 2009-12-14 19:15 2146304 ----a-w- c:\windows\system32\GPhotos.scr
    2009-12-14 15:37 . 2009-12-14 15:37 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
    2009-12-14 15:27 . 2009-12-14 15:27 -------- d-----w- c:\program files\LG Electronics
    2009-12-14 14:45 . 2009-11-23 14:15 -------- d-----w- c:\users\Fred\AppData\Roaming\Intuit
    2009-12-14 14:43 . 2009-11-23 14:14 -------- d-----w- c:\programdata\Intuit
    2009-12-14 14:42 . 2009-11-23 14:14 -------- d-----w- c:\program files\Common Files\Intuit
    2009-12-11 20:36 . 2009-12-11 20:36 3175784 ----a-w- c:\users\Fred\AppData\Roaming\Uniblue\RegistryBooster 2010\_temp\ub.exe
    2009-12-10 13:59 . 2009-12-10 13:59 89962 ----a-w- c:\users\Fred\AppData\Roaming\Dropbox\bin\Uninstall.exe
    2009-12-07 23:11 . 2009-12-07 23:11 22486 ----a-r- c:\users\Fred\AppData\Roaming\Microsoft\Installer\{439800C9-FD42-4EA3-94D2-063DF0926873}\_12db153c.exe
    2009-12-03 21:27 . 2009-12-03 21:27 77824 ----a-w- c:\users\Fred\AppData\Roaming\LimeWire\browser\xulrunner\xpicleanup.exe
    2009-12-03 21:27 . 2009-12-03 21:27 20480 ----a-w- c:\users\Fred\AppData\Roaming\LimeWire\browser\xulrunner\components\autoconfig.dll
    2009-12-02 04:28 . 2009-12-02 04:28 59 ----a-w- c:\windows\system32\fire.bat
    2009-11-30 18:09 . 2009-11-30 18:09 114688 ----a-w- c:\windows\keymail.dll
    2009-11-23 19:44 . 2009-11-23 19:44 411368 ----a-w- c:\windows\system32\deploytk.dll
    2009-11-23 17:26 . 2009-11-23 17:26 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
    2009-11-23 17:26 . 2009-11-23 17:26 47360 ----a-w- c:\users\Fred\AppData\Roaming\pcouffin.sys
    2009-11-23 17:26 . 2009-11-23 17:26 47360 ----a-w- c:\users\Fred\AppData\Roaming\pcouffin.sys
    2009-11-23 15:10 . 2009-11-23 15:03 202387 ----a-w- c:\windows\hpoins18.dat
    2009-11-23 14:29 . 1996-08-30 22:02 13824 ----a-w- c:\windows\system32\LAYOUT.DLL
    2009-11-23 14:17 . 2009-11-23 14:17 6725632 ----a-w- c:\programdata\Intuit\Quicken\Inet\Common\patch\Update\181625-18178.dll
    2009-11-23 14:16 . 2009-11-23 14:16 3616768 ----a-w- c:\programdata\Intuit\Quicken\Inet\Common\patch\Update\181311-181414.dll
    2009-11-23 14:16 . 2009-11-23 14:16 2904064 ----a-w- c:\programdata\Intuit\Quicken\Inet\Common\patch\Update\18154-181625.dll
    2009-11-23 14:15 . 2009-11-23 14:15 1536000 ----a-w- c:\programdata\Intuit\Quicken\Inet\Common\patch\Update\181414-18154.dll
    2009-11-23 14:15 . 2009-11-23 14:15 1007616 ----a-w- c:\programdata\Intuit\Quicken\Inet\Common\patch\Update\181129-181212.dll
    2009-11-23 14:15 . 2009-11-23 14:15 811008 ----a-w- c:\programdata\Intuit\Quicken\Inet\Common\patch\Update\181212-181311.dll
    2009-11-23 14:15 . 2009-11-23 14:15 245760 ----a-w- c:\programdata\Intuit\Quicken\Inet\Common\patch\Update\QWPATCH.EXE
    2009-11-23 14:15 . 2009-11-23 14:15 223584 ----a-w- c:\programdata\Intuit\Quicken\Inet\Common\patch\Update\patchw32.dll
    2009-11-23 14:15 . 2009-11-23 14:15 997 ----a-w- c:\programdata\Intuit\Quicken\Inet\Common\patch\Update\rebase.cmd
    2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
    2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @= "{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2009-10-08 21:18 77824 ----a-w- c:\users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt.3.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @= "{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2009-10-08 21:18 77824 ----a-w- c:\users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt.3.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @= "{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2009-10-08 21:18 77824 ----a-w- c:\users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt.3.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer "= "h:\program files\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    "Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpqSRMon "= "c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
    "Mindful 2 "= "c:\program files\Felitec\Mindful 2\Mindful.exe" [2009-04-04 471040]
    "{0228e555-4f9c-4e35-a3ec-b109a192b4c2} "= "c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
    "SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-11-23 149280]
    "HP Software Update "= "c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
    "Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
    "Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
    "Adobe Acrobat Speed Launcher "= "c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
    "Acrobat Assistant 8.0 "= "c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
    "Malwarebytes' Anti-Malware "= "c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-01-07 429392]
    "ISTray "= "c:\program files\Spyware Doctor\pctsTray.exe" [2009-11-18 1243088]

    c:\users\Fred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Fred\AppData\Roaming\Dropbox\bin\Dropbox.exe [2009-10-8 26805255]
    ESET Smart Security.lnk - c:\program files\ESET\ESET Smart Security\egui.exe [2009-11-16 2054360]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin "= 5 (0x5)
    "ConsentPromptBehaviorUser "= 3 (0x3)
    "EnableUIADesktopToggle "= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux "=wdmaud.drv

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @= "Service "
    path=
    backup=
    backupExtension=Common Startup

    R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [2/7/2010 11:08 AM 207792]
    R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [11/16/2009 9:03 AM 108792]
    R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2/7/2010 11:09 AM 112592]
    R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [11/16/2009 9:04 AM 735960]
    R2 epfwwfp;epfwwfp;c:\windows\System32\drivers\epfwwfp.sys [11/16/2009 9:06 AM 38240]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/5/2010 9:02 AM 236368]
    R2 SBSDWSCService;SBSD Security Center Service;h:\program files\Spybot - Search & Destroy\Spybot - Search & Destroy\SDWinSec.exe [1/9/2010 8:53 AM 1153368]
    R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2/9/2010 8:05 PM 359624]
    R3 MBAMProtector;MBAMProtector;c:\windows\System32\drivers\mbam.sys [12/11/2009 9:23 PM 19160]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\System32\drivers\MpNWMon.sys [6/18/2009 6:48 PM 42480]
    R3 VST_DPV;VST_DPV;c:\windows\System32\drivers\VSTDPV3.SYS [7/13/2009 5:13 PM 980992]
    R3 VSTHWBS2;VSTHWBS2;c:\windows\System32\drivers\VSTBS23.SYS [7/13/2009 5:13 PM 266752]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    HPService REG_MULTI_SZ HPSLPSVC
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    getPlusHelper REG_MULTI_SZ getPlusHelper
    .
    .
    ------- Supplementary Scan -------
    .
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    Trusted Zone: intuit.com\ttlc
    FF - ProfilePath - c:\users\Fred\AppData\Roaming\Mozilla\Firefox\Profiles\5uvqh77u.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
    FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
    FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
    FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
    FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
    FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
    FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
    FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
    FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
    FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
    FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
    FF - component: c:\users\Fred\AppData\Roaming\Mozilla\Firefox\Profiles\5uvqh77u.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
    FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
    FF - plugin: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: c:\program files\Photodex Presenter\npPxPlay.dll
    FF - plugin: c:\users\Fred\AppData\Roaming\Mozilla\Firefox\Profiles\5uvqh77u.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
    FF - plugin: c:\users\Fred\AppData\Roaming\Mozilla\Firefox\Profiles\5uvqh77u.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true.
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-1306462997-134322713-302931799-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FA089CD4-D770-73C2-9E59-136E9B0FF8F8}*]
    @Allowed: (Read) (RestrictedCode)
    "eancpbmobd "=hex:66,61,6c,66,61,68,62,70,6a,66,6f,62,00,00
    "daocgbhp "=hex:64,62,6a,67,6b,67,62,6d,62,61,65,65,64,66,63,70,66,70,6b,64,67,
    62,6e,6c,6c,6c,62,61,6f,6a,6f,6d,6e,67,6a,6b,6e,6d,69,66,00,00
    "iafgagoiedgbafoika "=hex:6b,61,62,62,69,6a,6b,6f,66,6c,6c,68,6f,69,63,6b,6a,6d,
    66,64,6a,62,00,00
    "hadfgldiflahhoca "=hex:6b,61,62,62,69,6a,6b,6f,66,6c,6c,68,6f,69,63,6b,6a,6d,
    66,64,6a,62,00,00

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2010-02-11 20:07:53
    ComboFix-quarantined-files.txt 2010-02-12 01:07
    ComboFix2.txt 2010-02-12 00:08
    ComboFix3.txt 2010-02-04 15:31

    Pre-Run: 211,746,394,112 bytes free
    Post-Run: 211,695,702,016 bytes free

    - - End Of File - - 0670FB927840A5BFF81FC4CD20210341
     
  11. 2010/02/11
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Uninstall Combofix:
    Go Start > Run [Vista users, go Start> "Start search"]
    Type in:
    Combofix /Uninstall
    Note the space between the "Combofix" and the "/Uninstall "
    Click OK (Vista users - press Enter).
    Restart computer.


    Print these instructions out.

    NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

    ***VERY IMPORTANT! Make sure, you update Malwarebytes before running the scans.***


    STEP 1. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
    (Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform Quick Scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    RESTART COMPUTER!

    STEP 2.
    Post fresh HijackThis log.
    NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator
    Do NOT attempt to "fix" anything!


    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  12. 2010/02/11
    Fredb38

    Fredb38 Well-Known Member Thread Starter

    Joined:
    2003/05/30
    Messages:
    182
    Likes Received:
    0
    Malwarebytes' Anti-Malware 1.44
    Database version: 3728
    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    2/11/2010 8:57:38 PM
    mbam-log-2010-02-11 (20-57-38).txt

    Scan type: Quick Scan
    Objects scanned: 111720
    Time elapsed: 7 minute(s), 0 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:04:18 PM, on 2/11/2010
    Platform: Unknown Windows (WinNT 6.01.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16385)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Felitec\Mindful 2\Mindful.exe
    C:\Program Files\Google\Gmail Notifier\gnotify.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
    C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
    C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    H:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Users\Fred\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files\ESET\ESET Smart Security\egui.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Users\Fred\Downloads\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - H:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
    O4 - HKLM\..\Run: [hpqSRMon] "C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe "
    O4 - HKLM\..\Run: [Mindful 2] "C:\Program Files\Felitec\Mindful 2\Mindful.exe "
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] "C:\Program Files\Google\Gmail Notifier\gnotify.exe "
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe "
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
    O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe "
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe "
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe "
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] "H:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe "
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - Startup: Dropbox.lnk = Fred\AppData\Roaming\Dropbox\bin\Dropbox.exe
    O4 - Startup: ESET Smart Security.lnk = C:\Program Files\ESET\ESET Smart Security\egui.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\SDHelper.dll
    O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
    O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
    O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: NMSAccess - Unknown owner - H:\Program Files\Blaze Media Pro\NMSAccess32.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - H:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: ScsiAccess - Unknown owner - H:\Program Files\PhotodexProShowGold\ScsiAccess.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

    --
    End of file - 8439 bytes
     
  13. 2010/02/11
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Good :)


    1. Download Temp File Cleaner (TFC)
    Double click on TFC.exe to run the program.
    Click on Start button to begin cleaning process.
    TFC will close all running programs, and it may ask you to restart computer.


    2. Go to Kaspersky website and perform an online antivirus scan.

    1. Disable your active antivirus program.
    2. Read through the requirements and privacy statement and click on Accept button.
    3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    4. When the downloads have finished, click on Settings.
    5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

    • Spyware, Adware, Dialers, and other potentially dangerous programs
      [*] Archives
      [*] Mail databases
    6. Click on My Computer under Scan.
    7. Once the scan is complete, it will display the results. Click on View Scan Report.
    8. You will see a list of infected items there. Click on Save Report As....
    9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

    Post fresh HijackThis log as well.
     
  14. 2010/02/12
    Fredb38

    Fredb38 Well-Known Member Thread Starter

    Joined:
    2003/05/30
    Messages:
    182
    Likes Received:
    0
    Date: Yesterday (events: 26)
    My Protection (events: 7)
    2/11/2010 11:38:06 PM Deleted: Packed.Win32.Black.a Kaspersky Anti-Virus C:\Documents and Settings\All Users\Microsoft\Microsoft Antimalware\LocalCopy\{1A2D0C2E-5EED-0628-94BE-20AA69FA49A7}-$REKQ5YW.exe
    2/11/2010 11:37:43 PM Detected: Packed.Win32.Black.a Kaspersky Anti-Virus C:\Documents and Settings\All Users\Microsoft\Microsoft Antimalware\LocalCopy\{1A2D0C2E-5EED-0628-94BE-20AA69FA49A7}-$REKQ5YW.exe/PE-Crypt.XorPE
    2/11/2010 11:37:08 PM Threats have been detected Kaspersky Anti-Virus
    2/11/2010 11:22:28 PM Your computer is protected Kaspersky Anti-Virus
    2/11/2010 11:22:24 PM Databases are obsolete Kaspersky Anti-Virus
    2/11/2010 11:13:42 PM Your computer is protected Kaspersky Anti-Virus
    2/11/2010 11:13:40 PM Databases are obsolete Kaspersky Anti-Virus
    File Anti-Virus (events: 6)
    2/11/2010 11:33:58 PM Processing error Host Process for Windows Services J:\$Extend\$ObjId Read error
    2/11/2010 11:33:58 PM Processing error Host Process for Windows Services G:\$Extend\$ObjId Read error
    2/11/2010 11:33:58 PM Processing error Host Process for Windows Services H:\$Extend\$ObjId Read error
    2/11/2010 11:33:58 PM Processing error Host Process for Windows Services C:\$EXTEND\$ObjId:$O:$INDEX_ALLOCATION Read error
    2/11/2010 11:21:02 PM Task started Kaspersky Anti-Virus File Anti-Virus
    2/11/2010 11:13:40 PM Task started Kaspersky Anti-Virus File Anti-Virus
    Mail Anti-Virus (events: 2)
    2/11/2010 11:21:02 PM Task started Kaspersky Anti-Virus Mail Anti-Virus
    2/11/2010 11:13:40 PM Task started Kaspersky Anti-Virus Mail Anti-Virus
    Web Anti-Virus (events: 2)
    2/11/2010 11:21:03 PM Task started Kaspersky Anti-Virus Web Anti-Virus
    2/11/2010 11:13:41 PM Task started Kaspersky Anti-Virus Web Anti-Virus
    Proactive Defense (events: 4)
    2/11/2010 11:23:46 PM Detected: PDM.DNS Query HP Digital Imaging Monitor C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQTRA08.EXE Action selected by user
    2/11/2010 11:23:46 PM Detected: PDM.DNS Query HP Digital Imaging Monitor C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQTRA08.EXE
    2/11/2010 11:21:02 PM Task started Kaspersky Anti-Virus Proactive Defense
    2/11/2010 11:13:40 PM Task started Kaspersky Anti-Virus Proactive Defense
    IM Anti-Virus (events: 2)
    2/11/2010 11:21:02 PM Task started Kaspersky Anti-Virus IM Anti-Virus
    2/11/2010 11:13:40 PM Task started Kaspersky Anti-Virus IM Anti-Virus
    Objects Scan (events: 1)
    2/11/2010 11:30:39 PM Task started Kaspersky Anti-Virus Full Scan
    My Update Center (events: 2)
    2/11/2010 11:29:40 PM Task completed Kaspersky Anti-Virus My Update Center
    2/11/2010 11:22:53 PM Task started Kaspersky Anti-Virus My Update Center
    Date: Today (events: 33)
    My Protection (events: 3)
    2/12/2010 6:40:48 PM Threats have been detected Kaspersky Anti-Virus
    2/12/2010 3:31:19 PM Threats have been detected Kaspersky Anti-Virus
    2/12/2010 11:24:12 AM Your computer is protected Kaspersky Anti-Virus
    File Anti-Virus (events: 11)
    2/12/2010 7:09:36 PM Processing error Host Process for Windows Services J:\$Extend\$ObjId Read error
    2/12/2010 7:03:54 PM Processing error Host Process for Windows Services H:\$Extend\$ObjId Read error
    2/12/2010 6:42:37 PM Cannot be quarantined: HEUR:Trojan.Win32.Generic System C:\Program Files\SPYWARE DOCTOR\avdb\temp\AVSDVDMENUEDITOR.EXE0\sym.sdupk
    2/12/2010 6:40:48 PM Detected: HEUR:Trojan.Win32.Generic System C:\Program Files\SPYWARE DOCTOR\avdb\temp\AVSDVDMENUEDITOR.EXE0\sym.sdupk
    2/12/2010 3:33:43 PM Deleted: Worm.Win32.Carrier.ne Windows Explorer H:\PROGRAM FILES\AVSVideoConverter6\AVSVideoConverter.exe
    2/12/2010 3:31:19 PM Detected: Worm.Win32.Carrier.ne Windows Explorer H:\PROGRAM FILES\AVSVideoConverter6\AVSVideoConverter.exe/#
    2/12/2010 12:48:25 PM Processing error Host Process for Windows Services C:\$EXTEND\$ObjId Read error
    2/12/2010 11:34:42 AM Processing error Host Process for Windows Services J:\$Extend\$ObjId Read error
    2/12/2010 11:34:42 AM Processing error Host Process for Windows Services H:\$Extend\$ObjId Read error
    2/12/2010 11:34:42 AM Processing error Host Process for Windows Services C:\$EXTEND\$ObjId Read error
    2/12/2010 11:21:03 AM Task started Kaspersky Anti-Virus File Anti-Virus
    Mail Anti-Virus (events: 1)
    2/12/2010 11:21:03 AM Task started Kaspersky Anti-Virus Mail Anti-Virus
    Web Anti-Virus (events: 1)
    2/12/2010 11:21:03 AM Task started Kaspersky Anti-Virus Web Anti-Virus
    Proactive Defense (events: 3)
    2/12/2010 11:24:09 AM Detected: PDM.DNS Query HP Digital Imaging Monitor C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQTRA08.EXE Action selected by user
    2/12/2010 11:24:09 AM Detected: PDM.DNS Query HP Digital Imaging Monitor C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQTRA08.EXE
    2/12/2010 11:21:03 AM Task started Kaspersky Anti-Virus Proactive Defense
    IM Anti-Virus (events: 1)
    2/12/2010 11:21:03 AM Task started Kaspersky Anti-Virus IM Anti-Virus
    Objects Scan (events: 5)
    2/12/2010 7:11:29 PM Task started Kaspersky Anti-Virus Rootkit Scan
    2/12/2010 7:11:10 PM Task completed Kaspersky Anti-Virus Full Scan
    2/12/2010 11:33:08 AM Task started Kaspersky Anti-Virus Full Scan
    2/12/2010 11:31:48 AM Task completed Kaspersky Anti-Virus Quick Scan
    2/12/2010 11:29:51 AM Task started Kaspersky Anti-Virus Quick Scan
    My Update Center (events: 8)
    2/12/2010 7:01:45 PM Task completed Kaspersky Anti-Virus My Update Center
    2/12/2010 6:58:59 PM Task started Kaspersky Anti-Virus My Update Center
    2/12/2010 4:40:08 PM Task completed Kaspersky Anti-Virus My Update Center
    2/12/2010 4:37:59 PM Task started Kaspersky Anti-Virus My Update Center
    2/12/2010 2:22:08 PM Task completed Kaspersky Anti-Virus My Update Center
    2/12/2010 1:56:55 PM Task started Kaspersky Anti-Virus My Update Center
    2/12/2010 11:38:03 AM Task completed Kaspersky Anti-Virus My Update Center
    2/12/2010 11:36:26 AM Task started Kaspersky Anti-Virus My Update Center

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:15:25 PM, on 2/12/2010
    Platform: Unknown Windows (WinNT 6.01.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16385)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\Program Files\Google\Gmail Notifier\gnotify.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
    H:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Users\Fred\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Fred\Downloads\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - H:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
    O4 - HKLM\..\Run: [hpqSRMon] "C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe "
    O4 - HKLM\..\Run: [Mindful 2] "C:\Program Files\Felitec\Mindful 2\Mindful.exe "
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] "C:\Program Files\Google\Gmail Notifier\gnotify.exe "
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe "
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
    O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe "
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe "
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe "
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe "
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] "H:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe "
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - Startup: Dropbox.lnk = Fred\AppData\Roaming\Dropbox\bin\Dropbox.exe
    O4 - Startup: ESET Smart Security.lnk = C:\Program Files\ESET\ESET Smart Security\egui.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
    O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\SDHelper.dll
    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
    O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
    O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: NMSAccess - Unknown owner - H:\Program Files\Blaze Media Pro\NMSAccess32.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - H:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: ScsiAccess - Unknown owner - H:\Program Files\PhotodexProShowGold\ScsiAccess.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

    --
    End of file - 8976 bytes
     
  15. 2010/02/12
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    What happened?
    You switched from ESET to Kaspersky?
     
  16. 2010/02/12
    Fredb38

    Fredb38 Well-Known Member Thread Starter

    Joined:
    2003/05/30
    Messages:
    182
    Likes Received:
    0
    Kaspersky would not install unless I uninstalled ESET. Kaspersky made me do it.
     
  17. 2010/02/12
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Kaspersky ON-LINE scanner asked you to uninstall ESET?
    I'm little bit confused here, since I've never heard of anything like that.
     
  18. 2010/02/12
    Fredb38

    Fredb38 Well-Known Member Thread Starter

    Joined:
    2003/05/30
    Messages:
    182
    Likes Received:
    0
    I might be wrong but the only thing I could find on the web site was to scan my computer for free but had to download their free trial program, install it and run the free scan. I could not find anything to run stright from their site.
     
  19. 2010/02/12
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You definitely did something wrong.
    Whatever happened, happened.
    Uninstall, whatever type of Kaspersky is listed in your "Programs & Features ", reinstall ESET (I assume, you paid for it?) and post fresh HJT log.
     
  20. 2010/02/12
    Fredb38

    Fredb38 Well-Known Member Thread Starter

    Joined:
    2003/05/30
    Messages:
    182
    Likes Received:
    0
    The free scanner was not available for scanning. I think they are upgrading it. All they had was the 30 day free program. I didn't think it mattered just as long as I was able to complete the scan with Kaspersky for you.
     
  21. 2010/02/12
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    That's fine.
    Just follow my previous reply, please.
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.