Windows, Operating System, Security, Networking, Malware, Support, Forum, Help Site Check Our Facebook Page!
Notices
Malware and Virus Removal Problems removing malware/viruses? Get help from our Malware removal experts.


Register your FREE account to unlock additional features at WindowsBBS.com
   
 
 
LinkBack Thread Tools
Old 20th June 2010   #1
Senior Member
THREAD STARTER
 
Profile:
Join Date: May 2003
Location: Omega, Ga
Posts: 179
Computer Experience:
Intermediate
Fredb38 Reputation Level

[Resolved] Firefox Highjacked


Firefoxed Browser Highjacked
Today my Firefox Browser is being redirected. I was looking for a file called HP Photosmart Essential 3.5. Using the search function I get a list of places to go but when trying to go their I am taken everywhere but their. It as if someone or something is redirecting me to where they want me to go. What do I need to do.


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows 7 Enterprise
Boot Device: \Device\HarddiskVolume1
Install Date: 3/10/2010 6:23:27 PM
System Uptime: 6/20/2010 1:42:20 PM (5 hours ago)

Motherboard: ECS | | Nettle2
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5000+ | Socket M2 | 2600/201mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 326 GiB total, 270.07 GiB free.
D: is FIXED (NTFS) - 9 GiB total, 1.204 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is FIXED (NTFS) - 466 GiB total, 222.844 GiB free.
I: is FIXED (NTFS) - 466 GiB total, 337.691 GiB free.
J: is FIXED (NTFS) - 932 GiB total, 345.151 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0000
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter
PNP Device ID: ROOT\*ISATAP\0000
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel

==== System Restore Points ===================

RP149: 6/18/2010 2:07:51 AM - Windows Update
RP150: 6/18/2010 7:56:32 AM - Removed SceneGrabber.NET
RP151: 6/18/2010 7:57:14 AM - Installed SceneGrabber.NET
RP152: 6/18/2010 12:05:04 PM - Installed Video Converter
RP153: 6/18/2010 12:07:28 PM - Installed Video Converter
RP154: 6/18/2010 12:45:47 PM - Removed Video Converter
RP155: 6/20/2010 8:57:32 AM - DriverScanner - 6/20/2010 8:57:32 AM

==== Installed Programs ======================


µTorrent
1st Free Solitaire 1.7.1
2010 Hallmark Mother's/Father's Day Card Pack
32 Bit HP CIO Components Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2
Aimersoft Audio Converter(Build 2.2.0.37)
Aimersoft DVD Copy(Build 2.0.0.16)
Aimersoft DVD Creator(Build 2.1.1.0)
Aimersoft DVD Ripper(Build 2.2.0.27)
Aimersoft DVD Studio Pack(Build 2.2.0.19)
Aimersoft Video Converter(Build 2.2.0.19)
AIO_CDA_ProductContext
AIO_CDA_Software
AIO_Scan
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Software Update
ArcSoft Collage Creator
Ashampoo Burning Studio 10.0.1
Ashampoo Burning Studio 9 Theme Pack
Ashampoo Burning Studio 9.21
Ashampoo ClipFisher1.21
Ashampoo Music Studio 3 3.51
Ashampoo Photo Commander 8.0.0
Ashampoo Slideshow Studio HD 1.0.3
Ashampoo Snap 3.40
Audacity 1.2.6
AVS Audio Converter version 6.1
AVS Update Manager 1.0
AVS Video Converter 6
AVS YouTube Uploader version 2.1
AVS4YOU Software Navigator 1.4
Backup4all Professional 4
BufferChm
C4100
c4100_Help
CCleaner
CDex - Open Source Digital Audio CD Extractor
Collage Maker
Compatibility Pack for the 2007 Office system
ConvertXtoDVD 4.0.9.322
Cool MP3 Splitter 3.0
Copy
Coupon Printer for Windows
DesignPro 5
Destinations
DeviceDiscovery
DocProc
ESET Smart Security
Fax
ffdshow [rev 2202] [2008-10-10]
Foxit PDF Editor
Free Audio CD Burner version 1.2
Free YouTube to MP3 Converter version 3.3
Garmin City Navigator North America 2009
Garmin MapSource
Garmin USB Drivers
Google Gmail Notifier
GPBaseService2
Hallmark Card Studio 2010 Deluxe
HijackThis 2.0.2
HP Customer Participation Program 13.0
HP Imaging Device Functions 13.0
HP Photosmart All-In-One Driver Software 13.0 Rel. A
HP Photosmart Essential 3.5
HP Smart Web Printing 4.60
HP Solution Center 13.0
HP Update
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
ImgBurn
IrfanView (remove only)
Java Auto Updater
Java(TM) 6 Update 20
Junk Mail filter update
Karen's Directory Printer
Lernout & Hauspie TruVoice American English TTS Engine
LimeWire PRO 4.18.5
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 1.1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office Access database engine 2007 (English)
Microsoft Office Professional Edition 2003
Microsoft Research AutoCollage 2008 version 1.1
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Streets & Trips 2010
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable Package
Mindful version 2
Morpheus Photo Animation Suite v3.11
Movavi Video Converter 9
Mozilla Firefox (3.6.3)
mp3Tag 5.9.0.406
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Network
Nitro PDF Professional
NVIDIA Drivers
OCR Software by I.R.I.S. 13.0
OGA Notifier 2.0.0048.0
OJOsoft Audio Converter
OJOsoft Total Video Converter
Photodex Presenter
Picasa 3
Picture Collage Maker Pro 2.2.5
Prism Video Converter
ProShow Gold
PVSonyDll
Quicken 2010
QuickTime
Realtek High Definition Audio Driver
RegCure
Sansa Updater
Scan
SceneGrabber.NET
SeaTools for Windows
Serif PhotoPlus X3
Shop for HP Supplies
SmartWebPrinting
Snagit 10
SolutionCenter
Spybot - Search & Destroy
Status
Striata Reader
SyncBackPro
Toolbox
Trailer Life Directory Campground Navigator 2009 - SP1
TrayApp
TurboTax 2009
TurboTax 2009 wgaiper
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wrapper
Ultra Video Joiner 5.2.0108
Uniblue DriverScanner
Uniblue PowerSuite
Uniblue RegistryBooster
Uniblue SpeedUpMyPC
Uninstall 1.0.0.1
UnloadSupport
Video-AVI to GIF-JPEG 3.1
VirtualDubMOD 1.5.10.3 US
Visual C++ 9.0 CRT (x86) WinSXS MSM
Visual C++ 9.0 OpenMP (x86) WinSXS MSM
VLC media player 1.0.5
WebReg
Win7codecs
WinAVI Video Converter
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Media Encoder 9 Series
Windows Media Player Firefox Plugin
WinRAR archiver
WinZip 14.5
Xilisoft Audio Maker
Xilisoft DVD Creator 6
Xilisoft Video Converter Ultimate 6
Xvid 1.2.2 final uninstall

==== Event Viewer Messages From Past Week ========

6/20/2010 12:51:33 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume Cavalry Drive.
6/20/2010 1:44:41 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070422'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
6/20/2010 1:42:37 PM, Error: Service Control Manager [7000] - The SBSD Security Center Service service failed to start due to the following error: The system cannot find the path specified.
6/19/2010 2:20:03 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
6/19/2010 2:20:03 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume2.
6/19/2010 2:20:03 PM, Error: Ntfs [131] - The file system structure on volume C: cannot be corrected. Please run the chkdsk utility on the volume C:.
6/17/2010 2:42:53 PM, Error: Microsoft-Windows-RasSstp [1] - CoId={4311C250-44E4-4F66-8B07-FC3AFFA959FB}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. No connection could be made because the target machine actively refused it.
6/17/2010 2:33:17 PM, Error: Microsoft-Windows-RasSstp [1] - CoId={05B3FC2C-98C0-4AF9-B89E-34ED2270CAB3}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. No connection could be made because the target machine actively refused it.
6/17/2010 12:18:15 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk4\DR4.
6/16/2010 10:00:12 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume FreeAgent.
6/13/2010 10:22:46 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume I:.

==== End Of File ===========================



DDS (Ver_10-03-17.01) - NTFSx86
Run by Fredb38 at 18:16:25.44 on Sun 06/20/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.3454.2240 [GMT -4:00]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
C:\Windows\system32\NLSSRV32.EXE
C:\Windows\system32\NMSAccessU.exe
C:\Windows\System32\svchost.exe -k HPZ12
H:\Program Files\Proshow Gold\ScsiAccess.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Fredb38\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Creative Home\Hallmark Card Studio 2010 Deluxe\Planner\PLNRnote.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Felitec\Mindful 2\Mindful.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Streets & Trips 2010\StreetsOlkShim.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\DllHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Fredb38\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 10\SnagitBHO.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 10\SnagitIEAddin.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [SansaDispatch] c:\users\fredb38\appdata\roaming\sandisk\sansa updater\SansaDispatch.exe
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [Mindful 2] "c:\program files\felitec\mindful 2\Mindful.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\event planner reminder 2010.lnk - c:\windows\installer\{601be80d-247b-4084-94c7-7a54369db7a2}\Shortcut_EventPlan_E2FBA8F7F7FD4C5EAA7D652BB0CAAA9D.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

================= FIREFOX ===================

FF - ProfilePath - c:\users\fredb38\appdata\roaming\mozilla\firefox\profiles\z0wdj7p0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://Bing.zugo.com/s/?src=FF-Address&site=Bing&cfg=2-71-0-12QPy&q=
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\photodex presenter\npPxPlay.dll
FF - plugin: c:\program files\win7codecs\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\win7codecs\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
FF - HiddenExtension: LoudMo Contextual Ad Assistant: No Registry Reference - c:\program files\mozilla firefox\extensions\{8c67aaa4-a39e-e2d9-3ed6-4b5088d3d8ce}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_availa ble_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2009-4-27 731840]
R2 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2009-4-27 38240]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-5-2 304464]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\nitro pdf\professional\NitroPDFDriverService.exe [2010-2-2 188736]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2010-2-2 65856]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-3-10 20952]
R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]
S2 SBSDWSCService;SBSD Security Center Service; [x]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-11 1343400]

============== File Associations ===============

JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2010-06-20 21:57:57 0 d-----w- c:\program files\Trend Micro
2010-06-20 13:50:28 19104 ------w- c:\windows\hpqins13.dat.temp
2010-06-20 12:58:02 1775136 ----a-w- c:\windows\system32\RtkPgExt.dll
2010-06-20 12:58:01 58400 ----a-w- c:\windows\system32\RtkCoInst.dll
2010-06-20 12:58:01 367136 ----a-w- c:\windows\system32\RtkApoApi.dll
2010-06-20 12:58:01 3583008 ----a-w- c:\windows\system32\RtkAPO.dll
2010-06-20 12:58:01 1083936 ----a-w- c:\windows\system32\RTSndMgr.cpl
2010-06-20 12:58:00 3086752 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys
2010-06-20 12:57:57 299424 ----a-w- c:\windows\system32\FMAPO.dll
2010-06-20 12:15:01 98304 --sha-r- c:\windows\system32\nvcuvidb.dll
2010-06-18 16:09:03 0 d-----w- c:\users\fredb38\appdata\roaming\SuperEasy Software
2010-06-18 16:07:49 0 d-----w- c:\programdata\SuperEasy Software
2010-06-18 11:57:33 0 d-----w- c:\program files\targit
2010-06-17 18:17:09 103784 ----a-w- c:\users\fredb38\GoToAssistDownloadHelper.exe
2010-06-14 17:21:15 0 d-----w- c:\programdata\Windows Genuine Advantage
2010-06-14 12:58:51 0 d-----w- c:\users\fredb38\appdata\roaming\Win7codecs
2010-06-14 05:38:39 28 ----a-w- c:\windows\v2d.INI
2010-06-14 04:24:43 0 d-----w- C:\DVDTemp
2010-06-14 04:23:59 547 ----a-w- c:\windows\system32\ff_vfw.dll.manifest
2010-06-14 04:23:19 0 d-----w- c:\program files\Free DVD Creator
2010-06-14 00:26:12 0 d-----w- c:\users\fredb38\appdata\roaming\SanDisk
2010-06-13 17:19:47 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-06-11 03:18:21 4199784 ----a-w- c:\windows\system32\cdintf400.dll
2010-06-11 03:17:57 0 d-----w- c:\program files\Quicken
2010-06-10 23:42:22 23127 ----a-w- c:\windows\hpqins15.dat
2010-06-09 12:54:30 406 ----a-w- c:\windows\system32\ioloBootDefrag.cfg
2010-06-09 12:49:21 74703 ----a-w- c:\windows\system32\mfc45.dll
2010-06-09 12:49:15 0 d-----w- c:\users\fredb38\appdata\roaming\iolo
2010-06-09 12:49:15 0 d-----w- c:\programdata\iolo
2010-06-09 09:55:57 2326528 ----a-w- c:\windows\system32\win32k.sys
2010-06-09 09:55:56 67584 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-09 09:55:32 977920 ----a-w- c:\windows\system32\wininet.dll
2010-06-09 09:55:27 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-06-09 09:55:26 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-06-04 22:06:52 0 d-----w- c:\program files\VirtualDubMOD
2010-06-04 16:24:09 1277952 ----a-w- c:\windows\system32\HDX4H263Decoder.ax
2010-06-04 12:33:00 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-03 23:10:08 19501 ----a-w- c:\windows\hpqins13.dat
2010-06-03 23:03:03 345328 ----a-w- c:\windows\system32\SRSTSXT.dll
2010-06-03 23:03:03 140528 ----a-w- c:\windows\system32\SRSWOW.dll
2010-06-03 23:02:59 76488 ----a-w- c:\windows\system32\RTEEL32A.dll
2010-06-03 23:02:59 62664 ----a-w- c:\windows\system32\RTEEG32A.dll
2010-06-03 23:02:59 357576 ----a-w- c:\windows\system32\RTEEP32A.dll
2010-06-03 23:02:59 168648 ----a-w- c:\windows\system32\RTEED32A.dll
2010-06-03 23:02:58 293584 ----a-w- c:\windows\system32\RP3DHT32.dll
2010-06-03 23:02:58 293584 ----a-w- c:\windows\system32\RP3DAA32.dll
2010-06-03 23:02:55 96160 ----a-w- c:\windows\system32\AERTARen.dll
2010-06-03 23:02:55 145760 ----a-w- c:\windows\system32\AERTACap.dll
2010-06-03 22:55:47 0 d-----w- c:\programdata\Uniblue
2010-06-03 22:54:02 0 d-----w- c:\program files\Uniblue
2010-06-03 22:40:13 65536 --sha-w- c:\users\fredb38\ntuser.dat{48a0c722-6f60-11df-a3f7-001bb9a9776f}.TM.blf
2010-06-03 22:40:13 524288 --sha-w- c:\users\fredb38\ntuser.dat{48a0c722-6f60-11df-a3f7-001bb9a9776f}.TMContainer00000000000000000002.regtrans-ms
2010-06-03 22:40:13 524288 --sha-w- c:\users\fredb38\ntuser.dat{48a0c722-6f60-11df-a3f7-001bb9a9776f}.TMContainer00000000000000000001.regtrans-ms
2010-05-27 03:35:50 126544247 ---ha-w- c:\users\fredb38\appdata\roaming\Workbench_2009.exe
2010-05-26 01:55:15 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-22 12:59:06 0 d-----w- c:\program files\CCleaner

==================== Find3M ====================

2010-06-17 12:54:33 34308 ----a-w- c:\programdata\mazuki.dll
2010-05-21 18:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-13 02:01:04 87608 ----a-w- c:\users\fredb38\appdata\roaming\inst.exe
2010-05-13 02:01:04 47360 ----a-w- c:\users\fredb38\appdata\roaming\pcouffin.sys
2010-04-29 19:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-29 18:47:18 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-04-21 23:35:06 108137 ----a-w- c:\windows\unins000.dat
2010-04-21 23:33:59 708432 ----a-w- c:\windows\unins000.exe
2010-03-30 22:49:48 114688 ----a-w- c:\windows\keymail.dll
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 18:16:42.02 ===============

Fredb38 is offline  
Old 20th June 2010   #2
Administrator
 
Admin.'s Avatar
 
Profile:
Join Date: Dec 2001
Location: 35⁰ 53'55.1" N, 14⁰ 28'37.5" E
Posts: 5,962
Computer Experience:
***
Admin. Reputation LevelAdmin. Reputation LevelAdmin. Reputation LevelAdmin. Reputation LevelAdmin. Reputation LevelAdmin. Reputation LevelAdmin. Reputation LevelAdmin. Reputation LevelAdmin. Reputation LevelAdmin. Reputation LevelAdmin. Reputation Level

My System
I see you have P2P software ( Azures, Limewire, BitTorrent, uTorrent etc…) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

References for the risk of these programs are here, and here.

I would strongly recommend that you uninstall them, and read the links above for educational value!

Note: Please be advised that continued use of these programs after being warned of the danger of infections from them, may result in the discontinued help of future cleaning of your system here at WindowsBBS Malware and Virus removal.

A Malware expert will have a look at your log in due course.

Admin. is offline  
Old 21st June 2010   #3
Malware Analyst
 
broni's Avatar
 
Profile:
Join Date: Aug 2002
Location: Daly City, CA
Posts: 19,856
Computer Experience:
intermediate
broni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Level

My System
STEP 1. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
Do NOT use the computer while GMER is running!
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

RESTART COMPUTER


DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

broni is offline  
Old 21st June 2010   #4
Senior Member
THREAD STARTER
 
Profile:
Join Date: May 2003
Location: Omega, Ga
Posts: 179
Computer Experience:
Intermediate
Fredb38 Reputation Level

Firefox Highjacked


Malwarebytes' Anti-Malware 1.44
Database version: 3897
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

3/21/2010 10:42:59 PM
mbam-log-2010-03-21 (22-42-59).txt

Scan type: Quick Scan
Objects scanned: 111692
Time elapsed: 3 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\YVIBBBHA8C (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\WEK9EMDHI9 (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yvibbbha8c (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Fredb38\AppData\Local\Temp\Ekf.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Fredb38\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\95683.lnk (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Fredb38\AppData\Local\Temp\Ekh.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Users\Fredb38\AppData\Local\Temp\taskengc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-21 11:02:31
Windows 6.1.7600
Running: 3hxmubl2.exe; Driver: C:\Users\Fredb38\AppData\Local\Temp\kwldyfob.sys


---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83030AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83030104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830303F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830192D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83018898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830301DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83030958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830306F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83030F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830311A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C49599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C6DF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text peauth.sys 9E42BC9D 28 Bytes [5E, BD, 47, 90, 60, C2, 21, ...]
.text peauth.sys 9E42BCC1 28 Bytes [5E, BD, 47, 90, 60, C2, 21, ...]
PAGE peauth.sys 9E431B9B 72 Bytes [27, B4, CF, 33, 3A, 40, D8, ...]
PAGE peauth.sys 9E431BEC 111 Bytes [10, D9, F1, 12, 25, C4, 7A, ...]
PAGE peauth.sys 9E43202C 102 Bytes [01, 70, C4, D6, AD, 00, 6B, ...]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[288] ole32.dll!OleLoadFromStream 76925B88 5 Bytes JMP 69F0D300 C:\Program Files\Common Files\Microsoft Shared\office11\mso.dll (Microsoft Office 2003 component/Microsoft Corporation)
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[1604] kernel32.dll!SetUnhandledExceptionFilter 76B83162 4 Bytes [C2, 04, 00, 00]
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[1680] ole32.dll!OleLoadFromStream 76925B88 5 Bytes JMP 69F0D300 C:\Program Files\Common Files\Microsoft Shared\office11\mso.dll (Microsoft Office 2003 component/Microsoft Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1804] ntdll.dll!NtQueryInformationProcess 77685490 5 Bytes JMP 00A01CED
.text C:\Program Files\Mozilla Firefox\firefox.exe[1804] ntdll.dll!LdrLoadDll 7769F585 5 Bytes JMP 013113F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1804] WS2_32.dll!closesocket 75A93BED 5 Bytes JMP 009EC7B5
.text C:\Program Files\Mozilla Firefox\firefox.exe[1804] WS2_32.dll!recv 75A947DF 5 Bytes JMP 009EC56C
.text C:\Program Files\Mozilla Firefox\firefox.exe[1804] WS2_32.dll!GetAddrInfoW 75A960F5 5 Bytes JMP 009EBB89
.text C:\Program Files\Mozilla Firefox\firefox.exe[1804] WS2_32.dll!getaddrinfo 75A96737 5 Bytes JMP 009EBAAE
.text C:\Program Files\Mozilla Firefox\firefox.exe[1804] WS2_32.dll!WSASend 75A968A7 5 Bytes JMP 009EC613
.text C:\Program Files\Mozilla Firefox\firefox.exe[1804] WS2_32.dll!WSARecv 75A9C29F 5 Bytes JMP 009EC6D1
.text C:\Program Files\Mozilla Firefox\firefox.exe[1804] WS2_32.dll!send 75A9C4C8 5 Bytes JMP 009EC4C9
.text C:\Program Files\Mozilla Firefox\firefox.exe[1804] WS2_32.dll!WSAAsyncGetHostByName 75AA6D2A 5 Bytes JMP 009EBE12
.text C:\Program Files\Mozilla Firefox\firefox.exe[1804] WS2_32.dll!gethostbyname 75AA7133 5 Bytes JMP 009EB9F4
.text C:\Program Files\Mozilla Firefox\firefox.exe[1804] USER32.dll!DrawTextExW 76D97BDD 5 Bytes JMP 009ECD76
.text C:\Program Files\Mozilla Firefox\firefox.exe[1804] USER32.dll!DrawTextW 76D98220 5 Bytes JMP 009ECBB8
.text C:\Program Files\Mozilla Firefox\firefox.exe[1804] USER32.dll!SetClipboardData 76DA4979 5 Bytes JMP 009EC840
.text C:\Program Files\Mozilla Firefox\firefox.exe[1804] USER32.dll!DrawTextA 76DAA482 5 Bytes JMP 009ECADF
.text C:\Program Files\Mozilla Firefox\firefox.exe[1804] USER32.dll!DrawTextExA 76DAA4B9 5 Bytes JMP 009ECC91
.text C:\Program Files\Mozilla Firefox\firefox.exe[1804] USER32.dll!DialogBoxParamW 76DB564A 5 Bytes JMP 009EBEEA
.text C:\Program Files\Mozilla Firefox\firefox.exe[1804] GDI32.dll!ExtTextOutW 77328053 5 Bytes JMP 009ECF3D
.text C:\Program Files\Mozilla Firefox\firefox.exe[1804] GDI32.dll!GetGlyphIndicesW 7732B521 5 Bytes JMP 009ED3AF
.text C:\Program Files\Mozilla Firefox\firefox.exe[1804] GDI32.dll!ExtTextOutA 77330158 5 Bytes JMP 009ECE5B
.text C:\Program Files\Mozilla Firefox\firefox.exe[1804] GDI32.dll!TextOutA 77330878 5 Bytes JMP 009EC94B
.text C:\Program Files\Mozilla Firefox\firefox.exe[1804] GDI32.dll!TextOutW 773414B9 5 Bytes JMP 009ECA15
.text C:\Program Files\Mozilla Firefox\firefox.exe[1804] GDI32.dll!GetGlyphIndicesA 7734BC42 5 Bytes JMP 009ED2E8

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[288] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [756E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[288] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [756E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[288] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [756E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[288] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [756E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[288] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [756E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[288] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [756E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[1680] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [756E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[1680] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [756E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[1680] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [756E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[1680] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [756E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[1680] @ C:\Windows\system32\ole32.dll [USER32.dll!GetSystemMetrics] [6E594F42] C:\Windows\AppPatch\AcSpecfc.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[1680] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [756E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[1680] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [756E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[1680] @ C:\Windows\system32\secur32.dll [KERNEL32.dll!GetProcAddress] [756E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1716] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [756E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1716] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [756E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1716] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [756E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1716] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [756E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1716] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [756E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1716] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [756E5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [743A2494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.1 6385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74385624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.1 6385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [743856E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.1 6385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [743A250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.1 6385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74398573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.1 6385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74394D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.1 6385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [743950CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.1 6385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [743951A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.1 6385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [743966D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.1 6385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [743982CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.1 6385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74398819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.1 6385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7439907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.1 6385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7439E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.1 6385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74394C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.1 6385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)

Device \Driver\ACPI_HAL \Device\00000047 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Fredb38\Downloads\Ashampoo AIO Updated 2010\Ashampoo\xae Slideshow Studio HD\ashampoo_slideshow_studio_hd_1.0.2_sm.exe 1
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Fredb38\Downloads\Ashampoo AIO Updated 2010\Ashampoo\xae Burning Studio 9 Theme Pack\ashampoo_burning_studio_9_theme_pack_100_sm.exe 1

---- EOF - GMER 1.0.15 ----

Fredb38 is offline  
Old 22nd June 2010   #5
Malware Analyst
 
broni's Avatar
 
Profile:
Join Date: Aug 2002
Location: Daly City, CA
Posts: 19,856
Computer Experience:
intermediate
broni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Level

My System
Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

broni is offline  
Old 22nd June 2010   #6
Senior Member
THREAD STARTER
 
Profile:
Join Date: May 2003
Location: Omega, Ga
Posts: 179
Computer Experience:
Intermediate
Fredb38 Reputation Level

ComboFix 10-06-21.01 - Fredb38 06/21/2010 23:25:33.1.2 - x86
Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.3454.2430 [GMT -4:00]
Running from: c:\users\Fredb38\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\SearchToolbarUpdater.exe
c:\programdata\mazuki.dll
c:\users\Fredb38\AppData\Roaming\.#
c:\users\Fredb38\AppData\Roaming\inst.exe
c:\users\Fredb38\AppData\Roaming\Microsoft\AdjMmsVista.dll
c:\users\Fredb38\AppData\Roaming\Workbench_2009.exe
c:\users\Fredb38\Documents\SYS
c:\users\Fredb38\GoToAssistDownloadHelper.exe
c:\users\Fredb38\psgold_41_2737.exe

.
((((((((((((((((((((((((( Files Created from 2010-05-22 to 2010-06-22 )))))))))))))))))))))))))))))))
.

2010-06-22 03:31 . 2010-06-22 03:31 -------- d-----w- c:\users\Fredb38\AppData\Local\temp
2010-06-22 03:31 . 2010-06-22 03:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-22 02:59 . 2010-06-22 02:59 -------- d-----w- c:\users\Fredb38\AppData\Local\ImTOO
2010-06-22 02:59 . 2010-06-22 02:59 -------- d-----w- c:\users\Fredb38\AppData\Roaming\ImTOO
2010-06-22 02:30 . 2010-06-22 02:30 -------- d-----w- c:\program files\Common Files\SourceTec
2010-06-22 02:19 . 2010-06-22 02:19 -------- d-----w- c:\program files\Haali
2010-06-21 01:41 . 2010-06-21 01:41 -------- d-----w- c:\program files\Enigma Software Group
2010-06-21 01:41 . 2010-06-21 02:04 -------- d-----w- c:\windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2010-06-21 00:09 . 2010-06-21 00:09 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-06-21 00:04 . 2010-06-21 00:04 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-06-21 00:04 . 2010-06-21 00:09 -------- d-----w- c:\programdata\Hitman Pro
2010-06-21 00:04 . 2010-06-21 00:04 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-06-20 21:57 . 2010-06-20 21:57 -------- d-----w- c:\program files\Trend Micro
2010-06-20 12:58 . 2010-06-20 12:58 1775136 ----a-w- c:\windows\system32\RtkPgExt.dll
2010-06-20 12:58 . 2010-06-20 12:58 58400 ----a-w- c:\windows\system32\RtkCoInst.dll
2010-06-20 12:58 . 2010-06-20 12:58 367136 ----a-w- c:\windows\system32\RtkApoApi.dll
2010-06-20 12:58 . 2010-06-20 12:58 3583008 ----a-w- c:\windows\system32\RtkAPO.dll
2010-06-20 12:58 . 2010-06-20 12:58 3086752 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys
2010-06-20 12:57 . 2010-06-20 12:57 299424 ----a-w- c:\windows\system32\FMAPO.dll
2010-06-20 12:15 . 2010-06-20 12:15 98304 --sha-r- c:\windows\system32\nvcuvidb.dll
2010-06-18 16:09 . 2010-06-18 16:09 -------- d-----w- c:\users\Fredb38\AppData\Roaming\SuperEasy Software
2010-06-18 16:09 . 2010-06-18 16:09 86016 ----a-w- c:\programdata\SuperEasy Software\Video Converter\HDX4VideoSites.dll
2010-06-18 16:07 . 2010-06-18 16:07 -------- d-----w- c:\programdata\SuperEasy Software
2010-06-18 11:57 . 2010-06-18 11:57 -------- d-----w- c:\program files\targit
2010-06-15 15:20 . 2010-06-15 15:20 -------- d-----w- c:\users\Fredb38\AppData\Local\Xilisoft
2010-06-14 12:58 . 2010-06-14 12:58 -------- d-----w- c:\users\Fredb38\AppData\Roaming\Win7codecs
2010-06-14 04:24 . 2010-06-14 05:12 -------- d-----w- C:\DVDTemp
2010-06-14 04:23 . 2010-06-14 05:52 -------- d-----w- c:\program files\Free DVD Creator
2010-06-14 00:50 . 2010-06-14 00:50 354744 ----a-w- c:\users\Fredb38\AppData\Roaming\SanDisk\Sansa Updater\SansaUpdaterInstall.exe
2010-06-14 00:50 . 2010-06-14 00:50 79872 ----a-w- c:\users\Fredb38\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
2010-06-14 00:50 . 2010-06-14 00:50 574344 ----a-w- c:\users\Fredb38\AppData\Roaming\SanDisk\Sansa Updater\SansaUpdater.exe
2010-06-14 00:26 . 2010-06-14 00:50 -------- d-----w- c:\users\Fredb38\AppData\Roaming\SanDisk
2010-06-11 03:20 . 2010-06-11 03:20 7032320 ----a-w- c:\programdata\Intuit\Quicken\Inet\Common\patch\Update\191222-191319.dll
2010-06-11 03:20 . 2010-06-11 03:20 7410688 ----a-w- c:\programdata\Intuit\Quicken\Inet\Common\patch\Update\191319-191429.dll
2010-06-11 03:20 . 2010-06-11 03:20 6301696 ----a-w- c:\programdata\Intuit\Quicken\Inet\Common\patch\Update\191127-191222.dll
2010-06-11 03:19 . 2010-06-11 03:19 5487616 ----a-w- c:\programdata\Intuit\Quicken\Inet\Common\patch\Update\19188-191916.dll
2010-06-11 03:19 . 2010-06-11 03:19 5686272 ----a-w- c:\programdata\Intuit\Quicken\Inet\Common\patch\Update\19153-191714.dll
2010-06-11 03:19 . 2010-06-11 03:19 2844160 ----a-w- c:\programdata\Intuit\Quicken\Inet\Common\patch\Update\191714-19188.dll
2010-06-11 03:19 . 2010-06-11 03:19 2812928 ----a-w- c:\programdata\Intuit\Quicken\Inet\Common\patch\Update\191916-191106.dll
2010-06-11 03:19 . 2010-06-11 03:19 2776576 ----a-w- c:\programdata\Intuit\Quicken\Inet\Common\patch\Update\191429-19153.dll
2010-06-11 03:18 . 2010-06-11 03:18 243032 ----a-w- c:\programdata\Intuit\Quicken\Inet\Common\patch\Update\QWPATCH.EXE
2010-06-11 03:18 . 2010-06-11 03:18 230752 ----a-w- c:\programdata\Intuit\Quicken\Inet\Common\patch\Update\patchw32.dll
2010-06-11 03:18 . 2010-06-11 03:18 956 ----a-w- c:\programdata\Intuit\Quicken\Inet\Common\patch\Update\rebase.cmd
2010-06-11 03:18 . 2010-01-13 14:30 4199784 ----a-w- c:\windows\system32\cdintf400.dll
2010-06-11 03:18 . 2010-01-13 23:27 26472 ----a-w- c:\programdata\Intuit\Quicken\Sku\RPM\Custom\billmind.exe
2010-06-11 03:18 . 2010-01-13 23:27 26472 ----a-w- c:\programdata\Intuit\Quicken\Sku\Premier\Custom\billmind.exe
2010-06-11 03:18 . 2010-01-13 23:27 26472 ----a-w- c:\programdata\Intuit\Quicken\Sku\Hab\Custom\billmind.exe
2010-06-11 03:18 . 2010-01-13 23:27 26472 ----a-w- c:\programdata\Intuit\Quicken\Sku\Deluxe\Custom\billmind.exe
2010-06-11 03:17 . 2010-06-11 03:21 -------- d-----w- c:\program files\Quicken
2010-06-10 23:42 . 2010-06-10 23:43 23127 ----a-w- c:\windows\hpqins15.dat
2010-06-09 13:02 . 2010-06-09 13:02 1141 ----a-w- c:\users\Fredb38\AppData\Roaming\iolo\restore.bat
2010-06-09 12:49 . 2010-06-09 12:49 74703 ----a-w- c:\windows\system32\mfc45.dll
2010-06-09 12:49 . 2010-06-10 02:09 -------- d-----w- c:\programdata\iolo
2010-06-09 12:49 . 2010-06-09 13:02 -------- d-----w- c:\users\Fredb38\AppData\Roaming\iolo
2010-06-09 09:55 . 2010-05-01 14:49 2326528 ----a-w- c:\windows\system32\win32k.sys
2010-06-09 09:55 . 2010-03-05 07:42 67584 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-09 09:55 . 2010-05-21 05:18 977920 ----a-w- c:\windows\system32\wininet.dll
2010-06-09 09:55 . 2010-05-27 03:49 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-06-09 09:55 . 2010-05-27 07:24 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-06-05 22:42 . 2010-06-05 22:42 -------- d-----w- c:\users\Fredb38\AppData\Roaming\dvdcss
2010-06-04 22:06 . 2010-06-04 22:06 -------- d-----w- c:\program files\VirtualDubMOD
2010-06-04 12:33 . 2010-06-04 12:32 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-04 00:54 . 2010-06-04 00:54 -------- d-----w- c:\users\Fredb38\AppData\Local\Citrix
2010-06-03 23:10 . 2008-08-19 17:33 808280 ------w- c:\programdata\HP\Installer\Temp\hpzscr01.EXE
2010-06-03 23:10 . 2008-08-19 17:30 484696 ------w- c:\programdata\HP\Installer\Temp\hpzmsi01.exe
2010-06-03 23:10 . 2010-06-20 13:52 19501 ----a-w- c:\windows\hpqins13.dat
2010-06-03 23:03 . 2010-06-03 23:03 345328 ----a-w- c:\windows\system32\SRSTSXT.dll
2010-06-03 23:03 . 2010-06-03 23:03 140528 ----a-w- c:\windows\system32\SRSWOW.dll
2010-06-03 23:02 . 2010-06-03 23:02 76488 ----a-w- c:\windows\system32\RTEEL32A.dll
2010-06-03 23:02 . 2010-06-03 23:02 62664 ----a-w- c:\windows\system32\RTEEG32A.dll
2010-06-03 23:02 . 2010-06-03 23:02 357576 ----a-w- c:\windows\system32\RTEEP32A.dll
2010-06-03 23:02 . 2010-06-03 23:02 168648 ----a-w- c:\windows\system32\RTEED32A.dll
2010-06-03 23:02 . 2010-06-03 23:02 293584 ----a-w- c:\windows\system32\RP3DHT32.dll
2010-06-03 23:02 . 2010-06-03 23:02 293584 ----a-w- c:\windows\system32\RP3DAA32.dll
2010-06-03 23:02 . 2010-06-03 23:02 96160 ----a-w- c:\windows\system32\AERTARen.dll
2010-06-03 23:02 . 2010-06-03 23:02 145760 ----a-w- c:\windows\system32\AERTACap.dll
2010-06-03 22:55 . 2010-06-03 22:55 -------- d-----w- c:\programdata\Uniblue
2010-06-03 22:54 . 2010-06-20 12:51 -------- d-----w- c:\program files\Uniblue
2010-06-02 14:15 . 2010-06-02 14:15 -------- d-----w- c:\users\Fredb38\AppData\Local\Ashampoo Movie Shrink & Burn 3
2010-05-26 01:55 . 2010-04-23 07:13 2048 ----a-w- c:\windows\system32\tzres.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-22 03:31 . 2010-03-11 01:14 -------- d-----w- c:\users\Fredb38\AppData\Roaming\uTorrent
2010-06-22 03:04 . 2010-03-19 12:34 -------- d-----w- c:\program files\Common Files\Common Share
2010-06-22 00:50 . 2010-03-11 01:29 -------- d-----w- c:\users\Fredb38\AppData\Roaming\Vso
2010-06-22 00:33 . 2010-05-16 19:55 -------- d-----w- c:\users\Fredb38\AppData\Roaming\Xilisoft
2010-06-21 01:41 . 2010-04-12 22:16 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-06-20 13:08 . 2010-03-11 05:15 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-06-20 12:53 . 2010-03-11 14:00 -------- d-----w- c:\users\Fredb38\AppData\Roaming\Nitro PDF
2010-06-20 12:25 . 2010-03-24 13:38 -------- d-----w- c:\programdata\RegCure
2010-06-14 13:12 . 2010-03-12 18:56 -------- d-----w- c:\program files\Ashampoo
2010-06-14 13:07 . 2010-03-11 00:41 205984 ----a-w- c:\users\Fredb38\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-14 12:58 . 2010-03-15 13:55 -------- d-----w- c:\programdata\Win7codecs
2010-06-14 12:25 . 2010-04-06 12:08 -------- d-----w- c:\users\Fredb38\AppData\Roaming\vlc
2010-06-14 00:44 . 2010-03-11 00:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-13 17:19 . 2010-06-13 17:19 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-06-10 04:21 . 2010-03-15 21:14 -------- d-----w- c:\users\Fredb38\AppData\Roaming\1st Free Solitaire
2010-06-10 02:06 . 2010-05-22 12:59 -------- d-----w- c:\program files\CCleaner
2010-06-09 13:20 . 2010-03-22 12:04 -------- d-----w- c:\program files\Creative Home
2010-06-06 00:52 . 2010-04-10 18:31 -------- d-----w- c:\users\Fredb38\AppData\Roaming\LimeWire
2010-06-04 07:03 . 2010-03-24 14:54 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-03 22:55 . 2010-03-11 02:46 -------- d-----w- c:\users\Fredb38\AppData\Roaming\Uniblue
2010-06-03 22:38 . 2010-03-11 02:12 -------- d-----w- c:\programdata\HP
2010-06-03 22:38 . 2010-03-11 01:38 -------- d-----w- c:\users\Fredb38\AppData\Roaming\IrfanView
2010-05-21 18:14 . 2010-03-10 23:48 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-20 13:26 . 2010-05-20 13:26 -------- d-----w- c:\program files\Realtek
2010-05-19 20:02 . 2010-03-12 19:32 -------- d-----w- c:\users\Fredb38\AppData\Roaming\Ashampoo
2010-05-19 13:37 . 2010-05-19 13:37 -------- d-----w- c:\programdata\TechSmith
2010-05-19 13:37 . 2010-05-19 13:37 -------- d-----w- c:\program files\TechSmith
2010-05-18 17:28 . 2010-05-18 17:26 -------- d-----w- c:\program files\Microsoft Streets & Trips 2010
2010-05-18 16:29 . 2010-05-14 22:19 -------- d-----w- c:\program files\MSECache
2010-05-18 16:12 . 2010-05-18 16:03 -------- d-----w- c:\program files\TLDCN2009
2010-05-17 13:05 . 2010-04-26 19:38 -------- d-----w- c:\program files\Solid Edge V16
2010-05-16 00:37 . 2010-05-16 00:35 -------- d-----w- c:\program files\VDownloader
2010-05-15 16:22 . 2010-04-16 20:38 -------- d-----w- c:\program files\QuickTime
2010-05-15 16:21 . 2010-04-18 02:52 -------- d-----w- c:\programdata\Apple Computer
2010-05-15 16:21 . 2010-05-15 16:21 -------- d-----w- c:\program files\Common Files\Apple
2010-05-15 16:20 . 2010-05-15 16:20 -------- d-----w- c:\programdata\Apple
2010-05-15 16:20 . 2010-05-15 16:20 -------- d-----w- c:\program files\Apple Software Update
2010-05-14 19:57 . 2010-05-14 19:29 -------- d-----w- c:\program files\AimOne AVI Cutter & Joiner
2010-05-13 02:01 . 2010-03-11 01:29 47360 ----a-w- c:\users\Fredb38\AppData\Roaming\pcouffin.sys
2010-05-13 02:01 . 2010-03-11 01:29 47360 ----a-w- c:\users\Fredb38\AppData\Roaming\pcouffin.sys
2010-05-13 02:00 . 2010-03-25 18:40 -------- d-----w- c:\program files\VSO
2010-05-12 03:23 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-05-09 15:27 . 2010-05-09 15:27 -------- d-----w- c:\users\Fredb38\AppData\Roaming\U3
2010-05-08 22:56 . 2010-03-19 13:32 -------- d-----w- c:\program files\AVS4YOU
2010-05-08 22:55 . 2010-03-19 13:30 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-05-08 22:24 . 2010-05-08 22:24 -------- d-----w- c:\program files\RegCure
2010-05-08 22:15 . 2010-05-08 15:23 -------- dc-h--w- c:\programdata\~0
2010-05-08 19:40 . 2010-05-08 16:57 -------- d-----w- c:\users\Fredb38\AppData\Roaming\WinAVI
2010-05-08 17:41 . 2010-03-19 14:02 -------- d-----w- c:\users\Fredb38\AppData\Roaming\AVS4YOU
2010-05-08 02:25 . 2010-04-25 03:19 -------- d-----w- c:\programdata\Microsoft Help
2010-05-08 02:25 . 2010-03-11 00:25 -------- d-----w- c:\program files\Microsoft Works
2010-05-07 22:06 . 2010-03-12 19:16 -------- d-----w- c:\users\Fredb38\AppData\Roaming\Thinstall
2010-05-06 21:14 . 2010-03-28 07:28 -------- d-----w- c:\users\Fredb38\AppData\Roaming\Blitware
2010-05-05 02:40 . 2010-05-05 02:27 -------- d-----w- c:\users\Fredb38\AppData\Roaming\ImgBurn
2010-05-02 18:24 . 2010-03-11 02:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-02 18:22 . 2010-03-11 01:14 -------- d-----w- c:\program files\uTorrent
2010-04-29 19:39 . 2010-03-11 02:35 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2010-03-11 02:35 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-29 18:47 . 2010-04-29 18:47 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-04-29 15:46 . 2010-04-29 15:46 -------- d-----w- c:\program files\Foxit Software
2010-04-29 03:19 . 2010-04-29 02:22 -------- d-----w- c:\program files\MP3-tag
2010-04-29 03:18 . 2010-04-29 03:00 -------- d-----w- c:\program files\mp3Tag 5
2010-04-29 02:22 . 2010-04-29 02:22 -------- d-----w- c:\users\Fredb38\AppData\Roaming\AQUATRA
2010-04-29 02:17 . 2010-04-29 02:17 -------- d-----w- c:\programdata\NCH Swift Sound
2010-04-29 02:17 . 2010-04-29 02:17 -------- d-----w- c:\users\Fredb38\AppData\Roaming\NCH Swift Sound
2010-04-28 17:34 . 2010-04-28 17:34 -------- d-----w- c:\program files\Audacity
2010-04-26 19:59 . 2010-03-11 00:55 -------- d-----w- c:\programdata\WinZip
2010-04-26 19:46 . 2010-04-26 19:46 -------- d-----w- c:\users\Fredb38\AppData\Roaming\Unigraphics Solutions
2010-04-25 04:39 . 2010-04-25 04:37 -------- d-----w- c:\program files\SmartDraw 2010
2010-04-25 02:40 . 2010-04-25 02:40 -------- d-----w- c:\users\Fredb38\AppData\Roaming\SmartDraw
2010-04-24 15:09 . 2010-04-24 15:09 -------- d-----w- c:\users\Fredb38\AppData\Roaming\Serif
2010-04-24 15:07 . 2010-04-24 15:07 -------- d-----w- c:\program files\Serif
2010-04-23 22:32 . 2010-04-23 22:32 -------- d-----w- c:\program files\Coupons
2010-04-21 23:35 . 2010-04-21 23:34 108137 ----a-w- c:\windows\unins000.dat
2010-04-21 23:33 . 2010-04-21 23:34 708432 ----a-w- c:\windows\unins000.exe
2010-04-17 12:36 . 2010-04-17 12:36 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2010-04-17 00:55 . 2010-04-17 00:55 86016 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
2010-04-11 03:49 . 2010-04-11 03:49 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microso ft.MediaCenter.Sports.UI.dll
2010-04-11 03:49 . 2010-04-11 03:49 3605256 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup .dll
2010-04-11 03:48 . 2010-04-11 03:48 588096 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\Spotlight Resources.dll
2010-04-02 13:36 . 2010-03-24 13:21 4004960 ----a-w- c:\users\Fredb38\AppData\Roaming\Uniblue\RegistryBooster\_temp\ub.exe
2010-03-30 22:49 . 2010-03-30 22:49 114688 ----a-w- c:\windows\keymail.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"SansaDispatch"="c:\users\Fredb38\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2010-06-14 79872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-04-27 2029640]
"Mindful 2"="c:\program files\Felitec\Mindful 2\Mindful.exe" [2009-04-04 471040]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Event Planner Reminder 2010.lnk - c:\windows\Installer\{601BE80D-247B-4084-94C7-7A54369DB7A2}\Shortcut_EventPlan_E2FBA8F7F7FD4C5EAA7D652BB0CAAA9D.exe [2010-3-22 341328]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msriasClient

R2 SBSDWSCService;SBSD Security Center Service; [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-11 1343400]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-04-27 107256]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-04-27 731840]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2009-04-27 38240]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]
S2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [2010-02-02 188736]
S2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2010-02-02 65856]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-04-29 20952]
S3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2009-07-13 266752]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-06-20 c:\windows\Tasks\File Helper.job
- c:\program files\File Helper\2.3.0.4\FileHelper.exe [2010-03-24 18:25]

2010-06-21 c:\windows\Tasks\RegCure Program Check.job
- h:\program files\RegCure\RegCure.exe [2010-02-23 01:29]

2010-06-20 c:\windows\Tasks\RegCure.job
- h:\program files\RegCure\RegCure.exe [2010-02-23 01:29]

2010-06-22 c:\windows\Tasks\SDMsgUpdate (SD).job
- c:\progra~1\SmartDraw 2010\Messages\SDNotify.exe [2010-04-25 16:21]

2010-06-22 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SmartDraw 2010\Messages\SDNotify.exe [2010-04-25 16:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Fredb38\AppData\Roaming\Mozilla\Firefox\Profiles\z0wdj7p0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://Bing.zugo.com/s/?src=FF-Address&site=Bing&cfg=2-71-0-12QPy&q=
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\Photodex Presenter\npPxPlay.dll
FF - plugin: c:\program files\Win7codecs\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\Win7codecs\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\Wat\npWatWeb.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_availa ble_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-06-21 23:33:26
ComboFix-quarantined-files.txt 2010-06-22 03:33

Pre-Run: 292,389,670,912 bytes free
Post-Run: 292,641,808,384 bytes free

- - End Of File - - 23D6470A305CCAD4EF25BED0C4D3E45E

Fredb38 is offline  
Old 22nd June 2010   #7
Malware Analyst
 
broni's Avatar
 
Profile:
Join Date: Aug 2002
Location: Daly City, CA
Posts: 19,856
Computer Experience:
intermediate
broni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Level

My System
I strongly suggest, you uninstall RegCure. Registry tools are not recommended and here is why: http://miekiemoes.blogspot.com/2008/...eaking_13.html

How is redirection issue?

Uninstall Combofix:
Go Start > Run [Vista users, go Start>"Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall"
Click OK (Vista users - press Enter).
Restart computer.

==============================================================

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:



netsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT



* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

broni is offline  
Old 22nd June 2010   #8
Senior Member
THREAD STARTER
 
Profile:
Join Date: May 2003
Location: Omega, Ga
Posts: 179
Computer Experience:
Intermediate
Fredb38 Reputation Level

OTL logfile created on: 6/22/2010 12:00:44 AM - Run 1
OTL by OldTimer - Version 3.2.6.1 Folder = C:\Users\Fredb38\Desktop
Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 75.00% Memory free
6.00 Gb Paging File | 6.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 326.38 Gb Total Space | 272.64 Gb Free Space | 83.53% Space Free | Partition Type: NTFS
Drive D: | 8.87 Gb Total Space | 1.20 Gb Free Space | 13.58% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 465.76 Gb Total Space | 222.89 Gb Free Space | 47.85% Space Free | Partition Type: NTFS
Drive I: | 465.76 Gb Total Space | 337.75 Gb Free Space | 72.52% Space Free | Partition Type: NTFS
Drive J: | 931.51 Gb Total Space | 345.15 Gb Free Space | 37.05% Space Free | Partition Type: NTFS

Computer Name: FREDB38-PC
Current User Name: Fredb38
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/21 23:57:19 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Fredb38\Desktop\OTL.exe
PRC - [2010/06/13 20:50:21 | 000,079,872 | ---- | M] (SanDisk Corporation) -- C:\Users\Fredb38\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
PRC - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/04/21 20:52:22 | 000,186,760 | ---- | M] () -- H:\Program Files\Proshow Gold\scsiaccess.exe
PRC - [2010/02/02 13:35:30 | 000,065,856 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\NLSSRV32.EXE
PRC - [2010/02/02 13:35:20 | 000,188,736 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
PRC - [2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/08/07 14:32:26 | 000,358,232 | ---- | M] (Creative Home) -- C:\Program Files\Creative Home\Hallmark Card Studio 2010 Deluxe\Planner\PLNRnote.exe
PRC - [2009/07/13 21:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/04/27 02:22:04 | 000,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2009/04/27 02:11:54 | 002,029,640 | ---- | M] (Cracked By Wh!5t|eR) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2009/04/04 03:20:00 | 000,471,040 | ---- | M] (Felitec Inc.) -- C:\Program Files\Felitec\Mindful 2\Mindful.exe
PRC - [2009/01/12 08:15:52 | 000,071,096 | ---- | M] () -- C:\Windows\System32\NMSAccessU.exe
PRC - [2005/07/15 17:48:33 | 000,479,232 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Gmail Notifier\gnotify.exe


========== Modules (SafeList) ==========

MOD - [2010/06/21 23:57:19 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Fredb38\Desktop\OTL.exe
MOD - [2009/07/13 21:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 21:16:14 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sfc_os.dll
MOD - [2009/07/13 21:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 21:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/13 21:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 21:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/13 21:15:44 | 002,340,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msi.dll
MOD - [2009/07/13 21:15:44 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msiltcfg.dll
MOD - [2009/07/13 21:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 21:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 21:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 21:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 21:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009/07/13 21:10:22 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sfc.dll
MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (SBSDWSCService)
SRV - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/04/21 20:52:22 | 000,186,760 | ---- | M] () [Auto | Running] -- H:\Program Files\Proshow Gold\scsiaccess.exe -- (ScsiAccess)
SRV - [2010/03/11 13:32:50 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/02/02 13:35:30 | 000,065,856 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2010/02/02 13:35:20 | 000,188,736 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe -- (NitroDriverReadSpool)
SRV - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/07/13 21:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 21:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 21:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 21:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 21:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 21:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 21:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 21:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 21:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 21:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 21:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 21:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 21:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 21:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 21:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 21:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 21:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/04/27 02:22:08 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/04/27 02:22:04 | 000,731,840 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2009/01/12 08:15:52 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Windows\System32\NMSAccessU.exe -- (NMSAccess)


========== Driver Services (SafeList) ==========

DRV - [2010/06/20 08:58:00 | 003,086,752 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009/12/11 03:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/09/27 23:12:22 | 009,509,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/07/13 21:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/13 21:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 21:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 21:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 21:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 21:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 21:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/13 21:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 21:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/13 21:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/13 21:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/13 21:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/13 21:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 21:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 21:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/13 21:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 21:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 21:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 21:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 21:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 21:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 21:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 21:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 21:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 21:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 21:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 21:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 21:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 21:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 21:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 21:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 21:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 21:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/13 21:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 21:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/13 21:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 21:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 21:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 21:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 21:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 21:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 20:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 20:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 20:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 19:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 19:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 19:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 19:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 19:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 19:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 19:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 19:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 19:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 19:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 19:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 19:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 19:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 19:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 19:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 19:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/13 19:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 19:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 18:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 18:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 18:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 18:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 18:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 18:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 18:13:47 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2009/07/13 18:13:46 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (VST_DPV)
DRV - [2009/07/13 18:13:45 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (winachsf)
DRV - [2009/07/13 18:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/07/13 18:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 18:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 18:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/04/27 02:22:12 | 000,113,960 | ---- | M] (ESET) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\eamon.sys -- (eamon)
DRV - [2009/04/27 02:22:08 | 000,038,240 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfp.sys -- (epfwwfp)
DRV - [2009/04/27 02:22:08 | 000,033,096 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2009/04/27 02:22:06 | 000,107,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/04/27 02:22:04 | 000,131,976 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfw.sys -- (epfw)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
FF - prefs.js..extensions.enabledItems: anttoolbar@ant.com:2.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..keyword.URL: "http://Bing.zugo.com/s/?src=FF-Address&site=Bing&cfg=2-71-0-12QPy&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/10 19:43:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/14 13:20:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/14 13:20:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010/03/10 19:53:22 | 000,000,000 | ---D | M]

[2010/03/19 08:06:12 | 000,000,000 | ---D | M] -- C:\Users\Fredb38\AppData\Roaming\Mozilla\Extensions
[2010/03/19 08:06:12 | 000,000,000 | ---D | M] -- C:\Users\Fredb38\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/06/21 22:48:02 | 000,000,000 | ---D | M] -- C:\Users\Fredb38\AppData\Roaming\Mozilla\Firefox\Profiles\z0wdj7p0.default\ extensions
[2010/03/11 09:25:46 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\Fredb38\AppData\Roaming\Mozilla\Firefox\Profiles\z0wdj7p0.default\ extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2010/06/09 22:06:59 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Fredb38\AppData\Roaming\Mozilla\Firefox\Profiles\z0wdj7p0.default\ extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/05/15 20:58:24 | 000,000,000 | ---D | M] -- C:\Users\Fredb38\AppData\Roaming\Mozilla\Firefox\Profiles\z0wdj7p0.default\ extensions\anttoolbar@ant.com
[2010/05/06 17:10:22 | 000,000,000 | ---D | M] -- C:\Users\Fredb38\AppData\Roaming\Mozilla\Firefox\Profiles\z0wdj7p0.default\ extensions\searchtoolbar@zugo.com
[2010/04/13 08:56:03 | 000,001,836 | ---- | M] () -- C:\Users\Fredb38\AppData\Roaming\Mozilla\Firefox\Profiles\z0wdj7p0.default\ searchplugins\bing-ff.xml
[2010/05/06 17:10:47 | 000,001,944 | ---- | M] () -- C:\Users\Fredb38\AppData\Roaming\Mozilla\Firefox\Profiles\z0wdj7p0.default\ searchplugins\bing-zugo.xml
[2010/06/09 22:08:46 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/15 03:11:28 | 000,000,000 | ---D | M] (LoudMo Contextual Ad Assistant) -- C:\Program Files\Mozilla Firefox\extensions\{8c67aaa4-a39e-e2d9-3ed6-4b5088d3d8ce}
[2010/06/04 08:33:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/06/04 08:32:50 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll

O1 HOSTS File: ([2010/06/21 23:31:31 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (Cracked By Wh!5t|eR)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Mindful 2] C:\Program Files\Felitec\Mindful 2\Mindful.exe (Felitec Inc.)
O4 - HKCU..\Run: [SansaDispatch] C:\Users\Fredb38\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.50.1
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/12/31 01:04:27 | 000,000,000 | R--D | M] - D:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009/07/13 22:37:08 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 90 Days ==========

[2010/06/21 23:58:58 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\Fredb38\Desktop\OTL.exe
[2010/06/21 23:33:30 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/06/21 23:33:28 | 000,000,000 | ---D | C] -- C:\Users\Fredb38\AppData\Local\temp
[2010/06/21 23:24:30 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/06/21 23:24:30 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/06/21 23:24:30 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/06/21 23:24:24 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/06/21 23:23:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/06/21 23:23:43 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/06/21 22:59:57 | 000,000,000 | ---D | C] -- C:\Users\Fredb38\AppData\Local\ImTOO
[2010/06/21 22:59:55 | 000,000,000 | ---D | C] -- C:\Users\Fredb38\AppData\Roaming\ImTOO
[2010/06/21 22:30:41 | 000,290,816 | ---- | C] (SourceTec Software Co., LTD) -- C:\Windows\System32\stFLVSource.ax
[2010/06/21 22:30:40 | 000,438,272 | ---- | C] (Gabest) -- C:\Windows\System32\Mpeg2DecFilter.ax
[2010/06/21 22:30:40 | 000,217,088 | ---- | C] (-) -- C:\Windows\System32\CoreFLACDecoder.ax
[2010/06/21 22:30:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SourceTec
[2010/06/21 22:19:13 | 000,000,000 | ---D | C] -- C:\Program Files\Haali
[2010/06/21 22:18:12 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2010/06/20 21:41:49 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2010/06/20 21:41:06 | 000,000,000 | ---D | C] -- C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
[2010/06/20 20:09:00 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2010/06/20 20:04:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2010/06/20 20:04:24 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/06/20 17:57:57 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/06/20 08:57:57 | 000,299,424 | ---- | C] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll
[2010/06/18 12:10:52 | 000,000,000 | ---D | C] -- C:\Users\Fredb38\Documents\My Video
[2010/06/18 12:09:03 | 000,000,000 | ---D | C] -- C:\Users\Fredb38\AppData\Roaming\SuperEasy Software
[2010/06/18 12:07:49 | 000,000,000 | ---D | C] -- C:\ProgramData\SuperEasy Software
[2010/06/18 07:57:33 | 000,000,000 | ---D | C] -- C:\Program Files\targit
[2010/06/15 11:20:27 | 000,000,000 | ---D | C] -- C:\Users\Fredb38\AppData\Local\Xilisoft
[2010/06/14 13:21:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2010/06/14 08:58:51 | 000,000,000 | ---D | C] -- C:\Users\Fredb38\AppData\Roaming\Win7codecs
[2010/06/14 00:24:43 | 000,000,000 | ---D | C] -- C:\DVDTemp
[2010/06/14 00:23:19 | 000,000,000 | ---D | C] -- C:\Program Files\Free DVD Creator
[2010/06/13 20:26:12 | 000,000,000 | ---D | C] -- C:\Users\Fredb38\AppData\Roaming\SanDisk
[2010/06/10 23:18:21 | 004,199,784 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\Windows\System32\cdintf400.dll
[2010/06/10 23:17:57 | 000,000,000 | ---D | C] -- C:\Program Files\Quicken
[2010/06/09 08:49:15 | 000,000,000 | ---D | C] -- C:\Users\Fredb38\AppData\Roaming\iolo
[2010/06/09 08:49:15 | 000,000,000 | ---D | C] -- C:\ProgramData\iolo
[2010/06/05 18:42:52 | 000,000,000 | ---D | C] -- C:\Users\Fredb38\AppData\Roaming\dvdcss
[2010/06/04 18:06:52 | 000,000,000 | ---D | C] -- C:\Program Files\VirtualDubMOD
[2010/06/04 12:24:09 | 001,277,952 | ---- | C] (HDX4 GmbH) -- C:\Windows\System32\HDX4H263Decoder.ax
[2010/06/03 20:54:09 | 000,000,000 | ---D | C] -- C:\Users\Fredb38\AppData\Local\Citrix
[2010/06/03 19:03:03 | 000,345,328 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
[2010/06/03 19:03:03 | 000,140,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
[2010/06/03 19:02:59 | 000,357,576 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEP32A.dll
[2010/06/03 19:02:59 | 000,168,648 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEED32A.dll
[2010/06/03 19:02:59 | 000,076,488 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEL32A.dll
[2010/06/03 19:02:59 | 000,062,664 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEG32A.dll
[2010/06/03 19:02:58 | 000,293,584 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll
[2010/06/03 19:02:58 | 000,293,584 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll
[2010/06/03 18:55:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue
[2010/06/03 18:54:02 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2010/06/02 22:44:17 | 000,000,000 | ---D | C] -- C:\Users\Fredb38\Documents\My Scans
[2010/06/02 10:15:18 | 000,000,000 | ---D | C] -- C:\Users\Fredb38\AppData\Local\Ashampoo Movie Shrink & Burn 3
[2010/05/22 08:59:06 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/05/21 16:13:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2010/05/20 09:26:44 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2010/05/20 09:26:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2010/05/19 09:38:32 | 000,000,000 | ---D | C] -- C:\Users\Fredb38\Documents\Snagit
[2010/05/19 09:38:29 | 000,000,000 | ---D | C] -- C:\Users\Fredb38\AppData\Local\assembly
[2010/05/19 09:37:50 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith
[2010/05/19 09:37:46 | 000,000,000 | ---D | C] -- C:\Users\Fredb38\AppData\Local\TechSmith
[2010/05/19 09:37:46 | 000,000,000 | ---D | C] -- C:\Program Files\TechSmith
[2010/05/18 13:26:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Streets & Trips 2010
[2010/05/18 12:03:55 | 000,000,000 | ---D | C] -- C:\Program Files\TLDCN2009
[2010/05/16 15:55:00 | 000,000,000 | ---D | C] -- C:\Users\Fredb38\AppData\Roaming\Xilisoft
[2010/05/15 20:35:38 | 000,000,000 | ---D | C] -- C:\Program Files\VDownloader
[2010/05/15 12:21:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/05/15 12:20:54 | 000,000,000 | ---D | C] -- C:\Users\Fredb38\AppData\Local\Apple
[2010/05/15 12:20:52 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/05/15 12:20:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010/05/14 18:19:51 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2010/05/14 15:29:34 | 000,000,000 | ---D | C] -- C:\Program Files\AimOne AVI Cutter & Joiner
[2010/05/11 20:48:30 | 000,000,000 | ---D | C] -- C:\Users\Fredb38\Documents\HP Photosmart Projects
[2010/05/09 11:27:19 | 000,000,000 | ---D | C] -- C:\Users\Fredb38\AppData\Roaming\U3
[2010/05/09 08:44:50 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2010/05/08 18:24:06 | 000,000,000 | ---D | C] -- C:\Program Files\RegCure
[2010/05/08 12:57:02 | 000,000,000 | ---D | C] -- C:\Users\Fredb38\AppData\Roaming\WinAVI
[2010/05/08 11:23:37 | 000,000,000 | -H-D | C] -- C:\ProgramData\~0
[2010/05/08 11:22:36 | 000,000,000 | ---D | C] -- C:\Users\Fredb38\AppData\Local\PackageAware
[2010/05/07 18:06:50 | 000,000,000 | ---D | C] -- C:\Users\Fredb38\AppData\Local\Thinstall
[2010/05/04 22:27:45 | 000,000,000 | ---D | C] -- C:\Users\Fredb38\AppData\Roaming\ImgBurn
[2010/05/04 18:21:28 | 000,000,000 | ---D | C] -- C:\Users\Fredb38\AppData\Local\ApplicationHistory
[2010/05/04 18:21:19 | 000,000,000 | ---D | C] -- C:\Users\Fredb38\Documents\Ashampoo ClipFisher Movies
[2010/04/29 11:46:42 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2010/04/28 23:00:51 | 000,000,000 | ---D | C] -- C:\Program Files\mp3Tag 5
[2010/04/28 22:52:32 | 000,000,000 | ---D | C] -- C:\Temp
[2010/04/28 22:22:58 | 000,000,000 | ---D | C] -- C:\Users\Fredb38\AppData\Roaming\AQUATRA
[2010/04/28 22:22:19 | 000,000,000 | ---D | C] -- C:\Program Files\MP3-tag
[2010/04/28 22:17:52 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Swift Sound
[2010/04/28 22:17:41 | 000,000,000 | ---D | C] -- C:\Users\Fredb38\AppData\Roaming\NCH Swift Sound
[2010/04/28 13:34:07 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity
[2010/04/27 19:36:30 | 000,000,000 | ---D | C] -- C:\OutputFolder
[2010/04/26 15:59:13 | 000,000,000 | ---D | C] -- C:\Users\Fredb38\AppData\Local\WinZip
[2010/04/26 15:58:36 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2010/04/26 15:53:43 | 000,000,000 | ---D | C] -- C:\Users\Fredb38\Documents\Solid Edge Samples
[2010/04/26 15:46:37 | 000,000,000 | ---D | C] -- C:\Users\Fredb38\AppData\Roaming\Unigraphics Solutions
[2010/04/26 15:40:09 | 000,000,000 | ---D | C] -- C:\Windows\lhsp
[2010/04/26 15:40:07 | 000,000,000 | ---D | C] -- C:\Windows\msagent
[2010/04/26 15:38:33 | 000,000,000 | ---D | C] -- C:\Program Files\Solid Edge V16
[2010/04/26 15:36:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\URTTEMP
[2010/04/25 00:37:42 | 000,000,000 | ---D | C] -- C:\Program Files\SmartDraw 2010
[2010/04/24 23:26:57 | 000,000,000 | --SD | C] -- C:\Users\Fredb38\Documents\My Shapes
[2010/04/24 23:19:19 | 000,000,000 | ---D | C] -- C:\Users\Fredb38\AppData\Local\Microsoft Help
[2010/04/24 23:19:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010/04/24 22:40:36 | 000,000,000 | ---D | C] -- C:\Users\Fredb38\AppData\Roaming\SmartDraw
[2010/04/24 11:09:54 | 000,000,000 | ---D | C] -- C:\Users\Fredb38\AppData\Roaming\Serif
[2010/04/24 11:09:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2010/04/24 11:07:28 | 000,000,000 | ---D | C] -- C:\Program Files\Serif
[2010/04/23 18:32:43 | 000,000,000 | ---D | C] -- C:\Program Files\Coupons
[2010/04/22 19:22:39 | 000,000,000 | ---D | C] -- C:\Program Files\Xvid
[2010/04/22 18:23:17 | 000,000,000 | ---D | C] -- C:\Users\Fredb38\Documents\Samples
[2010/04/22 15:59:06 | 000,000,000 | ---D | C] -- C:\Users\Fredb38\AppData\Local\RdpAudioSink
[2010/04/22 14:27:44 | 000,000,000 | ---D | C] -- C:\Program Files\Morpheus Photo Animation Suite
[2010/04/22 13:39:07 | 000,000,000 | ---D | C] -- C:\Users\Fredb38\AppData\Roaming\Morpheus Software
[2010/04/21 10:56:03 | 000,000,000 | ---D | C] -- C:\Users\Fredb38\Documents\PresentationCD
[2010/04/20 23:24:16 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Software
[2010/04/20 21:54:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/04/20 19:54:41 | 000,000,000 | ---D | C] -- C:\Program Files\CDex
[2010/04/18 10:26:33 | 000,000,000 | ---D | C] -- C:\Users\Fredb38\Documents\Aimersoft DVD Ripper
[2010/04/18 10:25:29 | 000,000,000 | ---D | C] -- C:\Users\Fredb38\Documents\Aimersoft Audio Converter
[2010/04/18 10:23:15 | 000,000,000 | ---D | C] -- C:\Users\Fredb38\Documents\Aimersoft Video Converter
[2010/04/18 10:20:47 | 000,000,000 | ---D | C] -- C:\Program Files\Aimersoft
[2010/04/18 09:34:06 | 000,000,000 | ---D | C] -- C:\Users\Fredb38\Documents\DVD Creator
[2010/04/18 00:33:52 | 000,000,000 | ---D | C] -- C:\Movavi files
[2010/04/17 22:52:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/04/17 22:49:37 | 000,000,000 | ---D | C] -- C:\Program Files\Movavi Video Converter 9
[2010/04/17 22:48:53 | 000,000,000 | ---D | C] -- C:\Users\Fredb38\AppData\Local\Downloaded Installations
[2010/04/16 20:55:40 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2010/04/16 16:38:55 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/04/13 15:55:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2010/04/13 15:55:50 | 000,000,000 | ---D | C] -- C:\Users\Fredb38\Office Genuine Advantage
[2010/04/12 18:18:18 | 000,000,000 | ---D | C] -- C:\Program Files\Seagate
[2010/04/12 18:16:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/04/12 15:47:44 | 000,000,000 | ---D | C] -- C:\IExp1.tmp
[2010/04/12 15:47:41 | 000,000,000 | -H-D | C] -- C:\Windows\msdownld.tmp
[2010/04/12 15:47:41 | 000,000,000 | ---D | C] -- C:\Windows\RegisteredPackages
[2010/04/12 15:47:41 | 000,000,000 | ---D | C] -- C:\IExp0.tmp
[2010/04/12 15:47:34 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Components
[2010/04/11 09:39:28 | 000,000,000 | ---D | C] -- C:\Users\Fredb38\Documents\DVDVideoSoft
[2010/04/11 09:38:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2010/04/11 09:38:22 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2010/04/10 14:31:30 | 000,000,000 | ---D | C] -- C:\Users\Fredb38\AppData\Roaming\LimeWire
[2010/04/10 11:09:35 | 000,000,000 | ---D | C] -- C:\Users\Fredb38\LimeWire
[2010/04/07 20:18:36 | 000,000,000 | ---D | C] -- C:\Users\Fredb38\AppData\Local\Ashampoo Music Studio 3
[2010/04/06 08:08:51 | 000,000,000 | ---D | C] -- C:\Users\Fredb38\AppData\Roaming\vlc
[2010/04/03 22:53:08 | 000,000,000 | ---D | C] -- C:\Program Files\Avery Dennison
[2010/04/03 22:53:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Avery
[2010/04/03 22:37:13 | 000,000,000 | ---D | C] -- C:\Users\Fredb38\AppData\Roaming\BSplayer PRO
[2010/04/03 21:50:46 | 000,000,000 | ---D | C] -- C:\Users\Fredb38\AppData\Local\Targit
[2010/04/03 09:27:42 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/04/01 18:47:12 | 000,000,000 | ---D | C] -- C:\Program Files\Replay Music 3
[2010/04/01 18:47:12 | 000,000,000 | ---D | C] -- C:\Windows\Replay Music
[2010/03/30 21:09:14 | 000,000,000 | ---D | C] -- C:\ProgramData\GARMIN
[2010/03/30 21:08:59 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010/03/30 21:08:55 | 000,000,000 | ---D | C] -- C:\Program Files\Garmin
[2010/03/30 20:43:26 | 000,000,000 | ---D | C] -- C:\Users\Fredb38\Documents\My Garmin
[2010/03/30 20:43:25 | 000,000,000 | ---D | C] -- C:\Users\Fredb38\AppData\Roaming\GARMIN
[2010/03/30 20:39:08 | 000,000,000 | ---D | C] -- C:\Garmin
[2010/03/30 18:49:48 | 000,114,688 | ---- | C] (Striata Communication Solutions) -- C:\Windows\keymail.dll
[2010/03/28 09:15:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Solveig Multimedia
[2010/03/28 03:28:00 | 000,000,000 | ---D | C] -- C:\Users\Fredb38\AppData\Roaming\Blitware
[2010/03/27 11:52:15 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2010/03/25 14:40:15 | 000,626,688 | ---- | C] (On2.com) -- C:\Windows\System32\vp7vfw.dll
[2010/03/25 14:40:13 | 000,000,000 | ---D | C] -- C:\Program Files\VSO
[2010/03/24 10:58:22 | 000,000,000 | R-SD | C] -- C:\Users\Fredb38\Documents\My Stationery
[2010/03/24 10:54:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/03/24 10:53:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/03/24 10:53:28 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010/03/24 10:53:22 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2010/03/24 10:53:12 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/03/24 10:45:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2010/03/24 09:38:31 | 000,000,000 | ---D | C] -- C:\ProgramData\RegCure
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]

Fredb38 is offline  
Old 22nd June 2010   #9
Senior Member
THREAD STARTER
 
Profile:
Join Date: May 2003
Location: Omega, Ga
Posts: 179
Computer Experience:
Intermediate
Fredb38 Reputation Level

========== Files - Modified Within 90 Days ==========

[2010/06/22 00:01:52 | 003,932,160 | -HS- | M] () -- C:\Users\Fredb38\ntuser.dat
[2010/06/21 23:57:19 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Fredb38\Desktop\OTL.exe
[2010/06/21 23:48:01 | 000,015,152 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/21 23:48:01 | 000,015,152 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/21 23:41:00 | 000,000,480 | ---- | M] () -- C:\Windows\tasks\SDMsgUpdate (TE).job
[2010/06/21 23:41:00 | 000,000,480 | ---- | M] () -- C:\Windows\tasks\SDMsgUpdate (SD).job
[2010/06/21 23:40:50 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/21 23:40:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/06/21 23:40:41 | 2716,708,864 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/21 23:39:53 | 004,108,550 | -H-- | M] () -- C:\Users\Fredb38\AppData\Local\IconCache.db
[2010/06/21 23:31:38 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/06/21 23:31:31 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/06/21 23:04:04 | 000,000,784 | ---- | M] () -- C:\Users\Public\Desktop\Sothink Movie DVD Maker.lnk
[2010/06/21 23:04:04 | 000,000,784 | ---- | M] () -- C:\Users\Fredb38\Application Data\Microsoft\Internet Explorer\Quick Launch\Sothink Movie DVD Maker.lnk
[2010/06/21 22:59:44 | 000,000,836 | ---- | M] () -- C:\Users\Public\Desktop\ImTOO DVD Creator 6.lnk
[2010/06/21 22:59:44 | 000,000,836 | ---- | M] () -- C:\Users\Fredb38\Application Data\Microsoft\Internet Explorer\Quick Launch\ImTOO DVD Creator 6.lnk
[2010/06/21 22:12:48 | 000,001,041 | ---- | M] () -- C:\Users\Fredb38\AppData\Roaming\vso_ts_preview.xml
[2010/06/21 17:00:11 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\RegCure Program Check.job
[2010/06/20 20:09:00 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2010/06/20 20:04:43 | 000,015,944 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/06/20 09:52:46 | 000,019,501 | ---- | M] () -- C:\Windows\hpqins13.dat
[2010/06/20 09:52:24 | 000,002,125 | ---- | M] () -- C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk
[2010/06/20 09:50:28 | 000,019,104 | ---- | M] () -- C:\Windows\hpqins13.dat.temp
[2010/06/20 09:01:50 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\RegCure.job
[2010/06/20 08:57:57 | 000,299,424 | ---- | M] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll
[2010/06/20 08:51:03 | 000,000,651 | ---- | M] () -- C:\Users\Public\Desktop\PowerSuite.lnk
[2010/06/20 08:51:03 | 000,000,651 | ---- | M] () -- C:\Users\Fredb38\Application Data\Microsoft\Internet Explorer\Quick Launch\PowerSuite.lnk
[2010/06/20 08:25:29 | 000,000,679 | ---- | M] () -- C:\Users\Fredb38\Application Data\Microsoft\Internet Explorer\Quick Launch\RegCure.lnk
[2010/06/20 08:15:01 | 000,098,304 | RHS- | M] () -- C:\Windows\System32\nvcuvidb.dll
[2010/06/20 03:28:01 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\File Helper.job
[2010/06/18 08:03:08 | 000,065,536 | ---- | M] () -- C:\Users\Fredb38\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/15 19:59:16 | 000,000,712 | ---- | M] () -- C:\Users\Fredb38\Application Data\Microsoft\Internet Explorer\Quick Launch\Xilisoft Audio Maker 3.lnk
[2010/06/14 09:07:28 | 000,205,984 | ---- | M] () -- C:\Users\Fredb38\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/06/14 08:27:20 | 000,623,616 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/06/14 01:38:39 | 000,000,028 | ---- | M] () -- C:\Windows\v2d.INI
[2010/06/13 20:45:27 | 000,623,890 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/06/13 20:45:27 | 000,107,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/06/13 20:45:26 | 000,727,362 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/06/13 13:19:47 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/06/11 21:48:52 | 000,001,087 | ---- | M] () -- C:\Users\Fredb38\Desktop\SyncBackPro.lnk
[2010/06/10 23:18:18 | 000,001,788 | ---- | M] () -- C:\Users\Public\Desktop\Quicken Deluxe 2010.lnk
[2010/06/10 23:18:14 | 000,000,165 | ---- | M] () -- C:\Windows\QUICKEN.INI
[2010/06/10 19:43:57 | 000,023,127 | ---- | M] () -- C:\Windows\hpqins15.dat
[2010/06/10 07:59:10 | 000,001,107 | ---- | M] () -- C:\Users\Fredb38\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2010/06/10 00:38:17 | 000,000,534 | ---- | M] () -- C:\Windows\win.ini
[2010/06/09 08:54:30 | 000,000,406 | ---- | M] () -- C:\Windows\System32\ioloBootDefrag.cfg
[2010/06/09 08:49:21 | 000,074,703 | ---- | M] () -- C:\Windows\System32\mfc45.dll
[2010/06/08 00:09:04 | 000,002,741 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Event Planner Reminder 2010.lnk
[2010/06/04 12:24:09 | 000,000,789 | ---- | M] () -- C:\Users\Fredb38\Application Data\Microsoft\Internet Explorer\Quick Launch\Ashampoo ClipFisher.lnk
[2010/06/03 19:04:30 | 000,524,288 | -HS- | M] () -- C:\Users\Fredb38\ntuser.dat{48a0c722-6f60-11df-a3f7-001bb9a9776f}.TMContainer00000000000000000002.regtrans-ms
[2010/06/03 19:04:30 | 000,524,288 | -HS- | M] () -- C:\Users\Fredb38\ntuser.dat{48a0c722-6f60-11df-a3f7-001bb9a9776f}.TMContainer00000000000000000001.regtrans-ms
[2010/06/03 19:04:30 | 000,065,536 | -HS- | M] () -- C:\Users\Fredb38\ntuser.dat{48a0c722-6f60-11df-a3f7-001bb9a9776f}.TM.blf
[2010/06/03 19:03:03 | 000,345,328 | ---- | M] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
[2010/06/03 19:03:03 | 000,140,528 | ---- | M] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
[2010/06/03 19:02:59 | 000,357,576 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEP32A.dll
[2010/06/03 19:02:59 | 000,168,648 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEED32A.dll
[2010/06/03 19:02:59 | 000,076,488 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEL32A.dll
[2010/06/03 19:02:59 | 000,062,664 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEG32A.dll
[2010/06/03 19:02:58 | 000,293,584 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll
[2010/06/03 19:02:58 | 000,293,584 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll
[2010/05/22 07:41:06 | 000,000,376 | ---- | M] () -- C:\Windows\ODBC.INI
[2010/05/19 21:22:30 | 000,001,131 | ---- | M] () -- C:\Users\Fredb38\Application Data\Microsoft\Internet Explorer\Quick Launch\Ashampoo Photo Commander 8.lnk
[2010/05/12 22:01:04 | 000,047,360 | ---- | M] (VSO Software) -- C:\Users\Fredb38\AppData\Roaming\pcouffin.sys
[2010/05/12 22:01:04 | 000,007,887 | ---- | M] () -- C:\Users\Fredb38\AppData\Roaming\pcouffin.cat
[2010/05/12 22:01:04 | 000,001,144 | ---- | M] () -- C:\Users\Fredb38\AppData\Roaming\pcouffin.inf
[2010/05/12 22:01:02 | 000,001,186 | ---- | M] () -- C:\Users\Fredb38\Application Data\Microsoft\Internet Explorer\Quick Launch\ConvertXtoDVD 4.lnk
[2010/05/08 19:37:26 | 001,152,655 | ---- | M] () -- C:\Users\Fredb38\Big **** Round Asses - Carly Parker.wmv
[2010/05/04 22:25:47 | 000,000,757 | ---- | M] () -- C:\Users\Fredb38\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/28 11:35:32 | 000,000,726 | ---- | M] () -- C:\Users\Fredb38\Application Data\Microsoft\Internet Explorer\Quick Launch\OJOsoft Audio Converter.lnk
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\Windows\PEV.exe
[2010/04/25 00:17:02 | 000,020,487 | ---- | M] () -- C:\Users\Fredb38\Documents\test.sdr
[2010/04/21 20:52:38 | 000,000,834 | ---- | M] () -- C:\Users\Fredb38\Application Data\Microsoft\Internet Explorer\Quick Launch\ProShow Gold.lnk
[2010/04/21 20:35:33 | 000,000,002 | ---- | M] () -- C:\Users\Fredb38\tenmy.ini
[2010/04/21 19:35:06 | 000,108,137 | ---- | M] () -- C:\Windows\unins000.dat
[2010/04/21 19:35:05 | 000,010,750 | ---- | M] () -- C:\Windows\unins000.msg
[2010/04/21 19:33:59 | 000,708,432 | ---- | M] () -- C:\Windows\unins000.exe
[2010/04/21 14:11:49 | 000,000,766 | ---- | M] () -- C:\Users\Fredb38\Application Data\Microsoft\Internet Explorer\Quick Launch\Picture Collage Maker Pro.lnk
[2010/04/21 11:33:10 | 000,000,853 | ---- | M] () -- C:\Users\Fredb38\Application Data\Microsoft\Internet Explorer\Quick Launch\Ashampoo Slideshow Studio HD.lnk
[2010/04/20 22:29:41 | 000,025,778 | ---- | M] () -- C:\Users\Fredb38\Documents\metart.wlmp
[2010/04/20 21:54:37 | 000,000,020 | ---- | M] () -- C:\Windows\”úB
[2010/04/20 19:09:36 | 002,843,648 | ---- | M] () -- C:\Users\Fredb38\Documents\METART.ppt
[2010/04/20 18:52:59 | 002,844,672 | ---- | M] () -- C:\Users\Fredb38\Documents\METART.pps
[2010/04/18 10:29:47 | 005,149,496 | ---- | M] (Aimersoft Software ) -- C:\Users\Fredb38\Documents\download.exe
[2010/04/17 22:51:57 | 000,004,932 | ---- | M] () -- C:\ProgramData\kbkwknay.ayh
[2010/04/14 23:30:15 | 000,524,288 | -HS- | M] () -- C:\Users\Fredb38\ntuser.dat{38ad1690-483e-11df-a3b5-001bb9a9776f}.TMContainer00000000000000000002.regtrans-ms
[2010/04/14 23:30:15 | 000,524,288 | -HS- | M] () -- C:\Users\Fredb38\ntuser.dat{38ad1690-483e-11df-a3b5-001bb9a9776f}.TMContainer00000000000000000001.regtrans-ms
[2010/04/14 23:30:15 | 000,065,536 | -HS- | M] () -- C:\Users\Fredb38\ntuser.dat{38ad1690-483e-11df-a3b5-001bb9a9776f}.TM.blf
[2010/04/14 22:35:09 | 000,524,288 | -HS- | M] () -- C:\Users\Fredb38\ntuser.dat{08607ad4-4834-11df-a8fd-001bb9a9776f}.TMContainer00000000000000000002.regtrans-ms
[2010/04/14 22:35:09 | 000,524,288 | -HS- | M] () -- C:\Users\Fredb38\ntuser.dat{08607ad4-4834-11df-a8fd-001bb9a9776f}.TMContainer00000000000000000001.regtrans-ms
[2010/04/14 22:35:09 | 000,065,536 | -HS- | M] () -- C:\Users\Fredb38\ntuser.dat{08607ad4-4834-11df-a8fd-001bb9a9776f}.TM.blf
[2010/04/13 11:22:26 | 005,301,345 | ---- | M] () -- C:\Users\Fredb38\Documents\This is not my modification...pdf
[2010/04/12 15:47:13 | 000,000,760 | ---- | M] () -- C:\Users\Fredb38\Application Data\Microsoft\Internet Explorer\Quick Launch\Ashampoo Snap 3.lnk
[2010/04/09 22:56:55 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
[2010/04/09 22:56:55 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2010/04/09 17:51:44 | 000,049,682 | ---- | M] () -- C:\Users\Fredb38\Documents\cc_20100409_175130.reg
[2010/04/09 11:03:50 | 000,001,167 | ---- | M] () -- C:\Users\Fredb38\Application Data\Microsoft\Internet Explorer\Quick Launch\Ashampoo Music Studio 3.lnk
[2010/04/09 09:45:23 | 000,001,191 | ---- | M] () -- C:\Users\Fredb38\Application Data\Microsoft\Internet Explorer\Quick Launch\Ashampoo Burning Studio 9.lnk
[2010/03/31 11:48:55 | 000,410,624 | ---- | M] () -- C:\Users\Fredb38\Documents\easter.hmk
[2010/03/30 18:49:48 | 000,114,688 | ---- | M] (Striata Communication Solutions) -- C:\Windows\keymail.dll
[2010/03/27 13:21:08 | 000,000,008 | ---- | M] () -- C:\Users\Fredb38\ntuser.pol
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/21 23:24:30 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/06/21 23:24:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/06/21 23:24:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/06/21 23:24:30 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/06/21 23:24:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/06/21 22:59:44 | 000,000,836 | ---- | C] () -- C:\Users\Public\Desktop\ImTOO DVD Creator 6.lnk
[2010/06/21 22:59:44 | 000,000,836 | ---- | C] () -- C:\Users\Fredb38\Application Data\Microsoft\Internet Explorer\Quick Launch\ImTOO DVD Creator 6.lnk
[2010/06/21 22:31:36 | 000,000,784 | ---- | C] () -- C:\Users\Public\Desktop\Sothink Movie DVD Maker.lnk
[2010/06/21 22:31:36 | 000,000,784 | ---- | C] () -- C:\Users\Fredb38\Application Data\Microsoft\Internet Explorer\Quick Launch\Sothink Movie DVD Maker.lnk
[2010/06/20 20:04:42 | 000,015,944 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/06/20 09:52:24 | 000,002,125 | ---- | C] () -- C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk
[2010/06/20 09:50:28 | 000,019,104 | ---- | C] () -- C:\Windows\hpqins13.dat.temp
[2010/06/20 08:51:03 | 000,000,651 | ---- | C] () -- C:\Users\Public\Desktop\PowerSuite.lnk
[2010/06/20 08:51:03 | 000,000,651 | ---- | C] () -- C:\Users\Fredb38\Application Data\Microsoft\Internet Explorer\Quick Launch\PowerSuite.lnk
[2010/06/20 08:26:01 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\RegCure Program Check.job
[2010/06/20 08:26:01 | 000,000,376 | ---- | C] () -- C:\Windows\tasks\RegCure.job
[2010/06/20 08:25:29 | 000,000,679 | ---- | C] () -- C:\Users\Fredb38\Application Data\Microsoft\Internet Explorer\Quick Launch\RegCure.lnk
[2010/06/20 08:15:01 | 000,098,304 | RHS- | C] () -- C:\Windows\System32\nvcuvidb.dll
[2010/06/15 19:59:16 | 000,000,712 | ---- | C] () -- C:\Users\Fredb38\Application Data\Microsoft\Internet Explorer\Quick Launch\Xilisoft Audio Maker 3.lnk
[2010/06/14 01:38:39 | 000,000,028 | ---- | C] () -- C:\Windows\v2d.INI
[2010/06/14 00:23:59 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2010/06/13 13:19:47 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/06/10 23:18:17 | 000,001,788 | ---- | C] () -- C:\Users\Public\Desktop\Quicken Deluxe 2010.lnk
[2010/06/10 19:42:22 | 000,023,127 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/06/09 08:54:30 | 000,000,406 | ---- | C] () -- C:\Windows\System32\ioloBootDefrag.cfg
[2010/06/09 08:49:21 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll
[2010/06/04 12:24:09 | 000,000,789 | ---- | C] () -- C:\Users\Fredb38\Application Data\Microsoft\Internet Explorer\Quick Launch\Ashampoo ClipFisher.lnk
[2010/06/03 19:10:08 | 000,019,501 | ---- | C] () -- C:\Windows\hpqins13.dat
[2010/06/03 18:40:13 | 000,524,288 | -HS- | C] () -- C:\Users\Fredb38\ntuser.dat{48a0c722-6f60-11df-a3f7-001bb9a9776f}.TMContainer00000000000000000002.regtrans-ms
[2010/06/03 18:40:13 | 000,524,288 | -HS- | C] () -- C:\Users\Fredb38\ntuser.dat{48a0c722-6f60-11df-a3f7-001bb9a9776f}.TMContainer00000000000000000001.regtrans-ms
[2010/06/03 18:40:13 | 000,065,536 | -HS- | C] () -- C:\Users\Fredb38\ntuser.dat{48a0c722-6f60-11df-a3f7-001bb9a9776f}.TM.blf
[2010/05/19 21:22:30 | 000,001,131 | ---- | C] () -- C:\Users\Fredb38\Application Data\Microsoft\Internet Explorer\Quick Launch\Ashampoo Photo Commander 8.lnk
[2010/05/12 22:01:02 | 000,001,186 | ---- | C] () -- C:\Users\Fredb38\Application Data\Microsoft\Internet Explorer\Quick Launch\ConvertXtoDVD 4.lnk
[2010/05/08 19:37:18 | 001,152,655 | ---- | C] () -- C:\Users\Fredb38\Big **** Round Asses - Carly Parker.wmv
[2010/05/08 15:43:56 | 000,119,296 | -HS- | C] () -- C:\Users\Fredb38\Thumbs.db
[2010/05/04 22:25:47 | 000,000,757 | ---- | C] () -- C:\Users\Fredb38\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2010/04/28 11:35:32 | 000,000,726 | ---- | C] () -- C:\Users\Fredb38\Application Data\Microsoft\Internet Explorer\Quick Launch\OJOsoft Audio Converter.lnk
[2010/04/27 19:33:20 | 000,129,024 | ---- | C] () -- C:\Windows\System32\AVERM.dll
[2010/04/27 19:33:10 | 000,028,672 | ---- | C] () -- C:\Windows\System32\AVEQT.dll
[2010/04/25 00:38:47 | 000,000,480 | ---- | C] () -- C:\Windows\tasks\SDMsgUpdate (TE).job
[2010/04/25 00:21:24 | 000,000,480 | ---- | C] () -- C:\Windows\tasks\SDMsgUpdate (SD).job
[2010/04/24 22:57:37 | 000,020,487 | ---- | C] () -- C:\Users\Fredb38\Documents\test.sdr
[2010/04/21 20:52:38 | 000,000,834 | ---- | C] () -- C:\Users\Fredb38\Application Data\Microsoft\Internet Explorer\Quick Launch\ProShow Gold.lnk
[2010/04/21 20:35:33 | 000,000,002 | ---- | C] () -- C:\Users\Fredb38\tenmy.ini
[2010/04/21 19:35:05 | 000,010,750 | ---- | C] () -- C:\Windows\unins000.msg
[2010/04/21 19:34:55 | 000,708,432 | ---- | C] () -- C:\Windows\unins000.exe
[2010/04/21 19:34:55 | 000,108,137 | ---- | C] () -- C:\Windows\unins000.dat
[2010/04/21 11:33:10 | 000,000,853 | ---- | C] () -- C:\Users\Fredb38\Application Data\Microsoft\Internet Explorer\Quick Launch\Ashampoo Slideshow Studio HD.lnk
[2010/04/20 22:29:41 | 000,025,778 | ---- | C] () -- C:\Users\Fredb38\Documents\metart.wlmp
[2010/04/20 21:54:36 | 000,000,020 | ---- | C] () -- C:\Windows\”úB
[2010/04/20 16:30:45 | 002,844,672 | ---- | C] () -- C:\Users\Fredb38\Documents\METART.pps
[2010/04/20 15:32:24 | 002,843,648 | ---- | C] () -- C:\Users\Fredb38\Documents\METART.ppt
[2010/04/17 22:51:57 | 000,004,932 | ---- | C] () -- C:\ProgramData\kbkwknay.ayh
[2010/04/14 23:23:42 | 000,524,288 | -HS- | C] () -- C:\Users\Fredb38\ntuser.dat{38ad1690-483e-11df-a3b5-001bb9a9776f}.TMContainer00000000000000000002.regtrans-ms
[2010/04/14 23:23:42 | 000,524,288 | -HS- | C] () -- C:\Users\Fredb38\ntuser.dat{38ad1690-483e-11df-a3b5-001bb9a9776f}.TMContainer00000000000000000001.regtrans-ms
[2010/04/14 23:23:42 | 000,065,536 | -HS- | C] () -- C:\Users\Fredb38\ntuser.dat{38ad1690-483e-11df-a3b5-001bb9a9776f}.TM.blf
[2010/04/14 22:27:45 | 000,524,288 | -HS- | C] () -- C:\Users\Fredb38\ntuser.dat{08607ad4-4834-11df-a8fd-001bb9a9776f}.TMContainer00000000000000000002.regtrans-ms
[2010/04/14 22:27:45 | 000,524,288 | -HS- | C] () -- C:\Users\Fredb38\ntuser.dat{08607ad4-4834-11df-a8fd-001bb9a9776f}.TMContainer00000000000000000001.regtrans-ms
[2010/04/14 22:27:45 | 000,065,536 | -HS- | C] () -- C:\Users\Fredb38\ntuser.dat{08607ad4-4834-11df-a8fd-001bb9a9776f}.TM.blf
[2010/04/13 11:22:26 | 005,301,345 | ---- | C] () -- C:\Users\Fredb38\Documents\This is not my modification...pdf
[2010/04/12 15:47:13 | 000,000,760 | ---- | C] () -- C:\Users\Fredb38\Application Data\Microsoft\Internet Explorer\Quick Launch\Ashampoo Snap 3.lnk
[2010/04/09 22:55:01 | 000,001,908 | ---- | C] () -- C:\Windows\diagwrn.xml
[2010/04/09 22:55:01 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
[2010/04/09 17:51:34 | 000,049,682 | ---- | C] () -- C:\Users\Fredb38\Documents\cc_20100409_175130.reg
[2010/04/09 11:03:50 | 000,001,167 | ---- | C] () -- C:\Users\Fredb38\Application Data\Microsoft\Internet Explorer\Quick Launch\Ashampoo Music Studio 3.lnk
[2010/04/09 09:45:23 | 000,001,191 | ---- | C] () -- C:\Users\Fredb38\Application Data\Microsoft\Internet Explorer\Quick Launch\Ashampoo Burning Studio 9.lnk
[2010/04/01 18:48:25 | 000,006,329 | ---- | C] () -- C:\Users\Fredb38\AppData\Roaming\ReplayMusicLog.log
[2010/03/31 11:48:55 | 000,410,624 | ---- | C] () -- C:\Users\Fredb38\Documents\easter.hmk
[2010/03/25 15:21:08 | 000,000,008 | ---- | C] () -- C:\Users\Fredb38\ntuser.pol
[2010/03/11 02:19:20 | 000,017,408 | ---- | C] () -- C:\Windows\System32\SyncBackPro.dll
[2010/03/10 20:35:38 | 000,000,165 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2010/03/10 20:26:15 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/02/21 04:48:22 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/09/16 19:27:58 | 000,508,224 | ---- | C] () -- C:\Windows\System32\ICCProfiles.dll
[2009/08/16 10:08:36 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/08 17:42:40 | 001,048,576 | ---- | C] () -- C:\Windows\System32\HDX4MediaConverter2.dll
[2009/05/29 15:52:26 | 000,204,800 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/05/29 15:47:06 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2007/02/05 19:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/06/10 00:21:35 | 000,000,000 | ---D | M] -- C:\Users\Fredb38\AppData\Roaming\1st Free Solitaire
[2010/04/28 22:22:58 | 000,000,000 | ---D | M] -- C:\Users\Fredb38\AppData\Roaming\AQUATRA
[2010/05/19 16:02:58 | 000,000,000 | ---D | M] -- C:\Users\Fredb38\AppData\Roaming\Ashampoo
[2010/05/06 17:14:37 | 000,000,000 | ---D | M] -- C:\Users\Fredb38\AppData\Roaming\Blitware
[2010/04/03 22:38:55 | 000,000,000 | ---D | M] -- C:\Users\Fredb38\AppData\Roaming\BSplayer PRO
[2010/04/07 09:50:43 | 000,000,000 | ---D | M] -- C:\Users\Fredb38\AppData\Roaming\Downloaded Installations
[2010/03/10 19:56:58 | 000,000,000 | ---D | M] -- C:\Users\Fredb38\AppData\Roaming\ESET
[2010/03/30 21:46:00 | 000,000,000 | ---D | M] -- C:\Users\Fredb38\AppData\Roaming\GARMIN
[2010/05/04 22:40:12 | 000,000,000 | ---D | M] -- C:\Users\Fredb38\AppData\Roaming\ImgBurn
[2010/06/21 22:59:55 | 000,000,000 | ---D | M] -- C:\Users\Fredb38\AppData\Roaming\ImTOO
[2010/03/11 23:09:11 | 000,000,000 | ---D | M] -- C:\Users\Fredb38\AppData\Roaming\ImTOO Software Studio
[2010/06/09 09:02:57 | 000,000,000 | ---D | M] -- C:\Users\Fredb38\AppData\Roaming\iolo
[2010/06/03 18:38:39 | 000,000,000 | ---D | M] -- C:\Users\Fredb38\AppData\Roaming\IrfanView
[2010/06/05 20:52:46 | 000,000,000 | ---D | M] -- C:\Users\Fredb38\AppData\Roaming\LimeWire
[2010/04/22 13:39:07 | 000,000,000 | ---D | M] -- C:\Users\Fredb38\AppData\Roaming\Morpheus Software
[2010/04/28 22:17:41 | 000,000,000 | ---D | M] -- C:\Users\Fredb38\AppData\Roaming\NCH Swift Sound
[2010/03/11 14:12:52 | 000,000,000 | ---D | M] -- C:\Users\Fredb38\AppData\Roaming\Netscape
[2010/06/20 08:53:10 | 000,000,000 | ---D | M] -- C:\Users\Fredb38\AppData\Roaming\Nitro PDF
[2010/03/11 14:01:26 | 000,000,000 | ---D | M] -- C:\Users\Fredb38\AppData\Roaming\Photodex
[2010/06/13 20:50:00 | 000,000,000 | ---D | M] -- C:\Users\Fredb38\AppData\Roaming\SanDisk
[2010/04/24 11:09:54 | 000,000,000 | ---D | M] -- C:\Users\Fredb38\AppData\Roaming\Serif
[2010/04/24 22:40:54 | 000,000,000 | ---D | M] -- C:\Users\Fredb38\AppData\Roaming\SmartDraw
[2010/03/11 00:45:48 | 000,000,000 | ---D | M] -- C:\Users\Fredb38\AppData\Roaming\Softland
[2010/03/12 16:02:43 | 000,000,000 | ---D | M] -- C:\Users\Fredb38\AppData\Roaming\SoftMaker
[2010/06/18 12:09:03 | 000,000,000 | ---D | M] -- C:\Users\Fredb38\AppData\Roaming\SuperEasy Software
[2010/05/07 18:06:50 | 000,000,000 | ---D | M] -- C:\Users\Fredb38\AppData\Roaming\Thinstall
[2010/06/03 18:55:41 | 000,000,000 | ---D | M] -- C:\Users\Fredb38\AppData\Roaming\Uniblue
[2010/04/26 15:46:37 | 000,000,000 | ---D | M] -- C:\Users\Fredb38\AppData\Roaming\Unigraphics Solutions
[2010/06/21 23:37:12 | 000,000,000 | ---D | M] -- C:\Users\Fredb38\AppData\Roaming\uTorrent
[2010/06/21 20:50:18 | 000,000,000 | ---D | M] -- C:\Users\Fredb38\AppData\Roaming\Vso
[2010/06/14 08:58:51 | 000,000,000 | ---D | M] -- C:\Users\Fredb38\AppData\Roaming\Win7codecs
[2010/05/08 15:40:03 | 000,000,000 | ---D | M] -- C:\Users\Fredb38\AppData\Roaming\WinAVI
[2010/06/21 20:33:03 | 000,000,000 | ---D | M] -- C:\Users\Fredb38\AppData\Roaming\Xilisoft
[2010/03/11 23:47:35 | 000,000,000 | ---D | M] -- C:\Users\Fredb38\AppData\Roaming\Xilisoft Corporation
[2010/06/20 03:28:01 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\File Helper.job
[2010/06/21 17:00:11 | 000,000,394 | ---- | M] () -- C:\Windows\Tasks\RegCure Program Check.job
[2010/06/20 09:01:50 | 000,000,376 | ---- | M] () -- C:\Windows\Tasks\RegCure.job
[2010/06/09 20:57:40 | 000,032,566 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/06/21 23:41:00 | 000,000,480 | ---- | M] () -- C:\Windows\Tasks\SDMsgUpdate (SD).job
[2010/06/21 23:41:00 | 000,000,480 | ---- | M] () -- C:\Windows\Tasks\SDMsgUpdate (TE).job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010/06/20 08:15:01 | 000,098,304 | RHS- | M] () Unable to obtain MD5 -- C:\Windows\System32\nvcuvidb.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

========== Alternate Data Streams ==========

@Alternate Data Stream - 194 bytes -> C:\ProgramData\TEMP:21654C57
@Alternate Data Stream - 190 bytes -> C:\ProgramData\TEMP:4BF2F6B5

< End of report >

Fredb38 is offline  
Old 22nd June 2010   #10
Senior Member
THREAD STARTER
 
Profile:
Join Date: May 2003
Location: Omega, Ga
Posts: 179
Computer Experience:
Intermediate
Fredb38 Reputation Level

OTL Extras logfile created on: 6/22/2010 12:00:44 AM - Run 1
OTL by OldTimer - Version 3.2.6.1 Folder = C:\Users\Fredb38\Desktop
Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 75.00% Memory free
6.00 Gb Paging File | 6.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 326.38 Gb Total Space | 272.64 Gb Free Space | 83.53% Space Free | Partition Type: NTFS
Drive D: | 8.87 Gb Total Space | 1.20 Gb Free Space | 13.58% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 465.76 Gb Total Space | 222.89 Gb Free Space | 47.85% Space Free | Partition Type: NTFS
Drive I: | 465.76 Gb Total Space | 337.75 Gb Free Space | 72.52% Space Free | Partition Type: NTFS
Drive J: | 931.51 Gb Total Space | 345.15 Gb Free Space | 37.05% Space Free | Partition Type: NTFS

Computer Name: FREDB38-PC
Current User Name: Fredb38
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y &amp;&amp; icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{08F32589-5E39-42B8-8BC5-6A8126ED2A70}" = Microsoft Visual C++ 2008 Redistributable Package
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{13d868cf-47e9-4b3d-9366-a0c60f82e5aa}" = Striata Reader
"{17016DA1-F040-4032-BD36-34DD317BC9D5}" = HP Photosmart All-In-One Driver Software 13.0 Rel. A
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2A33BA1B-C1E5-4DC5-B702-16C950DE1664}" = Backup4all Professional 4
"{2A7EF808-14F3-4E93-BE3A-1675EE5332A4}" = AIO_CDA_ProductContext
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3260D61B-DCA6-4ec6-8A41-DCCE01BC6EE4}" = c4100_Help
"{374256A0-EAA2-012B-AD60-000000000000}" = TurboTax 2009 wgaiper
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{409370D3-226D-412A-852A-F134B89F7116}" = ArcSoft Collage Creator
"{423D8FBE-EC52-40FD-B2A0-8C9C8F973FD7}" = Microsoft Research AutoCollage 2008 version 1.1
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{47CB8B6B-49DF-4058-AC2B-1596E3BE63EA}" = Garmin City Navigator North America 2009
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4D92FD47-5138-48D2-B68B-9D0CCFA21CD7}" = Movavi Video Converter 9
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4F94119D-1B71-400e-9F04-B4E5CEAE71F8}_is1" = Sothink Movie DVD Maker
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{58FA5D40-E35A-47ED-8AFA-68CCC758559E}" = Garmin MapSource
"{5BCC634A-58AD-42F9-B3C6-2EA52F81CF85}" = Snagit 10
"{601BE80D-247B-4084-94C7-7A54369DB7A2}" = Hallmark Card Studio 2010 Deluxe
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BB6C057-7D23-4516-8001-635D432A78D5}" = 2010 Hallmark Mother's/Father's Day Card Pack
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D308A90-6C14-4A02-9B04-CB0EF17894A9}_is1" = Picture Collage Maker Pro 2.2.5
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{793A260C-CDBF-499C-ABBA-B51E8E076867}_is1" = Uniblue PowerSuite
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-00D1-0409-0000-0000000FF1CE}" = Microsoft Office Access database engine 2007 (English)
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{A0B0BCE9-2994-36F2-BE66-D23C884372E8}" = Visual C++ 9.0 OpenMP (x86) WinSXS MSM
"{A7AEE29F-839E-46B5-B347-6D430618129F}" = AIO_CDA_Software
"{AA2EBBCC-4E3B-3442-865E-7BB3E9F45F0C}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{B158F76F-76AB-4115-A4F0-4C6EF6956093}_is1" = VirtualDubMOD 1.5.10.3 US
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6916E4B-FD07-47E7-B906-B3F734F08E29}" = C4100
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C21C71CB-3E5C-401C-91D2-DEDACDB26BAF}" = ESET Smart Security
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C82185E8-C27B-4EF4-2010-4444BC2C2B6D}" = Microsoft Streets & Trips 2010
"{C8793276-2F36-454A-A524-9957B979FDE1}" = SceneGrabber.NET
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}" = Quicken 2010
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{D3E72DA8-8467-4DAB-961F-A5B7989B09F0}" = Collage Maker
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.9.322
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1" = Uniblue SpeedUpMyPC
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster
"{E8972F40-874D-4FA6-A6F4-52A8C99D8DDA}" = Serif PhotoPlus X3
"{E9E13063-C8E2-4D39-8F6B-5FE5D2EAD0E5}" = Nitro PDF Professional
"{EB5BA578-FF7F-3863-8E53-7A003222B7FC}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{EB6C11E5-449C-3BA3-9086-80B18BCFF947}" = Visual C++ 9.0 OpenMP (x86) WinSXS MSM
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FB98D390-54A4-4CD1-93D3-FBC96A6F07A3}" = DesignPro 5
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1STFREE_is1" = 1st Free Solitaire 1.7.1
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Aimersoft Audio Converter_is1" = Aimersoft Audio Converter(Build 2.2.0.37)
"Aimersoft DVD Copy_is1" = Aimersoft DVD Copy(Build 2.0.0.16)
"Aimersoft DVD Creator_is1" = Aimersoft DVD Creator(Build 2.1.1.0)
"Aimersoft DVD Ripper_is1" = Aimersoft DVD Ripper(Build 2.2.0.27)
"Aimersoft DVD Studio Pack_is1" = Aimersoft DVD Studio Pack(Build 2.2.0.19)
"Aimersoft Video Converter_is1" = Aimersoft Video Converter(Build 2.2.0.19)
"Ashampoo Burning Studio 10_is1" = Ashampoo Burning Studio 10.0.1
"Ashampoo Burning Studio 9 Theme Pack_is1" = Ashampoo Burning Studio 9 Theme Pack
"Ashampoo Burning Studio 9_is1" = Ashampoo Burning Studio 9.21
"Ashampoo ClipFisher_is1" = Ashampoo ClipFisher1.21
"Ashampoo Music Studio 3_is1" = Ashampoo Music Studio 3 3.51
"Ashampoo Photo Commander 8_is1" = Ashampoo Photo Commander 8.0.0
"Ashampoo Slideshow Studio HD_is1" = Ashampoo Slideshow Studio HD 1.0.3
"Ashampoo Snap 3_is1" = Ashampoo Snap 3.40
"Audacity_is1" = Audacity 1.2.6
"AviSynth" = AviSynth 2.5
"AVS Audio Converter 6.1_is1" = AVS Audio Converter version 6.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS YouTube Uploader 2.1_is1" = AVS YouTube Uploader version 2.1
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"CCleaner" = CCleaner
"CDex" = CDex - Open Source Digital Audio CD Extractor
"Cool MP3 Splitter_is1" = Cool MP3 Splitter 3.0
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"ffdshow_is1" = ffdshow [rev 2583] [2009-01-05]
"Foxit PDF Editor" = Foxit PDF Editor
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.3
"HaaliMkx" = Haali Media Splitter
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"ImgBurn" = ImgBurn
"ImTOO DVD Creator 6" = ImTOO DVD Creator 6
"InstallShield_{FB98D390-54A4-4CD1-93D3-FBC96A6F07A3}" = DesignPro 5
"IrfanView" = IrfanView (remove only)
"Karen's Directory Printer" = Karen's Directory Printer
"LimeWire" = LimeWire PRO 4.18.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mindful2_is1" = Mindful version 2
"Morpheus Photo Animation Suite_is1" = Morpheus Photo Animation Suite v3.11
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"mp3Tag Update trial to full_is1" = mp3Tag 5.9.0.406
"NVIDIA Drivers" = NVIDIA Drivers
"OJOsoft Audio Converter_is1" = OJOsoft Audio Converter
"OJOsoft Total Video Converter_is1" = OJOsoft Total Video Converter
"Photodex Presenter" = Photodex Presenter
"Picasa 3" = Picasa 3
"Prism" = Prism Video Converter
"ProShow Gold" = ProShow Gold
"RegCure" = RegCure
"Shop for HP Supplies" = Shop for HP Supplies
"SyncBackPro_is1" = SyncBackPro
"Trailer Life Directory Campground Navigator 2009_is1" = Trailer Life Directory Campground Navigator 2009 - SP1
"TurboTax 2009" = TurboTax 2009
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"Ultra Video Joiner_is1" = Ultra Video Joiner 5.2.0108
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"Video-AVI to GIF-JPEG" = Video-AVI to GIF-JPEG 3.1
"VLC media player" = VLC media player 1.0.5
"WinAVI Video Converter 10.1_is1" = WinAVI Video Converter
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xilisoft Audio Maker" = Xilisoft Audio Maker
"Xvid_is1" = Xvid 1.2.2 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Sansa Updater" = Sansa Updater

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Fredb38 is offline  
Old 22nd June 2010   #11
Malware Analyst
 
broni's Avatar
 
Profile:
Join Date: Aug 2002
Location: Daly City, CA
Posts: 19,856
Computer Experience:
intermediate
broni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Level

My System
How about?
Quote:
I strongly suggest, you uninstall RegCure. Registry tools are not recommended and here is why: http://miekiemoes.blogspot.com/2008/...eaking_13.html

How is redirection issue?

broni is offline  
Old 22nd June 2010   #12
Senior Member
THREAD STARTER
 
Profile:
Join Date: May 2003
Location: Omega, Ga
Posts: 179
Computer Experience:
Intermediate
Fredb38 Reputation Level

Your address didn't work for me
Page not found
Sorry, the page you were looking for in the blog miekiemoes' Blog does not exist.

Fredb38 is offline  
Old 22nd June 2010   #13
Malware Analyst
 
broni's Avatar
 
Profile:
Join Date: Aug 2002
Location: Daly City, CA
Posts: 19,856
Computer Experience:
intermediate
broni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Level

My System
It works fine for me, but anyway, here:

Quote:
Registry Cleaners and System Tweaking Tools


I am still wondering why so many people use Registry Cleaners and System Tweaking Tools while they don't even understand what the Windows Registry is, and/or don't understand Windows basics.

"Fix errors now!" and "Make your Windows fast again!", that's how all these tools are advertised.
People download and install it - click the "Fix it all" - Button (since many of these tools have such button available) and then notice that suddenly some programs won't work anymore, errors appear and in worst case, their Windows won't boot anymore...

Yes, I've seen it all... and many still won't believe that this may be a result of these tweaking tools, because after all, they are "supposed" to improve system performance, prevent errors and make a system more stable. Huh?
In most cases, people don't have any problems in the first place - but want to use these tools anyway.

I have to admit that there are some good "tweaking tools" around as well, but you shouldn't use these if you don't have basic knowledge about the registry and Windows in general. Only delete keys if you're certain that they can be deleted. Disable services if you're certain that you don't need them, let it set policies if you understand what they do etc..

Registry Cleaning won't really improve system speed anyway. Even though there are a lot of orphaned keys/values present, you won't notice a difference in system speed. The only difference you'll notice is when you actually search in your registry - but how many people do this?

On the contrary, as a matter of fact, if you "clean" the registry frequently, it actually becomes more fragmented after a while - and *that may* result in slower system performance, although you won't notice much difference.
I rather prefer to have a lot of orphaned keys in the registry, instead of keys/values that were deleted by a registry cleaner, which were not supposed to be deleted in the first place. And that's the risk of these Registry Cleaners, because many list keys/values as orphaned or unneeded while they are actually needed.
After all, a broken registry is a broken Windows.



The same goes for tweaking tools. Tools where you can select to disable certain services and add certain policies. The "Fix it all" button is also available in most cases, or an option where you can check/select several settings - and the more settings present, the more people believe that checking/selecting them all will result in a superfast computer...
Oh yes, check them all .... and complain aftwards:

* "Help! I'm having problems with Windows updates/Automatic Updates!"

Yes, because you disabled BITS, you disabled Automatic updates, or you have set some restrictive policies related with Windows update

"Help! My add/remove programs list is empty!"

Yes, because some Registry Cleaners unfortunately delete the Uninstall key in the registry - reference here. Only new programs installed will be listed there... (See picture above)

And so many more... Check out this thread for more opinions.
So, don't use them if you don't understand these tools.

After all, Don't fix when it ain't broken!

broni is offline  
Old 22nd June 2010   #14
Senior Member
THREAD STARTER
 
Profile:
Join Date: May 2003
Location: Omega, Ga
Posts: 179
Computer Experience:
Intermediate
Fredb38 Reputation Level

Will do what you suggest.
Is their anything else I need to do or did you fix my problem
Clicked on : http://miekiemoes.blogspot.com/2008/...eaking_13.html and it goes to the web site but can't find the page. This is what I get

Page not found
Sorry, the page you were looking for in the blog miekiemoes' Blog does not exist.

Go to blog homepage

Home | Features | About | Buzz | Help | Discuss | Language | Developers | Gear
Terms of Service | Privacy | Content Policy | Copyright © 1999 – 2010 Google

Fredb38 is offline  
Old 22nd June 2010   #15
Malware Analyst
 
broni's Avatar
 
Profile:
Join Date: Aug 2002
Location: Daly City, CA
Posts: 19,856
Computer Experience:
intermediate
broni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Level

My System
We still have things to do, but you didn't answer my second question about redirection issue.

broni is offline  


 

THIS THREAD HAS EXPIRED.

Are you having the same problem? Please post a new thread, but first you'll have to join us by Registering (FREE).



Discussion Forums
Operating Systems
Windows 8 Windows 8
Windows 7 Windows 7
Windows Vista Windows Vista
Windows XP Windows XP
Windows Server System Windows Server System
Legacy Windows OS Legacy Windows OS
Internet & Networking
Networking (Hardware & Software) Networking
Internet Explorer Internet Explorer
Microsoft Mail Microsoft Mail
Firefox, Thunderbird & SeaMonkey Firefox, Thunderbird
      & SeaMonkey

Web Applications & Cloud Web Applications & Cloud
General Internet
Security
Malware and Virus Removal Malware and Virus
     Removal

Security and Privacy Security and Privacy

Other
Other PC Software Other PC Software
Test Posts Test Posts
Hardware
PC Hardware PC Hardware
Mobile Devices Mobile Devices
Community
Introductions Introductions
General Discussions General Discussions
Site Comments & Suggestions Site Comments
      & Suggestions

News News @ WindowsBBS

Thread Tools


Find us on Facebook   Web Of Trust Rating

All times are GMT. The time now is 10:42.


Recent Discussions
Impact of defrag command on SSD? (0)
Excel Macro help (1)
What is giveio.sys and how to get r.. (31)
Need shortcut/hotkey for MSDOS and .. (3)
My Passport Back Up and Remove data (2)
Brother QL500 labelmaker (3)
Extremely Slow File moving/copying/.. (10)
How do I stop Windows Explorer pers.. (7)
Microsoft July 2014 Security Bullet.. (1)
Microsoft August 2014 Security Bull.. (1)
IE slowed by latest updates. Fix av.. (0)
Latest MS patch causing BSOD (8)
Cannot mount Seagate to Router (13)
Proxy server on this computer (6)
Wrong CPU Installing (9)
Upgrading to Windows 8.1 can mean l.. (20)
Differences In DDR3 Ram (7)
SCCM - Seeking Command Line Help Fo.. (0)
Windows 8 apps not automatically up.. (7)
Backup Software Recommendation (9)


Donate!
Support Windows BBS!



Powered by vBulletin® Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO
Copyright © 2002 - 2013 WindowsBBS.com. All rights reserved.
FDMA Media LLC
Terms of Use, Legal Information & Privacy Policy
Page generated in 1.30807 seconds with 7 queries