Solved 2nd Computer - Very Sluggish and Possible Password Lead

mannclann · 2011/01/24

[Resolved] 2nd Computer - Very Sluggish and Possible Password Lead

Hi,

This is the second main computer we use to update the sites on our server. We have the same concern about a password leak and this specific computer is very sluggish.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5584

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

1/23/2011 8:15:13 PM
mbam-log-2011-01-23 (20-15-13).txt

Scan type: Quick scan
Objects scanned: 160277
Time elapsed: 5 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ( "%1" /S) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1 ") -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

MBRCheck, version 1.2.3(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 64-bit
Base Board Manufacturer: MSI
BIOS Manufacturer: Phoenix Technologies, LTD
System Manufacturer: HP-Pavilion
System Product Name: NC684AA-ABA a6750y
Logical Drives Mask: 0x000001fc

Kernel Drivers (total 154):
0x02059000 \SystemRoot\system32\ntoskrnl.exe
0x02013000 \SystemRoot\system32\hal.dll
0x00601000 \SystemRoot\system32\kdcom.dll
0x0060B000 \SystemRoot\system32\PSHED.dll
0x0061F000 \SystemRoot\system32\CLFS.SYS
0x0067C000 \SystemRoot\system32\CI.dll
0x0080A000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008E4000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x008F2000 \SystemRoot\system32\drivers\acpi.sys
0x00948000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00951000 \SystemRoot\system32\drivers\msisadrv.sys
0x0095B000 \SystemRoot\system32\drivers\pci.sys
0x0098B000 \SystemRoot\System32\drivers\partmgr.sys
0x009A0000 \SystemRoot\system32\drivers\volmgr.sys
0x0072E000 \SystemRoot\System32\drivers\volmgrx.sys
0x009B4000 \SystemRoot\system32\drivers\pciide.sys
0x009BB000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x009CB000 \SystemRoot\System32\drivers\mountmgr.sys
0x009DE000 \SystemRoot\system32\drivers\atapi.sys
0x00794000 \SystemRoot\system32\drivers\ataport.SYS
0x007B8000 \SystemRoot\system32\drivers\fltmgr.sys
0x00A0F000 \SystemRoot\system32\drivers\NISx64\1205000.07D\SYMDS64.SYS
0x00A80000 \SystemRoot\system32\drivers\fileinfo.sys
0x00A94000 \SystemRoot\system32\drivers\NISx64\1205000.07D\SYMEFA64.SYS
0x00B5D000 \SystemRoot\System32\Drivers\ksecdd.sys
0x00C06000 \SystemRoot\system32\drivers\ndis.sys
0x00E06000 \SystemRoot\system32\drivers\msrpc.sys
0x00E56000 \SystemRoot\system32\drivers\NETIO.SYS
0x0100E000 \SystemRoot\System32\drivers\tcpip.sys
0x01184000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01203000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01383000 \SystemRoot\system32\drivers\volsnap.sys
0x013C7000 \SystemRoot\System32\Drivers\spldr.sys
0x013CF000 \SystemRoot\System32\Drivers\mup.sys
0x011B0000 \SystemRoot\System32\drivers\ecache.sys
0x013E1000 \SystemRoot\system32\drivers\disk.sys
0x00EAF000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x013F5000 \SystemRoot\system32\drivers\crcdisk.sys
0x00EDB000 \SystemRoot\system32\drivers\ahcix64s.sys
0x00F29000 \SystemRoot\system32\drivers\storport.sys
0x01000000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x011F4000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x00FD4000 \SystemRoot\system32\DRIVERS\processr.sys
0x05201000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x0587A000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x0595D000 \SystemRoot\System32\drivers\watchdog.sys
0x0596D000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x0597F000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x059C2000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x059DE000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x05A09000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x05A4F000 \SystemRoot\system32\DRIVERS\usbfilter.sys
0x05A59000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x05A5B000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x05A6C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x05B59000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x05B6F000 \SystemRoot\system32\DRIVERS\PS2.sys
0x05B78000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x05B86000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x05BBF000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x05BCC000 \SystemRoot\System32\Drivers\RootMdm.sys
0x05BD4000 \SystemRoot\system32\drivers\modem.sys
0x00DC9000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x05BE3000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x05C02000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x05C33000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x05C43000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x05C61000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x05C79000 \SystemRoot\system32\DRIVERS\RimSerial_AMD64.sys
0x05C81000 \SystemRoot\system32\DRIVERS\termdd.sys
0x05C94000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x05CA0000 \SystemRoot\system32\DRIVERS\swenum.sys
0x05CA2000 \SystemRoot\system32\DRIVERS\ks.sys
0x05CD6000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x05CE1000 \SystemRoot\system32\DRIVERS\umbus.sys
0x05CF1000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x05D39000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x07002000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x0716F000 \SystemRoot\system32\drivers\portcls.sys
0x071AA000 \SystemRoot\system32\drivers\drmk.sys
0x071CD000 \SystemRoot\system32\drivers\ksthunk.sys
0x071D3000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x071DD000 \SystemRoot\System32\Drivers\Null.SYS
0x071F1000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x05D4D000 \SystemRoot\System32\drivers\vga.sys
0x05D5B000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x071E6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x05D80000 \SystemRoot\system32\drivers\rdpencdd.sys
0x05D89000 \SystemRoot\System32\Drivers\Msfs.SYS
0x05D94000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x05D9D000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x05DAF000 \SystemRoot\System32\Drivers\Npfs.SYS
0x05DC0000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x05DCB000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x05DD4000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x07204000 \SystemRoot\system32\DRIVERS\tdx.sys
0x07221000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x07239000 \SystemRoot\System32\Drivers\NISx64\1205000.07D\SYMTDIV.SYS
0x072AC000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x072B7000 \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
0x072ED000 \SystemRoot\system32\DRIVERS\netr7364.sys
0x0738C000 \SystemRoot\system32\DRIVERS\smb.sys
0x0760C000 \SystemRoot\system32\drivers\afd.sys
0x07677000 \SystemRoot\System32\DRIVERS\netbt.sys
0x076BB000 \SystemRoot\system32\DRIVERS\pacer.sys
0x076D9000 \SystemRoot\system32\DRIVERS\netbios.sys
0x076E8000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x07703000 \SystemRoot\system32\drivers\NISx64\1205000.07D\Ironx64.SYS
0x07730000 \SystemRoot\system32\drivers\NISx64\1205000.07D\SRTSPX64.SYS
0x07746000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x07793000 \SystemRoot\system32\drivers\nsiproxy.sys
0x07805000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110120.001\IDSvia64.sys
0x07880000 \??\C:\Windows\system32\drivers\elrawdsk.sys
0x0788A000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
0x07900000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x07925000 \SystemRoot\System32\Drivers\dfsc.sys
0x07A08000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110114.001\BHDrvx64.sys
0x07AF5000 \SystemRoot\System32\Drivers\crashdmp.sys
0x07B03000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x07B0D000 \SystemRoot\System32\Drivers\dump_ahcix64s.sys
0x00070000 \SystemRoot\System32\win32k.sys
0x07B5B000 \SystemRoot\System32\drivers\Dxapi.sys
0x07B67000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00430000 \SystemRoot\System32\TSDDD.dll
0x00680000 \SystemRoot\System32\cdd.dll
0x00870000 \SystemRoot\System32\ATMFD.DLL
0x07B7A000 \SystemRoot\system32\drivers\luafv.sys
0x07B9C000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x07BB0000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x07BE4000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x07942000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x0795A000 \SystemRoot\system32\drivers\HTTP.sys
0x0779F000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x077C8000 \SystemRoot\system32\DRIVERS\bowser.sys
0x077E6000 \SystemRoot\System32\drivers\mpsdrv.sys
0x073A7000 \SystemRoot\system32\drivers\mrxdav.sys
0x073CE000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x00F86000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0980E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x0982D000 \SystemRoot\System32\DRIVERS\srv2.sys
0x0985F000 \SystemRoot\System32\DRIVERS\srv.sys
0x098F3000 \SystemRoot\system32\drivers\spsys.sys
0x0998D000 \SystemRoot\System32\Drivers\adfs.SYS
0x09E0D000 \SystemRoot\system32\drivers\peauth.sys
0x09EC3000 \SystemRoot\System32\Drivers\secdrv.SYS
0x09ECE000 \SystemRoot\System32\drivers\tcpipreg.sys
0x09EDE000 \??\c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
0x09F03000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x09F23000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x09F39000 \SystemRoot\System32\Drivers\NISx64\1205000.07D\SRTSP64.SYS
0x099A5000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x0AA00000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110123.003\EX64.SYS
0x0ABBA000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110123.003\ENG64.SYS
0x77120000 \Windows\System32\ntdll.dll

Processes (total 68):
0 System Idle Process
4 System
452 C:\Windows\System32\smss.exe
504 csrss.exe
572 C:\Windows\System32\wininit.exe
580 csrss.exe
632 C:\Windows\System32\winlogon.exe
664 C:\Windows\System32\services.exe
676 C:\Windows\System32\lsass.exe
684 C:\Windows\System32\lsm.exe
836 C:\Windows\System32\svchost.exe
896 C:\Windows\System32\svchost.exe
212 C:\Windows\System32\Ati2evxx.exe
320 C:\Windows\System32\svchost.exe
472 C:\Windows\System32\svchost.exe
468 C:\Windows\System32\svchost.exe
764 C:\Windows\System32\audiodg.exe
568 C:\Windows\System32\svchost.exe
1032 C:\Windows\System32\SLsvc.exe
1100 C:\Windows\System32\svchost.exe
1184 C:\Windows\System32\Ati2evxx.exe
1236 C:\Windows\System32\wisptis.exe
1276 C:\Windows\System32\svchost.exe
1644 C:\Windows\System32\spoolsv.exe
1668 C:\Windows\System32\svchost.exe
1844 C:\Windows\System32\wisptis.exe
1884 C:\Windows\System32\taskeng.exe
1912 C:\Windows\System32\dwm.exe
2000 C:\Windows\explorer.exe
1784 C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
492 C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
1440 C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
2168 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
2180 C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ccsvchst.exe
2272 C:\Windows\System32\svchost.exe
2292 C:\Windows\System32\svchost.exe
2360 C:\Windows\System32\svchost.exe
2424 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2464 C:\Windows\System32\SearchIndexer.exe
2532 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2620 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
2964 WUDFHost.exe
808 unsecapp.exe
1960 WmiPrvSE.exe
1056 C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2884 C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
2860 C:\Windows\ehome\ehtray.exe
2868 C:\Users\Stacey Mann\AppData\Roaming\Dropbox\bin\Dropbox.exe
3020 C:\hp\support\hpsysdrv.exe
2580 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
2736 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
2336 C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
3256 C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ccsvchst.exe
3304 C:\Windows\System32\taskeng.exe
3612 dllhost.exe
3728 C:\Windows\ehome\ehmsas.exe
4020 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
3216 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
3160 C:\Windows\SysWOW64\WinMsgBalloonServer.exe
3624 C:\Windows\SysWOW64\WinMsgBalloonClient.exe
3712 C:\Windows\SysWOW64\BeepApp.exe
2148 C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
3628 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
3936 C:\Program Files (x86)\Internet Explorer\iexplore.exe
4564 C:\Program Files (x86)\Internet Explorer\iexplore.exe
4612 C:\Windows\System32\wuauclt.exe
5040 C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe
4704 C:\Rick\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x000000ab`455eb000 (NTFS)

PhysicalDrive0 Model Number: AMD1+0 RAID Ready, Rev: 1.10

Size Device Name MBR Status
--------------------------------------------
698 GB \\.\PhysicalDrive0 RE: Hewlett-Packard MBR code detected
SHA1: F362CE084BC77B454330005C1657154A64FB9456

Done!

GMER - No Results

DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Stacey Mann at 22:36:49.17 on Sun 01/23/2011
Internet Explorer: 8.0.6001.18999
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.1.1033.18.7927.5612 [GMT -7:00]

AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Stacey Mann\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\ehome\ehmsas.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\SysWOW64\WinMsgBalloonServer.exe
C:\Windows\SysWOW64\WinMsgBalloonClient.exe
C:\Windows\SysWOW64\BeepApp.exe
C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe
C:\Windows\System32\svchost.exe -k wdisvc
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Stacey Mann\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.digitalscrapbookpages.com/digitals/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\IPS\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: 1Password: {cb1a24da-7416-4921-a0cf-5aa1160aae2a} - C:\PROGRA~2\1PASSW~1\AGILE1~1.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll
TB: Cloudberry Twitter plugin: {844ca498-7e43-4eb9-937f-083da08110be} - mscoree.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
uRun: [AdobeBridge]
uRun: [ISUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [UpdateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0 "
mRun: [UpdatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0 "
mRun: [UpdatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter "
mRun: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe "
mRun: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe "
mRun: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe "
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
mRunOnce: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
StartupFolder: C:\Users\STACEY~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Stacey Mann\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {00FAC6C9-C494-4AD8-B3C0-DE677AFDDBD8} - {5D7B119E-062F-476B-A5E7-797FAF554BA2} - C:\PROGRA~2\1PASSW~1\AGILE1~1.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {28B66320-9687-4B13-8757-36F901887AB5} - hxxp://www.seehere.com/ips-opdata/layout/fujius02/objects/canvasx.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.winkflash.com/photo/loaders/ImageUploader5.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} - hxxp://offers.e-centives.com/cif/download/bin/actxcab.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://samsclubus.pnimedia.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} - hxxp://persnicketyprints.lifepics.com/net/Uploader/LPUploader57.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
mRun-x64: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 ahcix64s;ahcix64s;C:\Windows\System32\drivers\ahcix64s.sys [2008-11-13 225296]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1205000.07D\symds64.sys [2010-12-9 450608]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1205000.07D\symefa64.sys [2010-12-9 802864]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110114.001\BHDrvx64.sys [2011-1-18 953904]
R1 ElRawDisk;ElRawDisk;C:\Windows\System32\drivers\elrawdsk.sys [2009-8-20 23464]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110120.001\IDSviA64.sys [2011-1-21 476792]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1205000.07D\ironx64.sys [2010-12-9 171128]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\System32\drivers\NISx64\1205000.07D\symtdiv.sys [2010-12-9 432760]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-9-26 27632]
R2 AMD_RAIDXpert;AMD RAIDXpert;C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2008-9-4 122880]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ccsvchst.exe [2010-12-9 130000]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-1-21 1153368]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-1-23 132656]
R3 netr7364;USB Wireless 802.11 b/g Adaptor Driver for Vista;C:\Windows\System32\drivers\netr7364.sys [2008-11-13 615424]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2008-11-13 26168]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\Windows\System32\drivers\BVRPMPR5a64.SYS [2010-12-22 35840]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-1-28 1038088]
S3 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-16 89920]

=============== File Associations ===============

JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2011-01-24 03:06:32 -------- d-----w- C:\Users\STACEY~1\AppData\Roaming\Malwarebytes
2011-01-24 03:06:25 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-01-24 03:06:23 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-01-24 03:06:19 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-01-24 03:06:19 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-01-16 20:26:27 -------- d-----r- C:\Users\Stacey Mann\Dropbox
2011-01-16 20:21:58 -------- d-----w- C:\Users\STACEY~1\AppData\Roaming\Dropbox
2011-01-16 20:20:21 -------- d-----w- C:\Users\STACEY~1\AppData\Roaming\Agile Web Solutions
2011-01-16 20:20:00 1384448 ----a-w- C:\Windows\SysWow64\ChilkatCrypt2.dll
2011-01-16 20:19:59 -------- d-----w- C:\Program Files (x86)\1Password

==================== Find3M ====================

2010-12-28 16:08:18 466944 ----a-w- C:\Windows\System32\odbc32.dll
2010-12-28 15:55:03 413696 ----a-w- C:\Windows\SysWow64\odbc32.dll
2010-12-14 16:15:49 1251840 ----a-w- C:\Windows\System32\sdclt.exe
2010-12-01 05:24:00 432760 ----a-w- C:\Windows\System32\drivers\NISx64\1205000.07D\symtdiv.sys
2010-12-01 05:24:00 382072 ----a-w- C:\Windows\System32\drivers\NISx64\1205000.07D\symnets.sys
2010-11-23 04:08:32 735864 ----a-w- C:\Windows\System32\drivers\NISx64\1205000.07D\srtsp64.sys
2010-11-23 04:08:32 40568 ----a-w- C:\Windows\System32\drivers\NISx64\1205000.07D\srtspx64.sys
2010-11-18 02:59:55 802864 ----a-w- C:\Windows\System32\drivers\NISx64\1205000.07D\symefa64.sys
2010-11-16 01:45:33 171128 ----a-w- C:\Windows\System32\drivers\NISx64\1205000.07D\ironx64.sys
2010-11-06 11:18:48 500224 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2010-11-06 11:18:27 655872 ----a-w- C:\Windows\System32\taskschd.dll
2010-11-06 11:18:27 410112 ----a-w- C:\Windows\System32\taskcomp.dll
2010-11-06 11:18:13 855040 ----a-w- C:\Windows\System32\schedsvc.dll
2010-11-04 23:58:17 267776 ----a-w- C:\Windows\System32\taskeng.exe
2010-11-04 18:55:38 352768 ----a-w- C:\Windows\SysWow64\taskschd.dll
2010-11-04 18:55:38 270336 ----a-w- C:\Windows\SysWow64\taskcomp.dll
2010-11-04 16:34:06 171520 ----a-w- C:\Windows\SysWow64\taskeng.exe
2010-11-02 06:27:41 1147904 ----a-w- C:\Windows\System32\wininet.dll
2010-11-02 06:24:01 56832 ----a-w- C:\Windows\System32\licmgr10.dll
2010-11-02 06:23:47 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl
2010-11-02 06:23:35 77312 ----a-w- C:\Windows\System32\iesetup.dll
2010-11-02 06:23:35 132096 ----a-w- C:\Windows\System32\iesysprep.dll
2010-11-02 06:01:54 916480 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-11-02 05:57:41 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-11-02 05:57:27 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2010-11-02 05:57:11 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll
2010-11-02 05:57:11 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2010-11-02 05:25:33 479232 ----a-w- C:\Windows\System32\html.iec
2010-11-02 05:01:31 385024 ----a-w- C:\Windows\SysWow64\html.iec
2010-11-02 04:45:37 162816 ----a-w- C:\Windows\System32\ieUnatt.exe
2010-11-02 04:44:24 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-11-02 04:26:10 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2010-11-02 04:24:44 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-10-28 16:29:18 48128 ----a-w- C:\Windows\System32\atmlib.dll
2010-10-28 15:44:56 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2010-10-28 14:05:21 367104 ----a-w- C:\Windows\System32\atmfd.dll
2010-10-28 13:56:57 2048 ----a-w- C:\Windows\System32\tzres.dll
2010-10-28 13:27:47 292352 ----a-w- C:\Windows\SysWow64\atmfd.dll
2010-10-28 13:20:12 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2009-01-21 16:14:40 9780224 ----a-w- C:\Program Files\openofficeorg30.msi
2008-12-17 10:17:14 426776 ----a-w- C:\Program Files\setup.exe
2002-03-11 09:06:30 1822520 ----a-w- C:\Program Files\instmsiw.exe
2002-03-11 08:45:04 1708856 ----a-w- C:\Program Files\instmsia.exe

============= FINISH: 22:37:20.93 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

AttachDDS (Ver_10-12-12.02)

Microsoft® Windows Vistaâ„¢ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/4/2008 11:56:29 PM
System Uptime: 1/23/2011 7:59:25 PM (3 hours ago)

Motherboard: MSI | | Aspen
Processor: AMD Phenom(tm) 9650 Quad-Core Processor | Socket AM2 | 1200/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 685 GiB total, 384.426 GiB free.
D: is FIXED (NTFS) - 13 GiB total, 1.837 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP840: 12/29/2010 3:00:25 AM - Windows Update
RP841: 12/30/2010 12:06:05 AM - Scheduled Checkpoint
RP842: 12/30/2010 3:00:24 AM - Windows Update
RP843: 12/31/2010 12:29:46 AM - Scheduled Checkpoint
RP844: 12/31/2010 3:00:24 AM - Windows Update
RP845: 12/31/2010 7:37:52 PM - Scheduled Checkpoint
RP846: 1/1/2011 3:00:26 AM - Windows Update
RP847: 1/2/2011 3:00:14 AM - Windows Update
RP848: 1/3/2011 - Scheduled Checkpoint
RP849: 1/3/2011 3:00:11 AM - Windows Update
RP850: 1/4/2011 3:00:11 AM - Windows Update
RP851: 1/5/2011 3:00:11 AM - Windows Update
RP852: 1/6/2011 3:00:11 AM - Windows Update
RP853: 1/7/2011 3:00:11 AM - Windows Update
RP854: 1/8/2011 3:00:10 AM - Windows Update
RP855: 1/9/2011 3:00:11 AM - Windows Update
RP856: 1/10/2011 3:00:11 AM - Windows Update
RP857: 1/11/2011 3:00:11 AM - Windows Update
RP858: 1/11/2011 9:08:24 PM - Installed OpenOffice.org 3.2
RP859: 1/11/2011 9:11:37 PM - Installed OpenOffice.org 3.2
RP860: 1/12/2011 3:00:12 AM - Windows Update
RP861: 1/13/2011 12:52:49 AM - Scheduled Checkpoint
RP862: 1/13/2011 3:00:10 AM - Windows Update
RP863: 1/14/2011 12:00:02 AM - Scheduled Checkpoint
RP864: 1/14/2011 3:00:11 AM - Windows Update
RP865: 1/15/2011 12:00:02 AM - Scheduled Checkpoint
RP866: 1/15/2011 3:00:11 AM - Windows Update
RP867: 1/16/2011 12:01:23 AM - Scheduled Checkpoint
RP868: 1/16/2011 3:00:11 AM - Windows Update
RP869: 1/17/2011 1:00:07 AM - Scheduled Checkpoint
RP870: 1/17/2011 3:00:12 AM - Windows Update
RP871: 1/18/2011 3:00:11 AM - Windows Update
RP872: 1/18/2011 8:36:28 PM - Scheduled Checkpoint
RP873: 1/19/2011 3:00:11 AM - Windows Update
RP874: 1/20/2011 12:12:27 AM - Scheduled Checkpoint
RP875: 1/20/2011 3:00:11 AM - Windows Update
RP876: 1/21/2011 12:27:07 AM - Scheduled Checkpoint
RP877: 1/21/2011 3:00:10 AM - Windows Update
RP878: 1/22/2011 12:00:02 AM - Scheduled Checkpoint
RP879: 1/22/2011 3:00:11 AM - Windows Update
RP880: 1/23/2011 12:00:02 AM - Scheduled Checkpoint
RP881: 1/23/2011 3:00:11 AM - Windows Update

==== Installed Programs ======================

1Password 1.0.2.155
3ivx MPEG-4 5.0.3 (remove only)
7-Zip 4.42
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Fonts All
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 9.4.1
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Amazon MP3 Downloader 1.0.10
AMD USB Audio Driver Filter
BlackBerry Desktop Software 6.0
BlackBerry Device Software Updater
Bulk Rename Utility 2.7.1.1
Camera Support Core Library
Camera Window DS
Camera Window DVC
Camera Window MC
Canon Camera Support Core Library
Canon Camera WIA Driver
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DSLR 5 for ZoomBrowser EX
Canon Camera Window MC 5 for ZoomBrowser EX
Canon EOS Kiss_N REBEL_XT 350D WIA Driver
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities Digital Photo Professional 2.0
Canon Utilities EOS Capture 1.5
Canon Utilities PhotoStitch 3.1
Canon ZoomBrowser EX (E)
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Color Schemer Studio
Compatibility Pack for the 2007 Office system
Connect
Coupon Printer for Windows
CyberLink DVD Suite Deluxe
D3DX10
Dropbox
Enhanced Multimedia Keyboard Solution
EOS Capture 1.5
EPSON Scan
FlipShare
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP Picasso Media Center Add-In
HP Recovery Manager RSS
HP Update
Ipswitch WS_FTP Professional 2007
Java Auto Updater
Java(TM) 6 Update 18
Java(TM) 6 Update 7
kuler
LabelPrint
LightScribe System Software 1.14.25.1
LightScribe Template Labeler
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Application Error Reporting
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Reveal
My HP Games
MyFonts Order M1013466
MyFonts Order M1399868
MyFonts Order M1606301
MyFonts Order M2054173
Norton Internet Security
OpenOffice.org 3.2
PDF Settings CS4
Photoshop Camera Raw
PhotoStitch
PictureMover
Power2Go
PowerDirector
Python 2.5.2
RAIDXpert
RAW Image Task 2.2
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Segoe UI
Skins
SmartFTP Client Setup Files 3.0 (x64) (remove only)
SmartFTP Client Setup Files 4.0 (x64) (remove only)
Spybot - Search & Destroy
Suite Shared Configuration CS4
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
virtualPhotographer 1.5.6
WebEx Support Manager for Internet Explorer
Windows Installer Clean Up
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
ZipGenius 6 (6.0.3.1150)

==== Event Viewer Messages From Past Week ========

1/23/2011 8:05:22 PM, Error: Service Control Manager [7022] - The Background Intelligent Transfer Service service hung on starting.
1/23/2011 8:05:22 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
1/23/2011 8:00:55 PM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer WebEx Document Loader with shared resource name WebEx Document Loader. Error 2114. The printer cannot be used by others on the network.
1/23/2011 8:00:55 PM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer Canon iP4500 series with shared resource name Canon iP4500 series. Error 2114. The printer cannot be used by others on the network.
1/23/2011 7:49:25 PM, Error: Service Control Manager [7034] - The AMD RAIDXpert service terminated unexpectedly. It has done this 1 time(s).
1/23/2011 4:24:26 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: FileDisk
1/23/2011 4:22:41 PM, Error: EventLog [6008] - The previous system shutdown at 4:19:53 PM on 1/23/2011 was unexpected.
1/23/2011 4:21:59 PM, Error: Application Popup [1060] - \SystemRoot\SysWow64\Drivers\FileDisk.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
1/23/2011 3:02:49 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008 for x64-based Systems (KB2416447).
1/23/2011 1:23:27 PM, Error: netbt [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.223. The computer with the IP address 192.168.1.1 did not allow the name to be claimed by this computer.
1/18/2011 5:18:00 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.212 for the Network Card with network address 002421136C9D has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================

broni · 2011/01/24

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===============================================================

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

mannclann · 2011/01/24

ComboFix ComboFix 11-01-24.01 - Stacey Mann 01/24/2011 19:36:19.1.4 - x64
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.1.1033.18.7927.5326 [GMT -7:00]
Running from: c:\users\Stacey Mann\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Install.exe
c:\program files\\setup.exe
c:\program files\Setup.exe
c:\windows\system32\BSTIEPrintCtl1.dll
c:\windows\system32\twunk_32.exe
c:\windows\SysWow64\BSTIEPrintCtl1.dll
c:\windows\SysWow64\twunk_32.exe

.
((((((((((((((((((((((((( Files Created from 2010-12-25 to 2011-01-25 )))))))))))))))))))))))))))))))
.

2011-01-25 02:51 . 2011-01-25 02:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-25 02:51 . 2011-01-25 02:51 -------- d-----w- c:\users\Stacey Mann\AppData\Local\temp
2011-01-25 02:34 . 2011-01-25 02:34 -------- d-----w- C:\32788R22FWJFW
2011-01-24 03:06 . 2011-01-24 03:06 -------- d-----w- c:\users\Stacey Mann\AppData\Roaming\Malwarebytes
2011-01-24 03:06 . 2010-12-21 01:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-01-24 03:06 . 2011-01-24 03:06 -------- d-----w- c:\programdata\Malwarebytes
2011-01-24 03:06 . 2011-01-24 03:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-01-24 03:06 . 2010-12-21 01:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-16 20:26 . 2011-01-24 03:04 -------- d-----r- c:\users\Stacey Mann\Dropbox
2011-01-16 20:21 . 2011-01-24 22:52 -------- d-----w- c:\users\Stacey Mann\AppData\Roaming\Dropbox
2011-01-16 20:20 . 2011-01-16 21:08 -------- d-----w- c:\users\Stacey Mann\AppData\Roaming\Agile Web Solutions
2011-01-16 20:20 . 2009-12-09 17:25 1384448 ----a-w- c:\windows\SysWow64\ChilkatCrypt2.dll
2011-01-16 20:19 . 2011-01-16 20:20 -------- d-----w- c:\program files (x86)\1Password

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-01 05:24 . 2010-12-09 20:11 432760 ----a-w- c:\windows\system32\drivers\NISx64\1205000.07D\symtdiv.sys
2010-12-01 05:24 . 2010-12-09 20:11 382072 ----a-w- c:\windows\system32\drivers\NISx64\1205000.07D\symnets.sys
2010-11-23 04:08 . 2010-12-09 20:11 735864 ----a-w- c:\windows\system32\drivers\NISx64\1205000.07D\srtsp64.sys
2010-11-23 04:08 . 2010-12-09 20:11 40568 ----a-w- c:\windows\system32\drivers\NISx64\1205000.07D\srtspx64.sys
2010-11-18 02:59 . 2010-12-09 20:11 802864 ----a-w- c:\windows\system32\drivers\NISx64\1205000.07D\symefa64.sys
2010-11-16 01:45 . 2010-12-09 20:11 171128 ----a-w- c:\windows\system32\drivers\NISx64\1205000.07D\ironx64.sys
2010-11-06 11:18 . 2010-12-15 05:47 500224 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-06 11:18 . 2010-12-15 05:47 655872 ----a-w- c:\windows\system32\taskschd.dll
2010-11-06 11:18 . 2010-12-15 05:47 410112 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-06 11:18 . 2010-12-15 05:47 855040 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-04 23:58 . 2010-12-15 05:47 267776 ----a-w- c:\windows\system32\taskeng.exe
2010-11-04 18:55 . 2010-12-15 05:47 352768 ----a-w- c:\windows\SysWow64\taskschd.dll
2010-11-04 18:55 . 2010-12-15 05:47 270336 ----a-w- c:\windows\SysWow64\taskcomp.dll
2010-11-04 16:34 . 2010-12-15 05:47 171520 ----a-w- c:\windows\SysWow64\taskeng.exe
2010-11-02 06:27 . 2010-12-15 05:47 1147904 ----a-w- c:\windows\system32\wininet.dll
2010-11-02 06:24 . 2010-12-15 05:47 56832 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-02 06:23 . 2010-12-15 05:47 1538560 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-02 06:23 . 2010-12-15 05:47 77312 ----a-w- c:\windows\system32\iesetup.dll
2010-11-02 06:23 . 2010-12-15 05:47 132096 ----a-w- c:\windows\system32\iesysprep.dll
2010-11-02 06:01 . 2010-12-15 05:47 916480 ----a-w- c:\windows\SysWow64\wininet.dll
2010-11-02 05:57 . 2010-12-15 05:47 43520 ----a-w- c:\windows\SysWow64\licmgr10.dll
2010-11-02 05:57 . 2010-12-15 05:47 1469440 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2010-11-02 05:57 . 2010-12-15 05:47 71680 ----a-w- c:\windows\SysWow64\iesetup.dll
2010-11-02 05:57 . 2010-12-15 05:47 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2010-11-02 05:25 . 2010-12-15 05:47 479232 ----a-w- c:\windows\system32\html.iec
2010-11-02 05:01 . 2010-12-15 05:47 385024 ----a-w- c:\windows\SysWow64\html.iec
2010-11-02 04:45 . 2010-12-15 05:47 162816 ----a-w- c:\windows\system32\ieUnatt.exe
2010-11-02 04:44 . 2010-12-15 05:47 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-02 04:26 . 2010-12-15 05:47 133632 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2010-11-02 04:24 . 2010-12-15 05:47 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2010-10-28 16:29 . 2010-12-15 05:48 48128 ----a-w- c:\windows\system32\atmlib.dll
2010-10-28 15:44 . 2010-12-15 05:48 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2010-10-28 14:05 . 2010-12-15 05:48 367104 ----a-w- c:\windows\system32\atmfd.dll
2010-10-28 13:56 . 2010-12-15 05:47 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-28 13:27 . 2010-12-15 05:48 292352 ----a-w- c:\windows\SysWow64\atmfd.dll
2010-10-28 13:20 . 2010-12-15 05:47 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2009-01-21 16:14 . 2009-01-21 16:14 9780224 ----a-w- c:\program files\openofficeorg30.msi
2002-03-11 09:06 . 2002-03-11 09:06 1822520 ----a-w- c:\program files\instmsiw.exe
2002-03-11 08:45 . 2002-03-11 08:45 1708856 ----a-w- c:\program files\instmsia.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@= "{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Stacey Mann\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@= "{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Stacey Mann\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@= "{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Stacey Mann\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM "= "c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]
"ehTray.exe "= "c:\windows\ehome\ehTray.exe" [2008-01-21 138240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv "= "c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD "= "c:\program files (x86)\Hewlett-Packard\KBD\KbdStub.EXE" [2008-07-21 12288]
"StartCCC "= "c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"UpdateP2GoShortCut "= "c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePDIRShortCut "= "c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut "= "c:\program files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2008-09-11 210216]
"TSMAgent "= "c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-10-18 1152296]
"CLMLServer for HP TouchSmart "= "c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-10-18 189736]
"DVDAgent "= "c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-09-26 1148200]
"AdobeCS4ServiceManager "= "c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Malwarebytes' Anti-Malware (reboot) "= "c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-21 963976]

c:\users\Stacey Mann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Stacey Mann\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-12-16 23343848]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2009-08-25 35840]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-01-28 1038088]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NISx64\1008000.029\SYMNDISV.SYS [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S0 ahcix64s;ahcix64s;c:\windows\system32\drivers\ahcix64s.sys [2008-10-10 225296]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1205000.07D\SYMDS64.SYS [2010-10-21 450608]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1205000.07D\SYMEFA64.SYS [2010-11-18 802864]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110114.001\BHDrvx64.sys [2010-11-23 953904]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2009-09-08 23464]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110120.001\IDSvia64.sys [2010-11-09 476792]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1205000.07D\Ironx64.SYS [2010-11-16 171128]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NISx64\1205000.07D\SYMTDIV.SYS [2010-12-01 432760]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-09-26 27632]
S2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2008-09-04 122880]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe [2010-11-24 130000]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-12-06 132656]
S3 netr7364;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys [2008-02-26 615424]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2008-05-29 26168]

.
Contents of the 'Scheduled Tasks' folder

2011-01-24 c:\windows\Tasks\User_Feed_Synchronization-{9EECD9E5-444A-47C9-9A86-8760AA039549}.job
- c:\windows\system32\msfeedssync.exe [2010-12-15 04:25]
.

--------- x86-64 -----------

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@= "{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Stacey Mann\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@= "{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Stacey Mann\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@= "{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Stacey Mann\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@= "{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Stacey Mann\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender "= "%ProgramFiles%\Windows Defender\MSASCui.exe -hide" [X]
"CanonMyPrinter "= "c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1840720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs "=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.digitalscrapbookpages.com/digitals/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
uInternet Settings,ProxyOverride = *.local
IE: {{00FAC6C9-C494-4AD8-B3C0-DE677AFDDBD8} - {5D7B119E-062F-476B-A5E7-797FAF554BA2} - c:\progra~2\1PASSW~1\AGILE1~1.DLL
DPF: {28B66320-9687-4B13-8757-36F901887AB5} - hxxp://www.seehere.com/ips-opdata/layout/fujius02/objects/canvasx.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://samsclubus.pnimedia.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} - hxxp://persnicketyprints.lifepics.com/net/Uploader/LPUploader57.cab
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -

Wow6432Node-HKCU-Run-AdobeBridge - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKLM-Run-SmartMenu - %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NIS]
"ImagePath "= "\ "c:\program files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe\" /s \ "NIS\" /m \ "c:\program files (x86)\Norton Internet Security\Engine\18.5.0.125\diMaster.dll\" /prefetch:1 "

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath "= "\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl "
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101 "

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe "

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@= "Shockwave Flash Object "

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx "
"ThreadingModel "= "Apartment "

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@= "0 "

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@= "ShockwaveFlash.ShockwaveFlash.10 "

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1 "

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@= "1.0 "

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@= "ShockwaveFlash.ShockwaveFlash "

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@= "Macromedia Flash Factory Object "

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx "
"ThreadingModel "= "Apartment "

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@= "FlashFactory.FlashFactory.1 "

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1 "

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@= "1.0 "

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@= "FlashFactory.FlashFactory "

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@= "Shockwave Flash "

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=" "

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@= "FlashBroker "

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue "=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
Completion time: 2011-01-24 19:55:07
ComboFix-quarantined-files.txt 2011-01-25 02:55

Pre-Run: 411,173,285,888 bytes free
Post-Run: 415,551,934,464 bytes free

- - End Of File - - CCC931EAAA3E5C3EB3C7F7D401913EBB

broni · 2011/01/24

Looks good

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

mannclann · 2011/01/24

OTL logfile created on: 1/24/2011 8:25:14 PM - Run 1
OTL by OldTimer - Version 3.2.20.5 Folder = C:\Users\Stacey Mann\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 5.00 Gb Available Physical Memory | 63.00% Memory free
16.00 Gb Paging File | 13.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 685.08 Gb Total Space | 387.08 Gb Free Space | 56.50% Space Free | Partition Type: NTFS
Drive D: | 13.41 Gb Total Space | 1.84 Gb Free Space | 13.70% Space Free | Partition Type: NTFS

Computer Name: HP-A6750Y | User Name: Stacey Mann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/24 20:23:37 | 000,603,136 | ---- | M] (OldTimer Tools) -- C:\Users\Stacey Mann\Desktop\OTL.exe
PRC - [2010/12/15 12:30:58 | 000,615,800 | ---- | M] (Agile Web Solutions) -- C:\Program Files (x86)\1Password\Agile1pBroker.exe
PRC - [2010/11/23 19:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ccsvchst.exe
PRC - [2010/11/17 17:06:32 | 000,233,936 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe
PRC - [2010/05/14 11:59:44 | 000,455,944 | ---- | M] () -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/10/17 17:57:18 | 000,189,736 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2008/10/17 17:56:54 | 001,152,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2008/09/26 03:36:40 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2008/09/24 05:40:02 | 000,139,264 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonClient.exe
PRC - [2008/09/24 05:39:56 | 000,118,784 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonServer.exe
PRC - [2008/09/04 05:21:50 | 000,122,880 | ---- | M] (AMD) -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
PRC - [2008/09/04 05:14:52 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
PRC - [2008/09/04 05:14:44 | 000,049,152 | ---- | M] () -- C:\Windows\SysWOW64\BeepApp.exe
PRC - [2007/08/30 09:50:42 | 000,205,480 | ---- | M] (Macrovision Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2007/04/18 08:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe

========== Modules (SafeList) ==========

MOD - [2011/01/24 20:23:37 | 000,603,136 | ---- | M] (OldTimer Tools) -- C:\Users\Stacey Mann\Desktop\OTL.exe
MOD - [2010/12/03 23:58:45 | 000,413,112 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\asoehook.dll
MOD - [2010/11/17 18:19:17 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcr90.dll
MOD - [2010/11/17 18:19:17 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcp90.dll
MOD - [2010/08/31 08:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/01/28 15:46:00 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2008/09/10 15:17:50 | 000,908,288 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV:64bit: - [2008/01/20 19:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/11/23 19:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe -- (NIS)
SRV - [2010/05/14 11:59:44 | 000,455,944 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/03/29 21:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/28 15:45:26 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/09/04 05:21:50 | 000,122,880 | ---- | M] (AMD) [Auto | Running] -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe -- (AMD_RAIDXpert)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/11/30 22:24:00 | 000,432,760 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1205000.07D\SYMTDIV.SYS -- (SYMTDIv)
DRV:64bit: - [2010/11/22 21:08:32 | 000,735,864 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1205000.07D\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2010/11/22 21:08:32 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\SRTSPX64.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2010/11/17 19:59:55 | 000,802,864 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\SYMEFA64.SYS -- (SymEFA)
DRV:64bit: - [2010/11/15 18:45:33 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\Ironx64.SYS -- (SymIRON)
DRV:64bit: - [2010/10/20 19:28:36 | 000,450,608 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\SYMDS64.SYS -- (SymDS)
DRV:64bit: - [2010/09/25 13:20:01 | 000,174,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2009/09/30 17:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/09/08 10:40:14 | 000,023,464 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\elrawdsk.sys -- (ElRawDisk)
DRV:64bit: - [2009/08/24 21:10:52 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2009/01/20 14:49:48 | 000,195,584 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/01/09 14:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/10/09 17:04:04 | 000,225,296 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2008/09/10 16:09:36 | 004,764,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2008/05/28 18:54:18 | 000,026,168 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2008/05/20 17:33:36 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2008/02/26 10:18:00 | 000,615,424 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\netr7364.sys -- (netr7364)
DRV:64bit: - [2008/01/20 19:49:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RootMdm.sys -- (ROOTMODEM)
DRV:64bit: - [2006/09/18 14:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV - [2010/12/16 19:09:18 | 001,791,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110124.021\EX64.SYS -- (NAVEX15)
DRV - [2010/12/16 19:09:17 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110124.021\ENG64.SYS -- (NAVENG)
DRV - [2010/12/06 09:50:47 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/11/22 19:20:07 | 000,953,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110114.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2010/11/08 17:50:27 | 000,476,792 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110120.001\IDSviA64.sys -- (IDSVia64)
DRV - [2010/05/26 01:00:00 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2008/09/26 03:36:34 | 000,027,632 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3804377023-3152457012-3232446840-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.digitalscrapbookpages.com/digitals/
IE - HKU\S-1-5-21-3804377023-3152457012-3232446840-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3804377023-3152457012-3232446840-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3804377023-3152457012-3232446840-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2010/12/11 23:01:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\ [2010/12/09 13:10:46 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2009/01/21 15:48:03 | 000,291,711 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 10047 more lines...
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (1Password) - {CB1A24DA-7416-4921-A0CF-5AA1160AAE2A} - C:\Program Files (x86)\1Password\Agile1pIE.dll (Agile Web Solutions)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-3804377023-3152457012-3232446840-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-3804377023-3152457012-3232446840-1000\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
O3 - HKU\S-1-5-21-3804377023-3152457012-3232446840-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.exe (Microsoft)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TSMAgent] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-3804377023-3152457012-3232446840-1000..\Run: [ISUSPM] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - Startup: C:\Users\Stacey Mann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Stacey Mann\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-21-3804377023-3152457012-3232446840-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3804377023-3152457012-3232446840-1000\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-21-3804377023-3152457012-3232446840-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: 1Password - {00FAC6C9-C494-4AD8-B3C0-DE677AFDDBD8} - C:\Program Files (x86)\1Password\Agile1pIE.dll (Agile Web Solutions)
O9 - Extra 'Tools' menuitem : 1Password Ctrl+\ - {00FAC6C9-C494-4AD8-B3C0-DE677AFDDBD8} - C:\Program Files (x86)\1Password\Agile1pIE.dll (Agile Web Solutions)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {28B66320-9687-4B13-8757-36F901887AB5} http://www.seehere.com/ips-opdata/layout/fujius02/objects/canvasx.cab (Reg Error: Key error.)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab (Reg Error: Key error.)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.winkflash.com/photo/loaders/ImageUploader5.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://samsclubus.pnimedia.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Reg Error: Key error.)
O16 - DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} http://persnicketyprints.lifepics.com/net/Uploader/LPUploader57.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.3IV2 - C:\Windows\SysWow64\3ivxVfWCodec.dll (3ivx Technologies Pty. Ltd.)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/01/24 20:23:34 | 000,603,136 | ---- | C] (OldTimer Tools) -- C:\Users\Stacey Mann\Desktop\OTL.exe
[2011/01/24 19:55:09 | 000,000,000 | ---D | C] -- C:\Users\Stacey Mann\AppData\Local\temp
[2011/01/24 19:34:49 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/01/24 19:34:49 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/01/24 19:34:49 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/01/24 19:34:11 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/01/24 19:34:09 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/01/24 19:33:38 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/01/24 19:33:29 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/01/23 20:16:04 | 000,000,000 | ---D | C] -- C:\Users\Stacey Mann\Desktop\WindowsBBS
[2011/01/23 20:06:32 | 000,000,000 | ---D | C] -- C:\Users\Stacey Mann\AppData\Roaming\Malwarebytes
[2011/01/23 20:06:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/01/23 20:06:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/23 20:06:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/01/23 20:06:19 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/01/23 20:06:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/01/23 16:02:46 | 000,000,000 | ---D | C] -- C:\Users\Stacey Mann\Desktop\lime
[2011/01/23 16:02:33 | 000,000,000 | ---D | C] -- C:\Users\Stacey Mann\Desktop\coffee
[2011/01/16 13:26:27 | 000,000,000 | R--D | C] -- C:\Users\Stacey Mann\Dropbox
[2011/01/16 13:22:35 | 000,000,000 | ---D | C] -- C:\Users\Stacey Mann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2011/01/16 13:21:58 | 000,000,000 | ---D | C] -- C:\Users\Stacey Mann\AppData\Roaming\Dropbox
[2011/01/16 13:20:23 | 000,000,000 | ---D | C] -- C:\Users\Stacey Mann\Documents\1Password
[2011/01/16 13:20:21 | 000,000,000 | ---D | C] -- C:\Users\Stacey Mann\AppData\Roaming\Agile Web Solutions
[2011/01/16 13:20:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1Password
[2011/01/16 13:20:00 | 001,384,448 | ---- | C] (Chilkat Software, Inc.) -- C:\Windows\SysWow64\ChilkatCrypt2.dll
[2011/01/16 13:19:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\1Password
[2011/01/11 21:20:11 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.2
[2010/12/27 08:13:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2004/12/13 07:57:36 | 000,065,536 | ---- | C] ( ) -- C:\Windows\SysWow64\RCCOLLAB.DLL
[2002/03/11 02:06:30 | 001,822,520 | ---- | C] (Microsoft Corporation) -- C:\Program Files\instmsiw.exe
[2002/03/11 01:45:04 | 001,708,856 | ---- | C] (Microsoft Corporation) -- C:\Program Files\instmsia.exe
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/24 20:23:37 | 000,603,136 | ---- | M] (OldTimer Tools) -- C:\Users\Stacey Mann\Desktop\OTL.exe
[2011/01/24 20:00:52 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/24 20:00:52 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/24 19:34:02 | 004,160,066 | R--- | M] () -- C:\Users\Stacey Mann\Desktop\ComboFix.exe
[2011/01/24 18:21:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/24 15:15:08 | 000,052,697 | ---- | M] () -- C:\Users\Stacey Mann\AppData\Roaming\mainhst.zgh
[2011/01/24 02:30:40 | 000,000,404 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{9EECD9E5-444A-47C9-9A86-8760AA039549}.job
[2011/01/23 20:06:27 | 000,000,985 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/23 19:47:17 | 000,624,128 | ---- | M] () -- C:\Users\Stacey Mann\Desktop\dds.scr
[2011/01/23 19:46:24 | 000,296,448 | ---- | M] () -- C:\Users\Stacey Mann\Desktop\GMER9rjlw360.exe
[2011/01/23 13:17:48 | 001,589,384 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/01/17 07:29:45 | 000,011,664 | ---- | M] () -- C:\Users\Stacey Mann\AppData\Roaming\wklnhst.dat
[2011/01/16 13:26:27 | 000,000,984 | ---- | M] () -- C:\Users\Stacey Mann\Desktop\Dropbox.lnk
[2011/01/16 13:22:49 | 000,000,964 | ---- | M] () -- C:\Users\Stacey Mann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011/01/16 13:21:40 | 000,742,606 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/01/16 13:21:40 | 000,630,862 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/01/16 13:21:40 | 000,115,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/01/16 13:20:02 | 000,000,853 | ---- | M] () -- C:\Users\Stacey Mann\Application Data\Microsoft\Internet Explorer\Quick Launch\1Password.lnk
[2011/01/16 13:20:02 | 000,000,829 | ---- | M] () -- C:\Users\Stacey Mann\Desktop\1Password.lnk
[2011/01/11 21:20:17 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk
[2011/01/07 20:19:37 | 000,131,445 | ---- | M] () -- C:\Users\Stacey Mann\Documents\snowsnow
[2011/01/07 20:14:20 | 000,108,677 | ---- | M] () -- C:\Users\Stacey Mann\Documents\prinses
[2010/12/27 08:19:26 | 000,246,346 | ---- | M] () -- C:\Users\Stacey Mann\Documents\cc_20101227_081918.reg
[2010/12/27 08:13:30 | 000,000,893 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/24 19:34:49 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/01/24 19:34:49 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/01/24 19:34:49 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/01/24 19:34:49 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/01/24 19:34:49 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/01/24 19:29:56 | 004,160,066 | R--- | C] () -- C:\Users\Stacey Mann\Desktop\ComboFix.exe
[2011/01/23 20:06:26 | 000,000,985 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/23 19:47:13 | 000,624,128 | ---- | C] () -- C:\Users\Stacey Mann\Desktop\dds.scr
[2011/01/23 19:46:19 | 000,296,448 | ---- | C] () -- C:\Users\Stacey Mann\Desktop\GMER9rjlw360.exe
[2011/01/16 13:26:27 | 000,000,984 | ---- | C] () -- C:\Users\Stacey Mann\Desktop\Dropbox.lnk
[2011/01/16 13:22:48 | 000,000,964 | ---- | C] () -- C:\Users\Stacey Mann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011/01/16 13:20:02 | 000,000,853 | ---- | C] () -- C:\Users\Stacey Mann\Application Data\Microsoft\Internet Explorer\Quick Launch\1Password.lnk
[2011/01/16 13:20:01 | 000,000,829 | ---- | C] () -- C:\Users\Stacey Mann\Desktop\1Password.lnk
[2011/01/11 21:20:17 | 000,001,027 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk
[2011/01/11 21:11:27 | 000,401,456 | ---- | C] () -- C:\Users\Stacey Mann\AppData\Local\dd_vcredistMSI158C.txt
[2011/01/11 21:11:26 | 000,011,174 | ---- | C] () -- C:\Users\Stacey Mann\AppData\Local\dd_vcredistUI158C.txt
[2011/01/11 21:11:19 | 000,355,088 | ---- | C] () -- C:\Users\Stacey Mann\AppData\Local\dd_vcredistMSI1575.txt
[2011/01/11 21:11:19 | 000,011,486 | ---- | C] () -- C:\Users\Stacey Mann\AppData\Local\dd_vcredistUI1575.txt
[2011/01/11 21:08:18 | 000,407,020 | ---- | C] () -- C:\Users\Stacey Mann\AppData\Local\dd_vcredistMSI131F.txt
[2011/01/11 21:08:16 | 000,011,254 | ---- | C] () -- C:\Users\Stacey Mann\AppData\Local\dd_vcredistUI131F.txt
[2011/01/11 21:08:12 | 000,353,678 | ---- | C] () -- C:\Users\Stacey Mann\AppData\Local\dd_vcredistMSI130F.txt
[2011/01/11 21:08:11 | 000,011,422 | ---- | C] () -- C:\Users\Stacey Mann\AppData\Local\dd_vcredistUI130F.txt
[2011/01/07 20:19:37 | 000,131,445 | ---- | C] () -- C:\Users\Stacey Mann\Documents\snowsnow
[2011/01/07 20:14:18 | 000,108,677 | ---- | C] () -- C:\Users\Stacey Mann\Documents\prinses
[2010/12/27 08:19:21 | 000,246,346 | ---- | C] () -- C:\Users\Stacey Mann\Documents\cc_20101227_081918.reg
[2010/12/27 08:13:29 | 000,000,893 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010/12/22 13:29:36 | 000,356,898 | ---- | C] () -- C:\Users\Stacey Mann\AppData\Local\dd_vcredistMSI195D.txt
[2010/12/22 13:29:32 | 000,011,490 | ---- | C] () -- C:\Users\Stacey Mann\AppData\Local\dd_vcredistUI195D.txt
[2010/12/22 13:28:53 | 000,010,598 | ---- | C] () -- C:\Users\Stacey Mann\AppData\Local\dd_vcredistUI18DD.txt
[2010/12/22 13:28:03 | 000,435,946 | ---- | C] () -- C:\Users\Stacey Mann\AppData\Local\dd_vcredistMSI182A.txt
[2010/12/22 13:27:58 | 000,011,410 | ---- | C] () -- C:\Users\Stacey Mann\AppData\Local\dd_vcredistUI182A.txt
[2010/12/13 22:42:22 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/09/09 12:32:37 | 000,000,231 | ---- | C] () -- C:\Users\Stacey Mann\AppData\Roaming\Rim.Desktop.Exception.log
[2010/09/09 12:25:54 | 000,000,807 | ---- | C] () -- C:\Users\Stacey Mann\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
[2010/09/09 12:22:27 | 000,420,320 | ---- | C] () -- C:\Users\Stacey Mann\AppData\Local\dd_vcredistMSI282D.txt
[2010/09/09 12:22:26 | 000,011,152 | ---- | C] () -- C:\Users\Stacey Mann\AppData\Local\dd_vcredistUI282D.txt
[2010/07/15 13:42:16 | 000,000,099 | ---- | C] () -- C:\Users\Stacey Mann\AppData\Local\fusioncache.dat
[2010/07/15 12:15:33 | 000,734,770 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/04/19 22:02:28 | 000,367,374 | ---- | C] () -- C:\Users\Stacey Mann\AppData\Local\dd_vcredistMSI3F09.txt
[2010/04/19 22:02:23 | 000,174,390 | ---- | C] () -- C:\Users\Stacey Mann\AppData\Local\dd_vcredistUI3F09.txt
[2010/04/19 21:59:49 | 000,402,336 | ---- | C] () -- C:\Users\Stacey Mann\AppData\Local\dd_vcredistMSI3CDE.txt
[2010/04/19 21:59:33 | 000,174,846 | ---- | C] () -- C:\Users\Stacey Mann\AppData\Local\dd_vcredistUI3CDE.txt
[2009/10/18 12:57:52 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI
[2009/09/16 22:40:41 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/09/16 22:39:28 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/08/20 16:50:35 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll
[2009/08/16 21:14:26 | 000,371,268 | ---- | C] () -- C:\Users\Stacey Mann\AppData\Local\dd_vcredistMSI0598.txt
[2009/08/16 21:14:24 | 000,011,238 | ---- | C] () -- C:\Users\Stacey Mann\AppData\Local\dd_vcredistUI0598.txt
[2009/02/16 07:43:23 | 000,017,408 | ---- | C] () -- C:\Users\Stacey Mann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/28 15:39:49 | 000,001,356 | ---- | C] () -- C:\Users\Stacey Mann\AppData\Local\d3d9caps.dat
[2009/01/22 13:52:33 | 008,673,792 | ---- | C] () -- C:\ProgramData\atscie.msi
[2009/01/22 13:13:57 | 000,052,697 | ---- | C] () -- C:\Users\Stacey Mann\AppData\Roaming\mainhst.zgh
[2009/01/22 10:07:44 | 000,011,664 | ---- | C] () -- C:\Users\Stacey Mann\AppData\Roaming\wklnhst.dat
[2009/01/21 20:57:49 | 000,001,460 | ---- | C] () -- C:\Users\Stacey Mann\AppData\Local\d3d9caps64.dat
[2009/01/21 09:21:30 | 128,611,035 | ---- | C] () -- C:\Program Files\openofficeorg1.cab
[2009/01/21 09:14:42 | 000,000,336 | ---- | C] () -- C:\Program Files\setup.ini
[2009/01/21 09:14:40 | 009,780,224 | ---- | C] () -- C:\Program Files\openofficeorg30.msi
[2008/11/13 01:07:14 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2008/11/13 01:07:14 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
[2008/09/19 04:59:22 | 000,532,480 | ---- | C] () -- C:\Windows\SysWow64\libxml2.dll
[2008/02/18 23:33:34 | 000,446,352 | ---- | C] () -- C:\Windows\SysWow64\OpenQuicktimeLib.dll
[2008/01/20 19:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

========== LOP Check ==========

[2010/03/11 10:33:05 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\iolo
[2010/03/11 10:33:05 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\iolo
[2011/01/16 14:08:28 | 000,000,000 | ---D | M] -- C:\Users\Stacey Mann\AppData\Roaming\Agile Web Solutions
[2009/12/01 16:19:17 | 000,000,000 | ---D | M] -- C:\Users\Stacey Mann\AppData\Roaming\Amazon
[2010/07/15 13:57:57 | 000,000,000 | ---D | M] -- C:\Users\Stacey Mann\AppData\Roaming\AOP
[2009/03/04 10:30:37 | 000,000,000 | ---D | M] -- C:\Users\Stacey Mann\AppData\Roaming\Blackberry Desktop
[2009/10/18 13:41:21 | 000,000,000 | ---D | M] -- C:\Users\Stacey Mann\AppData\Roaming\Canon
[2009/01/24 18:48:39 | 000,000,000 | ---D | M] -- C:\Users\Stacey Mann\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/08/03 21:29:58 | 000,000,000 | ---D | M] -- C:\Users\Stacey Mann\AppData\Roaming\com.picaboo.Picaboo.A382D4714709B456C4E0088DFC1F7243AF9EBF75.1
[2011/01/24 15:52:22 | 000,000,000 | ---D | M] -- C:\Users\Stacey Mann\AppData\Roaming\Dropbox
[2009/12/26 13:58:25 | 000,000,000 | ---D | M] -- C:\Users\Stacey Mann\AppData\Roaming\E-centives
[2009/08/24 18:15:49 | 000,000,000 | ---D | M] -- C:\Users\Stacey Mann\AppData\Roaming\EPSON
[2010/07/17 13:46:07 | 000,000,000 | ---D | M] -- C:\Users\Stacey Mann\AppData\Roaming\iolo
[2010/04/05 15:55:24 | 000,000,000 | ---D | M] -- C:\Users\Stacey Mann\AppData\Roaming\Mr Retro
[2010/11/24 15:09:34 | 000,000,000 | ---D | M] -- C:\Users\Stacey Mann\AppData\Roaming\MyPublisher
[2009/11/12 12:48:19 | 000,000,000 | ---D | M] -- C:\Users\Stacey Mann\AppData\Roaming\Net Pro FX
[2009/02/16 10:51:50 | 000,000,000 | ---D | M] -- C:\Users\Stacey Mann\AppData\Roaming\OpenOffice.org
[2009/01/21 13:46:50 | 000,000,000 | ---D | M] -- C:\Users\Stacey Mann\AppData\Roaming\PictureMover
[2010/09/09 12:32:46 | 000,000,000 | ---D | M] -- C:\Users\Stacey Mann\AppData\Roaming\Research In Motion
[2009/01/22 10:07:46 | 000,000,000 | ---D | M] -- C:\Users\Stacey Mann\AppData\Roaming\Template
[2010/12/13 22:16:02 | 000,000,000 | ---D | M] -- C:\Users\Stacey Mann\AppData\Roaming\Tific
[2009/06/13 16:33:34 | 000,000,000 | ---D | M] -- C:\Users\Stacey Mann\AppData\Roaming\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
[2009/11/13 16:41:42 | 000,000,000 | ---D | M] -- C:\Users\Stacey Mann\AppData\Roaming\Walgreens
[2009/01/29 16:46:55 | 000,000,000 | ---D | M] -- C:\Users\Stacey Mann\AppData\Roaming\ZipGenius
[2011/01/23 19:58:22 | 000,032,520 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/01/24 02:30:40 | 000,000,404 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{9EECD9E5-444A-47C9-9A86-8760AA039549}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2009/04/10 23:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/11/13 00:29:02 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2011/01/24 19:55:08 | 000,019,854 | ---- | M] () -- C:\ComboFix.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 08:44:20 | 000,075,280 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:44:20 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:44:20 | 000,090,128 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:44:20 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:44:20 | 000,094,224 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08:44:20 | 000,080,400 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08:44:20 | 000,078,864 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08:44:20 | 000,074,768 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08:44:20 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2005/09/23 01:39:38 | 000,894,976 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2011/01/23 20:00:14 | 036,913,150 | -HS- | M] () -- C:\pagefile.sys
[2008/11/13 01:43:24 | 000,000,361 | ---- | M] () -- C:\updatedatfix.log
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 08:50:40 | 001,927,956 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08:53:12 | 000,242,176 | ---- | M] () -- C:\VC_RED.MSI

< %systemroot%\Fonts\*.com >
[2006/11/02 08:06:41 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 08:06:41 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 08:06:41 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2010/07/18 15:59:49 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 14:35:48 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/20 20:21:59 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/05/11 15:47:41 | 000,000,574 | -HS- | M] () -- C:\Users\Stacey Mann\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/01/24 19:34:02 | 004,160,066 | R--- | M] () -- C:\Users\Stacey Mann\Desktop\ComboFix.exe
[2011/01/23 19:46:24 | 000,296,448 | ---- | M] () -- C:\Users\Stacey Mann\Desktop\GMER9rjlw360.exe
[2011/01/24 20:23:37 | 000,603,136 | ---- | M] (OldTimer Tools) -- C:\Users\Stacey Mann\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/04/13 22:43:06 | 000,000,398 | -HS- | M] () -- C:\Users\Stacey Mann\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2009/01/22 13:52:34 | 008,673,792 | ---- | M] () -- C:\ProgramData\atscie.msi
[2010/12/13 22:42:22 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Stacey Mann:Roxio EMC Stream

< End of report >

mannclann · 2011/01/24

OTL ExtrasOTL Extras logfile created on: 1/24/2011 8:25:14 PM - Run 1
OTL by OldTimer - Version 3.2.20.5 Folder = C:\Users\Stacey Mann\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 5.00 Gb Available Physical Memory | 63.00% Memory free
16.00 Gb Paging File | 13.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 685.08 Gb Total Space | 387.08 Gb Free Space | 56.50% Space Free | Partition Type: NTFS
Drive D: | 13.41 Gb Total Space | 1.84 Gb Free Space | 13.70% Space Free | Partition Type: NTFS

Computer Name: HP-A6750Y | User Name: Stacey Mann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll ",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll ",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 63 37 94 83 D3 26 CB 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0059D658-FAE8-494C-BB9F-705528B8B8F9}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery |
"{1AB67CC1-E67F-4939-B624-484846BF4983}" = rport=137 | protocol=17 | dir=out | app=system |
"{1D23D16F-4AED-4C19-8D2D-39A7CF807196}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe |
"{2B972574-A80B-4BDB-92D8-3F0A9CDF82D8}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer |
"{2C6659DA-2FC7-48E0-BF70-E24308CD17C3}" = lport=139 | protocol=6 | dir=in | app=system |
"{444360C1-8894-453E-A9FB-6C23B68A822E}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |
"{662763B4-BE4A-4FF0-85A0-08D837A0D3BF}" = lport=137 | protocol=17 | dir=in | app=system |
"{798AE43B-0C4E-4753-A06F-3354166F70F8}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery |
"{8328EAAE-EC1C-4B27-A5C9-AB4CF2A8EC12}" = rport=445 | protocol=6 | dir=out | app=system |
"{9BD171AE-F78D-4EE1-A669-1C3622B01BFD}" = rport=139 | protocol=6 | dir=out | app=system |
"{9E98C124-CA9C-4151-8876-FDA91AEAB43A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B51B3568-39BA-499C-BF8E-6CD8A1DA6997}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{BB075F00-D225-4C99-A115-7ECEBE02560E}" = lport=445 | protocol=6 | dir=in | app=system |
"{BE07ECE8-6007-4E84-AF7D-C4627CEDDA9D}" = lport=138 | protocol=17 | dir=in | app=system |
"{C3FEAFA9-EFCF-4F3B-8E80-2A435EA5D2BD}" = rport=138 | protocol=17 | dir=out | app=system |
"{C8FEFE58-6693-42B3-934B-60A0C4D773EE}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{CE967EAC-0BDA-4443-84AC-A8827541F9B4}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{D7EC4879-8C30-4297-AC1C-4CA1640D6976}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer |
"{ED3C82E8-D29B-4E17-9830-CB781821E18C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{FA4C0443-01AC-4E7D-9B23-EDE102390B88}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{FB3D1D2D-3199-4627-9DE6-3DF85F4A5B2C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=file and printer sharing (spooler service - rpc-epmap) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0219DD3E-5769-4609-A7E5-86311997A7B5}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{12D859A4-34B3-47D3-A9CE-180F4193E9E1}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{370A7E88-DE54-46DD-9F75-DF8D5BAFDC13}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{38C8B491-2341-4D98-892A-BE6A8A3C16C0}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{38D75F8D-DF2C-46A2-81E0-19193ABD00BA}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{4010FCCD-A9E9-46C4-962D-9E08767D2ED9}" = protocol=6 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |
"{41F43427-ABA7-4FDB-BA4E-1EAF70360637}" = protocol=58 | dir=out | name=file and printer sharing (echo request - icmpv6-out) |
"{46A343C5-6548-448C-9719-17D5669FFEE8}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{4CFEB99F-D40A-42B2-834E-6BA32A674C27}" = protocol=58 | dir=in | name=file and printer sharing (echo request - icmpv6-in) |
"{57971AB5-2CAA-4E43-B3E1-132E2C90CC8F}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{5C6C451D-DB31-4801-A098-79BD61825983}" = protocol=17 | dir=in | app=c:\users\stacey mann\appdata\roaming\dropbox\bin\dropbox.exe |
"{7CB22A84-D965-45AC-B989-59D6F60540AB}" = protocol=17 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |
"{90ED1B3C-044F-4046-BA96-46868956A95A}" = protocol=6 | dir=in | app=c:\users\stacey mann\appdata\roaming\dropbox\bin\dropbox.exe |
"{99AD7928-4634-49E8-B3C8-3F3AD32C38A5}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{A754636A-7629-41A4-A670-0CA075CE36A0}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{C4EA98F9-8A9B-4183-9BCB-EB37F9AACA37}" = protocol=1 | dir=out | name=file and printer sharing (echo request - icmpv4-out) |
"{C6F3FCE8-E500-4B70-A5DA-ED4CEB166224}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{D6403C2E-2357-4A4F-9D13-49977ECB45AD}" = protocol=1 | dir=in | name=file and printer sharing (echo request - icmpv4-in) |
"{D95E514A-8CD7-4E1D-8F08-1D28EE5BD321}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{E49A4C17-CC4B-43B4-B0F2-0699334EEB4D}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{E7ADB57E-75AC-4A86-A953-F540F66A3958}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{E873FB94-F6DC-448E-98E8-8057F49A85BD}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{F0DF9C78-4A78-4549-8909-7E972F8A9558}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{F151234B-5127-4F25-8D86-C024BEC475B6}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4500_series" = Canon iP4500 series
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{318AD65D-4A2D-108F-CC1A-F57F5CD3A0D5}" = ATI Catalyst Install Manager
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{6A5F0AF2-0C80-4933-B78E-7BAA275903A1}" = ccc-utility64
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE16D92B-50F3-4FC5-B29C-13FAFEE1A6C6}" = LabelWriter Drivers
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2F7994F-661E-46D1-A1DF-67F2887AAA7E}" = HP MediaSmart SmartMenu
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{E533CFC9-6596-4C4B-8DC7-682247FB2D23}" = SmartFTP Client
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CanonMyPrinter" = Canon My Printer
"CCleaner" = CCleaner
"CutePDF Writer Installation" = CutePDF Writer 2.7
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"OfficeTrial" = Microsoft Office Home and Student 60 day trial

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{03BF5CB1-B72E-4CA6-A278-F65680F05420}" = HP Picasso Media Center Add-In
"{04462E0D-D4EC-7274-71E6-BE09242BE7C6}" = Catalyst Control Center Localization Russian
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Camera Window DS
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0EB37B0C-312B-3730-D5A8-03DEF93D8F88}" = CCC Help French
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{0FDEC602-1C69-B08C-C351-689B9E0395BC}" = CCC Help German
"{11BE5E20-76C9-DCAF-ECEA-BC7B04C82920}" = Catalyst Control Center Localization Spanish
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{17BF3045-AB1D-4048-8356-6C584B83565E}" = Canon Utilities Digital Photo Professional 2.0
"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
"{19506BDB-4EA7-491F-E8AB-E97109FDB296}" = muvee Reveal
"{1A2A3DE7-9FEB-8328-0C54-517B05606341}" = Catalyst Control Center Localization Finnish
"{1BF9C714-2DA7-53FA-B2A0-06B494A91360}" = Catalyst Control Center Localization Norwegian
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{23D5BC05-BB54-0926-F987-B6CB98460B49}" = MyFonts Order M1399868
"{259F8154-8D39-8346-5B1D-7A2175686D27}" = Catalyst Control Center Localization Thai
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{2ED95A60-5AE1-7F13-FC1E-11FD9DD05E82}" = CCC Help Dutch
"{3127BE74-0D37-3CFE-93F5-1A5AC0FA4E3F}" = CCC Help Portuguese
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}" = Canon Camera WIA Driver
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{36C65B50-37BA-4467-AAD5-0523EFDF6F62}" = Camera Window MC
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C85A64F-67A3-DB7F-952A-CF28AA180BFF}" = Catalyst Control Center Graphics Previews Vista
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FB81D45-08CF-22A0-F167-38E246CF2641}" = Catalyst Control Center Localization Turkish
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{413E908B-9634-3CA4-0820-955741413401}" = Catalyst Control Center Localization French
"{41D3C3F4-99A5-D45E-DFC6-3076CDAD63AC}" = Catalyst Control Center Localization Chinese Traditional
"{46C20FC4-3932-0B64-0CDF-6FC3590B72DD}" = Catalyst Control Center Localization Swedish
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{508D42C6-1CB1-6E14-3C04-B51F2988AC24}" = CCC Help Chinese Traditional
"{50B74E75-7007-DAD8-80D6-B954EC5AF1AC}" = MyFonts Order M1013466
"{515CB78F-31E8-A196-FBA2-C54BEB58D4A1}" = ccc-core-static
"{54DFCA39-7269-8FAD-699C-EB42DC337601}" = Catalyst Control Center Localization Dutch
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{589D17BB-C997-48C0-BCD2-CC8DC3375FE8}" = EOS Capture 1.5
"{5BD0CB24-11AF-4BA8-A198-38D25257C656}" = LightScribe Template Labeler
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5FFDF42B-96BC-5845-2D39-4F5021092336}" = Catalyst Control Center Localization Hungarian
"{61CA59BF-8BE1-723D-4C19-9FF91A23619A}" = MyFonts Order M1606301
"{62819EFD-659D-D507-013E-0541FFDF71C7}" = Skins
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{64C61623-E9E9-AD76-4E3D-632ABDB3D3B7}" = Catalyst Control Center Localization Chinese Standard
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6820EA16-B5AD-4221-E0F6-22C52BC4F4BD}" = CCC Help Italian
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{6CF622FF-B0C8-5CE5-4CF7-E1790A50BCE9}" = Catalyst Control Center Localization Korean
"{6D161FB9-98B8-399B-1029-D6EFE4F7250F}" = Catalyst Control Center InstallProxy
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7D1D6A24-65D4-454C-8815-4F08A5FFF12C}" = Macromedia Shockwave Player
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{814B6CB8-9268-C19C-8297-2ECF7F02EBE8}" = Catalyst Control Center Localization Portuguese
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}" = PhotoStitch
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{896F4AF0-C6C3-A4F4-0EE0-CB1D4DD5053E}" = MyFonts Order M2054173
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95E75AEE-CC70-62FC-317E-CD6CBBF2AF2B}" = Catalyst Control Center Graphics Full New
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D8A4CBF-236E-8BFA-C56A-2FA3BDBA6647}" = Catalyst Control Center Localization German
"{9E67B8B9-23A7-BA38-27CA-1BD20387EBB5}" = Catalyst Control Center Graphics Light
"{9F2EEB98-2578-E655-32EC-48991FC65149}" = CCC Help Russian
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A068D32D-D140-40CE-9E8D-2F7563066A6D}" = Catalyst Control Center - Branding
"{A1D0D14A-B776-4907-BC00-5149F2298086}" = Camera Support Core Library
"{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}" = Camera Window DVC
"{A3AB35FA-943E-4799-99DC-46EFD59E998F}" = AMD USB Audio Driver Filter
"{A516050E-4461-DA8B-98BE-E5804F50452A}" = CCC Help English
"{A5885BCC-94DD-F74D-32E6-C72C72CFAEE2}" = Catalyst Control Center Core Implementation
"{A7A34EC1-ADC1-B523-5B27-0A4A927E4F68}" = CCC Help Japanese
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{AC776273-B538-D23E-5636-9862787B134A}" = CCC Help Polish
"{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}" = Ipswitch WS_FTP Professional 2007
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B1C0D829-FE30-059E-E93F-CDC7A48235C0}" = FlipShare
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2A30878-64C6-7145-BA60-5B3E6FC594F9}" = Catalyst Control Center Localization Czech
"{B2AE9662-A748-DEBB-D252-8758F02AA9BC}" = CCC Help Czech
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B41F7D8C-115E-CA45-F80A-1BFF49CD3EC7}" = CCC Help Thai
"{B4742B42-C7DD-0E0B-11B2-D00EF50E9F1E}" = CCC Help Finnish
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B8461E91-76C3-2EC2-2277-AB565F39AB73}" = Catalyst Control Center Localization Japanese
"{B8628316-6B40-4315-F3F6-C40DA20476AD}" = CCC Help Danish
"{B9468C91-0ACB-A5FA-9BB6-D5705741875B}" = Catalyst Control Center Localization Danish
"{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}" = RAW Image Task 2.2
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}" = Canon PhotoRecord
"{BEFBEDDF-1417-4C8A-92FB-F003C0D41199}" = OpenOffice.org 3.2
"{C0928BDC-D926-EADB-9F49-3DA217886AE8}" = Catalyst Control Center Graphics Full Existing
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon ZoomBrowser EX (E)
"{C2B9AA2E-FEA1-307C-1D51-98A5BA67BBA6}" = CCC Help Greek
"{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CA07FCFD-2BD4-93DC-C96C-E710254ADF0F}" = Catalyst Control Center Localization Italian
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF7077C9-D94E-BA7F-26FD-303EB48A58C7}" = CCC Help Norwegian
"{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}" = BlackBerry Desktop Software 6.0
"{D32CB7FD-DCB6-2211-21D4-A7ABA3704CC7}" = CCC Help Korean
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6F47BAC-5757-665D-3CDD-BC490B9E0534}" = CCC Help Spanish
"{DA9DAC64-C947-47BA-B411-8A1959B177CF}" = LightScribe System Software 1.14.25.1
"{DBE17B8C-3B2B-6480-C3A1-BFA72FB7A5BD}" = CCC Help Chinese Standard
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DE788E95-F906-45F1-025A-EF2BC39A76FB}" = Catalyst Control Center Localization Greek
"{DFBD51BC-0132-7D56-CBC0-057A13B25116}" = CCC Help Swedish
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1D0F3DF-08CE-8051-3027-F40D3B012E8A}" = CCC Help Turkish
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{EA50F6E4-8542-4B2B-B344-D080D5DA0EB1}" = BlackBerry Device Software Updater
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC3B598C-1151-4191-B5B4-A9072ADE6259}_is1" = ZipGenius 6 (6.0.3.1150)
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2C19F3A-9A6A-AF80-E136-88F056AECCFE}" = Catalyst Control Center Localization Polish
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FC188F5E-27F7-7BA6-3433-6ABAE6AF7B28}" = CCC Help Hungarian
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1Password_is1" = 1Password 1.0.2.155
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"7-Zip" = 7-Zip 4.42
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0
"Bulk Rename Utility_is1" = Bulk Rename Utility 2.7.1.1
"Color Schemer Studio_is1" = Color Schemer Studio
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"EPSON Scanner" = EPSON Scan
"InstallShield_{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Canon Camera Window DSLR 5 for ZoomBrowser EX
"InstallShield_{17BF3045-AB1D-4048-8356-6C584B83565E}" = Canon Utilities Digital Photo Professional 2.0
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}" = Canon EOS Kiss_N REBEL_XT 350D WIA Driver
"InstallShield_{36C65B50-37BA-4467-AAD5-0523EFDF6F62}" = Canon Camera Window MC 5 for ZoomBrowser EX
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{589D17BB-C997-48C0-BCD2-CC8DC3375FE8}" = Canon Utilities EOS Capture 1.5
"InstallShield_{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
"InstallShield_{A1D0D14A-B776-4907-BC00-5149F2298086}" = Canon Camera Support Core Library
"InstallShield_{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"NIS" = Norton Internet Security
"SmartFTP Client 3.0 (x64) Setup Files" = SmartFTP Client Setup Files 3.0 (x64) (remove only)
"SmartFTP Client 4.0 (x64) Setup Files" = SmartFTP Client Setup Files 4.0 (x64) (remove only)
"virtualPhotographer_is1" = virtualPhotographer 1.5.6
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3804377023-3152457012-3232446840-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/9/2011 6:01:03 AM | Computer Name = HP-a6750y | Source = MsiInstaller | ID = 11706
Description =

Error - 1/9/2011 6:01:11 AM | Computer Name = HP-a6750y | Source = MsiInstaller | ID = 1023
Description =

Error - 1/10/2011 2:22:31 AM | Computer Name = HP-a6750y | Source = Perflib | ID = 1015
Description =

Error - 1/10/2011 6:01:16 AM | Computer Name = HP-a6750y | Source = MsiInstaller | ID = 11706
Description =

Error - 1/10/2011 6:01:20 AM | Computer Name = HP-a6750y | Source = MsiInstaller | ID = 1023
Description =

Error - 1/11/2011 6:01:10 AM | Computer Name = HP-a6750y | Source = MsiInstaller | ID = 11706
Description =

Error - 1/11/2011 6:01:13 AM | Computer Name = HP-a6750y | Source = MsiInstaller | ID = 1023
Description =

Error - 1/11/2011 8:26:01 AM | Computer Name = HP-a6750y | Source = Perflib | ID = 1015
Description =

Error - 1/12/2011 12:09:17 AM | Computer Name = HP-a6750y | Source = MsiInstaller | ID = 1013
Description =

Error - 1/12/2011 12:21:58 AM | Computer Name = HP-a6750y | Source = Windows Search Service | ID = 3013
Description =

[ System Events ]
Error - 1/23/2011 11:05:22 PM | Computer Name = HP-a6750y | Source = Service Control Manager | ID = 7011
Description =

Error - 1/23/2011 11:05:22 PM | Computer Name = HP-a6750y | Source = Service Control Manager | ID = 7011
Description =

Error - 1/23/2011 11:05:22 PM | Computer Name = HP-a6750y | Source = Service Control Manager | ID = 7022
Description =

Error - 1/24/2011 6:02:57 AM | Computer Name = HP-a6750y | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 1/24/2011 9:21:16 PM | Computer Name = HP-a6750y | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.223 for the Network Card with network
address 002421136C9D has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 1/24/2011 9:21:42 PM | Computer Name = HP-a6750y | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.235 for the Network Card with network
address 002421136C9D has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 1/24/2011 9:21:56 PM | Computer Name = HP-a6750y | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.236 for the Network Card with network
address 002421136C9D has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 1/24/2011 10:33:27 PM | Computer Name = HP-a6750y | Source = Service Control Manager | ID = 7030
Description =

Error - 1/24/2011 10:50:34 PM | Computer Name = HP-a6750y | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 1/24/2011 10:52:01 PM | Computer Name = HP-a6750y | Source = Service Control Manager | ID = 7030
Description =

< End of report >

broni · 2011/01/24

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

==============================================================

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
O3 - HKU\S-1-5-21-3804377023-3152457012-3232446840-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-3804377023-3152457012-3232446840-1000\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/...oUploader5.cab (Reg Error: Key error.)
O16 - DPF: {28B66320-9687-4B13-8757-36F901887AB5} http://www.seehere.com/ips-opdata/la...ts/canvasx.cab (Reg Error: Key error.)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanage...ex-2.2.4.1.cab (Reg Error: Key error.)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.winkflash.com/photo/loade...eUploader5.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/...Uploader55.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://samsclubus.pnimedia.com/uploa...eX_Control.cab (Reg Error: Key error.)
O16 - DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} http://persnicketyprints.lifepics.co...Uploader57.cab (Reg Error: Key error.)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2010/03/11 10:33:05 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\iolo
[2010/03/11 10:33:05 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\iolo
[2010/07/17 13:46:07 | 000,000,000 | ---D | M] -- C:\Users\Stacey Mann\AppData\Roaming\iolo
@Alternate Data Stream - 76 bytes -> C:\Stacey Mann:Roxio EMC Stream

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
=============================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

IMPORTANT! UN-check Remove found threats

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, push List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

mannclann · 2011/01/24

All processes killed
========== OTL ==========Registry value HKEY_USERS\S-1-5-21-3804377023-3152457012-3232446840-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_USERS\S-1-5-21-3804377023-3152457012-3232446840-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{724D43A0-0D85-11D4-9908-00400523E39A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{724D43A0-0D85-11D4-9908-00400523E39A}\ not found.
Starting removal of ActiveX control {0CCA191D-13A6-4E29-B746-314DEE697D83}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0CCA191D-13A6-4E29-B746-314DEE697D83}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0CCA191D-13A6-4E29-B746-314DEE697D83}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0CCA191D-13A6-4E29-B746-314DEE697D83}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{0CCA191D-13A6-4E29-B746-314DEE697D83}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0CCA191D-13A6-4E29-B746-314DEE697D83}\ not found.
Starting removal of ActiveX control {28B66320-9687-4B13-8757-36F901887AB5}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{28B66320-9687-4B13-8757-36F901887AB5}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{28B66320-9687-4B13-8757-36F901887AB5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28B66320-9687-4B13-8757-36F901887AB5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{28B66320-9687-4B13-8757-36F901887AB5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28B66320-9687-4B13-8757-36F901887AB5}\ not found.
Starting removal of ActiveX control {4871A87A-BFDD-4106-8153-FFDE2BAC2967}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4871A87A-BFDD-4106-8153-FFDE2BAC2967}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4871A87A-BFDD-4106-8153-FFDE2BAC2967}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4871A87A-BFDD-4106-8153-FFDE2BAC2967}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4871A87A-BFDD-4106-8153-FFDE2BAC2967}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4871A87A-BFDD-4106-8153-FFDE2BAC2967}\ not found.
Starting removal of ActiveX control {5D637FAD-E202-48D1-8F18-5B9C459BD1E3}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5D637FAD-E202-48D1-8F18-5B9C459BD1E3}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5D637FAD-E202-48D1-8F18-5B9C459BD1E3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5D637FAD-E202-48D1-8F18-5B9C459BD1E3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5D637FAD-E202-48D1-8F18-5B9C459BD1E3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5D637FAD-E202-48D1-8F18-5B9C459BD1E3}\ not found.
Starting removal of ActiveX control {8100D56A-5661-482C-BEE8-AFECE305D968}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8100D56A-5661-482C-BEE8-AFECE305D968}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8100D56A-5661-482C-BEE8-AFECE305D968}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8100D56A-5661-482C-BEE8-AFECE305D968}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8100D56A-5661-482C-BEE8-AFECE305D968}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8100D56A-5661-482C-BEE8-AFECE305D968}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {BEA7310D-06C4-4339-A784-DC3804819809}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BEA7310D-06C4-4339-A784-DC3804819809}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BEA7310D-06C4-4339-A784-DC3804819809}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEA7310D-06C4-4339-A784-DC3804819809}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{BEA7310D-06C4-4339-A784-DC3804819809}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEA7310D-06C4-4339-A784-DC3804819809}\ not found.
Starting removal of ActiveX control {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F}\ not found.
Starting removal of ActiveX control {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
C:\ProgramData\webex\ieatgpc.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
File delete failed. C:\Windows\SysNative\OLD361E.tmp scheduled to be deleted on reboot.
C:\Users\Default\AppData\Roaming\iolo folder moved successfully.
Folder C:\Users\Default User\AppData\Roaming\iolo\ not found.
C:\Users\Stacey Mann\AppData\Roaming\iolo\System Snapshots Data folder moved successfully.
C:\Users\Stacey Mann\AppData\Roaming\iolo\SafetyNet\Temp folder moved successfully.
C:\Users\Stacey Mann\AppData\Roaming\iolo\SafetyNet folder moved successfully.
C:\Users\Stacey Mann\AppData\Roaming\iolo\Registry\Working folder moved successfully.
C:\Users\Stacey Mann\AppData\Roaming\iolo\Registry\Last folder moved successfully.
C:\Users\Stacey Mann\AppData\Roaming\iolo\Registry folder moved successfully.
C:\Users\Stacey Mann\AppData\Roaming\iolo\Installers folder moved successfully.
C:\Users\Stacey Mann\AppData\Roaming\iolo folder moved successfully.
ADS C:\Stacey Mann:Roxio EMC Stream deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Stacey Mann
->Temp folder emptied: 776189 bytes
->Temporary Internet Files folder emptied: 90070729 bytes
->Java cache emptied: 290056 bytes
->Flash cache emptied: 770 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 233528 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 65536 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 87.00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Stacey Mann
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.20.5 log created on 01242011_213418

Files\Folders moved on Reboot...
File move failed. C:\Windows\SysNative\OLD361E.tmp scheduled to be moved on reboot.
C:\Users\Stacey Mann\AppData\Local\Temp\ppcrlui_7148_2 moved successfully.
C:\Users\Stacey Mann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YMAVDD4U\00b42e3a-b809-49b2-b433-cc45b2bc89d33rd_party_BBS[1].htm moved successfully.
C:\Users\Stacey Mann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YMAVDD4U\ads[2].htm moved successfully.
C:\Users\Stacey Mann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YMAVDD4U\audmeasure[1].gif moved successfully.
C:\Users\Stacey Mann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YMAVDD4U\audmeasure[2].gif moved successfully.
C:\Users\Stacey Mann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YMAVDD4U\L[2].htm moved successfully.
C:\Users\Stacey Mann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YMAVDD4U\p-01-0VIaSjnOLg[1].gif moved successfully.
C:\Users\Stacey Mann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YMAVDD4U\p-01-0VIaSjnOLg[2].gif moved successfully.
C:\Users\Stacey Mann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YMAVDD4U\p-01-0VIaSjnOLg[3].gif moved successfully.
C:\Users\Stacey Mann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9VN0Z658\L[2].htm moved successfully.
C:\Users\Stacey Mann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8G0Z3OHQ\97492-active-2nd-computer-very-sluggish-possible-password-lead[1].html moved successfully.
C:\Users\Stacey Mann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8G0Z3OHQ\audmeasure[1].gif moved successfully.
C:\Users\Stacey Mann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\64MI8XPR\iframescript[1].htm moved successfully.
File\Folder C:\Windows\temp\hsperfdata_HP-A6750Y$\492 not found!

Registry entries deleted on Reboot...

Results of screen317's Security Check version 0.99.7
Windows Vista (UAC is enabled)
Out of date service pack!!
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 23
Java(TM) 6 Update 7
Out of date Java installed!
Adobe Flash Player
Adobe Reader 9.4.1
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
Spybot Teatimer.exe is disabled!
``````````End of Log````````````

broni · 2011/01/24

Uninstall Java(TM) 6 Update 7 .

Update Adobe Reader

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.

mannclann · 2011/01/24

Done

Continue with TFC and Eset Scan?

broni · 2011/01/24

Please, do.

mannclann · 2011/01/26

Eset provided a clean scan with no infection

broni · 2011/01/26

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.

Close all other programs apart from OTL as this step will require a reboot

On the OTL main screen, press the CLEANUP button

Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.

mannclann · 2011/01/26

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Stacey Mann
->Temp folder emptied: 1423093 bytes
->Temporary Internet Files folder emptied: 115645727 bytes
->Java cache emptied: 288878 bytes
->Flash cache emptied: 1104 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 233528 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3408159 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 786838 bytes

Total Files Cleaned = 116.00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Stacey Mann
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.20.5 log created on 01262011_182612

Files\Folders moved on Reboot...
C:\Users\Stacey Mann\AppData\Local\Temp\ppcrlui_2868_2 moved successfully.
C:\Users\Stacey Mann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y0NJY9NY\97492-active-2nd-computer-very-sluggish-possible-password-lead[1].html moved successfully.
C:\Users\Stacey Mann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y0NJY9NY\;ord=2104545423[1].htm moved successfully.
C:\Users\Stacey Mann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y0NJY9NY\;ord=2104551081[1].htm moved successfully.
C:\Users\Stacey Mann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y0NJY9NY\digitals[1].htm moved successfully.
C:\Users\Stacey Mann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y0NJY9NY\iframescript[1].htm moved successfully.
C:\Users\Stacey Mann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y0NJY9NY\p-01-0VIaSjnOLg[1].gif moved successfully.
C:\Users\Stacey Mann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N5XLT9RR\ads[2].htm moved successfully.
C:\Users\Stacey Mann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N5XLT9RR\ads[4].htm moved successfully.
C:\Users\Stacey Mann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N5XLT9RR\hopFeedIFrame[4].htm moved successfully.
C:\Users\Stacey Mann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N5XLT9RR\likebox[1].htm moved successfully.
C:\Users\Stacey Mann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GAI9E53O\p-01-0VIaSjnOLg[1].gif moved successfully.
C:\Users\Stacey Mann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GAI9E53O\p-01-0VIaSjnOLg[2].gif moved successfully.
C:\Users\Stacey Mann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GAI9E53O\search[1].htm moved successfully.
C:\Users\Stacey Mann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\09D52D6U\00b42e3a-b809-49b2-b433-cc45b2bc89d33rd_party_BBS[1].htm moved successfully.
C:\Users\Stacey Mann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\09D52D6U\adsCA7JJQCU.htm moved successfully.
C:\Users\Stacey Mann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\09D52D6U\adsCAE5UQ6U.htm moved successfully.
C:\Users\Stacey Mann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\09D52D6U\p-01-0VIaSjnOLg[1].gif moved successfully.
File move failed. C:\Windows\SysNative\OLD361E.tmp scheduled to be moved on reboot.
File\Folder C:\Windows\temp\hsperfdata_HP-A6750Y$\2300 not found!

Registry entries deleted on Reboot...

broni · 2011/01/26

12. Please, let me know, how your computer is doing.
Click to expand...

Whenever ready...

mannclann · 2011/01/26

Doing good. That's 2 down and one to go. Thanks again

broni · 2011/01/26

You're very welcome

Good luck and stay safe

Log in or Sign up

Solved 2nd Computer - Very Sluggish and Possible Password Lead

mannclann Inactive Thread Starter

broni Moderator Malware Analyst

mannclann Inactive Thread Starter

broni Moderator Malware Analyst

mannclann Inactive Thread Starter

mannclann Inactive Thread Starter

broni Moderator Malware Analyst

mannclann Inactive Thread Starter

broni Moderator Malware Analyst

mannclann Inactive Thread Starter

broni Moderator Malware Analyst

mannclann Inactive Thread Starter

broni Moderator Malware Analyst

mannclann Inactive Thread Starter

broni Moderator Malware Analyst

mannclann Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved 2nd Computer - Very Sluggish and Possible Password Lead

mannclann Inactive Thread Starter

broni Moderator Malware Analyst

mannclann Inactive Thread Starter

broni Moderator Malware Analyst

mannclann Inactive Thread Starter

mannclann Inactive Thread Starter

broni Moderator Malware Analyst

mannclann Inactive Thread Starter

broni Moderator Malware Analyst

mannclann Inactive Thread Starter

broni Moderator Malware Analyst

mannclann Inactive Thread Starter

broni Moderator Malware Analyst

mannclann Inactive Thread Starter

broni Moderator Malware Analyst

mannclann Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches