Solved Last One - Laptop same concerns

mannclann · 2011/01/25

[Resolved] Last One - Laptop same concerns

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5604

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

1/25/2011 7:54:26 PM
mbam-log-2011-01-25 (19-54-26).txt

Scan type: Quick scan
Objects scanned: 179593
Time elapsed: 11 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ( "%1" /S) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1 ") -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-25 22:13:29
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-60ZCT1 rev.13.01A13
Running: GMERpipyxxhd.exe; Driver: C:\Users\Rick\AppData\Local\Temp\pwayauoc.sys

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[3164] ntdll.dll!LdrLoadDll 77439390 5 Bytes JMP 00EA13F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3712] USER32.dll!TrackPopupMenu 766814F3 5 Bytes JMP 680A721D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[3856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [742D7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7432A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [742DBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [742CF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [742D75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [742CE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74308395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [742DDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [742CFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [742CFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [742C71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7435CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [742FC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [742CD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [742C6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [742C687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [742D2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Wistron
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP G70 Notebook PC
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 198):
0x81A0C000 \SystemRoot\system32\ntkrnlpa.exe
0x81DC5000 \SystemRoot\system32\hal.dll
0x80405000 \SystemRoot\system32\kdcom.dll
0x8040C000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8047C000 \SystemRoot\system32\PSHED.dll
0x8048D000 \SystemRoot\system32\BOOTVID.dll
0x80495000 \SystemRoot\system32\CLFS.SYS
0x804D6000 \SystemRoot\system32\CI.dll
0x8060F000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8068B000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80698000 \SystemRoot\system32\drivers\acpi.sys
0x806DE000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806E7000 \SystemRoot\system32\drivers\msisadrv.sys
0x806EF000 \SystemRoot\system32\drivers\pci.sys
0x80716000 \SystemRoot\system32\drivers\isapnp.sys
0x80725000 \SystemRoot\system32\drivers\mpio.sys
0x80741000 \SystemRoot\System32\drivers\partmgr.sys
0x80750000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80753000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8075D000 \SystemRoot\system32\drivers\volmgr.sys
0x8076C000 \SystemRoot\System32\drivers\volmgrx.sys
0x807B6000 \SystemRoot\system32\drivers\intelide.sys
0x807BD000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x807CB000 \SystemRoot\system32\drivers\aliide.sys
0x807D2000 \SystemRoot\system32\drivers\amdide.sys
0x807D9000 \SystemRoot\system32\drivers\cmdide.sys
0x807E1000 \SystemRoot\System32\drivers\mountmgr.sys
0x805B6000 \SystemRoot\system32\drivers\msdsm.sys
0x805D0000 \SystemRoot\system32\drivers\nvraid.sys
0x8200C000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8202D000 \SystemRoot\system32\drivers\pciide.sys
0x82034000 \SystemRoot\system32\drivers\viaide.sys
0x8203C000 \SystemRoot\system32\drivers\iastorv.sys
0x820DD000 \SystemRoot\system32\drivers\atapi.sys
0x820E5000 \SystemRoot\system32\drivers\ataport.SYS
0x82103000 \SystemRoot\system32\drivers\lsi_scsi.sys
0x8211D000 \SystemRoot\system32\drivers\storport.sys
0x8215E000 \SystemRoot\system32\drivers\msahci.sys
0x82168000 \SystemRoot\system32\drivers\hpcisss.sys
0x82173000 \SystemRoot\system32\drivers\adp94xx.sys
0x8220A000 \SystemRoot\system32\drivers\adpahci.sys
0x82256000 \SystemRoot\system32\drivers\adpu160m.sys
0x82271000 \SystemRoot\system32\drivers\SCSIPORT.SYS
0x82297000 \SystemRoot\system32\drivers\adpu320.sys
0x822BD000 \SystemRoot\system32\drivers\djsvs.sys
0x822D1000 \SystemRoot\system32\drivers\arc.sys
0x822E7000 \SystemRoot\system32\drivers\arcsas.sys
0x822FD000 \SystemRoot\system32\drivers\elxstor.sys
0x82391000 \SystemRoot\system32\drivers\i2omp.sys
0x8239B000 \SystemRoot\system32\drivers\iirsp.sys
0x823AB000 \SystemRoot\system32\drivers\iteatapi.sys
0x823B7000 \SystemRoot\system32\drivers\iteraid.sys
0x823C3000 \SystemRoot\system32\drivers\lsi_fc.sys
0x823DD000 \SystemRoot\system32\drivers\lsi_sas.sys
0x823F5000 \SystemRoot\system32\drivers\megasas.sys
0x8A201000 \SystemRoot\system32\drivers\megasr.sys
0x8A2B8000 \SystemRoot\system32\drivers\mraid35x.sys
0x8A2C3000 \SystemRoot\system32\drivers\nfrd960.sys
0x8A2D1000 \SystemRoot\system32\drivers\nvstor.sys
0x8A40F000 \SystemRoot\system32\drivers\ql2300.sys
0x8A547000 \SystemRoot\system32\drivers\ql40xx.sys
0x8A59C000 \SystemRoot\system32\drivers\sisraid2.sys
0x8A5A9000 \SystemRoot\system32\drivers\sisraid4.sys
0x8A5BE000 \SystemRoot\system32\drivers\symc8xx.sys
0x8A5CA000 \SystemRoot\system32\drivers\sym_hi.sys
0x8A5D5000 \SystemRoot\system32\drivers\sym_u3.sys
0x8A2DE000 \SystemRoot\system32\drivers\uliahci.sys
0x8A31A000 \SystemRoot\system32\drivers\ulsata.sys
0x8A33B000 \SystemRoot\system32\drivers\ulsata2.sys
0x8A367000 \SystemRoot\system32\drivers\vsmraid.sys
0x8A388000 \SystemRoot\system32\drivers\fltmgr.sys
0x8A5E0000 \SystemRoot\system32\drivers\fileinfo.sys
0x8A5F0000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8A60E000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8A67F000 \SystemRoot\system32\drivers\ndis.sys
0x8A78A000 \SystemRoot\system32\drivers\msrpc.sys
0x8A7B5000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A80A000 \SystemRoot\System32\drivers\tcpip.sys
0x8A8F4000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8AA0B000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8AB1B000 \SystemRoot\system32\drivers\wd.sys
0x8AB23000 \SystemRoot\system32\drivers\volsnap.sys
0x8AB5C000 \SystemRoot\System32\Drivers\spldr.sys
0x8AB64000 \SystemRoot\system32\drivers\sbp2port.sys
0x8AB79000 \SystemRoot\System32\Drivers\mup.sys
0x8AB88000 \SystemRoot\System32\drivers\ecache.sys
0x8ABAF000 \SystemRoot\system32\drivers\disk.sys
0x8ABC0000 \SystemRoot\system32\drivers\crcdisk.sys
0x8ABEB000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8ABF6000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8A90F000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8AA00000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8E403000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8ED20000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8EDC1000 \SystemRoot\System32\drivers\watchdog.sys
0x8EDCD000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8A91E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8EDD8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8A95C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8A3BA000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x8F20F000 \SystemRoot\system32\DRIVERS\athr.sys
0x8F31D000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8F330000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x8F335000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8F340000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8F370000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8F372000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8F37D000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8F381000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8F399000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8F3C8000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8F3D3000 \SystemRoot\System32\Drivers\RootMdm.sys
0x8F3DB000 \SystemRoot\system32\drivers\modem.sys
0x8F3E8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8F200000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x821DD000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8EDE7000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8A9E9000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8A3E9000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8EDF6000 \SystemRoot\system32\DRIVERS\tap0901.sys
0x8A800000 \SystemRoot\system32\DRIVERS\RimSerial.sys
0x8A7F0000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8F20B000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8F406000 \SystemRoot\system32\DRIVERS\ks.sys
0x8F430000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8F43A000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8F447000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8F47C000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8F48D000 \SystemRoot\system32\drivers\CHDRT32.sys
0x8F4C8000 \SystemRoot\system32\drivers\portcls.sys
0x8F4F5000 \SystemRoot\system32\drivers\drmk.sys
0x8F51A000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8FA0C000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8FB0F000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8FBC4000 \SystemRoot\system32\drivers\IntcHdmi.sys
0x8FBE5000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8FBEE000 \SystemRoot\System32\Drivers\Null.SYS
0x8FBF5000 \SystemRoot\System32\Drivers\Beep.SYS
0x8F558000 \SystemRoot\system32\drivers\HIDPARSE.SYS
0x8FA00000 \SystemRoot\System32\drivers\vga.sys
0x8F55F000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8F580000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8F588000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8F590000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8F59B000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8F5A9000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8F5B2000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8F5C8000 \SystemRoot\system32\DRIVERS\smb.sys
0x8FC0D000 \SystemRoot\system32\drivers\afd.sys
0x8FC55000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8FC87000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x8FC90000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8FCA6000 \SystemRoot\system32\drivers\RTSTOR.SYS
0x8FCBA000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8FCC8000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8FCDB000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8FD17000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8FD21000 \SystemRoot\System32\Drivers\FileDisk.SYS
0x8FD24000 \??\C:\Windows\system32\drivers\ElRawDsk.sys
0x8FD28000 \SystemRoot\System32\Drivers\dfsc.sys
0x8FD3F000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8FD56000 \SystemRoot\System32\Drivers\usbvideo.sys
0x8FD77000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8FD84000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8FD8F000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x97C50000 \SystemRoot\System32\win32k.sys
0x8FD99000 \SystemRoot\System32\drivers\Dxapi.sys
0x8FDA3000 \SystemRoot\system32\DRIVERS\monitor.sys
0x97E70000 \SystemRoot\System32\TSDDD.dll
0x97E90000 \SystemRoot\System32\cdd.dll
0x97EA0000 \SystemRoot\System32\ATMFD.DLL
0x8FDB2000 \SystemRoot\system32\drivers\luafv.sys
0x8FDCD000 \SystemRoot\system32\DRIVERS\amp.sys
0xAB805000 \SystemRoot\system32\drivers\spsys.sys
0xAB8B5000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xAB8C5000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xAB8EF000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xAB8F9000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xAB90C000 \SystemRoot\system32\drivers\HTTP.sys
0xAB979000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xAB996000 \SystemRoot\system32\DRIVERS\bowser.sys
0xAB9AF000 \SystemRoot\System32\drivers\mpsdrv.sys
0xAB9C4000 \SystemRoot\system32\drivers\mrxdav.sys
0x8F5DC000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xAC409000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xAC442000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xAC45A000 \SystemRoot\System32\DRIVERS\srv2.sys
0xAC482000 \SystemRoot\System32\DRIVERS\srv.sys
0xAC5FC000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xAC400000 \SystemRoot\system32\drivers\npf.sys
0xAE201000 \SystemRoot\system32\drivers\peauth.sys
0xAE2DF000 \SystemRoot\System32\Drivers\secdrv.SYS
0xAE2E9000 \SystemRoot\System32\drivers\tcpipreg.sys
0xAE2F5000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xAC4D0000 \SystemRoot\system32\DRIVERS\ampse.sys
0xAE2FD000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xAE313000 \??\C:\Users\Rick\AppData\Local\Temp\pwayauoc.sys
0x77410000 \Windows\System32\ntdll.dll

Processes (total 84):
0 System Idle Process
4 System
436 C:\Windows\System32\smss.exe
572 csrss.exe
616 C:\Windows\System32\wininit.exe
628 csrss.exe
660 C:\Windows\System32\services.exe
672 C:\Windows\System32\lsass.exe
684 C:\Windows\System32\lsm.exe
796 C:\Windows\System32\winlogon.exe
876 C:\Windows\System32\svchost.exe
940 C:\Windows\System32\svchost.exe
984 C:\Windows\System32\svchost.exe
1092 C:\Windows\System32\svchost.exe
1148 C:\Windows\System32\svchost.exe
1164 C:\Windows\System32\svchost.exe
1236 C:\Windows\System32\audiodg.exe
1260 C:\Windows\System32\svchost.exe
1280 C:\Windows\System32\SLsvc.exe
1316 C:\Windows\System32\svchost.exe
1540 C:\Windows\System32\svchost.exe
1752 C:\Windows\System32\spoolsv.exe
1776 C:\Windows\System32\svchost.exe
344 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
536 C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
608 C:\Windows\System32\svchost.exe
1228 C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
284 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
1508 C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
560 C:\Windows\System32\svchost.exe
2056 C:\Windows\System32\NLSSRV32.EXE
2104 C:\Windows\System32\svchost.exe
2116 C:\Windows\System32\svchost.exe
2132 C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
2200 C:\Program Files\SMINST\BLService.exe
2212 C:\Program Files\CyberLink\Shared files\RichVideo.exe
2268 C:\Windows\System32\svchost.exe
2284 C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
2316 C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
2344 C:\Windows\System32\svchost.exe
2364 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2420 C:\Windows\System32\SearchIndexer.exe
2476 C:\Windows\System32\drivers\XAudio.exe
2524 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
2532 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
2772 C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
3104 C:\Windows\System32\taskeng.exe
3252 unsecapp.exe
3328 WmiPrvSE.exe
3340 C:\Windows\System32\svchost.exe
3684 C:\Program Files\iolo\System Mechanic Professional\System Shield\ioloSSTray.exe
3744 C:\Windows\System32\taskeng.exe
3784 C:\Windows\System32\dwm.exe
3856 C:\Windows\explorer.exe
4000 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
4012 C:\Program Files\HP\QuickPlay\QPService.exe
2416 C:\Program Files\Windows Defender\MSASCui.exe
744 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
1652 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
3040 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
3188 C:\Windows\System32\igfxtray.exe
900 C:\Windows\System32\hkcmd.exe
3504 C:\Windows\System32\igfxpers.exe
2884 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
3320 C:\Users\Rick\AppData\Roaming\Dropbox\bin\Dropbox.exe
2732 C:\Windows\System32\igfxsrvc.exe
2304 C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
4060 WmiPrvSE.exe
4196 C:\Program Files\Windows Media Player\wmpnscfg.exe
4352 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
4416 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
4504 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
4656 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
4692 C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
4760 C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
5500 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
6068 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
3968 C:\Windows\System32\wuauclt.exe
3164 C:\Program Files\Mozilla Firefox\firefox.exe
3712 C:\Program Files\Mozilla Firefox\plugin-container.exe
4572 C:\Windows\System32\SearchProtocolHost.exe
4088 MpCmdRun.exe
4792 C:\Users\Rick\Desktop\MBRCheck.exe
3604 C:\Windows\System32\SearchFilterHost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000047`cab00000 (NTFS)

PhysicalDrive0 Model Number: WDCWD3200BEVT-60ZCT1, Rev: 13.01A13

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: E6CCDBFD8F5B3DAA80CE1AA64C67955A606A347D

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

DDS (Ver_10-12-12.02) - NTFSx86
Run by Rick at 22:26:15.09 on Tue 01/25/2011
Internet Explorer: 8.0.6001.18999 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.1.1033.18.3002.1643 [GMT -7:00]

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\NLSSRV32.EXE
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\iolo\System Mechanic Professional\System Shield\ioloSSTray.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Users\Rick\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\DAP\DAP.EXE
C:\Windows\system32\notepad.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Rick\Desktop\dds.scr
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://shop.thefreevpn.com/home.php
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uSearch Page =
uSearch Bar =
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SBCONVERT Class: {3017fb3e-9a77-4396-88c5-0ec9548fb42f} - c:\program files\speedbit video downloader\toolbar\tbcore3.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: 1Password: {cb1a24da-7416-4921-a0cf-5aa1160aae2a} - c:\progra~1\1passw~1\AGILE1~1.DLL
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Download Accelerator Plus Integration: {ff6c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\dap\DAPIEL~1.DLL
BHO: GrabberObj Class: {ff7c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\speedb~1\toolbar\grabber.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
TB: SpeedBit Video Downloader: {0329e7d6-6f54-462d-93f6-f5c3118badf2} - c:\program files\speedbit video downloader\toolbar\tbcore3.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
EB: iOpus iMacros: {0483894e-2422-45e0-8384-021aff1af3cd} - c:\program files\imacros\imacros.dll
uRun: [IBP]
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Google Update] "c:\users\rick\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [DownloadAccelerator] "c:\program files\dap\DAP.EXE" /STARTUP
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe "
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5 "
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter "
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0 "
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0 "
mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0 "
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [iolo Startup] "c:\program files\iolo\common\lib\ioloLManager.exe "
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe "
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
StartupFolder: c:\users\rick\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\rick\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {00FAC6C9-C494-4AD8-B3C0-DE677AFDDBD8} - {5D7B119E-062F-476B-A5E7-797FAF554BA2} - c:\progra~1\1passw~1\AGILE1~1.DLL
IE: {0483894E-2422-45E0-8384-021AFF1AF3CD} - {0483894E-2422-45E0-8384-021AFF1AF3CD} - c:\program files\imacros\imacros.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: c:\windows\system32\iavlsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
Notify: igfxcui - igfxdev.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe "

================= FIREFOX ===================

FF - ProfilePath - c:\users\rick\appdata\roaming\mozilla\firefox\profiles\pnvm8p76.default\
FF - prefs.js: browser.startup.homepage - hxxp://digitalscrapbookpages.com/digitals/sdr458fEIldtgAE8/
FF - prefs.js: network.proxy.http - 173.208.51.246:12243
FF - prefs.js: network.proxy.http_port - 12243
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\1password\firefox@1passwd.com\components\Agile1pFF.dll
FF - component: c:\program files\dap\dapfirefox\components\DAPFireFox.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - component: c:\program files\speedbit video downloader\spfirefox\components\Engine.dll
FF - component: c:\users\rick\appdata\roaming\mozilla\firefox\profiles\pnvm8p76.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\rick\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\rick\appdata\roaming\mozilla\firefox\profiles\pnvm8p76.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Noia 2.0 (eXtreme): {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} - %profile%\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
FF - Ext: Gradient iCool: {de5809e0-2b07-11dd-bd0b-0800200c9a66} - %profile%\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66}
FF - Ext: RankChecker: rankchecker@seobook.com - %profile%\extensions\rankchecker@seobook.com
FF - Ext: Seo Toolbar: seotoolbar@seobook.com - %profile%\extensions\seotoolbar@seobook.com
FF - Ext: SEO For Firefox: seo4firefox@seobook.com - %profile%\extensions\seo4firefox@seobook.com
FF - Ext: Noia 2.0 eXtreme OPT: noia2_option@kk.noia - %profile%\extensions\noia2_option@kk.noia
FF - Ext: SeoQuake: {317B5128-0B0B-49b2-B2DB-1E7560E16C74} - %profile%\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF - Ext: Launch Clipboard: launchClipboard@alice - %profile%\extensions\launchClipboard@alice
FF - Ext: HootSuite: hootsuite@hootsuite.com - %profile%\extensions\hootsuite@hootsuite.com
FF - Ext: Rapportive: rapportive@rapportive.com - %profile%\extensions\rapportive@rapportive.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: SearchPredict: searchpredict@speedbit.com - c:\program files\searchpredict\PRFireFox
FF - Ext: SpeedBit Video Downloader: {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - c:\program files\speedbit video downloader\SPFireFox
FF - Ext: Download Accelerator Plus (DAP) extension: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08} - c:\program files\dap\DAPFireFox

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2010-7-9 20392]
R2 AMP;AMP;c:\windows\system32\drivers\amp.sys [2010-5-31 127016]
R2 AMPSE;AMPSE;c:\windows\system32\drivers\ampse.sys [2010-5-31 1118248]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2010-1-19 724664]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2010-1-19 724664]
R2 MySQL51;MySQL51; "c:\program files\mysql\mysql server 5.1\bin\mysqld" --defaults-file= "c:\program files\mysql\mysql server 5.1\my.ini" mysql51 --> c:\program files\mysql\mysql server 5.1\bin\mysqld [?]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2010-6-24 65856]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-6-25 35088]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2009-4-20 365952]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-6-26 1153368]
R2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2010-5-21 173352]
R2 vseamps;vseamps;c:\program files\common files\authentium\antivirus5\vseamps.exe [2010-1-19 121384]
R2 vsedsps;vsedsps;c:\program files\common files\authentium\antivirus5\vsedsps.exe [2010-1-19 117288]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-4-20 193840]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-6-29 112128]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-12-31 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 vseqrts;vseqrts;c:\program files\common files\authentium\antivirus5\vseqrts.exe [2010-1-19 158248]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

=============== File Associations ===============

JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2011-01-26 02:36:25 5890896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{ba5c3bce-6e42-4c57-8e1d-39b7f43aaa1b}\mpengine.dll
2011-01-22 14:47:50 388096 ----a-r- c:\users\rick\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-01-22 14:47:48 -------- d-----w- c:\program files\Trend Micro
2011-01-12 20:18:48 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
2011-01-12 20:18:48 57344 ----a-w- c:\program files\common files\system\msadc\msadcs.dll
2011-01-12 20:18:48 413696 ----a-w- c:\windows\system32\odbc32.dll
2011-01-12 20:18:48 253952 ----a-w- c:\program files\common files\system\ado\msadox.dll
2011-01-12 20:18:48 241664 ----a-w- c:\program files\common files\system\ado\msadomd.dll
2011-01-12 20:18:48 180224 ----a-w- c:\program files\common files\system\msadc\msadco.dll
2011-01-12 20:18:45 1169408 ----a-w- c:\windows\system32\sdclt.exe
2011-01-06 05:09:03 -------- d-----w- c:\users\rick\appdata\local\Apple Computer
2011-01-01 16:09:03 -------- d-----w- c:\users\rick\appdata\roaming\Agile Web Solutions
2011-01-01 16:08:32 1384448 ----a-w- c:\windows\system32\ChilkatCrypt2.dll
2011-01-01 16:08:29 -------- d-----w- c:\program files\1Password
2011-01-01 04:50:09 134753 ----a-w- c:\windows\Data Extractor Uninstaller.exe
2011-01-01 04:50:08 -------- d-----w- c:\program files\Data Extractor 3.3
2011-01-01 00:35:57 -------- d-----w- c:\program files\SpeedBit Video Accelerator
2010-12-31 23:36:01 -------- d-----w- c:\program files\SearchPredict
2010-12-31 23:35:57 -------- d-----w- c:\program files\SpeedBit Video Downloader
2010-12-31 23:18:00 -------- d-----w- c:\windows\en
2010-12-31 23:17:05 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-12-31 23:10:02 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-12-31 23:10:02 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-12-31 23:10:02 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-12-31 23:09:48 15712 ----a-w- c:\program files\common files\windows live\.cache\d1dfc2481cba93f0e\MeshBetaRemover.exe
2010-12-31 23:09:45 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-12-31 23:09:42 525656 ----a-w- c:\program files\common files\windows live\.cache\cc8006c81cba93f0c\DXSETUP.exe
2010-12-31 23:09:41 94040 ----a-w- c:\program files\common files\windows live\.cache\cc8006c81cba93f0c\DSETUP.dll
2010-12-31 23:09:41 1691480 ----a-w- c:\program files\common files\windows live\.cache\cc8006c81cba93f0c\dsetup32.dll
2010-12-31 23:09:38 525656 ----a-w- c:\program files\common files\windows live\.cache\caa37e981cba93f0b\DXSETUP.exe
2010-12-31 23:09:38 1691480 ----a-w- c:\program files\common files\windows live\.cache\caa37e981cba93f0b\dsetup32.dll
2010-12-31 23:09:37 94040 ----a-w- c:\program files\common files\windows live\.cache\caa37e981cba93f0b\DSETUP.dll
2010-12-31 23:09:08 -------- d-----w- c:\users\rick\appdata\local\Windows Live
2010-12-31 23:08:37 754688 ----a-w- c:\windows\system32\webservices.dll
2010-12-31 23:04:13 -------- d-----w- c:\windows\system32\x64
2010-12-31 23:02:11 -------- d-----w- c:\users\rick\{6e99ee59-0a11-4090-8df4-203236fa10c4}
2010-12-31 23:01:09 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-12-31 23:01:09 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-12-31 23:01:09 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-12-31 23:01:05 7680 ----a-w- c:\program files\internet explorer\iecompat.dll
2010-12-31 23:00:37 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-12-31 23:00:37 471552 ----a-w- c:\windows\system32\secproc.dll
2010-12-31 23:00:36 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-12-31 23:00:36 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-12-31 23:00:36 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-12-31 23:00:36 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-12-31 23:00:36 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-12-31 23:00:36 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-12-31 23:00:36 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-12-31 23:00:33 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat

==================== Find3M ====================

2010-12-02 22:27:32 87688 ----a-w- c:\windows\system32\IncContxMenu.dll
2010-12-02 22:26:54 11776 ----a-w- c:\windows\system32\smrgdf.exe
2010-12-02 22:26:48 29696 ----a-w- c:\windows\system32\iolobtdfg.exe
2010-12-02 22:18:28 2234040 ----a-w- c:\windows\system32\Incinerator.dll
2010-11-04 18:56:07 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-04 18:55:38 352768 ----a-w- c:\windows\system32\taskschd.dll
2010-11-04 18:55:38 270336 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-04 18:55:12 601600 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-04 16:34:06 171520 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 06:01:54 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-02 05:57:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-02 05:57:27 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-02 05:57:11 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-11-02 05:57:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-11-02 05:01:31 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 04:26:10 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-11-02 04:24:44 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-10-28 15:44:56 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-10-28 13:27:47 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-10-28 13:20:12 2048 ----a-w- c:\windows\system32\tzres.dll

============= FINISH: 22:27:37.93 ===============

mannclann · 2011/01/25

Attach
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/19/2009 7:20:46 PM
System Uptime: 1/25/2011 9:37:33 PM (1 hours ago)

Motherboard: Wistron | | 360C
Processor: Intel(R) Core(TM)2 Duo CPU T6500 @ 2.10GHz | CPU | 1044/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 287 GiB total, 76.246 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.822 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP556: 1/15/2011 3:00:19 AM - Windows Update
RP557: 1/15/2011 3:00:33 AM - Scheduled Checkpoint
RP558: 1/16/2011 3:00:18 AM - Windows Update
RP559: 1/17/2011 5:36:38 PM - Windows Update
RP560: 1/18/2011 5:57:42 PM - Windows Update
RP561: 1/18/2011 6:02:28 PM - Windows Update
RP562: 1/19/2011 8:44:55 PM - Windows Update
RP563: 1/20/2011 7:37:00 PM - Windows Update
RP564: 1/20/2011 7:56:32 PM - Removed Fuxion Harvester
RP565: 1/20/2011 7:58:46 PM - Removed Nitro PDF Professional
RP566: 1/20/2011 8:05:37 PM - Removed Easy Lead Finder
RP567: 1/20/2011 8:07:12 PM - Removed Microsoft Office Professional Plus 2010
RP568: 1/20/2011 8:35:39 PM - Removed Auto Blog Samurai
RP569: 1/21/2011 7:06:22 PM - Windows Update
RP570: 1/21/2011 7:10:26 PM - Windows Update
RP571: 1/22/2011 3:00:11 AM - Windows Update
RP572: 1/22/2011 7:47:06 AM - Installed HiJackThis
RP573: 1/23/2011 12:00:03 AM - Scheduled Checkpoint
RP574: 1/23/2011 3:00:11 AM - Windows Update
RP575: 1/23/2011 8:42:11 PM - Scheduled Checkpoint
RP576: 1/24/2011 8:14:56 PM - Windows Update
RP577: 1/25/2011 7:32:02 PM - Windows Update
RP578: 1/25/2011 7:35:55 PM - Windows Update

==== Installed Programs ======================

1Password 1.0.2.155
32 Bit HP CIO Components Installer
3ivx MPEG-4 5.0.3 (remove only)
6500_E709_eDocs
7-Zip 4.65
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Reader 9.4.1
Adobe Shockwave Player
Any Video Converter 3.0.5
AoA Audio Extractor
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Driver Installation Program
AVIGenerator V1.0.0.0
AVS Audio Converter version 6.2
AVS Update Manager 1.0
AVS Video Converter 6
AVS Video Editor 4
AVS Video Recorder 2.4
AVS YouTube Uploader version 2.1
AVS4YOU Software Navigator 1.4
AVSDK5
BlackBerry Desktop Software 6.0
bpd_scan
BPDSoftware
BPDSoftware_Ini
BufferChm
Canon ScanGear Starter
CCleaner
CoffeeCup Free HTML Editor
Compatibility Pack for the 2007 Office system
Conexant HD Audio
CyberLink DVD Suite
CyberLink YouCam
D3DX10
Data Extractor
Destination Component
DeviceDiscovery
DHTML Editing Component
DocMgr
DocProc
Download Accelerator Plus (DAP)
Dragon NaturallySpeaking 10
Dropbox
DupeFree Pro
ESU for Microsoft Vista
Fax
FileZilla Client 3.3.5.1
FlipShare
Google Chrome
GPBaseService2
HDAUDIO Soft Data Fax Modem with SmartCP
Hide My Ass! Pro 1.8
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Customer Participation Program 12.0
HP Doc Viewer
HP Document Manager 2.0
HP DVD Play 3.7
HP Help and Support
HP Imaging Device Functions 12.0
HP Officejet 6500 E709 Series
HP Quick Launch Buttons 6.40 H2
HP Smart Web Printing
HP Solution Center 12.0
HP Total Care Advisor
HP Total Care Setup
HP Update
HP User Guides 0118
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPNetworkAssistant
HPProductAssistant
HPSSupply
IAW20
IAWP
IBP 11.7.4
iMacros V6.90
Intel(R) Graphics Media Accelerator Driver
iolo technologies' System Mechanic Professional
Java Auto Updater
Java(TM) 6 Update 20
Java(TM) 6 Update 7
Jing
Junk Mail filter update
Juno Preloader
Keyword Prodigy
Korean Fonts Support For Adobe Reader 9
LabelPrint
LightScribe System Software 1.14.17.1
Malwarebytes' Anti-Malware
Market Samurai
MarketResearch
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Live Search Toolbar
Microsoft Office Outlook Connector
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Works
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mindjet MindManager Viewer 7
Mozilla Firefox (3.6.8)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
muvee Reveal
My HP Games
MySQL Connector/ODBC 5.1
MySQL Server 5.1
MySQL Tools for 5.0
NetWaiting
Network
NetZero Preloader
Norton Internet Security
OCR Software by I.R.I.S. 12.0
OGA Notifier 2.0.0048.0
OpenOffice.org 3.2
Playback 2.3.0.4
Power2Go
PowerDirector
ProductContext
PxMergeModule
QuickBooks Pro 2009
QuickTime
Rank Tracker
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek USB 2.0 Card Reader
S3 Ripper 1.3
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Segoe UI
SEO Spider 1.0
SERPAssist
Shop for HP Supplies
Skype Toolbars
Skype™ 4.2
SmartWebPrinting
SocialBot
SolutionCenter
SpeedBit Video Downloader
Spybot - Search & Destroy
Status
SupportSoft Assisted Service
Synaptics Pointing Device Driver
TeamViewer 5
Toolbox
Traffic and Linking Tool
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Visual C++ Runtime for Dragon NaturallySpeaking
Visual Studio 2005 Tools for Office Second Edition Runtime
VLC media player 1.0.5
WampServer 2.0
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
Windows Movie Maker 2.6
WinMerge 2.12.4
WinPcap 4.1.2
WinRAR archiver
WordFlood 2.0 (remove only)
ZipGenius 6 (6.0.3.1150)

==== Event Viewer Messages From Past Week ========

1/25/2011 9:53:38 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
1/25/2011 9:38:20 PM, Error: Microsoft-Windows-WMPNSS-Service [14324] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(WindowsMediaPlayer) encountered error '0x80040154'. If possible, reinstall Windows Media Player.
1/25/2011 9:38:02 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
1/25/2011 9:22:10 PM, Error: EventLog [6008] - The previous system shutdown at 9:19:09 PM on 1/25/2011 was unexpected.
1/25/2011 9:04:55 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/25/2011 8:56:11 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
1/25/2011 8:56:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments " " in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
1/25/2011 8:55:42 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC ElRawDisk FileDisk NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6 ws2ifsl
1/25/2011 8:55:42 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/25/2011 8:55:42 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
1/25/2011 8:55:42 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
1/25/2011 8:55:42 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
1/25/2011 8:55:42 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
1/25/2011 8:55:42 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
1/25/2011 8:55:42 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
1/25/2011 8:55:42 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
1/25/2011 8:55:42 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/25/2011 8:55:42 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/25/2011 8:55:42 PM, Error: Service Control Manager [7001] - The iolo System Service service depends on the Background Intelligent Transfer Service service which failed to start because of the following error: The dependency service or group failed to start.
1/25/2011 8:55:42 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/25/2011 8:55:42 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
1/25/2011 8:55:42 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
1/25/2011 8:55:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments " " in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
1/25/2011 8:55:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments " " in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
1/25/2011 8:55:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments " " in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
1/25/2011 8:55:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/25/2011 8:55:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments " " in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
1/25/2011 8:54:17 PM, Error: EventLog [6008] - The previous system shutdown at 8:52:06 PM on 1/25/2011 was unexpected.
1/25/2011 8:25:51 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
1/25/2011 8:25:51 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
1/25/2011 8:25:51 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
1/25/2011 8:25:51 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/25/2011 8:25:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments " " in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
1/22/2011 8:46:06 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\C:\Users\Rick\AppData\Local\Microsoft\Windows\UsrClass.dat' was corrupted and it has been recovered. Some data might have been lost.

==== End Of File ===========================

broni · 2011/01/26

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

============================================================

We need to double check your MBR...

Download Bootkit Remover to your Desktop.

You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/

After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator).

It will show a Black screen with some data on it.

Right click on the screen and click Select All.

Press CTRL+C

Open a Notepad and press CTRL+V

Post the output back here.

mannclann · 2011/01/26

Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.2.0.0
OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6
002), 32-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00100000
Boot sector MD5 is: b23e5cbb74b4fcefd775b490fc8131e6

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>

Done;
Press any key to quit...

broni · 2011/01/26

We need to fix it.

I believe, you have the CD already....

Please download NTBR by noahdfear and save it to your Desktop.
File size: 2.44 MB (2,565,432 bytes)

Place a blank CD in your CD drive.

Double click on NTBR_CD.exe file and a folder of the same name will appear.

Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.

Follow the prompts to burn the CD.

Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)

If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.

Insert the newly created CD into your infected PC and reboot your computer.

Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!

Read the warning and then continue as prompted.

You first need to select your keyboard layout - press Enter for English.

Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK

On the following screen enter 5 to select Install Standard MBR code.

Enter 1 to overwrite the infected MBR Code with the Standard MBR code.

When asked to confirm please do so.

Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.

Eject the disc and then press ctrl+alt+del to reboot the PC.

Once rebooted, run MBRCheck again and post its log.

**Important note to Dell users - fixing the MBR may prevent access to the Dell Restore Utility, which allows you to press a key on startup and revert your computer to a factory delivered state. If this is Dell computer, let me know before proceeding.

mannclann · 2011/01/26

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Wistron
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP G70 Notebook PC
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 200):
0x81A49000 \SystemRoot\system32\ntkrnlpa.exe
0x81A16000 \SystemRoot\system32\hal.dll
0x8040F000 \SystemRoot\system32\kdcom.dll
0x80416000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80486000 \SystemRoot\system32\PSHED.dll
0x80497000 \SystemRoot\system32\BOOTVID.dll
0x8049F000 \SystemRoot\system32\CLFS.SYS
0x804E0000 \SystemRoot\system32\CI.dll
0x80600000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8067C000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80689000 \SystemRoot\system32\drivers\acpi.sys
0x806CF000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806D8000 \SystemRoot\system32\drivers\msisadrv.sys
0x806E0000 \SystemRoot\system32\drivers\pci.sys
0x80707000 \SystemRoot\system32\drivers\isapnp.sys
0x80716000 \SystemRoot\system32\drivers\mpio.sys
0x80732000 \SystemRoot\System32\drivers\partmgr.sys
0x80741000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80744000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8074E000 \SystemRoot\system32\drivers\volmgr.sys
0x8075D000 \SystemRoot\System32\drivers\volmgrx.sys
0x807A7000 \SystemRoot\system32\drivers\intelide.sys
0x807AE000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x807BC000 \SystemRoot\system32\drivers\aliide.sys
0x807C3000 \SystemRoot\system32\drivers\amdide.sys
0x807CA000 \SystemRoot\system32\drivers\cmdide.sys
0x807D2000 \SystemRoot\System32\drivers\mountmgr.sys
0x807E2000 \SystemRoot\system32\drivers\msdsm.sys
0x805C0000 \SystemRoot\system32\drivers\nvraid.sys
0x805DB000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x80400000 \SystemRoot\system32\drivers\pciide.sys
0x80407000 \SystemRoot\system32\drivers\viaide.sys
0x82003000 \SystemRoot\system32\drivers\iastorv.sys
0x820A4000 \SystemRoot\system32\drivers\atapi.sys
0x820AC000 \SystemRoot\system32\drivers\ataport.SYS
0x820CA000 \SystemRoot\system32\drivers\lsi_scsi.sys
0x820E4000 \SystemRoot\system32\drivers\storport.sys
0x82125000 \SystemRoot\system32\drivers\msahci.sys
0x8212F000 \SystemRoot\system32\drivers\hpcisss.sys
0x8213A000 \SystemRoot\system32\drivers\adp94xx.sys
0x821A4000 \SystemRoot\system32\drivers\adpahci.sys
0x8220D000 \SystemRoot\system32\drivers\adpu160m.sys
0x82228000 \SystemRoot\system32\drivers\SCSIPORT.SYS
0x8224E000 \SystemRoot\system32\drivers\adpu320.sys
0x82274000 \SystemRoot\system32\drivers\djsvs.sys
0x82288000 \SystemRoot\system32\drivers\arc.sys
0x8229E000 \SystemRoot\system32\drivers\arcsas.sys
0x822B4000 \SystemRoot\system32\drivers\elxstor.sys
0x82348000 \SystemRoot\system32\drivers\i2omp.sys
0x82352000 \SystemRoot\system32\drivers\iirsp.sys
0x82362000 \SystemRoot\system32\drivers\iteatapi.sys
0x8236E000 \SystemRoot\system32\drivers\iteraid.sys
0x8237A000 \SystemRoot\system32\drivers\lsi_fc.sys
0x82394000 \SystemRoot\system32\drivers\lsi_sas.sys
0x823AC000 \SystemRoot\system32\drivers\megasas.sys
0x8A204000 \SystemRoot\system32\drivers\megasr.sys
0x8A2BB000 \SystemRoot\system32\drivers\mraid35x.sys
0x8A2C6000 \SystemRoot\system32\drivers\nfrd960.sys
0x8A2D4000 \SystemRoot\system32\drivers\nvstor.sys
0x8A403000 \SystemRoot\system32\drivers\ql2300.sys
0x8A53B000 \SystemRoot\system32\drivers\ql40xx.sys
0x8A590000 \SystemRoot\system32\drivers\sisraid2.sys
0x8A59D000 \SystemRoot\system32\drivers\sisraid4.sys
0x8A5B2000 \SystemRoot\system32\drivers\symc8xx.sys
0x8A5BE000 \SystemRoot\system32\drivers\sym_hi.sys
0x8A5C9000 \SystemRoot\system32\drivers\sym_u3.sys
0x8A2E1000 \SystemRoot\system32\drivers\uliahci.sys
0x8A5D4000 \SystemRoot\system32\drivers\ulsata.sys
0x8A31D000 \SystemRoot\system32\drivers\ulsata2.sys
0x8A349000 \SystemRoot\system32\drivers\vsmraid.sys
0x8A36A000 \SystemRoot\system32\drivers\fltmgr.sys
0x8A39C000 \SystemRoot\system32\drivers\fileinfo.sys
0x8A5F5000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8A60D000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8A67E000 \SystemRoot\system32\drivers\ndis.sys
0x8A789000 \SystemRoot\system32\drivers\msrpc.sys
0x8A7B4000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A803000 \SystemRoot\System32\drivers\tcpip.sys
0x8A8ED000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8AA0A000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8AB1A000 \SystemRoot\system32\drivers\wd.sys
0x8AB22000 \SystemRoot\system32\drivers\volsnap.sys
0x8AB5B000 \SystemRoot\System32\Drivers\spldr.sys
0x8AB63000 \SystemRoot\system32\drivers\sbp2port.sys
0x8AB78000 \SystemRoot\System32\Drivers\mup.sys
0x8AB87000 \SystemRoot\System32\drivers\ecache.sys
0x8ABAE000 \SystemRoot\system32\drivers\disk.sys
0x8ABBF000 \SystemRoot\system32\drivers\crcdisk.sys
0x8ABEA000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8ABF5000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8A908000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8AA00000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8E20D000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8EB2A000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8EBCB000 \SystemRoot\System32\drivers\watchdog.sys
0x8EBD7000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8A917000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8EBE2000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8A955000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8A3AC000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x8F004000 \SystemRoot\system32\DRIVERS\athr.sys
0x8F112000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8F125000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x8F12A000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8F135000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8F165000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8F167000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8F172000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8F176000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8F18E000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8F1BD000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8F1C8000 \SystemRoot\System32\Drivers\RootMdm.sys
0x8F1D0000 \SystemRoot\system32\drivers\modem.sys
0x8F1DD000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8F1F4000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8A3DB000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8EBF1000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8A9E2000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x823B6000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8E200000 \SystemRoot\system32\DRIVERS\tap0901.sys
0x8A9F6000 \SystemRoot\system32\DRIVERS\RimSerial.sys
0x8A7EF000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8F000000 \SystemRoot\system32\DRIVERS\swenum.sys
0x823CB000 \SystemRoot\system32\DRIVERS\ks.sys
0x8A600000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x82200000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8F408000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8F43D000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8F44E000 \SystemRoot\system32\drivers\CHDRT32.sys
0x8F489000 \SystemRoot\system32\drivers\portcls.sys
0x8F4B6000 \SystemRoot\system32\drivers\drmk.sys
0x8F4DB000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8F600000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8F703000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8F7B8000 \SystemRoot\system32\drivers\IntcHdmi.sys
0x8F7D9000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8F7E2000 \SystemRoot\System32\Drivers\Null.SYS
0x8F7E9000 \SystemRoot\System32\Drivers\Beep.SYS
0x8F7F9000 \SystemRoot\system32\drivers\HIDPARSE.SYS
0x8F519000 \SystemRoot\System32\drivers\vga.sys
0x8F525000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8F7F0000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8F546000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8F54E000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8F559000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8F567000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8F570000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8F586000 \SystemRoot\system32\DRIVERS\smb.sys
0x8F59A000 \SystemRoot\system32\drivers\afd.sys
0x8F805000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8F837000 \SystemRoot\system32\drivers\RTSTOR.SYS
0x8F84B000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x8F854000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8F86A000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8F878000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8F88B000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8F8C7000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8F8D1000 \SystemRoot\System32\Drivers\FileDisk.SYS
0x8F8D4000 \??\C:\Windows\system32\drivers\ElRawDsk.sys
0x8F8D8000 \SystemRoot\System32\Drivers\dfsc.sys
0x8F8EF000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8F906000 \SystemRoot\System32\Drivers\usbvideo.sys
0x8F927000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8F934000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8F93F000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x97A40000 \SystemRoot\System32\win32k.sys
0x8F949000 \SystemRoot\System32\drivers\Dxapi.sys
0x8F953000 \SystemRoot\system32\DRIVERS\monitor.sys
0x97C60000 \SystemRoot\System32\TSDDD.dll
0x97C80000 \SystemRoot\System32\cdd.dll
0x97C90000 \SystemRoot\System32\ATMFD.DLL
0x8F962000 \SystemRoot\system32\drivers\luafv.sys
0x8F97D000 \SystemRoot\system32\DRIVERS\amp.sys
0x9A408000 \SystemRoot\system32\drivers\spsys.sys
0x9A4B8000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9A4C8000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9A4F2000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9A4FC000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9A50F000 \SystemRoot\system32\drivers\HTTP.sys
0x9A57C000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9A599000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9A5B2000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9A5C7000 \SystemRoot\system32\drivers\mrxdav.sys
0x8F99F000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x8F9BE000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9A5E8000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xABA00000 \SystemRoot\System32\DRIVERS\srv2.sys
0xABA28000 \SystemRoot\System32\DRIVERS\srv.sys
0xABBA2000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xABBA6000 \SystemRoot\system32\drivers\npf.sys
0xAF806000 \SystemRoot\system32\drivers\peauth.sys
0xAF8E4000 \SystemRoot\System32\Drivers\secdrv.SYS
0xAF8EE000 \SystemRoot\System32\drivers\tcpipreg.sys
0xAF8FA000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xABA76000 \SystemRoot\system32\DRIVERS\ampse.sys
0xAF902000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xAF918000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xAF921000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xAF931000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x77840000 \Windows\System32\ntdll.dll

Processes (total 83):
0 System Idle Process
4 System
436 C:\Windows\System32\smss.exe
572 csrss.exe
616 C:\Windows\System32\wininit.exe
624 csrss.exe
688 C:\Windows\System32\winlogon.exe
736 C:\Windows\System32\services.exe
748 C:\Windows\System32\lsass.exe
756 C:\Windows\System32\lsm.exe
920 C:\Windows\System32\svchost.exe
984 C:\Windows\System32\svchost.exe
1024 C:\Windows\System32\svchost.exe
1140 C:\Windows\System32\svchost.exe
1196 C:\Windows\System32\svchost.exe
1216 C:\Windows\System32\svchost.exe
1288 C:\Windows\System32\audiodg.exe
1312 C:\Windows\System32\svchost.exe
1336 C:\Windows\System32\SLsvc.exe
1372 C:\Windows\System32\svchost.exe
1580 C:\Windows\System32\svchost.exe
1792 C:\Windows\System32\spoolsv.exe
1816 C:\Windows\System32\svchost.exe
536 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
628 C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
1896 C:\Windows\System32\svchost.exe
1992 C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
2052 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2064 C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
2080 C:\Windows\System32\svchost.exe
2100 C:\Windows\System32\NLSSRV32.EXE
2136 C:\Windows\System32\svchost.exe
2152 C:\Windows\System32\svchost.exe
2176 C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
2244 C:\Program Files\SMINST\BLService.exe
2296 C:\Program Files\CyberLink\Shared files\RichVideo.exe
2332 C:\Windows\System32\svchost.exe
2352 C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
2400 C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
2436 C:\Windows\System32\svchost.exe
2472 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2524 C:\Windows\System32\SearchIndexer.exe
2572 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
2632 C:\Windows\System32\drivers\XAudio.exe
2676 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
2868 C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
3048 unsecapp.exe
3068 C:\Windows\System32\svchost.exe
3184 WmiPrvSE.exe
3480 C:\Program Files\iolo\System Mechanic Professional\System Shield\ioloSSTray.exe
3488 C:\Windows\System32\taskeng.exe
3596 C:\Windows\System32\dwm.exe
3644 C:\Windows\explorer.exe
3796 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3804 C:\Program Files\HP\QuickPlay\QPService.exe
3864 C:\Program Files\Windows Defender\MSASCui.exe
3920 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
4032 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
3456 C:\Windows\System32\igfxsrvc.exe
3564 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
3756 C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
1452 C:\Windows\System32\igfxtray.exe
4012 C:\Windows\System32\hkcmd.exe
1080 C:\Windows\System32\igfxpers.exe
3420 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
2752 C:\Program Files\DAP\DAP.exe
4080 WmiPrvSE.exe
3608 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
1588 C:\Users\Rick\AppData\Roaming\Dropbox\bin\Dropbox.exe
2328 C:\Program Files\Windows Media Player\wmpnscfg.exe
3824 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
3004 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
3680 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
1392 C:\Windows\System32\taskeng.exe
1840 C:\Windows\System32\SearchProtocolHost.exe
4188 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
4296 C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
4368 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
4400 C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
4628 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
6088 C:\Windows\System32\wuauclt.exe
4084 C:\Windows\System32\SearchFilterHost.exe
5840 C:\Users\Rick\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000047`cab00000 (NTFS)

PhysicalDrive0 Model Number: WDCWD3200BEVT-60ZCT1, Rev: 13.01A13

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

broni · 2011/01/26

Good job

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

mannclann · 2011/01/26

ComboFix 11-01-25.05 - Rick 01/26/2011 19:37:30.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3002.1800 [GMT -7:00]
Running from: c:\users\Rick\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Install.exe
c:\program files\SpeedBit Video Downloader\Toolbar\tbhelper.dll
c:\users\Rick\AppData\Roaming\ubot
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat . . . . Failed to delete
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat . . . . Failed to delete

----- BITS: Possible infected sites -----

hxxp://download.iolo.net
.
((((((((((((((((((((((((( Files Created from 2010-12-27 to 2011-01-27 )))))))))))))))))))))))))))))))
.

2011-01-27 02:49 . 2011-01-27 02:49 -------- d-----w- c:\users\Stacey\AppData\Local\temp
2011-01-27 02:49 . 2011-01-27 02:49 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-01-27 02:49 . 2011-01-27 02:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-26 02:36 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BA5C3BCE-6E42-4C57-8E1D-39B7F43AAA1B}\mpengine.dll
2011-01-22 14:47 . 2011-01-22 14:47 388096 ----a-r- c:\users\Rick\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-01-22 14:47 . 2011-01-22 14:47 -------- d-----w- c:\program files\Trend Micro
2011-01-12 20:18 . 2010-12-28 15:55 413696 ----a-w- c:\windows\system32\odbc32.dll
2011-01-12 20:18 . 2010-12-28 15:53 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-01-12 20:18 . 2010-12-28 15:53 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-01-12 20:18 . 2010-12-28 15:53 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-01-12 20:18 . 2010-12-28 15:53 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll
2011-01-12 20:18 . 2010-12-28 15:53 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-01-12 20:18 . 2010-12-14 14:49 1169408 ----a-w- c:\windows\system32\sdclt.exe
2011-01-06 05:09 . 2011-01-06 05:09 -------- d-----w- c:\users\Rick\AppData\Local\Apple Computer
2011-01-06 04:55 . 2011-01-06 04:55 -------- d-----w- c:\users\Rick\AppData\Roaming\Apple Computer
2011-01-01 16:09 . 2011-01-01 16:11 -------- d-----w- c:\users\Rick\AppData\Roaming\Agile Web Solutions
2011-01-01 16:08 . 2009-12-09 17:25 1384448 ----a-w- c:\windows\system32\ChilkatCrypt2.dll
2011-01-01 16:08 . 2011-01-01 16:08 -------- d-----w- c:\program files\1Password
2011-01-01 04:50 . 2011-01-01 04:50 134753 ----a-w- c:\windows\Data Extractor Uninstaller.exe
2011-01-01 04:50 . 2011-01-01 04:50 -------- d-----w- c:\program files\Data Extractor 3.3
2011-01-01 00:35 . 2011-01-01 00:36 -------- d-----w- c:\program files\SpeedBit Video Accelerator
2010-12-31 23:36 . 2010-12-31 23:36 -------- d-----w- c:\program files\SearchPredict
2010-12-31 23:35 . 2010-12-31 23:36 -------- d-----w- c:\program files\SpeedBit Video Downloader
2010-12-31 23:18 . 2010-12-31 23:18 -------- d-----w- c:\windows\en
2010-12-31 23:17 . 2010-09-23 07:21 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-12-31 23:10 . 2009-09-05 00:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-12-31 23:10 . 2009-09-05 00:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-12-31 23:10 . 2009-09-05 00:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-12-31 23:09 . 2010-12-31 23:09 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\d1dfc2481cba93f0e\MeshBetaRemover.exe
2010-12-31 23:09 . 2006-11-29 20:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-12-31 23:09 . 2010-12-31 23:09 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\cc8006c81cba93f0c\DXSETUP.exe
2010-12-31 23:09 . 2010-12-31 23:09 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\cc8006c81cba93f0c\DSETUP.dll
2010-12-31 23:09 . 2010-12-31 23:09 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\cc8006c81cba93f0c\dsetup32.dll
2010-12-31 23:09 . 2010-12-31 23:09 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\caa37e981cba93f0b\DXSETUP.exe
2010-12-31 23:09 . 2010-12-31 23:09 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\caa37e981cba93f0b\dsetup32.dll
2010-12-31 23:09 . 2010-12-31 23:09 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\caa37e981cba93f0b\DSETUP.dll
2010-12-31 23:09 . 2010-12-31 23:09 -------- d-----w- c:\users\Rick\AppData\Local\Windows Live
2010-12-31 23:08 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2010-12-31 23:04 . 2010-12-31 23:04 -------- d-----w- c:\windows\system32\x64
2010-12-31 23:02 . 2010-12-31 23:02 -------- d-----w- c:\users\Rick\{6e99ee59-0a11-4090-8df4-203236fa10c4}
2010-12-31 23:01 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-12-31 23:01 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-12-31 23:01 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-12-31 23:01 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-12-31 23:00 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-12-31 23:00 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2010-12-31 23:00 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-12-31 23:00 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-12-31 23:00 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-12-31 23:00 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-12-31 23:00 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-12-31 23:00 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-12-31 23:00 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-12-31 23:00 . 2010-11-03 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-21 01:09 . 2010-01-30 01:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-21 01:08 . 2010-01-30 01:50 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-02 22:27 . 2010-01-20 02:17 87688 ----a-w- c:\windows\system32\IncContxMenu.dll
2010-12-02 22:26 . 2010-01-20 02:17 11776 ----a-w- c:\windows\system32\smrgdf.exe
2010-12-02 22:26 . 2010-01-20 02:17 29696 ----a-w- c:\windows\system32\iolobtdfg.exe
2010-12-02 22:18 . 2010-01-20 02:17 2234040 ----a-w- c:\windows\system32\Incinerator.dll
2010-11-04 18:56 . 2010-12-15 04:26 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-04 18:55 . 2010-12-15 04:26 352768 ----a-w- c:\windows\system32\taskschd.dll
2010-11-04 18:55 . 2010-12-15 04:26 270336 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-04 18:55 . 2010-12-15 04:26 601600 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-04 16:34 . 2010-12-15 04:26 171520 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 06:01 . 2010-12-15 04:26 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-02 05:57 . 2010-12-15 04:26 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-02 05:57 . 2010-12-15 04:26 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-02 05:57 . 2010-12-15 04:26 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-11-02 05:57 . 2010-12-15 04:26 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-11-02 05:01 . 2010-12-15 04:26 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 04:26 . 2010-12-15 04:26 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-11-02 04:24 . 2010-12-15 04:26 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3017FB3E-9A77-4396-88C5-0EC9548FB42F}]
2010-12-31 23:35 2447360 ----a-w- c:\program files\SpeedBit Video Downloader\Toolbar\tbcore3.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@= "{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Rick\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@= "{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Rick\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@= "{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Rick\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Google Update "= "c:\users\Rick\AppData\Local\Google\Update\GoogleUpdate.exe" [2011-01-01 136176]
"DownloadAccelerator "= "c:\program files\DAP\DAP.EXE" [2010-12-31 2844848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"QPService "= "c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
"UpdateLBPShortCut "= "c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut "= "c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216]
"UCam_Menu "= "c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-11-15 218408]
"QlbCtrl.exe "= "c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"UpdateP2GoShortCut "= "c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePDIRShortCut "= "c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"HP Health Check Scheduler "= "c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"hpWirelessAssistant "= "c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"iolo Startup "= "c:\program files\iolo\Common\Lib\ioloLManager.exe" [2010-12-02 434360]
"Intuit SyncManager "= "c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-09-09 623880]
"SSBkgdUpdate "= "c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"ISUSScheduler "= "c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"AdobeAAMUpdater-1.0 "= "c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2010-08-26 136216]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2010-08-26 171032]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2010-08-26 170520]

c:\users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Rick\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-25 21979992]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1 "=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 vseqrts;vseqrts;c:\program files\Common Files\Authentium\AntiVirus5\vseqrts.exe [2010-01-20 158248]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2009-09-08 20392]
S2 AMP;AMP;c:\windows\system32\DRIVERS\amp.sys [2010-01-20 127016]
S2 AMPSE;AMPSE;c:\windows\system32\DRIVERS\ampse.sys [2010-01-20 1118248]
S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2010-12-02 724664]
S2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2010-12-02 724664]
S2 MySQL51;MySQL51;c:\program files\MySQL\MySQL Server 5.1\bin\mysqld --defaults-file=c:\program files\MySQL\MySQL Server 5.1\my.ini MySQL51 [x]
S2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2010-06-24 65856]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-10-06 365952]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-05-21 173352]
S2 vseamps;vseamps;c:\program files\Common Files\Authentium\AntiVirus5\vseamps.exe [2010-01-20 121384]
S2 vsedsps;vsedsps;c:\program files\Common Files\Authentium\AntiVirus5\vsedsps.exe [2010-01-20 117288]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-29 112128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2011-01-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-900569667-3235452637-1988623051-1000Core.job
- c:\users\Rick\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-01 16:15]

2011-01-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-900569667-3235452637-1988623051-1000UA.job
- c:\users\Rick\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-01 16:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://shop.thefreevpn.com/home.php
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: {{00FAC6C9-C494-4AD8-B3C0-DE677AFDDBD8} - {5D7B119E-062F-476B-A5E7-797FAF554BA2} - c:\progra~1\1PASSW~1\AGILE1~1.DLL
LSP: c:\windows\system32\iavlsp.dll
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
FF - ProfilePath - c:\users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\pnvm8p76.default\
FF - prefs.js: browser.startup.homepage - hxxp://digitalscrapbookpages.com/digitals/sdr458fEIldtgAE8/
FF - prefs.js: network.proxy.http - 173.208.51.246:12243
FF - prefs.js: network.proxy.http_port - 12243
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Noia 2.0 (eXtreme): {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} - %profile%\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
FF - Ext: Gradient iCool: {de5809e0-2b07-11dd-bd0b-0800200c9a66} - %profile%\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66}
FF - Ext: RankChecker: rankchecker@seobook.com - %profile%\extensions\rankchecker@seobook.com
FF - Ext: Seo Toolbar: seotoolbar@seobook.com - %profile%\extensions\seotoolbar@seobook.com
FF - Ext: SEO For Firefox: seo4firefox@seobook.com - %profile%\extensions\seo4firefox@seobook.com
FF - Ext: Noia 2.0 eXtreme OPT: noia2_option@kk.noia - %profile%\extensions\noia2_option@kk.noia
FF - Ext: SeoQuake: {317B5128-0B0B-49b2-B2DB-1E7560E16C74} - %profile%\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF - Ext: Launch Clipboard: launchClipboard@alice - %profile%\extensions\launchClipboard@alice
FF - Ext: HootSuite: hootsuite@hootsuite.com - %profile%\extensions\hootsuite@hootsuite.com
FF - Ext: Rapportive: rapportive@rapportive.com - %profile%\extensions\rapportive@rapportive.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: SearchPredict: searchpredict@speedbit.com - c:\program files\SearchPredict\PRFireFox
FF - Ext: SpeedBit Video Downloader: {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - c:\program files\SpeedBit Video Downloader\SPFireFox
FF - Ext: Download Accelerator Plus (DAP) extension: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08} - c:\program files\DAP\DAPFireFox
FF - user.js: yahoo.homepage.dontask - true
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
HKCU-Run-IBP - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-26 19:51
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\windows\TEMP\TMP0000000324871F22D1D56FAF 524288 bytes

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySQL51]
"ImagePath "= "\ "c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\ "c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL51 "
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(1328)
c:\users\Rick\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Flip Video\FlipShare\FlipShareService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\MySQL\MySQL Server 5.1\bin\mysqld.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\iolo\System Mechanic Professional\System Shield\ioloSSTray.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Windows Media Player\wmpnscfg.exe
.
**************************************************************************
.
Completion time: 2011-01-26 19:59:25 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-27 02:59

Pre-Run: 79,949,946,880 bytes free
Post-Run: 80,533,176,320 bytes free

- - End Of File - - 8676B9067A39DE53FA7A5709C61B479F

broni · 2011/01/26

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
File::
c:\windows\TEMP\TMP0000000324871F22D1D56FAF
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat

Folder::
c:\windows\TEMP\TMP0000000324871F22D1D56FAF
3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

mannclann · 2011/01/26

ComboFix 11-01-25.05 - Rick 01/26/2011 20:22:38.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3002.1741 [GMT -7:00]
Running from: c:\users\Rick\Desktop\ComboFix.exe
Command switches used :: c:\users\Rick\Desktop\WindowsBBS\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FILE ::
"c:\programdata\Microsoft\Network\Downloader\qmgr0.dat "
"c:\programdata\Microsoft\Network\Downloader\qmgr1.dat "
"c:\windows\TEMP\TMP0000000324871F22D1D56FAF "
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Network\Downloader\qmgr0.dat . . . . Failed to delete
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat . . . . Failed to delete

----- BITS: Possible infected sites -----

hxxp://download.iolo.net
.
((((((((((((((((((((((((( Files Created from 2010-12-27 to 2011-01-27 )))))))))))))))))))))))))))))))
.

2011-01-27 03:31 . 2011-01-27 03:31 -------- d-----w- c:\users\Stacey\AppData\Local\temp
2011-01-27 03:31 . 2011-01-27 03:31 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-01-27 03:31 . 2011-01-27 03:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-27 02:59 . 2011-01-27 03:33 -------- d-----w- c:\users\Rick\AppData\Local\temp
2011-01-26 02:36 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BA5C3BCE-6E42-4C57-8E1D-39B7F43AAA1B}\mpengine.dll
2011-01-22 14:47 . 2011-01-22 14:47 388096 ----a-r- c:\users\Rick\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-01-22 14:47 . 2011-01-22 14:47 -------- d-----w- c:\program files\Trend Micro
2011-01-12 20:18 . 2010-12-28 15:55 413696 ----a-w- c:\windows\system32\odbc32.dll
2011-01-12 20:18 . 2010-12-28 15:53 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-01-12 20:18 . 2010-12-28 15:53 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-01-12 20:18 . 2010-12-28 15:53 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-01-12 20:18 . 2010-12-28 15:53 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll
2011-01-12 20:18 . 2010-12-28 15:53 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-01-12 20:18 . 2010-12-14 14:49 1169408 ----a-w- c:\windows\system32\sdclt.exe
2011-01-06 05:09 . 2011-01-06 05:09 -------- d-----w- c:\users\Rick\AppData\Local\Apple Computer
2011-01-06 04:55 . 2011-01-06 04:55 -------- d-----w- c:\users\Rick\AppData\Roaming\Apple Computer
2011-01-01 16:09 . 2011-01-01 16:11 -------- d-----w- c:\users\Rick\AppData\Roaming\Agile Web Solutions
2011-01-01 16:08 . 2009-12-09 17:25 1384448 ----a-w- c:\windows\system32\ChilkatCrypt2.dll
2011-01-01 16:08 . 2011-01-01 16:08 -------- d-----w- c:\program files\1Password
2011-01-01 04:50 . 2011-01-01 04:50 134753 ----a-w- c:\windows\Data Extractor Uninstaller.exe
2011-01-01 04:50 . 2011-01-01 04:50 -------- d-----w- c:\program files\Data Extractor 3.3
2011-01-01 00:35 . 2011-01-01 00:36 -------- d-----w- c:\program files\SpeedBit Video Accelerator
2010-12-31 23:36 . 2010-12-31 23:36 -------- d-----w- c:\program files\SearchPredict
2010-12-31 23:35 . 2010-12-31 23:36 -------- d-----w- c:\program files\SpeedBit Video Downloader
2010-12-31 23:18 . 2010-12-31 23:18 -------- d-----w- c:\windows\en
2010-12-31 23:17 . 2010-09-23 07:21 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-12-31 23:10 . 2009-09-05 00:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-12-31 23:10 . 2009-09-05 00:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-12-31 23:10 . 2009-09-05 00:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-12-31 23:09 . 2010-12-31 23:09 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\d1dfc2481cba93f0e\MeshBetaRemover.exe
2010-12-31 23:09 . 2006-11-29 20:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-12-31 23:09 . 2010-12-31 23:09 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\cc8006c81cba93f0c\DXSETUP.exe
2010-12-31 23:09 . 2010-12-31 23:09 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\cc8006c81cba93f0c\DSETUP.dll
2010-12-31 23:09 . 2010-12-31 23:09 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\cc8006c81cba93f0c\dsetup32.dll
2010-12-31 23:09 . 2010-12-31 23:09 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\caa37e981cba93f0b\DXSETUP.exe
2010-12-31 23:09 . 2010-12-31 23:09 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\caa37e981cba93f0b\dsetup32.dll
2010-12-31 23:09 . 2010-12-31 23:09 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\caa37e981cba93f0b\DSETUP.dll
2010-12-31 23:09 . 2010-12-31 23:09 -------- d-----w- c:\users\Rick\AppData\Local\Windows Live
2010-12-31 23:08 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2010-12-31 23:04 . 2010-12-31 23:04 -------- d-----w- c:\windows\system32\x64
2010-12-31 23:02 . 2010-12-31 23:02 -------- d-----w- c:\users\Rick\{6e99ee59-0a11-4090-8df4-203236fa10c4}
2010-12-31 23:01 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-12-31 23:01 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-12-31 23:01 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-12-31 23:01 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-12-31 23:00 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-12-31 23:00 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2010-12-31 23:00 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-12-31 23:00 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-12-31 23:00 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-12-31 23:00 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-12-31 23:00 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-12-31 23:00 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-12-31 23:00 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-12-31 23:00 . 2010-11-03 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-21 01:09 . 2010-01-30 01:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-21 01:08 . 2010-01-30 01:50 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-02 22:27 . 2010-01-20 02:17 87688 ----a-w- c:\windows\system32\IncContxMenu.dll
2010-12-02 22:26 . 2010-01-20 02:17 11776 ----a-w- c:\windows\system32\smrgdf.exe
2010-12-02 22:26 . 2010-01-20 02:17 29696 ----a-w- c:\windows\system32\iolobtdfg.exe
2010-12-02 22:18 . 2010-01-20 02:17 2234040 ----a-w- c:\windows\system32\Incinerator.dll
2010-11-04 18:56 . 2010-12-15 04:26 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-04 18:55 . 2010-12-15 04:26 352768 ----a-w- c:\windows\system32\taskschd.dll
2010-11-04 18:55 . 2010-12-15 04:26 270336 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-04 18:55 . 2010-12-15 04:26 601600 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-04 16:34 . 2010-12-15 04:26 171520 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 06:01 . 2010-12-15 04:26 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-02 05:57 . 2010-12-15 04:26 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-02 05:57 . 2010-12-15 04:26 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-02 05:57 . 2010-12-15 04:26 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-11-02 05:57 . 2010-12-15 04:26 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-11-02 05:01 . 2010-12-15 04:26 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 04:26 . 2010-12-15 04:26 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-11-02 04:24 . 2010-12-15 04:26 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3017FB3E-9A77-4396-88C5-0EC9548FB42F}]
2010-12-31 23:35 2447360 ----a-w- c:\program files\SpeedBit Video Downloader\Toolbar\tbcore3.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@= "{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Rick\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@= "{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Rick\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@= "{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Rick\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Google Update "= "c:\users\Rick\AppData\Local\Google\Update\GoogleUpdate.exe" [2011-01-01 136176]
"DownloadAccelerator "= "c:\program files\DAP\DAP.EXE" [2010-12-31 2844848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"QPService "= "c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
"UpdateLBPShortCut "= "c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut "= "c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216]
"UCam_Menu "= "c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-11-15 218408]
"QlbCtrl.exe "= "c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"UpdateP2GoShortCut "= "c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePDIRShortCut "= "c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"HP Health Check Scheduler "= "c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"hpWirelessAssistant "= "c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"iolo Startup "= "c:\program files\iolo\Common\Lib\ioloLManager.exe" [2010-12-02 434360]
"Intuit SyncManager "= "c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-09-09 623880]
"SSBkgdUpdate "= "c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"ISUSScheduler "= "c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"AdobeAAMUpdater-1.0 "= "c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2010-08-26 136216]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2010-08-26 171032]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2010-08-26 170520]

c:\users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Rick\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-25 21979992]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1 "=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 vseqrts;vseqrts;c:\program files\Common Files\Authentium\AntiVirus5\vseqrts.exe [2010-01-20 158248]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2009-09-08 20392]
S2 AMP;AMP;c:\windows\system32\DRIVERS\amp.sys [2010-01-20 127016]
S2 AMPSE;AMPSE;c:\windows\system32\DRIVERS\ampse.sys [2010-01-20 1118248]
S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2010-12-02 724664]
S2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2010-12-02 724664]
S2 MySQL51;MySQL51;c:\program files\MySQL\MySQL Server 5.1\bin\mysqld --defaults-file=c:\program files\MySQL\MySQL Server 5.1\my.ini MySQL51 [x]
S2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2010-06-24 65856]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-10-06 365952]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-05-21 173352]
S2 vseamps;vseamps;c:\program files\Common Files\Authentium\AntiVirus5\vseamps.exe [2010-01-20 121384]
S2 vsedsps;vsedsps;c:\program files\Common Files\Authentium\AntiVirus5\vsedsps.exe [2010-01-20 117288]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-29 112128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2011-01-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-900569667-3235452637-1988623051-1000Core.job
- c:\users\Rick\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-01 16:15]

2011-01-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-900569667-3235452637-1988623051-1000UA.job
- c:\users\Rick\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-01 16:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://shop.thefreevpn.com/home.php
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: {{00FAC6C9-C494-4AD8-B3C0-DE677AFDDBD8} - {5D7B119E-062F-476B-A5E7-797FAF554BA2} - c:\progra~1\1PASSW~1\AGILE1~1.DLL
LSP: c:\windows\system32\iavlsp.dll
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
FF - ProfilePath - c:\users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\pnvm8p76.default\
FF - prefs.js: browser.startup.homepage - hxxp://digitalscrapbookpages.com/digitals/sdr458fEIldtgAE8/
FF - prefs.js: network.proxy.http - 173.208.51.246:12243
FF - prefs.js: network.proxy.http_port - 12243
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Noia 2.0 (eXtreme): {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} - %profile%\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
FF - Ext: Gradient iCool: {de5809e0-2b07-11dd-bd0b-0800200c9a66} - %profile%\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66}
FF - Ext: RankChecker: rankchecker@seobook.com - %profile%\extensions\rankchecker@seobook.com
FF - Ext: Seo Toolbar: seotoolbar@seobook.com - %profile%\extensions\seotoolbar@seobook.com
FF - Ext: SEO For Firefox: seo4firefox@seobook.com - %profile%\extensions\seo4firefox@seobook.com
FF - Ext: Noia 2.0 eXtreme OPT: noia2_option@kk.noia - %profile%\extensions\noia2_option@kk.noia
FF - Ext: SeoQuake: {317B5128-0B0B-49b2-B2DB-1E7560E16C74} - %profile%\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF - Ext: Launch Clipboard: launchClipboard@alice - %profile%\extensions\launchClipboard@alice
FF - Ext: HootSuite: hootsuite@hootsuite.com - %profile%\extensions\hootsuite@hootsuite.com
FF - Ext: Rapportive: rapportive@rapportive.com - %profile%\extensions\rapportive@rapportive.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: SearchPredict: searchpredict@speedbit.com - c:\program files\SearchPredict\PRFireFox
FF - Ext: SpeedBit Video Downloader: {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - c:\program files\SpeedBit Video Downloader\SPFireFox
FF - Ext: Download Accelerator Plus (DAP) extension: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08} - c:\program files\DAP\DAPFireFox
FF - user.js: yahoo.homepage.dontask - true
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-26 20:33
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySQL51]
"ImagePath "= "\ "c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\ "c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL51 "
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(784)
c:\users\Rick\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Flip Video\FlipShare\FlipShareService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\MySQL\MySQL Server 5.1\bin\mysqld.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\iolo\System Mechanic Professional\System Shield\ioloSSTray.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2011-01-26 20:40:05 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-27 03:40
ComboFix2.txt 2011-01-27 02:59

Pre-Run: 80,507,584,512 bytes free
Post-Run: 80,488,378,368 bytes free

- - End Of File - - F170B74C2491D0EB2B4D3E52A981239E

broni · 2011/01/26

Download BlitzBlank and save it to your desktop.
Double click on Blitzblank.exe

Click OK at the warning (and take note of it, this is a VERY powerful tool!).

Click the Script tab and copy/paste the following text there:
Code:
DeleteFile:
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
Click Execute Now. Your computer will need to reboot in order to replace the files.

When done, post the report created by Blitzblank.
You can find it in the root of the drive, normally C:\

mannclann · 2011/01/26

BlitzBlank 1.0.0.32

File/Registry Modification Engine native application
MoveFileOnReboot: sourceFile = "\??\c:\programdata\microsoft\network\downloader\qmgr0.dat ", destinationFile = "(null) ", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programdata\microsoft\network\downloader\qmgr1.dat ", destinationFile = "(null) ", replaceWithDummy = 0

broni · 2011/01/26

Good

Re-run Combofix and post fresh log.

mannclann · 2011/01/26

Having some trouble getting this last step done. I have had BSOD 3 times and Windows wanted to "repair" files. I was able to bring up windows normally but each time I have tried to do anything I get the BSOD.

Any suggestions?

Thanks

Rick

broni · 2011/01/27

Try to run Combofix from safe mode.

mannclann · 2011/01/27

ComboFix 11-01-25.05 - Rick 01/27/2011 18:40:28.3.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3002.2506 [GMT -7:00]
Running from: c:\users\Rick\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 128 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://download.iolo.net
.
((((((((((((((((((((((((( Files Created from 2010-12-28 to 2011-01-28 )))))))))))))))))))))))))))))))
.

2011-01-28 01:48 . 2011-01-28 01:48 -------- d-----w- c:\users\Rick\AppData\Local\temp
2011-01-28 01:48 . 2011-01-28 01:48 -------- d-----w- c:\users\Stacey\AppData\Local\temp
2011-01-28 01:48 . 2011-01-28 01:48 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-01-28 01:48 . 2011-01-28 01:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-26 02:36 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BA5C3BCE-6E42-4C57-8E1D-39B7F43AAA1B}\mpengine.dll
2011-01-22 14:47 . 2011-01-22 14:47 388096 ----a-r- c:\users\Rick\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-01-22 14:47 . 2011-01-22 14:47 -------- d-----w- c:\program files\Trend Micro
2011-01-12 20:18 . 2010-12-28 15:55 413696 ----a-w- c:\windows\system32\odbc32.dll
2011-01-12 20:18 . 2010-12-28 15:53 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-01-12 20:18 . 2010-12-28 15:53 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-01-12 20:18 . 2010-12-28 15:53 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-01-12 20:18 . 2010-12-28 15:53 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll
2011-01-12 20:18 . 2010-12-28 15:53 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-01-12 20:18 . 2010-12-14 14:49 1169408 ----a-w- c:\windows\system32\sdclt.exe
2011-01-06 05:09 . 2011-01-06 05:09 -------- d-----w- c:\users\Rick\AppData\Local\Apple Computer
2011-01-06 04:55 . 2011-01-06 04:55 -------- d-----w- c:\users\Rick\AppData\Roaming\Apple Computer
2011-01-01 16:09 . 2011-01-01 16:11 -------- d-----w- c:\users\Rick\AppData\Roaming\Agile Web Solutions
2011-01-01 16:08 . 2009-12-09 17:25 1384448 ----a-w- c:\windows\system32\ChilkatCrypt2.dll
2011-01-01 16:08 . 2011-01-01 16:08 -------- d-----w- c:\program files\1Password
2011-01-01 04:50 . 2011-01-01 04:50 134753 ----a-w- c:\windows\Data Extractor Uninstaller.exe
2011-01-01 04:50 . 2011-01-01 04:50 -------- d-----w- c:\program files\Data Extractor 3.3
2011-01-01 00:35 . 2011-01-01 00:36 -------- d-----w- c:\program files\SpeedBit Video Accelerator
2010-12-31 23:36 . 2010-12-31 23:36 -------- d-----w- c:\program files\SearchPredict
2010-12-31 23:35 . 2010-12-31 23:36 -------- d-----w- c:\program files\SpeedBit Video Downloader
2010-12-31 23:18 . 2010-12-31 23:18 -------- d-----w- c:\windows\en
2010-12-31 23:17 . 2010-09-23 07:21 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-12-31 23:10 . 2009-09-05 00:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-12-31 23:10 . 2009-09-05 00:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-12-31 23:10 . 2009-09-05 00:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-12-31 23:09 . 2010-12-31 23:09 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\d1dfc2481cba93f0e\MeshBetaRemover.exe
2010-12-31 23:09 . 2006-11-29 20:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-12-31 23:09 . 2010-12-31 23:09 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\cc8006c81cba93f0c\DXSETUP.exe
2010-12-31 23:09 . 2010-12-31 23:09 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\cc8006c81cba93f0c\DSETUP.dll
2010-12-31 23:09 . 2010-12-31 23:09 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\cc8006c81cba93f0c\dsetup32.dll
2010-12-31 23:09 . 2010-12-31 23:09 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\caa37e981cba93f0b\DXSETUP.exe
2010-12-31 23:09 . 2010-12-31 23:09 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\caa37e981cba93f0b\dsetup32.dll
2010-12-31 23:09 . 2010-12-31 23:09 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\caa37e981cba93f0b\DSETUP.dll
2010-12-31 23:09 . 2010-12-31 23:09 -------- d-----w- c:\users\Rick\AppData\Local\Windows Live
2010-12-31 23:08 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2010-12-31 23:04 . 2010-12-31 23:04 -------- d-----w- c:\windows\system32\x64
2010-12-31 23:02 . 2010-12-31 23:02 -------- d-----w- c:\users\Rick\{6e99ee59-0a11-4090-8df4-203236fa10c4}
2010-12-31 23:01 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-12-31 23:01 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-12-31 23:01 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-12-31 23:01 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-12-31 23:00 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-12-31 23:00 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2010-12-31 23:00 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-12-31 23:00 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-12-31 23:00 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-12-31 23:00 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-12-31 23:00 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-12-31 23:00 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-12-31 23:00 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-12-31 23:00 . 2010-11-03 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-21 01:09 . 2010-01-30 01:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-21 01:08 . 2010-01-30 01:50 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-02 22:27 . 2010-01-20 02:17 87688 ----a-w- c:\windows\system32\IncContxMenu.dll
2010-12-02 22:26 . 2010-01-20 02:17 11776 ----a-w- c:\windows\system32\smrgdf.exe
2010-12-02 22:26 . 2010-01-20 02:17 29696 ----a-w- c:\windows\system32\iolobtdfg.exe
2010-12-02 22:18 . 2010-01-20 02:17 2234040 ----a-w- c:\windows\system32\Incinerator.dll
2010-11-04 18:56 . 2010-12-15 04:26 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-04 18:55 . 2010-12-15 04:26 352768 ----a-w- c:\windows\system32\taskschd.dll
2010-11-04 18:55 . 2010-12-15 04:26 270336 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-04 18:55 . 2010-12-15 04:26 601600 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-04 16:34 . 2010-12-15 04:26 171520 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 06:01 . 2010-12-15 04:26 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-02 05:57 . 2010-12-15 04:26 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-02 05:57 . 2010-12-15 04:26 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-02 05:57 . 2010-12-15 04:26 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-11-02 05:57 . 2010-12-15 04:26 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-11-02 05:01 . 2010-12-15 04:26 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 04:26 . 2010-12-15 04:26 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-11-02 04:24 . 2010-12-15 04:26 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3017FB3E-9A77-4396-88C5-0EC9548FB42F}]
2010-12-31 23:35 2447360 ----a-w- c:\program files\SpeedBit Video Downloader\Toolbar\tbcore3.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@= "{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Rick\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@= "{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Rick\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@= "{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Rick\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Google Update "= "c:\users\Rick\AppData\Local\Google\Update\GoogleUpdate.exe" [2011-01-01 136176]
"DownloadAccelerator "= "c:\program files\DAP\DAP.EXE" [2010-12-31 2844848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"QPService "= "c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
"UpdateLBPShortCut "= "c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut "= "c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216]
"UCam_Menu "= "c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-11-15 218408]
"QlbCtrl.exe "= "c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"UpdateP2GoShortCut "= "c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePDIRShortCut "= "c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"HP Health Check Scheduler "= "c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"hpWirelessAssistant "= "c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"iolo Startup "= "c:\program files\iolo\Common\Lib\ioloLManager.exe" [2010-12-02 434360]
"Intuit SyncManager "= "c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-09-09 623880]
"SSBkgdUpdate "= "c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"ISUSScheduler "= "c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"AdobeAAMUpdater-1.0 "= "c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2010-08-26 136216]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2010-08-26 171032]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2010-08-26 170520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv "= "grpconv -o" [X]

c:\users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Rick\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-25 21979992]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1 "=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "

R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2009-09-08 20392]
R2 AMP;AMP;c:\windows\system32\DRIVERS\amp.sys [2010-01-20 127016]
R2 AMPSE;AMPSE;c:\windows\system32\DRIVERS\ampse.sys [2010-01-20 1118248]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2010-12-02 724664]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2010-12-02 724664]
R2 MySQL51;MySQL51;c:\program files\MySQL\MySQL Server 5.1\bin\mysqld --defaults-file=c:\program files\MySQL\MySQL Server 5.1\my.ini MySQL51 [x]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2010-06-24 65856]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-10-06 365952]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-05-21 173352]
R2 vseamps;vseamps;c:\program files\Common Files\Authentium\AntiVirus5\vseamps.exe [2010-01-20 121384]
R2 vsedsps;vsedsps;c:\program files\Common Files\Authentium\AntiVirus5\vsedsps.exe [2010-01-20 117288]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-29 112128]
R3 vseqrts;vseqrts;c:\program files\Common Files\Authentium\AntiVirus5\vseqrts.exe [2010-01-20 158248]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ECACHE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2011-01-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-900569667-3235452637-1988623051-1000Core.job
- c:\users\Rick\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-01 16:15]

2011-01-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-900569667-3235452637-1988623051-1000UA.job
- c:\users\Rick\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-01 16:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://shop.thefreevpn.com/home.php
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: {{00FAC6C9-C494-4AD8-B3C0-DE677AFDDBD8} - {5D7B119E-062F-476B-A5E7-797FAF554BA2} - c:\progra~1\1PASSW~1\AGILE1~1.DLL
LSP: c:\windows\system32\iavlsp.dll
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
FF - ProfilePath - c:\users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\pnvm8p76.default\
FF - prefs.js: browser.startup.homepage - hxxp://digitalscrapbookpages.com/digitals/sdr458fEIldtgAE8/
FF - prefs.js: network.proxy.http - 173.208.51.246:12243
FF - prefs.js: network.proxy.http_port - 12243
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Noia 2.0 (eXtreme): {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} - %profile%\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
FF - Ext: Gradient iCool: {de5809e0-2b07-11dd-bd0b-0800200c9a66} - %profile%\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66}
FF - Ext: RankChecker: rankchecker@seobook.com - %profile%\extensions\rankchecker@seobook.com
FF - Ext: Seo Toolbar: seotoolbar@seobook.com - %profile%\extensions\seotoolbar@seobook.com
FF - Ext: SEO For Firefox: seo4firefox@seobook.com - %profile%\extensions\seo4firefox@seobook.com
FF - Ext: Noia 2.0 eXtreme OPT: noia2_option@kk.noia - %profile%\extensions\noia2_option@kk.noia
FF - Ext: SeoQuake: {317B5128-0B0B-49b2-B2DB-1E7560E16C74} - %profile%\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF - Ext: Launch Clipboard: launchClipboard@alice - %profile%\extensions\launchClipboard@alice
FF - Ext: HootSuite: hootsuite@hootsuite.com - %profile%\extensions\hootsuite@hootsuite.com
FF - Ext: Rapportive: rapportive@rapportive.com - %profile%\extensions\rapportive@rapportive.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: SearchPredict: searchpredict@speedbit.com - c:\program files\SearchPredict\PRFireFox
FF - Ext: SpeedBit Video Downloader: {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - c:\program files\SpeedBit Video Downloader\SPFireFox
FF - Ext: Download Accelerator Plus (DAP) extension: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08} - c:\program files\DAP\DAPFireFox
FF - user.js: yahoo.homepage.dontask - true
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -

HKLM-RunOnce-<NO NAME> - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-27 18:48
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySQL51]
"ImagePath "= "\ "c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\ "c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL51 "
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(2000)
c:\users\Rick\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
Completion time: 2011-01-27 18:50:56
ComboFix-quarantined-files.txt 2011-01-28 01:50
ComboFix2.txt 2011-01-27 03:40
ComboFix3.txt 2011-01-27 02:59

Pre-Run: 81,554,337,792 bytes free
Post-Run: 81,480,839,168 bytes free

- - End Of File - - 5675BC601180F437DCB2D9306A55D9B1

broni · 2011/01/27

Very good

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

mannclann · 2011/01/27

OTL
OTL logfile created on: 1/27/2011 7:55:52 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Rick\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.17 Gb Total Space | 72.93 Gb Free Space | 25.40% Space Free | Partition Type: NTFS
Drive D: | 10.92 Gb Total Space | 1.82 Gb Free Space | 16.68% Space Free | Partition Type: NTFS

Computer Name: MANNCLANNLAPTOP | User Name: Rick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/27 19:55:02 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Rick\Desktop\OTL.exe
PRC - [2010/12/31 16:36:50 | 002,844,848 | ---- | M] (SpeedBit Ltd.) -- C:\Program Files\DAP\DAP.exe
PRC - [2010/12/02 15:17:50 | 000,724,664 | ---- | M] (iolo technologies, LLC) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2010/07/06 14:44:02 | 000,789,680 | ---- | M] () -- C:\Program Files\iolo\System Mechanic Professional\System Shield\ioloSSTray.exe
PRC - [2010/06/24 11:09:14 | 000,065,856 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\NLSSRV32.EXE
PRC - [2010/05/21 04:27:04 | 000,173,352 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2010/04/16 07:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/02/25 22:10:20 | 021,979,992 | ---- | M] () -- C:\Users\Rick\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2010/01/19 17:46:54 | 000,117,288 | R--- | M] (Authentium, Inc) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
PRC - [2010/01/19 17:46:48 | 000,121,384 | R--- | M] (Authentium, Inc) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
PRC - [2009/11/19 10:26:54 | 000,455,944 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/10/06 09:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe
PRC - [2008/09/10 21:37:36 | 000,024,576 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2005/02/16 15:15:20 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

========== Modules (SafeList) ==========

MOD - [2011/01/27 19:55:02 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Rick\Desktop\OTL.exe
MOD - [2010/08/31 08:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/12/02 15:17:50 | 000,724,664 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2010/12/02 15:17:50 | 000,724,664 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloFileInfoList)
SRV - [2010/09/23 00:21:24 | 001,493,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2010/09/22 16:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010/06/25 10:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/06/24 11:09:14 | 000,065,856 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2010/05/21 04:27:04 | 000,173,352 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010/04/16 07:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 15:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2010/03/18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpActivator)
SRV - [2010/03/18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetPipeActivator)
SRV - [2010/03/18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetMsmqActivator)
SRV - [2010/01/19 17:46:56 | 000,158,248 | ---- | M] (Authentium, Inc) [On_Demand | Stopped] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe -- (vseqrts)
SRV - [2010/01/19 17:46:54 | 000,117,288 | R--- | M] (Authentium, Inc) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe -- (vsedsps)
SRV - [2010/01/19 17:46:48 | 000,121,384 | R--- | M] (Authentium, Inc) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe -- (vseamps)
SRV - [2009/11/19 10:26:54 | 000,455,944 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2009/09/24 18:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/06/17 10:18:42 | 006,582,912 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe -- (wampmysqld)
SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/12/10 00:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe -- (wampapache)
SRV - [2008/10/06 09:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/09/10 21:37:36 | 000,024,576 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2008/08/08 20:10:46 | 000,061,440 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/01/20 19:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - [2010/09/23 00:21:24 | 000,039,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2010/08/25 19:31:30 | 009,024,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2010/06/25 10:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2010/06/22 19:47:58 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2010/01/19 17:53:46 | 000,127,016 | R--- | M] (Authentium, Inc) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\amp.sys -- (AMP)
DRV - [2010/01/19 17:53:44 | 001,118,248 | R--- | M] (Authentium, Inc) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ampse.sys -- (AMPSE)
DRV - [2009/09/08 09:40:14 | 000,020,392 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElRawDsk.sys -- (ElRawDisk)
DRV - [2009/09/02 03:09:24 | 000,176,128 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/04/20 04:30:32 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2009/04/20 04:30:32 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2009/04/20 04:30:32 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2009/03/26 07:00:02 | 000,064,000 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2008/12/20 00:01:46 | 001,093,120 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/12/15 20:04:24 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2008/10/03 02:39:28 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/06/29 07:52:26 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2008/04/17 11:05:16 | 000,199,344 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/01/20 19:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 19:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 19:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 19:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 19:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 19:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 19:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 19:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 19:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 19:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/20 19:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 19:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 19:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 19:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 19:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 19:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 19:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 19:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 19:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 19:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 19:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 19:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2008/01/20 19:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2007/10/31 18:51:26 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007/10/31 18:47:54 | 000,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007/10/31 18:47:08 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007/10/17 16:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006/11/02 02:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 02:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 02:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 02:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 02:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 02:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 02:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 02:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 02:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 02:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 01:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 01:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 01:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 01:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 01:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 01:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 00:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 00:30:56 | 000,194,048 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2006/07/24 17:51:34 | 000,009,341 | ---- | M] (iolo technologies, LLC (based on original work by Bo BrantÃ©n)) [Kernel | System | Running] -- C:\Windows\System32\drivers\filedisk.sys -- (FileDisk)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://shop.thefreevpn.com/home.php
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google "
FF - prefs.js..browser.startup.homepage: "http://digitalscrapbookpages.com/digitals/sdr458fEIldtgAE8/ "
FF - prefs.js..extensions.enabledItems: noia2_option@kk.noia:3.76
FF - prefs.js..extensions.enabledItems: rankchecker@seobook.com:1.7.9
FF - prefs.js..extensions.enabledItems: seo4firefox@seobook.com:3.4.2
FF - prefs.js..extensions.enabledItems: seotoolbar@seobook.com:1.1.3
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: {317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.6.8
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.63
FF - prefs.js..extensions.enabledItems: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:9.5.0.0
FF - prefs.js..extensions.enabledItems: launchClipboard@alice:1.8
FF - prefs.js..extensions.enabledItems: hootsuite@hootsuite.com:0.6.1
FF - prefs.js..extensions.enabledItems: rapportive@rapportive.com:1.1.1
FF - prefs.js..extensions.enabledItems: searchpredict@speedbit.com:1.0.1.0
FF - prefs.js..extensions.enabledItems: {0329E7D6-6F54-462D-93F6-F5C3118BADF2}:2.3.1
FF - prefs.js..extensions.enabledItems: firefox@1passwd.com:1.0.2.155
FF - prefs.js..extensions.enabledItems: {de5809e0-2b07-11dd-bd0b-0800200c9a66}:1.2.0
FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76
FF - prefs.js..network.proxy.http: "173.208.51.246:12243 "
FF - prefs.js..network.proxy.http_port: 12243
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010/03/24 10:14:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\searchpredict@speedbit.com: C:\Program Files\SearchPredict\PRFireFox [2010/12/31 16:36:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files\SpeedBit Video Downloader\SPFireFox [2010/12/31 16:36:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/23 20:07:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/06 20:54:01 | 000,000,000 | ---D | M]

[2010/11/07 08:08:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rick\AppData\Roaming\Mozilla\Extensions
[2010/11/07 08:08:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rick\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2011/01/26 21:10:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\pnvm8p76.default\extensions
[2010/11/22 19:11:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\pnvm8p76.default\extensions\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
[2010/05/02 13:01:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\pnvm8p76.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/11/30 16:56:10 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\pnvm8p76.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2010/02/24 20:26:40 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\pnvm8p76.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2011/01/06 20:28:22 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\pnvm8p76.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010/04/08 17:19:37 | 000,000,000 | ---D | M] (Gradient iCool) -- C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\pnvm8p76.default\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66}
[2010/12/18 21:15:21 | 000,000,000 | ---D | M] ( "BitDefender QuickScan ") -- C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\pnvm8p76.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010/12/21 15:05:55 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\pnvm8p76.default\extensions\engine@conduit.com
[2010/11/22 21:03:30 | 000,000,000 | ---D | M] (HootSuite) -- C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\pnvm8p76.default\extensions\hootsuite@hootsuite.com
[2010/11/19 10:40:03 | 000,000,000 | ---D | M] ( "BlackSheep ") -- C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\pnvm8p76.default\extensions\jsobrier@zscaler.com
[2010/11/22 21:03:30 | 000,000,000 | ---D | M] (Launch Clipboard) -- C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\pnvm8p76.default\extensions\launchClipboard@alice
[2010/02/24 20:26:40 | 000,000,000 | ---D | M] (Noia 2.0 eXtreme OPT) -- C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\pnvm8p76.default\extensions\noia2_option@kk.noia
[2010/12/15 21:43:17 | 000,000,000 | ---D | M] ( "RankChecker ") -- C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\pnvm8p76.default\extensions\rankchecker@seobook.com
[2010/11/25 19:26:56 | 000,000,000 | ---D | M] (Rapportive) -- C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\pnvm8p76.default\extensions\rapportive@rapportive.com
[2010/12/14 19:09:44 | 000,000,000 | ---D | M] ( "SEO For Firefox ") -- C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\pnvm8p76.default\extensions\seo4firefox@seobook.com
[2010/12/06 18:28:11 | 000,000,000 | ---D | M] ( "Seo Toolbar ") -- C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\pnvm8p76.default\extensions\seotoolbar@seobook.com
[2010/12/31 16:46:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/05 12:21:42 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/06/09 18:38:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/01/01 09:08:31 | 000,000,000 | ---D | M] (1Password) -- C:\PROGRAM FILES\1PASSWORD\FIREFOX@1PASSWD.COM
[2010/12/31 16:37:01 | 000,000,000 | ---D | M] (Download Accelerator Plus (DAP) extension) -- C:\PROGRAM FILES\DAP\DAPFIREFOX
[2010/12/31 16:36:01 | 000,000,000 | ---D | M] (SearchPredict) -- C:\PROGRAM FILES\SEARCHPREDICT\PRFIREFOX
[2010/12/31 16:36:12 | 000,000,000 | ---D | M] (SpeedBit Video Downloader) -- C:\PROGRAM FILES\SPEEDBIT VIDEO DOWNLOADER\SPFIREFOX
[2010/06/09 18:37:46 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/01/27 18:48:29 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SBCONVERT Class) - {3017FB3E-9A77-4396-88C5-0EC9548FB42F} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (1Password) - {CB1A24DA-7416-4921-A0CF-5AA1160AAE2A} - C:\Program Files\1Password\Agile1pIE.dll (Agile Web Solutions)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Download Accelerator Plus Integration) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)
O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\SpeedBit Video Downloader\Toolbar\Grabber.dll (Speedbit Ltd.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKCU\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [iolo Startup] C:\Program Files\iolo\Common\Lib\ioloLManager.exe (iolo technologies, LLC)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [DownloadAccelerator] C:\Program Files\DAP\DAP.EXE (SpeedBit Ltd.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Rick\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: 1Password - {00FAC6C9-C494-4AD8-B3C0-DE677AFDDBD8} - C:\Program Files\1Password\Agile1pIE.dll (Agile Web Solutions)
O9 - Extra 'Tools' menuitem : 1Password Ctrl+\ - {00FAC6C9-C494-4AD8-B3C0-DE677AFDDBD8} - C:\Program Files\1Password\Agile1pIE.dll (Agile Web Solutions)
O9 - Extra Button: iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files\iMacros\imacros.dll (iOpus Software GmbH)
O9 - Extra 'Tools' menuitem : iMacros Web Automation - {0483894E-2422-45E0-8384-021AFF1AF3CD} - Reg Error: Value error. File not found
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\iavlsp.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\iavlsp.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\iavlsp.dll (iolo technologies, LLC)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.3IV2 - C:\Windows\System32\3ivxVfWCodec.dll (3ivx Technologies Pty. Ltd.)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/01/27 19:55:01 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Rick\Desktop\OTL.exe
[2011/01/27 18:50:57 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/01/27 18:50:57 | 000,000,000 | ---D | C] -- C:\Users\Rick\AppData\Local\temp
[2011/01/27 18:50:26 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/01/27 18:39:56 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/01/27 18:39:41 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/01/26 21:28:30 | 001,153,912 | ---- | C] (Emsi Software GmbH) -- C:\Users\Rick\Desktop\BlitzBlank.exe
[2011/01/26 19:34:41 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/01/26 19:34:41 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/01/26 19:34:41 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/01/26 19:34:33 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/01/26 19:34:22 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/01/26 17:58:23 | 000,000,000 | ---D | C] -- C:\Users\Rick\Desktop\bootkit_remover
[2011/01/25 20:47:49 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Rick\Desktop\TFC.exe
[2011/01/25 19:54:58 | 000,000,000 | ---D | C] -- C:\Users\Rick\Desktop\WindowsBBS
[2011/01/22 07:47:49 | 000,000,000 | ---D | C] -- C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/01/22 07:47:48 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/01/05 22:09:03 | 000,000,000 | ---D | C] -- C:\Users\Rick\AppData\Local\Apple Computer
[2011/01/05 21:55:37 | 000,000,000 | ---D | C] -- C:\Users\Rick\AppData\Roaming\Apple Computer
[2011/01/01 09:20:55 | 000,000,000 | ---D | C] -- C:\Users\Rick\Documents\1Password
[2011/01/01 09:17:00 | 000,000,000 | ---D | C] -- C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/01/01 09:09:03 | 000,000,000 | ---D | C] -- C:\Users\Rick\AppData\Roaming\Agile Web Solutions
[2011/01/01 09:08:32 | 001,384,448 | ---- | C] (Chilkat Software, Inc.) -- C:\Windows\System32\ChilkatCrypt2.dll
[2011/01/01 09:08:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1Password
[2011/01/01 09:08:29 | 000,000,000 | ---D | C] -- C:\Program Files\1Password
[2010/12/31 21:50:08 | 000,000,000 | ---D | C] -- C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Extractor 3.3
[2010/12/31 21:50:08 | 000,000,000 | ---D | C] -- C:\Program Files\Data Extractor 3.3
[2010/12/31 17:35:57 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedBit Video Accelerator
[2010/12/31 16:36:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedBit Video Downloader
[2010/12/31 16:36:01 | 000,000,000 | ---D | C] -- C:\Program Files\SearchPredict
[2010/12/31 16:35:57 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedBit Video Downloader
[2010/12/31 16:20:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2010/12/31 16:18:00 | 000,000,000 | ---D | C] -- C:\Windows\en
[2010/12/31 16:15:20 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2010/12/31 16:09:08 | 000,000,000 | ---D | C] -- C:\Users\Rick\AppData\Local\Windows Live
[2010/12/31 16:04:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\x64
[2010/12/31 16:02:11 | 000,000,000 | ---D | C] -- C:\Users\Rick\{6e99ee59-0a11-4090-8df4-203236fa10c4}
[2010/08/25 18:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll

========== Files - Modified Within 30 Days ==========

[2011/01/27 19:55:02 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Rick\Desktop\OTL.exe
[2011/01/27 19:20:01 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-900569667-3235452637-1988623051-1000UA.job
[2011/01/27 19:04:20 | 000,000,284 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2011/01/27 19:01:41 | 000,000,448 | ---- | M] () -- C:\Windows\System32\iolo.ini
[2011/01/27 19:00:47 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/27 19:00:47 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/27 19:00:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/27 19:00:35 | 3149,078,528 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/27 19:00:34 | 317,376,589 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/01/27 18:48:29 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/01/27 09:29:02 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-900569667-3235452637-1988623051-1000Core.job
[2011/01/26 21:28:34 | 001,153,912 | ---- | M] (Emsi Software GmbH) -- C:\Users\Rick\Desktop\BlitzBlank.exe
[2011/01/26 19:25:45 | 004,160,986 | R--- | M] () -- C:\Users\Rick\Desktop\ComboFix.exe
[2011/01/26 17:55:19 | 000,039,605 | ---- | M] () -- C:\Users\Rick\Desktop\bootkit_remover.rar
[2011/01/25 21:23:02 | 000,000,680 | ---- | M] () -- C:\Users\Rick\AppData\Local\d3d9caps.dat
[2011/01/25 21:13:07 | 000,634,022 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/01/25 21:13:07 | 000,115,272 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/01/25 20:47:59 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Rick\Desktop\TFC.exe
[2011/01/25 20:46:38 | 000,624,128 | ---- | M] () -- C:\Users\Rick\Desktop\dds.scr
[2011/01/25 19:49:43 | 000,080,384 | ---- | M] () -- C:\Users\Rick\Desktop\MBRCheck.exe
[2011/01/25 19:48:25 | 000,296,448 | ---- | M] () -- C:\Users\Rick\Desktop\GMERpipyxxhd.exe
[2011/01/22 07:47:50 | 000,001,946 | ---- | M] () -- C:\Users\Rick\Desktop\HiJackThis.lnk
[2011/01/22 07:30:41 | 000,000,036 | ---- | M] () -- C:\Users\Rick\AppData\Local\housecall.guid.cache
[2011/01/20 20:53:32 | 003,790,624 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/01/14 03:01:47 | 000,002,087 | ---- | M] () -- C:\Users\Rick\Desktop\Google Chrome.lnk
[2011/01/14 03:01:47 | 000,002,049 | ---- | M] () -- C:\Users\Rick\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/01/11 19:12:07 | 000,014,848 | ---- | M] () -- C:\Users\Rick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/06 22:04:01 | 000,210,386 | ---- | M] () -- C:\Users\Rick\.ranktracker.properties
[2011/01/06 21:02:41 | 000,002,114 | ---- | M] () -- C:\Users\Rick\Desktop\Rank Tracker.lnk
[2011/01/06 20:57:51 | 000,005,577 | ---- | M] () -- C:\Users\Rick\AppData\Roaming\mainhst.zgh
[2011/01/06 19:33:04 | 000,001,922 | ---- | M] () -- C:\Users\Rick\Documents\cc_20110106_193259.reg
[2011/01/01 09:08:33 | 000,000,836 | ---- | M] () -- C:\Users\Rick\Application Data\Microsoft\Internet Explorer\Quick Launch\1Password.lnk
[2011/01/01 09:08:33 | 000,000,812 | ---- | M] () -- C:\Users\Rick\Desktop\1Password.lnk
[2010/12/31 21:50:09 | 000,134,753 | ---- | M] () -- C:\Windows\Data Extractor Uninstaller.exe
[2010/12/31 21:50:09 | 000,000,951 | ---- | M] () -- C:\Users\Rick\Desktop\Data Extractor.lnk
[2010/12/31 16:44:34 | 000,000,782 | ---- | M] () -- C:\Users\Rick\Desktop\Download Accelerator Plus (DAP).lnk

mannclann · 2011/01/27

========== Files Created - No Company Name ==========

[2011/01/27 18:52:33 | 3149,078,528 | -HS- | C] () -- C:\hiberfil.sys
[2011/01/26 21:31:53 | 000,000,448 | ---- | C] () -- C:\Windows\System32\iolo.ini
[2011/01/26 19:34:41 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/01/26 19:34:41 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/01/26 19:34:41 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/01/26 19:34:41 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/01/26 19:34:41 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/01/26 19:22:40 | 004,160,986 | R--- | C] () -- C:\Users\Rick\Desktop\ComboFix.exe
[2011/01/26 17:55:23 | 000,039,605 | ---- | C] () -- C:\Users\Rick\Desktop\bootkit_remover.rar
[2011/01/25 20:53:51 | 317,376,589 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/01/25 20:46:37 | 000,624,128 | ---- | C] () -- C:\Users\Rick\Desktop\dds.scr
[2011/01/25 19:49:55 | 000,080,384 | ---- | C] () -- C:\Users\Rick\Desktop\MBRCheck.exe
[2011/01/25 19:48:38 | 000,296,448 | ---- | C] () -- C:\Users\Rick\Desktop\GMERpipyxxhd.exe
[2011/01/22 07:47:50 | 000,001,946 | ---- | C] () -- C:\Users\Rick\Desktop\HiJackThis.lnk
[2011/01/22 07:30:41 | 000,000,036 | ---- | C] () -- C:\Users\Rick\AppData\Local\housecall.guid.cache
[2011/01/06 21:52:11 | 000,210,386 | ---- | C] () -- C:\Users\Rick\.ranktracker.properties
[2011/01/06 21:02:41 | 000,002,114 | ---- | C] () -- C:\Users\Rick\Desktop\Rank Tracker.lnk
[2011/01/06 19:33:01 | 000,001,922 | ---- | C] () -- C:\Users\Rick\Documents\cc_20110106_193259.reg
[2011/01/01 09:17:06 | 000,002,087 | ---- | C] () -- C:\Users\Rick\Desktop\Google Chrome.lnk
[2011/01/01 09:17:06 | 000,002,049 | ---- | C] () -- C:\Users\Rick\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/01/01 09:15:32 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-900569667-3235452637-1988623051-1000UA.job
[2011/01/01 09:15:30 | 000,000,852 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-900569667-3235452637-1988623051-1000Core.job
[2011/01/01 09:08:33 | 000,000,836 | ---- | C] () -- C:\Users\Rick\Application Data\Microsoft\Internet Explorer\Quick Launch\1Password.lnk
[2011/01/01 09:08:33 | 000,000,812 | ---- | C] () -- C:\Users\Rick\Desktop\1Password.lnk
[2010/12/31 21:50:09 | 000,134,753 | ---- | C] () -- C:\Windows\Data Extractor Uninstaller.exe
[2010/12/31 21:50:09 | 000,000,951 | ---- | C] () -- C:\Users\Rick\Desktop\Data Extractor.lnk
[2010/12/31 16:44:34 | 000,000,782 | ---- | C] () -- C:\Users\Rick\Desktop\Download Accelerator Plus (DAP).lnk
[2010/12/31 16:15:11 | 000,001,208 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2010/12/31 16:14:33 | 000,001,277 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2010/12/31 16:13:59 | 000,001,087 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2010/12/31 16:13:27 | 000,002,075 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2010/12/31 16:06:09 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2010/12/31 16:06:09 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2010/12/31 16:06:09 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2010/09/12 19:39:57 | 000,057,016 | ---- | C] () -- C:\Windows\System32\imsys.dll
[2010/09/12 19:39:56 | 000,343,224 | ---- | C] () -- C:\Windows\System32\iimds.dll
[2010/09/12 19:39:56 | 000,014,848 | ---- | C] () -- C:\Windows\System32\iimir.dll
[2010/09/12 19:39:55 | 000,233,144 | ---- | C] () -- C:\Windows\System32\IMImage.dll
[2010/09/12 14:06:32 | 000,000,077 | ---- | C] () -- C:\Users\Rick\AppData\Roaming\Rim.Desktop.Exception.log
[2010/09/12 14:04:51 | 000,000,801 | ---- | C] () -- C:\Users\Rick\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
[2010/08/25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/08/25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010/07/30 08:25:10 | 000,000,680 | ---- | C] () -- C:\Users\Rick\AppData\Local\d3d9caps.dat
[2010/07/24 20:15:24 | 000,014,848 | ---- | C] () -- C:\Users\Rick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/25 10:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2010/06/24 14:08:21 | 000,000,000 | ---- | C] () -- C:\Users\Rick\AppData\Local\QSwitch.txt
[2010/06/24 14:08:21 | 000,000,000 | ---- | C] () -- C:\Users\Rick\AppData\Local\DSwitch.txt
[2010/06/24 14:08:21 | 000,000,000 | ---- | C] () -- C:\Users\Rick\AppData\Local\AtStart.txt
[2010/06/08 15:23:24 | 000,000,232 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010/05/20 14:32:43 | 000,000,384 | ---- | C] () -- C:\Users\Rick\AppData\Roaming\wklnhst.dat
[2010/05/05 12:22:50 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/04/30 14:08:04 | 000,000,153 | ---- | C] () -- C:\ProgramData\RmUserCfg.ini
[2010/04/30 14:08:04 | 000,000,000 | ---- | C] () -- C:\ProgramData\IpAndPort.fig
[2010/03/22 07:54:29 | 000,000,095 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2010/01/19 19:09:35 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll
[2009/10/20 14:04:17 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/20 07:35:12 | 000,003,190 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/09/16 17:27:58 | 000,508,224 | ---- | C] () -- C:\Windows\System32\ICCProfiles.dll
[2009/08/21 21:05:23 | 000,005,577 | ---- | C] () -- C:\Users\Rick\AppData\Roaming\mainhst.zgh
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/19 19:00:01 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2009/07/19 18:59:53 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009/07/19 18:59:32 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009/07/19 18:59:02 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009/07/19 18:57:17 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2009/07/19 18:56:47 | 000,000,284 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2009/04/20 05:24:35 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2009/04/20 05:19:27 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2009/04/20 05:17:45 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2009/04/20 05:16:32 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2009/03/05 05:54:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2008/07/06 13:29:46 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1518.dll
[2008/06/29 07:52:14 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008/02/18 23:33:34 | 000,446,352 | ---- | C] () -- C:\Windows\System32\OpenQuicktimeLib.dll
[2006/11/17 22:24:06 | 000,066,046 | ---- | C] () -- C:\Program Files\Dupe_Free_0_NO_VISTA.ico
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 02:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

========== LOP Check ==========

[2011/01/01 09:11:01 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\Agile Web Solutions
[2010/04/26 13:55:55 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\AnvSoft
[2011/01/20 19:37:57 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\BitTorrent
[2010/05/22 08:50:44 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\Canon
[2010/03/12 11:22:10 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\CoffeeCup Software
[2010/12/06 22:19:12 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\Downloaded Installations
[2011/01/27 19:04:37 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\Dropbox
[2010/11/13 19:08:52 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\EasyLeadFinderv2
[2011/01/21 19:15:53 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\FileZilla
[2010/09/03 17:32:23 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\IBP
[2010/05/31 21:36:42 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\iolo
[2010/02/22 09:18:56 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\KaDonk
[2010/09/14 19:31:13 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2010/09/30 10:01:36 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\MySQL
[2010/12/08 21:29:31 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\Nitro PDF
[2010/04/01 11:57:01 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\Nuance
[2009/11/30 09:05:14 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\OpenOffice.org
[2010/10/05 19:37:49 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\QuickScan
[2010/09/12 14:06:50 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\Research In Motion
[2010/11/30 19:31:49 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\ScrapeBox Link Checker Free Edition
[2010/06/10 22:12:17 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\TeamViewer
[2010/05/20 14:32:46 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\Template
[2010/11/24 12:23:46 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2010/06/13 17:17:31 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\ZipGenius
[2011/01/26 21:30:19 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2006/09/18 14:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2011/01/26 21:31:11 | 000,000,728 | ---- | M] () -- C:\blitzblank.log
[2009/04/10 23:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2011/01/27 18:50:56 | 000,021,531 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 14:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2011/01/27 19:00:35 | 3149,078,528 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2011/01/27 19:00:34 | 3462,864,896 | -HS- | M] () -- C:\pagefile.sys
[2010/06/06 13:16:10 | 000,000,755 | ---- | M] () -- C:\Sys_LogWin.log
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

< %systemroot%\Fonts\*.com >
[2006/11/02 05:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 05:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 05:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/11/03 08:24:25 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 14:37:34 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2010/09/02 15:17:50 | 000,196,608 | ---- | M] (Eastman Kodak Company) -- C:\Windows\System32\spool\prtprocs\w32x86\EKIJ5000PPR.dll
[2008/08/12 09:58:10 | 000,314,880 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpfpp082.dll
[2006/11/02 05:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/09/23 00:32:56 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2010/02/10 14:41:46 | 000,001,658 | -H-- | M] () -- C:\Users\Rick\AppData\Roaming\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >
[2008/01/20 19:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
[2006/11/17 22:24:06 | 000,066,046 | ---- | M] () -- C:\Program Files\Dupe_Free_0_NO_VISTA.ico

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/01/20 20:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 20:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 20:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 03:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 03:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/01/22 20:56:42 | 000,000,286 | -HS- | M] () -- C:\Users\Rick\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/01/26 21:28:34 | 001,153,912 | ---- | M] (Emsi Software GmbH) -- C:\Users\Rick\Desktop\BlitzBlank.exe
[2011/01/26 19:25:45 | 004,160,986 | R--- | M] () -- C:\Users\Rick\Desktop\ComboFix.exe
[2011/01/25 19:48:25 | 000,296,448 | ---- | M] () -- C:\Users\Rick\Desktop\GMERpipyxxhd.exe
[2010/09/05 15:57:36 | 005,487,504 | ---- | M] () -- C:\Users\Rick\Desktop\HSS-1.49-install-webroot-225-conduit.exe
[2010/09/05 17:10:48 | 005,487,504 | ---- | M] () -- C:\Users\Rick\Desktop\HSS-1.49-install-webroot-225-conduit[1].exe
[2011/01/25 19:49:43 | 000,080,384 | ---- | M] () -- C:\Users\Rick\Desktop\MBRCheck.exe
[2011/01/27 19:55:02 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Rick\Desktop\OTL.exe
[2010/06/10 22:46:27 | 006,936,830 | ---- | M] ( ) -- C:\Users\Rick\Desktop\setup.exe
[2011/01/25 20:47:59 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Rick\Desktop\TFC.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/08/17 07:54:29 | 000,000,402 | -HS- | M] () -- C:\Users\Rick\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/01/27 19:04:20 | 000,000,284 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2010/04/03 13:29:39 | 000,003,190 | ---- | M] () -- C:\ProgramData\hpzinstall.log
[2010/04/30 14:08:04 | 000,000,000 | ---- | M] () -- C:\ProgramData\IpAndPort.fig
[2010/04/30 14:08:04 | 000,000,153 | ---- | M] () -- C:\ProgramData\RmUserCfg.ini
[2009/07/19 18:59:53 | 000,000,032 | ---- | M] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009/04/20 05:24:54 | 000,000,109 | ---- | M] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2009/07/19 18:59:02 | 000,000,032 | ---- | M] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009/04/20 05:19:15 | 000,000,105 | ---- | M] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2009/07/19 18:57:17 | 000,000,032 | ---- | M] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2009/07/19 18:59:32 | 000,000,032 | ---- | M] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009/04/20 05:17:35 | 000,000,107 | ---- | M] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2009/04/20 05:24:26 | 000,000,110 | ---- | M] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2009/07/19 19:00:02 | 000,000,105 | ---- | M] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >
Data Extractor Uninstaller.exe

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 268 bytes -> C:\ProgramData\Temp:2B11E0DF
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:8CE646EE

< End of report >

mannclann · 2011/01/27

OTL Extras logfile created on: 1/27/2011 7:55:52 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Rick\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.17 Gb Total Space | 72.93 Gb Free Space | 25.40% Space Free | Partition Type: NTFS
Drive D: | 10.92 Gb Total Space | 1.82 Gb Free Space | 16.68% Space Free | Partition Type: NTFS

Computer Name: MANNCLANNLAPTOP | User Name: Rick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15142F5F-7C3A-44D5-85E7-FD23921C5528}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{184667DD-D2B0-4E4C-900D-0CBBC43F9DDE}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer |
"{1A8271D7-93CD-4F63-8372-9688242C57F2}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer |
"{271E284E-1BB7-457B-9142-957B598C4FE8}" = rport=139 | protocol=6 | dir=out | app=system |
"{2928F4E0-A165-4E84-B224-471F2E0E7FA0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3EC535F2-BC1E-4BA0-BBEE-80CC5CD3B31C}" = lport=137 | protocol=17 | dir=in | app=system |
"{4523AFEF-E422-4475-8499-127CB3013A20}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4D3243ED-D8C1-4B73-8878-531AB806B0A8}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{4DBAE02F-C8C8-4D74-BF9E-C17CA24E3558}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{519CE014-B082-4FB7-B2A4-C0ADB76E142F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{61E792CF-13BC-4E0E-B2D5-3D99DB1E5B92}" = rport=137 | protocol=17 | dir=out | app=system |
"{7089D2BD-A2E4-4374-9DA9-5A19866ED0D3}" = lport=445 | protocol=6 | dir=in | app=system |
"{792A320F-1AED-4212-BB6F-8308B19CCE29}" = rport=138 | protocol=17 | dir=out | app=system |
"{7F333E99-EDF8-473E-B86B-1AEE04AC0DCE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{84C6B7E1-DBEB-475C-9AFA-76062A838C3D}" = lport=138 | protocol=17 | dir=in | app=system |
"{9797C5FF-0BE5-4DC4-861C-24BA420AB554}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery |
"{AA63AD45-A1EC-46D4-B5AC-8A92987AA064}" = rport=445 | protocol=6 | dir=out | app=system |
"{B4230A4C-9326-46AC-AFB8-989CF323DB66}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery |
"{B574F6C6-60ED-4E87-8D32-B54E2ABD6B23}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B5B6F440-7A12-4DFF-9737-AB522544BD4B}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C7D2F04B-30C4-433E-8921-EFC658A199E1}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{D0B03161-C333-4E45-8FE8-9AD273F6BE89}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{D5D30B6C-09B7-42B7-B9F9-8B12BFE8F180}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{DC87CC94-B5E7-41D0-9781-A7828539C8C7}" = lport=139 | protocol=6 | dir=in | app=system |
"{F3A7161A-5488-4593-A7EC-6C140CD41A93}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FDC4452C-EB51-4AD5-A4BD-B70908FF28E0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02072F17-FFDD-40BA-AC70-18DD09725DE3}" = protocol=6 | dir=in | app=c:\program files\rankbuilder\social bookmark submitter.exe |
"{13740FFF-A484-498A-A20E-0F22441EDF7A}" = protocol=6 | dir=in | app=c:\users\rick\appdata\roaming\dropbox\bin\dropbox.exe |
"{21A56D28-C3FE-4928-A916-3EA2034B54B8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{2F06A6A2-BB56-4222-A42F-A7046614141A}" = dir=in | app=e:\setup\hpznui01.exe |
"{306CE2B3-375E-4A82-B95D-2403984C32DE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{33286E9F-A237-4F83-96A9-61140C0BF67E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{38766A57-CA2B-44BE-A22B-FD29079DA37E}" = protocol=17 | dir=in | app=c:\program files\rankbuilder\profile link builder.exe |
"{41B45893-1D5C-4474-AAB5-A901917431E5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{4B492933-93DC-4E6F-AC49-37B2FB23EC8D}" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"{4C606A07-0F90-4C5C-A254-714187AE2F13}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{4CC34291-90C7-4C4C-ACE7-DA899DE88156}" = protocol=17 | dir=in | app=c:\program files\iolo\system mechanic professional\sysmech.exe |
"{625F836A-FB43-4253-A6B0-EC4231F10F64}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{637DBA80-A559-42A1-A01B-C73B0DA9C371}" = protocol=6 | dir=in | app=c:\program files\rankbuilder\profile link builder.exe |
"{67BC386C-E4CB-4E43-AD68-7044042B3304}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{6C90C03C-4D81-41C9-94FB-DDCEA4E205A5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6DADA815-4F49-4A3E-8C6C-5C3677C3B351}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{6E4BBC9D-AA60-4790-A2CB-FE22B7A65C03}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{81387DE2-CA85-4123-BB6B-66C82DC423B4}" = protocol=17 | dir=in | app=c:\program files\rankbuilder\linkwheel builder.exe |
"{82ABB0E7-C96E-4705-92DD-0A27FCF0D467}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8D75A7F9-6E83-45E0-AD68-C52F97EB7B94}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{9317517A-E325-4FE8-8E65-1F780A0099EF}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{A5D84A2C-070D-46E3-A637-E2109ADB700C}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{A89B0245-F75E-4E66-BCC0-50A277E3629C}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{ABAC187F-6940-4908-B437-5D511B8E2F78}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{AD2F3410-6745-4CA3-B317-723E215AC8DC}" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"{B5615257-87BC-4D0E-9C0D-53B23089A3DB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{BA973A2C-8098-4F8C-BEB1-47A61B35A232}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{BC707160-3FBA-4CE4-AA07-D28E76056939}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{BD6F5A34-08A6-4C2A-89A5-E31932953A1C}" = protocol=6 | dir=in | app=c:\program files\rankbuilder\linkwheel builder.exe |
"{CBB4B8AA-9EE6-4A18-B45E-80019B423F78}" = protocol=6 | dir=in | app=c:\program files\rankbuilder\article submitter.exe |
"{CF51C104-6538-434E-846D-E2C86E51EC21}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{D39D1015-DF82-442D-88FB-7208E158DD69}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{D5A2045C-9616-42E8-8AAD-879B6A51ADF3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{DBA91356-0C44-4D51-8300-4996A1300573}" = protocol=17 | dir=in | app=c:\program files\rankbuilder\social bookmark submitter.exe |
"{DC5D3B09-CB1D-4653-BAE0-1526BA18252C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E13733A7-16FA-45D0-A179-82AE8CB38496}" = protocol=17 | dir=in | app=c:\program files\rankbuilder\article submitter.exe |
"{E1BD6AD5-1400-4340-B5BA-BACD6F880A9A}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{E9D0364B-20F2-437E-9DC3-9E9BE7271E0A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EA51B807-3A5B-4FD2-8123-0BC69825E200}" = protocol=6 | dir=in | app=c:\program files\iolo\system mechanic professional\sysmech.exe |
"{EB264303-D284-4ABC-9F34-B7CE6D6CCD8E}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{F1AB2F7A-209E-4071-9317-B365213E3B2C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F61C4FFE-AC6A-492D-9539-6C6FFEAD9AD7}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{F9215783-162A-486F-8D2F-673D89B5BA65}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{FCF532A2-76CD-4FE3-9D5C-DDA5AD22C6F2}" = protocol=17 | dir=in | app=c:\users\rick\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{2A9FBC05-5D61-4732-9220-238065C03DBD}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{58955F7B-D670-4183-B872-8E13D3679301}C:\xampp1\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp1\xampp\mysql\bin\mysqld.exe |
"TCP Query User{5A7A1739-2D4F-4325-B567-8AED9BC00299}C:\xampp1\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp1\xampp\apache\bin\httpd.exe |
"TCP Query User{5F4F1B99-397C-4591-99EB-9EECC787D47A}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{88D7522A-C06D-4F0B-BEDB-F86D71497508}C:\wamp\bin\apache\apache2.2.11\bin\httpd.exe" = protocol=6 | dir=in | app=c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe |
"TCP Query User{E1C416AF-B3C3-4234-9EA1-201846AB22F6}C:\program files\coffeecup software\coffeecup free html editor\coffee.exe" = protocol=6 | dir=in | app=c:\program files\coffeecup software\coffeecup free html editor\coffee.exe |
"UDP Query User{2D23F0B8-DBAB-4410-AE14-12D469CF4023}C:\program files\coffeecup software\coffeecup free html editor\coffee.exe" = protocol=17 | dir=in | app=c:\program files\coffeecup software\coffeecup free html editor\coffee.exe |
"UDP Query User{5494DA18-7C9C-4AE4-A6FD-6A8244CD3385}C:\xampp1\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp1\xampp\apache\bin\httpd.exe |
"UDP Query User{78D0C681-40E5-4377-8F35-3875CBA04351}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{A04B76B9-F447-4E6A-AE0B-3E308EAEEEB2}C:\wamp\bin\apache\apache2.2.11\bin\httpd.exe" = protocol=17 | dir=in | app=c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe |
"UDP Query User{B2F7D47E-854F-4DF8-81E8-77D5D08AD7B0}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{D8BED047-3864-46A6-845C-57AAD698C554}C:\xampp1\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp1\xampp\mysql\bin\mysqld.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{04179174-F3AC-4CE6-BBBE-83B46D5041CB}" = SocialBot
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19DAB935-EAC2-485D-A1B8-CBDEAF0D422C}" = Keyword Prodigy
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{23170F69-40C1-2701-0465-000001000000}" = 7-Zip 4.65
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29042B1C-0713-4575-B7CA-5C8E7B0899D4}" = MySQL Connector/ODBC 5.1
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch
"{2AD738DC-FC24-4342-A2DA-BB6DCCF6B048}" = Jing
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{30DBAD4A-BA6D-4F9D-8AB0-2F6C7B0612A4}" = AVSDK5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZero Preloader
"{38058455-8C21-4C2F-B2F6-14ED166039CB}" = HP Total Care Setup
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{38DAE5F5-EC70-4aa5-801B-D11CA0A33B41}" = BPDSoftware
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A5A427F-BA39-4BF0-9A47-9999FBE60C9F}" = Visual C++ Runtime for Dragon NaturallySpeaking
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{4DCC4B6D-5996-F18A-5933-347A5B36E5FF}" = Market Samurai
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{665CBCA4-5AB0-414B-A288-3F8F99FEFC45}" = HP User Guides 0118
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6A370610-3778-44AF-9AAC-69B2FD1A3356}" = Microsoft Live Search Toolbar
"{6CC080F1-2E00-41D5-BE47-A3BC784E9DFB}" = BPDSoftware_Ini
"{6EED4269-588D-45b8-A80C-26A9CA62EE4E}" = HPSSupply
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7C3CDCA6-8B91-45A6-B704-522A1BFB67D9}" = MySQL Server 5.1
"{800E784D-53E3-4948-B491-9E7FA5EACBDC}" = SmartWebPrinting
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E55813F-2FA3-47E8-9AF9-31DC0B4AE3ED}" = Mindjet MindManager Viewer 7
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9129B46A-51F0-431b-9838-DF7272F3204E}" = ProductContext
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9603DE6D-4567-4b78-B941-849322373DE2}" = SolutionCenter
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A2F0810-3622-4E86-9072-973FBE1679C5}" = QuickBooks Pro 2009
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{9D1B99B7-DAD8-440d-B4FB-1915332FBCC2}" = HPProductAssistant
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB3D78B7-8066-465A-82A8-5F3751564457}_is1" = S3 Ripper 1.3
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{AC76BA86-7AD7-5670-0000-900000000003}" = Korean Fonts Support For Adobe Reader 9
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BBD3F66B-1180-4785-B679-3F91572CD3B4}_is1" = iolo technologies' System Mechanic Professional
"{C29C1940-CB85-4F3B-906C-33FEE0E67103}" = DocMgr
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1725D54-279A-40C5-A70D-23C1785DB920}_is1" = AoA Audio Extractor
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}" = BlackBerry Desktop Software 6.0
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D93E970F-5B4B-4BE6-89CB-E46963E3B1E4}" = DupeFree Pro
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE13432E-F0C1-4842-A5BA-CC997DA72A70}" = 6500_E709_eDocs
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E0644F41-995B-46C2-A5F5-5F3A0FD4D320}" = Traffic and Linking Tool
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E7712E53-7A7F-46EB-AA13-70D5987D30F2}" = Dragon NaturallySpeaking 10
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC3B598C-1151-4191-B5B4-A9072ADE6259}_is1" = ZipGenius 6 (6.0.3.1150)
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F648FD09-7CEA-4257-BC68-A8389189FD51}" = GPBaseService2
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{F7F23DFB-31E1-B7EC-7A6D-7668B595ADAE}" = FlipShare
"{F81BC54F-0272-42B4-8237-F5D091421B9B}" = SERPAssist
"{FA0F0A01-4631-4161-A6C2-948BF694382E}" = HP Officejet 6500 E709 Series
"{FCB10DE3-E190-4A7E-B06A-FAC61567ABFC}" = MySQL Tools for 5.0
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1Password_is1" = 1Password 1.0.2.155
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Any Video Converter_is1" = Any Video Converter 3.0.5
"AVIGenerator V1.0.0.0_is1" = AVIGenerator V1.0.0.0
"AVS Audio Converter 6.2_is1" = AVS Audio Converter version 6.2
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor 4_is1" = AVS Video Editor 4
"AVS Video Recorder_is1" = AVS Video Recorder 2.4
"AVS YouTube Uploader 2.1_is1" = AVS YouTube Uploader version 2.1
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"CoffeeCup Free HTML Editor" = CoffeeCup Free HTML Editor
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Data Extractor" = Data Extractor
"Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP)
"FileZilla Client" = FileZilla Client 3.3.5.1
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Hide My Ass! Pro" = Hide My Ass! Pro 1.8
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 12.0
"HPExtendedCapabilities" = HP Customer Participation Program 12.0
"HPOCR" = OCR Software by I.R.I.S. 12.0
"IAW20" = IAW20
"IAWP" = IAWP
"IBP11_is1" = IBP 11.7.4
"IIM5_is1" = iMacros V6.90
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1" = Market Samurai
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Playback_is1" = Playback 2.3.0.4
"SEO Spider_is1" = SEO Spider 1.0
"seopowersuite" = Rank Tracker
"Shop for HP Supplies" = Shop for HP Supplies
"SpeedBit Video Downloader" = SpeedBit Video Downloader
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 5" = TeamViewer 5
"VLC media player" = VLC media player 1.0.5
"WampServer 2_is1" = WampServer 2.0
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite" = Windows Live Essentials
"WinMerge_is1" = WinMerge 2.12.4
"WinPcapInst" = WinPcap 4.1.2
"WinRAR archiver" = WinRAR archiver
"WordFlood 2.0" = WordFlood 2.0 (remove only)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Log in or Sign up

Solved Last One - Laptop same concerns

mannclann Inactive Thread Starter

mannclann Inactive Thread Starter

broni Moderator Malware Analyst

mannclann Inactive Thread Starter

broni Moderator Malware Analyst

mannclann Inactive Thread Starter

broni Moderator Malware Analyst

mannclann Inactive Thread Starter

broni Moderator Malware Analyst

mannclann Inactive Thread Starter

broni Moderator Malware Analyst

mannclann Inactive Thread Starter

broni Moderator Malware Analyst

mannclann Inactive Thread Starter

broni Moderator Malware Analyst

mannclann Inactive Thread Starter

broni Moderator Malware Analyst

mannclann Inactive Thread Starter

mannclann Inactive Thread Starter

mannclann Inactive Thread Starter

Share This Page

Log in or Sign up

Solved Last One - Laptop same concerns

mannclann Inactive Thread Starter

mannclann Inactive Thread Starter

broni Moderator Malware Analyst

mannclann Inactive Thread Starter

broni Moderator Malware Analyst

mannclann Inactive Thread Starter

broni Moderator Malware Analyst

mannclann Inactive Thread Starter

broni Moderator Malware Analyst

mannclann Inactive Thread Starter

broni Moderator Malware Analyst

mannclann Inactive Thread Starter

broni Moderator Malware Analyst

mannclann Inactive Thread Starter

broni Moderator Malware Analyst

mannclann Inactive Thread Starter

broni Moderator Malware Analyst

mannclann Inactive Thread Starter

mannclann Inactive Thread Starter

mannclann Inactive Thread Starter

Share This Page

Useful Searches