Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

adware sabotch, igfxsrvc.exe, msa.exe, xhj.exe, alg.exe, and f5jmwnzthi


  • This topic is locked This topic is locked
12 replies to this topic

#1 dnbreaks

dnbreaks

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:18 PM

Posted 10 February 2010 - 09:58 PM

I recently started having issues with Firefox pages redirecting to advertising sites or to a Page Unable to Load page and SpySweeper will not connect to the update site. It just goes to a Server not Found page and SpySweeper says that the network connection failed and to contact support. I was able to run a full scan with SS and it did appear to remove some things, but the issues were still happening. So I tried Trendmicro Housecall and that didn't find anything. Next I tried to run the free trial of Kaspersy anti-virus 2010 but it quit partway through the install and say there was an error. Lastly, I ran both a quick and full scan with Malwarebytes. Both times it found items to remove, which I did, but the problems persist. Some of the unrecognizable things that were running were igfxsrvc.exe, msa.exe, xhj.exe, and alg.exe. At this time, the only one I see running in Task Manager is alg.exe, but there is also csrss.exe, lsass.exe, and smss.exe running. Also, when starting the computer and after SS loaded, it would say that f5jmwnzthi wanted to load at startup, but I would select "not allow". That happened a few times, but has since stopped happening (I think after the Malwarebytes scans).

Below is my DDS log and attached are the attach.txt and ark.txt files. I could not get GMER to go through a full scan in a normal Windows session. So the one that is attached was when I was running in Safe Mode. Any help would be much appreciated.


DDS (Ver_09-12-01.01) - NTFSx86
Run by Bruce Malwitz at 22:37:46.43 on Tue 02/09/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2172 [GMT -6:00]

AV: Webroot AntiVirus with Spy Sweeper *On-access scanning enabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}
FW: Webroot AntiVirus with Spy Sweeper *disabled* {63671000-11A2-46DD-BADD-A084CABCDEAE}

============== Running Processes ===============

C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Robust IT\Taskix\Taskix32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PeerBlock\peerblock.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Bruce Malwitz\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
mWinlogon: UIHost=c:\documents and settings\all users\application data\tuneup software\tuneup utilities\winstyler\tu_logonui.exe
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [SandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [Taskix] "c:\program files\robust it\taskix\Taskix32.exe" start
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [PeerBlock] "c:\program files\peerblock\peerblock.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [Intuit SyncManager] "c:\program files\common files\intuit\sync\IntuitSyncManager.exe" startup
mRun: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
mRun: [SpySweeper] "c:\program files\webroot\spy sweeper\SpySweeperUI.exe" /startintray
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\gmailn~1.lnk - c:\program files\google\gmail notifier\gnotify.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\google~1.lnk - c:\program files\google\google calendar sync\GoogleCalendarSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\google~2.lnk - c:\program files\google\google desktop search\GoogleDesktop.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\networ~1.lnk - c:\windows\installer\{7ac0886a-ce48-4eb6-9cc3-4c56d427f2e1}\NmApp.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\syntps~1.lnk - c:\program files\synaptics\syntp\SynTPStart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wdsmar~1.lnk - c:\program files\western digital\wd smartware\front parlor\WDSmartWare.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1228159346484
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228159778328
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: NameServer = 93.188.163.158,93.188.166.88
TCP: {116ADC5E-7512-456A-A60C-FB359B2B25A1} = 93.188.163.158,93.188.166.88
TCP: {1CC8640D-F51A-4EDD-922B-F2CC241CABAE} = 93.188.163.158,93.188.166.88
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\puresp3.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: igfxcui - igfxdev.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 relog_ap
IFEO: taskmgr.exe - c:\program files\tuneup utilities 2009\PMLauncher.exe
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\brucem~1\applic~1\mozilla\firefox\profiles\yqfyi4s5.default user2\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\documents and settings\bruce malwitz\application data\mozilla\firefox\profiles\yqfyi4s5.default user2\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\bruce malwitz\application data\mozilla\firefox\profiles\yqfyi4s5.default user2\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\all users\application data\realarcade\npraclient.dll
FF - plugin: c:\documents and settings\bruce malwitz\application data\mozilla\firefox\profiles\yqfyi4s5.default user2\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\documents and settings\bruce malwitz\application data\mozilla\firefox\profiles\yqfyi4s5.default user2\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\bruce malwitz\application data\mozilla\firefox\profiles\yqfyi4s5.default user2\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\documents and settings\bruce malwitz\application data\mozilla\firefox\profiles\yqfyi4s5.default user2\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\mike\application data\mozilla\plugins\npcoolirisplugin.dll
FF - plugin: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\plugins\nphpclipbook.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npRACtrl.dll
FF - plugin: c:\program files\picasa2\npPicasa2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2008-11-12 29808]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-9-12 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-1-3 47640]
R2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2009-5-27 29262680]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2009-10-14 98304]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\spy sweeper\SpySweeper.exe [2009-11-6 4048240]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\spy sweeper\WRConsumerService.exe [2008-12-1 1201640]
R3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2010-2-3 14424]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2009-12-1 119296]
S2 ACT! Scheduler;ACT! Scheduler;c:\program files\act\act for windows\Act.Scheduler.exe [2009-2-24 81920]
S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-12-1 193840]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2010-1-4 30192]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-3-20 32408]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2009-12-14 11520]
S3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc.sys [2009-6-1 15576]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 QuickBooksDB19;QuickBooksDB19;c:\progra~1\intuit\quickb~2\qbdbmgrn.exe -hvquickbooksdb19 --> c:\progra~1\intuit\quickb~2\QBDBMgrN.exe -hvQuickBooksDB19 [?]

=============== Created Last 30 ================

2010-02-10 03:53:40 0 ----a-w- c:\documents and settings\bruce malwitz\defogger_reenable
2010-02-10 01:39:02 0 d-----w- c:\docume~1\brucem~1\applic~1\Malwarebytes
2010-02-10 01:38:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-10 01:38:57 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-02-10 01:38:56 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-10 01:38:56 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-10 01:13:40 0 d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2010-02-09 22:28:58 0 d-----w- c:\program files\Moffsoft Calculator 2
2010-02-09 22:12:57 0 d-----w- c:\docume~1\brucem~1\applic~1\Downloaded Installations
2010-02-05 20:45:06 3253 ----a-w- c:\windows\system32\wbem\Outlook_01caa6a41926f9b4.mof
2010-02-04 16:36:16 58 ----a-w- c:\windows\sview.ini
2010-02-04 16:36:04 0 d-----w- C:\temp_pyx
2010-02-04 16:36:04 0 d-----w- C:\paychex
2010-02-04 03:14:57 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Drivers HeadQuarters
2010-02-03 18:34:37 0 d-----w- c:\program files\PeerBlock
2010-02-02 16:16:57 0 d-----w- c:\program files\Moffsoft FreeCalc
2010-01-28 20:41:23 4194304 ----a-w- c:\windows\system32\cdintf400.dll
2010-01-26 17:01:45 25792 ----a-w- c:\windows\system32\drivers\pnarp.sys
2010-01-26 17:01:39 26944 ----a-w- c:\windows\system32\drivers\purendis.sys
2010-01-26 17:01:34 0 d-----w- c:\program files\common files\Pure Networks Shared
2010-01-26 17:00:25 0 d-----w- c:\docume~1\alluse~1\applic~1\Pure Networks
2010-01-21 18:29:09 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-01-18 15:15:32 24832 ----a-w- c:\windows\system32\drivers\lgusbmodem.sys
2010-01-18 15:15:32 19968 ----a-w- c:\windows\system32\drivers\lgusbdiag.sys
2010-01-18 15:15:32 13056 ----a-w- c:\windows\system32\drivers\lgusbbus.sys
2010-01-18 15:15:31 0 d-----w- c:\program files\LG Electronics
2010-01-12 16:44:56 0 d-----w- c:\program files\WebEx
2010-01-12 16:43:00 2979 ------w- c:\windows\hpwmdl22.dat.temp
2010-01-12 16:43:00 188626 ------w- c:\windows\hpwins22.dat.temp
2010-01-11 23:22:18 65920 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT

==================== Find3M ====================

2010-02-09 15:33:59 952 --sha-w- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2010-01-12 17:17:35 188626 ----a-w- c:\windows\hpwins22.dat
2010-01-07 22:58:19 2285056 ----a-w- c:\windows\system32\TUKernel.exe
2010-01-07 22:07:41 67904 ----a-w- c:\windows\fonts\Dungeon.TTF
2010-01-07 22:04:21 46864 ----a-w- c:\windows\fonts\Digital.TTF
2010-01-06 17:29:08 23126 ----a-w- c:\windows\hpqins15.dat
2010-01-06 12:25:26 8 --sh--r- c:\docume~1\alluse~1\applic~1\5A5D0207D8.sys
2010-01-05 22:46:03 191256 ------w- c:\windows\autosid.exe
2010-01-05 10:00:29 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 10:00:21 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00:20 17408 ------w- c:\windows\system32\corpol.dll
2010-01-04 18:14:36 1839 ----a-w- c:\windows\mozver.dat
2010-01-04 04:03:42 87608 ----a-w- c:\docume~1\brucem~1\applic~1\inst.exe
2010-01-04 04:03:42 47360 ----a-w- c:\docume~1\brucem~1\applic~1\pcouffin.sys
2009-12-14 19:57:47 88 --sh--r- c:\docume~1\alluse~1\applic~1\FE14747759.sys
2009-12-14 16:39:12 73312 ----a-w- c:\windows\system32\drivers\adfs.sys
2009-12-13 13:33:55 604488 ----a-w- c:\windows\system32\TUProgSt.exe
2009-12-13 13:33:54 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-12-11 18:00:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-11-16 11:25:48 29000 ----a-w- c:\windows\system32\uxtuneup.dll
2008-12-06 14:34:43 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008120620081207\index.dat

============= FINISH: 22:38:50.56 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:18 PM

Posted 11 February 2010 - 08:27 AM

Hello! smile.gif
My name is Sam and I will be helping you.

In order to see what's going on with your computer I'll ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    CREATERESTOREPOINT

  • Click the "Run Scan" button.
  • The scan should take just a few minutes.
  • Please copy and paste both logs back here in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 dnbreaks

dnbreaks
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:18 PM

Posted 11 February 2010 - 03:33 PM

Hi Sam - Thanks for the help. Here are the two logs from OTL. The computer ran just fine during the scan.

OTL Extras logfile created on: 2/11/2010 2:24:23 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Bruce Malwitz\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free
5.00 Gb Paging File | 3.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 221.19 Gb Total Space | 148.02 Gb Free Space | 66.92% Space Free | Partition Type: NTFS
Drive D: | 11.69 Gb Total Space | 2.02 Gb Free Space | 17.30% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MIKESHPLAPTOP
Current User Name: Bruce Malwitz
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service
"2:TCP" = 2:TCP:*:Enabled:1394
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"E:\setup\hpznui01.exe" = E:\setup\hpznui01.exe:*:Enabled:hpznui01.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (TODO: <Company name>)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus -- (Vuze Inc.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"c:\TorrentPrivacy\SSHTunel.exe" = c:\TorrentPrivacy\SSHTunel.exe:*:Enabled:SSHTunel -- ($h@d0W's Software)
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\V CAST Music with Rhapsody\rhapsody.exe" = C:\Program Files\V CAST Music with Rhapsody\rhapsody.exe:*:Enabled:Rhapsody Media Player -- (RealNetworks, Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"E:\setup\hpznui01.exe" = E:\setup\hpznui01.exe:*:Enabled:hpznui01.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\Intuit\QuickBooks 2009\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2009\QBDBMgrN.exe:*:Enabled:QuickBooks 2009 Data Manager -- (Intuit, Inc.)
"C:\Program Files\ACT\Act for Windows\ActSage.exe" = C:\Program Files\ACT\Act for Windows\ActSage.exe:*:Enabled:ACT! by Sage -- (Sage Software, Inc.)
"E:\SmartSwipeInstallation.exe" = E:\SmartSwipeInstallation.exe:*:Enabled:SmartSwipeInstallation -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (TODO: <Company name>)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe" = C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Network Magic Service -- (Pure Networks, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0.0 (r181)
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{102CBC47-7FDE-4E6C-8A3A-67B79833FAC8}" = BPDSoftware_Ini
"{11B2F891-91C8-47ce-945A-A91003EA27FB}" = BPDSoftware
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy
"{15F4085A-BC98-4590-AFFD-03BBBE49524E}" = Garmin Communicator Plugin
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{18AB082B-6584-4F74-8ABC-D5935CF46E4C}" = 8500A909_eDocs
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy
"{1E2F8AE3-3437-44E6-BB75-E95751D6B83F}" = Picture Package
"{1FCC574F-AFA2-4432-9EF1-79CA7BA73431}_is1" = Webroot AntiVirus with Spy Sweeper
"{20B30DC1-E423-4939-B51D-05C58B0F9BBB}" = HP Photosmart All-In-One Driver Software 10.0 Rel .2
"{25771101-7948-4591-ABF3-B1ECE7A7F45F}" = HP Update
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 17
"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch
"{2A4D5994-8882-4539-B305-3038A58AAA3F}" = VZAccess Manager
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (ACT7)
"{2BC80BB6-6A2C-4B9A-B547-F58C5D250A5D}" = RadioShack USB to Serial Driver
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour
"{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext
"{396CE0B5-DC06-46D2-A870-47798143AE85}" = ACT! by Sage Premium 2009 (11.0)
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core
"{432A850B-3558-4BFF-B1F9-30626835B523}" = BPD_DSWizards
"{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
"{461073BF-9642-4A73-B58E-157358D412AB}" = 6200
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5F638781-7754-411F-974C-F20F27292E24}" = VideoCam Suite
"{624E7452-BA43-4f55-B9D5-FC75EEA0808B}" = Officejet Pro 8500 A909 Series
"{628C2C7D-8AD1-E614-E8E2-6EEAD8D5F2D0}" = Acrobat.com
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
"{6518675B-CC8D-4AB3-A3F6-CC02FF6548D7}" = 6200_Help
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = ASUSDVD
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71DFAA65-77FA-41F3-A748-013B5A8524A3}" = Garmin City Navigator North America NT 2010.30
"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
"{808FAA20-4C3A-11D4-8A57-00201853C903}" = PC-Linq
"{8180DC57-B9CC-4C0C-8334-B357B67BCF6B}" = Movavi Video Converter 8
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CE08C3C-8FF4-45D9-925E-4F3CE2D7FA7D}" = Adobe Setup
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9603DE6D-4567-4b78-B941-849322373DE2}" = SolutionCenter
"{9A2F0810-3624-4E86-9072-973FBE1679C5}" = QuickBooks Premier Edition 2009
"{9A2F0810-369F-4E86-9072-973FBE1679C5}" = QuickBooks
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{9D1B99B7-DAD8-440d-B4FB-1915332FBCC2}" = HPProductAssistant
"{9EDF1A5D-D8E0-413E-9782-75DD4A8C831B}" = VideoCam Suite 1.0
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{a1f89c34-f061-447d-ac10-b5f1896a5923}" = C4380_Help
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config
"{A83C6C34-3007-422A-9E56-A74996BCCDBD}" = LogMeIn
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AD6D87CA-383F-47CE-AC6E-78DCD0D1AF1D}" = Simple Calendar
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29051F5-5D7D-443e-ABE9-7CBB29EAC200}" = C4380
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B495547C-01F8-4836-A2E6-749B5F3EA691}" = 8500A909_Help
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{b9be267c-e096-4cce-a4fd-f24eec004938}" = PS_AIO_02_ProductContext
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C29C1940-CB85-4F3B-906C-33FEE0E67103}" = DocMgr
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C3F81504-72F3-4262-9449-487404DA75BB}" = 6200Trb
"{c4549405-195f-4450-8865-6be9dc5ad136}" = PS_AIO_02_Software_Min
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CA83357B-931E-44DC-AD43-9996FEEB8116}" = Acronis True Image
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{cd0b9359-b716-4fd0-8e0a-09b3e312e8a4}" = PS_AIO_02_Software
"{CD0DC280-2489-4464-A2FC-16104676394A}" = WD SmartWare
"{CD8C5C7F-7C58-4F85-8977-A6C08C087912}" = MPM
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D5773BFA-5967-4A1C-AD0F-FFFD0D13FC36}" = Network Magic
"{D5DEF057-D3BC-499f-99EE-884ED429B6D1}" = 8500A909g
"{DA8BF070-1358-4a30-A68F-21E0E9421AEF}" = ProductContext
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E80F9F48-86F8-447D-8CDC-A98B1870C1D4}" = Taskix 2.1
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F648FD09-7CEA-4257-BC68-A8389189FD51}" = GPBaseService2
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{F8C6BABF-0837-4EA0-AD6C-8E5A392A7538}" = ImageMixer VCD2
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"63EE44B183E6F9261BBEDC6E0DD479A3ED939932" = Windows Driver Package - Pure Networks, Inc. Network Magic Device Discovery Driver (03/23/2007 4.1.7082.0)
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Illustrator 9.0" = Adobe Illustrator 9.0
"Adobe_2a31ae7a5c43ff52d8577782dd34e04" = Adobe Illustrator CS4
"BEFD16F14D4EBCB5CDB94F8C748ECA76860D7D88" = Windows Driver Package - Pure Networks, Inc. Network Magic Wireless Driver (03/23/2007 4.1.7082.0)
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Google Calendar Sync" = Google Calendar Sync
"Google Desktop" = Google Desktop
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Photo & Imaging" = HP Image Zone 4.7
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 12.0
"HPOCR" = OCR Software by I.R.I.S. 12.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{396CE0B5-DC06-46D2-A870-47798143AE85}" = ACT! by Sage Premium 2009 (11.0)
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.5.1 (Full)
"LimeWire" = LimeWire 4.18.8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MoffCalc2_is1" = Moffsoft Calculator 2
"MoffFreeCalc_is1" = Moffsoft FreeCalc
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OmniFormat" = OmniFormat
"PhotoScape" = PhotoScape
"PowerISO" = PowerISO
"Sandboxie" = Sandboxie 3.42
"SMSERIAL" = Motorola SM56 Data Fax Modem
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"V CAST Music with Rhapsody" = V CAST Music with Rhapsody
"Vuze" = Vuze
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/11/2010 3:19:51 PM | Computer Name = MIKESHPLAPTOP | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Premier Edition 2009":
DB
error -308 ErrorMessage:'Connection was terminated' from file:'.\.\src\sadbsess.cpp'
at line 8464 from function:'SADBSession::MapConnectionUi

Error - 2/11/2010 3:20:23 PM | Computer Name = MIKESHPLAPTOP | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 2/11/2010 3:20:23 PM | Computer Name = MIKESHPLAPTOP | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 2/11/2010 3:20:23 PM | Computer Name = MIKESHPLAPTOP | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 2/11/2010 3:20:23 PM | Computer Name = MIKESHPLAPTOP | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 2/11/2010 3:20:28 PM | Computer Name = MIKESHPLAPTOP | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Got unexpected error
5 in call to NetShareGetInfo for path \\Cindyhplaptop\intuit\QuickBooks\Company
Files\SuperMarket Energy Solutions, Inc.Q

Error - 2/11/2010 3:20:38 PM | Computer Name = MIKESHPLAPTOP | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Premier Edition 2009":
Got
unexpected error 5 in call to NetShareGetInfo for path \\Cindyhplaptop\intuit\QuickBooks\Company
Files\SuperMarket Energy Solutions, Inc.Q

Error - 2/11/2010 3:20:41 PM | Computer Name = MIKESHPLAPTOP | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Premier Edition 2009":
COM
Error while pinging GD

Error - 2/11/2010 3:20:42 PM | Computer Name = MIKESHPLAPTOP | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Premier Edition 2009":
COM
Error while pinging GD

Error - 2/11/2010 3:20:46 PM | Computer Name = MIKESHPLAPTOP | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Premier Edition 2009":
An
attempt to LogOff without a logo

[ System Events ]
Error - 2/10/2010 6:38:15 PM | Computer Name = MIKESHPLAPTOP | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 2/10/2010 6:38:15 PM | Computer Name = MIKESHPLAPTOP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SCDEmu Tcpip

Error - 2/10/2010 9:58:39 PM | Computer Name = MIKESHPLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 2/10/2010 10:28:41 PM | Computer Name = MIKESHPLAPTOP | Source = SbieDrv | ID = 16843861
Description = SBIE1109 Invalid license information: [00000000 / 77]

Error - 2/10/2010 10:28:55 PM | Computer Name = MIKESHPLAPTOP | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 2/10/2010 10:29:14 PM | Computer Name = MIKESHPLAPTOP | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.3 for the Network Card with network
address 001F3BA4BA15 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 2/10/2010 11:04:49 PM | Computer Name = MIKESHPLAPTOP | Source = ssidrv | ID = 131098
Description = Failed to set monitor event rule.

Error - 2/11/2010 10:51:54 AM | Computer Name = MIKESHPLAPTOP | Source = SbieDrv | ID = 16843861
Description = SBIE1109 Invalid license information: [00000000 / 77]

Error - 2/11/2010 10:52:37 AM | Computer Name = MIKESHPLAPTOP | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 2/11/2010 11:18:07 AM | Computer Name = MIKESHPLAPTOP | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.102 for the Network Card with network
address 001F3BA4BA15 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

[ TuneUp Events ]
Error - 2/9/2010 9:39:09 PM | Computer Name = MIKESHPLAPTOP | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-02-09 19:39:09', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','3728',0)

Error - 2/9/2010 9:39:19 PM | Computer Name = MIKESHPLAPTOP | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-02-09 19:39:19', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','5800',0)

Error - 2/9/2010 9:50:50 PM | Computer Name = MIKESHPLAPTOP | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-02-09 19:50:50', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbamgui.exe','3124',0)

Error - 2/9/2010 9:51:10 PM | Computer Name = MIKESHPLAPTOP | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-02-09 19:51:10', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','2836',0)

Error - 2/9/2010 9:56:54 PM | Computer Name = MIKESHPLAPTOP | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-02-09 19:56:54', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','5636',0)

Error - 2/9/2010 11:13:09 PM | Computer Name = MIKESHPLAPTOP | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-02-09 21:13:09', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','3780',0)


< End of report >



OTL logfile created on: 2/11/2010 2:24:23 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Bruce Malwitz\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free
5.00 Gb Paging File | 3.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 221.19 Gb Total Space | 148.02 Gb Free Space | 66.92% Space Free | Partition Type: NTFS
Drive D: | 11.69 Gb Total Space | 2.02 Gb Free Space | 17.30% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MIKESHPLAPTOP
Current User Name: Bruce Malwitz
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/11 14:23:13 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bruce Malwitz\Desktop\OTL.exe
PRC - [2010/01/07 11:12:34 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
PRC - [2010/01/04 11:38:51 | 000,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2009/12/22 11:41:29 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/12/13 07:33:55 | 000,604,488 | ---- | M] (TuneUp Software) -- C:\WINDOWS\system32\TUProgSt.exe
PRC - [2009/12/10 22:37:44 | 000,984,352 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2009/12/10 22:36:58 | 001,135,904 | ---- | M] (Intuit Inc.) -- C:\Program Files\Intuit\QuickBooks 2009\QBW32.EXE
PRC - [2009/12/10 22:36:58 | 000,103,712 | ---- | M] (Intuit) -- C:\Program Files\Intuit\QuickBooks 2009\QuickBooksMessaging.exe
PRC - [2009/12/10 21:18:26 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2009/12/01 07:55:10 | 000,389,120 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieCtrl.exe
PRC - [2009/12/01 07:55:10 | 000,066,560 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2009/11/06 15:19:58 | 006,515,784 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
PRC - [2009/11/06 12:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
PRC - [2009/11/06 12:00:22 | 000,165,232 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\Spy Sweeper\SSU.exe
PRC - [2009/11/03 21:27:04 | 000,072,192 | ---- | M] (Robust IT) -- C:\Program Files\Robust IT\Taskix\Taskix32.exe
PRC - [2009/10/14 14:32:46 | 009,085,760 | ---- | M] (Western Digital) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
PRC - [2009/10/14 14:32:46 | 002,049,344 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2009/10/14 14:31:02 | 000,098,304 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2009/09/28 19:34:20 | 000,116,032 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2009/09/28 19:34:14 | 000,378,176 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe
PRC - [2009/09/28 02:02:44 | 001,524,824 | ---- | M] (PeerBlock, LLC) -- C:\Program Files\PeerBlock\peerblock.exe
PRC - [2009/08/05 10:37:58 | 012,313,432 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
PRC - [2009/06/22 21:23:38 | 000,196,424 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
PRC - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
PRC - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2009/05/19 07:04:59 | 000,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2009/03/20 04:34:54 | 000,705,824 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\axlbridge.exe
PRC - [2009/02/24 11:09:14 | 000,393,216 | ---- | M] (Sage Software, Inc.) -- C:\Program Files\ACT\Act for Windows\ActSage.exe
PRC - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/11/24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008/10/24 08:14:36 | 000,206,112 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2008/10/16 19:11:26 | 000,569,344 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
PRC - [2008/10/16 19:11:26 | 000,184,320 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
PRC - [2008/10/16 18:23:30 | 000,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2008/10/16 18:15:38 | 000,344,064 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
PRC - [2008/10/02 10:23:16 | 000,546,288 | ---- | M] (Google) -- C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
PRC - [2008/06/11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/28 01:28:00 | 001,040,384 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2008/02/08 00:41:12 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/11/07 23:56:24 | 000,256,536 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe
PRC - [2007/09/12 10:20:58 | 000,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2007/06/15 11:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\system32\bgsvcgen.exe
PRC - [2007/03/14 15:42:48 | 000,321,088 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
PRC - [2007/03/14 15:42:48 | 000,321,088 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
PRC - [2005/11/28 14:02:54 | 000,172,032 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2005/07/15 15:48:33 | 000,479,232 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Gmail Notifier\gnotify.exe


========== Modules (SafeList) ==========

MOD - [2010/02/11 14:23:13 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bruce Malwitz\Desktop\OTL.exe
MOD - [2009/11/02 22:25:38 | 000,015,872 | ---- | M] (Robust IT) -- C:\Program Files\Robust IT\Taskix\Taskix32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/01/07 11:12:34 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe -- (WRConsumerService)
SRV - [2010/01/04 11:38:51 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2009/12/13 07:33:55 | 000,604,488 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2009/12/13 07:33:54 | 000,361,288 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009/12/10 21:18:26 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2009/12/01 07:55:10 | 000,066,560 | ---- | M] (tzuk) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2009/11/16 05:25:48 | 000,029,000 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2009/11/06 12:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2009/10/14 14:31:02 | 000,098,304 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/10/01 02:22:42 | 000,131,072 | ---- | M] (Intuit, Inc.) [Disabled | Stopped] -- C:\Program Files\Intuit\QuickBooks 2009\QBDBMgrN.exe -- (QuickBooksDB19)
SRV - [2009/09/28 19:34:20 | 000,116,032 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$ACT7) SQL Server (ACT7)
SRV - [2009/05/19 07:04:59 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/02/24 11:08:50 | 000,081,920 | ---- | M] (Sage Software, Inc.) [Auto | Stopped] -- C:\Program Files\ACT\Act for Windows\Act.Scheduler.exe -- (ACT! Scheduler)
SRV - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/11/24 22:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008/10/16 18:30:28 | 000,634,880 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL -- (HPSLPSVC)
SRV - [2008/10/16 18:24:24 | 000,135,168 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2008/10/16 18:23:30 | 000,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2008/08/08 21:10:46 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/07/18 12:13:20 | 000,053,760 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2008/07/18 12:13:20 | 000,044,032 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2008/05/01 16:25:56 | 000,165,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex)
SRV - [2008/04/03 11:33:26 | 000,193,840 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe -- (Com4QLBEx)
SRV - [2008/02/08 00:41:12 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/09/12 10:20:58 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2007/06/15 11:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\WINDOWS\System32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2007/03/14 15:42:48 | 000,321,088 | ---- | M] (Pure Networks, Inc.) [Auto | Running] -- C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe -- (nmservice)
SRV - [2007/03/14 15:42:22 | 000,012,800 | ---- | M] (Pure Networks, Inc.) [On_Demand | Stopped] -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -- (nmraapache)
SRV - [2005/11/28 14:02:54 | 000,172,032 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2004/10/22 02:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/07/28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2009/12/14 10:39:12 | 000,073,312 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\adfs.sys -- (adfs)
DRV - [2009/12/01 07:55:10 | 000,119,296 | ---- | M] (tzuk) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2009/11/06 12:00:36 | 000,176,752 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssidrv.sys -- (ssidrv)
DRV - [2009/11/06 12:00:36 | 000,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sshrmd.sys -- (sshrmd)
DRV - [2009/11/06 12:00:34 | 000,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc)
DRV - [2009/09/28 19:34:46 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2009/09/28 02:02:44 | 000,014,424 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV - [2009/07/26 20:43:18 | 000,058,908 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/03/20 19:03:36 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
DRV - [2009/02/13 12:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2009/01/09 16:18:02 | 000,027,136 | R--- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RimSerial.sys -- (RimVSerPort)
DRV - [2008/12/22 09:06:29 | 000,249,152 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2008/12/22 09:06:29 | 000,030,688 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2008/12/22 09:06:23 | 000,096,320 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2008/12/01 20:06:33 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2008/11/11 13:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/11/11 13:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/11/11 13:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008/08/11 12:40:58 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/08/11 12:40:58 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008/07/30 20:28:26 | 002,529,280 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2008/07/30 20:27:27 | 000,308,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008/06/26 06:15:34 | 003,630,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2008/04/13 10:39:15 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008/04/13 10:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/03/28 01:14:00 | 000,224,672 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/11/12 02:40:18 | 000,103,296 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/11/01 05:28:07 | 000,021,568 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2007/11/01 05:28:06 | 000,049,920 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412)
DRV - [2007/11/01 05:28:06 | 000,016,496 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2007/10/29 16:00:36 | 005,851,488 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/10/08 23:56:14 | 004,614,656 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/09/12 10:20:28 | 000,010,144 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lmimirr.sys -- (lmimirr)
DRV - [2007/09/05 12:03:00 | 000,049,664 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2007/08/08 19:42:08 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/07/30 10:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 09:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/11 10:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/06/18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/03/23 11:01:46 | 000,026,944 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2007/03/23 11:01:12 | 000,025,792 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2007/01/16 21:38:52 | 000,983,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2006/02/20 18:17:40 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdrbsdrv.sys -- (cdrbsdrv)
DRV - [2004/08/04 06:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/04 06:00:00 | 000,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV - [2001/08/17 12:53:32 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\serscan.sys -- (StillCam)
DRV - [2001/01/07 19:53:24 | 000,015,576 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbbc.sys -- (Wdm1)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-138996544-1450093729-1940014698-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-138996544-1450093729-1940014698-1003\S-1-5-21-138996544-1450093729-1940014698-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-138996544-1450093729-1940014698-1003\S-1-5-21-138996544-1450093729-1940014698-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.53
FF - prefs.js..extensions.enabledItems: bettergmail2@ginatrapani.org:0.9.8
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.11.6
FF - prefs.js..extensions.enabledItems: beysim@beysim.net:1.7
FF - prefs.js..extensions.enabledItems: {a0faa0a4-f1a7-4098-9a74-21efc3a92372}:3.6.1
FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.3.2
FF - prefs.js..extensions.enabledItems: firegestures@xuldev.org:1.5.6
FF - prefs.js..extensions.enabledItems: {3CE993BF-A3D9-4fd2-B3B6-768CBBC337F8}:0.9.6
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.8.1.0
FF - prefs.js..extensions.enabledItems: {B9C8BE50-7105-4ec6-8FB4-4935C0671648}:0.5.995
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.60
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.496
FF - prefs.js..extensions.enabledItems: {05f6a7ea-896b-11da-8bde-f66bad1e3f3a}:0.3.1
FF - prefs.js..extensions.enabledItems: {96118df2-0d02-4dbc-9ad5-98995dc7d977}:0.2.7
FF - prefs.js..extensions.enabledItems: nosquint@urandom.ca:2.0.3
FF - prefs.js..extensions.enabledItems: {19EB90DC-A456-458b-8AAC-616D91AAFCE1}:0.7
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:4.0
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.2
FF - prefs.js..extensions.enabledItems: {04CA07AB-7FC3-4110-A83F-EF1E6B75D5B0}:4.0.2
FF - prefs.js..extensions.enabledItems: {d596c130-b00a-11db-abbd-0800200c9a66}:2.080708
FF - prefs.js..extensions.enabledItems: {c1dffba0-628e-11d9-9669-0800200c9a66}:3.5.0


FF - HKLM\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/06 11:28:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/07 09:27:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/06 11:00:05 | 000,000,000 | ---D | M]

[2010/01/06 11:00:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce Malwitz\Application Data\Mozilla\Extensions
[2009/03/03 22:14:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce Malwitz\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/02/10 21:02:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce Malwitz\Application Data\Mozilla\Firefox\Profiles\yqfyi4s5.Default User2\extensions
[2010/01/07 09:43:26 | 000,000,000 | ---D | M] (Toolbar Buttons) -- C:\Documents and Settings\Bruce Malwitz\Application Data\Mozilla\Firefox\Profiles\yqfyi4s5.Default User2\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}(2)
[2010/01/07 09:43:36 | 000,000,000 | ---D | M] (Azerty III) -- C:\Documents and Settings\Bruce Malwitz\Application Data\Mozilla\Firefox\Profiles\yqfyi4s5.Default User2\extensions\{04CA07AB-7FC3-4110-A83F-EF1E6B75D5B0}
[2010/01/07 09:43:35 | 000,000,000 | ---D | M] (Map This) -- C:\Documents and Settings\Bruce Malwitz\Application Data\Mozilla\Firefox\Profiles\yqfyi4s5.Default User2\extensions\{05f6a7ea-896b-11da-8bde-f66bad1e3f3a}
[2010/01/07 09:43:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bruce Malwitz\Application Data\Mozilla\Firefox\Profiles\yqfyi4s5.Default User2\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/01/15 12:01:34 | 000,000,000 | ---D | M] (Print/Print Preview) -- C:\Documents and Settings\Bruce Malwitz\Application Data\Mozilla\Firefox\Profiles\yqfyi4s5.Default User2\extensions\{19EB90DC-A456-458b-8AAC-616D91AAFCE1}
[2010/01/07 09:43:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bruce Malwitz\Application Data\Mozilla\Firefox\Profiles\yqfyi4s5.Default User2\extensions\{1AF3FC34-0725-4485-A939-6B40EB7CA96A}
[2010/01/07 09:43:33 | 000,000,000 | ---D | M] (Metal Lion - Vista) -- C:\Documents and Settings\Bruce Malwitz\Application Data\Mozilla\Firefox\Profiles\yqfyi4s5.Default User2\extensions\{1AF3FC34-0725-4485-A939-6B40EB7CA96A}(2)
[2010/01/07 09:43:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Bruce Malwitz\Application Data\Mozilla\Firefox\Profiles\yqfyi4s5.Default User2\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/07 10:38:42 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Bruce Malwitz\Application Data\Mozilla\Firefox\Profiles\yqfyi4s5.Default User2\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/01/07 09:43:21 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Bruce Malwitz\Application Data\Mozilla\Firefox\Profiles\yqfyi4s5.Default User2\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}(2)
[2010/01/07 09:43:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bruce Malwitz\Application Data\Mozilla\Firefox\Profiles\yqfyi4s5.Default User2\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}(2)
[2010/01/07 09:43:18 | 000,000,000 | ---D | M] (ISNO) -- C:\Documents and Settings\Bruce Malwitz\Application Data\Mozilla\Firefox\Profiles\yqfyi4s5.Default User2\extensions\{3c55e0f7-8e2e-34da-9d4d-ddc05a337201}(2)
[2010/01/07 09:43:36 | 000,000,000 | ---D | M] (Forecastbar Enhanced) -- C:\Documents and Settings\Bruce Malwitz\Application Data\Mozilla\Firefox\Profiles\yqfyi4s5.Default User2\extensions\{3CE993BF-A3D9-4fd2-B3B6-768CBBC337F8}
[2010/01/07 09:43:31 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Documents and Settings\Bruce Malwitz\Application Data\Mozilla\Firefox\Profiles\yqfyi4s5.Default User2\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}(2)
[2010/01/07 09:43:32 | 000,000,000 | ---D | M] (Acid Burn) -- C:\Documents and Settings\Bruce Malwitz\Application Data\Mozilla\Firefox\Profiles\yqfyi4s5.Default User2\extensions\{47d1d620-5e5b-11da-8cd6-0800200c9a66}
[2010/01/07 09:43:34 | 000,000,000 | ---D | M] (FEBE) -- C:\Documents and Settings\Bruce Malwitz\Application Data\Mozilla\Firefox\Profiles\yqfyi4s5.Default User2\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2010/01/07 09:43:30 | 000,000,000 | ---D | M] (OldFactory Black) -- C:\Documents and Settings\Bruce Malwitz\Application Data\Mozilla\Firefox\Profiles\yqfyi4s5.Default User2\extensions\{69D30031-F4A8-452a-A5B3-5D6787C3C5CF}(2)
[2010/01/07 09:43:31 | 000,000,000 | ---D | M] (Master Password Timeout) -- C:\Documents and Settings\Bruce Malwitz\Application Data\Mozilla\Firefox\Profiles\yqfyi4s5.Default User2\extensions\{96118df2-0d02-4dbc-9ad5-98995dc7d977}
[2010/01/07 09:43:35 | 000,000,000 | ---D | M] (DictionarySearch) -- C:\Documents and Settings\Bruce Malwitz\Application Data\Mozilla\Firefox\Profiles\yqfyi4s5.Default User2\extensions\{a0faa0a4-f1a7-4098-9a74-21efc3a92372}
[2010/01/07 09:43:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bruce Malwitz\Application Data\Mozilla\Firefox\Profiles\yqfyi4s5.Default User2\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}(2)
[2010/02/10 21:02:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bruce Malwitz\Application Data\Mozilla\Firefox\Profiles\yqfyi4s5.Default User2\extensions\{B9C8BE50-7105-4ec6-8FB4-4935C0671648}
[2010/01/07 09:43:33 | 000,000,000 | ---D | M] (Fusion Alternative) -- C:\Documents and Settings\Bruce Malwitz\Application Data\Mozilla\Firefox\Profiles\yqfyi4s5.Default User2\extensions\{bbb445a0-09e7-11da-a0cd-000d0b3aeb26}(2)
[2010/01/07 09:43:32 | 000,000,000 | ---D | M] (PitchDark) -- C:\Documents and Settings\Bruce Malwitz\Application Data\Mozilla\Firefox\Profiles\yqfyi4s5.Default User2\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}
[2010/01/07 10:29:04 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Bruce Malwitz\Application Data\Mozilla\Firefox\Profiles\yqfyi4s5.Default User2\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/01/07 09:43:31 | 000,000,000 | ---D | M] (Miint) -- C:\Documents and Settings\Bruce Malwitz\Application Data\Mozilla\Firefox\Profiles\yqfyi4s5.Default User2\extensions\{d596c130-b00a-11db-abbd-0800200c9a66}
[2010/01/07 09:43:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bruce Malwitz\Application Data\Mozilla\Firefox\Profiles\yqfyi4s5.Default User2\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010/01/07 09:43:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bruce Malwitz\Application Data\Mozilla\Firefox\Profiles\yqfyi4s5.Default User2\extensions\{dc572301-7619-498c-a57d-39143191b318}(2)
[2010/01/07 09:43:33 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Bruce Malwitz\Application Data\Mozilla\Firefox\Profiles\yqfyi4s5.Default User2\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/01/07 09:43:32 | 000,000,000 | ---D | M] (SearchPreview) -- C:\Documents and Settings\Bruce Malwitz\Application Data\Mozilla\Firefox\Profiles\yqfyi4s5.Default User2\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
[2010/01/07 09:43:33 | 000,000,000 | ---D | M] (GooglePreview) -- C:\Documents and Settings\Bruce Malwitz\Application Data\Mozilla\Firefox\Profiles\yqfyi4s5.Default User2\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}(2)
[2010/01/07 09:43:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce Malwitz\Application Data\Mozilla\Firefox\Profiles\yqfyi4s5.Default User2\extensions\bettergmail2@ginatrapani.org
[2010/01/27 14:56:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce Malwitz\Application Data\Mozilla\Firefox\Profiles\yqfyi4s5.Default User2\extensions\beysim@beysim.net
[2010/01/28 09:21:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce Malwitz\Application Data\Mozilla\Firefox\Profiles\yqfyi4s5.Default User2\extensions\firegestures@xuldev.org
[2010/02/05 09:20:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce Malwitz\Application Data\Mozilla\Firefox\Profiles\yqfyi4s5.Default User2\extensions\LogMeInClient@logmein.com
[2010/01/18 09:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce Malwitz\Application Data\Mozilla\Firefox\Profiles\yqfyi4s5.Default User2\extensions\nosquint@urandom.ca
[2010/01/07 10:29:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce Malwitz\Application Data\Mozilla\Firefox\Profiles\yqfyi4s5.Default User2\extensions\piclens@cooliris.com
[2010/01/07 09:43:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce Malwitz\Application Data\Mozilla\Firefox\Profiles\yqfyi4s5.Default User2\extensions\speedtest@gotomyhelp(2).com
[2010/01/07 09:43:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce Malwitz\Application Data\Mozilla\Firefox\Profiles\yqfyi4s5.Default User2\extensions\unplug@compunach(2)
[2010/02/10 20:41:41 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/07 09:57:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/12/15 08:54:56 | 000,027,976 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcdec.dll
[2009/12/15 08:54:56 | 000,125,848 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcext.dll
[2009/12/15 08:55:24 | 000,046,408 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\atmccli.dll
[2009/12/15 08:55:34 | 000,098,712 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\ieatgpc.dll
[2009/12/15 08:54:54 | 000,060,824 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
[2005/12/05 21:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2009/09/24 11:09:00 | 003,858,432 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npRACtrl.dll
[2009/05/14 14:29:00 | 000,008,520 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ractrlkeyhook.dll

O1 HOSTS File: ([2010/01/21 12:42:16 | 000,373,941 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 192.150.18.108
O1 - Hosts: 127.0.0.1 194.224.66.48
O1 - Hosts: 127.0.0.1 192.150.22.40
O1 - Hosts: 127.0.0.1 192.150.14.69
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 12888 more lines...
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-138996544-1450093729-1940014698-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKU\S-1-5-21-138996544-1450093729-1940014698-1003..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKU\S-1-5-21-138996544-1450093729-1940014698-1003..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
O4 - HKU\S-1-5-21-138996544-1450093729-1940014698-1003..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (tzuk)
O4 - HKU\S-1-5-21-138996544-1450093729-1940014698-1003..\Run: [Taskix] C:\Program Files\Robust IT\Taskix\Taskix32.exe (Robust IT)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Gmail Notifier.lnk = C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Desktop.lnk = C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Network Magic.lnk = C:\WINDOWS\Installer\{7AC0886A-CE48-4EB6-9CC3-4C56D427F2E1}\NmApp.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SynTPStart.lnk = C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-138996544-1450093729-1940014698-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-138996544-1450093729-1940014698-1003\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-138996544-1450093729-1940014698-1003\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-138996544-1450093729-1940014698-1003\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1228159346484 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1228159778328 (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.163.158,93.188.166.88
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp3.dll (Pure Networks, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (C:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe) - C:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Bruce Malwitz\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Bruce Malwitz\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O30 - LSA: Authentication Packages - (ntrolSet\Contr) - File not found
O30 - LSA: Security Packages - (625) - File not found
O30 - LSA: Security Packages - (QBPOSSDKRuntime\ecurity Pac) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/01 11:12:39 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 09:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{aada72e0-e7ea-11de-8592-001e687c1796}\Shell - "" = AutoRun
O33 - MountPoints2\{aada72e0-e7ea-11de-8592-001e687c1796}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{aada72e0-e7ea-11de-8592-001e687c1796}\Shell\AutoRun\command - "" = F:\WD SmartWare.exe -- File not found
O33 - MountPoints2\{aada72e6-e7ea-11de-8592-001e687c1796}\Shell - "" = AutoRun
O33 - MountPoints2\{aada72e6-e7ea-11de-8592-001e687c1796}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/12/01 12:18:58 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891891626803200)

========== Files/Folders - Created Within 30 Days ==========

[2010/02/11 14:23:12 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bruce Malwitz\Desktop\OTL.exe
[2010/02/10 16:24:47 | 000,000,000 | ---D | C] -- C:\ServiceTest
[2010/02/09 19:39:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce Malwitz\Application Data\Malwarebytes
[2010/02/09 19:38:58 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/09 19:38:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/02/09 19:38:56 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/09 19:38:56 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/09 19:13:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2010/02/09 16:28:58 | 000,000,000 | ---D | C] -- C:\Program Files\Moffsoft Calculator 2
[2010/02/09 16:13:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce Malwitz\Local Settings\Application Data\SFR
[2010/02/09 16:12:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce Malwitz\Application Data\Downloaded Installations
[2010/02/09 09:57:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce Malwitz\My Documents\My Albums
[2010/02/04 11:28:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce Malwitz\My Documents\FedEx
[2010/02/04 10:36:04 | 000,000,000 | ---D | C] -- C:\temp_pyx
[2010/02/04 10:36:04 | 000,000,000 | ---D | C] -- C:\paychex
[2010/02/03 22:46:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce Malwitz\Local Settings\Application Data\Help
[2010/02/03 21:14:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/02/03 12:34:37 | 000,000,000 | ---D | C] -- C:\Program Files\PeerBlock
[2010/02/02 10:16:57 | 000,000,000 | ---D | C] -- C:\Program Files\Moffsoft FreeCalc
[2010/01/28 16:42:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce Malwitz\Application Data\Leadertech
[2010/01/28 16:42:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LogiShrd
[2010/01/28 16:40:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logishrd
[2010/01/28 14:41:23 | 004,194,304 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\WINDOWS\System32\cdintf400.dll
[2010/01/26 11:01:45 | 000,025,792 | ---- | C] (Pure Networks, Inc.) -- C:\WINDOWS\System32\drivers\pnarp.sys
[2010/01/26 11:01:39 | 000,026,944 | ---- | C] (Pure Networks, Inc.) -- C:\WINDOWS\System32\drivers\purendis.sys
[2010/01/26 11:01:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Pure Networks Shared
[2010/01/26 11:00:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Pure Networks
[2010/01/22 12:54:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/01/21 12:29:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/01/21 11:53:31 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Bruce Malwitz\Recent
[2010/01/21 11:42:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce Malwitz\My Documents\SES
[2010/01/18 09:15:32 | 000,024,832 | ---- | C] (LG Electronics Inc.) -- C:\WINDOWS\System32\drivers\lgusbmodem.sys
[2010/01/18 09:15:32 | 000,019,968 | ---- | C] (LG Electronics Inc.) -- C:\WINDOWS\System32\drivers\lgusbdiag.sys
[2010/01/18 09:15:32 | 000,013,056 | ---- | C] (LG Electronics Inc.) -- C:\WINDOWS\System32\drivers\lgusbbus.sys
[2010/01/18 09:15:31 | 000,000,000 | ---D | C] -- C:\Program Files\LG Electronics
[2010/01/03 15:32:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ICS
[2009/12/20 22:47:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ServiceTest
[2009/12/20 20:20:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ServiceTest
[2009/08/17 22:28:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Intuit
[2009/08/11 08:36:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/08/09 07:25:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/07/30 22:31:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/07/30 15:28:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[2009/06/08 21:30:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/12/14 14:14:07 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Bruce Malwitz\Application Data\pcouffin.sys
[2008/12/10 11:20:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\HP
[2008/12/06 08:35:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/12/01 12:19:14 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/12/01 12:19:14 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/11 14:24:40 | 009,961,472 | ---- | M] () -- C:\Documents and Settings\Bruce Malwitz\ntuser.dat
[2010/02/11 14:23:13 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bruce Malwitz\Desktop\OTL.exe
[2010/02/11 14:00:00 | 000,000,502 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2010/02/11 13:32:04 | 000,002,036 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2010/02/11 12:21:43 | 000,000,952 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/02/11 08:53:05 | 000,013,696 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/11 08:51:41 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/02/11 08:51:38 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/11 08:51:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/11 08:51:29 | 3211,186,176 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/10 21:04:54 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Bruce Malwitz\ntuser.ini
[2010/02/10 20:57:30 | 000,054,272 | ---- | M] () -- C:\Documents and Settings\Bruce Malwitz\Desktop\Forum post.doc
[2010/02/09 21:57:04 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\Bruce Malwitz\Desktop\dds.scr
[2010/02/09 21:53:40 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Bruce Malwitz\defogger_reenable
[2010/02/09 19:39:01 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/09 19:02:25 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\Bruce Malwitz\Desktop\Book1.xls
[2010/02/09 16:28:59 | 000,000,778 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Moffsoft Calculator 2.lnk
[2010/02/09 15:46:04 | 000,000,669 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/09 01:00:00 | 000,001,644 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper_L20105115CACB49CB994BDC9F1007A263.job
[2010/02/08 22:30:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/02/08 09:51:36 | 000,000,058 | ---- | M] () -- C:\WINDOWS\sview.ini
[2010/02/05 14:45:06 | 000,490,864 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/02/05 14:45:06 | 000,089,530 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/02/05 14:45:05 | 000,588,508 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/02/05 14:41:07 | 000,049,664 | ---- | M] () -- C:\Documents and Settings\Bruce Malwitz\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/05 14:40:46 | 002,088,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/05 14:25:01 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/02/05 14:23:24 | 000,000,018 | ---- | M] () -- C:\WINDOWS\System32\MAPISVC.INF
[2010/02/04 17:44:19 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\Bruce Malwitz\Desktop\klein visa 011310.xls
[2010/02/04 13:10:04 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\Bruce Malwitz\Desktop\Payroll.xls
[2010/02/04 12:04:45 | 000,000,089 | ---- | M] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2010/02/04 12:03:29 | 000,002,109 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
[2010/02/03 17:16:59 | 000,069,632 | ---- | M] () -- C:\Documents and Settings\Bruce Malwitz\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/03 16:05:42 | 000,034,816 | ---- | M] () -- C:\Documents and Settings\Bruce Malwitz\Desktop\Dimation recon.xls
[2010/02/03 10:57:56 | 000,000,554 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SES.lnk
[2010/02/01 18:26:27 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\Bruce Malwitz\Desktop\8%.xls
[2010/01/26 10:31:02 | 000,002,409 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Network Magic.lnk
[2010/01/25 16:13:08 | 003,173,102 | -H-- | M] () -- C:\Documents and Settings\Bruce Malwitz\Local Settings\Application Data\IconCache.db
[2010/01/22 09:54:30 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/21 12:42:16 | 000,373,941 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2010/01/21 12:10:27 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SynTPStart.lnk
[2010/01/21 12:05:59 | 000,000,955 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Desktop.lnk
[2010/01/21 12:05:53 | 000,000,822 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Gmail Notifier.lnk
[2010/01/20 05:17:33 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Bruce Malwitz\Local Settings\Application Data\housecall.guid.cache
[2010/01/19 16:51:41 | 000,001,598 | ---- | M] () -- C:\Documents and Settings\Bruce Malwitz\Desktop\System Restore.lnk
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/10 20:28:17 | 3211,186,176 | -HS- | C] () -- C:\hiberfil.sys
[2010/02/09 22:40:00 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Bruce Malwitz\Desktop\gmer.exe
[2010/02/09 21:57:03 | 000,524,288 | ---- | C] () -- C:\Documents and Settings\Bruce Malwitz\Desktop\dds.scr
[2010/02/09 21:56:00 | 000,054,272 | ---- | C] () -- C:\Documents and Settings\Bruce Malwitz\Desktop\Forum post.doc
[2010/02/09 21:53:40 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Bruce Malwitz\defogger_reenable
[2010/02/09 19:39:01 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/09 19:02:25 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\Bruce Malwitz\Desktop\Book1.xls
[2010/02/09 16:28:59 | 000,000,778 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Moffsoft Calculator 2.lnk
[2010/02/09 16:10:13 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Bruce Malwitz\Application Data\cccalc.txt
[2010/02/04 13:10:04 | 000,014,336 | ---- | C] () -- C:\Documents and Settings\Bruce Malwitz\Desktop\Payroll.xls
[2010/02/04 10:36:16 | 000,000,058 | ---- | C] () -- C:\WINDOWS\sview.ini
[2010/02/03 17:33:52 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\Bruce Malwitz\Desktop\klein visa 011310.xls
[2010/02/03 14:05:06 | 000,034,816 | ---- | C] () -- C:\Documents and Settings\Bruce Malwitz\Desktop\Dimation recon.xls
[2010/02/03 10:57:56 | 000,000,554 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SES.lnk
[2010/02/01 18:26:27 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\Bruce Malwitz\Desktop\8%.xls
[2010/01/22 09:54:29 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/01/22 09:53:24 | 000,002,409 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Network Magic.lnk
[2010/01/21 12:10:27 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SynTPStart.lnk
[2010/01/21 12:05:59 | 000,000,955 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Desktop.lnk
[2010/01/21 12:05:53 | 000,000,822 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Gmail Notifier.lnk
[2010/01/20 05:17:33 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Bruce Malwitz\Local Settings\Application Data\housecall.guid.cache
[2010/01/19 16:51:30 | 000,001,598 | ---- | C] () -- C:\Documents and Settings\Bruce Malwitz\Desktop\System Restore.lnk
[2010/01/19 12:01:35 | 000,002,109 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
[2010/01/12 10:44:53 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2010/01/08 15:15:46 | 000,037,750 | ---- | C] () -- C:\Documents and Settings\Bruce Malwitz\Application Data\Tab Separated Values (Windows).ADR
[2010/01/06 06:25:26 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\5A5D0207D8.sys
[2009/12/21 08:50:46 | 000,000,026 | ---- | C] () -- C:\WINDOWS\SmartSwipeInstallation.INI
[2009/12/20 08:28:25 | 000,002,036 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2009/12/15 06:01:26 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/12/15 06:01:23 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/12/15 06:01:15 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/12/15 06:01:15 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/12/15 06:01:09 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/12/15 06:01:08 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/12/14 13:33:09 | 000,000,952 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2009/12/14 13:33:09 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\FE14747759.sys
[2009/12/14 13:33:06 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Bruce Malwitz\Application Data\ActUpdate.log
[2009/11/06 12:00:28 | 000,031,088 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2009/08/17 14:26:20 | 000,000,089 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2009/08/08 05:03:46 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2009/08/08 05:03:46 | 000,000,059 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2009/08/07 09:28:54 | 000,005,045 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ypkpiykb.yyr
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/07/29 10:27:54 | 000,000,001 | ---- | C] () -- C:\Documents and Settings\Bruce Malwitz\Application Data\msx.ioi
[2009/06/04 21:55:53 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\Bruce Malwitz\Application Data\mcs.rma
[2009/06/04 21:55:53 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Bruce Malwitz\Application Data\8B7CFA
[2009/06/01 16:23:28 | 000,000,075 | ---- | C] () -- C:\WINDOWS\USBBC.ini
[2009/06/01 16:23:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MDI.INI
[2009/06/01 15:40:31 | 000,015,576 | R--- | C] () -- C:\WINDOWS\System32\drivers\usbbc.sys
[2009/06/01 15:40:31 | 000,003,953 | R--- | C] () -- C:\WINDOWS\System32\coinst.dll
[2009/05/18 15:23:25 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Bruce Malwitz\Local Settings\Application Data\PUTTY.RND
[2009/01/01 11:10:28 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2008/12/26 15:00:12 | 000,069,632 | ---- | C] () -- C:\Documents and Settings\Bruce Malwitz\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/14 14:21:39 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2008/12/14 14:14:23 | 000,000,055 | ---- | C] () -- C:\Documents and Settings\Bruce Malwitz\Application Data\pcouffin.log
[2008/12/14 14:14:07 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Bruce Malwitz\Application Data\inst.exe
[2008/12/14 14:14:07 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Bruce Malwitz\Application Data\pcouffin.cat
[2008/12/14 14:14:07 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Bruce Malwitz\Application Data\pcouffin.inf
[2008/12/02 09:57:26 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Bruce Malwitz\Local Settings\Application Data\FnF4.txt
[2008/12/01 17:44:54 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Bruce Malwitz\Local Settings\Application Data\fusioncache.dat
[2008/12/01 17:12:25 | 000,009,590 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/12/01 15:09:45 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Bruce Malwitz\Local Settings\Application Data\QSwitch.txt
[2008/12/01 15:09:45 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Bruce Malwitz\Local Settings\Application Data\DSwitch.txt
[2008/12/01 15:09:45 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Bruce Malwitz\Local Settings\Application Data\AtStart.txt
[2008/12/01 15:01:35 | 001,399,880 | ---- | C] () -- C:\WINDOWS\System32\igklg450.dll
[2008/12/01 15:01:34 | 001,843,784 | ---- | C] () -- C:\WINDOWS\System32\igklg400.dll
[2008/12/01 15:01:33 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4885.dll
[2008/12/01 15:01:33 | 000,104,636 | ---- | C] () -- C:\WINDOWS\System32\igmedcompkrn.dll
[2008/12/01 14:05:30 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/18 14:37:50 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx12_ic.ini
[2006/09/18 14:37:48 | 000,667,280 | ---- | C] () -- C:\WINDOWS\System32\tx12.dll
[2003/09/17 13:00:56 | 000,266,327 | ---- | C] () -- C:\WINDOWS\System32\ADErrorHandling.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/21 15:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/12/06 08:10:47 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/12/06 08:10:47 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/12/06 08:10:47 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/12/06 08:10:47 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 16:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 18:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 18:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2008/07/30 20:27:27 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\WINDOWS\NLDRV\001\iastor.sys
[2008/07/30 20:27:27 | 000,308,248 | ---- | M] (Intel Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 18:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 18:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/11/06 12:00:28 | 000,031,088 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\wrLZMA.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

========== Alternate Data Streams ==========

@Alternate Data Stream - 24 bytes -> C:\WINDOWS:CF47FB091A44923E
< End of report >


#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:18 PM

Posted 11 February 2010 - 05:10 PM


We need to run this special tool.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l TDSSKiller.txt -v

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • If prompted to reboot, please do so.
  • When it is done, a log file should be created on your desktop called "TDSSKiller.txt" please copy and paste the contents of that file here.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 dnbreaks

dnbreaks
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:18 PM

Posted 11 February 2010 - 05:36 PM

TDSSKiller ran with no problems and had me reboot, which I did. Here is the log.

16:29:06:250 3404 TDSS rootkit removing tool 2.2.3 Feb 4 2010 14:34:00
16:29:06:250 3404 ================================================================================
16:29:06:250 3404 SystemInfo:

16:29:06:250 3404 OS Version: 5.1.2600 ServicePack: 3.0
16:29:06:250 3404 Product type: Workstation
16:29:06:250 3404 ComputerName: MIKESHPLAPTOP
16:29:06:250 3404 UserName: Bruce Malwitz
16:29:06:250 3404 Windows directory: C:\WINDOWS
16:29:06:250 3404 Processor architecture: Intel x86
16:29:06:250 3404 Number of processors: 2
16:29:06:250 3404 Page size: 0x1000
16:29:06:250 3404 Boot type: Normal boot
16:29:06:250 3404 ================================================================================
16:29:06:265 3404 UnloadDriverW: NtUnloadDriver error 2
16:29:06:265 3404 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
16:29:06:484 3404 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000
16:29:06:531 3404 UtilityInit: KLMD drop and load success
16:29:06:531 3404 KLMD_OpenDevice: Trying to open KLMD Device(KLMD201010)
16:29:06:531 3404 UtilityInit: KLMD open success
16:29:06:531 3404 UtilityInit: Initialize success
16:29:06:531 3404
16:29:06:531 3404 Scanning Services ...
16:29:06:531 3404 CreateRegParser: Registry parser init started
16:29:06:531 3404 DisableWow64Redirection: GetProcAddress(Wow64DisableWow64FsRedirection) error 127
16:29:06:531 3404 CreateRegParser: DisableWow64Redirection error
16:29:06:531 3404 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
16:29:06:531 3404 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\system) returned status C0000043
16:29:06:531 3404 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
16:29:06:531 3404 wfopen_ex: Trying to KLMD file open
16:29:06:531 3404 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\system
16:29:06:531 3404 wfopen_ex: File opened ok (Flags 2)
16:29:06:531 3404 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\system) init success: 384B20
16:29:06:531 3404 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
16:29:06:531 3404 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\software) returned status C0000043
16:29:06:531 3404 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
16:29:06:531 3404 wfopen_ex: Trying to KLMD file open
16:29:06:531 3404 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\software
16:29:06:531 3404 wfopen_ex: File opened ok (Flags 2)
16:29:06:531 3404 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\software) init success: 384BC8
16:29:06:531 3404 EnableWow64Redirection: GetProcAddress(Wow64RevertWow64FsRedirection) error 127
16:29:06:531 3404 CreateRegParser: EnableWow64Redirection error
16:29:06:531 3404 CreateRegParser: RegParser init completed
16:29:06:640 3404 GetAdvancedServicesInfo: Raw services enum returned 404 services
16:29:06:640 3404 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
16:29:06:640 3404 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
16:29:06:640 3404
16:29:06:640 3404 Scanning Kernel memory ...
16:29:06:640 3404 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
16:29:06:640 3404 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 8AD1E910
16:29:06:640 3404 DetectCureTDL3: KLMD_GetDeviceObjectList returned 3 DevObjects
16:29:06:640 3404
16:29:06:640 3404 DetectCureTDL3: DEVICE_OBJECT: 8ACB3C68
16:29:06:640 3404 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8ACB3C68
16:29:06:640 3404 KLMD_ReadMem: Trying to ReadMemory 0x8ACB3C68[0x38]
16:29:06:640 3404 DetectCureTDL3: DRIVER_OBJECT: 8AD1E910
16:29:06:640 3404 KLMD_ReadMem: Trying to ReadMemory 0x8AD1E910[0xA8]
16:29:06:640 3404 KLMD_ReadMem: Trying to ReadMemory 0xE101E830[0x18]
16:29:06:640 3404 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
16:29:06:640 3404 DetectCureTDL3: IrpHandler (0) addr: F767DBB0
16:29:06:640 3404 DetectCureTDL3: IrpHandler (1) addr: 804F9739
16:29:06:640 3404 DetectCureTDL3: IrpHandler (2) addr: F767DBB0
16:29:06:640 3404 DetectCureTDL3: IrpHandler (3) addr: F7677D1F
16:29:06:640 3404 DetectCureTDL3: IrpHandler (4) addr: F7677D1F
16:29:06:640 3404 DetectCureTDL3: IrpHandler (5) addr: 804F9739
16:29:06:640 3404 DetectCureTDL3: IrpHandler (6) addr: 804F9739
16:29:06:640 3404 DetectCureTDL3: IrpHandler (7) addr: 804F9739
16:29:06:640 3404 DetectCureTDL3: IrpHandler (8) addr: 804F9739
16:29:06:640 3404 DetectCureTDL3: IrpHandler (9) addr: F76782E2
16:29:06:640 3404 DetectCureTDL3: IrpHandler (10) addr: 804F9739
16:29:06:640 3404 DetectCureTDL3: IrpHandler (11) addr: 804F9739
16:29:06:640 3404 DetectCureTDL3: IrpHandler (12) addr: 804F9739
16:29:06:640 3404 DetectCureTDL3: IrpHandler (13) addr: 804F9739
16:29:06:640 3404 DetectCureTDL3: IrpHandler (14) addr: F76783BB
16:29:06:640 3404 DetectCureTDL3: IrpHandler (15) addr: F767BF28
16:29:06:640 3404 DetectCureTDL3: IrpHandler (16) addr: F76782E2
16:29:06:640 3404 DetectCureTDL3: IrpHandler (17) addr: 804F9739
16:29:06:640 3404 DetectCureTDL3: IrpHandler (18) addr: 804F9739
16:29:06:640 3404 DetectCureTDL3: IrpHandler (19) addr: 804F9739
16:29:06:640 3404 DetectCureTDL3: IrpHandler (20) addr: 804F9739
16:29:06:640 3404 DetectCureTDL3: IrpHandler (21) addr: 804F9739
16:29:06:640 3404 DetectCureTDL3: IrpHandler (22) addr: F7679C82
16:29:06:640 3404 DetectCureTDL3: IrpHandler (23) addr: F767E99E
16:29:06:640 3404 DetectCureTDL3: IrpHandler (24) addr: 804F9739
16:29:06:640 3404 DetectCureTDL3: IrpHandler (25) addr: 804F9739
16:29:06:640 3404 DetectCureTDL3: IrpHandler (26) addr: 804F9739
16:29:06:640 3404 TDL3_FileDetect: Processing driver: Disk
16:29:06:640 3404 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
16:29:06:640 3404 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
16:29:06:656 3404 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
16:29:06:656 3404
16:29:06:656 3404 DetectCureTDL3: DEVICE_OBJECT: 8ACB42D0
16:29:06:656 3404 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8ACB42D0
16:29:06:656 3404 KLMD_ReadMem: Trying to ReadMemory 0x8ACB42D0[0x38]
16:29:06:656 3404 DetectCureTDL3: DRIVER_OBJECT: 8AD1E910
16:29:06:656 3404 KLMD_ReadMem: Trying to ReadMemory 0x8AD1E910[0xA8]
16:29:06:656 3404 KLMD_ReadMem: Trying to ReadMemory 0xE101E830[0x18]
16:29:06:656 3404 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
16:29:06:656 3404 DetectCureTDL3: IrpHandler (0) addr: F767DBB0
16:29:06:656 3404 DetectCureTDL3: IrpHandler (1) addr: 804F9739
16:29:06:656 3404 DetectCureTDL3: IrpHandler (2) addr: F767DBB0
16:29:06:656 3404 DetectCureTDL3: IrpHandler (3) addr: F7677D1F
16:29:06:656 3404 DetectCureTDL3: IrpHandler (4) addr: F7677D1F
16:29:06:656 3404 DetectCureTDL3: IrpHandler (5) addr: 804F9739
16:29:06:656 3404 DetectCureTDL3: IrpHandler (6) addr: 804F9739
16:29:06:656 3404 DetectCureTDL3: IrpHandler (7) addr: 804F9739
16:29:06:656 3404 DetectCureTDL3: IrpHandler (8) addr: 804F9739
16:29:06:656 3404 DetectCureTDL3: IrpHandler (9) addr: F76782E2
16:29:06:656 3404 DetectCureTDL3: IrpHandler (10) addr: 804F9739
16:29:06:656 3404 DetectCureTDL3: IrpHandler (11) addr: 804F9739
16:29:06:656 3404 DetectCureTDL3: IrpHandler (12) addr: 804F9739
16:29:06:656 3404 DetectCureTDL3: IrpHandler (13) addr: 804F9739
16:29:06:656 3404 DetectCureTDL3: IrpHandler (14) addr: F76783BB
16:29:06:656 3404 DetectCureTDL3: IrpHandler (15) addr: F767BF28
16:29:06:656 3404 DetectCureTDL3: IrpHandler (16) addr: F76782E2
16:29:06:656 3404 DetectCureTDL3: IrpHandler (17) addr: 804F9739
16:29:06:656 3404 DetectCureTDL3: IrpHandler (18) addr: 804F9739
16:29:06:656 3404 DetectCureTDL3: IrpHandler (19) addr: 804F9739
16:29:06:656 3404 DetectCureTDL3: IrpHandler (20) addr: 804F9739
16:29:06:656 3404 DetectCureTDL3: IrpHandler (21) addr: 804F9739
16:29:06:656 3404 DetectCureTDL3: IrpHandler (22) addr: F7679C82
16:29:06:656 3404 DetectCureTDL3: IrpHandler (23) addr: F767E99E
16:29:06:656 3404 DetectCureTDL3: IrpHandler (24) addr: 804F9739
16:29:06:656 3404 DetectCureTDL3: IrpHandler (25) addr: 804F9739
16:29:06:656 3404 DetectCureTDL3: IrpHandler (26) addr: 804F9739
16:29:06:656 3404 TDL3_FileDetect: Processing driver: Disk
16:29:06:656 3404 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
16:29:06:656 3404 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
16:29:06:656 3404 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
16:29:06:656 3404
16:29:06:656 3404 DetectCureTDL3: DEVICE_OBJECT: 8AD14840
16:29:06:656 3404 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8AD14840
16:29:06:656 3404 DetectCureTDL3: DEVICE_OBJECT: 8AC8A910
16:29:06:656 3404 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8AC8A910
16:29:06:656 3404 DetectCureTDL3: DEVICE_OBJECT: 8AC88030
16:29:06:656 3404 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8AC88030
16:29:06:656 3404 KLMD_ReadMem: Trying to ReadMemory 0x8AC88030[0x38]
16:29:06:656 3404 DetectCureTDL3: DRIVER_OBJECT: 8AD4A408
16:29:06:656 3404 KLMD_ReadMem: Trying to ReadMemory 0x8AD4A408[0xA8]
16:29:06:656 3404 KLMD_ReadMem: Trying to ReadMemory 0xE100EC28[0x1C]
16:29:06:656 3404 DetectCureTDL3: DRIVER_OBJECT name: \Driver\iaStor, Driver Name: iaStor
16:29:06:656 3404 DetectCureTDL3: IrpHandler (0) addr: F7B5C580
16:29:06:656 3404 DetectCureTDL3: IrpHandler (1) addr: F7B5C580
16:29:06:656 3404 DetectCureTDL3: IrpHandler (2) addr: F7B5C580
16:29:06:656 3404 DetectCureTDL3: IrpHandler (3) addr: F7B5C580
16:29:06:656 3404 DetectCureTDL3: IrpHandler (4) addr: F7B5C580
16:29:06:656 3404 DetectCureTDL3: IrpHandler (5) addr: F7B5C580
16:29:06:656 3404 DetectCureTDL3: IrpHandler (6) addr: F7B5C580
16:29:06:656 3404 DetectCureTDL3: IrpHandler (7) addr: F7B5C580
16:29:06:656 3404 DetectCureTDL3: IrpHandler (8) addr: F7B5C580
16:29:06:656 3404 DetectCureTDL3: IrpHandler (9) addr: F7B5C580
16:29:06:656 3404 DetectCureTDL3: IrpHandler (10) addr: F7B5C580
16:29:06:656 3404 DetectCureTDL3: IrpHandler (11) addr: F7B5C580
16:29:06:656 3404 DetectCureTDL3: IrpHandler (12) addr: F7B5C580
16:29:06:656 3404 DetectCureTDL3: IrpHandler (13) addr: F7B5C580
16:29:06:656 3404 DetectCureTDL3: IrpHandler (14) addr: F7B5C580
16:29:06:656 3404 DetectCureTDL3: IrpHandler (15) addr: F7B5C580
16:29:06:656 3404 DetectCureTDL3: IrpHandler (16) addr: F7B5C580
16:29:06:656 3404 DetectCureTDL3: IrpHandler (17) addr: F7B5C580
16:29:06:656 3404 DetectCureTDL3: IrpHandler (18) addr: F7B5C580
16:29:06:656 3404 DetectCureTDL3: IrpHandler (19) addr: F7B5C580
16:29:06:656 3404 DetectCureTDL3: IrpHandler (20) addr: F7B5C580
16:29:06:656 3404 DetectCureTDL3: IrpHandler (21) addr: F7B5C580
16:29:06:656 3404 DetectCureTDL3: IrpHandler (22) addr: F7B5C580
16:29:06:656 3404 DetectCureTDL3: IrpHandler (23) addr: F7B5C580
16:29:06:656 3404 DetectCureTDL3: IrpHandler (24) addr: F7B5C580
16:29:06:656 3404 DetectCureTDL3: IrpHandler (25) addr: F7B5C580
16:29:06:656 3404 DetectCureTDL3: IrpHandler (26) addr: F7B5C580
16:29:06:656 3404 DetectCureTDL3: All IRP handlers pointed to one addr: F7B5C580
16:29:06:656 3404 KLMD_ReadMem: Trying to ReadMemory 0xF7B5C580[0x400]
16:29:06:656 3404 TDL3_IrpHookDetect: TDL3 Stub signature found, trying to get hook true addr
16:29:06:656 3404 KLMD_ReadMem: Trying to ReadMemory 0xFFDF0308[0x4]
16:29:06:656 3404 KLMD_ReadMem: Trying to ReadMemory 0x8ACCFA04[0x4]
16:29:06:656 3404 TDL3_IrpHookDetect: New IrpHandler addr: 8AD0C8C8
16:29:06:656 3404 KLMD_ReadMem: Trying to ReadMemory 0x8AD0C8C8[0x400]
16:29:06:656 3404 TDL3_IrpHookDetect: CheckParameters: 10, FFDF0308, 510, 134, 3, 120
16:29:06:656 3404 Driver "iaStor" Irp handler infected by TDSS rootkit ... 16:29:06:656 3404 KLMD_WriteMem: Trying to WriteMemory 0x8AD0C94E[0xD]
16:29:06:656 3404 cured
16:29:06:656 3404 TDL3_FileDetect: Processing driver: iaStor
16:29:06:656 3404 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\iaStor.sys
16:29:06:656 3404 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\iaStor.sys
16:29:06:671 3404 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\iaStor.sys - Verdict: Infected
16:29:06:671 3404 File C:\WINDOWS\system32\DRIVERS\iaStor.sys infected by TDSS rootkit ... 16:29:06:671 3404 TDL3_FileCure: Processing driver file: C:\WINDOWS\system32\DRIVERS\iaStor.sys
16:29:06:671 3404 ProcessDirEnumEx: FindFirstFile(C:\WINDOWS\system32\DriverStore\FileRepository\*) error 3
16:29:06:671 3404 CABFileCallback: Processing cab-file: C:\WINDOWS\Driver Cache\i386\driver.cab
16:29:06:734 3404 CABFileCallback: Processing cab-file: C:\WINDOWS\Driver Cache\i386\sp2.cab
16:29:06:734 3404 CABFileCallback: Processing cab-file: C:\WINDOWS\Driver Cache\i386\sp3.cab
16:29:06:734 3404 ProcessDirEnumEx: FindFirstFile(C:\WINDOWS\OemDir\*) error 3
16:29:06:750 3404 TDL3_FileCure: Backup copy not found, trying to cure infected file..
16:29:06:750 3404 TDL3_FileCure: Cure success, using it..
16:29:06:750 3404 TDL3_FileCure: Dumping cured buffer to file C:\WINDOWS\system32\drivers\tsk2F7.tmp
16:29:06:781 3404 TDL3_FileCure: New / Old Image paths: (system32\drivers\tsk2F7.tmp, system32\drivers\iaStor.sys)
16:29:07:015 3404 TDL3_FileCure: KLMD jobs schedule success
16:29:07:015 3404 will be cured on next reboot
16:29:07:015 3404 UtilityBootReinit: Reboot required for cure complete..
16:29:07:015 3404 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmdb.sys) returned status 00000000
16:29:07:281 3404 UtilityBootReinit: KLMD drop success
16:29:07:281 3404 KLMD_ApplyPendList: Pending buffer(7EE4_183C, 616) dropped successfully
16:29:07:281 3404 UtilityBootReinit: Cure on reboot scheduled successfully
16:29:07:281 3404
16:29:07:281 3404 Completed
16:29:07:281 3404
16:29:07:281 3404 Results:
16:29:07:281 3404 Memory objects infected / cured / cured on reboot: 1 / 1 / 0
16:29:07:281 3404 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
16:29:07:281 3404 File objects infected / cured / cured on reboot: 1 / 0 / 1
16:29:07:281 3404
16:29:07:281 3404 UnloadDriverW: NtUnloadDriver error 1
16:29:07:281 3404 KLMD_Unload: UnloadDriverW(klmd21) error 1
16:29:07:281 3404 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000
16:29:07:281 3404 UtilityDeinit: KLMD(ARK) unloaded successfully


#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:18 PM

Posted 11 February 2010 - 05:42 PM

Well done. How is your computer behaving now?
Update me with any problems or issues that you are having currently.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 dnbreaks

dnbreaks
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:18 PM

Posted 11 February 2010 - 06:07 PM

I tried some Google searches that I had done in the past where I was experiencing the redirects, but could not replicate the problem. However, I tried running the SpySweeper update and I'm still getting the error messages on that. I've attached a print screen so you can see the errors I'm getting.

Attached Files



#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:18 PM

Posted 11 February 2010 - 06:15 PM

Can you visit webroot.com with your browser?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 dnbreaks

dnbreaks
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:18 PM

Posted 11 February 2010 - 06:33 PM

Yes

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:18 PM

Posted 11 February 2010 - 07:01 PM

Then it's likely a program error with Spysweeper and not an issue with your computer.
Contact Webroot support to see if they have a resolution for you.
http://www.webroot.com/En_US/support.html


Any other issues?

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 dnbreaks

dnbreaks
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:18 PM

Posted 11 February 2010 - 10:12 PM

Thanks for the suggestion. I will try that.

No other issues that I can see at this time. Thanks for your help!!

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:18 PM

Posted 12 February 2010 - 08:11 AM

You're welcome! Glad I could help.
Here are some final steps and recommendations for you.


Follow these steps to remove OTL and some of the other tools we've used.
  • Double-click OTL.exe to run it.
  • Click on the CleanUp! button
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.



================




Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  1. Disable and Enable System Restore. - You should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  2. Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  3. Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  4. Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  5. Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  6. Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  7. Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  8. Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

thumbup.gif smile.gif





Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:18 PM

Posted 24 February 2010 - 08:27 AM

Now that your malware problem appears to be resolved, this topic will be closed.
If you need this topic reopened, please contact a member of the Malware Response Team and we will reopen it for you.
Include the address of this topic in your request.


Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users